Bug 1118245 - clang-format on lib/pk11wrap, r=ttaubert
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 27 Oct 2016 10:22:48 +0200
changeset 12773 857cc70386e76639b49a95dc68c300735bc06a3d
parent 12772 3224146ec4c4e097cd354c48bdd782ed04996171
child 12774 48fe9657a2034bc52638ec793ff36cdc44b53891
push id1715
push userfranziskuskiefer@gmail.com
push dateThu, 27 Oct 2016 09:41:12 +0000
reviewersttaubert
bugs1118245
Bug 1118245 - clang-format on lib/pk11wrap, r=ttaubert
automation/taskcluster/scripts/run_clang_format.sh
lib/pk11wrap/debug_module.c
lib/pk11wrap/dev3hack.c
lib/pk11wrap/dev3hack.h
lib/pk11wrap/pk11akey.c
lib/pk11wrap/pk11auth.c
lib/pk11wrap/pk11cert.c
lib/pk11wrap/pk11cxt.c
lib/pk11wrap/pk11err.c
lib/pk11wrap/pk11kea.c
lib/pk11wrap/pk11list.c
lib/pk11wrap/pk11load.c
lib/pk11wrap/pk11mech.c
lib/pk11wrap/pk11merge.c
lib/pk11wrap/pk11nobj.c
lib/pk11wrap/pk11obj.c
lib/pk11wrap/pk11pars.c
lib/pk11wrap/pk11pbe.c
lib/pk11wrap/pk11pk12.c
lib/pk11wrap/pk11pqg.c
lib/pk11wrap/pk11pqg.h
lib/pk11wrap/pk11priv.h
lib/pk11wrap/pk11pub.h
lib/pk11wrap/pk11sdr.c
lib/pk11wrap/pk11skey.c
lib/pk11wrap/pk11slot.c
lib/pk11wrap/pk11util.c
lib/pk11wrap/secmod.h
lib/pk11wrap/secmodi.h
lib/pk11wrap/secmodt.h
lib/pk11wrap/secmodti.h
lib/pk11wrap/secpkcs5.h
--- a/automation/taskcluster/scripts/run_clang_format.sh
+++ b/automation/taskcluster/scripts/run_clang_format.sh
@@ -24,20 +24,22 @@ else
          "$top/lib/certhigh" \
          "$top/lib/ckfw" \
          "$top/lib/crmf" \
          "$top/lib/cryptohi" \
          "$top/lib/dbm" \
          "$top/lib/dev" \
          "$top/lib/freebl" \
          "$top/lib/nss" \
+         "$top/lib/pk11wrap" \
          "$top/lib/softoken" \
          "$top/lib/ssl" \
          "$top/lib/util" \
          "$top/lib/sysinit" \
+         "$top/lib/pk11wrap" \
          "$top/external_tests/common" \
          "$top/external_tests/der_gtest" \
          "$top/external_tests/pk11_gtest" \
          "$top/external_tests/ssl_gtest" \
          "$top/external_tests/util_gtest" \
     )
 fi
 
--- a/lib/pk11wrap/debug_module.c
+++ b/lib/pk11wrap/debug_module.c
@@ -1,756 +1,778 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "prlog.h"
 #include <stdio.h>
-#include "cert.h"  /* for CERT_DerNameToAscii & CERT_Hexify */
+#include "cert.h" /* for CERT_DerNameToAscii & CERT_Hexify */
 
 static PRLogModuleInfo *modlog = NULL;
 
 static CK_FUNCTION_LIST_PTR module_functions;
 
 static CK_FUNCTION_LIST debug_functions;
 
 static void print_final_statistics(void);
 
-#define STRING static const char 
+#define STRING static const char
 
-STRING fmt_flags[]                = "  flags = 0x%x";
-STRING fmt_hKey[]                 = "  hKey = 0x%x";
-STRING fmt_hObject[]              = "  hObject = 0x%x";
-STRING fmt_hSession[]             = "  hSession = 0x%x";
-STRING fmt_manufacturerID[]       = "  manufacturerID = \"%.32s\"";
-STRING fmt_pData[]                = "  pData = 0x%p";
-STRING fmt_pDigest[]              = "  pDigest = 0x%p";
-STRING fmt_pEncryptedData[]       = "  pEncryptedData = 0x%p";
-STRING fmt_pEncryptedPart[]       = "  pEncryptedPart = 0x%p";
-STRING fmt_pInfo[]                = "  pInfo = 0x%p";
-STRING fmt_pMechanism[]           = "  pMechanism = 0x%p";
-STRING fmt_pOperationState[]      = "  pOperationState = 0x%p";
-STRING fmt_pPart[]                = "  pPart = 0x%p";
-STRING fmt_pPin[]                 = "  pPin = 0x%p";
-STRING fmt_pSignature[]           = "  pSignature = 0x%p";
-STRING fmt_pTemplate[]            = "  pTemplate = 0x%p";
-STRING fmt_pWrappedKey[]          = "  pWrappedKey = 0x%p";
-STRING fmt_phKey[]                = "  phKey = 0x%p";
-STRING fmt_phObject[]             = "  phObject = 0x%p";
-STRING fmt_pulCount[]             = "  pulCount = 0x%p";
-STRING fmt_pulDataLen[]           = "  pulDataLen = 0x%p";
-STRING fmt_pulDigestLen[]         = "  pulDigestLen = 0x%p";
-STRING fmt_pulEncryptedPartLen[]  = "  pulEncryptedPartLen = 0x%p";
-STRING fmt_pulPartLen[]           = "  pulPartLen = 0x%p";
-STRING fmt_pulSignatureLen[]      = "  pulSignatureLen = 0x%p";
-STRING fmt_slotID[]               = "  slotID = 0x%x";
-STRING fmt_sphKey[]               = "  *phKey = 0x%x";
-STRING fmt_spulCount[]            = "  *pulCount = 0x%x";
-STRING fmt_spulDataLen[]          = "  *pulDataLen = 0x%x";
-STRING fmt_spulDigestLen[]        = "  *pulDigestLen = 0x%x";
+STRING fmt_flags[] = "  flags = 0x%x";
+STRING fmt_hKey[] = "  hKey = 0x%x";
+STRING fmt_hObject[] = "  hObject = 0x%x";
+STRING fmt_hSession[] = "  hSession = 0x%x";
+STRING fmt_manufacturerID[] = "  manufacturerID = \"%.32s\"";
+STRING fmt_pData[] = "  pData = 0x%p";
+STRING fmt_pDigest[] = "  pDigest = 0x%p";
+STRING fmt_pEncryptedData[] = "  pEncryptedData = 0x%p";
+STRING fmt_pEncryptedPart[] = "  pEncryptedPart = 0x%p";
+STRING fmt_pInfo[] = "  pInfo = 0x%p";
+STRING fmt_pMechanism[] = "  pMechanism = 0x%p";
+STRING fmt_pOperationState[] = "  pOperationState = 0x%p";
+STRING fmt_pPart[] = "  pPart = 0x%p";
+STRING fmt_pPin[] = "  pPin = 0x%p";
+STRING fmt_pSignature[] = "  pSignature = 0x%p";
+STRING fmt_pTemplate[] = "  pTemplate = 0x%p";
+STRING fmt_pWrappedKey[] = "  pWrappedKey = 0x%p";
+STRING fmt_phKey[] = "  phKey = 0x%p";
+STRING fmt_phObject[] = "  phObject = 0x%p";
+STRING fmt_pulCount[] = "  pulCount = 0x%p";
+STRING fmt_pulDataLen[] = "  pulDataLen = 0x%p";
+STRING fmt_pulDigestLen[] = "  pulDigestLen = 0x%p";
+STRING fmt_pulEncryptedPartLen[] = "  pulEncryptedPartLen = 0x%p";
+STRING fmt_pulPartLen[] = "  pulPartLen = 0x%p";
+STRING fmt_pulSignatureLen[] = "  pulSignatureLen = 0x%p";
+STRING fmt_slotID[] = "  slotID = 0x%x";
+STRING fmt_sphKey[] = "  *phKey = 0x%x";
+STRING fmt_spulCount[] = "  *pulCount = 0x%x";
+STRING fmt_spulDataLen[] = "  *pulDataLen = 0x%x";
+STRING fmt_spulDigestLen[] = "  *pulDigestLen = 0x%x";
 STRING fmt_spulEncryptedPartLen[] = "  *pulEncryptedPartLen = 0x%x";
-STRING fmt_spulPartLen[]          = "  *pulPartLen = 0x%x";
-STRING fmt_spulSignatureLen[]     = "  *pulSignatureLen = 0x%x";
-STRING fmt_ulAttributeCount[]     = "  ulAttributeCount = %d";
-STRING fmt_ulCount[]              = "  ulCount = %d";
-STRING fmt_ulDataLen[]            = "  ulDataLen = %d";
-STRING fmt_ulEncryptedPartLen[]   = "  ulEncryptedPartLen = %d";
-STRING fmt_ulPartLen[]            = "  ulPartLen = %d";
-STRING fmt_ulPinLen[]             = "  ulPinLen = %d";
-STRING fmt_ulSignatureLen[]       = "  ulSignatureLen = %d";
+STRING fmt_spulPartLen[] = "  *pulPartLen = 0x%x";
+STRING fmt_spulSignatureLen[] = "  *pulSignatureLen = 0x%x";
+STRING fmt_ulAttributeCount[] = "  ulAttributeCount = %d";
+STRING fmt_ulCount[] = "  ulCount = %d";
+STRING fmt_ulDataLen[] = "  ulDataLen = %d";
+STRING fmt_ulEncryptedPartLen[] = "  ulEncryptedPartLen = %d";
+STRING fmt_ulPartLen[] = "  ulPartLen = %d";
+STRING fmt_ulPinLen[] = "  ulPinLen = %d";
+STRING fmt_ulSignatureLen[] = "  ulSignatureLen = %d";
 
-STRING fmt_fwVersion[]            = "  firmware version: %d.%d";
-STRING fmt_hwVersion[]            = "  hardware version: %d.%d";
-STRING fmt_s_qsq_d[]              = "    %s = \"%s\" [%d]";
-STRING fmt_s_s_d[]                = "    %s = %s [%d]";
-STRING fmt_s_lu[]                 = "    %s = %lu";
-STRING fmt_invalid_handle[]       = " (CK_INVALID_HANDLE)";
+STRING fmt_fwVersion[] = "  firmware version: %d.%d";
+STRING fmt_hwVersion[] = "  hardware version: %d.%d";
+STRING fmt_s_qsq_d[] = "    %s = \"%s\" [%d]";
+STRING fmt_s_s_d[] = "    %s = %s [%d]";
+STRING fmt_s_lu[] = "    %s = %lu";
+STRING fmt_invalid_handle[] = " (CK_INVALID_HANDLE)";
 
-
-static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
+static void
+get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
 {
-#define CASE(attr) case attr: a = #attr ; break
+#define CASE(attr) \
+    case attr:     \
+        a = #attr; \
+        break
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (atype) {
-    CASE(CKA_CLASS);
-    CASE(CKA_TOKEN);
-    CASE(CKA_PRIVATE);
-    CASE(CKA_LABEL);
-    CASE(CKA_APPLICATION);
-    CASE(CKA_VALUE);
-    CASE(CKA_OBJECT_ID);
-    CASE(CKA_CERTIFICATE_TYPE);
-    CASE(CKA_CERTIFICATE_CATEGORY);
-    CASE(CKA_ISSUER);
-    CASE(CKA_SERIAL_NUMBER);
-    CASE(CKA_AC_ISSUER);
-    CASE(CKA_OWNER);
-    CASE(CKA_ATTR_TYPES);
-    CASE(CKA_TRUSTED);
-    CASE(CKA_KEY_TYPE);
-    CASE(CKA_SUBJECT);
-    CASE(CKA_ID);
-    CASE(CKA_SENSITIVE);
-    CASE(CKA_ENCRYPT);
-    CASE(CKA_DECRYPT);
-    CASE(CKA_WRAP);
-    CASE(CKA_UNWRAP);
-    CASE(CKA_SIGN);
-    CASE(CKA_SIGN_RECOVER);
-    CASE(CKA_VERIFY);
-    CASE(CKA_VERIFY_RECOVER);
-    CASE(CKA_DERIVE);
-    CASE(CKA_START_DATE);
-    CASE(CKA_END_DATE);
-    CASE(CKA_MODULUS);
-    CASE(CKA_MODULUS_BITS);
-    CASE(CKA_PUBLIC_EXPONENT);
-    CASE(CKA_PRIVATE_EXPONENT);
-    CASE(CKA_PRIME_1);
-    CASE(CKA_PRIME_2);
-    CASE(CKA_EXPONENT_1);
-    CASE(CKA_EXPONENT_2);
-    CASE(CKA_COEFFICIENT);
-    CASE(CKA_PRIME);
-    CASE(CKA_SUBPRIME);
-    CASE(CKA_BASE);
-    CASE(CKA_PRIME_BITS);
-    CASE(CKA_SUBPRIME_BITS);
-    CASE(CKA_VALUE_BITS);
-    CASE(CKA_VALUE_LEN);
-    CASE(CKA_EXTRACTABLE);
-    CASE(CKA_LOCAL);
-    CASE(CKA_NEVER_EXTRACTABLE);
-    CASE(CKA_ALWAYS_SENSITIVE);
-    CASE(CKA_KEY_GEN_MECHANISM);
-    CASE(CKA_MODIFIABLE);
-    CASE(CKA_ECDSA_PARAMS);
-    CASE(CKA_EC_POINT);
-    CASE(CKA_SECONDARY_AUTH);
-    CASE(CKA_AUTH_PIN_FLAGS);
-    CASE(CKA_HW_FEATURE_TYPE);
-    CASE(CKA_RESET_ON_INIT);
-    CASE(CKA_HAS_RESET);
-    CASE(CKA_VENDOR_DEFINED);
-    CASE(CKA_NSS_URL);
-    CASE(CKA_NSS_EMAIL);
-    CASE(CKA_NSS_SMIME_INFO);
-    CASE(CKA_NSS_SMIME_TIMESTAMP);
-    CASE(CKA_NSS_PKCS8_SALT);
-    CASE(CKA_NSS_PASSWORD_CHECK);
-    CASE(CKA_NSS_EXPIRES);
-    CASE(CKA_NSS_KRL);
-    CASE(CKA_NSS_PQG_COUNTER);
-    CASE(CKA_NSS_PQG_SEED);
-    CASE(CKA_NSS_PQG_H);
-    CASE(CKA_NSS_PQG_SEED_BITS);
-    CASE(CKA_TRUST);
-    CASE(CKA_TRUST_DIGITAL_SIGNATURE);
-    CASE(CKA_TRUST_NON_REPUDIATION);
-    CASE(CKA_TRUST_KEY_ENCIPHERMENT);
-    CASE(CKA_TRUST_DATA_ENCIPHERMENT);
-    CASE(CKA_TRUST_KEY_AGREEMENT);
-    CASE(CKA_TRUST_KEY_CERT_SIGN);
-    CASE(CKA_TRUST_CRL_SIGN);
-    CASE(CKA_TRUST_SERVER_AUTH);
-    CASE(CKA_TRUST_CLIENT_AUTH);
-    CASE(CKA_TRUST_CODE_SIGNING);
-    CASE(CKA_TRUST_EMAIL_PROTECTION);
-    CASE(CKA_TRUST_IPSEC_END_SYSTEM);
-    CASE(CKA_TRUST_IPSEC_TUNNEL);
-    CASE(CKA_TRUST_IPSEC_USER);
-    CASE(CKA_TRUST_TIME_STAMPING);
-    CASE(CKA_CERT_SHA1_HASH);
-    CASE(CKA_CERT_MD5_HASH);
-    CASE(CKA_NETSCAPE_DB);
-    CASE(CKA_NETSCAPE_TRUST);
-    default: break;
+        CASE(CKA_CLASS);
+        CASE(CKA_TOKEN);
+        CASE(CKA_PRIVATE);
+        CASE(CKA_LABEL);
+        CASE(CKA_APPLICATION);
+        CASE(CKA_VALUE);
+        CASE(CKA_OBJECT_ID);
+        CASE(CKA_CERTIFICATE_TYPE);
+        CASE(CKA_CERTIFICATE_CATEGORY);
+        CASE(CKA_ISSUER);
+        CASE(CKA_SERIAL_NUMBER);
+        CASE(CKA_AC_ISSUER);
+        CASE(CKA_OWNER);
+        CASE(CKA_ATTR_TYPES);
+        CASE(CKA_TRUSTED);
+        CASE(CKA_KEY_TYPE);
+        CASE(CKA_SUBJECT);
+        CASE(CKA_ID);
+        CASE(CKA_SENSITIVE);
+        CASE(CKA_ENCRYPT);
+        CASE(CKA_DECRYPT);
+        CASE(CKA_WRAP);
+        CASE(CKA_UNWRAP);
+        CASE(CKA_SIGN);
+        CASE(CKA_SIGN_RECOVER);
+        CASE(CKA_VERIFY);
+        CASE(CKA_VERIFY_RECOVER);
+        CASE(CKA_DERIVE);
+        CASE(CKA_START_DATE);
+        CASE(CKA_END_DATE);
+        CASE(CKA_MODULUS);
+        CASE(CKA_MODULUS_BITS);
+        CASE(CKA_PUBLIC_EXPONENT);
+        CASE(CKA_PRIVATE_EXPONENT);
+        CASE(CKA_PRIME_1);
+        CASE(CKA_PRIME_2);
+        CASE(CKA_EXPONENT_1);
+        CASE(CKA_EXPONENT_2);
+        CASE(CKA_COEFFICIENT);
+        CASE(CKA_PRIME);
+        CASE(CKA_SUBPRIME);
+        CASE(CKA_BASE);
+        CASE(CKA_PRIME_BITS);
+        CASE(CKA_SUBPRIME_BITS);
+        CASE(CKA_VALUE_BITS);
+        CASE(CKA_VALUE_LEN);
+        CASE(CKA_EXTRACTABLE);
+        CASE(CKA_LOCAL);
+        CASE(CKA_NEVER_EXTRACTABLE);
+        CASE(CKA_ALWAYS_SENSITIVE);
+        CASE(CKA_KEY_GEN_MECHANISM);
+        CASE(CKA_MODIFIABLE);
+        CASE(CKA_ECDSA_PARAMS);
+        CASE(CKA_EC_POINT);
+        CASE(CKA_SECONDARY_AUTH);
+        CASE(CKA_AUTH_PIN_FLAGS);
+        CASE(CKA_HW_FEATURE_TYPE);
+        CASE(CKA_RESET_ON_INIT);
+        CASE(CKA_HAS_RESET);
+        CASE(CKA_VENDOR_DEFINED);
+        CASE(CKA_NSS_URL);
+        CASE(CKA_NSS_EMAIL);
+        CASE(CKA_NSS_SMIME_INFO);
+        CASE(CKA_NSS_SMIME_TIMESTAMP);
+        CASE(CKA_NSS_PKCS8_SALT);
+        CASE(CKA_NSS_PASSWORD_CHECK);
+        CASE(CKA_NSS_EXPIRES);
+        CASE(CKA_NSS_KRL);
+        CASE(CKA_NSS_PQG_COUNTER);
+        CASE(CKA_NSS_PQG_SEED);
+        CASE(CKA_NSS_PQG_H);
+        CASE(CKA_NSS_PQG_SEED_BITS);
+        CASE(CKA_TRUST);
+        CASE(CKA_TRUST_DIGITAL_SIGNATURE);
+        CASE(CKA_TRUST_NON_REPUDIATION);
+        CASE(CKA_TRUST_KEY_ENCIPHERMENT);
+        CASE(CKA_TRUST_DATA_ENCIPHERMENT);
+        CASE(CKA_TRUST_KEY_AGREEMENT);
+        CASE(CKA_TRUST_KEY_CERT_SIGN);
+        CASE(CKA_TRUST_CRL_SIGN);
+        CASE(CKA_TRUST_SERVER_AUTH);
+        CASE(CKA_TRUST_CLIENT_AUTH);
+        CASE(CKA_TRUST_CODE_SIGNING);
+        CASE(CKA_TRUST_EMAIL_PROTECTION);
+        CASE(CKA_TRUST_IPSEC_END_SYSTEM);
+        CASE(CKA_TRUST_IPSEC_TUNNEL);
+        CASE(CKA_TRUST_IPSEC_USER);
+        CASE(CKA_TRUST_TIME_STAMPING);
+        CASE(CKA_CERT_SHA1_HASH);
+        CASE(CKA_CERT_MD5_HASH);
+        CASE(CKA_NETSCAPE_DB);
+        CASE(CKA_NETSCAPE_TRUST);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", atype);
+        PR_snprintf(str, len, "0x%p", atype);
 }
 
-static void get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len)
+static void
+get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (objClass) {
-    CASE(CKO_DATA);
-    CASE(CKO_CERTIFICATE);
-    CASE(CKO_PUBLIC_KEY);
-    CASE(CKO_PRIVATE_KEY);
-    CASE(CKO_SECRET_KEY);
-    CASE(CKO_HW_FEATURE);
-    CASE(CKO_DOMAIN_PARAMETERS);
-    CASE(CKO_NSS_CRL);
-    CASE(CKO_NSS_SMIME);
-    CASE(CKO_NSS_TRUST);
-    CASE(CKO_NSS_BUILTIN_ROOT_LIST);
-    default: break;
+        CASE(CKO_DATA);
+        CASE(CKO_CERTIFICATE);
+        CASE(CKO_PUBLIC_KEY);
+        CASE(CKO_PRIVATE_KEY);
+        CASE(CKO_SECRET_KEY);
+        CASE(CKO_HW_FEATURE);
+        CASE(CKO_DOMAIN_PARAMETERS);
+        CASE(CKO_NSS_CRL);
+        CASE(CKO_NSS_SMIME);
+        CASE(CKO_NSS_TRUST);
+        CASE(CKO_NSS_BUILTIN_ROOT_LIST);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", objClass);
+        PR_snprintf(str, len, "0x%p", objClass);
 }
 
-static void get_trust_val(CK_TRUST trust, char *str, int len)
+static void
+get_trust_val(CK_TRUST trust, char *str, int len)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (trust) {
-    CASE(CKT_NSS_TRUSTED);
-    CASE(CKT_NSS_TRUSTED_DELEGATOR);
-    CASE(CKT_NSS_NOT_TRUSTED);
-    CASE(CKT_NSS_MUST_VERIFY_TRUST);
-    CASE(CKT_NSS_TRUST_UNKNOWN);
-    CASE(CKT_NSS_VALID_DELEGATOR);
-    default: break;
+        CASE(CKT_NSS_TRUSTED);
+        CASE(CKT_NSS_TRUSTED_DELEGATOR);
+        CASE(CKT_NSS_NOT_TRUSTED);
+        CASE(CKT_NSS_MUST_VERIFY_TRUST);
+        CASE(CKT_NSS_TRUST_UNKNOWN);
+        CASE(CKT_NSS_VALID_DELEGATOR);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", trust);
+        PR_snprintf(str, len, "0x%p", trust);
 }
 
-static void log_rv(CK_RV rv)
+static void
+log_rv(CK_RV rv)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (rv) {
-    CASE(CKR_OK);
-    CASE(CKR_CANCEL);
-    CASE(CKR_HOST_MEMORY);
-    CASE(CKR_SLOT_ID_INVALID);
-    CASE(CKR_GENERAL_ERROR);
-    CASE(CKR_FUNCTION_FAILED);
-    CASE(CKR_ARGUMENTS_BAD);
-    CASE(CKR_NO_EVENT);
-    CASE(CKR_NEED_TO_CREATE_THREADS);
-    CASE(CKR_CANT_LOCK);
-    CASE(CKR_ATTRIBUTE_READ_ONLY);
-    CASE(CKR_ATTRIBUTE_SENSITIVE);
-    CASE(CKR_ATTRIBUTE_TYPE_INVALID);
-    CASE(CKR_ATTRIBUTE_VALUE_INVALID);
-    CASE(CKR_DATA_INVALID);
-    CASE(CKR_DATA_LEN_RANGE);
-    CASE(CKR_DEVICE_ERROR);
-    CASE(CKR_DEVICE_MEMORY);
-    CASE(CKR_DEVICE_REMOVED);
-    CASE(CKR_ENCRYPTED_DATA_INVALID);
-    CASE(CKR_ENCRYPTED_DATA_LEN_RANGE);
-    CASE(CKR_FUNCTION_CANCELED);
-    CASE(CKR_FUNCTION_NOT_PARALLEL);
-    CASE(CKR_FUNCTION_NOT_SUPPORTED);
-    CASE(CKR_KEY_HANDLE_INVALID);
-    CASE(CKR_KEY_SIZE_RANGE);
-    CASE(CKR_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_KEY_NOT_NEEDED);
-    CASE(CKR_KEY_CHANGED);
-    CASE(CKR_KEY_NEEDED);
-    CASE(CKR_KEY_INDIGESTIBLE);
-    CASE(CKR_KEY_FUNCTION_NOT_PERMITTED);
-    CASE(CKR_KEY_NOT_WRAPPABLE);
-    CASE(CKR_KEY_UNEXTRACTABLE);
-    CASE(CKR_MECHANISM_INVALID);
-    CASE(CKR_MECHANISM_PARAM_INVALID);
-    CASE(CKR_OBJECT_HANDLE_INVALID);
-    CASE(CKR_OPERATION_ACTIVE);
-    CASE(CKR_OPERATION_NOT_INITIALIZED);
-    CASE(CKR_PIN_INCORRECT);
-    CASE(CKR_PIN_INVALID);
-    CASE(CKR_PIN_LEN_RANGE);
-    CASE(CKR_PIN_EXPIRED);
-    CASE(CKR_PIN_LOCKED);
-    CASE(CKR_SESSION_CLOSED);
-    CASE(CKR_SESSION_COUNT);
-    CASE(CKR_SESSION_HANDLE_INVALID);
-    CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
-    CASE(CKR_SESSION_READ_ONLY);
-    CASE(CKR_SESSION_EXISTS);
-    CASE(CKR_SESSION_READ_ONLY_EXISTS);
-    CASE(CKR_SESSION_READ_WRITE_SO_EXISTS);
-    CASE(CKR_SIGNATURE_INVALID);
-    CASE(CKR_SIGNATURE_LEN_RANGE);
-    CASE(CKR_TEMPLATE_INCOMPLETE);
-    CASE(CKR_TEMPLATE_INCONSISTENT);
-    CASE(CKR_TOKEN_NOT_PRESENT);
-    CASE(CKR_TOKEN_NOT_RECOGNIZED);
-    CASE(CKR_TOKEN_WRITE_PROTECTED);
-    CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
-    CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE);
-    CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_USER_ALREADY_LOGGED_IN);
-    CASE(CKR_USER_NOT_LOGGED_IN);
-    CASE(CKR_USER_PIN_NOT_INITIALIZED);
-    CASE(CKR_USER_TYPE_INVALID);
-    CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
-    CASE(CKR_USER_TOO_MANY_TYPES);
-    CASE(CKR_WRAPPED_KEY_INVALID);
-    CASE(CKR_WRAPPED_KEY_LEN_RANGE);
-    CASE(CKR_WRAPPING_KEY_HANDLE_INVALID);
-    CASE(CKR_WRAPPING_KEY_SIZE_RANGE);
-    CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
-    CASE(CKR_RANDOM_SEED_NOT_SUPPORTED);
-    CASE(CKR_RANDOM_NO_RNG);
-    CASE(CKR_DOMAIN_PARAMS_INVALID);
-    CASE(CKR_BUFFER_TOO_SMALL);
-    CASE(CKR_SAVED_STATE_INVALID);
-    CASE(CKR_INFORMATION_SENSITIVE);
-    CASE(CKR_STATE_UNSAVEABLE);
-    CASE(CKR_CRYPTOKI_NOT_INITIALIZED);
-    CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED);
-    CASE(CKR_MUTEX_BAD);
-    CASE(CKR_MUTEX_NOT_LOCKED);
-    CASE(CKR_FUNCTION_REJECTED);
-    CASE(CKR_KEY_PARAMS_INVALID);
-    default: break;
+        CASE(CKR_OK);
+        CASE(CKR_CANCEL);
+        CASE(CKR_HOST_MEMORY);
+        CASE(CKR_SLOT_ID_INVALID);
+        CASE(CKR_GENERAL_ERROR);
+        CASE(CKR_FUNCTION_FAILED);
+        CASE(CKR_ARGUMENTS_BAD);
+        CASE(CKR_NO_EVENT);
+        CASE(CKR_NEED_TO_CREATE_THREADS);
+        CASE(CKR_CANT_LOCK);
+        CASE(CKR_ATTRIBUTE_READ_ONLY);
+        CASE(CKR_ATTRIBUTE_SENSITIVE);
+        CASE(CKR_ATTRIBUTE_TYPE_INVALID);
+        CASE(CKR_ATTRIBUTE_VALUE_INVALID);
+        CASE(CKR_DATA_INVALID);
+        CASE(CKR_DATA_LEN_RANGE);
+        CASE(CKR_DEVICE_ERROR);
+        CASE(CKR_DEVICE_MEMORY);
+        CASE(CKR_DEVICE_REMOVED);
+        CASE(CKR_ENCRYPTED_DATA_INVALID);
+        CASE(CKR_ENCRYPTED_DATA_LEN_RANGE);
+        CASE(CKR_FUNCTION_CANCELED);
+        CASE(CKR_FUNCTION_NOT_PARALLEL);
+        CASE(CKR_FUNCTION_NOT_SUPPORTED);
+        CASE(CKR_KEY_HANDLE_INVALID);
+        CASE(CKR_KEY_SIZE_RANGE);
+        CASE(CKR_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_KEY_NOT_NEEDED);
+        CASE(CKR_KEY_CHANGED);
+        CASE(CKR_KEY_NEEDED);
+        CASE(CKR_KEY_INDIGESTIBLE);
+        CASE(CKR_KEY_FUNCTION_NOT_PERMITTED);
+        CASE(CKR_KEY_NOT_WRAPPABLE);
+        CASE(CKR_KEY_UNEXTRACTABLE);
+        CASE(CKR_MECHANISM_INVALID);
+        CASE(CKR_MECHANISM_PARAM_INVALID);
+        CASE(CKR_OBJECT_HANDLE_INVALID);
+        CASE(CKR_OPERATION_ACTIVE);
+        CASE(CKR_OPERATION_NOT_INITIALIZED);
+        CASE(CKR_PIN_INCORRECT);
+        CASE(CKR_PIN_INVALID);
+        CASE(CKR_PIN_LEN_RANGE);
+        CASE(CKR_PIN_EXPIRED);
+        CASE(CKR_PIN_LOCKED);
+        CASE(CKR_SESSION_CLOSED);
+        CASE(CKR_SESSION_COUNT);
+        CASE(CKR_SESSION_HANDLE_INVALID);
+        CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
+        CASE(CKR_SESSION_READ_ONLY);
+        CASE(CKR_SESSION_EXISTS);
+        CASE(CKR_SESSION_READ_ONLY_EXISTS);
+        CASE(CKR_SESSION_READ_WRITE_SO_EXISTS);
+        CASE(CKR_SIGNATURE_INVALID);
+        CASE(CKR_SIGNATURE_LEN_RANGE);
+        CASE(CKR_TEMPLATE_INCOMPLETE);
+        CASE(CKR_TEMPLATE_INCONSISTENT);
+        CASE(CKR_TOKEN_NOT_PRESENT);
+        CASE(CKR_TOKEN_NOT_RECOGNIZED);
+        CASE(CKR_TOKEN_WRITE_PROTECTED);
+        CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_USER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_NOT_LOGGED_IN);
+        CASE(CKR_USER_PIN_NOT_INITIALIZED);
+        CASE(CKR_USER_TYPE_INVALID);
+        CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_TOO_MANY_TYPES);
+        CASE(CKR_WRAPPED_KEY_INVALID);
+        CASE(CKR_WRAPPED_KEY_LEN_RANGE);
+        CASE(CKR_WRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_WRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_RANDOM_SEED_NOT_SUPPORTED);
+        CASE(CKR_RANDOM_NO_RNG);
+        CASE(CKR_DOMAIN_PARAMS_INVALID);
+        CASE(CKR_BUFFER_TOO_SMALL);
+        CASE(CKR_SAVED_STATE_INVALID);
+        CASE(CKR_INFORMATION_SENSITIVE);
+        CASE(CKR_STATE_UNSAVEABLE);
+        CASE(CKR_CRYPTOKI_NOT_INITIALIZED);
+        CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED);
+        CASE(CKR_MUTEX_BAD);
+        CASE(CKR_MUTEX_NOT_LOCKED);
+        CASE(CKR_FUNCTION_REJECTED);
+        CASE(CKR_KEY_PARAMS_INVALID);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 1, ("  rv = %s\n", a));
+        PR_LOG(modlog, 1, ("  rv = %s\n", a));
     else
-	PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
+        PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
 }
 
-static void log_state(CK_STATE state)
+static void
+log_state(CK_STATE state)
 {
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (state) {
-    CASE(CKS_RO_PUBLIC_SESSION);
-    CASE(CKS_RO_USER_FUNCTIONS);
-    CASE(CKS_RW_PUBLIC_SESSION);
-    CASE(CKS_RW_USER_FUNCTIONS);
-    CASE(CKS_RW_SO_FUNCTIONS);
-    default: break;
+        CASE(CKS_RO_PUBLIC_SESSION);
+        CASE(CKS_RO_USER_FUNCTIONS);
+        CASE(CKS_RW_PUBLIC_SESSION);
+        CASE(CKS_RW_USER_FUNCTIONS);
+        CASE(CKS_RW_SO_FUNCTIONS);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 1, ("  state = %s\n", a));
+        PR_LOG(modlog, 1, ("  state = %s\n", a));
     else
-	PR_LOG(modlog, 1, ("  state = 0x%x\n", state));
+        PR_LOG(modlog, 1, ("  state = 0x%x\n", state));
 }
 
-static void log_handle(int level, const char * format, CK_ULONG handle)
+static void
+log_handle(int level, const char *format, CK_ULONG handle)
 {
     char fmtBuf[80];
     if (handle)
-	PR_LOG(modlog, level, (format, handle));
+        PR_LOG(modlog, level, (format, handle));
     else {
-	PL_strncpyz(fmtBuf, format, sizeof fmtBuf);
-	PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle);
-	PR_LOG(modlog, level, (fmtBuf, handle));
+        PL_strncpyz(fmtBuf, format, sizeof fmtBuf);
+        PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle);
+        PR_LOG(modlog, level, (fmtBuf, handle));
     }
 }
 
-static void print_mechanism(CK_MECHANISM_PTR m)
+static void
+print_mechanism(CK_MECHANISM_PTR m)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (m->mechanism) {
-    CASE(CKM_AES_CBC);
-    CASE(CKM_AES_CBC_ENCRYPT_DATA);
-    CASE(CKM_AES_CBC_PAD);
-    CASE(CKM_AES_CCM);
-    CASE(CKM_AES_CTR);
-    CASE(CKM_AES_CTS);
-    CASE(CKM_AES_GCM);
-    CASE(CKM_AES_ECB);
-    CASE(CKM_AES_ECB_ENCRYPT_DATA);
-    CASE(CKM_AES_KEY_GEN);
-    CASE(CKM_AES_MAC);
-    CASE(CKM_AES_MAC_GENERAL);
-    CASE(CKM_CAMELLIA_CBC);
-    CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA);
-    CASE(CKM_CAMELLIA_CBC_PAD);
-    CASE(CKM_CAMELLIA_ECB);
-    CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA);
-    CASE(CKM_CAMELLIA_KEY_GEN);
-    CASE(CKM_CAMELLIA_MAC);
-    CASE(CKM_CAMELLIA_MAC_GENERAL);
-    CASE(CKM_CDMF_CBC);
-    CASE(CKM_CDMF_CBC_PAD);
-    CASE(CKM_CDMF_ECB);
-    CASE(CKM_CDMF_KEY_GEN);
-    CASE(CKM_CDMF_MAC);
-    CASE(CKM_CDMF_MAC_GENERAL);
-    CASE(CKM_CMS_SIG);
-    CASE(CKM_CONCATENATE_BASE_AND_DATA);
-    CASE(CKM_CONCATENATE_BASE_AND_KEY);
-    CASE(CKM_CONCATENATE_DATA_AND_BASE);
-    CASE(CKM_DES2_KEY_GEN);
-    CASE(CKM_DES3_CBC);
-    CASE(CKM_DES3_CBC_ENCRYPT_DATA);
-    CASE(CKM_DES3_CBC_PAD);
-    CASE(CKM_DES3_ECB);
-    CASE(CKM_DES3_ECB_ENCRYPT_DATA);
-    CASE(CKM_DES3_KEY_GEN);
-    CASE(CKM_DES3_MAC);
-    CASE(CKM_DES3_MAC_GENERAL);
-    CASE(CKM_DES_CBC);
-    CASE(CKM_DES_CBC_ENCRYPT_DATA);
-    CASE(CKM_DES_CBC_PAD);
-    CASE(CKM_DES_CFB64);
-    CASE(CKM_DES_CFB8);
-    CASE(CKM_DES_ECB);
-    CASE(CKM_DES_ECB_ENCRYPT_DATA);
-    CASE(CKM_DES_KEY_GEN);
-    CASE(CKM_DES_MAC);
-    CASE(CKM_DES_MAC_GENERAL);
-    CASE(CKM_DES_OFB64);
-    CASE(CKM_DES_OFB8);
-    CASE(CKM_DH_PKCS_DERIVE);
-    CASE(CKM_DH_PKCS_KEY_PAIR_GEN);
-    CASE(CKM_DH_PKCS_PARAMETER_GEN);
-    CASE(CKM_DSA);
-    CASE(CKM_DSA_KEY_PAIR_GEN);
-    CASE(CKM_DSA_PARAMETER_GEN);
-    CASE(CKM_DSA_SHA1);
-    CASE(CKM_ECDH1_COFACTOR_DERIVE);
-    CASE(CKM_ECDH1_DERIVE);
-    CASE(CKM_ECDSA);
-    CASE(CKM_ECDSA_SHA1);
-    CASE(CKM_ECMQV_DERIVE);
-    CASE(CKM_EC_KEY_PAIR_GEN);	     /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
-    CASE(CKM_EXTRACT_KEY_FROM_KEY);
-    CASE(CKM_FASTHASH);
-    CASE(CKM_FORTEZZA_TIMESTAMP);
-    CASE(CKM_GENERIC_SECRET_KEY_GEN);
-    CASE(CKM_IDEA_CBC);
-    CASE(CKM_IDEA_CBC_PAD);
-    CASE(CKM_IDEA_ECB);
-    CASE(CKM_IDEA_KEY_GEN);
-    CASE(CKM_IDEA_MAC);
-    CASE(CKM_IDEA_MAC_GENERAL);
-    CASE(CKM_KEA_KEY_DERIVE);
-    CASE(CKM_KEA_KEY_PAIR_GEN);
-    CASE(CKM_KEY_WRAP_LYNKS);
-    CASE(CKM_KEY_WRAP_SET_OAEP);
-    CASE(CKM_MD2);
-    CASE(CKM_MD2_HMAC);
-    CASE(CKM_MD2_HMAC_GENERAL);
-    CASE(CKM_MD2_KEY_DERIVATION);
-    CASE(CKM_MD2_RSA_PKCS);
-    CASE(CKM_MD5);
-    CASE(CKM_MD5_HMAC);
-    CASE(CKM_MD5_HMAC_GENERAL);
-    CASE(CKM_MD5_KEY_DERIVATION);
-    CASE(CKM_MD5_RSA_PKCS);
-    CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC);
-    CASE(CKM_PBE_MD2_DES_CBC);
-    CASE(CKM_PBE_MD5_DES_CBC);
-    CASE(CKM_PBE_SHA1_DES2_EDE_CBC);
-    CASE(CKM_PBE_SHA1_DES3_EDE_CBC);
-    CASE(CKM_PBE_SHA1_RC2_128_CBC);
-    CASE(CKM_PBE_SHA1_RC2_40_CBC);
-    CASE(CKM_PBE_SHA1_RC4_128);
-    CASE(CKM_PBE_SHA1_RC4_40);
-    CASE(CKM_PKCS5_PBKD2);
-    CASE(CKM_RC2_CBC);
-    CASE(CKM_RC2_CBC_PAD);
-    CASE(CKM_RC2_ECB);
-    CASE(CKM_RC2_KEY_GEN);
-    CASE(CKM_RC2_MAC);
-    CASE(CKM_RC2_MAC_GENERAL);
-    CASE(CKM_RC4);
-    CASE(CKM_RC4_KEY_GEN);
-    CASE(CKM_RC5_CBC);
-    CASE(CKM_RC5_CBC_PAD);
-    CASE(CKM_RC5_ECB);
-    CASE(CKM_RC5_KEY_GEN);
-    CASE(CKM_RC5_MAC);
-    CASE(CKM_RC5_MAC_GENERAL);
-    CASE(CKM_RIPEMD128);
-    CASE(CKM_RIPEMD128_HMAC);
-    CASE(CKM_RIPEMD128_HMAC_GENERAL);
-    CASE(CKM_RIPEMD128_RSA_PKCS);
-    CASE(CKM_RIPEMD160);
-    CASE(CKM_RIPEMD160_HMAC);
-    CASE(CKM_RIPEMD160_HMAC_GENERAL);
-    CASE(CKM_RIPEMD160_RSA_PKCS);
-    CASE(CKM_RSA_9796);
-    CASE(CKM_RSA_PKCS);
-    CASE(CKM_RSA_PKCS_KEY_PAIR_GEN);
-    CASE(CKM_RSA_PKCS_OAEP);
-    CASE(CKM_RSA_PKCS_PSS);
-    CASE(CKM_RSA_X9_31);
-    CASE(CKM_RSA_X9_31_KEY_PAIR_GEN);
-    CASE(CKM_RSA_X_509);
-    CASE(CKM_SHA1_KEY_DERIVATION);
-    CASE(CKM_SHA1_RSA_PKCS);
-    CASE(CKM_SHA1_RSA_PKCS_PSS);
-    CASE(CKM_SHA1_RSA_X9_31);
-    CASE(CKM_SHA224);
-    CASE(CKM_SHA224_HMAC);
-    CASE(CKM_SHA224_HMAC_GENERAL);
-    CASE(CKM_SHA224_KEY_DERIVATION);
-    CASE(CKM_SHA224_RSA_PKCS);
-    CASE(CKM_SHA224_RSA_PKCS_PSS);
-    CASE(CKM_SHA256);
-    CASE(CKM_SHA256_HMAC);
-    CASE(CKM_SHA256_HMAC_GENERAL);
-    CASE(CKM_SHA256_KEY_DERIVATION);
-    CASE(CKM_SHA256_RSA_PKCS);
-    CASE(CKM_SHA256_RSA_PKCS_PSS);
-    CASE(CKM_SHA384);
-    CASE(CKM_SHA384_HMAC);
-    CASE(CKM_SHA384_HMAC_GENERAL);
-    CASE(CKM_SHA384_KEY_DERIVATION);
-    CASE(CKM_SHA384_RSA_PKCS);
-    CASE(CKM_SHA384_RSA_PKCS_PSS);
-    CASE(CKM_SHA512);
-    CASE(CKM_SHA512_HMAC);
-    CASE(CKM_SHA512_HMAC_GENERAL);
-    CASE(CKM_SHA512_KEY_DERIVATION);
-    CASE(CKM_SHA512_RSA_PKCS);
-    CASE(CKM_SHA512_RSA_PKCS_PSS);
-    CASE(CKM_SHA_1);
-    CASE(CKM_SHA_1_HMAC);
-    CASE(CKM_SHA_1_HMAC_GENERAL);
-    CASE(CKM_SKIPJACK_CBC64);
-    CASE(CKM_SKIPJACK_CFB16);
-    CASE(CKM_SKIPJACK_CFB32);
-    CASE(CKM_SKIPJACK_CFB64);
-    CASE(CKM_SKIPJACK_CFB8);
-    CASE(CKM_SKIPJACK_ECB64);
-    CASE(CKM_SKIPJACK_KEY_GEN);
-    CASE(CKM_SKIPJACK_OFB64);
-    CASE(CKM_SKIPJACK_PRIVATE_WRAP);
-    CASE(CKM_SKIPJACK_RELAYX);
-    CASE(CKM_SKIPJACK_WRAP);
-    CASE(CKM_SSL3_KEY_AND_MAC_DERIVE);
-    CASE(CKM_SSL3_MASTER_KEY_DERIVE);
-    CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH);
-    CASE(CKM_SSL3_MD5_MAC);
-    CASE(CKM_SSL3_PRE_MASTER_KEY_GEN);
-    CASE(CKM_SSL3_SHA1_MAC);
-    CASE(CKM_TLS_KEY_AND_MAC_DERIVE);
-    CASE(CKM_TLS_MASTER_KEY_DERIVE);
-    CASE(CKM_TLS_MASTER_KEY_DERIVE_DH);
-    CASE(CKM_TLS_PRE_MASTER_KEY_GEN);
-    CASE(CKM_TLS_PRF);
-    CASE(CKM_TWOFISH_CBC);
-    CASE(CKM_TWOFISH_KEY_GEN);
-    CASE(CKM_X9_42_DH_DERIVE);
-    CASE(CKM_X9_42_DH_HYBRID_DERIVE);
-    CASE(CKM_X9_42_DH_KEY_PAIR_GEN);
-    CASE(CKM_X9_42_DH_PARAMETER_GEN);
-    CASE(CKM_X9_42_MQV_DERIVE);
-    CASE(CKM_XOR_BASE_AND_DATA);
-    default: break;
+        CASE(CKM_AES_CBC);
+        CASE(CKM_AES_CBC_ENCRYPT_DATA);
+        CASE(CKM_AES_CBC_PAD);
+        CASE(CKM_AES_CCM);
+        CASE(CKM_AES_CTR);
+        CASE(CKM_AES_CTS);
+        CASE(CKM_AES_GCM);
+        CASE(CKM_AES_ECB);
+        CASE(CKM_AES_ECB_ENCRYPT_DATA);
+        CASE(CKM_AES_KEY_GEN);
+        CASE(CKM_AES_MAC);
+        CASE(CKM_AES_MAC_GENERAL);
+        CASE(CKM_CAMELLIA_CBC);
+        CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_CBC_PAD);
+        CASE(CKM_CAMELLIA_ECB);
+        CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_KEY_GEN);
+        CASE(CKM_CAMELLIA_MAC);
+        CASE(CKM_CAMELLIA_MAC_GENERAL);
+        CASE(CKM_CDMF_CBC);
+        CASE(CKM_CDMF_CBC_PAD);
+        CASE(CKM_CDMF_ECB);
+        CASE(CKM_CDMF_KEY_GEN);
+        CASE(CKM_CDMF_MAC);
+        CASE(CKM_CDMF_MAC_GENERAL);
+        CASE(CKM_CMS_SIG);
+        CASE(CKM_CONCATENATE_BASE_AND_DATA);
+        CASE(CKM_CONCATENATE_BASE_AND_KEY);
+        CASE(CKM_CONCATENATE_DATA_AND_BASE);
+        CASE(CKM_DES2_KEY_GEN);
+        CASE(CKM_DES3_CBC);
+        CASE(CKM_DES3_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES3_CBC_PAD);
+        CASE(CKM_DES3_ECB);
+        CASE(CKM_DES3_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES3_KEY_GEN);
+        CASE(CKM_DES3_MAC);
+        CASE(CKM_DES3_MAC_GENERAL);
+        CASE(CKM_DES_CBC);
+        CASE(CKM_DES_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES_CBC_PAD);
+        CASE(CKM_DES_CFB64);
+        CASE(CKM_DES_CFB8);
+        CASE(CKM_DES_ECB);
+        CASE(CKM_DES_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES_KEY_GEN);
+        CASE(CKM_DES_MAC);
+        CASE(CKM_DES_MAC_GENERAL);
+        CASE(CKM_DES_OFB64);
+        CASE(CKM_DES_OFB8);
+        CASE(CKM_DH_PKCS_DERIVE);
+        CASE(CKM_DH_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_DH_PKCS_PARAMETER_GEN);
+        CASE(CKM_DSA);
+        CASE(CKM_DSA_KEY_PAIR_GEN);
+        CASE(CKM_DSA_PARAMETER_GEN);
+        CASE(CKM_DSA_SHA1);
+        CASE(CKM_ECDH1_COFACTOR_DERIVE);
+        CASE(CKM_ECDH1_DERIVE);
+        CASE(CKM_ECDSA);
+        CASE(CKM_ECDSA_SHA1);
+        CASE(CKM_ECMQV_DERIVE);
+        CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
+        CASE(CKM_EXTRACT_KEY_FROM_KEY);
+        CASE(CKM_FASTHASH);
+        CASE(CKM_FORTEZZA_TIMESTAMP);
+        CASE(CKM_GENERIC_SECRET_KEY_GEN);
+        CASE(CKM_IDEA_CBC);
+        CASE(CKM_IDEA_CBC_PAD);
+        CASE(CKM_IDEA_ECB);
+        CASE(CKM_IDEA_KEY_GEN);
+        CASE(CKM_IDEA_MAC);
+        CASE(CKM_IDEA_MAC_GENERAL);
+        CASE(CKM_KEA_KEY_DERIVE);
+        CASE(CKM_KEA_KEY_PAIR_GEN);
+        CASE(CKM_KEY_WRAP_LYNKS);
+        CASE(CKM_KEY_WRAP_SET_OAEP);
+        CASE(CKM_MD2);
+        CASE(CKM_MD2_HMAC);
+        CASE(CKM_MD2_HMAC_GENERAL);
+        CASE(CKM_MD2_KEY_DERIVATION);
+        CASE(CKM_MD2_RSA_PKCS);
+        CASE(CKM_MD5);
+        CASE(CKM_MD5_HMAC);
+        CASE(CKM_MD5_HMAC_GENERAL);
+        CASE(CKM_MD5_KEY_DERIVATION);
+        CASE(CKM_MD5_RSA_PKCS);
+        CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC);
+        CASE(CKM_PBE_MD2_DES_CBC);
+        CASE(CKM_PBE_MD5_DES_CBC);
+        CASE(CKM_PBE_SHA1_DES2_EDE_CBC);
+        CASE(CKM_PBE_SHA1_DES3_EDE_CBC);
+        CASE(CKM_PBE_SHA1_RC2_128_CBC);
+        CASE(CKM_PBE_SHA1_RC2_40_CBC);
+        CASE(CKM_PBE_SHA1_RC4_128);
+        CASE(CKM_PBE_SHA1_RC4_40);
+        CASE(CKM_PKCS5_PBKD2);
+        CASE(CKM_RC2_CBC);
+        CASE(CKM_RC2_CBC_PAD);
+        CASE(CKM_RC2_ECB);
+        CASE(CKM_RC2_KEY_GEN);
+        CASE(CKM_RC2_MAC);
+        CASE(CKM_RC2_MAC_GENERAL);
+        CASE(CKM_RC4);
+        CASE(CKM_RC4_KEY_GEN);
+        CASE(CKM_RC5_CBC);
+        CASE(CKM_RC5_CBC_PAD);
+        CASE(CKM_RC5_ECB);
+        CASE(CKM_RC5_KEY_GEN);
+        CASE(CKM_RC5_MAC);
+        CASE(CKM_RC5_MAC_GENERAL);
+        CASE(CKM_RIPEMD128);
+        CASE(CKM_RIPEMD128_HMAC);
+        CASE(CKM_RIPEMD128_HMAC_GENERAL);
+        CASE(CKM_RIPEMD128_RSA_PKCS);
+        CASE(CKM_RIPEMD160);
+        CASE(CKM_RIPEMD160_HMAC);
+        CASE(CKM_RIPEMD160_HMAC_GENERAL);
+        CASE(CKM_RIPEMD160_RSA_PKCS);
+        CASE(CKM_RSA_9796);
+        CASE(CKM_RSA_PKCS);
+        CASE(CKM_RSA_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_RSA_PKCS_OAEP);
+        CASE(CKM_RSA_PKCS_PSS);
+        CASE(CKM_RSA_X9_31);
+        CASE(CKM_RSA_X9_31_KEY_PAIR_GEN);
+        CASE(CKM_RSA_X_509);
+        CASE(CKM_SHA1_KEY_DERIVATION);
+        CASE(CKM_SHA1_RSA_PKCS);
+        CASE(CKM_SHA1_RSA_PKCS_PSS);
+        CASE(CKM_SHA1_RSA_X9_31);
+        CASE(CKM_SHA224);
+        CASE(CKM_SHA224_HMAC);
+        CASE(CKM_SHA224_HMAC_GENERAL);
+        CASE(CKM_SHA224_KEY_DERIVATION);
+        CASE(CKM_SHA224_RSA_PKCS);
+        CASE(CKM_SHA224_RSA_PKCS_PSS);
+        CASE(CKM_SHA256);
+        CASE(CKM_SHA256_HMAC);
+        CASE(CKM_SHA256_HMAC_GENERAL);
+        CASE(CKM_SHA256_KEY_DERIVATION);
+        CASE(CKM_SHA256_RSA_PKCS);
+        CASE(CKM_SHA256_RSA_PKCS_PSS);
+        CASE(CKM_SHA384);
+        CASE(CKM_SHA384_HMAC);
+        CASE(CKM_SHA384_HMAC_GENERAL);
+        CASE(CKM_SHA384_KEY_DERIVATION);
+        CASE(CKM_SHA384_RSA_PKCS);
+        CASE(CKM_SHA384_RSA_PKCS_PSS);
+        CASE(CKM_SHA512);
+        CASE(CKM_SHA512_HMAC);
+        CASE(CKM_SHA512_HMAC_GENERAL);
+        CASE(CKM_SHA512_KEY_DERIVATION);
+        CASE(CKM_SHA512_RSA_PKCS);
+        CASE(CKM_SHA512_RSA_PKCS_PSS);
+        CASE(CKM_SHA_1);
+        CASE(CKM_SHA_1_HMAC);
+        CASE(CKM_SHA_1_HMAC_GENERAL);
+        CASE(CKM_SKIPJACK_CBC64);
+        CASE(CKM_SKIPJACK_CFB16);
+        CASE(CKM_SKIPJACK_CFB32);
+        CASE(CKM_SKIPJACK_CFB64);
+        CASE(CKM_SKIPJACK_CFB8);
+        CASE(CKM_SKIPJACK_ECB64);
+        CASE(CKM_SKIPJACK_KEY_GEN);
+        CASE(CKM_SKIPJACK_OFB64);
+        CASE(CKM_SKIPJACK_PRIVATE_WRAP);
+        CASE(CKM_SKIPJACK_RELAYX);
+        CASE(CKM_SKIPJACK_WRAP);
+        CASE(CKM_SSL3_KEY_AND_MAC_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_SSL3_MD5_MAC);
+        CASE(CKM_SSL3_PRE_MASTER_KEY_GEN);
+        CASE(CKM_SSL3_SHA1_MAC);
+        CASE(CKM_TLS_KEY_AND_MAC_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_TLS_PRE_MASTER_KEY_GEN);
+        CASE(CKM_TLS_PRF);
+        CASE(CKM_TWOFISH_CBC);
+        CASE(CKM_TWOFISH_KEY_GEN);
+        CASE(CKM_X9_42_DH_DERIVE);
+        CASE(CKM_X9_42_DH_HYBRID_DERIVE);
+        CASE(CKM_X9_42_DH_KEY_PAIR_GEN);
+        CASE(CKM_X9_42_DH_PARAMETER_GEN);
+        CASE(CKM_X9_42_MQV_DERIVE);
+        CASE(CKM_XOR_BASE_AND_DATA);
+        default:
+            break;
     }
     if (a)
-	PR_LOG(modlog, 4, ("      mechanism = %s", a));
+        PR_LOG(modlog, 4, ("      mechanism = %s", a));
     else
-	PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
+        PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
 }
 
-static void get_key_type(CK_KEY_TYPE keyType, char *str, int len)
+static void
+get_key_type(CK_KEY_TYPE keyType, char *str, int len)
 {
 
-    const char * a = NULL;
+    const char *a = NULL;
 
     switch (keyType) {
-    CASE(CKK_AES);
-    CASE(CKK_CAMELLIA);
-    CASE(CKK_CDMF);
-    CASE(CKK_DES);
-    CASE(CKK_DES2);
-    CASE(CKK_DES3);
-    CASE(CKK_DH);
-    CASE(CKK_DSA);
-    CASE(CKK_EC);		/* also CASE(CKK_ECDSA); */
-    CASE(CKK_GENERIC_SECRET);
-    CASE(CKK_IDEA);
-    CASE(CKK_INVALID_KEY_TYPE);
-    CASE(CKK_KEA);
-    CASE(CKK_RC2);
-    CASE(CKK_RC4);
-    CASE(CKK_RC5);
-    CASE(CKK_RSA);
-    CASE(CKK_SKIPJACK);
-    CASE(CKK_TWOFISH);
-    CASE(CKK_X9_42_DH);
-    default: break;
+        CASE(CKK_AES);
+        CASE(CKK_CAMELLIA);
+        CASE(CKK_CDMF);
+        CASE(CKK_DES);
+        CASE(CKK_DES2);
+        CASE(CKK_DES3);
+        CASE(CKK_DH);
+        CASE(CKK_DSA);
+        CASE(CKK_EC); /* also CASE(CKK_ECDSA); */
+        CASE(CKK_GENERIC_SECRET);
+        CASE(CKK_IDEA);
+        CASE(CKK_INVALID_KEY_TYPE);
+        CASE(CKK_KEA);
+        CASE(CKK_RC2);
+        CASE(CKK_RC4);
+        CASE(CKK_RC5);
+        CASE(CKK_RSA);
+        CASE(CKK_SKIPJACK);
+        CASE(CKK_TWOFISH);
+        CASE(CKK_X9_42_DH);
+        default:
+            break;
     }
     if (a)
-	PR_snprintf(str, len, "%s", a);
+        PR_snprintf(str, len, "%s", a);
     else
-	PR_snprintf(str, len, "0x%p", keyType);
+        PR_snprintf(str, len, "0x%p", keyType);
 }
 
-static void print_attr_value(CK_ATTRIBUTE_PTR attr)
+static void
+print_attr_value(CK_ATTRIBUTE_PTR attr)
 {
     char atype[48];
     char valstr[49];
     int len;
 
     get_attr_type_str(attr->type, atype, sizeof atype);
     switch (attr->type) {
-    case CKA_ALWAYS_SENSITIVE:
-    case CKA_DECRYPT:
-    case CKA_DERIVE:
-    case CKA_ENCRYPT:
-    case CKA_EXTRACTABLE:
-    case CKA_LOCAL:
-    case CKA_MODIFIABLE:
-    case CKA_NEVER_EXTRACTABLE:
-    case CKA_PRIVATE:
-    case CKA_SENSITIVE:
-    case CKA_SIGN:
-    case CKA_SIGN_RECOVER:
-    case CKA_TOKEN:
-    case CKA_UNWRAP:
-    case CKA_VERIFY:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_BBOOL tf = *((CK_BBOOL *)attr->pValue);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen));
-	    break;
-	}
-    case CKA_CLASS:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue);
-	    get_obj_class(objClass, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_TRUST_CLIENT_AUTH:
-    case CKA_TRUST_CODE_SIGNING:
-    case CKA_TRUST_EMAIL_PROTECTION:
-    case CKA_TRUST_SERVER_AUTH:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_TRUST trust = *((CK_TRUST *)attr->pValue);
-	    get_trust_val(trust, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_KEY_TYPE:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_KEY_TYPE keyType = *((CK_KEY_TYPE *)attr->pValue);
-	    get_key_type(keyType, valstr, sizeof valstr);
-	    PR_LOG(modlog, 4, (fmt_s_s_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_PIXEL_X:
-    case CKA_PIXEL_Y:
-    case CKA_RESOLUTION:
-    case CKA_CHAR_ROWS:
-    case CKA_CHAR_COLUMNS:
-    case CKA_BITS_PER_PIXEL:
-    case CKA_CERTIFICATE_CATEGORY:  /* should print as enum/string */
-    case CKA_JAVA_MIDP_SECURITY_DOMAIN:  /* should print as enum/string */
-    case CKA_MODULUS_BITS:
-    case CKA_PRIME_BITS:
-    case CKA_SUBPRIME_BITS:
-    case CKA_VALUE_BITS:
-    case CKA_VALUE_LEN:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    CK_ULONG valueLen = *((CK_ULONG *)attr->pValue);
-	    /* XXX check for the special value CK_UNAVAILABLE_INFORMATION */
-	    PR_LOG(modlog, 4, (fmt_s_lu, atype, (PRUint32)valueLen));
-	    break;
-	}
-    case CKA_LABEL:
-    case CKA_NSS_EMAIL:
-    case CKA_NSS_URL:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
-	    PR_snprintf(valstr, len, "%s", attr->pValue);
-	    PR_LOG(modlog, 4, (fmt_s_qsq_d, 
-	           atype, valstr, attr->ulValueLen));
-	    break;
-	}
-    case CKA_ISSUER:
-    case CKA_SUBJECT:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    char * asciiName;
-	    SECItem derName;
-	    derName.type = siDERNameBuffer;
-	    derName.data = attr->pValue;
-	    derName.len  = attr->ulValueLen;
-	    asciiName = CERT_DerNameToAscii(&derName);
-	    if (asciiName) {
-		PR_LOG(modlog, 4, (fmt_s_s_d, 
-		       atype, asciiName, attr->ulValueLen));
-	    	PORT_Free(asciiName);
-		break;
-	    }
-	    /* else treat like a binary buffer */
-	    goto binary_buffer;
-	}
-    case CKA_ID:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    unsigned char * pV = attr->pValue;
-	    for (len = (int)attr->ulValueLen; len > 0; --len) {
-		unsigned int ch = *pV++;
-		if (ch >= 0x20 && ch < 0x7f) 
-		    continue;
-		if (!ch && len == 1)  /* will ignore NUL if last character */
-		    continue;
-		break;
-	    }
-	    if (!len) {	/* entire string is printable */
-		len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
-		PR_snprintf(valstr, len, "%s", attr->pValue);
-		PR_LOG(modlog, 4, (fmt_s_qsq_d, 
-		       atype, valstr, attr->ulValueLen));
-		break;
-	    }
-	    /* else fall through and treat like a binary buffer */
-	}
-binary_buffer:
-    case CKA_SERIAL_NUMBER:
-    default:
-	if (attr->ulValueLen > 0 && attr->pValue) {
-	    char * hexBuf;
-	    SECItem attrBuf;
-	    attrBuf.type = siDERNameBuffer;
-	    attrBuf.data = attr->pValue;
-	    attrBuf.len  = PR_MIN(attr->ulValueLen, (sizeof valstr)/2);
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_DECRYPT:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_EXTRACTABLE:
+        case CKA_LOCAL:
+        case CKA_MODIFIABLE:
+        case CKA_NEVER_EXTRACTABLE:
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_TOKEN:
+        case CKA_UNWRAP:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_BBOOL tf = *((CK_BBOOL *)attr->pValue);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen));
+                break;
+            }
+        case CKA_CLASS:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue);
+                get_obj_class(objClass, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_SERVER_AUTH:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_TRUST trust = *((CK_TRUST *)attr->pValue);
+                get_trust_val(trust, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_KEY_TYPE:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_KEY_TYPE keyType = *((CK_KEY_TYPE *)attr->pValue);
+                get_key_type(keyType, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_PIXEL_X:
+        case CKA_PIXEL_Y:
+        case CKA_RESOLUTION:
+        case CKA_CHAR_ROWS:
+        case CKA_CHAR_COLUMNS:
+        case CKA_BITS_PER_PIXEL:
+        case CKA_CERTIFICATE_CATEGORY:      /* should print as enum/string */
+        case CKA_JAVA_MIDP_SECURITY_DOMAIN: /* should print as enum/string */
+        case CKA_MODULUS_BITS:
+        case CKA_PRIME_BITS:
+        case CKA_SUBPRIME_BITS:
+        case CKA_VALUE_BITS:
+        case CKA_VALUE_LEN:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_ULONG valueLen = *((CK_ULONG *)attr->pValue);
+                /* XXX check for the special value CK_UNAVAILABLE_INFORMATION */
+                PR_LOG(modlog, 4, (fmt_s_lu, atype, (PRUint32)valueLen));
+                break;
+            }
+        case CKA_LABEL:
+        case CKA_NSS_EMAIL:
+        case CKA_NSS_URL:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
+                PR_snprintf(valstr, len, "%s", attr->pValue);
+                PR_LOG(modlog, 4, (fmt_s_qsq_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_ISSUER:
+        case CKA_SUBJECT:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                char *asciiName;
+                SECItem derName;
+                derName.type = siDERNameBuffer;
+                derName.data = attr->pValue;
+                derName.len = attr->ulValueLen;
+                asciiName = CERT_DerNameToAscii(&derName);
+                if (asciiName) {
+                    PR_LOG(modlog, 4, (fmt_s_s_d,
+                                       atype, asciiName, attr->ulValueLen));
+                    PORT_Free(asciiName);
+                    break;
+                }
+                /* else treat like a binary buffer */
+                goto binary_buffer;
+            }
+        case CKA_ID:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                unsigned char *pV = attr->pValue;
+                for (len = (int)attr->ulValueLen; len > 0; --len) {
+                    unsigned int ch = *pV++;
+                    if (ch >= 0x20 && ch < 0x7f)
+                        continue;
+                    if (!ch && len == 1) /* will ignore NUL if last character */
+                        continue;
+                    break;
+                }
+                if (!len) { /* entire string is printable */
+                    len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
+                    PR_snprintf(valstr, len, "%s", attr->pValue);
+                    PR_LOG(modlog, 4, (fmt_s_qsq_d,
+                                       atype, valstr, attr->ulValueLen));
+                    break;
+                }
+                /* else fall through and treat like a binary buffer */
+            }
+        binary_buffer:
+        case CKA_SERIAL_NUMBER:
+        default:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                char *hexBuf;
+                SECItem attrBuf;
+                attrBuf.type = siDERNameBuffer;
+                attrBuf.data = attr->pValue;
+                attrBuf.len = PR_MIN(attr->ulValueLen, (sizeof valstr) / 2);
 
-	    hexBuf = CERT_Hexify(&attrBuf, PR_FALSE);
-	    if (hexBuf) {
-		PR_LOG(modlog, 4, (fmt_s_s_d, 
-		       atype, hexBuf, attr->ulValueLen));
-	    	PORT_Free(hexBuf);
-		break;
-	    }
-	    /* else fall through and show only the address. :( */
-	}
-	PR_LOG(modlog, 4, ("    %s = [0x%p] [%d]", 
-	       atype, attr->pValue, attr->ulValueLen));
-	break;
+                hexBuf = CERT_Hexify(&attrBuf, PR_FALSE);
+                if (hexBuf) {
+                    PR_LOG(modlog, 4, (fmt_s_s_d,
+                                       atype, hexBuf, attr->ulValueLen));
+                    PORT_Free(hexBuf);
+                    break;
+                }
+                /* else fall through and show only the address. :( */
+            }
+            PR_LOG(modlog, 4, ("    %s = [0x%p] [%d]",
+                               atype, attr->pValue, attr->ulValueLen));
+            break;
     }
 }
 
-static void print_template(CK_ATTRIBUTE_PTR templ, CK_ULONG tlen)
+static void
+print_template(CK_ATTRIBUTE_PTR templ, CK_ULONG tlen)
 {
     CK_ULONG i;
-    for (i=0; i<tlen; i++) {
-	print_attr_value(&templ[i]);
+    for (i = 0; i < tlen; i++) {
+        print_attr_value(&templ[i]);
     }
 }
 
 struct nssdbg_prof_str {
     PRUint32 time;
     PRUint32 calls;
     char *function;
 };
 
-#define NSSDBG_DEFINE(func) { 0, 0, #func }
+#define NSSDBG_DEFINE(func) \
+    {                       \
+        0, 0, #func         \
+    }
 
 struct nssdbg_prof_str nssdbg_prof_data[] = {
 #define FUNC_C_INITIALIZE 0
     NSSDBG_DEFINE(C_Initialize),
 #define FUNC_C_FINALIZE 1
     NSSDBG_DEFINE(C_Finalize),
 #define FUNC_C_GETINFO 2
     NSSDBG_DEFINE(C_GetInfo),
@@ -789,17 +811,17 @@ struct nssdbg_prof_str nssdbg_prof_data[
 #define FUNC_C_LOGOUT 19
     NSSDBG_DEFINE(C_Logout),
 #define FUNC_C_CREATEOBJECT 20
     NSSDBG_DEFINE(C_CreateObject),
 #define FUNC_C_COPYOBJECT 21
     NSSDBG_DEFINE(C_CopyObject),
 #define FUNC_C_DESTROYOBJECT 22
     NSSDBG_DEFINE(C_DestroyObject),
-#define FUNC_C_GETOBJECTSIZE  23
+#define FUNC_C_GETOBJECTSIZE 23
     NSSDBG_DEFINE(C_GetObjectSize),
 #define FUNC_C_GETATTRIBUTEVALUE 24
     NSSDBG_DEFINE(C_GetAttributeValue),
 #define FUNC_C_SETATTRIBUTEVALUE 25
     NSSDBG_DEFINE(C_SetAttributeValue),
 #define FUNC_C_FINDOBJECTSINIT 26
     NSSDBG_DEFINE(C_FindObjectsInit),
 #define FUNC_C_FINDOBJECTS 27
@@ -867,1701 +889,1702 @@ struct nssdbg_prof_str nssdbg_prof_data[
 #define FUNC_C_GENERATEKEY 58
     NSSDBG_DEFINE(C_GenerateKey),
 #define FUNC_C_GENERATEKEYPAIR 59
     NSSDBG_DEFINE(C_GenerateKeyPair),
 #define FUNC_C_WRAPKEY 60
     NSSDBG_DEFINE(C_WrapKey),
 #define FUNC_C_UNWRAPKEY 61
     NSSDBG_DEFINE(C_UnWrapKey),
-#define FUNC_C_DERIVEKEY 62 
+#define FUNC_C_DERIVEKEY 62
     NSSDBG_DEFINE(C_DeriveKey),
 #define FUNC_C_SEEDRANDOM 63
     NSSDBG_DEFINE(C_SeedRandom),
 #define FUNC_C_GENERATERANDOM 64
     NSSDBG_DEFINE(C_GenerateRandom),
 #define FUNC_C_GETFUNCTIONSTATUS 65
     NSSDBG_DEFINE(C_GetFunctionStatus),
 #define FUNC_C_CANCELFUNCTION 66
     NSSDBG_DEFINE(C_CancelFunction),
 #define FUNC_C_WAITFORSLOTEVENT 67
     NSSDBG_DEFINE(C_WaitForSlotEvent)
 };
 
-int nssdbg_prof_size = sizeof(nssdbg_prof_data)/sizeof(nssdbg_prof_data[0]);
-    
+int nssdbg_prof_size = sizeof(nssdbg_prof_data) / sizeof(nssdbg_prof_data[0]);
 
-static void nssdbg_finish_time(PRInt32 fun_number, PRIntervalTime start)
+static void
+nssdbg_finish_time(PRInt32 fun_number, PRIntervalTime start)
 {
     PRIntervalTime ival;
     PRIntervalTime end = PR_IntervalNow();
 
-    ival = end-start;
+    ival = end - start;
     /* sigh, lie to PRAtomic add and say we are using signed values */
     PR_ATOMIC_ADD((PRInt32 *)&nssdbg_prof_data[fun_number].time, (PRInt32)ival);
 }
 
-static void nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start)
+static void
+nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start)
 {
     PR_ATOMIC_INCREMENT((PRInt32 *)&nssdbg_prof_data[fun_number].calls);
     *start = PR_IntervalNow();
 }
 
 #define COMMON_DEFINITIONS \
-    CK_RV rv; \
+    CK_RV rv;              \
     PRIntervalTime start
 
-CK_RV NSSDBGC_Initialize(
-  CK_VOID_PTR pInitArgs
-)
+CK_RV
+NSSDBGC_Initialize(
+    CK_VOID_PTR pInitArgs)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Initialize"));
     PR_LOG(modlog, 3, ("  pInitArgs = 0x%p", pInitArgs));
-    nssdbg_start_time(FUNC_C_INITIALIZE,&start);
+    nssdbg_start_time(FUNC_C_INITIALIZE, &start);
     rv = module_functions->C_Initialize(pInitArgs);
-    nssdbg_finish_time(FUNC_C_INITIALIZE,start);
+    nssdbg_finish_time(FUNC_C_INITIALIZE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Finalize(
-  CK_VOID_PTR pReserved
-)
+CK_RV
+NSSDBGC_Finalize(
+    CK_VOID_PTR pReserved)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Finalize"));
     PR_LOG(modlog, 3, ("  pReserved = 0x%p", pReserved));
-    nssdbg_start_time(FUNC_C_FINALIZE,&start);
+    nssdbg_start_time(FUNC_C_FINALIZE, &start);
     rv = module_functions->C_Finalize(pReserved);
-    nssdbg_finish_time(FUNC_C_FINALIZE,start);
+    nssdbg_finish_time(FUNC_C_FINALIZE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetInfo(
-  CK_INFO_PTR pInfo
-)
+CK_RV
+NSSDBGC_GetInfo(
+    CK_INFO_PTR pInfo)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetInfo"));
     PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
-    nssdbg_start_time(FUNC_C_GETINFO,&start);
+    nssdbg_start_time(FUNC_C_GETINFO, &start);
     rv = module_functions->C_GetInfo(pInfo);
-    nssdbg_finish_time(FUNC_C_GETINFO,start);
+    nssdbg_finish_time(FUNC_C_GETINFO, start);
     if (rv == CKR_OK) {
-	PR_LOG(modlog, 4, ("  cryptoki version: %d.%d", 
-			   pInfo->cryptokiVersion.major,
-			   pInfo->cryptokiVersion.minor));
-	PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
-	PR_LOG(modlog, 4, ("  library description = \"%.32s\"", 
-	                   pInfo->libraryDescription));
-	PR_LOG(modlog, 4, ("  library version: %d.%d", 
-			   pInfo->libraryVersion.major,
-			   pInfo->libraryVersion.minor));
+        PR_LOG(modlog, 4, ("  cryptoki version: %d.%d",
+                           pInfo->cryptokiVersion.major,
+                           pInfo->cryptokiVersion.minor));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  library description = \"%.32s\"",
+                           pInfo->libraryDescription));
+        PR_LOG(modlog, 4, ("  library version: %d.%d",
+                           pInfo->libraryVersion.major,
+                           pInfo->libraryVersion.minor));
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetFunctionList(
-  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-)
+CK_RV
+NSSDBGC_GetFunctionList(
+    CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetFunctionList"));
     PR_LOG(modlog, 3, ("  ppFunctionList = 0x%p", ppFunctionList));
-    nssdbg_start_time(FUNC_C_GETFUNCITONLIST,&start);
+    nssdbg_start_time(FUNC_C_GETFUNCITONLIST, &start);
     rv = module_functions->C_GetFunctionList(ppFunctionList);
-    nssdbg_finish_time(FUNC_C_GETFUNCITONLIST,start);
+    nssdbg_finish_time(FUNC_C_GETFUNCITONLIST, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetSlotList(
-  CK_BBOOL       tokenPresent,
-  CK_SLOT_ID_PTR pSlotList,
-  CK_ULONG_PTR   pulCount
-)
+CK_RV
+NSSDBGC_GetSlotList(
+    CK_BBOOL tokenPresent,
+    CK_SLOT_ID_PTR pSlotList,
+    CK_ULONG_PTR pulCount)
 {
     COMMON_DEFINITIONS;
 
     CK_ULONG i;
     PR_LOG(modlog, 1, ("C_GetSlotList"));
     PR_LOG(modlog, 3, ("  tokenPresent = 0x%x", tokenPresent));
     PR_LOG(modlog, 3, ("  pSlotList = 0x%p", pSlotList));
     PR_LOG(modlog, 3, (fmt_pulCount, pulCount));
-    nssdbg_start_time(FUNC_C_GETSLOTLIST,&start);
+    nssdbg_start_time(FUNC_C_GETSLOTLIST, &start);
     rv = module_functions->C_GetSlotList(tokenPresent, pSlotList, pulCount);
-    nssdbg_finish_time(FUNC_C_GETSLOTLIST,start);
+    nssdbg_finish_time(FUNC_C_GETSLOTLIST, start);
     PR_LOG(modlog, 4, (fmt_spulCount, *pulCount));
     if (pSlotList) {
-	for (i=0; i<*pulCount; i++) {
-	    PR_LOG(modlog, 4, ("  slotID[%d] = %x", i, pSlotList[i]));
-	}
+        for (i = 0; i < *pulCount; i++) {
+            PR_LOG(modlog, 4, ("  slotID[%d] = %x", i, pSlotList[i]));
+        }
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetSlotInfo(
-  CK_SLOT_ID       slotID,
-  CK_SLOT_INFO_PTR pInfo
-)
+CK_RV
+NSSDBGC_GetSlotInfo(
+    CK_SLOT_ID slotID,
+    CK_SLOT_INFO_PTR pInfo)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetSlotInfo"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
-    nssdbg_start_time(FUNC_C_GETSLOTINFO,&start);
+    nssdbg_start_time(FUNC_C_GETSLOTINFO, &start);
     rv = module_functions->C_GetSlotInfo(slotID, pInfo);
-    nssdbg_finish_time(FUNC_C_GETSLOTINFO,start);
+    nssdbg_finish_time(FUNC_C_GETSLOTINFO, start);
     if (rv == CKR_OK) {
-	PR_LOG(modlog, 4, ("  slotDescription = \"%.64s\"", 
-	                   pInfo->slotDescription));
-	PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
-	PR_LOG(modlog, 4, ("  flags = %s %s %s",
-	    pInfo->flags & CKF_HW_SLOT          ? "CKF_HW_SLOT" : "",
-	    pInfo->flags & CKF_REMOVABLE_DEVICE ? "CKF_REMOVABLE_DEVICE" : "",
-	    pInfo->flags & CKF_TOKEN_PRESENT    ? "CKF_TOKEN_PRESENT" : ""));
-	PR_LOG(modlog, 4, (fmt_hwVersion, 
-			    pInfo->hardwareVersion.major,
-			    pInfo->hardwareVersion.minor));
-	PR_LOG(modlog, 4, (fmt_fwVersion, 
-			    pInfo->firmwareVersion.major,
-			    pInfo->firmwareVersion.minor));
+        PR_LOG(modlog, 4, ("  slotDescription = \"%.64s\"",
+                           pInfo->slotDescription));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  flags = %s %s %s",
+                           pInfo->flags & CKF_HW_SLOT ? "CKF_HW_SLOT" : "",
+                           pInfo->flags & CKF_REMOVABLE_DEVICE ? "CKF_REMOVABLE_DEVICE" : "",
+                           pInfo->flags & CKF_TOKEN_PRESENT ? "CKF_TOKEN_PRESENT" : ""));
+        PR_LOG(modlog, 4, (fmt_hwVersion,
+                           pInfo->hardwareVersion.major,
+                           pInfo->hardwareVersion.minor));
+        PR_LOG(modlog, 4, (fmt_fwVersion,
+                           pInfo->firmwareVersion.major,
+                           pInfo->firmwareVersion.minor));
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetTokenInfo(
-  CK_SLOT_ID        slotID,
-  CK_TOKEN_INFO_PTR pInfo
-)
+CK_RV
+NSSDBGC_GetTokenInfo(
+    CK_SLOT_ID slotID,
+    CK_TOKEN_INFO_PTR pInfo)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetTokenInfo"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
-    nssdbg_start_time(FUNC_C_GETTOKENINFO,&start);
+    nssdbg_start_time(FUNC_C_GETTOKENINFO, &start);
     rv = module_functions->C_GetTokenInfo(slotID, pInfo);
-    nssdbg_finish_time(FUNC_C_GETTOKENINFO,start);
+    nssdbg_finish_time(FUNC_C_GETTOKENINFO, start);
     if (rv == CKR_OK) {
-    	PR_LOG(modlog, 4, ("  label = \"%.32s\"", pInfo->label));
-	PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
-    	PR_LOG(modlog, 4, ("  model = \"%.16s\"", pInfo->model));
-    	PR_LOG(modlog, 4, ("  serial = \"%.16s\"", pInfo->serialNumber));
-	PR_LOG(modlog, 4, ("  flags = %s %s %s %s",
-	    pInfo->flags & CKF_RNG             ? "CKF_RNG" : "",
-	    pInfo->flags & CKF_WRITE_PROTECTED ? "CKF_WRITE_PROTECTED" : "",
-	    pInfo->flags & CKF_LOGIN_REQUIRED  ? "CKF_LOGIN_REQUIRED" : "",
-	    pInfo->flags & CKF_USER_PIN_INITIALIZED ? "CKF_USER_PIN_INIT" : ""));
-	PR_LOG(modlog, 4, ("  maxSessions = %u, Sessions = %u", 
-	                   pInfo->ulMaxSessionCount, pInfo->ulSessionCount));
-	PR_LOG(modlog, 4, ("  maxRwSessions = %u, RwSessions = %u", 
-	                   pInfo->ulMaxRwSessionCount, 
-			   pInfo->ulRwSessionCount));
-	/* ignore Max & Min Pin Len, Public and Private Memory */
-	PR_LOG(modlog, 4, (fmt_hwVersion, 
-			    pInfo->hardwareVersion.major,
-			    pInfo->hardwareVersion.minor));
-	PR_LOG(modlog, 4, (fmt_fwVersion, 
-			    pInfo->firmwareVersion.major,
-			    pInfo->firmwareVersion.minor));
+        PR_LOG(modlog, 4, ("  label = \"%.32s\"", pInfo->label));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  model = \"%.16s\"", pInfo->model));
+        PR_LOG(modlog, 4, ("  serial = \"%.16s\"", pInfo->serialNumber));
+        PR_LOG(modlog, 4, ("  flags = %s %s %s %s",
+                           pInfo->flags & CKF_RNG ? "CKF_RNG" : "",
+                           pInfo->flags & CKF_WRITE_PROTECTED ? "CKF_WRITE_PROTECTED" : "",
+                           pInfo->flags & CKF_LOGIN_REQUIRED ? "CKF_LOGIN_REQUIRED" : "",
+                           pInfo->flags & CKF_USER_PIN_INITIALIZED ? "CKF_USER_PIN_INIT" : ""));
+        PR_LOG(modlog, 4, ("  maxSessions = %u, Sessions = %u",
+                           pInfo->ulMaxSessionCount, pInfo->ulSessionCount));
+        PR_LOG(modlog, 4, ("  maxRwSessions = %u, RwSessions = %u",
+                           pInfo->ulMaxRwSessionCount,
+                           pInfo->ulRwSessionCount));
+        /* ignore Max & Min Pin Len, Public and Private Memory */
+        PR_LOG(modlog, 4, (fmt_hwVersion,
+                           pInfo->hardwareVersion.major,
+                           pInfo->hardwareVersion.minor));
+        PR_LOG(modlog, 4, (fmt_fwVersion,
+                           pInfo->firmwareVersion.major,
+                           pInfo->firmwareVersion.minor));
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetMechanismList(
-  CK_SLOT_ID            slotID,
-  CK_MECHANISM_TYPE_PTR pMechanismList,
-  CK_ULONG_PTR          pulCount
-)
+CK_RV
+NSSDBGC_GetMechanismList(
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE_PTR pMechanismList,
+    CK_ULONG_PTR pulCount)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetMechanismList"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, ("  pMechanismList = 0x%p", pMechanismList));
     PR_LOG(modlog, 3, (fmt_pulCount, pulCount));
-    nssdbg_start_time(FUNC_C_GETMECHANISMLIST,&start);
+    nssdbg_start_time(FUNC_C_GETMECHANISMLIST, &start);
     rv = module_functions->C_GetMechanismList(slotID,
-                                 pMechanismList,
-                                 pulCount);
-    nssdbg_finish_time(FUNC_C_GETMECHANISMLIST,start);
+                                              pMechanismList,
+                                              pulCount);
+    nssdbg_finish_time(FUNC_C_GETMECHANISMLIST, start);
     PR_LOG(modlog, 4, (fmt_spulCount, *pulCount));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetMechanismInfo(
-  CK_SLOT_ID            slotID,
-  CK_MECHANISM_TYPE     type,
-  CK_MECHANISM_INFO_PTR pInfo
-)
+CK_RV
+NSSDBGC_GetMechanismInfo(
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE type,
+    CK_MECHANISM_INFO_PTR pInfo)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetMechanismInfo"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, ("  type = 0x%x", type));
     PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
-    nssdbg_start_time(FUNC_C_GETMECHANISMINFO,&start);
+    nssdbg_start_time(FUNC_C_GETMECHANISMINFO, &start);
     rv = module_functions->C_GetMechanismInfo(slotID,
-                                 type,
-                                 pInfo);
-    nssdbg_finish_time(FUNC_C_GETMECHANISMINFO,start);
+                                              type,
+                                              pInfo);
+    nssdbg_finish_time(FUNC_C_GETMECHANISMINFO, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_InitToken(
-  CK_SLOT_ID  slotID,
-  CK_CHAR_PTR pPin,
-  CK_ULONG    ulPinLen,
-  CK_CHAR_PTR pLabel
-)
+CK_RV
+NSSDBGC_InitToken(
+    CK_SLOT_ID slotID,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen,
+    CK_CHAR_PTR pLabel)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_InitToken"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, (fmt_pPin, pPin));
     PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
     PR_LOG(modlog, 3, ("  pLabel = 0x%p", pLabel));
-    nssdbg_start_time(FUNC_C_INITTOKEN,&start);
+    nssdbg_start_time(FUNC_C_INITTOKEN, &start);
     rv = module_functions->C_InitToken(slotID,
-                                 pPin,
-                                 ulPinLen,
-                                 pLabel);
-    nssdbg_finish_time(FUNC_C_INITTOKEN,start);
+                                       pPin,
+                                       ulPinLen,
+                                       pLabel);
+    nssdbg_finish_time(FUNC_C_INITTOKEN, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_InitPIN(
-  CK_SESSION_HANDLE hSession,
-  CK_CHAR_PTR       pPin,
-  CK_ULONG          ulPinLen
-)
+CK_RV
+NSSDBGC_InitPIN(
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_InitPIN"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPin, pPin));
     PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
-    nssdbg_start_time(FUNC_C_INITPIN,&start);
+    nssdbg_start_time(FUNC_C_INITPIN, &start);
     rv = module_functions->C_InitPIN(hSession,
-                                 pPin,
-                                 ulPinLen);
-    nssdbg_finish_time(FUNC_C_INITPIN,start);
+                                     pPin,
+                                     ulPinLen);
+    nssdbg_finish_time(FUNC_C_INITPIN, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SetPIN(
-  CK_SESSION_HANDLE hSession,
-  CK_CHAR_PTR       pOldPin,
-  CK_ULONG          ulOldLen,
-  CK_CHAR_PTR       pNewPin,
-  CK_ULONG          ulNewLen
-)
+CK_RV
+NSSDBGC_SetPIN(
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pOldPin,
+    CK_ULONG ulOldLen,
+    CK_CHAR_PTR pNewPin,
+    CK_ULONG ulNewLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SetPIN"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  pOldPin = 0x%p", pOldPin));
     PR_LOG(modlog, 3, ("  ulOldLen = %d", ulOldLen));
     PR_LOG(modlog, 3, ("  pNewPin = 0x%p", pNewPin));
     PR_LOG(modlog, 3, ("  ulNewLen = %d", ulNewLen));
-    nssdbg_start_time(FUNC_C_SETPIN,&start);
+    nssdbg_start_time(FUNC_C_SETPIN, &start);
     rv = module_functions->C_SetPIN(hSession,
-                                 pOldPin,
-                                 ulOldLen,
-                                 pNewPin,
-                                 ulNewLen);
-    nssdbg_finish_time(FUNC_C_SETPIN,start);
+                                    pOldPin,
+                                    ulOldLen,
+                                    pNewPin,
+                                    ulNewLen);
+    nssdbg_finish_time(FUNC_C_SETPIN, start);
     log_rv(rv);
     return rv;
 }
 
 static PRUint32 numOpenSessions = 0;
 static PRUint32 maxOpenSessions = 0;
 
-CK_RV NSSDBGC_OpenSession(
-  CK_SLOT_ID            slotID,
-  CK_FLAGS              flags,
-  CK_VOID_PTR           pApplication,
-  CK_NOTIFY             Notify,
-  CK_SESSION_HANDLE_PTR phSession
-)
+CK_RV
+NSSDBGC_OpenSession(
+    CK_SLOT_ID slotID,
+    CK_FLAGS flags,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_SESSION_HANDLE_PTR phSession)
 {
     COMMON_DEFINITIONS;
 
     PR_ATOMIC_INCREMENT((PRInt32 *)&numOpenSessions);
     maxOpenSessions = PR_MAX(numOpenSessions, maxOpenSessions);
     PR_LOG(modlog, 1, ("C_OpenSession"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
     PR_LOG(modlog, 3, (fmt_flags, flags));
     PR_LOG(modlog, 3, ("  pApplication = 0x%p", pApplication));
     PR_LOG(modlog, 3, ("  Notify = 0x%x", Notify));
     PR_LOG(modlog, 3, ("  phSession = 0x%p", phSession));
-    nssdbg_start_time(FUNC_C_OPENSESSION,&start);
+    nssdbg_start_time(FUNC_C_OPENSESSION, &start);
     rv = module_functions->C_OpenSession(slotID,
-                                 flags,
-                                 pApplication,
-                                 Notify,
-                                 phSession);
-    nssdbg_finish_time(FUNC_C_OPENSESSION,start);
+                                         flags,
+                                         pApplication,
+                                         Notify,
+                                         phSession);
+    nssdbg_finish_time(FUNC_C_OPENSESSION, start);
     log_handle(4, "  *phSession = 0x%x", *phSession);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_CloseSession(
-  CK_SESSION_HANDLE hSession
-)
+CK_RV
+NSSDBGC_CloseSession(
+    CK_SESSION_HANDLE hSession)
 {
     COMMON_DEFINITIONS;
 
     PR_ATOMIC_DECREMENT((PRInt32 *)&numOpenSessions);
     PR_LOG(modlog, 1, ("C_CloseSession"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_CLOSESESSION,&start);
+    nssdbg_start_time(FUNC_C_CLOSESESSION, &start);
     rv = module_functions->C_CloseSession(hSession);
-    nssdbg_finish_time(FUNC_C_CLOSESESSION,start);
+    nssdbg_finish_time(FUNC_C_CLOSESESSION, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_CloseAllSessions(
-  CK_SLOT_ID slotID
-)
+CK_RV
+NSSDBGC_CloseAllSessions(
+    CK_SLOT_ID slotID)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_CloseAllSessions"));
     PR_LOG(modlog, 3, (fmt_slotID, slotID));
-    nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS,&start);
+    nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS, &start);
     rv = module_functions->C_CloseAllSessions(slotID);
-    nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS,start);
+    nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetSessionInfo(
-  CK_SESSION_HANDLE   hSession,
-  CK_SESSION_INFO_PTR pInfo
-)
+CK_RV
+NSSDBGC_GetSessionInfo(
+    CK_SESSION_HANDLE hSession,
+    CK_SESSION_INFO_PTR pInfo)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetSessionInfo"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
-    nssdbg_start_time(FUNC_C_GETSESSIONINFO,&start);
+    nssdbg_start_time(FUNC_C_GETSESSIONINFO, &start);
     rv = module_functions->C_GetSessionInfo(hSession,
-                                 pInfo);
-    nssdbg_finish_time(FUNC_C_GETSESSIONINFO,start);
+                                            pInfo);
+    nssdbg_finish_time(FUNC_C_GETSESSIONINFO, start);
     if (rv == CKR_OK) {
-	PR_LOG(modlog, 4, (fmt_slotID, pInfo->slotID));
-	log_state(pInfo->state);
-	PR_LOG(modlog, 4, ("  flags = %s %s",
-	    pInfo->flags & CKF_RW_SESSION     ? "CKF_RW_SESSION" : "",
-	    pInfo->flags & CKF_SERIAL_SESSION ? "CKF_SERIAL_SESSION" : ""));
-	PR_LOG(modlog, 4, ("  deviceError = 0x%x", pInfo->ulDeviceError));
+        PR_LOG(modlog, 4, (fmt_slotID, pInfo->slotID));
+        log_state(pInfo->state);
+        PR_LOG(modlog, 4, ("  flags = %s %s",
+                           pInfo->flags & CKF_RW_SESSION ? "CKF_RW_SESSION" : "",
+                           pInfo->flags & CKF_SERIAL_SESSION ? "CKF_SERIAL_SESSION" : ""));
+        PR_LOG(modlog, 4, ("  deviceError = 0x%x", pInfo->ulDeviceError));
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetOperationState(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pOperationState,
-  CK_ULONG_PTR      pulOperationStateLen
-)
+CK_RV
+NSSDBGC_GetOperationState(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG_PTR pulOperationStateLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetOperationState"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState));
     PR_LOG(modlog, 3, ("  pulOperationStateLen = 0x%p", pulOperationStateLen));
-    nssdbg_start_time(FUNC_C_GETOPERATIONSTATE,&start);
+    nssdbg_start_time(FUNC_C_GETOPERATIONSTATE, &start);
     rv = module_functions->C_GetOperationState(hSession,
-                                 pOperationState,
-                                 pulOperationStateLen);
-    nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE,start);
+                                               pOperationState,
+                                               pulOperationStateLen);
+    nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE, start);
     PR_LOG(modlog, 4, ("  *pulOperationStateLen = 0x%x", *pulOperationStateLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SetOperationState(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR      pOperationState,
-  CK_ULONG         ulOperationStateLen,
-  CK_OBJECT_HANDLE hEncryptionKey,
-  CK_OBJECT_HANDLE hAuthenticationKey
-)
+CK_RV
+NSSDBGC_SetOperationState(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG ulOperationStateLen,
+    CK_OBJECT_HANDLE hEncryptionKey,
+    CK_OBJECT_HANDLE hAuthenticationKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SetOperationState"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState));
     PR_LOG(modlog, 3, ("  ulOperationStateLen = %d", ulOperationStateLen));
     log_handle(3, "  hEncryptionKey = 0x%x", hEncryptionKey);
     log_handle(3, "  hAuthenticationKey = 0x%x", hAuthenticationKey);
-    nssdbg_start_time(FUNC_C_SETOPERATIONSTATE,&start);
+    nssdbg_start_time(FUNC_C_SETOPERATIONSTATE, &start);
     rv = module_functions->C_SetOperationState(hSession,
-                                 pOperationState,
-                                 ulOperationStateLen,
-                                 hEncryptionKey,
-                                 hAuthenticationKey);
-    nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE,start);
+                                               pOperationState,
+                                               ulOperationStateLen,
+                                               hEncryptionKey,
+                                               hAuthenticationKey);
+    nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Login(
-  CK_SESSION_HANDLE hSession,
-  CK_USER_TYPE      userType,
-  CK_CHAR_PTR       pPin,
-  CK_ULONG          ulPinLen
-)
+CK_RV
+NSSDBGC_Login(
+    CK_SESSION_HANDLE hSession,
+    CK_USER_TYPE userType,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Login"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  userType = 0x%x", userType));
     PR_LOG(modlog, 3, (fmt_pPin, pPin));
     PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
-    nssdbg_start_time(FUNC_C_LOGIN,&start);
+    nssdbg_start_time(FUNC_C_LOGIN, &start);
     rv = module_functions->C_Login(hSession,
-                                 userType,
-                                 pPin,
-                                 ulPinLen);
-    nssdbg_finish_time(FUNC_C_LOGIN,start);
+                                   userType,
+                                   pPin,
+                                   ulPinLen);
+    nssdbg_finish_time(FUNC_C_LOGIN, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Logout(
-  CK_SESSION_HANDLE hSession
-)
+CK_RV
+NSSDBGC_Logout(
+    CK_SESSION_HANDLE hSession)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Logout"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_LOGOUT,&start);
+    nssdbg_start_time(FUNC_C_LOGOUT, &start);
     rv = module_functions->C_Logout(hSession);
-    nssdbg_finish_time(FUNC_C_LOGOUT,start);
+    nssdbg_finish_time(FUNC_C_LOGOUT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_CreateObject(
-  CK_SESSION_HANDLE    hSession,
-  CK_ATTRIBUTE_PTR     pTemplate,
-  CK_ULONG             ulCount,
-  CK_OBJECT_HANDLE_PTR phObject
-)
+CK_RV
+NSSDBGC_CreateObject(
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_CreateObject"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
     PR_LOG(modlog, 3, (fmt_phObject, phObject));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_CREATEOBJECT,&start);
+    nssdbg_start_time(FUNC_C_CREATEOBJECT, &start);
     rv = module_functions->C_CreateObject(hSession,
-                                 pTemplate,
-                                 ulCount,
-                                 phObject);
-    nssdbg_finish_time(FUNC_C_CREATEOBJECT,start);
+                                          pTemplate,
+                                          ulCount,
+                                          phObject);
+    nssdbg_finish_time(FUNC_C_CREATEOBJECT, start);
     log_handle(4, "  *phObject = 0x%x", *phObject);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_CopyObject(
-  CK_SESSION_HANDLE    hSession,
-  CK_OBJECT_HANDLE     hObject,
-  CK_ATTRIBUTE_PTR     pTemplate,
-  CK_ULONG             ulCount,
-  CK_OBJECT_HANDLE_PTR phNewObject
-)
+CK_RV
+NSSDBGC_CopyObject(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_CopyObject"));
     log_handle(3, fmt_hSession, hSession);
     log_handle(3, fmt_hObject, hObject);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
     PR_LOG(modlog, 3, ("  phNewObject = 0x%p", phNewObject));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_COPYOBJECT,&start);
+    nssdbg_start_time(FUNC_C_COPYOBJECT, &start);
     rv = module_functions->C_CopyObject(hSession,
-                                 hObject,
-                                 pTemplate,
-                                 ulCount,
-                                 phNewObject);
-    nssdbg_finish_time(FUNC_C_COPYOBJECT,start);
+                                        hObject,
+                                        pTemplate,
+                                        ulCount,
+                                        phNewObject);
+    nssdbg_finish_time(FUNC_C_COPYOBJECT, start);
     log_handle(4, "  *phNewObject = 0x%x", *phNewObject);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DestroyObject(
-  CK_SESSION_HANDLE hSession,
-  CK_OBJECT_HANDLE  hObject
-)
+CK_RV
+NSSDBGC_DestroyObject(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DestroyObject"));
     log_handle(3, fmt_hSession, hSession);
     log_handle(3, fmt_hObject, hObject);
-    nssdbg_start_time(FUNC_C_DESTROYOBJECT,&start);
+    nssdbg_start_time(FUNC_C_DESTROYOBJECT, &start);
     rv = module_functions->C_DestroyObject(hSession,
-                                 hObject);
-    nssdbg_finish_time(FUNC_C_DESTROYOBJECT,start);
+                                           hObject);
+    nssdbg_finish_time(FUNC_C_DESTROYOBJECT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetObjectSize(
-  CK_SESSION_HANDLE hSession,
-  CK_OBJECT_HANDLE  hObject,
-  CK_ULONG_PTR      pulSize
-)
+CK_RV
+NSSDBGC_GetObjectSize(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ULONG_PTR pulSize)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetObjectSize"));
     log_handle(3, fmt_hSession, hSession);
     log_handle(3, fmt_hObject, hObject);
     PR_LOG(modlog, 3, ("  pulSize = 0x%p", pulSize));
-    nssdbg_start_time(FUNC_C_GETOBJECTSIZE,&start);
+    nssdbg_start_time(FUNC_C_GETOBJECTSIZE, &start);
     rv = module_functions->C_GetObjectSize(hSession,
-                                 hObject,
-                                 pulSize);
-    nssdbg_finish_time(FUNC_C_GETOBJECTSIZE,start);
+                                           hObject,
+                                           pulSize);
+    nssdbg_finish_time(FUNC_C_GETOBJECTSIZE, start);
     PR_LOG(modlog, 4, ("  *pulSize = 0x%x", *pulSize));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetAttributeValue(
-  CK_SESSION_HANDLE hSession,
-  CK_OBJECT_HANDLE  hObject,
-  CK_ATTRIBUTE_PTR  pTemplate,
-  CK_ULONG          ulCount
-)
+CK_RV
+NSSDBGC_GetAttributeValue(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetAttributeValue"));
     log_handle(3, fmt_hSession, hSession);
     log_handle(3, fmt_hObject, hObject);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
-    nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE,&start);
+    nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE, &start);
     rv = module_functions->C_GetAttributeValue(hSession,
-                                 hObject,
-                                 pTemplate,
-                                 ulCount);
-    nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE,start);
+                                               hObject,
+                                               pTemplate,
+                                               ulCount);
+    nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE, start);
     print_template(pTemplate, ulCount);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SetAttributeValue(
-  CK_SESSION_HANDLE hSession,
-  CK_OBJECT_HANDLE  hObject,
-  CK_ATTRIBUTE_PTR  pTemplate,
-  CK_ULONG          ulCount
-)
+CK_RV
+NSSDBGC_SetAttributeValue(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SetAttributeValue"));
     log_handle(3, fmt_hSession, hSession);
     log_handle(3, fmt_hObject, hObject);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE,&start);
+    nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE, &start);
     rv = module_functions->C_SetAttributeValue(hSession,
-                                 hObject,
-                                 pTemplate,
-                                 ulCount);
-    nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE,start);
+                                               hObject,
+                                               pTemplate,
+                                               ulCount);
+    nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_FindObjectsInit(
-  CK_SESSION_HANDLE hSession,
-  CK_ATTRIBUTE_PTR  pTemplate,
-  CK_ULONG          ulCount
-)
+CK_RV
+NSSDBGC_FindObjectsInit(
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_FindObjectsInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
     print_template(pTemplate, ulCount);
-    nssdbg_start_time(FUNC_C_FINDOBJECTSINIT,&start);
+    nssdbg_start_time(FUNC_C_FINDOBJECTSINIT, &start);
     rv = module_functions->C_FindObjectsInit(hSession,
-                                 pTemplate,
-                                 ulCount);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT,start);
+                                             pTemplate,
+                                             ulCount);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_FindObjects(
-  CK_SESSION_HANDLE    hSession,
-  CK_OBJECT_HANDLE_PTR phObject,
-  CK_ULONG             ulMaxObjectCount,
-  CK_ULONG_PTR         pulObjectCount
-)
+CK_RV
+NSSDBGC_FindObjects(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE_PTR phObject,
+    CK_ULONG ulMaxObjectCount,
+    CK_ULONG_PTR pulObjectCount)
 {
     COMMON_DEFINITIONS;
     CK_ULONG i;
 
     PR_LOG(modlog, 1, ("C_FindObjects"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_phObject, phObject));
     PR_LOG(modlog, 3, ("  ulMaxObjectCount = %d", ulMaxObjectCount));
     PR_LOG(modlog, 3, ("  pulObjectCount = 0x%p", pulObjectCount));
-    nssdbg_start_time(FUNC_C_FINDOBJECTS,&start);
+    nssdbg_start_time(FUNC_C_FINDOBJECTS, &start);
     rv = module_functions->C_FindObjects(hSession,
-                                 phObject,
-                                 ulMaxObjectCount,
-                                 pulObjectCount);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTS,start);
+                                         phObject,
+                                         ulMaxObjectCount,
+                                         pulObjectCount);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTS, start);
     PR_LOG(modlog, 4, ("  *pulObjectCount = 0x%x", *pulObjectCount));
-    for (i=0; i<*pulObjectCount; i++) {
-	PR_LOG(modlog, 4, ("  phObject[%d] = 0x%x%s", i, phObject[i],
-	       phObject[i] ? "" : fmt_invalid_handle));
+    for (i = 0; i < *pulObjectCount; i++) {
+        PR_LOG(modlog, 4, ("  phObject[%d] = 0x%x%s", i, phObject[i],
+                           phObject[i] ? "" : fmt_invalid_handle));
     }
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_FindObjectsFinal(
-  CK_SESSION_HANDLE hSession
-)
+CK_RV
+NSSDBGC_FindObjectsFinal(
+    CK_SESSION_HANDLE hSession)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_FindObjectsFinal"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL,&start);
+    nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL, &start);
     rv = module_functions->C_FindObjectsFinal(hSession);
-    nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL,start);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_EncryptInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_EncryptInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_EncryptInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_ENCRYPTINIT,&start);
+    nssdbg_start_time(FUNC_C_ENCRYPTINIT, &start);
     rv = module_functions->C_EncryptInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_ENCRYPTINIT,start);
+                                         pMechanism,
+                                         hKey);
+    nssdbg_finish_time(FUNC_C_ENCRYPTINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Encrypt(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pData,
-  CK_ULONG          ulDataLen,
-  CK_BYTE_PTR       pEncryptedData,
-  CK_ULONG_PTR      pulEncryptedDataLen
-)
+CK_RV
+NSSDBGC_Encrypt(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG_PTR pulEncryptedDataLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Encrypt"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
     PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData));
     PR_LOG(modlog, 3, ("  pulEncryptedDataLen = 0x%p", pulEncryptedDataLen));
-    nssdbg_start_time(FUNC_C_ENCRYPT,&start);
+    nssdbg_start_time(FUNC_C_ENCRYPT, &start);
     rv = module_functions->C_Encrypt(hSession,
-                                 pData,
-                                 ulDataLen,
-                                 pEncryptedData,
-                                 pulEncryptedDataLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPT,start);
+                                     pData,
+                                     ulDataLen,
+                                     pEncryptedData,
+                                     pulEncryptedDataLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPT, start);
     PR_LOG(modlog, 4, ("  *pulEncryptedDataLen = 0x%x", *pulEncryptedDataLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_EncryptUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG_PTR      pulEncryptedPartLen
-)
+CK_RV
+NSSDBGC_EncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_EncryptUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_ENCRYPTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_ENCRYPTUPDATE, &start);
     rv = module_functions->C_EncryptUpdate(hSession,
-                                 pPart,
-                                 ulPartLen,
-                                 pEncryptedPart,
-                                 pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE,start);
+                                           pPart,
+                                           ulPartLen,
+                                           pEncryptedPart,
+                                           pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_EncryptFinal(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pLastEncryptedPart,
-  CK_ULONG_PTR      pulLastEncryptedPartLen
-)
+CK_RV
+NSSDBGC_EncryptFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastEncryptedPart,
+    CK_ULONG_PTR pulLastEncryptedPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_EncryptFinal"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  pLastEncryptedPart = 0x%p", pLastEncryptedPart));
     PR_LOG(modlog, 3, ("  pulLastEncryptedPartLen = 0x%p", pulLastEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_ENCRYPTFINAL,&start);
+    nssdbg_start_time(FUNC_C_ENCRYPTFINAL, &start);
     rv = module_functions->C_EncryptFinal(hSession,
-                                 pLastEncryptedPart,
-                                 pulLastEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_ENCRYPTFINAL,start);
+                                          pLastEncryptedPart,
+                                          pulLastEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPTFINAL, start);
     PR_LOG(modlog, 4, ("  *pulLastEncryptedPartLen = 0x%x", *pulLastEncryptedPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DecryptInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_DecryptInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DecryptInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DECRYPTINIT,&start);
+    nssdbg_start_time(FUNC_C_DECRYPTINIT, &start);
     rv = module_functions->C_DecryptInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_DECRYPTINIT,start);
+                                         pMechanism,
+                                         hKey);
+    nssdbg_finish_time(FUNC_C_DECRYPTINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Decrypt(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pEncryptedData,
-  CK_ULONG          ulEncryptedDataLen,
-  CK_BYTE_PTR       pData,
-  CK_ULONG_PTR      pulDataLen
-)
+CK_RV
+NSSDBGC_Decrypt(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG ulEncryptedDataLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Decrypt"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData));
     PR_LOG(modlog, 3, ("  ulEncryptedDataLen = %d", ulEncryptedDataLen));
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen));
-    nssdbg_start_time(FUNC_C_DECRYPT,&start);
+    nssdbg_start_time(FUNC_C_DECRYPT, &start);
     rv = module_functions->C_Decrypt(hSession,
-                                 pEncryptedData,
-                                 ulEncryptedDataLen,
-                                 pData,
-                                 pulDataLen);
-    nssdbg_finish_time(FUNC_C_DECRYPT,start);
+                                     pEncryptedData,
+                                     ulEncryptedDataLen,
+                                     pData,
+                                     pulDataLen);
+    nssdbg_finish_time(FUNC_C_DECRYPT, start);
     PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DecryptUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG          ulEncryptedPartLen,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG_PTR      pulPartLen
-)
+CK_RV
+NSSDBGC_DecryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DecryptUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_DECRYPTUPDATE, &start);
     rv = module_functions->C_DecryptUpdate(hSession,
-                                 pEncryptedPart,
-                                 ulEncryptedPartLen,
-                                 pPart,
-                                 pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTUPDATE,start);
+                                           pEncryptedPart,
+                                           ulEncryptedPartLen,
+                                           pPart,
+                                           pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DecryptFinal(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pLastPart,
-  CK_ULONG_PTR      pulLastPartLen
-)
+CK_RV
+NSSDBGC_DecryptFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastPart,
+    CK_ULONG_PTR pulLastPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DecryptFinal"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  pLastPart = 0x%p", pLastPart));
     PR_LOG(modlog, 3, ("  pulLastPartLen = 0x%p", pulLastPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTFINAL,&start);
+    nssdbg_start_time(FUNC_C_DECRYPTFINAL, &start);
     rv = module_functions->C_DecryptFinal(hSession,
-                                 pLastPart,
-                                 pulLastPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTFINAL,start);
+                                          pLastPart,
+                                          pulLastPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTFINAL, start);
     PR_LOG(modlog, 4, ("  *pulLastPartLen = 0x%x", *pulLastPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DigestInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism
-)
+CK_RV
+NSSDBGC_DigestInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DigestInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DIGESTINIT,&start);
+    nssdbg_start_time(FUNC_C_DIGESTINIT, &start);
     rv = module_functions->C_DigestInit(hSession,
-                                 pMechanism);
-    nssdbg_finish_time(FUNC_C_DIGESTINIT,start);
+                                        pMechanism);
+    nssdbg_finish_time(FUNC_C_DIGESTINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Digest(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pData,
-  CK_ULONG          ulDataLen,
-  CK_BYTE_PTR       pDigest,
-  CK_ULONG_PTR      pulDigestLen
-)
+CK_RV
+NSSDBGC_Digest(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Digest"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
     PR_LOG(modlog, 3, (fmt_pDigest, pDigest));
     PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen));
-    nssdbg_start_time(FUNC_C_DIGEST,&start);
+    nssdbg_start_time(FUNC_C_DIGEST, &start);
     rv = module_functions->C_Digest(hSession,
-                                 pData,
-                                 ulDataLen,
-                                 pDigest,
-                                 pulDigestLen);
-    nssdbg_finish_time(FUNC_C_DIGEST,start);
+                                    pData,
+                                    ulDataLen,
+                                    pDigest,
+                                    pulDigestLen);
+    nssdbg_finish_time(FUNC_C_DIGEST, start);
     PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DigestUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen
-)
+CK_RV
+NSSDBGC_DigestUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DigestUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
-    nssdbg_start_time(FUNC_C_DIGESTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_DIGESTUPDATE, &start);
     rv = module_functions->C_DigestUpdate(hSession,
-                                 pPart,
-                                 ulPartLen);
-    nssdbg_finish_time(FUNC_C_DIGESTUPDATE,start);
+                                          pPart,
+                                          ulPartLen);
+    nssdbg_finish_time(FUNC_C_DIGESTUPDATE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DigestKey(
-  CK_SESSION_HANDLE hSession,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_DigestKey(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DigestKey"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_DIGESTKEY,&start);
+    nssdbg_start_time(FUNC_C_DIGESTKEY, &start);
     rv = module_functions->C_DigestKey(hSession,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_DIGESTKEY,start);
+                                       hKey);
+    nssdbg_finish_time(FUNC_C_DIGESTKEY, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DigestFinal(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pDigest,
-  CK_ULONG_PTR      pulDigestLen
-)
+CK_RV
+NSSDBGC_DigestFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DigestFinal"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pDigest, pDigest));
     PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen));
-    nssdbg_start_time(FUNC_C_DIGESTFINAL,&start);
+    nssdbg_start_time(FUNC_C_DIGESTFINAL, &start);
     rv = module_functions->C_DigestFinal(hSession,
-                                 pDigest,
-                                 pulDigestLen);
-    nssdbg_finish_time(FUNC_C_DIGESTFINAL,start);
+                                         pDigest,
+                                         pulDigestLen);
+    nssdbg_finish_time(FUNC_C_DIGESTFINAL, start);
     PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_SignInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_SIGNINIT,&start);
+    nssdbg_start_time(FUNC_C_SIGNINIT, &start);
     rv = module_functions->C_SignInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_SIGNINIT,start);
+                                      pMechanism,
+                                      hKey);
+    nssdbg_finish_time(FUNC_C_SIGNINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Sign(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pData,
-  CK_ULONG          ulDataLen,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG_PTR      pulSignatureLen
-)
+CK_RV
+NSSDBGC_Sign(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Sign"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGN,&start);
+    nssdbg_start_time(FUNC_C_SIGN, &start);
     rv = module_functions->C_Sign(hSession,
-                                 pData,
-                                 ulDataLen,
-                                 pSignature,
-                                 pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGN,start);
+                                  pData,
+                                  ulDataLen,
+                                  pSignature,
+                                  pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGN, start);
     PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen
-)
+CK_RV
+NSSDBGC_SignUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
-    nssdbg_start_time(FUNC_C_SIGNUPDATE,&start);
+    nssdbg_start_time(FUNC_C_SIGNUPDATE, &start);
     rv = module_functions->C_SignUpdate(hSession,
-                                 pPart,
-                                 ulPartLen);
-    nssdbg_finish_time(FUNC_C_SIGNUPDATE,start);
+                                        pPart,
+                                        ulPartLen);
+    nssdbg_finish_time(FUNC_C_SIGNUPDATE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignFinal(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG_PTR      pulSignatureLen
-)
+CK_RV
+NSSDBGC_SignFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignFinal"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGNFINAL,&start);
+    nssdbg_start_time(FUNC_C_SIGNFINAL, &start);
     rv = module_functions->C_SignFinal(hSession,
-                                 pSignature,
-                                 pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGNFINAL,start);
+                                       pSignature,
+                                       pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGNFINAL, start);
     PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignRecoverInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_SignRecoverInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignRecoverInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_SIGNRECOVERINIT,&start);
+    nssdbg_start_time(FUNC_C_SIGNRECOVERINIT, &start);
     rv = module_functions->C_SignRecoverInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT,start);
+                                             pMechanism,
+                                             hKey);
+    nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignRecover(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pData,
-  CK_ULONG          ulDataLen,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG_PTR      pulSignatureLen
-)
+CK_RV
+NSSDBGC_SignRecover(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignRecover"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
-    nssdbg_start_time(FUNC_C_SIGNRECOVER,&start);
+    nssdbg_start_time(FUNC_C_SIGNRECOVER, &start);
     rv = module_functions->C_SignRecover(hSession,
-                                 pData,
-                                 ulDataLen,
-                                 pSignature,
-                                 pulSignatureLen);
-    nssdbg_finish_time(FUNC_C_SIGNRECOVER,start);
+                                         pData,
+                                         ulDataLen,
+                                         pSignature,
+                                         pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGNRECOVER, start);
     PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_VerifyInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_VerifyInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_VerifyInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_VERIFYINIT,&start);
+    nssdbg_start_time(FUNC_C_VERIFYINIT, &start);
     rv = module_functions->C_VerifyInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_VERIFYINIT,start);
+                                        pMechanism,
+                                        hKey);
+    nssdbg_finish_time(FUNC_C_VERIFYINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_Verify(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pData,
-  CK_ULONG          ulDataLen,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG          ulSignatureLen
-)
+CK_RV
+NSSDBGC_Verify(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_Verify"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
-    nssdbg_start_time(FUNC_C_VERIFY,&start);
+    nssdbg_start_time(FUNC_C_VERIFY, &start);
     rv = module_functions->C_Verify(hSession,
-                                 pData,
-                                 ulDataLen,
-                                 pSignature,
-                                 ulSignatureLen);
-    nssdbg_finish_time(FUNC_C_VERIFY,start);
+                                    pData,
+                                    ulDataLen,
+                                    pSignature,
+                                    ulSignatureLen);
+    nssdbg_finish_time(FUNC_C_VERIFY, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_VerifyUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen
-)
+CK_RV
+NSSDBGC_VerifyUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_VerifyUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
-    nssdbg_start_time(FUNC_C_VERIFYUPDATE,&start);
+    nssdbg_start_time(FUNC_C_VERIFYUPDATE, &start);
     rv = module_functions->C_VerifyUpdate(hSession,
-                                 pPart,
-                                 ulPartLen);
-    nssdbg_finish_time(FUNC_C_VERIFYUPDATE,start);
+                                          pPart,
+                                          ulPartLen);
+    nssdbg_finish_time(FUNC_C_VERIFYUPDATE, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_VerifyFinal(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG          ulSignatureLen
-)
+CK_RV
+NSSDBGC_VerifyFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_VerifyFinal"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
-    nssdbg_start_time(FUNC_C_VERIFYFINAL,&start);
+    nssdbg_start_time(FUNC_C_VERIFYFINAL, &start);
     rv = module_functions->C_VerifyFinal(hSession,
-                                 pSignature,
-                                 ulSignatureLen);
-    nssdbg_finish_time(FUNC_C_VERIFYFINAL,start);
+                                         pSignature,
+                                         ulSignatureLen);
+    nssdbg_finish_time(FUNC_C_VERIFYFINAL, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_VerifyRecoverInit(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hKey
-)
+CK_RV
+NSSDBGC_VerifyRecoverInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_VerifyRecoverInit"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, fmt_hKey, hKey);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT,&start);
+    nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT, &start);
     rv = module_functions->C_VerifyRecoverInit(hSession,
-                                 pMechanism,
-                                 hKey);
-    nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT,start);
+                                               pMechanism,
+                                               hKey);
+    nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_VerifyRecover(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pSignature,
-  CK_ULONG          ulSignatureLen,
-  CK_BYTE_PTR       pData,
-  CK_ULONG_PTR      pulDataLen
-)
+CK_RV
+NSSDBGC_VerifyRecover(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_VerifyRecover"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
     PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
     PR_LOG(modlog, 3, (fmt_pData, pData));
     PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen));
-    nssdbg_start_time(FUNC_C_VERIFYRECOVER,&start);
+    nssdbg_start_time(FUNC_C_VERIFYRECOVER, &start);
     rv = module_functions->C_VerifyRecover(hSession,
-                                 pSignature,
-                                 ulSignatureLen,
-                                 pData,
-                                 pulDataLen);
-    nssdbg_finish_time(FUNC_C_VERIFYRECOVER,start);
+                                           pSignature,
+                                           ulSignatureLen,
+                                           pData,
+                                           pulDataLen);
+    nssdbg_finish_time(FUNC_C_VERIFYRECOVER, start);
     PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DigestEncryptUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG_PTR      pulEncryptedPartLen
-)
+CK_RV
+NSSDBGC_DigestEncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DigestEncryptUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE, &start);
     rv = module_functions->C_DigestEncryptUpdate(hSession,
-                                 pPart,
-                                 ulPartLen,
-                                 pEncryptedPart,
-                                 pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE,start);
+                                                 pPart,
+                                                 ulPartLen,
+                                                 pEncryptedPart,
+                                                 pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DecryptDigestUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG          ulEncryptedPartLen,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG_PTR      pulPartLen
-)
+CK_RV
+NSSDBGC_DecryptDigestUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DecryptDigestUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE, &start);
     rv = module_functions->C_DecryptDigestUpdate(hSession,
-                                 pEncryptedPart,
-                                 ulEncryptedPartLen,
-                                 pPart,
-                                 pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE,start);
+                                                 pEncryptedPart,
+                                                 ulEncryptedPartLen,
+                                                 pPart,
+                                                 pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SignEncryptUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG          ulPartLen,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG_PTR      pulEncryptedPartLen
-)
+CK_RV
+NSSDBGC_SignEncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SignEncryptUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
-    nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE,&start);
+    nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE, &start);
     rv = module_functions->C_SignEncryptUpdate(hSession,
-                                 pPart,
-                                 ulPartLen,
-                                 pEncryptedPart,
-                                 pulEncryptedPartLen);
-    nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE,start);
+                                               pPart,
+                                               ulPartLen,
+                                               pEncryptedPart,
+                                               pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DecryptVerifyUpdate(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pEncryptedPart,
-  CK_ULONG          ulEncryptedPartLen,
-  CK_BYTE_PTR       pPart,
-  CK_ULONG_PTR      pulPartLen
-)
+CK_RV
+NSSDBGC_DecryptVerifyUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DecryptVerifyUpdate"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
     PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
     PR_LOG(modlog, 3, (fmt_pPart, pPart));
     PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
-    nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE,&start);
+    nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE, &start);
     rv = module_functions->C_DecryptVerifyUpdate(hSession,
-                                 pEncryptedPart,
-                                 ulEncryptedPartLen,
-                                 pPart,
-                                 pulPartLen);
-    nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE,start);
+                                                 pEncryptedPart,
+                                                 ulEncryptedPartLen,
+                                                 pPart,
+                                                 pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE, start);
     PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GenerateKey(
-  CK_SESSION_HANDLE    hSession,
-  CK_MECHANISM_PTR     pMechanism,
-  CK_ATTRIBUTE_PTR     pTemplate,
-  CK_ULONG             ulCount,
-  CK_OBJECT_HANDLE_PTR phKey
-)
+CK_RV
+NSSDBGC_GenerateKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GenerateKey"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
     PR_LOG(modlog, 3, (fmt_phKey, phKey));
     print_template(pTemplate, ulCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_GENERATEKEY,&start);
+    nssdbg_start_time(FUNC_C_GENERATEKEY, &start);
     rv = module_functions->C_GenerateKey(hSession,
-                                 pMechanism,
-                                 pTemplate,
-                                 ulCount,
-                                 phKey);
-    nssdbg_finish_time(FUNC_C_GENERATEKEY,start);
+                                         pMechanism,
+                                         pTemplate,
+                                         ulCount,
+                                         phKey);
+    nssdbg_finish_time(FUNC_C_GENERATEKEY, start);
     log_handle(4, fmt_sphKey, *phKey);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GenerateKeyPair(
-  CK_SESSION_HANDLE    hSession,
-  CK_MECHANISM_PTR     pMechanism,
-  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,
-  CK_ULONG             ulPublicKeyAttributeCount,
-  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,
-  CK_ULONG             ulPrivateKeyAttributeCount,
-  CK_OBJECT_HANDLE_PTR phPublicKey,
-  CK_OBJECT_HANDLE_PTR phPrivateKey
-)
+CK_RV
+NSSDBGC_GenerateKeyPair(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GenerateKeyPair"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     PR_LOG(modlog, 3, ("  pPublicKeyTemplate = 0x%p", pPublicKeyTemplate));
     PR_LOG(modlog, 3, ("  ulPublicKeyAttributeCount = %d", ulPublicKeyAttributeCount));
     PR_LOG(modlog, 3, ("  pPrivateKeyTemplate = 0x%p", pPrivateKeyTemplate));
     PR_LOG(modlog, 3, ("  ulPrivateKeyAttributeCount = %d", ulPrivateKeyAttributeCount));
     PR_LOG(modlog, 3, ("  phPublicKey = 0x%p", phPublicKey));
     print_template(pPublicKeyTemplate, ulPublicKeyAttributeCount);
     PR_LOG(modlog, 3, ("  phPrivateKey = 0x%p", phPrivateKey));
     print_template(pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_GENERATEKEYPAIR,&start);
+    nssdbg_start_time(FUNC_C_GENERATEKEYPAIR, &start);
     rv = module_functions->C_GenerateKeyPair(hSession,
-                                 pMechanism,
-                                 pPublicKeyTemplate,
-                                 ulPublicKeyAttributeCount,
-                                 pPrivateKeyTemplate,
-                                 ulPrivateKeyAttributeCount,
-                                 phPublicKey,
-                                 phPrivateKey);
-    nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR,start);
+                                             pMechanism,
+                                             pPublicKeyTemplate,
+                                             ulPublicKeyAttributeCount,
+                                             pPrivateKeyTemplate,
+                                             ulPrivateKeyAttributeCount,
+                                             phPublicKey,
+                                             phPrivateKey);
+    nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR, start);
     log_handle(4, "  *phPublicKey = 0x%x", *phPublicKey);
     log_handle(4, "  *phPrivateKey = 0x%x", *phPrivateKey);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_WrapKey(
-  CK_SESSION_HANDLE hSession,
-  CK_MECHANISM_PTR  pMechanism,
-  CK_OBJECT_HANDLE  hWrappingKey,
-  CK_OBJECT_HANDLE  hKey,
-  CK_BYTE_PTR       pWrappedKey,
-  CK_ULONG_PTR      pulWrappedKeyLen
-)
+CK_RV
+NSSDBGC_WrapKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_WrapKey"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, "  hWrappingKey = 0x%x", hWrappingKey);
     log_handle(3, fmt_hKey, hKey);
     PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey));
     PR_LOG(modlog, 3, ("  pulWrappedKeyLen = 0x%p", pulWrappedKeyLen));
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_WRAPKEY,&start);
+    nssdbg_start_time(FUNC_C_WRAPKEY, &start);
     rv = module_functions->C_WrapKey(hSession,
-                                 pMechanism,
-                                 hWrappingKey,
-                                 hKey,
-                                 pWrappedKey,
-                                 pulWrappedKeyLen);
-    nssdbg_finish_time(FUNC_C_WRAPKEY,start);
+                                     pMechanism,
+                                     hWrappingKey,
+                                     hKey,
+                                     pWrappedKey,
+                                     pulWrappedKeyLen);
+    nssdbg_finish_time(FUNC_C_WRAPKEY, start);
     PR_LOG(modlog, 4, ("  *pulWrappedKeyLen = 0x%x", *pulWrappedKeyLen));
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_UnwrapKey(
-  CK_SESSION_HANDLE    hSession,
-  CK_MECHANISM_PTR     pMechanism,
-  CK_OBJECT_HANDLE     hUnwrappingKey,
-  CK_BYTE_PTR          pWrappedKey,
-  CK_ULONG             ulWrappedKeyLen,
-  CK_ATTRIBUTE_PTR     pTemplate,
-  CK_ULONG             ulAttributeCount,
-  CK_OBJECT_HANDLE_PTR phKey
-)
+CK_RV
+NSSDBGC_UnwrapKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_UnwrapKey"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, "  hUnwrappingKey = 0x%x", hUnwrappingKey);
     PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey));
     PR_LOG(modlog, 3, ("  ulWrappedKeyLen = %d", ulWrappedKeyLen));
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount));
     PR_LOG(modlog, 3, (fmt_phKey, phKey));
     print_template(pTemplate, ulAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_UNWRAPKEY,&start);
+    nssdbg_start_time(FUNC_C_UNWRAPKEY, &start);
     rv = module_functions->C_UnwrapKey(hSession,
-                                 pMechanism,
-                                 hUnwrappingKey,
-                                 pWrappedKey,
-                                 ulWrappedKeyLen,
-                                 pTemplate,
-                                 ulAttributeCount,
-                                 phKey);
-    nssdbg_finish_time(FUNC_C_UNWRAPKEY,start);
+                                       pMechanism,
+                                       hUnwrappingKey,
+                                       pWrappedKey,
+                                       ulWrappedKeyLen,
+                                       pTemplate,
+                                       ulAttributeCount,
+                                       phKey);
+    nssdbg_finish_time(FUNC_C_UNWRAPKEY, start);
     log_handle(4, fmt_sphKey, *phKey);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_DeriveKey(
-  CK_SESSION_HANDLE    hSession,
-  CK_MECHANISM_PTR     pMechanism,
-  CK_OBJECT_HANDLE     hBaseKey,
-  CK_ATTRIBUTE_PTR     pTemplate,
-  CK_ULONG             ulAttributeCount,
-  CK_OBJECT_HANDLE_PTR phKey
-)
+CK_RV
+NSSDBGC_DeriveKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_DeriveKey"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
     log_handle(3, "  hBaseKey = 0x%x", hBaseKey);
     PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
     PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount));
     PR_LOG(modlog, 3, (fmt_phKey, phKey));
     print_template(pTemplate, ulAttributeCount);
     print_mechanism(pMechanism);
-    nssdbg_start_time(FUNC_C_DERIVEKEY,&start);
+    nssdbg_start_time(FUNC_C_DERIVEKEY, &start);
     rv = module_functions->C_DeriveKey(hSession,
-                                 pMechanism,
-                                 hBaseKey,
-                                 pTemplate,
-                                 ulAttributeCount,
-                                 phKey);
-    nssdbg_finish_time(FUNC_C_DERIVEKEY,start);
+                                       pMechanism,
+                                       hBaseKey,
+                                       pTemplate,
+                                       ulAttributeCount,
+                                       phKey);
+    nssdbg_finish_time(FUNC_C_DERIVEKEY, start);
     log_handle(4, fmt_sphKey, *phKey);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_SeedRandom(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       pSeed,
-  CK_ULONG          ulSeedLen
-)
+CK_RV
+NSSDBGC_SeedRandom(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSeed,
+    CK_ULONG ulSeedLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_SeedRandom"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  pSeed = 0x%p", pSeed));
     PR_LOG(modlog, 3, ("  ulSeedLen = %d", ulSeedLen));
-    nssdbg_start_time(FUNC_C_SEEDRANDOM,&start);
+    nssdbg_start_time(FUNC_C_SEEDRANDOM, &start);
     rv = module_functions->C_SeedRandom(hSession,
-                                 pSeed,
-                                 ulSeedLen);
-    nssdbg_finish_time(FUNC_C_SEEDRANDOM,start);
+                                        pSeed,
+                                        ulSeedLen);
+    nssdbg_finish_time(FUNC_C_SEEDRANDOM, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GenerateRandom(
-  CK_SESSION_HANDLE hSession,
-  CK_BYTE_PTR       RandomData,
-  CK_ULONG          ulRandomLen
-)
+CK_RV
+NSSDBGC_GenerateRandom(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR RandomData,
+    CK_ULONG ulRandomLen)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GenerateRandom"));
     log_handle(3, fmt_hSession, hSession);
     PR_LOG(modlog, 3, ("  RandomData = 0x%p", RandomData));
     PR_LOG(modlog, 3, ("  ulRandomLen = %d", ulRandomLen));
-    nssdbg_start_time(FUNC_C_GENERATERANDOM,&start);
+    nssdbg_start_time(FUNC_C_GENERATERANDOM, &start);
     rv = module_functions->C_GenerateRandom(hSession,
-                                 RandomData,
-                                 ulRandomLen);
-    nssdbg_finish_time(FUNC_C_GENERATERANDOM,start);
+                                            RandomData,
+                                            ulRandomLen);
+    nssdbg_finish_time(FUNC_C_GENERATERANDOM, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_GetFunctionStatus(
-  CK_SESSION_HANDLE hSession
-)
+CK_RV
+NSSDBGC_GetFunctionStatus(
+    CK_SESSION_HANDLE hSession)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_GetFunctionStatus"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS,&start);
+    nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS, &start);
     rv = module_functions->C_GetFunctionStatus(hSession);
-    nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS,start);
+    nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_CancelFunction(
-  CK_SESSION_HANDLE hSession
-)
+CK_RV
+NSSDBGC_CancelFunction(
+    CK_SESSION_HANDLE hSession)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_CancelFunction"));
     log_handle(3, fmt_hSession, hSession);
-    nssdbg_start_time(FUNC_C_CANCELFUNCTION,&start);
+    nssdbg_start_time(FUNC_C_CANCELFUNCTION, &start);
     rv = module_functions->C_CancelFunction(hSession);
-    nssdbg_finish_time(FUNC_C_CANCELFUNCTION,start);
+    nssdbg_finish_time(FUNC_C_CANCELFUNCTION, start);
     log_rv(rv);
     return rv;
 }
 
-CK_RV NSSDBGC_WaitForSlotEvent(
-  CK_FLAGS       flags,
-  CK_SLOT_ID_PTR pSlot,
-  CK_VOID_PTR    pRserved
-)
+CK_RV
+NSSDBGC_WaitForSlotEvent(
+    CK_FLAGS flags,
+    CK_SLOT_ID_PTR pSlot,
+    CK_VOID_PTR pRserved)
 {
     COMMON_DEFINITIONS;
 
     PR_LOG(modlog, 1, ("C_WaitForSlotEvent"));
     PR_LOG(modlog, 3, (fmt_flags, flags));
     PR_LOG(modlog, 3, ("  pSlot = 0x%p", pSlot));
     PR_LOG(modlog, 3, ("  pRserved = 0x%p", pRserved));
-    nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT,&start);
+    nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT, &start);
     rv = module_functions->C_WaitForSlotEvent(flags,
-                                 pSlot,
-                                 pRserved);
-    nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT,start);
+                                              pSlot,
+                                              pRserved);
+    nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT, start);
     log_rv(rv);
     return rv;
 }
 
-CK_FUNCTION_LIST_PTR nss_InsertDeviceLog(
-  CK_FUNCTION_LIST_PTR devEPV
-)
+CK_FUNCTION_LIST_PTR
+nss_InsertDeviceLog(
+    CK_FUNCTION_LIST_PTR devEPV)
 {
     module_functions = devEPV;
     modlog = PR_NewLogModule("nss_mod_log");
     debug_functions.C_Initialize = NSSDBGC_Initialize;
     debug_functions.C_Finalize = NSSDBGC_Finalize;
     debug_functions.C_GetInfo = NSSDBGC_GetInfo;
     debug_functions.C_GetFunctionList = NSSDBGC_GetFunctionList;
     debug_functions.C_GetSlotList = NSSDBGC_GetSlotList;
@@ -2639,99 +2662,99 @@ CK_FUNCTION_LIST_PTR nss_InsertDeviceLog
  *    If the time is less than 10 minutes but greater than 10 seconds output 
  * the time in second.
  *    If the time is less than 10 seconds but greater than 10 milliseconds 
  * output * the time in millisecond.
  *    If the time is less than 10 milliseconds but greater than 0 ticks output 
  * the time in microsecond.
  *
  */
-static PRUint32 getPrintTime(PRIntervalTime time ,char **type)
+static PRUint32
+getPrintTime(PRIntervalTime time, char **type)
 {
-	PRUint32 prTime;
+    PRUint32 prTime;
 
-        /* detect a programming error by outputting 'bu' to the output stream
-	 * rather than crashing */
- 	*type = "bug";
-	if (time == 0) {
-	    *type = "z";
-	    return 0;
-	}
+    /* detect a programming error by outputting 'bu' to the output stream
+     * rather than crashing */
+    *type = "bug";
+    if (time == 0) {
+        *type = "z";
+        return 0;
+    }
 
-	prTime = PR_IntervalToSeconds(time);
+    prTime = PR_IntervalToSeconds(time);
 
-	if (prTime >= 600) {
-	    *type="m";
-	    return prTime/60;
-	}
-        if (prTime >= 10) {
-	    *type="s";
-	    return prTime;
-	} 
-	prTime = PR_IntervalToMilliseconds(time);
-        if (prTime >= 10) {
-	    *type="ms";
-	    return prTime;
-	} 
- 	*type = "us";
-	return PR_IntervalToMicroseconds(time);
+    if (prTime >= 600) {
+        *type = "m";
+        return prTime / 60;
+    }
+    if (prTime >= 10) {
+        *type = "s";
+        return prTime;
+    }
+    prTime = PR_IntervalToMilliseconds(time);
+    if (prTime >= 10) {
+        *type = "ms";
+        return prTime;
+    }
+    *type = "us";
+    return PR_IntervalToMicroseconds(time);
 }
 
-static void print_final_statistics(void)
+static void
+print_final_statistics(void)
 {
     int total_calls = 0;
     PRIntervalTime total_time = 0;
     PRUint32 pr_total_time;
     char *type;
     char *fname;
     FILE *outfile = NULL;
     int i;
 
     fname = PR_GetEnvSecure("NSS_OUTPUT_FILE");
     if (fname) {
-	/* need to add an optional process id to the filename */
-	outfile = fopen(fname,"w+");
+        /* need to add an optional process id to the filename */
+        outfile = fopen(fname, "w+");
     }
     if (!outfile) {
-	outfile = stdout;
+        outfile = stdout;
     }
-	
 
-    fprintf(outfile,"%-25s %10s %12s %12s %10s\n", "Function", "# Calls", 
-				"Time", "Avg.", "% Time");
-    fprintf(outfile,"\n");
-    for (i=0; i < nssdbg_prof_size; i++) {
-	total_calls += nssdbg_prof_data[i].calls;
-	total_time += nssdbg_prof_data[i].time;
+    fprintf(outfile, "%-25s %10s %12s %12s %10s\n", "Function", "# Calls",
+            "Time", "Avg.", "% Time");
+    fprintf(outfile, "\n");
+    for (i = 0; i < nssdbg_prof_size; i++) {
+        total_calls += nssdbg_prof_data[i].calls;
+        total_time += nssdbg_prof_data[i].time;
     }
-    for (i=0; i < nssdbg_prof_size; i++) {
-	PRIntervalTime time = nssdbg_prof_data[i].time;
-	PRUint32 usTime = PR_IntervalToMicroseconds(time);
-	PRUint32 prTime = 0;
-	PRUint32 calls = nssdbg_prof_data[i].calls;
-	/* don't print out functions that weren't even called */
-	if (calls == 0) {
-	    continue;
-	}
+    for (i = 0; i < nssdbg_prof_size; i++) {
+        PRIntervalTime time = nssdbg_prof_data[i].time;
+        PRUint32 usTime = PR_IntervalToMicroseconds(time);
+        PRUint32 prTime = 0;
+        PRUint32 calls = nssdbg_prof_data[i].calls;
+        /* don't print out functions that weren't even called */
+        if (calls == 0) {
+            continue;
+        }
 
-	prTime = getPrintTime(time,&type);
+        prTime = getPrintTime(time, &type);
 
-	fprintf(outfile,"%-25s %10d %10d%2s ", nssdbg_prof_data[i].function, 
-						calls, prTime, type);
-	/* for now always output the average in microseconds */
-	fprintf(outfile,"%10.2f%2s", (float)usTime / (float)calls, "us" );
-	fprintf(outfile,"%10.2f%%", ((float)time / (float)total_time) * 100);
-	fprintf(outfile,"\n");
+        fprintf(outfile, "%-25s %10d %10d%2s ", nssdbg_prof_data[i].function,
+                calls, prTime, type);
+        /* for now always output the average in microseconds */
+        fprintf(outfile, "%10.2f%2s", (float)usTime / (float)calls, "us");
+        fprintf(outfile, "%10.2f%%", ((float)time / (float)total_time) * 100);
+        fprintf(outfile, "\n");
     }
-    fprintf(outfile,"\n");
+    fprintf(outfile, "\n");
 
-    pr_total_time = getPrintTime(total_time,&type);
+    pr_total_time = getPrintTime(total_time, &type);
 
-    fprintf(outfile,"%25s %10d %10d%2s\n", "Totals", total_calls, 
-							pr_total_time, type);
-    fprintf(outfile,"\n\nMaximum number of concurrent open sessions: %d\n\n",
-							 maxOpenSessions);
-    fflush (outfile);
+    fprintf(outfile, "%25s %10d %10d%2s\n", "Totals", total_calls,
+            pr_total_time, type);
+    fprintf(outfile, "\n\nMaximum number of concurrent open sessions: %d\n\n",
+            maxOpenSessions);
+    fflush(outfile);
     if (outfile != stdout) {
-	fclose(outfile);
+        fclose(outfile);
     }
 }
-
--- a/lib/pk11wrap/dev3hack.c
+++ b/lib/pk11wrap/dev3hack.c
@@ -19,55 +19,53 @@
 #endif /* BASE_H */
 
 #include "pk11func.h"
 #include "secmodti.h"
 #include "secerr.h"
 
 NSS_IMPLEMENT nssSession *
 nssSession_ImportNSS3Session(NSSArena *arenaOpt,
-                             CK_SESSION_HANDLE session, 
+                             CK_SESSION_HANDLE session,
                              PZLock *lock, PRBool rw)
 {
     nssSession *rvSession = NULL;
     if (session != CK_INVALID_SESSION) {
-	rvSession = nss_ZNEW(arenaOpt, nssSession);
-	if (rvSession) {
-	    rvSession->handle = session;
-	    rvSession->lock = lock;
-	    rvSession->ownLock = PR_FALSE;
-	    rvSession->isRW = rw;
-	}
+        rvSession = nss_ZNEW(arenaOpt, nssSession);
+        if (rvSession) {
+            rvSession->handle = session;
+            rvSession->lock = lock;
+            rvSession->ownLock = PR_FALSE;
+            rvSession->isRW = rw;
+        }
     }
     return rvSession;
 }
 
 NSS_IMPLEMENT nssSession *
-nssSlot_CreateSession
-(
-  NSSSlot *slot,
-  NSSArena *arenaOpt,
-  PRBool readWrite
-)
+nssSlot_CreateSession(
+    NSSSlot *slot,
+    NSSArena *arenaOpt,
+    PRBool readWrite)
 {
     nssSession *rvSession;
 
     if (!readWrite) {
-	/* nss3hack version only returns rw swssions */
-	return NULL;
+        /* nss3hack version only returns rw swssions */
+        return NULL;
     }
     rvSession = nss_ZNEW(arenaOpt, nssSession);
     if (!rvSession) {
-	return (nssSession *)NULL;
+        return (nssSession *)NULL;
     }
 
     rvSession->handle = PK11_GetRWSession(slot->pk11slot);
     if (rvSession->handle == CK_INVALID_HANDLE) {
-	    nss_ZFreeIf(rvSession);
-	    return NULL;
+        nss_ZFreeIf(rvSession);
+        return NULL;
     }
     rvSession->isRW = PR_TRUE;
     rvSession->slot = slot;
     /*
      * The session doesn't need its own lock.  Here's why.
      * 1. If we are reusing the default RW session of the slot,
      *    the slot lock is already locked to protect the session.
      * 2. If the module is not thread safe, the slot (or rather
@@ -82,224 +80,200 @@ nssSlot_CreateSession
      * lock or only used by one thread.
      */
     rvSession->lock = NULL;
     rvSession->ownLock = PR_FALSE;
     return rvSession;
 }
 
 NSS_IMPLEMENT PRStatus
-nssSession_Destroy
-(
-  nssSession *s
-)
+nssSession_Destroy(nssSession *s)
 {
     PRStatus rv = PR_SUCCESS;
     if (s) {
-	if (s->isRW) {
-	    PK11_RestoreROSession(s->slot->pk11slot, s->handle);
-	}
-	rv = nss_ZFreeIf(s);
+        if (s->isRW) {
+            PK11_RestoreROSession(s->slot->pk11slot, s->handle);
+        }
+        rv = nss_ZFreeIf(s);
     }
     return rv;
 }
 
 static NSSSlot *
 nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
 {
     NSSSlot *rvSlot;
     NSSArena *arena;
     arena = nssArena_Create();
     if (!arena) {
-	return NULL;
+        return NULL;
     }
     rvSlot = nss_ZNEW(arena, NSSSlot);
     if (!rvSlot) {
-	nssArena_Destroy(arena);
-	return NULL;
+        nssArena_Destroy(arena);
+        return NULL;
     }
     rvSlot->base.refCount = 1;
     rvSlot->base.lock = PZ_NewLock(nssILockOther);
     rvSlot->base.arena = arena;
     rvSlot->pk11slot = nss3slot;
     rvSlot->epv = nss3slot->functionList;
     rvSlot->slotID = nss3slot->slotID;
     /* Grab the slot name from the PKCS#11 fixed-length buffer */
-    rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
+    rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
     rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
     return rvSlot;
 }
 
 NSSToken *
 nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
 {
     NSSToken *rvToken;
     NSSArena *arena;
 
     /* Don't create a token object for a disabled slot */
     if (nss3slot->disabled) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
     }
     arena = nssArena_Create();
     if (!arena) {
-	return NULL;
+        return NULL;
     }
     rvToken = nss_ZNEW(arena, NSSToken);
     if (!rvToken) {
-	nssArena_Destroy(arena);
-	return NULL;
+        nssArena_Destroy(arena);
+        return NULL;
     }
     rvToken->base.refCount = 1;
     rvToken->base.lock = PZ_NewLock(nssILockOther);
     if (!rvToken->base.lock) {
-	nssArena_Destroy(arena);
-	return NULL;
+        nssArena_Destroy(arena);
+        return NULL;
     }
     rvToken->base.arena = arena;
     rvToken->pk11slot = nss3slot;
     rvToken->epv = nss3slot->functionList;
     rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
-                                                       nss3slot->session,
-                                                       nss3slot->sessionLock,
-                                                       nss3slot->defRWSession);
+                                                           nss3slot->session,
+                                                           nss3slot->sessionLock,
+                                                           nss3slot->defRWSession);
 #if 0 /* we should do this instead of blindly continuing. */
     if (!rvToken->defaultSession) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-    	goto loser;
+    PORT_SetError(SEC_ERROR_NO_TOKEN);
+        goto loser;
     }
 #endif
     if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
-	rvToken->cache = nssTokenObjectCache_Create(rvToken, 
-	                                            PR_TRUE, PR_TRUE, PR_TRUE);
-	if (!rvToken->cache)
-	    goto loser;
+        rvToken->cache = nssTokenObjectCache_Create(rvToken,
+                                                    PR_TRUE, PR_TRUE, PR_TRUE);
+        if (!rvToken->cache)
+            goto loser;
     }
     rvToken->trustDomain = td;
     /* Grab the token name from the PKCS#11 fixed-length buffer */
-    rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena);
+    rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena);
     rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
     if (!rvToken->slot) {
         goto loser;
     }
     rvToken->slot->token = rvToken;
     if (rvToken->defaultSession)
-	rvToken->defaultSession->slot = rvToken->slot;
+        rvToken->defaultSession->slot = rvToken->slot;
     return rvToken;
 loser:
     PZ_DestroyLock(rvToken->base.lock);
     nssArena_Destroy(arena);
     return NULL;
 }
 
 NSS_IMPLEMENT void
 nssToken_UpdateName(NSSToken *token)
 {
     if (!token) {
-	return;
+        return;
     }
-    token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name,token->base.arena);
+    token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena);
 }
 
 NSS_IMPLEMENT PRBool
-nssSlot_IsPermanent
-(
-  NSSSlot *slot
-)
+nssSlot_IsPermanent(NSSSlot *slot)
 {
     return slot->pk11slot->isPerm;
 }
 
 NSS_IMPLEMENT PRBool
-nssSlot_IsFriendly
-(
-  NSSSlot *slot
-)
+nssSlot_IsFriendly(NSSSlot *slot)
 {
     return PK11_IsFriendly(slot->pk11slot);
 }
 
 NSS_IMPLEMENT PRStatus
 nssToken_Refresh(NSSToken *token)
 {
     PK11SlotInfo *nss3slot;
 
     if (!token) {
-	return PR_SUCCESS;
+        return PR_SUCCESS;
     }
     nss3slot = token->pk11slot;
-    token->defaultSession = 
-    	nssSession_ImportNSS3Session(token->slot->base.arena,
-				     nss3slot->session,
-				     nss3slot->sessionLock,
-				     nss3slot->defRWSession);
+    token->defaultSession =
+        nssSession_ImportNSS3Session(token->slot->base.arena,
+                                     nss3slot->session,
+                                     nss3slot->sessionLock,
+                                     nss3slot->defRWSession);
     return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
 }
 
 NSS_IMPLEMENT PRStatus
-nssSlot_Refresh
-(
-  NSSSlot *slot
-)
+nssSlot_Refresh(NSSSlot *slot)
 {
     PK11SlotInfo *nss3slot = slot->pk11slot;
     PRBool doit = PR_FALSE;
     if (slot->token && slot->token->base.name[0] == 0) {
-	doit = PR_TRUE;
+        doit = PR_TRUE;
     }
     if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
-	return PR_FAILURE;
+        return PR_FAILURE;
     }
     if (doit) {
-	nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, 
-	                                      slot->token);
+        nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
+                                              slot->token);
     }
     return nssToken_Refresh(slot->token);
 }
 
 NSS_IMPLEMENT PRStatus
-nssToken_GetTrustOrder
-(
-  NSSToken *tok
-)
+nssToken_GetTrustOrder(NSSToken *tok)
 {
     PK11SlotInfo *slot;
     SECMODModule *module;
     slot = tok->pk11slot;
     module = PK11_GetModule(slot);
     return module->trustOrder;
 }
 
 NSS_IMPLEMENT PRBool
-nssSlot_IsLoggedIn
-(
-  NSSSlot *slot
-)
+nssSlot_IsLoggedIn(NSSSlot *slot)
 {
     if (!slot->pk11slot->needLogin) {
-	return PR_TRUE;
+        return PR_TRUE;
     }
     return PK11_IsLoggedIn(slot->pk11slot, NULL);
 }
 
-
 NSSTrustDomain *
 nssToken_GetTrustDomain(NSSToken *token)
 {
     return token->trustDomain;
 }
 
 NSS_EXTERN PRStatus
-nssTrustDomain_RemoveTokenCertsFromCache
-(
-  NSSTrustDomain *td,
-  NSSToken *token
-);
+nssTrustDomain_RemoveTokenCertsFromCache(
+    NSSTrustDomain *td,
+    NSSToken *token);
 
 NSS_IMPLEMENT PRStatus
-nssToken_NotifyCertsNotVisible
-(
-  NSSToken *tok
-)
+nssToken_NotifyCertsNotVisible(
+    NSSToken *tok)
 {
     return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
 }
-
--- a/lib/pk11wrap/dev3hack.h
+++ b/lib/pk11wrap/dev3hack.h
@@ -18,13 +18,13 @@ nssToken_UpdateName(NSSToken *);
 NSS_EXTERN PRStatus
 nssToken_Refresh(NSSToken *);
 
 NSSTrustDomain *
 nssToken_GetTrustDomain(NSSToken *token);
 
 void PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst);
 
-NSSToken * PK11Slot_GetNSSToken(PK11SlotInfo *sl);
+NSSToken *PK11Slot_GetNSSToken(PK11SlotInfo *sl);
 
 PR_END_EXTERN_C
 
 #endif /* DEVNSS3HACK_H */
--- a/lib/pk11wrap/pk11akey.c
+++ b/lib/pk11wrap/pk11akey.c
@@ -11,62 +11,62 @@
 #include "secmodti.h"
 #include "pkcs11.h"
 #include "pkcs11t.h"
 #include "pk11func.h"
 #include "cert.h"
 #include "key.h"
 #include "keyi.h"
 #include "secitem.h"
-#include "secasn1.h" 
-#include "secoid.h" 
+#include "secasn1.h"
+#include "secoid.h"
 #include "secerr.h"
 #include "sechash.h"
 
-#include "secpkcs5.h"  
+#include "secpkcs5.h"
 #include "blapit.h"
 
 static SECItem *
 pk11_MakeIDFromPublicKey(SECKEYPublicKey *pubKey)
 {
     /* set the ID to the public key so we can find it again */
-    SECItem *pubKeyIndex =  NULL;
+    SECItem *pubKeyIndex = NULL;
     switch (pubKey->keyType) {
-    case rsaKey:
-      pubKeyIndex = &pubKey->u.rsa.modulus;
-      break;
-    case dsaKey:
-      pubKeyIndex = &pubKey->u.dsa.publicValue;
-      break;
-    case dhKey:
-      pubKeyIndex = &pubKey->u.dh.publicValue;
-      break;      
-    case ecKey:
-      pubKeyIndex = &pubKey->u.ec.publicValue;
-      break;      
-    default:
-      return NULL;
+        case rsaKey:
+            pubKeyIndex = &pubKey->u.rsa.modulus;
+            break;
+        case dsaKey:
+            pubKeyIndex = &pubKey->u.dsa.publicValue;
+            break;
+        case dhKey:
+            pubKeyIndex = &pubKey->u.dh.publicValue;
+            break;
+        case ecKey:
+            pubKeyIndex = &pubKey->u.ec.publicValue;
+            break;
+        default:
+            return NULL;
     }
     PORT_Assert(pubKeyIndex != NULL);
 
     return PK11_MakeIDFromPubKey(pubKeyIndex);
-} 
+}
 
 /*
  * import a public key into the desired slot
  *
- * This function takes a public key structure and creates a public key in a 
+ * This function takes a public key structure and creates a public key in a
  * given slot. If isToken is set, then a persistant public key is created.
  *
  * Note: it is possible for this function to return a handle for a key which
  * is persistant, even if isToken is not set.
  */
 CK_OBJECT_HANDLE
-PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, 
-								PRBool isToken)
+PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey,
+                     PRBool isToken)
 {
     CK_BBOOL cktrue = CK_TRUE;
     CK_BBOOL ckfalse = CK_FALSE;
     CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
     CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
     CK_OBJECT_HANDLE objectID;
     CK_ATTRIBUTE theTemplate[11];
     CK_ATTRIBUTE *signedattr = NULL;
@@ -74,149 +74,177 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
     SECItem *ckaId = NULL;
     SECItem *pubValue = NULL;
     int signedcount = 0;
     unsigned int templateCount = 0;
     SECStatus rv;
 
     /* if we already have an object in the desired slot, use it */
     if (!isToken && pubKey->pkcs11Slot == slot) {
-	return pubKey->pkcs11ID;
+        return pubKey->pkcs11ID;
     }
 
     /* free the existing key */
     if (pubKey->pkcs11Slot != NULL) {
-	PK11SlotInfo *oSlot = pubKey->pkcs11Slot;
-	if (!PK11_IsPermObject(pubKey->pkcs11Slot,pubKey->pkcs11ID)) {
-	    PK11_EnterSlotMonitor(oSlot);
-	    (void) PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session,
-							pubKey->pkcs11ID);
-	    PK11_ExitSlotMonitor(oSlot);
-	}
-	PK11_FreeSlot(oSlot);
-	pubKey->pkcs11Slot = NULL;
+        PK11SlotInfo *oSlot = pubKey->pkcs11Slot;
+        if (!PK11_IsPermObject(pubKey->pkcs11Slot, pubKey->pkcs11ID)) {
+            PK11_EnterSlotMonitor(oSlot);
+            (void)PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session,
+                                                      pubKey->pkcs11ID);
+            PK11_ExitSlotMonitor(oSlot);
+        }
+        PK11_FreeSlot(oSlot);
+        pubKey->pkcs11Slot = NULL;
     }
-    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass) ); attrs++;
-    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType) ); attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
     PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse,
-						 sizeof(CK_BBOOL) ); attrs++;
+                  sizeof(CK_BBOOL));
+    attrs++;
     if (isToken) {
-	ckaId = pk11_MakeIDFromPublicKey(pubKey);
-	if (ckaId == NULL) {
-	    PORT_SetError( SEC_ERROR_BAD_KEY );
-	    return CK_INVALID_HANDLE;
-	}
-	PK11_SETATTRS(attrs, CKA_ID, ckaId->data, ckaId->len); attrs++;
+        ckaId = pk11_MakeIDFromPublicKey(pubKey);
+        if (ckaId == NULL) {
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            return CK_INVALID_HANDLE;
+        }
+        PK11_SETATTRS(attrs, CKA_ID, ckaId->data, ckaId->len);
+        attrs++;
     }
 
     /* now import the key */
     {
         switch (pubKey->keyType) {
-        case rsaKey:
-	    keyType = CKK_RSA;
-	    PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL) ); attrs++;
-	    PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue, 
-						sizeof(CK_BBOOL) ); attrs++;
-	    PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL)); attrs++;
- 	    signedattr = attrs;
-	    PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data,
-					 pubKey->u.rsa.modulus.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, 
-	     	pubKey->u.rsa.publicExponent.data,
-				 pubKey->u.rsa.publicExponent.len); attrs++;
-	    break;
-        case dsaKey:
-	    keyType = CKK_DSA;
-	    PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
- 	    signedattr = attrs;
-	    PK11_SETATTRS(attrs, CKA_PRIME,    pubKey->u.dsa.params.prime.data,
-				pubKey->u.dsa.params.prime.len); attrs++;
-	    PK11_SETATTRS(attrs,CKA_SUBPRIME,pubKey->u.dsa.params.subPrime.data,
-				pubKey->u.dsa.params.subPrime.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_BASE,  pubKey->u.dsa.params.base.data,
-					pubKey->u.dsa.params.base.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_VALUE,    pubKey->u.dsa.publicValue.data, 
-					pubKey->u.dsa.publicValue.len); attrs++;
-	    break;
-	case fortezzaKey:
-	    keyType = CKK_DSA;
-	    PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
- 	    signedattr = attrs;
-	    PK11_SETATTRS(attrs, CKA_PRIME,pubKey->u.fortezza.params.prime.data,
-				pubKey->u.fortezza.params.prime.len); attrs++;
-	    PK11_SETATTRS(attrs,CKA_SUBPRIME,
-				pubKey->u.fortezza.params.subPrime.data,
-				pubKey->u.fortezza.params.subPrime.len);attrs++;
-	    PK11_SETATTRS(attrs, CKA_BASE,  pubKey->u.fortezza.params.base.data,
-				pubKey->u.fortezza.params.base.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data, 
-				pubKey->u.fortezza.DSSKey.len); attrs++;
-            break;
-        case dhKey:
-	    keyType = CKK_DH;
-	    PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++;
- 	    signedattr = attrs;
-	    PK11_SETATTRS(attrs, CKA_PRIME,    pubKey->u.dh.prime.data,
-				pubKey->u.dh.prime.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_BASE,  pubKey->u.dh.base.data,
-					pubKey->u.dh.base.len); attrs++;
-	    PK11_SETATTRS(attrs, CKA_VALUE,    pubKey->u.dh.publicValue.data, 
-					pubKey->u.dh.publicValue.len); attrs++;
-	    break;
-        case ecKey:
-	    keyType = CKK_EC;
-	    PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
-	    PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++;
- 	    signedattr = attrs;
-	    PK11_SETATTRS(attrs, CKA_EC_PARAMS, 
-		          pubKey->u.ec.DEREncodedParams.data,
-		          pubKey->u.ec.DEREncodedParams.len); attrs++;
-	    if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
-	    	PK11_SETATTRS(attrs, CKA_EC_POINT, 
-			  pubKey->u.ec.publicValue.data,
-			  pubKey->u.ec.publicValue.len); attrs++;
-	    } else {
-		pubValue = SEC_ASN1EncodeItem(NULL, NULL,
-			&pubKey->u.ec.publicValue,
-			SEC_ASN1_GET(SEC_OctetStringTemplate));
-		if (pubValue == NULL) {
-		    if (ckaId) {
-			SECITEM_FreeItem(ckaId,PR_TRUE);
-		    }
-		    return CK_INVALID_HANDLE;
-		}
-	    	PK11_SETATTRS(attrs, CKA_EC_POINT, 
-			  pubValue->data, pubValue->len); attrs++;
-	    }
-	    break;
-	default:
-	    if (ckaId) {
-		SECITEM_FreeItem(ckaId,PR_TRUE);
-	    }
-	    PORT_SetError( SEC_ERROR_BAD_KEY );
-	    return CK_INVALID_HANDLE;
-	}
+            case rsaKey:
+                keyType = CKK_RSA;
+                PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue,
+                              sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data,
+                              pubKey->u.rsa.modulus.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+                              pubKey->u.rsa.publicExponent.data,
+                              pubKey->u.rsa.publicExponent.len);
+                attrs++;
+                break;
+            case dsaKey:
+                keyType = CKK_DSA;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data,
+                              pubKey->u.dsa.params.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_SUBPRIME, pubKey->u.dsa.params.subPrime.data,
+                              pubKey->u.dsa.params.subPrime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data,
+                              pubKey->u.dsa.params.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data,
+                              pubKey->u.dsa.publicValue.len);
+                attrs++;
+                break;
+            case fortezzaKey:
+                keyType = CKK_DSA;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.fortezza.params.prime.data,
+                              pubKey->u.fortezza.params.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_SUBPRIME,
+                              pubKey->u.fortezza.params.subPrime.data,
+                              pubKey->u.fortezza.params.subPrime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data,
+                              pubKey->u.fortezza.params.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data,
+                              pubKey->u.fortezza.DSSKey.len);
+                attrs++;
+                break;
+            case dhKey:
+                keyType = CKK_DH;
+                PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data,
+                              pubKey->u.dh.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data,
+                              pubKey->u.dh.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data,
+                              pubKey->u.dh.publicValue.len);
+                attrs++;
+                break;
+            case ecKey:
+                keyType = CKK_EC;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_EC_PARAMS,
+                              pubKey->u.ec.DEREncodedParams.data,
+                              pubKey->u.ec.DEREncodedParams.len);
+                attrs++;
+                if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
+                    PK11_SETATTRS(attrs, CKA_EC_POINT,
+                                  pubKey->u.ec.publicValue.data,
+                                  pubKey->u.ec.publicValue.len);
+                    attrs++;
+                } else {
+                    pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                  &pubKey->u.ec.publicValue,
+                                                  SEC_ASN1_GET(SEC_OctetStringTemplate));
+                    if (pubValue == NULL) {
+                        if (ckaId) {
+                            SECITEM_FreeItem(ckaId, PR_TRUE);
+                        }
+                        return CK_INVALID_HANDLE;
+                    }
+                    PK11_SETATTRS(attrs, CKA_EC_POINT,
+                                  pubValue->data, pubValue->len);
+                    attrs++;
+                }
+                break;
+            default:
+                if (ckaId) {
+                    SECITEM_FreeItem(ckaId, PR_TRUE);
+                }
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                return CK_INVALID_HANDLE;
+        }
 
-	templateCount = attrs - theTemplate;
-	signedcount = attrs - signedattr;
-	PORT_Assert(templateCount <= (sizeof(theTemplate)/sizeof(CK_ATTRIBUTE)));
-	for (attrs=signedattr; signedcount; attrs++, signedcount--) {
-		pk11_SignedToUnsigned(attrs);
-	} 
+        templateCount = attrs - theTemplate;
+        signedcount = attrs - signedattr;
+        PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE)));
+        for (attrs = signedattr; signedcount; attrs++, signedcount--) {
+            pk11_SignedToUnsigned(attrs);
+        }
         rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
-				 	templateCount, isToken, &objectID);
-	if (ckaId) {
-	    SECITEM_FreeItem(ckaId,PR_TRUE);
-	}
-	if (pubValue) {
-	    SECITEM_FreeItem(pubValue,PR_TRUE);
-	}
-	if ( rv != SECSuccess) {
-	    return CK_INVALID_HANDLE;
-	}
+                                  templateCount, isToken, &objectID);
+        if (ckaId) {
+            SECITEM_FreeItem(ckaId, PR_TRUE);
+        }
+        if (pubValue) {
+            SECITEM_FreeItem(pubValue, PR_TRUE);
+        }
+        if (rv != SECSuccess) {
+            return CK_INVALID_HANDLE;
+        }
     }
 
     pubKey->pkcs11ID = objectID;
     pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
 
     return objectID;
 }
 
@@ -225,587 +253,620 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
  */
 static CK_RV
 pk11_Attr2SecItem(PLArenaPool *arena, const CK_ATTRIBUTE *attr, SECItem *item)
 {
     item->data = NULL;
 
     (void)SECITEM_AllocItem(arena, item, attr->ulValueLen);
     if (item->data == NULL) {
-	return CKR_HOST_MEMORY;
-    } 
+        return CKR_HOST_MEMORY;
+    }
     PORT_Memcpy(item->data, attr->pValue, item->len);
     return CKR_OK;
 }
 
-
 /*
  * get a curve length from a set of ecParams.
- * 
+ *
  * We need this so we can reliably determine if the ecPoint passed to us
  * was encoded or not. With out this, for many curves, we would incorrectly
  * identify an unencoded curve as an encoded curve 1 in 65536 times, and for
- * a few we would make that same mistake 1 in 32768 times. These are bad 
+ * a few we would make that same mistake 1 in 32768 times. These are bad
  * numbers since they are rare enough to pass tests, but common enough to
- * be tripped over in the field. 
+ * be tripped over in the field.
  *
  * This function will only work for curves we recognized as of March 2009.
  * The assumption is curves in use after March of 2009 would be supplied by
  * PKCS #11 modules that already pass the correct encoding to us.
  *
  * Point length = (Roundup(curveLenInBits/8)*2+1)
  */
 static int
 pk11_get_EC_PointLenInBytes(PLArenaPool *arena, const SECItem *ecParams,
                             PRBool *plain)
 {
-   SECItem oid;
-   SECOidTag tag;
-   SECStatus rv;
+    SECItem oid;
+    SECOidTag tag;
+    SECStatus rv;
 
-   /* decode the OID tag */
-   rv = SEC_QuickDERDecodeItem(arena, &oid,
-		SEC_ASN1_GET(SEC_ObjectIDTemplate), ecParams);
-   if (rv != SECSuccess) {
-	/* could be explict curves, allow them to work if the 
-	 * PKCS #11 module support them. If we try to parse the
-	 * explicit curve value in the future, we may return -1 here
-	 * to indicate an invalid parameter if the explicit curve
-	 * decode fails. */
-	return 0;
-   }
+    /* decode the OID tag */
+    rv = SEC_QuickDERDecodeItem(arena, &oid,
+                                SEC_ASN1_GET(SEC_ObjectIDTemplate), ecParams);
+    if (rv != SECSuccess) {
+        /* could be explict curves, allow them to work if the
+         * PKCS #11 module support them. If we try to parse the
+         * explicit curve value in the future, we may return -1 here
+         * to indicate an invalid parameter if the explicit curve
+         * decode fails. */
+        return 0;
+    }
 
-   *plain = PR_FALSE;
-   tag = SECOID_FindOIDTag(&oid);
-   switch (tag) {
-    case SEC_OID_SECG_EC_SECP112R1:
-    case SEC_OID_SECG_EC_SECP112R2:
-	return 29; /* curve len in bytes = 14 bytes */
-    case SEC_OID_SECG_EC_SECT113R1:
-    case SEC_OID_SECG_EC_SECT113R2:
-	return 31; /* curve len in bytes = 15 bytes */
-    case SEC_OID_SECG_EC_SECP128R1:
-    case SEC_OID_SECG_EC_SECP128R2:
-	return 33; /* curve len in bytes = 16 bytes */
-    case SEC_OID_SECG_EC_SECT131R1:
-    case SEC_OID_SECG_EC_SECT131R2:
-	return 35; /* curve len in bytes = 17 bytes */
-    case SEC_OID_SECG_EC_SECP160K1:
-    case SEC_OID_SECG_EC_SECP160R1:
-    case SEC_OID_SECG_EC_SECP160R2:
-	return 41; /* curve len in bytes = 20 bytes */
-    case SEC_OID_SECG_EC_SECT163K1:
-    case SEC_OID_SECG_EC_SECT163R1:
-    case SEC_OID_SECG_EC_SECT163R2:
-    case SEC_OID_ANSIX962_EC_C2PNB163V1:
-    case SEC_OID_ANSIX962_EC_C2PNB163V2:
-    case SEC_OID_ANSIX962_EC_C2PNB163V3:
-	return 43; /* curve len in bytes = 21 bytes */
-    case SEC_OID_ANSIX962_EC_C2PNB176V1:
-	return 45; /* curve len in bytes = 22 bytes */
-    case SEC_OID_ANSIX962_EC_C2TNB191V1:
-    case SEC_OID_ANSIX962_EC_C2TNB191V2:
-    case SEC_OID_ANSIX962_EC_C2TNB191V3:
-    case SEC_OID_SECG_EC_SECP192K1:
-    case SEC_OID_ANSIX962_EC_PRIME192V1:
-    case SEC_OID_ANSIX962_EC_PRIME192V2:
-    case SEC_OID_ANSIX962_EC_PRIME192V3:
-	return 49; /*curve len in bytes = 24 bytes */
-    case SEC_OID_SECG_EC_SECT193R1:
-    case SEC_OID_SECG_EC_SECT193R2:
-	return 51; /*curve len in bytes = 25 bytes */
-    case SEC_OID_ANSIX962_EC_C2PNB208W1:
-	return 53; /*curve len in bytes = 26 bytes */
-    case SEC_OID_SECG_EC_SECP224K1:
-    case SEC_OID_SECG_EC_SECP224R1:
-	return 57; /*curve len in bytes = 28 bytes */
-    case SEC_OID_SECG_EC_SECT233K1:
-    case SEC_OID_SECG_EC_SECT233R1:
-    case SEC_OID_SECG_EC_SECT239K1:
-    case SEC_OID_ANSIX962_EC_PRIME239V1:
-    case SEC_OID_ANSIX962_EC_PRIME239V2:
-    case SEC_OID_ANSIX962_EC_PRIME239V3:
-    case SEC_OID_ANSIX962_EC_C2TNB239V1:
-    case SEC_OID_ANSIX962_EC_C2TNB239V2:
-    case SEC_OID_ANSIX962_EC_C2TNB239V3:
-	return 61; /*curve len in bytes = 30 bytes */
-    case SEC_OID_ANSIX962_EC_PRIME256V1:
-    case SEC_OID_SECG_EC_SECP256K1:
-	return 65; /*curve len in bytes = 32 bytes */
-    case SEC_OID_ANSIX962_EC_C2PNB272W1:
-	return 69; /*curve len in bytes = 34 bytes */
-    case SEC_OID_SECG_EC_SECT283K1:
-    case SEC_OID_SECG_EC_SECT283R1:
-	return 73; /*curve len in bytes = 36 bytes */
-    case SEC_OID_ANSIX962_EC_C2PNB304W1:
-	return 77; /*curve len in bytes = 38 bytes */
-    case SEC_OID_ANSIX962_EC_C2TNB359V1:
-	return 91; /*curve len in bytes = 45 bytes */
-    case SEC_OID_ANSIX962_EC_C2PNB368W1:
-	return 93; /*curve len in bytes = 46 bytes */
-    case SEC_OID_SECG_EC_SECP384R1:
-	return 97; /*curve len in bytes = 48 bytes */
-    case SEC_OID_SECG_EC_SECT409K1:
-    case SEC_OID_SECG_EC_SECT409R1:
-	return 105; /*curve len in bytes = 52 bytes */
-    case SEC_OID_ANSIX962_EC_C2TNB431R1:
-	return 109; /*curve len in bytes = 54 bytes */
-    case SEC_OID_SECG_EC_SECP521R1:
-	return 133; /*curve len in bytes = 66 bytes */
-    case SEC_OID_SECG_EC_SECT571K1:
-    case SEC_OID_SECG_EC_SECT571R1:
-	return 145; /*curve len in bytes = 72 bytes */
-    case SEC_OID_CURVE25519:
-        *plain = PR_TRUE;
-	return 32; /* curve len in bytes = 32 bytes (only X) */
-    /* unknown or unrecognized OIDs. return unknown length */
-    default:
-	break;
-   }
-   return 0;
+    *plain = PR_FALSE;
+    tag = SECOID_FindOIDTag(&oid);
+    switch (tag) {
+        case SEC_OID_SECG_EC_SECP112R1:
+        case SEC_OID_SECG_EC_SECP112R2:
+            return 29; /* curve len in bytes = 14 bytes */
+        case SEC_OID_SECG_EC_SECT113R1:
+        case SEC_OID_SECG_EC_SECT113R2:
+            return 31; /* curve len in bytes = 15 bytes */
+        case SEC_OID_SECG_EC_SECP128R1:
+        case SEC_OID_SECG_EC_SECP128R2:
+            return 33; /* curve len in bytes = 16 bytes */
+        case SEC_OID_SECG_EC_SECT131R1:
+        case SEC_OID_SECG_EC_SECT131R2:
+            return 35; /* curve len in bytes = 17 bytes */
+        case SEC_OID_SECG_EC_SECP160K1:
+        case SEC_OID_SECG_EC_SECP160R1:
+        case SEC_OID_SECG_EC_SECP160R2:
+            return 41; /* curve len in bytes = 20 bytes */
+        case SEC_OID_SECG_EC_SECT163K1:
+        case SEC_OID_SECG_EC_SECT163R1:
+        case SEC_OID_SECG_EC_SECT163R2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V1:
+        case SEC_OID_ANSIX962_EC_C2PNB163V2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V3:
+            return 43; /* curve len in bytes = 21 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB176V1:
+            return 45; /* curve len in bytes = 22 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB191V1:
+        case SEC_OID_ANSIX962_EC_C2TNB191V2:
+        case SEC_OID_ANSIX962_EC_C2TNB191V3:
+        case SEC_OID_SECG_EC_SECP192K1:
+        case SEC_OID_ANSIX962_EC_PRIME192V1:
+        case SEC_OID_ANSIX962_EC_PRIME192V2:
+        case SEC_OID_ANSIX962_EC_PRIME192V3:
+            return 49; /*curve len in bytes = 24 bytes */
+        case SEC_OID_SECG_EC_SECT193R1:
+        case SEC_OID_SECG_EC_SECT193R2:
+            return 51; /*curve len in bytes = 25 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB208W1:
+            return 53; /*curve len in bytes = 26 bytes */
+        case SEC_OID_SECG_EC_SECP224K1:
+        case SEC_OID_SECG_EC_SECP224R1:
+            return 57; /*curve len in bytes = 28 bytes */
+        case SEC_OID_SECG_EC_SECT233K1:
+        case SEC_OID_SECG_EC_SECT233R1:
+        case SEC_OID_SECG_EC_SECT239K1:
+        case SEC_OID_ANSIX962_EC_PRIME239V1:
+        case SEC_OID_ANSIX962_EC_PRIME239V2:
+        case SEC_OID_ANSIX962_EC_PRIME239V3:
+        case SEC_OID_ANSIX962_EC_C2TNB239V1:
+        case SEC_OID_ANSIX962_EC_C2TNB239V2:
+        case SEC_OID_ANSIX962_EC_C2TNB239V3:
+            return 61; /*curve len in bytes = 30 bytes */
+        case SEC_OID_ANSIX962_EC_PRIME256V1:
+        case SEC_OID_SECG_EC_SECP256K1:
+            return 65; /*curve len in bytes = 32 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB272W1:
+            return 69; /*curve len in bytes = 34 bytes */
+        case SEC_OID_SECG_EC_SECT283K1:
+        case SEC_OID_SECG_EC_SECT283R1:
+            return 73; /*curve len in bytes = 36 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB304W1:
+            return 77; /*curve len in bytes = 38 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB359V1:
+            return 91; /*curve len in bytes = 45 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB368W1:
+            return 93; /*curve len in bytes = 46 bytes */
+        case SEC_OID_SECG_EC_SECP384R1:
+            return 97; /*curve len in bytes = 48 bytes */
+        case SEC_OID_SECG_EC_SECT409K1:
+        case SEC_OID_SECG_EC_SECT409R1:
+            return 105; /*curve len in bytes = 52 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB431R1:
+            return 109; /*curve len in bytes = 54 bytes */
+        case SEC_OID_SECG_EC_SECP521R1:
+            return 133; /*curve len in bytes = 66 bytes */
+        case SEC_OID_SECG_EC_SECT571K1:
+        case SEC_OID_SECG_EC_SECT571R1:
+            return 145; /*curve len in bytes = 72 bytes */
+        case SEC_OID_CURVE25519:
+            *plain = PR_TRUE;
+            return 32; /* curve len in bytes = 32 bytes (only X) */
+        /* unknown or unrecognized OIDs. return unknown length */
+        default:
+            break;
+    }
+    return 0;
 }
 
 /*
  * returns the decoded point. In some cases the point may already be decoded.
- * this function tries to detect those cases and return the point in 
+ * this function tries to detect those cases and return the point in
  * publicKeyValue. In other cases it's DER encoded. In those cases the point
- * is first decoded and returned. Space for the point is allocated out of 
+ * is first decoded and returned. Space for the point is allocated out of
  * the passed in arena.
  */
 static CK_RV
 pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams,
-	const CK_ATTRIBUTE *ecPoint, SECItem *publicKeyValue)
+                         const CK_ATTRIBUTE *ecPoint, SECItem *publicKeyValue)
 {
     SECItem encodedPublicValue;
     SECStatus rv;
     int keyLen;
     PRBool plain = PR_FALSE;
 
     if (ecPoint->ulValueLen == 0) {
-	return CKR_ATTRIBUTE_VALUE_INVALID;
+        return CKR_ATTRIBUTE_VALUE_INVALID;
     }
 
     /*
      * The PKCS #11 spec requires ecPoints to be encoded as a DER OCTET String.
      * NSS has mistakenly passed unencoded values, and some PKCS #11 vendors
      * followed that mistake. Now we need to detect which encoding we were
      * passed in. The task is made more complicated by the fact the the
-     * DER encoding byte (SEC_ASN_OCTET_STRING) is the same as the 
+     * DER encoding byte (SEC_ASN_OCTET_STRING) is the same as the
      * EC_POINT_FORM_UNCOMPRESSED byte (0x04), so we can't use that to
      * determine which curve we are using.
      */
 
     /* get the expected key length for the passed in curve.
      * pk11_get_EC_PointLenInBytes only returns valid values for curves
      * NSS has traditionally recognized. If the curve is not recognized,
      * it will return '0', and we have to figure out if the key was
      * encoded or not heuristically. If the ecParams are invalid, it
      * will return -1 for the keyLen.
      */
     keyLen = pk11_get_EC_PointLenInBytes(arena, ecParams, &plain);
     if (keyLen < 0) {
-	return CKR_ATTRIBUTE_VALUE_INVALID;
+        return CKR_ATTRIBUTE_VALUE_INVALID;
     }
 
     /*
      * Some curves are not encoded but we don't have the name here.
      * Instead, pk11_get_EC_PointLenInBytes returns true plain if this is the
      * case.
      */
     if (plain && ecPoint->ulValueLen == (unsigned int)keyLen) {
         return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
     }
 
     /* If the point is uncompressed and the lengths match, it
      * must be an unencoded point */
-    if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) 
-	&& (ecPoint->ulValueLen == (unsigned int)keyLen)) {
-	    return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
+    if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) &&
+        (ecPoint->ulValueLen == (unsigned int)keyLen)) {
+        return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
     }
 
     /* now assume the key passed to us was encoded and decode it */
     if (*((char *)ecPoint->pValue) == SEC_ASN1_OCTET_STRING) {
-	/* OK, now let's try to decode it and see if it's valid */
-	encodedPublicValue.data = ecPoint->pValue;
-	encodedPublicValue.len = ecPoint->ulValueLen;
-	rv = SEC_QuickDERDecodeItem(arena, publicKeyValue,
-		SEC_ASN1_GET(SEC_OctetStringTemplate), &encodedPublicValue);
+        /* OK, now let's try to decode it and see if it's valid */
+        encodedPublicValue.data = ecPoint->pValue;
+        encodedPublicValue.len = ecPoint->ulValueLen;
+        rv = SEC_QuickDERDecodeItem(arena, publicKeyValue,
+                                    SEC_ASN1_GET(SEC_OctetStringTemplate), &encodedPublicValue);
 
-	/* it coded correctly & we know the key length (and they match)
-	 * then we are done, return the results. */
+        /* it coded correctly & we know the key length (and they match)
+         * then we are done, return the results. */
         if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) {
-	    return CKR_OK;
-	}
+            return CKR_OK;
+        }
 
-	/* if we know the key length, one of the above tests should have
-	 * succeded. If it doesn't the module gave us bad data */
-	if (keyLen) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
-		
+        /* if we know the key length, one of the above tests should have
+         * succeded. If it doesn't the module gave us bad data */
+        if (keyLen) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
 
-	/* We don't know the key length, so we don't know deterministically
-	 * which encoding was used. We now will try to pick the most likely 
-	 * form that's correct, with a preference for the encoded form if we
-	 * can't determine for sure. We do this by checking the key we got
-	 * back from SEC_QuickDERDecodeItem for defects. If no defects are
-	 * found, we assume the encoded parameter was was passed to us.
-	 * our defect tests include:
-	 *   1) it didn't decode.
-	 *   2) The decode key had an invalid length (must be odd).
-	 *   3) The decoded key wasn't an UNCOMPRESSED key.
-	 *   4) The decoded key didn't include the entire encoded block
-	 *   except the DER encoding values. (fixing DER length to one
-	 *   particular value).
-	 */
-	if ((rv != SECSuccess)
-	    || ((publicKeyValue->len & 1) != 1)
-	    || (publicKeyValue->data[0] != EC_POINT_FORM_UNCOMPRESSED)
-	    || (PORT_Memcmp(&encodedPublicValue.data[encodedPublicValue.len -
-		 	    publicKeyValue->len], publicKeyValue->data, 
-			    publicKeyValue->len) != 0)) {
-	    /* The decoded public key was flawed, the original key must have
-	     * already been in decoded form. Do a quick sanity check then 
-	     * return the original key value.
-	     */
-	    if ((encodedPublicValue.len & 1) == 0) {
-		return CKR_ATTRIBUTE_VALUE_INVALID;
-	    }
-	    return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
-	}
+        /* We don't know the key length, so we don't know deterministically
+         * which encoding was used. We now will try to pick the most likely
+         * form that's correct, with a preference for the encoded form if we
+         * can't determine for sure. We do this by checking the key we got
+         * back from SEC_QuickDERDecodeItem for defects. If no defects are
+         * found, we assume the encoded parameter was was passed to us.
+         * our defect tests include:
+         *   1) it didn't decode.
+         *   2) The decode key had an invalid length (must be odd).
+         *   3) The decoded key wasn't an UNCOMPRESSED key.
+         *   4) The decoded key didn't include the entire encoded block
+         *   except the DER encoding values. (fixing DER length to one
+         *   particular value).
+         */
+        if ((rv != SECSuccess) || ((publicKeyValue->len & 1) != 1) ||
+            (publicKeyValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
+            (PORT_Memcmp(&encodedPublicValue.data[encodedPublicValue.len - publicKeyValue->len],
+                         publicKeyValue->data,
+                         publicKeyValue->len) != 0)) {
+            /* The decoded public key was flawed, the original key must have
+             * already been in decoded form. Do a quick sanity check then
+             * return the original key value.
+             */
+            if ((encodedPublicValue.len & 1) == 0) {
+                return CKR_ATTRIBUTE_VALUE_INVALID;
+            }
+            return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
+        }
 
-	/* as best we can figure, the passed in key was encoded, and we've
-	 * now decoded it. Note: there is a chance this could be wrong if the 
-	 * following conditions hold:
-	 *  1) The first byte or bytes of the X point looks like a valid length
-	 * of precisely the right size (2*curveSize -1). this means for curves
-	 * less than 512 bits (64 bytes), this will happen 1 in 256 times*.
-	 * for curves between 512 and 1024, this will happen 1 in 65,536 times*
-	 * for curves between 1024 and 256K this will happen 1 in 16 million*
-	 *  2) The length of the 'DER length field' is odd 
-	 * (making both the encoded and decode
-	 * values an odd length. this is true of all curves less than 512,
-	 * as well as curves between 1024 and 256K).
-	 *  3) The X[length of the 'DER length field'] == 0x04, 1 in 256.
-	 *
-	 *  (* assuming all values are equally likely in the first byte, 
-	 * This isn't true if the curve length is not a multiple of 8. In these
-	 * cases, if the DER length is possible, it's more likely, 
-	 * if it's not possible, then we have no false decodes).
-	 * 
-	 * For reference here are the odds for the various curves we currently
-	 * have support for (and the only curves SSL will negotiate at this
-	 * time). NOTE: None of the supported curves will show up here 
-	 * because we return a valid length for all of these curves. 
-	 * The only way to get here is to have some application (not SSL) 
-	 * which supports some unknown curve and have some vendor supplied 
-	 * PKCS #11 module support that curve. NOTE: in this case, one 
-	 * presumes that that pkcs #11 module is likely to be using the 
-	 * correct encodings.
-	 *
-	 * Prime Curves (GFp):
-	 *   Bit	False	    Odds of 
-	 *  Size	DER Len	 False Decode Positive
-	 *  112 	27	   1 in 65536 
-	 *  128 	31	   1 in 65536 
-	 *  160 	39	   1 in 65536 
-	 *  192 	47	   1 in 65536 
-	 *  224 	55	   1 in 65536 
-	 *  239 	59	   1 in 32768 (top byte can only be 0-127)
-	 *  256 	63	   1 in 65536 
-	 *  521 	129,131	     0        (decoded value would be even)
-	 *
-	 * Binary curves (GF2m).
-	 *   Bit	False	    Odds of 
-	 *  Size	DER Len	 False Decode Positive
-	 *  131 	33	     0        (top byte can only be 0-7)
-	 *  163 	41	     0        (top byte can only be 0-7)
-	 *  176 	43	   1 in 65536 
-	 *  191 	47	   1 in 32768 (top byte can only be 0-127)
-	 *  193 	49	     0        (top byte can only be 0-1)
-	 *  208 	51	   1 in 65536 
-	 *  233 	59	     0        (top byte can only be 0-1)
-	 *  239 	59	   1 in 32768 (top byte can only be 0-127)
-	 *  272 	67	   1 in 65536 
-	 *  283 	71	     0        (top byte can only be 0-7)
-	 *  304 	75	   1 in 65536 
-	 *  359 	89	   1 in 32768 (top byte can only be 0-127)
-	 *  368 	91	   1 in 65536 
-	 *  409 	103	     0        (top byte can only be 0-1)
-	 *  431 	107	   1 in 32768 (top byte can only be 0-127)
-	 *  571 	129,143	     0        (decoded value would be even)
-	 *
-	 */
+        /* as best we can figure, the passed in key was encoded, and we've
+         * now decoded it. Note: there is a chance this could be wrong if the
+         * following conditions hold:
+         *  1) The first byte or bytes of the X point looks like a valid length
+         * of precisely the right size (2*curveSize -1). this means for curves
+         * less than 512 bits (64 bytes), this will happen 1 in 256 times*.
+         * for curves between 512 and 1024, this will happen 1 in 65,536 times*
+         * for curves between 1024 and 256K this will happen 1 in 16 million*
+         *  2) The length of the 'DER length field' is odd
+         * (making both the encoded and decode
+         * values an odd length. this is true of all curves less than 512,
+         * as well as curves between 1024 and 256K).
+         *  3) The X[length of the 'DER length field'] == 0x04, 1 in 256.
+         *
+         *  (* assuming all values are equally likely in the first byte,
+         * This isn't true if the curve length is not a multiple of 8. In these
+         * cases, if the DER length is possible, it's more likely,
+         * if it's not possible, then we have no false decodes).
+         *
+         * For reference here are the odds for the various curves we currently
+         * have support for (and the only curves SSL will negotiate at this
+         * time). NOTE: None of the supported curves will show up here
+         * because we return a valid length for all of these curves.
+         * The only way to get here is to have some application (not SSL)
+         * which supports some unknown curve and have some vendor supplied
+         * PKCS #11 module support that curve. NOTE: in this case, one
+         * presumes that that pkcs #11 module is likely to be using the
+         * correct encodings.
+         *
+         * Prime Curves (GFp):
+         *   Bit    False       Odds of
+         *  Size    DER Len  False Decode Positive
+         *  112     27     1 in 65536
+         *  128     31     1 in 65536
+         *  160     39     1 in 65536
+         *  192     47     1 in 65536
+         *  224     55     1 in 65536
+         *  239     59     1 in 32768 (top byte can only be 0-127)
+         *  256     63     1 in 65536
+         *  521     129,131      0        (decoded value would be even)
+         *
+         * Binary curves (GF2m).
+         *   Bit    False       Odds of
+         *  Size    DER Len  False Decode Positive
+         *  131     33       0        (top byte can only be 0-7)
+         *  163     41       0        (top byte can only be 0-7)
+         *  176     43     1 in 65536
+         *  191     47     1 in 32768 (top byte can only be 0-127)
+         *  193     49       0        (top byte can only be 0-1)
+         *  208     51     1 in 65536
+         *  233     59       0        (top byte can only be 0-1)
+         *  239     59     1 in 32768 (top byte can only be 0-127)
+         *  272     67     1 in 65536
+         *  283     71       0        (top byte can only be 0-7)
+         *  304     75     1 in 65536
+         *  359     89     1 in 32768 (top byte can only be 0-127)
+         *  368     91     1 in 65536
+         *  409     103      0        (top byte can only be 0-1)
+         *  431     107    1 in 32768 (top byte can only be 0-127)
+         *  571     129,143      0        (decoded value would be even)
+         *
+         */
 
-	return CKR_OK;
+        return CKR_OK;
     }
 
     /* In theory, we should handle the case where the curve == 0 and
      * the first byte is EC_POINT_FORM_UNCOMPRESSED, (which would be
      * handled by doing a santity check on the key length and returning
      * pk11_Attr2SecItem() to copy the ecPoint to the publicKeyValue).
      *
-     * This test is unnecessary, however, due to the fact that 
+     * This test is unnecessary, however, due to the fact that
      * EC_POINT_FORM_UNCOMPRESSED == SEC_ASIN1_OCTET_STRING, that case is
      * handled in the above if. That means if we get here, the initial
      * byte of our ecPoint value was invalid, so we can safely return.
      * invalid attribute.
      */
-	
+
     return CKR_ATTRIBUTE_VALUE_INVALID;
 }
 
 /*
  * extract a public key from a slot and id
  */
 SECKEYPublicKey *
-PK11_ExtractPublicKey(PK11SlotInfo *slot,KeyType keyType,CK_OBJECT_HANDLE id)
+PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType, CK_OBJECT_HANDLE id)
 {
     CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
     PLArenaPool *arena;
     PLArenaPool *tmp_arena;
     SECKEYPublicKey *pubKey;
     unsigned int templateCount = 0;
     CK_KEY_TYPE pk11KeyType;
     CK_RV crv;
     CK_ATTRIBUTE template[8];
-    CK_ATTRIBUTE *attrs= template;
-    CK_ATTRIBUTE *modulus,*exponent,*base,*prime,*subprime,*value;
+    CK_ATTRIBUTE *attrs = template;
+    CK_ATTRIBUTE *modulus, *exponent, *base, *prime, *subprime, *value;
     CK_ATTRIBUTE *ecparams;
 
     /* if we didn't know the key type, get it */
-    if (keyType== nullKey) {
+    if (keyType == nullKey) {
 
-        pk11KeyType = PK11_ReadULongAttribute(slot,id,CKA_KEY_TYPE);
-	if (pk11KeyType ==  CK_UNAVAILABLE_INFORMATION) {
-	    return NULL;
-	}
-	switch (pk11KeyType) {
-	case CKK_RSA:
-	    keyType = rsaKey;
-	    break;
-	case CKK_DSA:
-	    keyType = dsaKey;
-	    break;
-	case CKK_DH:
-	    keyType = dhKey;
-	    break;
-	case CKK_EC:
-	    keyType = ecKey;
-	    break;
-	default:
-	    PORT_SetError( SEC_ERROR_BAD_KEY );
-	    return NULL;
-	}
+        pk11KeyType = PK11_ReadULongAttribute(slot, id, CKA_KEY_TYPE);
+        if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) {
+            return NULL;
+        }
+        switch (pk11KeyType) {
+            case CKK_RSA:
+                keyType = rsaKey;
+                break;
+            case CKK_DSA:
+                keyType = dsaKey;
+                break;
+            case CKK_DH:
+                keyType = dhKey;
+                break;
+            case CKK_EC:
+                keyType = ecKey;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                return NULL;
+        }
     }
 
-
     /* now we need to create space for the public key */
-    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) return NULL;
-    tmp_arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+    tmp_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (tmp_arena == NULL) {
-	PORT_FreeArena (arena, PR_FALSE);
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
     }
 
-
-    pubKey = (SECKEYPublicKey *) 
-			PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    pubKey = (SECKEYPublicKey *)
+        PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
     if (pubKey == NULL) {
-	PORT_FreeArena (arena, PR_FALSE);
-	PORT_FreeArena (tmp_arena, PR_FALSE);
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        PORT_FreeArena(tmp_arena, PR_FALSE);
+        return NULL;
     }
 
     pubKey->arena = arena;
     pubKey->keyType = keyType;
     pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
     pubKey->pkcs11ID = id;
-    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, 
-						sizeof(keyClass)); attrs++;
-    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType, 
-						sizeof(pk11KeyType) ); attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass,
+                  sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType,
+                  sizeof(pk11KeyType));
+    attrs++;
     switch (pubKey->keyType) {
-    case rsaKey:
-	modulus = attrs;
-	PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0); attrs++; 
-	exponent = attrs;
-	PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0); attrs++; 
+        case rsaKey:
+            modulus = attrs;
+            PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0);
+            attrs++;
+            exponent = attrs;
+            PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0);
+            attrs++;
 
-	templateCount = attrs - template;
-	PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
-	crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
-	if (crv != CKR_OK) break;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
 
-	if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) {
-	    crv = CKR_OBJECT_HANDLE_INVALID;
-	    break;
-	} 
-	crv = pk11_Attr2SecItem(arena,modulus,&pubKey->u.rsa.modulus);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,exponent,&pubKey->u.rsa.publicExponent);
-	if (crv != CKR_OK) break;
-	break;
-    case dsaKey:
-	prime = attrs;
-	PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; 
-	subprime = attrs;
-	PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0); attrs++; 
-	base = attrs;
-	PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; 
-	value = attrs;
-	PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; 
-	templateCount = attrs - template;
-	PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
-	crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
-	if (crv != CKR_OK) break;
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, modulus, &pubKey->u.rsa.modulus);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, exponent, &pubKey->u.rsa.publicExponent);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case dsaKey:
+            prime = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0);
+            attrs++;
+            subprime = attrs;
+            PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0);
+            attrs++;
+            base = attrs;
+            PK11_SETATTRS(attrs, CKA_BASE, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
 
-	if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
-	    crv = CKR_OBJECT_HANDLE_INVALID;
-	    break;
-	} 
-	crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dsa.params.prime);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,subprime,&pubKey->u.dsa.params.subPrime);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dsa.params.base);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dsa.publicValue);
-	if (crv != CKR_OK) break;
-	break;
-    case dhKey:
-	prime = attrs;
-	PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0); attrs++; 
-	base = attrs;
-	PK11_SETATTRS(attrs, CKA_BASE, NULL, 0); attrs++; 
-	value =attrs;
-	PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0); attrs++; 
-	templateCount = attrs - template;
-	PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
-	crv = PK11_GetAttributes(tmp_arena,slot,id,template,templateCount);
-	if (crv != CKR_OK) break;
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dsa.params.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, subprime, &pubKey->u.dsa.params.subPrime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dsa.params.base);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dsa.publicValue);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case dhKey:
+            prime = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0);
+            attrs++;
+            base = attrs;
+            PK11_SETATTRS(attrs, CKA_BASE, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
 
-	if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) {
-	    crv = CKR_OBJECT_HANDLE_INVALID;
-	    break;
-	} 
-	crv = pk11_Attr2SecItem(arena,prime,&pubKey->u.dh.prime);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,base,&pubKey->u.dh.base);
-	if (crv != CKR_OK) break;
-	crv = pk11_Attr2SecItem(arena,value,&pubKey->u.dh.publicValue);
-	if (crv != CKR_OK) break;
-	break;
-    case ecKey:
-	pubKey->u.ec.size = 0;
-	ecparams = attrs;
-	PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0); attrs++; 
-	value =attrs;
-	PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0); attrs++; 
-	templateCount = attrs - template;
-	PR_ASSERT(templateCount <= sizeof(template)/sizeof(CK_ATTRIBUTE));
-	crv = PK11_GetAttributes(arena,slot,id,template,templateCount);
-	if (crv != CKR_OK) break;
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dh.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dh.base);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dh.publicValue);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case ecKey:
+            pubKey->u.ec.size = 0;
+            ecparams = attrs;
+            PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
 
-	if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_EC)) {
-	    crv = CKR_OBJECT_HANDLE_INVALID;
-	    break;
-	} 
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_EC)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
 
-	crv = pk11_Attr2SecItem(arena,ecparams,
-	                        &pubKey->u.ec.DEREncodedParams);
-	if (crv != CKR_OK) break;
-	crv = pk11_get_Decoded_ECPoint(arena,
-		 &pubKey->u.ec.DEREncodedParams, value, 
-		 &pubKey->u.ec.publicValue);
-	if (seckey_SetPointEncoding(arena, pubKey) != SECSuccess) {
-		crv |= CKR_GENERAL_ERROR;
-	}
-	break;
-    case fortezzaKey:
-    case nullKey:
-    default:
-	crv = CKR_OBJECT_HANDLE_INVALID;
-	break;
+            crv = pk11_Attr2SecItem(arena, ecparams,
+                                    &pubKey->u.ec.DEREncodedParams);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_get_Decoded_ECPoint(arena,
+                                           &pubKey->u.ec.DEREncodedParams, value,
+                                           &pubKey->u.ec.publicValue);
+            if (seckey_SetPointEncoding(arena, pubKey) != SECSuccess) {
+                crv |= CKR_GENERAL_ERROR;
+            }
+            break;
+        case fortezzaKey:
+        case nullKey:
+        default:
+            crv = CKR_OBJECT_HANDLE_INVALID;
+            break;
     }
 
-    PORT_FreeArena(tmp_arena,PR_FALSE);
+    PORT_FreeArena(tmp_arena, PR_FALSE);
 
     if (crv != CKR_OK) {
-	PORT_FreeArena(arena,PR_FALSE);
-	PK11_FreeSlot(slot);
-	PORT_SetError( PK11_MapError(crv) );
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        PK11_FreeSlot(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
     }
 
     return pubKey;
 }
 
 /*
  * Build a Private Key structure from raw PKCS #11 information.
  */
 SECKEYPrivateKey *
-PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, 
-			PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx)
+PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
+                 PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx)
 {
     PLArenaPool *arena;
     SECKEYPrivateKey *privKey;
     PRBool isPrivate;
     SECStatus rv;
 
     /* don't know? look it up */
     if (keyType == nullKey) {
-	CK_KEY_TYPE pk11Type = CKK_RSA;
+        CK_KEY_TYPE pk11Type = CKK_RSA;
 
-	pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
-	isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN,PR_FALSE);
-	switch (pk11Type) {
-	case CKK_RSA: keyType = rsaKey; break;
-	case CKK_DSA: keyType = dsaKey; break;
-	case CKK_DH: keyType = dhKey; break;
-	case CKK_KEA: keyType = fortezzaKey; break;
-	case CKK_EC: keyType = ecKey; break;
-	default:
-		break;
-	}
+        pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE);
+        isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE);
+        switch (pk11Type) {
+            case CKK_RSA:
+                keyType = rsaKey;
+                break;
+            case CKK_DSA:
+                keyType = dsaKey;
+                break;
+            case CKK_DH:
+                keyType = dhKey;
+                break;
+            case CKK_KEA:
+                keyType = fortezzaKey;
+                break;
+            case CKK_EC:
+                keyType = ecKey;
+                break;
+            default:
+                break;
+        }
     }
 
     /* if the key is private, make sure we are authenticated to the
      * token before we try to use it */
-    isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE,PR_FALSE);
+    isPrivate = (PRBool)PK11_HasAttributeSet(slot, privID, CKA_PRIVATE, PR_FALSE);
     if (isPrivate) {
-	rv = PK11_Authenticate(slot, PR_TRUE, wincx);
- 	if (rv != SECSuccess) {
- 	    return NULL;
- 	}
+        rv = PK11_Authenticate(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            return NULL;
+        }
     }
 
     /* now we need to create space for the private key */
-    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
-    if (arena == NULL) return NULL;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
 
-    privKey = (SECKEYPrivateKey *) 
-			PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
+    privKey = (SECKEYPrivateKey *)
+        PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
     if (privKey == NULL) {
-	PORT_FreeArena(arena, PR_FALSE);
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
     }
 
     privKey->arena = arena;
     privKey->keyType = keyType;
     privKey->pkcs11Slot = PK11_ReferenceSlot(slot);
     privKey->pkcs11ID = privID;
     privKey->pkcs11IsTemp = isTemp;
     privKey->wincx = wincx;
 
     return privKey;
 }
 
-
 PK11SlotInfo *
 PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key)
 {
     PK11SlotInfo *slot = key->pkcs11Slot;
     slot = PK11_ReferenceSlot(slot);
     return slot;
 }
 
@@ -816,1330 +877,1383 @@ int
 PK11_GetPrivateModulusLen(SECKEYPrivateKey *key)
 {
     CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 };
     PK11SlotInfo *slot = key->pkcs11Slot;
     CK_RV crv;
     int length;
 
     switch (key->keyType) {
-    case rsaKey:
-	crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1);
-	if (crv != CKR_OK) {
-	    PORT_SetError( PK11_MapError(crv) );
-	    return -1;
-	}
-	length = theTemplate.ulValueLen;
-	if ( *(unsigned char *)theTemplate.pValue == 0) {
-	    length--;
-	}
-	PORT_Free(theTemplate.pValue);
-	return (int) length;
+        case rsaKey:
+            crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1);
+            if (crv != CKR_OK) {
+                PORT_SetError(PK11_MapError(crv));
+                return -1;
+            }
+            length = theTemplate.ulValueLen;
+            if (*(unsigned char *)theTemplate.pValue == 0) {
+                length--;
+            }
+            PORT_Free(theTemplate.pValue);
+            return (int)length;
 
-    case fortezzaKey:
-    case dsaKey:
-    case dhKey:
-    default:
-	break;
+        case fortezzaKey:
+        case dsaKey:
+        case dhKey:
+        default:
+            break;
     }
     if (theTemplate.pValue != NULL)
-	PORT_Free(theTemplate.pValue);
-    PORT_SetError( SEC_ERROR_INVALID_KEY );
+        PORT_Free(theTemplate.pValue);
+    PORT_SetError(SEC_ERROR_INVALID_KEY);
     return -1;
 }
 
-
-
 /*
  * take a private key in one pkcs11 module and load it into another:
  *  NOTE: the source private key is a rare animal... it can't be sensitive.
  *  This is used to do a key gen using one pkcs11 module and storing the
  *  result into another.
  */
 static SECKEYPrivateKey *
-pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, 
-		SECKEYPublicKey *pubKey, PK11AttrFlags attrFlags) 
+pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                          SECKEYPublicKey *pubKey, PK11AttrFlags attrFlags)
 {
     CK_ATTRIBUTE privTemplate[] = {
         /* class must be first */
-	{ CKA_CLASS, NULL, 0 },
-	{ CKA_KEY_TYPE, NULL, 0 },
-	{ CKA_ID, NULL, 0 },
-	/* RSA - the attributes below will be replaced for other 
-	 *       key types.
-	 */
-	{ CKA_MODULUS, NULL, 0 },
-	{ CKA_PRIVATE_EXPONENT, NULL, 0 },
-	{ CKA_PUBLIC_EXPONENT, NULL, 0 },
-	{ CKA_PRIME_1, NULL, 0 },
-	{ CKA_PRIME_2, NULL, 0 },
-	{ CKA_EXPONENT_1, NULL, 0 },
-	{ CKA_EXPONENT_2, NULL, 0 },
-	{ CKA_COEFFICIENT, NULL, 0 },
-	{ CKA_DECRYPT, NULL, 0 },
-	{ CKA_DERIVE, NULL, 0 },
-	{ CKA_SIGN, NULL, 0 },
-	{ CKA_SIGN_RECOVER, NULL, 0 },
-	{ CKA_UNWRAP, NULL, 0 },
-	/* reserve space for the attributes that may be
-	 * specified in attrFlags */
-	{ CKA_TOKEN, NULL, 0 },
-	{ CKA_PRIVATE, NULL, 0 },
-	{ CKA_MODIFIABLE, NULL, 0 },
-	{ CKA_SENSITIVE, NULL, 0 },
-	{ CKA_EXTRACTABLE, NULL, 0 },
-#define NUM_RESERVED_ATTRS 5    /* number of reserved attributes above */
+        { CKA_CLASS, NULL, 0 },
+        { CKA_KEY_TYPE, NULL, 0 },
+        { CKA_ID, NULL, 0 },
+        /* RSA - the attributes below will be replaced for other
+         *       key types.
+         */
+        { CKA_MODULUS, NULL, 0 },
+        { CKA_PRIVATE_EXPONENT, NULL, 0 },
+        { CKA_PUBLIC_EXPONENT, NULL, 0 },
+        { CKA_PRIME_1, NULL, 0 },
+        { CKA_PRIME_2, NULL, 0 },
+        { CKA_EXPONENT_1, NULL, 0 },
+        { CKA_EXPONENT_2, NULL, 0 },
+        { CKA_COEFFICIENT, NULL, 0 },
+        { CKA_DECRYPT, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_SIGN, NULL, 0 },
+        { CKA_SIGN_RECOVER, NULL, 0 },
+        { CKA_UNWRAP, NULL, 0 },
+        /* reserve space for the attributes that may be
+         * specified in attrFlags */
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+        { CKA_SENSITIVE, NULL, 0 },
+        { CKA_EXTRACTABLE, NULL, 0 },
+#define NUM_RESERVED_ATTRS 5 /* number of reserved attributes above */
     };
     CK_BBOOL cktrue = CK_TRUE;
     CK_BBOOL ckfalse = CK_FALSE;
     CK_ATTRIBUTE *attrs = NULL, *ap;
-    const int templateSize = sizeof(privTemplate)/sizeof(privTemplate[0]);
+    const int templateSize = sizeof(privTemplate) / sizeof(privTemplate[0]);
     PLArenaPool *arena;
     CK_OBJECT_HANDLE objectID;
     int i, count = 0;
     int extra_count = 0;
     CK_RV crv;
     SECStatus rv;
     PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0);
 
     if (pk11_BadAttrFlags(attrFlags)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return NULL;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
     }
 
-    for (i=0; i < templateSize; i++) {
-	if (privTemplate[i].type == CKA_MODULUS) {
-	    attrs= &privTemplate[i];
-	    count = i;
-	    break;
-	}
+    for (i = 0; i < templateSize; i++) {
+        if (privTemplate[i].type == CKA_MODULUS) {
+            attrs = &privTemplate[i];
+            count = i;
+            break;
+        }
     }
     PORT_Assert(attrs != NULL);
     if (attrs == NULL) {
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	return NULL;
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
     }
 
     ap = attrs;
 
     switch (privKey->keyType) {
-    case rsaKey:
-	count = templateSize - NUM_RESERVED_ATTRS;
-	extra_count = count - (attrs - privTemplate);
-	break;
-    case dsaKey:
-	ap->type = CKA_PRIME; ap++; count++; extra_count++;
-	ap->type = CKA_SUBPRIME; ap++; count++; extra_count++;
-	ap->type = CKA_BASE; ap++; count++; extra_count++;
-	ap->type = CKA_VALUE; ap++; count++; extra_count++;
-	ap->type = CKA_SIGN; ap++; count++; extra_count++;
-	break;
-    case dhKey:
-	ap->type = CKA_PRIME; ap++; count++; extra_count++;
-	ap->type = CKA_BASE; ap++; count++; extra_count++;
-	ap->type = CKA_VALUE; ap++; count++; extra_count++;
-	ap->type = CKA_DERIVE; ap++; count++; extra_count++;
-	break;
-    case ecKey:
-	ap->type = CKA_EC_PARAMS; ap++; count++; extra_count++;
-	ap->type = CKA_VALUE; ap++; count++; extra_count++;
-	ap->type = CKA_DERIVE; ap++; count++; extra_count++;
-	ap->type = CKA_SIGN; ap++; count++; extra_count++;
-	break;
-     default:
-	count = 0;
-	extra_count = 0;
-	break;
-     }
+        case rsaKey:
+            count = templateSize - NUM_RESERVED_ATTRS;
+            extra_count = count - (attrs - privTemplate);
+            break;
+        case dsaKey:
+            ap->type = CKA_PRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SUBPRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_BASE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SIGN;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        case dhKey:
+            ap->type = CKA_PRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_BASE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_DERIVE;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        case ecKey:
+            ap->type = CKA_EC_PARAMS;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_DERIVE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SIGN;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        default:
+            count = 0;
+            extra_count = 0;
+            break;
+    }
 
-     if (count == 0) {
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	return NULL;
-     }
+    if (count == 0) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
 
-     arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
-     if (arena == NULL) return NULL;
-     /*
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+    /*
       * read out the old attributes.
       */
-     crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
-		privTemplate,count);
-     if (crv != CKR_OK) {
-	PORT_SetError( PK11_MapError(crv) );
-	PORT_FreeArena(arena, PR_TRUE);
-	return NULL;
-     }
+    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
+                             privTemplate, count);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
+    }
 
-     /* Set token, private, modifiable, sensitive, and extractable */
-     count += pk11_AttrFlagsToAttributes(attrFlags, &privTemplate[count],
-					&cktrue, &ckfalse);
+    /* Set token, private, modifiable, sensitive, and extractable */
+    count += pk11_AttrFlagsToAttributes(attrFlags, &privTemplate[count],
+                                        &cktrue, &ckfalse);
 
-     /* Not everyone can handle zero padded key values, give
+    /* Not everyone can handle zero padded key values, give
       * them the raw data as unsigned */
-     for (ap=attrs; extra_count; ap++, extra_count--) {
-	pk11_SignedToUnsigned(ap);
-     }
+    for (ap = attrs; extra_count; ap++, extra_count--) {
+        pk11_SignedToUnsigned(ap);
+    }
 
-     /* now Store the puppies */
-     rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, privTemplate, 
-						count, token, &objectID);
-     PORT_FreeArena(arena, PR_TRUE);
-     if (rv != SECSuccess) {
-	return NULL;
-     }
+    /* now Store the puppies */
+    rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, privTemplate,
+                              count, token, &objectID);
+    PORT_FreeArena(arena, PR_TRUE);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
 
-     /* try loading the public key */
-     if (pubKey) {
-	PK11_ImportPublicKey(slot, pubKey, token);
-	if (pubKey->pkcs11Slot) {
-	    PK11_FreeSlot(pubKey->pkcs11Slot);
-	    pubKey->pkcs11Slot = NULL;
-	    pubKey->pkcs11ID = CK_INVALID_HANDLE;
-	}
-     }
+    /* try loading the public key */
+    if (pubKey) {
+        PK11_ImportPublicKey(slot, pubKey, token);
+        if (pubKey->pkcs11Slot) {
+            PK11_FreeSlot(pubKey->pkcs11Slot);
+            pubKey->pkcs11Slot = NULL;
+            pubKey->pkcs11ID = CK_INVALID_HANDLE;
+        }
+    }
 
-     /* build new key structure */
-     return PK11_MakePrivKey(slot, privKey->keyType, !token, 
-						objectID, privKey->wincx);
+    /* build new key structure */
+    return PK11_MakePrivKey(slot, privKey->keyType, !token,
+                            objectID, privKey->wincx);
 }
 
 static SECKEYPrivateKey *
-pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, 
-		SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) 
+pk11_loadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                 SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
 {
     PK11AttrFlags attrFlags = 0;
     if (token) {
-	attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
+        attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
     } else {
-	attrFlags |= (PK11_ATTR_SESSION | PK11_ATTR_PUBLIC);
+        attrFlags |= (PK11_ATTR_SESSION | PK11_ATTR_PUBLIC);
     }
     if (sensitive) {
-	attrFlags |= PK11_ATTR_SENSITIVE;
+        attrFlags |= PK11_ATTR_SENSITIVE;
     } else {
-	attrFlags |= PK11_ATTR_INSENSITIVE;
+        attrFlags |= PK11_ATTR_INSENSITIVE;
     }
     return pk11_loadPrivKeyWithFlags(slot, privKey, pubKey, attrFlags);
 }
 
 /*
  * export this for PSM
  */
 SECKEYPrivateKey *
-PK11_LoadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, 
-		SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive) 
+PK11_LoadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                 SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
 {
-    return pk11_loadPrivKey(slot,privKey,pubKey,token,sensitive);
+    return pk11_loadPrivKey(slot, privKey, pubKey, token, sensitive);
 }
 
-
 /*
  * Use the token to generate a key pair.
  */
 SECKEYPrivateKey *
-PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, 
-   void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, 
-   CK_FLAGS opFlags, CK_FLAGS opFlagsMask, void *wincx)
+PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                                void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags,
+                                CK_FLAGS opFlags, CK_FLAGS opFlagsMask, void *wincx)
 {
     /* we have to use these native types because when we call PKCS 11 modules
      * we have to make sure that we are using the correct sizes for all the
      * parameters. */
     CK_BBOOL ckfalse = CK_FALSE;
     CK_BBOOL cktrue = CK_TRUE;
     CK_ULONG modulusBits;
     CK_BYTE publicExponent[4];
     CK_ATTRIBUTE privTemplate[] = {
-	{ CKA_SENSITIVE, NULL, 0},
-	{ CKA_TOKEN,  NULL, 0},
-	{ CKA_PRIVATE,  NULL, 0},
-	{ CKA_DERIVE,  NULL, 0},
-	{ CKA_UNWRAP,  NULL, 0},
-	{ CKA_SIGN,  NULL, 0},
-	{ CKA_DECRYPT,  NULL, 0},
-	{ CKA_EXTRACTABLE, NULL, 0},
-	{ CKA_MODIFIABLE,  NULL, 0},
+        { CKA_SENSITIVE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_UNWRAP, NULL, 0 },
+        { CKA_SIGN, NULL, 0 },
+        { CKA_DECRYPT, NULL, 0 },
+        { CKA_EXTRACTABLE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
     };
     CK_ATTRIBUTE rsaPubTemplate[] = {
-	{ CKA_MODULUS_BITS, NULL, 0},
-	{ CKA_PUBLIC_EXPONENT, NULL, 0},
-	{ CKA_TOKEN,  NULL, 0},
-	{ CKA_DERIVE,  NULL, 0},
-	{ CKA_WRAP,  NULL, 0},
-	{ CKA_VERIFY,  NULL, 0},
-	{ CKA_VERIFY_RECOVER,  NULL, 0},
-	{ CKA_ENCRYPT,  NULL, 0},
-	{ CKA_MODIFIABLE,  NULL, 0},
+        { CKA_MODULUS_BITS, NULL, 0 },
+        { CKA_PUBLIC_EXPONENT, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
     };
     CK_ATTRIBUTE dsaPubTemplate[] = {
-	{ CKA_PRIME, NULL, 0 },
-	{ CKA_SUBPRIME, NULL, 0 },
-	{ CKA_BASE, NULL, 0 },
-	{ CKA_TOKEN,  NULL, 0},
-	{ CKA_DERIVE,  NULL, 0},
-	{ CKA_WRAP,  NULL, 0},
-	{ CKA_VERIFY,  NULL, 0},
-	{ CKA_VERIFY_RECOVER,  NULL, 0},
-	{ CKA_ENCRYPT,  NULL, 0},
-	{ CKA_MODIFIABLE,  NULL, 0},
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
     };
     CK_ATTRIBUTE dhPubTemplate[] = {
-      { CKA_PRIME, NULL, 0 }, 
-      { CKA_BASE, NULL, 0 }, 
-      { CKA_TOKEN,  NULL, 0},
-      { CKA_DERIVE,  NULL, 0},
-      { CKA_WRAP,  NULL, 0},
-      { CKA_VERIFY,  NULL, 0},
-      { CKA_VERIFY_RECOVER,  NULL, 0},
-      { CKA_ENCRYPT,  NULL, 0},
-      { CKA_MODIFIABLE,  NULL, 0},
+        { CKA_PRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
     };
     CK_ATTRIBUTE ecPubTemplate[] = {
-      { CKA_EC_PARAMS, NULL, 0 }, 
-      { CKA_TOKEN,  NULL, 0},
-      { CKA_DERIVE,  NULL, 0},
-      { CKA_WRAP,  NULL, 0},
-      { CKA_VERIFY,  NULL, 0},
-      { CKA_VERIFY_RECOVER,  NULL, 0},
-      { CKA_ENCRYPT,  NULL, 0},
-      { CKA_MODIFIABLE,  NULL, 0},
+        { CKA_EC_PARAMS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
     };
-    SECKEYECParams * ecParams;
+    SECKEYECParams *ecParams;
 
     /*CK_ULONG key_size = 0;*/
     CK_ATTRIBUTE *pubTemplate;
     int privCount = 0;
     int pubCount = 0;
     PK11RSAGenParams *rsaParams;
     SECKEYPQGParams *dsaParams;
-    SECKEYDHParams * dhParams;
+    SECKEYDHParams *dhParams;
     CK_MECHANISM mechanism;
     CK_MECHANISM test_mech;
     CK_MECHANISM test_mech2;
     CK_SESSION_HANDLE session_handle;
     CK_RV crv;
-    CK_OBJECT_HANDLE privID,pubID;
+    CK_OBJECT_HANDLE privID, pubID;
     SECKEYPrivateKey *privKey;
     KeyType keyType;
     PRBool restore;
-    int peCount,i;
+    int peCount, i;
     CK_ATTRIBUTE *attrs;
     CK_ATTRIBUTE *privattrs;
     CK_ATTRIBUTE setTemplate;
     CK_MECHANISM_INFO mechanism_info;
     CK_OBJECT_CLASS keyClass;
     SECItem *cka_id;
     PRBool haslock = PR_FALSE;
     PRBool pubIsToken = PR_FALSE;
     PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0);
     /* subset of attrFlags applicable to the public key */
     PK11AttrFlags pubKeyAttrFlags = attrFlags &
-	(PK11_ATTR_TOKEN | PK11_ATTR_SESSION
-	| PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE);
+                                    (PK11_ATTR_TOKEN | PK11_ATTR_SESSION | PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE);
 
     if (pk11_BadAttrFlags(attrFlags)) {
-	PORT_SetError( SEC_ERROR_INVALID_ARGS );
-	return NULL;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
     }
 
     if (!param) {
-        PORT_SetError( SEC_ERROR_INVALID_ARGS );
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     /*
      * The opFlags and opFlagMask parameters allow us to control the
      * settings of the key usage attributes (CKA_ENCRYPT and friends).
-     * opFlagMask is set to one if the flag is specified in opFlags and 
-     *  zero if it is to take on a default value calculated by 
+     * opFlagMask is set to one if the flag is specified in opFlags and
+     *  zero if it is to take on a default value calculated by
      *  PK11_GenerateKeyPairWithOpFlags.
-     * opFlags specifies the actual value of the flag 1 or 0. 
+     * opFlags specifies the actual value of the flag 1 or 0.
      *   Bits not corresponding to one bits in opFlagMask should be zero.
      */
 
     /* if we are trying to turn on a flag, it better be in the mask */
-    PORT_Assert ((opFlags & ~opFlagsMask) == 0);
+    PORT_Assert((opFlags & ~opFlagsMask) == 0);
     opFlags &= opFlagsMask;
 
     PORT_Assert(slot != NULL);
     if (slot == NULL) {
-	PORT_SetError( SEC_ERROR_NO_MODULE);
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
     }
 
     /* if our slot really doesn't do this mechanism, Generate the key
      * in our internal token and write it out */
-    if (!PK11_DoesMechanism(slot,type)) {
-	PK11SlotInfo *int_slot = PK11_GetInternalSlot();
+    if (!PK11_DoesMechanism(slot, type)) {
+        PK11SlotInfo *int_slot = PK11_GetInternalSlot();
 
-	/* don't loop forever looking for a slot */
-	if (slot == int_slot) {
-	    PK11_FreeSlot(int_slot);
-	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	    return NULL;
-	}
+        /* don't loop forever looking for a slot */
+        if (slot == int_slot) {
+            PK11_FreeSlot(int_slot);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return NULL;
+        }
 
-	/* if there isn't a suitable slot, then we can't do the keygen */
-	if (int_slot == NULL) {
-	    PORT_SetError( SEC_ERROR_NO_MODULE );
-	    return NULL;
-	}
+        /* if there isn't a suitable slot, then we can't do the keygen */
+        if (int_slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return NULL;
+        }
 
-	/* generate the temporary key to load */
-	privKey = PK11_GenerateKeyPair(int_slot,type, param, pubKey, PR_FALSE, 
-							PR_FALSE, wincx);
-	PK11_FreeSlot(int_slot);
+        /* generate the temporary key to load */
+        privKey = PK11_GenerateKeyPair(int_slot, type, param, pubKey, PR_FALSE,
+                                       PR_FALSE, wincx);
+        PK11_FreeSlot(int_slot);
 
-	/* if successful, load the temp key into the new token */
-	if (privKey != NULL) {
-	    SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot,
-						privKey,*pubKey,attrFlags);
-	    SECKEY_DestroyPrivateKey(privKey);
-	    if (newPrivKey == NULL) {
-		SECKEY_DestroyPublicKey(*pubKey);
-		*pubKey = NULL;
-	    }
-	    return newPrivKey;
-	}
-	return NULL;
-   }
-
+        /* if successful, load the temp key into the new token */
+        if (privKey != NULL) {
+            SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot,
+                                                                     privKey, *pubKey, attrFlags);
+            SECKEY_DestroyPrivateKey(privKey);
+            if (newPrivKey == NULL) {
+                SECKEY_DestroyPublicKey(*pubKey);
+                *pubKey = NULL;
+            }
+            return newPrivKey;
+        }
+        return NULL;
+    }
 
     mechanism.mechanism = type;
     mechanism.pParameter = NULL;
     mechanism.ulParameterLen = 0;
     test_mech.pParameter = NULL;
     test_mech.ulParameterLen = 0;
     test_mech2.mechanism = CKM_INVALID_MECHANISM;
     test_mech2.pParameter = NULL;
     test_mech2.ulParameterLen = 0;
 
     /* set up the private key template */
     privattrs = privTemplate;
     privattrs += pk11_AttrFlagsToAttributes(attrFlags, privattrs,
-						&cktrue, &ckfalse);
+                                            &cktrue, &ckfalse);
 
     /* set up the mechanism specific info */
     switch (type) {
-    case CKM_RSA_PKCS_KEY_PAIR_GEN:
-    case CKM_RSA_X9_31_KEY_PAIR_GEN:
-	rsaParams = (PK11RSAGenParams *)param;
-	if (rsaParams->pe == 0) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return NULL;
-	}
-	modulusBits = rsaParams->keySizeInBits;
-	peCount = 0;
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        case CKM_RSA_X9_31_KEY_PAIR_GEN:
+            rsaParams = (PK11RSAGenParams *)param;
+            if (rsaParams->pe == 0) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return NULL;
+            }
+            modulusBits = rsaParams->keySizeInBits;
+            peCount = 0;
 
-	/* convert pe to a PKCS #11 string */
-	for (i=0; i < 4; i++) {
-	    if (peCount || (rsaParams->pe & 
-				((unsigned long)0xff000000L >> (i*8)))) {
-		publicExponent[peCount] = 
-				(CK_BYTE)((rsaParams->pe >> (3-i)*8) & 0xff);
-		peCount++;
-	    }
-	}
-	PORT_Assert(peCount != 0);
-	attrs = rsaPubTemplate;
-	PK11_SETATTRS(attrs, CKA_MODULUS_BITS, 
-				&modulusBits, sizeof(modulusBits)); attrs++;
-	PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, 
-				publicExponent, peCount);attrs++;
-	pubTemplate = rsaPubTemplate;
-	keyType = rsaKey;
-	test_mech.mechanism = CKM_RSA_PKCS;
-	break;
-    case CKM_DSA_KEY_PAIR_GEN:
-	dsaParams = (SECKEYPQGParams *)param;
-	attrs = dsaPubTemplate;
-	PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data,
-				dsaParams->prime.len); attrs++;
-	PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data,
-					dsaParams->subPrime.len); attrs++;
-	PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data,
-						dsaParams->base.len); attrs++;
-	pubTemplate = dsaPubTemplate;
-	keyType = dsaKey;
-	test_mech.mechanism = CKM_DSA;
-	break;
-    case CKM_DH_PKCS_KEY_PAIR_GEN:
-        dhParams = (SECKEYDHParams *)param;
-        attrs = dhPubTemplate;
-        PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data,
-                      dhParams->prime.len);   attrs++;
-        PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data,
-                      dhParams->base.len);    attrs++;
-        pubTemplate = dhPubTemplate;
-        keyType = dhKey;
-        test_mech.mechanism = CKM_DH_PKCS_DERIVE;
-	break;
-    case CKM_EC_KEY_PAIR_GEN:
-        ecParams = (SECKEYECParams *)param;
-        attrs = ecPubTemplate;
-        PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data, 
-	              ecParams->len);   attrs++;
-        pubTemplate = ecPubTemplate;
-        keyType = ecKey;
-	/*
-	 * ECC supports 2 different mechanism types (unlike RSA, which
-	 * supports different usages with the same mechanism).
-	 * We may need to query both mechanism types and or the results
-	 * together -- but we only do that if either the user has
-	 * requested both usages, or not specified any usages.
-	 */
-	if ((opFlags & (CKF_SIGN|CKF_DERIVE)) == (CKF_SIGN|CKF_DERIVE)) {
-	    /* We've explicitly turned on both flags, use both mechanism */
-	    test_mech.mechanism = CKM_ECDH1_DERIVE;
-	    test_mech2.mechanism = CKM_ECDSA;
-	} else if (opFlags & CKF_SIGN) {
-	    /* just do signing */
-	    test_mech.mechanism = CKM_ECDSA;
-	} else if (opFlags & CKF_DERIVE) {
-	    /* just do ECDH */
-	    test_mech.mechanism = CKM_ECDH1_DERIVE;
-	} else {
-	    /* neither was specified default to both */
-	    test_mech.mechanism = CKM_ECDH1_DERIVE;
-	    test_mech2.mechanism = CKM_ECDSA;
-	}
-        break;
-    default:
-	PORT_SetError( SEC_ERROR_BAD_KEY );
-	return NULL;
+            /* convert pe to a PKCS #11 string */
+            for (i = 0; i < 4; i++) {
+                if (peCount || (rsaParams->pe &
+                                ((unsigned long)0xff000000L >> (i * 8)))) {
+                    publicExponent[peCount] =
+                        (CK_BYTE)((rsaParams->pe >> (3 - i) * 8) & 0xff);
+                    peCount++;
+                }
+            }
+            PORT_Assert(peCount != 0);
+            attrs = rsaPubTemplate;
+            PK11_SETATTRS(attrs, CKA_MODULUS_BITS,
+                          &modulusBits, sizeof(modulusBits));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+                          publicExponent, peCount);
+            attrs++;
+            pubTemplate = rsaPubTemplate;
+            keyType = rsaKey;
+            test_mech.mechanism = CKM_RSA_PKCS;
+            break;
+        case CKM_DSA_KEY_PAIR_GEN:
+            dsaParams = (SECKEYPQGParams *)param;
+            attrs = dsaPubTemplate;
+            PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data,
+                          dsaParams->prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data,
+                          dsaParams->subPrime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data,
+                          dsaParams->base.len);
+            attrs++;
+            pubTemplate = dsaPubTemplate;
+            keyType = dsaKey;
+            test_mech.mechanism = CKM_DSA;
+            break;
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+            dhParams = (SECKEYDHParams *)param;
+            attrs = dhPubTemplate;
+            PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data,
+                          dhParams->prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data,
+                          dhParams->base.len);
+            attrs++;
+            pubTemplate = dhPubTemplate;
+            keyType = dhKey;
+            test_mech.mechanism = CKM_DH_PKCS_DERIVE;
+            break;
+        case CKM_EC_KEY_PAIR_GEN:
+            ecParams = (SECKEYECParams *)param;
+            attrs = ecPubTemplate;
+            PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data,
+                          ecParams->len);
+            attrs++;
+            pubTemplate = ecPubTemplate;
+            keyType = ecKey;
+            /*
+             * ECC supports 2 different mechanism types (unlike RSA, which
+             * supports different usages with the same mechanism).
+             * We may need to query both mechanism types and or the results
+             * together -- but we only do that if either the user has
+             * requested both usages, or not specified any usages.
+             */
+            if ((opFlags & (CKF_SIGN | CKF_DERIVE)) == (CKF_SIGN | CKF_DERIVE)) {
+                /* We've explicitly turned on both flags, use both mechanism */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+                test_mech2.mechanism = CKM_ECDSA;
+            } else if (opFlags & CKF_SIGN) {
+                /* just do signing */
+                test_mech.mechanism = CKM_ECDSA;
+            } else if (opFlags & CKF_DERIVE) {
+                /* just do ECDH */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+            } else {
+                /* neither was specified default to both */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+                test_mech2.mechanism = CKM_ECDSA;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            return NULL;
     }
 
     /* now query the slot to find out how "good" a key we can generate */
-    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
-				test_mech.mechanism,&mechanism_info);
+                                                test_mech.mechanism, &mechanism_info);
     /*
      * EC keys are used in multiple different types of mechanism, if we
      * are using dual use keys, we need to query the second mechanism
      * as well.
      */
     if (test_mech2.mechanism != CKM_INVALID_MECHANISM) {
-	CK_MECHANISM_INFO mechanism_info2;
-	CK_RV crv2;
+        CK_MECHANISM_INFO mechanism_info2;
+        CK_RV crv2;
 
-	if (crv != CKR_OK) {
-	    /* the first failed, make sure there is no trash in the
-	     * mechanism flags when we or it below */
-	    mechanism_info.flags = 0;
-	}
-	crv2 = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
-				test_mech2.mechanism, &mechanism_info2);
-	if (crv2 == CKR_OK) {
-	    crv = CKR_OK; /* succeed if either mechnaism info succeeds */
-	    /* combine the 2 sets of mechnanism flags */
-	    mechanism_info.flags |= mechanism_info2.flags;
-	}
+        if (crv != CKR_OK) {
+            /* the first failed, make sure there is no trash in the
+             * mechanism flags when we or it below */
+            mechanism_info.flags = 0;
+        }
+        crv2 = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                     test_mech2.mechanism, &mechanism_info2);
+        if (crv2 == CKR_OK) {
+            crv = CKR_OK; /* succeed if either mechnaism info succeeds */
+            /* combine the 2 sets of mechnanism flags */
+            mechanism_info.flags |= mechanism_info2.flags;
+        }
     }
-    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
     if ((crv != CKR_OK) || (mechanism_info.flags == 0)) {
-	/* must be old module... guess what it should be... */
-	switch (test_mech.mechanism) {
-	case CKM_RSA_PKCS:
-	    mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT | 
-		CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);
-	    break;
-	case CKM_DSA:
-	    mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
-	    break;
-	case CKM_DH_PKCS_DERIVE:
-	    mechanism_info.flags = CKF_DERIVE;
-	    break;
-	case CKM_ECDH1_DERIVE:
-	    mechanism_info.flags = CKF_DERIVE;
-	    if (test_mech2.mechanism == CKM_ECDSA) {
-		mechanism_info.flags |= CKF_SIGN | CKF_VERIFY;
-	    }
-	    break;
-	case CKM_ECDSA:
-	    mechanism_info.flags =  CKF_SIGN | CKF_VERIFY;
-	    break;
-	default:
-	    break;
-	}
+        /* must be old module... guess what it should be... */
+        switch (test_mech.mechanism) {
+            case CKM_RSA_PKCS:
+                mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT |
+                                        CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);
+                break;
+            case CKM_DSA:
+                mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
+                break;
+            case CKM_DH_PKCS_DERIVE:
+                mechanism_info.flags = CKF_DERIVE;
+                break;
+            case CKM_ECDH1_DERIVE:
+                mechanism_info.flags = CKF_DERIVE;
+                if (test_mech2.mechanism == CKM_ECDSA) {
+                    mechanism_info.flags |= CKF_SIGN | CKF_VERIFY;
+                }
+                break;
+            case CKM_ECDSA:
+                mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
+                break;
+            default:
+                break;
+        }
     }
     /* now adjust our flags according to the user's key usage passed to us */
     mechanism_info.flags = (mechanism_info.flags & (~opFlagsMask)) | opFlags;
     /* set the public key attributes */
     attrs += pk11_AttrFlagsToAttributes(pubKeyAttrFlags, attrs,
-						&cktrue, &ckfalse);
-    PK11_SETATTRS(attrs, CKA_DERIVE, 
-		mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); attrs++;
-    PK11_SETATTRS(attrs, CKA_WRAP, 
-		mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); attrs++;
-    PK11_SETATTRS(attrs, CKA_VERIFY, 
-		mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); attrs++;
-    PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER, 
-		mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); attrs++;
-    PK11_SETATTRS(attrs, CKA_ENCRYPT, 
-		mechanism_info.flags & CKF_ENCRYPT? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); attrs++;
+                                        &cktrue, &ckfalse);
+    PK11_SETATTRS(attrs, CKA_DERIVE,
+                  mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_WRAP,
+                  mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_VERIFY,
+                  mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER,
+                  mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_ENCRYPT,
+                  mechanism_info.flags & CKF_ENCRYPT ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
     /* set the private key attributes */
-    PK11_SETATTRS(privattrs, CKA_DERIVE, 
-		mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); privattrs++;
-    PK11_SETATTRS(privattrs, CKA_UNWRAP, 
-		mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); privattrs++;
-    PK11_SETATTRS(privattrs, CKA_SIGN, 
-		mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); privattrs++;
-    PK11_SETATTRS(privattrs, CKA_DECRYPT, 
-		mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse,
-					 sizeof(CK_BBOOL)); privattrs++;
+    PK11_SETATTRS(privattrs, CKA_DERIVE,
+                  mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_UNWRAP,
+                  mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_SIGN,
+                  mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_DECRYPT,
+                  mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
 
     if (token) {
-	session_handle = PK11_GetRWSession(slot);
-	haslock = PK11_RWSessionHasLock(slot,session_handle);
-	restore = PR_TRUE;
+        session_handle = PK11_GetRWSession(slot);
+        haslock = PK11_RWSessionHasLock(slot, session_handle);
+        restore = PR_TRUE;
     } else {
-	session_handle = slot->session;
-	if (session_handle != CK_INVALID_SESSION)
-	    PK11_EnterSlotMonitor(slot);
-	restore = PR_FALSE;
-	haslock = PR_TRUE;
+        session_handle = slot->session;
+        if (session_handle != CK_INVALID_SESSION)
+            PK11_EnterSlotMonitor(slot);
+        restore = PR_FALSE;
+        haslock = PR_TRUE;
     }
 
     if (session_handle == CK_INVALID_SESSION) {
-    	PORT_SetError(SEC_ERROR_BAD_DATA);
-	return NULL;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
     }
     privCount = privattrs - privTemplate;
     pubCount = attrs - pubTemplate;
     crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism,
-	pubTemplate,pubCount,privTemplate,privCount,&pubID,&privID);
+                                               pubTemplate, pubCount, privTemplate, privCount, &pubID, &privID);
 
     if (crv != CKR_OK) {
-	if (restore)  {
-	    PK11_RestoreROSession(slot,session_handle);
-	} else PK11_ExitSlotMonitor(slot);
-	PORT_SetError( PK11_MapError(crv) );
-	return NULL;
+        if (restore) {
+            PK11_RestoreROSession(slot, session_handle);
+        } else
+            PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
     }
     /* This locking code is dangerous and needs to be more thought
      * out... the real problem is that we're holding the mutex open this long
      */
-    if (haslock) { PK11_ExitSlotMonitor(slot); }
+    if (haslock) {
+        PK11_ExitSlotMonitor(slot);
+    }
 
     /* swap around the ID's for older PKCS #11 modules */
-    keyClass = PK11_ReadULongAttribute(slot,pubID,CKA_CLASS);
+    keyClass = PK11_ReadULongAttribute(slot, pubID, CKA_CLASS);
     if (keyClass != CKO_PUBLIC_KEY) {
-	CK_OBJECT_HANDLE tmp = pubID;
-	pubID = privID;
-	privID = tmp;
+        CK_OBJECT_HANDLE tmp = pubID;
+        pubID = privID;
+        privID = tmp;
     }
 
     *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID);
     if (*pubKey == NULL) {
-	if (restore)  {
-	    /* we may have to restore the mutex so it get's exited properly
-	     * in RestoreROSession */
-            if (haslock)  PK11_EnterSlotMonitor(slot); 
-	    PK11_RestoreROSession(slot,session_handle);
-	} 
-	PK11_DestroyObject(slot,pubID);
-	PK11_DestroyObject(slot,privID);
-	return NULL;
+        if (restore) {
+            /* we may have to restore the mutex so it get's exited properly
+             * in RestoreROSession */
+            if (haslock)
+                PK11_EnterSlotMonitor(slot);
+            PK11_RestoreROSession(slot, session_handle);
+        }
+        PK11_DestroyObject(slot, pubID);
+        PK11_DestroyObject(slot, privID);
+        return NULL;
     }
 
     /* set the ID to the public key so we can find it again */
     cka_id = pk11_MakeIDFromPublicKey(*pubKey);
-    pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN,PR_FALSE);
+    pubIsToken = (PRBool)PK11_HasAttributeSet(slot, pubID, CKA_TOKEN, PR_FALSE);
 
     PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);
 
-    if (haslock) { PK11_EnterSlotMonitor(slot); }
+    if (haslock) {
+        PK11_EnterSlotMonitor(slot);
+    }
     crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID,
-		&setTemplate, 1);
-   
+                                                 &setTemplate, 1);
+
     if (crv == CKR_OK && pubIsToken) {
-    	crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID,
-		&setTemplate, 1);
+        crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID,
+                                                     &setTemplate, 1);
     }
 
-
     if (restore) {
-	PK11_RestoreROSession(slot,session_handle);
+        PK11_RestoreROSession(slot, session_handle);
     } else {
-	PK11_ExitSlotMonitor(slot);
+        PK11_ExitSlotMonitor(slot);
     }
-    SECITEM_FreeItem(cka_id,PR_TRUE);
-
+    SECITEM_FreeItem(cka_id, PR_TRUE);
 
     if (crv != CKR_OK) {
-	PK11_DestroyObject(slot,pubID);
-	PK11_DestroyObject(slot,privID);
-	PORT_SetError( PK11_MapError(crv) );
-	*pubKey = NULL;
-	return NULL;
+        PK11_DestroyObject(slot, pubID);
+        PK11_DestroyObject(slot, privID);
+        PORT_SetError(PK11_MapError(crv));
+        *pubKey = NULL;
+        return NULL;
     }
 
-    privKey = PK11_MakePrivKey(slot,keyType,!token,privID,wincx);
+    privKey = PK11_MakePrivKey(slot, keyType, !token, privID, wincx);
     if (privKey == NULL) {
-	SECKEY_DestroyPublicKey(*pubKey);
-	PK11_DestroyObject(slot,privID);
-	*pubKey = NULL;
-	return NULL;
+        SECKEY_DestroyPublicKey(*pubKey);
+        PK11_DestroyObject(slot, privID);
+        *pubKey = NULL;
+        return NULL;
     }
 
     return privKey;
 }
 
 SECKEYPrivateKey *
-PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, 
-   void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, void *wincx)
+PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                              void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, void *wincx)
 {
-    return PK11_GenerateKeyPairWithOpFlags(slot,type,param,pubKey,attrFlags,
-					   0, 0, wincx);
+    return PK11_GenerateKeyPairWithOpFlags(slot, type, param, pubKey, attrFlags,
+                                           0, 0, wincx);
 }
 
 /*
  * Use the token to generate a key pair.
  */
 SECKEYPrivateKey *
-PK11_GenerateKeyPair(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, 
-   void *param, SECKEYPublicKey **pubKey, PRBool token, 
-					PRBool sensitive, void *wincx)
+PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                     void *param, SECKEYPublicKey **pubKey, PRBool token,
+                     PRBool sensitive, void *wincx)
 {
     PK11AttrFlags attrFlags = 0;
 
     if (token) {
-	attrFlags |= PK11_ATTR_TOKEN;
+        attrFlags |= PK11_ATTR_TOKEN;
     } else {
-	attrFlags |= PK11_ATTR_SESSION;
+        attrFlags |= PK11_ATTR_SESSION;
     }
     if (sensitive) {
-	attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
+        attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
     } else {
-	attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+        attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
     }
     return PK11_GenerateKeyPairWithFlags(slot, type, param, pubKey,
-						attrFlags, wincx);
+                                         attrFlags, wincx);
 }
 
 /* build a public KEA key from the public value */
 SECKEYPublicKey *
-PK11_MakeKEAPubKey(unsigned char *keyData,int length)
+PK11_MakeKEAPubKey(unsigned char *keyData, int length)
 {
     SECKEYPublicKey *pubk;
     SECItem pkData;
     SECStatus rv;
     PLArenaPool *arena;
 
     pkData.data = keyData;
     pkData.len = length;
     pkData.type = siBuffer;
 
-    arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
-	return NULL;
+        return NULL;
 
-    pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
     if (pubk == NULL) {
-	PORT_FreeArena (arena, PR_FALSE);
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
     }
 
     pubk->arena = arena;
     pubk->pkcs11Slot = 0;
     pubk->pkcs11ID = CK_INVALID_HANDLE;
     pubk->keyType = fortezzaKey;
     rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData);
     if (rv != SECSuccess) {
-	PORT_FreeArena (arena, PR_FALSE);
-	return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
     }
     return pubk;
 }
 
 /*
  * NOTE: This function doesn't return a SECKEYPrivateKey struct to represent
  * the new private key object.  If it were to create a session object that
  * could later be looked up by its nickname, it would leak a SECKEYPrivateKey.
  * So isPerm must be true.
  */
-SECStatus 
+SECStatus
 PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
-			SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
-			SECItem *nickname, SECItem *publicValue, PRBool isPerm,
-			PRBool isPrivate, KeyType keyType, 
-			unsigned int keyUsage, void *wincx)
+                                   SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                   SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                   PRBool isPrivate, KeyType keyType,
+                                   unsigned int keyUsage, void *wincx)
 {
     if (!isPerm) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     }
     return PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(slot, epki,
-		pwitem, nickname, publicValue, isPerm, isPrivate, keyType,
-		keyUsage, NULL, wincx);
+                                                          pwitem, nickname, publicValue, isPerm, isPrivate, keyType,
+                                                          keyUsage, NULL, wincx);
 }
 
 SECStatus
 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
-			SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
-			SECItem *nickname, SECItem *publicValue, PRBool isPerm,
-			PRBool isPrivate, KeyType keyType,
-			unsigned int keyUsage, SECKEYPrivateKey **privk,
-			void *wincx)
+                                               SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                               SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                               PRBool isPrivate, KeyType keyType,
+                                               unsigned int keyUsage, SECKEYPrivateKey **privk,
+                                               void *wincx)
 {
     CK_MECHANISM_TYPE pbeMechType;
     SECItem *crypto_param = NULL;
     PK11SymKey *key = NULL;
     SECStatus rv = SECSuccess;
     CK_MECHANISM_TYPE cryptoMechType;
     SECKEYPrivateKey *privKey = NULL;
     PRBool faulty3DES = PR_FALSE;
     int usageCount = 0;
     CK_KEY_TYPE key_type;
     CK_ATTRIBUTE_TYPE *usage = NULL;
     CK_ATTRIBUTE_TYPE rsaUsage[] = {
-		 CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER };
+        CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER
+    };
     CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
     CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
     CK_ATTRIBUTE_TYPE ecUsage[] = { CKA_SIGN, CKA_DERIVE };
-    if((epki == NULL) || (pwitem == NULL))
-	return SECFailure;
+    if ((epki == NULL) || (pwitem == NULL))
+        return SECFailure;
 
     pbeMechType = PK11_AlgtagToMechanism(SECOID_FindOIDTag(
-					&epki->algorithm.algorithm));
+        &epki->algorithm.algorithm));
 
     switch (keyType) {
-    default:
-    case rsaKey:
-	key_type = CKK_RSA;
-	switch  (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) {
-	case KU_KEY_ENCIPHERMENT:
-	    usage = rsaUsage;
-	    usageCount = 2;
-	    break;
-	case KU_DIGITAL_SIGNATURE:
-	    usage = &rsaUsage[2];
-	    usageCount = 2;
-	    break;
-	case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE:
-	case 0: /* default to everything */
-	    usage = rsaUsage;
-	    usageCount = 4;
-	    break;
-	}
-        break;
-    case dhKey:
-	key_type = CKK_DH;
-	usage = dhUsage;
-	usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]);
-	break;
-    case dsaKey:
-	key_type = CKK_DSA;
-	usage = dsaUsage;
-	usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]);
-	break;
-    case ecKey:
-	key_type = CKK_EC;
-	switch  (keyUsage & (KU_DIGITAL_SIGNATURE|KU_KEY_AGREEMENT)) {
-	case KU_DIGITAL_SIGNATURE:
-	    usage = ecUsage;
-	    usageCount = 1;
-	    break;
-	case KU_KEY_AGREEMENT:
-	    usage = &ecUsage[1];
-	    usageCount = 1;
-	    break;
-	case KU_DIGITAL_SIGNATURE|KU_KEY_AGREEMENT:
-	default: /* default to everything */
-	    usage = ecUsage;
-	    usageCount = 2;
-	    break;
-	}
-	break;	
+        default:
+        case rsaKey:
+            key_type = CKK_RSA;
+            switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) {
+                case KU_KEY_ENCIPHERMENT:
+                    usage = rsaUsage;
+                    usageCount = 2;
+                    break;
+                case KU_DIGITAL_SIGNATURE:
+                    usage = &rsaUsage[2];
+                    usageCount = 2;
+                    break;
+                case KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE:
+                case 0: /* default to everything */
+                    usage = rsaUsage;
+                    usageCount = 4;
+                    break;
+            }
+            break;
+        case dhKey:
+            key_type = CKK_DH;
+            usage = dhUsage;
+            usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]);
+            break;
+        case dsaKey:
+            key_type = CKK_DSA;
+            usage = dsaUsage;
+            usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]);
+            break;
+        case ecKey:
+            key_type = CKK_EC;
+            switch (keyUsage & (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) {
+                case KU_DIGITAL_SIGNATURE:
+                    usage = ecUsage;
+                    usageCount = 1;
+                    break;
+                case KU_KEY_AGREEMENT:
+                    usage = &ecUsage[1];
+                    usageCount = 1;
+                    break;
+                case KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT:
+                default: /* default to everything */
+                    usage = ecUsage;
+                    usageCount = 2;
+                    break;
+            }
+            break;
     }
 
 try_faulty_3des:
 
     key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx);
     if (key == NULL) {
-	rv = SECFailure;
-	goto done;
+        rv = SECFailure;
+        goto done;
     }
     cryptoMechType = pk11_GetPBECryptoMechanism(&epki->algorithm,
-					 &crypto_param, pwitem, faulty3DES);
+                                                &crypto_param, pwitem, faulty3DES);
     if (cryptoMechType == CKM_INVALID_MECHANISM) {
-	rv = SECFailure;
-	goto done;
+        rv = SECFailure;
+        goto done;
     }
 
-
     cryptoMechType = PK11_GetPadMechanism(cryptoMechType);
 
     PORT_Assert(usage != NULL);
     PORT_Assert(usageCount != 0);
-    privKey = PK11_UnwrapPrivKey(slot, key, cryptoMechType, 
-				 crypto_param, &epki->encryptedData, 
-				 nickname, publicValue, isPerm, isPrivate,
-				 key_type, usage, usageCount, wincx);
-    if(privKey) {
-	if (privk) {
-	    *privk = privKey;
-	} else {
-	    SECKEY_DestroyPrivateKey(privKey);
-	}
-	privKey = NULL;
-	rv = SECSuccess;
-	goto done;
+    privKey = PK11_UnwrapPrivKey(slot, key, cryptoMechType,
+                                 crypto_param, &epki->encryptedData,
+                                 nickname, publicValue, isPerm, isPrivate,
+                                 key_type, usage, usageCount, wincx);
+    if (privKey) {
+        if (privk) {
+            *privk = privKey;
+        } else {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        privKey = NULL;
+        rv = SECSuccess;
+        goto done;
     }
 
-    /* if we are unable to import the key and the pbeMechType is 
+    /* if we are unable to import the key and the pbeMechType is
      * CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that
      * the encrypted blob was created with a buggy key generation method
      * which is described in the PKCS 12 implementation notes.  So we
      * need to try importing via that method.
-     */ 
-    if((pbeMechType == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) {
-	/* clean up after ourselves before redoing the key generation. */
+     */
+    if ((pbeMechType == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) {
+        /* clean up after ourselves before redoing the key generation. */
 
-	PK11_FreeSymKey(key);
-	key = NULL;
+        PK11_FreeSymKey(key);
+        key = NULL;
 
-	if(crypto_param) {
-	    SECITEM_ZfreeItem(crypto_param, PR_TRUE);
-	    crypto_param = NULL;
-	}
+        if (crypto_param) {
+            SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+            crypto_param = NULL;
+        }
 
-	faulty3DES = PR_TRUE;
-	goto try_faulty_3des;
+        faulty3DES = PR_TRUE;
+        goto try_faulty_3des;
     }
 
     /* key import really did fail */
     rv = SECFailure;
 
 done:
-    if(crypto_param != NULL) {
-	SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+    if (crypto_param != NULL) {
+        SECITEM_ZfreeItem(crypto_param, PR_TRUE);
     }
 
-    if(key != NULL) {
-    	PK11_FreeSymKey(key);
+    if (key != NULL) {
+        PK11_FreeSymKey(key);
     }
 
     return rv;
 }
 
 SECKEYPrivateKeyInfo *
 PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx)
 {
     SECKEYPrivateKeyInfo *pki = NULL;
-    SECKEYPrivateKey     *pk  = PK11_FindKeyByAnyCert(cert, wincx);
+    SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx);
     if (pk != NULL) {
-	pki = PK11_ExportPrivKeyInfo(pk, wincx);
-	SECKEY_DestroyPrivateKey(pk);
+        pki = PK11_ExportPrivKeyInfo(pk, wincx);
+        SECKEY_DestroyPrivateKey(pk);
     }
     return pki;
 }
 
-SECKEYEncryptedPrivateKeyInfo * 
+SECKEYEncryptedPrivateKeyInfo *
 PK11_ExportEncryptedPrivKeyInfo(
-   PK11SlotInfo     *slot,      /* optional, encrypt key in this slot */
-   SECOidTag         algTag,    /* encrypt key with this algorithm */
-   SECItem          *pwitem,    /* password for PBE encryption */
-   SECKEYPrivateKey *pk,        /* encrypt this private key */
-   int               iteration, /* interations for PBE alg */
-   void             *wincx)     /* context for password callback ? */
+    PK11SlotInfo *slot,   /* optional, encrypt key in this slot */
+    SECOidTag algTag,     /* encrypt key with this algorithm */
+    SECItem *pwitem,      /* password for PBE encryption */
+    SECKEYPrivateKey *pk, /* encrypt this private key */
+    int iteration,        /* interations for PBE alg */
+    void *wincx)          /* context for password callback ? */
 {
-    SECKEYEncryptedPrivateKeyInfo *epki      = NULL;
-    PLArenaPool                   *arena     = NULL;
-    SECAlgorithmID                *algid;
-    SECOidTag			  pbeAlgTag = SEC_OID_UNKNOWN;
-    SECItem                       *crypto_param = NULL;
-    PK11SymKey                    *key       = NULL;
-    SECKEYPrivateKey		  *tmpPK = NULL;
-    SECStatus                      rv        = SECSuccess;
-    CK_RV                          crv;
-    CK_ULONG                       encBufLen;
-    CK_MECHANISM_TYPE              pbeMechType;
-    CK_MECHANISM_TYPE              cryptoMechType;
-    CK_MECHANISM                   cryptoMech;
+    SECKEYEncryptedPrivateKeyInfo *epki = NULL;
+    PLArenaPool *arena = NULL;
+    SECAlgorithmID *algid;
+    SECOidTag pbeAlgTag = SEC_OID_UNKNOWN;
+    SECItem *crypto_param = NULL;
+    PK11SymKey *key = NULL;
+    SECKEYPrivateKey *tmpPK = NULL;
+    SECStatus rv = SECSuccess;
+    CK_RV crv;
+    CK_ULONG encBufLen;
+    CK_MECHANISM_TYPE pbeMechType;
+    CK_MECHANISM_TYPE cryptoMechType;
+    CK_MECHANISM cryptoMech;
 
     if (!pwitem || !pk) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return NULL;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
     }
 
     algid = sec_pkcs5CreateAlgorithmID(algTag, SEC_OID_UNKNOWN, SEC_OID_UNKNOWN,
-				&pbeAlgTag, 0, NULL, iteration);
+                                       &pbeAlgTag, 0, NULL, iteration);
     if (algid == NULL) {
-	return NULL;
+        return NULL;
     }
 
     arena = PORT_NewArena(2048);
     if (arena)
-	epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo);
-    if(epki == NULL) {
-	rv = SECFailure;
-	goto loser;
+        epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo);
+    if (epki == NULL) {
+        rv = SECFailure;
+        goto loser;
     }
     epki->arena = arena;
 
-
     /* if we didn't specify a slot, use the slot the private key was in */
     if (!slot) {
-	slot = pk->pkcs11Slot;
+        slot = pk->pkcs11Slot;
     }
 
     /* if we specified a different slot, and the private key slot can do the
-     * pbe key gen, generate the key in the private key slot so we don't have 
+     * pbe key gen, generate the key in the private key slot so we don't have
      * to move it later */
     pbeMechType = PK11_AlgtagToMechanism(pbeAlgTag);
     if (slot != pk->pkcs11Slot) {
-	if (PK11_DoesMechanism(pk->pkcs11Slot,pbeMechType)) {
-	    slot = pk->pkcs11Slot;
-	}
+        if (PK11_DoesMechanism(pk->pkcs11Slot, pbeMechType)) {
+            slot = pk->pkcs11Slot;
+        }
     }
     key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, wincx);
     if (key == NULL) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
 
     cryptoMechType = PK11_GetPBECryptoMechanism(algid, &crypto_param, pwitem);
     if (cryptoMechType == CKM_INVALID_MECHANISM) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
 
     cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType);
     cryptoMech.pParameter = crypto_param ? crypto_param->data : NULL;
     cryptoMech.ulParameterLen = crypto_param ? crypto_param->len : 0;
 
     /* If the key isn't in the private key slot, move it */
     if (key->slot != pk->pkcs11Slot) {
-	PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot,
-						key->type, CKA_WRAP, key);
-	if (newkey == NULL) {
+        PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot,
+                                             key->type, CKA_WRAP, key);
+        if (newkey == NULL) {
             /* couldn't import the wrapping key, try exporting the
              * private key */
-	    tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE);
-	    if (tmpPK == NULL) {
-		rv = SECFailure;
-		goto loser;
-	    }
-	    pk = tmpPK;
-	} else {
-	    /* free the old key and use the new key */
-	    PK11_FreeSymKey(key);
-	    key = newkey;
-	}
+            tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE);
+            if (tmpPK == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+            pk = tmpPK;
+        } else {
+            /* free the old key and use the new key */
+            PK11_FreeSymKey(key);
+            key = newkey;
+        }
     }
-    	
+
     /* we are extracting an encrypted privateKey structure.
      * which needs to be freed along with the buffer into which it is
      * returned.  eventually, we should retrieve an encrypted key using
      * pkcs8/pkcs5.
      */
     encBufLen = 0;
     PK11_EnterSlotMonitor(pk->pkcs11Slot);
-    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, 
-    		&cryptoMech, key->objectID, pk->pkcs11ID, NULL, 
-		&encBufLen); 
+    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, NULL, &encBufLen);
     PK11_ExitSlotMonitor(pk->pkcs11Slot);
     if (crv != CKR_OK) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
     epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen);
     if (!epki->encryptedData.data) {
-	rv = SECFailure;
-	goto loser;
+        rv = SECFailure;
+        goto loser;
     }
     PK11_EnterSlotMonitor(pk->pkcs11Slot);
-    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, 
-    		&cryptoMech, key->objectID, pk->pkcs11ID, 
-		epki->encryptedData.data, &encBufLen); 
+    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, epki->encryptedData.data, &encBufLen);
     PK11_ExitSlotMonitor(pk->pkcs11Slot);
-    epki->encryptedData.len = (unsigned int) encBufLen;
-    if(crv != CKR_OK) {
-	rv = SECFailure;
-	goto loser;
+    epki->encryptedData.len = (unsigned int)encBufLen;
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
     }
 
-    if(!epki->encryptedData.len) {
-	rv = SECFailure;
-	goto loser;
+    if (!epki->encryptedData.len) {
+        rv = SECFailure;
+        goto loser;
     }
 
     rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid);
 
 loser:
-    if(crypto_param != NULL) {
-	SECITEM_ZfreeItem(crypto_param, PR_TRUE);
-	crypto_param = NULL;
+    if (crypto_param != NULL) {
+        SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+        crypto_param = NULL;
     }
 
-    if(key != NULL) {
-    	PK11_FreeSymKey(key);
+    if (key != NULL) {
+        PK11_FreeSymKey(key);
     }
     if (tmpPK != NULL) {
-	SECKEY_DestroyPrivateKey(tmpPK);
+        SECKEY_DestroyPrivateKey(tmpPK);
     }
     SECOID_DestroyAlgorithmID(algid, PR_TRUE);
 
-    if(rv == SECFailure) {
-	if(arena != NULL) {
-	    PORT_FreeArena(arena, PR_TRUE);
-	}
-	epki = NULL;
+    if (rv == SECFailure) {
+        if (arena != NULL) {
+            PORT_FreeArena(arena, PR_TRUE);
+        }
+        epki = NULL;
     }
 
     return epki;
 }
 
-SECKEYEncryptedPrivateKeyInfo * 
+SECKEYEncryptedPrivateKeyInfo *
 PK11_ExportEncryptedPrivateKeyInfo(
-   PK11SlotInfo    *slot,      /* optional, encrypt key in this slot */
-   SECOidTag        algTag,    /* encrypt key with this algorithm */
-   SECItem         *pwitem,    /* password for PBE encryption */
-   CERTCertificate *cert,      /* wrap priv key for this user cert */
-   int              iteration, /* interations for PBE alg */
-   void            *wincx)     /* context for password callback ? */
+    PK11SlotInfo *slot,    /* optional, encrypt key in this slot */
+    SECOidTag algTag,      /* encrypt key with this algorithm */
+    SECItem *pwitem,       /* password for PBE encryption */
+    CERTCertificate *cert, /* wrap priv key for this user cert */
+    int iteration,         /* interations for PBE alg */
+    void *wincx)           /* context for password callback ? */
 {
     SECKEYEncryptedPrivateKeyInfo *epki = NULL;
-    SECKEYPrivateKey              *pk   = PK11_FindKeyByAnyCert(cert, wincx);
+    SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx);
     if (pk != NULL) {
-	epki = PK11_ExportEncryptedPrivKeyInfo(slot, algTag, pwitem, pk, 
-	                                       iteration, wincx);
-	SECKEY_DestroyPrivateKey(pk);
+        epki = PK11_ExportEncryptedPrivKeyInfo(slot, algTag, pwitem, pk,
+                                               iteration, wincx);
+        SECKEY_DestroyPrivateKey(pk);
     }
     return epki;
 }
 
-SECItem*
+SECItem *
 PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk)
 {
     return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk);
 }
 
 char *
 PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey)
 {
-    return PK11_GetObjectNickname(privKey->pkcs11Slot,privKey->pkcs11ID);
+    return PK11_GetObjectNickname(privKey->pkcs11Slot, privKey->pkcs11ID);
 }
 
 char *
 PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey)
 {
-    return PK11_GetObjectNickname(pubKey->pkcs11Slot,pubKey->pkcs11ID);
+    return PK11_GetObjectNickname(pubKey->pkcs11Slot, pubKey->pkcs11ID);
 }
 
 SECStatus
 PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname)
 {
     return PK11_SetObjectNickname(privKey->pkcs11Slot,
-					privKey->pkcs11ID,nickname);
+                                  privKey->pkcs11ID, nickname);
 }
 
 SECStatus
 PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname)
 {
     return PK11_SetObjectNickname(pubKey->pkcs11Slot,
-					pubKey->pkcs11ID,nickname);
+                                  pubKey->pkcs11ID, nickname);
 }
 
 SECKEYPQGParams *
 PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey)
 {
     CK_ATTRIBUTE pTemplate[] = {
-	{ CKA_PRIME, NULL, 0 },
-	{ CKA_SUBPRIME, NULL, 0 },
-	{ CKA_BASE, NULL, 0 },
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
     };
-    int pTemplateLen = sizeof(pTemplate)/sizeof(pTemplate[0]);
+    int pTemplateLen = sizeof(pTemplate) / sizeof(pTemplate[0]);
     PLArenaPool *arena = NULL;
     SECKEYPQGParams *params;
     CK_RV crv;
 
-
     arena = PORT_NewArena(2048);
     if (arena == NULL) {
-	goto loser;
+        goto loser;
     }
-    params=(SECKEYPQGParams *)PORT_ArenaZAlloc(arena,sizeof(SECKEYPQGParams));
+    params = (SECKEYPQGParams *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
     if (params == NULL) {
-	goto loser;
+        goto loser;
     }
 
-    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID, 
-						pTemplate, pTemplateLen);
+    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
+                             pTemplate, pTemplateLen);
     if (crv != CKR_OK) {
-        PORT_SetError( PK11_MapError(crv) );
-	goto loser;
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
     }
 
     params->arena = arena;
     params->prime.data = pTemplate[0].pValue;
     params->prime.len = pTemplate[0].ulValueLen;
     params->subPrime.data = pTemplate[1].pValue;
     params->subPrime.len = pTemplate[1].ulValueLen;
     params->base.data = pTemplate[2].pValue;
     params->base.len = pTemplate[2].ulValueLen;
 
     return params;
 
 loser:
     if (arena != NULL) {
-	PORT_FreeArena(arena,PR_FALSE);
+        PORT_FreeArena(arena, PR_FALSE);
     }
     return NULL;
 }
 
-SECKEYPrivateKey*
+SECKEYPrivateKey *
 PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
-				      SECKEYPrivateKey *privKey)
+                                      SECKEYPrivateKey *privKey)
 {
-    CK_RV             crv;
-    CK_OBJECT_HANDLE  newKeyID;
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
 
-    static const CK_BBOOL     ckfalse = CK_FALSE;
-    static const CK_ATTRIBUTE template[1] = { 
-       { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse }
+    static const CK_BBOOL ckfalse = CK_FALSE;
+    static const CK_ATTRIBUTE template[1] = {
+        { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse }
     };
 
     if (destSlot && destSlot != privKey->pkcs11Slot) {
-	SECKEYPrivateKey *newKey =
-	       pk11_loadPrivKey(destSlot, 
-				privKey, 
-			        NULL,     /* pubKey    */
-			        PR_FALSE, /* token     */
-			        PR_FALSE);/* sensitive */
-	if (newKey)
-	    return newKey;
+        SECKEYPrivateKey *newKey =
+            pk11_loadPrivKey(destSlot,
+                             privKey,
+                             NULL,      /* pubKey    */
+                             PR_FALSE,  /* token     */
+                             PR_FALSE); /* sensitive */
+        if (newKey)
+            return newKey;
     }
     destSlot = privKey->pkcs11Slot;
     PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx);
     PK11_EnterSlotMonitor(destSlot);
-    crv = PK11_GETTAB(destSlot)->C_CopyObject(	destSlot->session, 
-						privKey->pkcs11ID,
-						(CK_ATTRIBUTE *)template, 
-						1, &newKeyID);
+    crv = PK11_GETTAB(destSlot)->C_CopyObject(destSlot->session,
+                                              privKey->pkcs11ID,
+                                              (CK_ATTRIBUTE *)template,
+                                              1, &newKeyID);
     PK11_ExitSlotMonitor(destSlot);
 
     if (crv != CKR_OK) {
-	PORT_SetError( PK11_MapError(crv) );
-	return NULL;
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
     }
 
-    return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/, 
-			    newKeyID, privKey->wincx);
+    return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/,
+                            newKeyID, privKey->wincx);
 }
 
-SECKEYPrivateKey*
-PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void* wincx)
+SECKEYPrivateKey *
+PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void *wincx)
 {
-    PK11SlotInfo* slot = privk->pkcs11Slot;
+    PK11SlotInfo *slot = privk->pkcs11Slot;
     CK_ATTRIBUTE template[1];
     CK_ATTRIBUTE *attrs = template;
     CK_BBOOL cktrue = CK_TRUE;
     CK_RV crv;
     CK_OBJECT_HANDLE newKeyID;
     CK_SESSION_HANDLE rwsession;
 
-    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue));
+    attrs++;
 
     PK11_Authenticate(slot, PR_TRUE, wincx);
     rwsession = PK11_GetRWSession(slot);
     if (rwsession == CK_INVALID_SESSION) {
-    	PORT_SetError(SEC_ERROR_BAD_DATA);
-	return NULL;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
     }
     crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID,
-        template, 1, &newKeyID);
+                                          template, 1, &newKeyID);
     PK11_RestoreROSession(slot, rwsession);
 
     if (crv != CKR_OK) {
-        PORT_SetError( PK11_MapError(crv) );
+        PORT_SetError(PK11_MapError(crv));
         return NULL;
     }
 
     return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/,
-        newKeyID, NULL /*wincx*/);
+                            newKeyID, NULL /*wincx*/);
 }
 
 /*
  * destroy a private key if there are no matching certs.
  * this function also frees the privKey structure.
  */
 SECStatus
 PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force)
 {
-    CERTCertificate *cert=PK11_GetCertFromPrivateKey(privKey);
+    CERTCertificate *cert = PK11_GetCertFromPrivateKey(privKey);
     SECStatus rv = SECWouldBlock;
 
     if (!cert || force) {
-	/* now, then it's safe for the key to go away */
-	rv = PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID);
+        /* now, then it's safe for the key to go away */
+        rv = PK11_DestroyTokenObject(privKey->pkcs11Slot, privKey->pkcs11ID);
     }
     if (cert) {
-	CERT_DestroyCertificate(cert);
+        CERT_DestroyCertificate(cert);
     }
     SECKEY_DestroyPrivateKey(privKey);
     return rv;
 }
 
 /*
  * destroy a private key if there are no matching certs.
  * this function also frees the privKey structure.
  */
 SECStatus
 PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey)
 {
     /* now, then it's safe for the key to go away */
     if (pubKey->pkcs11Slot == NULL) {
-	return SECFailure;
+        return SECFailure;
     }
-    PK11_DestroyTokenObject(pubKey->pkcs11Slot,pubKey->pkcs11ID);
+    PK11_DestroyTokenObject(pubKey->pkcs11Slot, pubKey->pkcs11ID);
     SECKEY_DestroyPublicKey(pubKey);
     return SECSuccess;
 }
 
 /*
  * key call back structure.
  */
 typedef struct pk11KeyCallbackStr {
-	SECStatus (* callback)(SECKEYPrivateKey *,void *);
-	void *callbackArg;
-	void *wincx;
+    SECStatus (*callback)(SECKEYPrivateKey *, void *);
+    void *callbackArg;
+    void *wincx;
 } pk11KeyCallback;
 
 /*
  * callback to map Object Handles to Private Keys;
  */
 SECStatus
 pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg)
 {
     SECStatus rv = SECSuccess;
     SECKEYPrivateKey *privKey;
-    pk11KeyCallback *keycb = (pk11KeyCallback *) arg;
+    pk11KeyCallback *keycb = (pk11KeyCallback *)arg;
     if (!arg) {
         return SECFailure;
     }
 
-    privKey = PK11_MakePrivKey(slot,nullKey,PR_TRUE,keyHandle,keycb->wincx);
+    privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, keycb->wincx);
 
     if (privKey == NULL) {
-	return SECFailure;
+        return SECFailure;
     }
 
     if (keycb->callback) {
-	rv = (*keycb->callback)(privKey,keycb->callbackArg);
+        rv = (*keycb->callback)(privKey, keycb->callbackArg);
     }
 
-    SECKEY_DestroyPrivateKey(privKey);	    
+    SECKEY_DestroyPrivateKey(privKey);
     return rv;
 }
 
 /***********************************************************************
  * PK11_TraversePrivateKeysInSlot
  *
  * Traverses all the private keys on a slot.
  *
@@ -2147,34 +2261,34 @@ pk11_DoKeys(PK11SlotInfo *slot, CK_OBJEC
  *      slot
  *          The PKCS #11 slot whose private keys you want to traverse.
  *      callback
  *          A callback function that will be called for each key.
  *      arg
  *          An argument that will be passed to the callback function.
  */
 SECStatus
-PK11_TraversePrivateKeysInSlot( PK11SlotInfo *slot,
-    SECStatus(* callback)(SECKEYPrivateKey*, void*), void *arg)
+PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot,
+                               SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg)
 {
     pk11KeyCallback perKeyCB;
     pk11TraverseSlot perObjectCB;
     CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_ATTRIBUTE theTemplate[2];
     int templateSize = 2;
 
     theTemplate[0].type = CKA_CLASS;
     theTemplate[0].pValue = &privkClass;
     theTemplate[0].ulValueLen = sizeof(privkClass);
     theTemplate[1].type = CKA_TOKEN;
     theTemplate[1].pValue = &ckTrue;
     theTemplate[1].ulValueLen = sizeof(ckTrue);
 
-    if(slot==NULL) {
+    if (slot == NULL) {
         return SECSuccess;
     }
 
     perObjectCB.callback = pk11_DoKeys;
     perObjectCB.callbackArg = &perKeyCB;
     perObjectCB.findTemplate = theTemplate;
     perObjectCB.templateCount = templateSize;
     perKeyCB.callback = callback;
@@ -2187,224 +2301,227 @@ PK11_TraversePrivateKeysInSlot( PK11Slot
 /*
  * return the private key with the given ID
  */
 CK_OBJECT_HANDLE
 pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot, SECItem *keyID)
 {
     CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY;
     CK_ATTRIBUTE theTemplate[] = {
-	{ CKA_ID, NULL, 0 },
-	{ CKA_CLASS, NULL, 0 },
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
     };
     /* if you change the array, change the variable below as well */
-    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
     CK_ATTRIBUTE *attrs = theTemplate;
 
-    PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len ); attrs++;
+    PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len);
+    attrs++;
     PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey));
 
-    return pk11_FindObjectByTemplate(slot,theTemplate,tsize);
-} 
-
+    return pk11_FindObjectByTemplate(slot, theTemplate, tsize);
+}
 
 SECKEYPrivateKey *
 PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, void *wincx)
 {
     CK_OBJECT_HANDLE keyHandle;
     SECKEYPrivateKey *privKey;
 
     keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID);
-    if (keyHandle == CK_INVALID_HANDLE) { 
-	return NULL;
+    if (keyHandle == CK_INVALID_HANDLE) {
+        return NULL;
     }
-    privKey =  PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
+    privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
     return privKey;
 }
 
 /*
  * Generate a CKA_ID from the relevant public key data. The CKA_ID is generated
  * from the pubKeyData by SHA1_Hashing it to produce a smaller CKA_ID (to make
  * smart cards happy.
  */
 SECItem *
-PK11_MakeIDFromPubKey(SECItem *pubKeyData) 
+PK11_MakeIDFromPubKey(SECItem *pubKeyData)
 {
     PK11Context *context;
     SECItem *certCKA_ID;
     SECStatus rv;
 
     if (pubKeyData->len <= SHA1_LENGTH) {
-	/* probably an already hashed value. The strongest known public
-	 * key values <= 160 bits would be less than 40 bit symetric in
-	 * strength. Don't hash them, just return the value. There are
-	 * none at the time of this writing supported by previous versions
-	 * of NSS, so change is binary compatible safe */
-	return SECITEM_DupItem(pubKeyData);
+        /* probably an already hashed value. The strongest known public
+         * key values <= 160 bits would be less than 40 bit symetric in
+         * strength. Don't hash them, just return the value. There are
+         * none at the time of this writing supported by previous versions
+         * of NSS, so change is binary compatible safe */
+        return SECITEM_DupItem(pubKeyData);
     }
 
     context = PK11_CreateDigestContext(SEC_OID_SHA1);
     if (context == NULL) {
-	return NULL;
+        return NULL;
     }
 
     rv = PK11_DigestBegin(context);
     if (rv == SECSuccess) {
-    	rv = PK11_DigestOp(context,pubKeyData->data,pubKeyData->len);
+        rv = PK11_DigestOp(context, pubKeyData->data, pubKeyData->len);
     }
     if (rv != SECSuccess) {
-	PK11_DestroyContext(context,PR_TRUE);
-	return NULL;
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
     }
 
     certCKA_ID = (SECItem *)PORT_Alloc(sizeof(SECItem));
     if (certCKA_ID == NULL) {
-	PK11_DestroyContext(context,PR_TRUE);
-	return NULL;
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
     }
 
     certCKA_ID->len = SHA1_LENGTH;
-    certCKA_ID->data = (unsigned char*)PORT_Alloc(certCKA_ID->len);
+    certCKA_ID->data = (unsigned char *)PORT_Alloc(certCKA_ID->len);
     if (certCKA_ID->data == NULL) {
-	PORT_Free(certCKA_ID);
-	PK11_DestroyContext(context,PR_TRUE);
+        PORT_Free(certCKA_ID);
+        PK11_DestroyContext(context, PR_TRUE);
         return NULL;
     }
 
-    rv = PK11_DigestFinal(context,certCKA_ID->data,&certCKA_ID->len,
-								SHA1_LENGTH);
-    PK11_DestroyContext(context,PR_TRUE);
+    rv = PK11_DigestFinal(context, certCKA_ID->data, &certCKA_ID->len,
+                          SHA1_LENGTH);
+    PK11_DestroyContext(context, PR_TRUE);
     if (rv != SECSuccess) {
-    	SECITEM_FreeItem(certCKA_ID,PR_TRUE);
-	return NULL;
+        SECITEM_FreeItem(certCKA_ID, PR_TRUE);
+        return NULL;
     }
 
     return certCKA_ID;
 }
 
 /* Looking for PK11_GetKeyIDFromPrivateKey?
  * Call PK11_GetLowLevelKeyIDForPrivateKey instead.
  */
 
-
 SECItem *
 PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *privKey)
 {
-    return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot,privKey->pkcs11ID);
+    return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot, privKey->pkcs11ID);
 }
 
 static SECStatus
 privateKeyListCallback(SECKEYPrivateKey *key, void *arg)
 {
-    SECKEYPrivateKeyList *list = (SECKEYPrivateKeyList*)arg;
+    SECKEYPrivateKeyList *list = (SECKEYPrivateKeyList *)arg;
     return SECKEY_AddPrivateKeyToListTail(list, SECKEY_CopyPrivateKey(key));
 }
 
-SECKEYPrivateKeyList*
+SECKEYPrivateKeyList *
 PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot)
 {
     SECStatus status;
     SECKEYPrivateKeyList *keys;
 
     keys = SECKEY_NewPrivateKeyList();
-    if(keys == NULL) return NULL;
+    if (keys == NULL)
+        return NULL;
 
     status = PK11_TraversePrivateKeysInSlot(slot, privateKeyListCallback,
-		(void*)keys);
+                                            (void *)keys);
 
-    if( status != SECSuccess ) {
-	SECKEY_DestroyPrivateKeyList(keys);
-	keys = NULL;
+    if (status != SECSuccess) {
+        SECKEY_DestroyPrivateKeyList(keys);
+        keys = NULL;
     }
 
     return keys;
 }
 
-SECKEYPublicKeyList*
+SECKEYPublicKeyList *
 PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname)
 {
     CK_ATTRIBUTE findTemp[4];
     CK_ATTRIBUTE *attrs;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY;
     unsigned int tsize = 0;
     int objCount = 0;
     CK_OBJECT_HANDLE *key_ids;
     SECKEYPublicKeyList *keys;
-    int i,len;
-
+    int i, len;
 
     attrs = findTemp;
-    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
-    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
     if (nickname) {
-	len = PORT_Strlen(nickname);
-	PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); attrs++;
+        len = PORT_Strlen(nickname);
+        PK11_SETATTRS(attrs, CKA_LABEL, nickname, len);
+        attrs++;
     }
     tsize = attrs - findTemp;
-    PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
 
-    key_ids = pk11_FindObjectsByTemplate(slot,findTemp,tsize,&objCount);
+    key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
     if (key_ids == NULL) {
-	return NULL;
+        return NULL;
     }
     keys = SECKEY_NewPublicKeyList();
     if (keys == NULL) {
-	PORT_Free(key_ids);
-	return NULL;
+        PORT_Free(key_ids);
+        return NULL;
     }
 
-    for (i=0; i < objCount ; i++) {
-	SECKEYPublicKey *pubKey = 
-				PK11_ExtractPublicKey(slot,nullKey,key_ids[i]);
-	if (pubKey) {
-	    SECKEY_AddPublicKeyToListTail(keys, pubKey);
-	}
-   }
+    for (i = 0; i < objCount; i++) {
+        SECKEYPublicKey *pubKey =
+            PK11_ExtractPublicKey(slot, nullKey, key_ids[i]);
+        if (pubKey) {
+            SECKEY_AddPublicKeyToListTail(keys, pubKey);
+        }
+    }
 
-   PORT_Free(key_ids);
-   return keys;
+    PORT_Free(key_ids);
+    return keys;
 }
 
-SECKEYPrivateKeyList*
+SECKEYPrivateKeyList *
 PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
 {
     CK_ATTRIBUTE findTemp[4];
     CK_ATTRIBUTE *attrs;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
     unsigned int tsize = 0;
     int objCount = 0;
     CK_OBJECT_HANDLE *key_ids;
     SECKEYPrivateKeyList *keys;
-    int i,len;
-
+    int i, len;
 
     attrs = findTemp;
-    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass)); attrs++;
-    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue)); attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
     if (nickname) {
-	len = PORT_Strlen(nickname);
-	PK11_SETATTRS(attrs, CKA_LABEL, nickname, len); attrs++;
+        len = PORT_Strlen(nickname);
+        PK11_SETATTRS(attrs, CKA_LABEL, nickname, len);
+        attrs++;
     }
     tsize = attrs - findTemp;
-    PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
 
-    key_ids = pk11_FindObjectsByTemplate(slot,findTemp,tsize,&objCount);
+    key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
     if (key_ids == NULL) {
-	return NULL;
+        return NULL;
     }
     keys = SECKEY_NewPrivateKeyList();
     if (keys == NULL) {
-	PORT_Free(key_ids);
-	return NULL;
+        PORT_Free(key_ids);
+        return NULL;
     }
 
-    for (i=0; i < objCount ; i++) {
-	SECKEYPrivateKey *privKey = 
-		PK11_MakePrivKey(slot,nullKey,PR_TRUE,key_ids[i],wincx);
-	SECKEY_AddPrivateKeyToListTail(keys, privKey);
-   }
+    for (i = 0; i < objCount; i++) {
+        SECKEYPrivateKey *privKey =
+            PK11_MakePrivKey(slot, nullKey, PR_TRUE, key_ids[i], wincx);
+        SECKEY_AddPrivateKeyToListTail(keys, privKey);
+    }
 
-   PORT_Free(key_ids);
-   return keys;
+    PORT_Free(key_ids);
+    return keys;
 }
-
--- a/lib/pk11wrap/pk11auth.c
+++ b/lib/pk11wrap/pk11auth.c
@@ -8,121 +8,122 @@
 #include "secmod.h"
 #include "secmodi.h"
 #include "secmodti.h"
 #include "pkcs11t.h"
 #include "pk11func.h"
 #include "secitem.h"
 #include "secerr.h"
 
-#include "pkim.h" 
-
+#include "pkim.h"
 
 /*************************************************************
  * local static and global data
  *************************************************************/
 /*
  * This structure keeps track of status that spans all the Slots.
  * NOTE: This is a global data structure. It semantics expect thread crosstalk
- * be very careful when you see it used. 
- *  It's major purpose in life is to allow the user to log in one PER 
+ * be very careful when you see it used.
+ *  It's major purpose in life is to allow the user to log in one PER
  * Tranaction, even if a transaction spans threads. The problem is the user
- * may have to enter a password one just to be able to look at the 
+ * may have to enter a password one just to be able to look at the
  * personalities/certificates (s)he can use. Then if Auth every is one, they
  * may have to enter the password again to use the card. See PK11_StartTransac
  * and PK11_EndTransaction.
  */
 static struct PK11GlobalStruct {
-   int transaction;
-   PRBool inTransaction;
-   char *(PR_CALLBACK *getPass)(PK11SlotInfo *,PRBool,void *);
-   PRBool (PR_CALLBACK *verifyPass)(PK11SlotInfo *,void *);
-   PRBool (PR_CALLBACK *isLoggedIn)(PK11SlotInfo *,void *);
+    int transaction;
+    PRBool inTransaction;
+    char *(PR_CALLBACK *getPass)(PK11SlotInfo *, PRBool, void *);
+    PRBool(PR_CALLBACK *verifyPass)(PK11SlotInfo *, void *);
+    PRBool(PR_CALLBACK *isLoggedIn)(PK11SlotInfo *, void *);
 } PK11_Global = { 1, PR_FALSE, NULL, NULL, NULL };
- 
+
 /***********************************************************
  * Password Utilities
  ***********************************************************/
 /*
  * Check the user's password. Log into the card if it's correct.
  * succeed if the user is already logged in.
  */
 static SECStatus
 pk11_CheckPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
-			char *pw, PRBool alreadyLocked, PRBool contextSpecific)
+                   char *pw, PRBool alreadyLocked, PRBool contextSpecific)
 {
     int len = 0;
     CK_RV crv;
     SECStatus rv;
     PRTime currtime = PR_Now();
     PRBool mustRetry;
     int retry = 0;
 
     if (slot->protectedAuthPath) {
-	len = 0;
-	pw = NULL;
+        len = 0;
+        pw = NULL;
     } else if (pw == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     } else {
-	len = PORT_Strlen(pw);
+        len = PORT_Strlen(pw);
     }
 
     do {
-	if (!alreadyLocked) PK11_EnterSlotMonitor(slot);
-	crv = PK11_GETTAB(slot)->C_Login(session,
-		contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
-						(unsigned char *)pw,len);
-	slot->lastLoginCheck = 0;
-	mustRetry = PR_FALSE;
-	if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
-	switch (crv) {
-	/* if we're already logged in, we're good to go */
-	case CKR_OK:
-		/* TODO If it was for CKU_CONTEXT_SPECIFIC should we do this */
-	    slot->authTransact = PK11_Global.transaction;
-	    /* Fall through */
-	case CKR_USER_ALREADY_LOGGED_IN:
-	    slot->authTime = currtime;
-	    rv = SECSuccess;
-	    break;
-	case CKR_PIN_INCORRECT:
-	    PORT_SetError(SEC_ERROR_BAD_PASSWORD);
-	    rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
-	    break;
-	/* someone called reset while we fetched the password, try again once
-	 * if the token is still there. */
-	case CKR_SESSION_HANDLE_INVALID:
-	case CKR_SESSION_CLOSED:
-	    if (session != slot->session) {
-		/* don't bother retrying, we were in a middle of an operation,
-		 * which is now lost. Just fail. */
-	        PORT_SetError(PK11_MapError(crv));
-	        rv = SECFailure; 
-		break;
-	    }
-	    if (retry++ == 0) {
-		rv = PK11_InitToken(slot,PR_FALSE);
-		if (rv == SECSuccess) {
-		    if (slot->session != CK_INVALID_SESSION) {
-			session = slot->session; /* we should have 
-						  * a new session now */
-			mustRetry = PR_TRUE;
-		    } else {
-			PORT_SetError(PK11_MapError(crv));
-			rv = SECFailure;
-		    }
-		}
-		break;
-	    }
-	    /* Fall through */
-	default:
-	    PORT_SetError(PK11_MapError(crv));
-	    rv = SECFailure; /* some failure we can't fix by retrying */
-	}
+        if (!alreadyLocked)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_Login(session,
+                                         contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
+                                         (unsigned char *)pw, len);
+        slot->lastLoginCheck = 0;
+        mustRetry = PR_FALSE;
+        if (!alreadyLocked)
+            PK11_ExitSlotMonitor(slot);
+        switch (crv) {
+            /* if we're already logged in, we're good to go */
+            case CKR_OK:
+                /* TODO If it was for CKU_CONTEXT_SPECIFIC should we do this */
+                slot->authTransact = PK11_Global.transaction;
+            /* Fall through */
+            case CKR_USER_ALREADY_LOGGED_IN:
+                slot->authTime = currtime;
+                rv = SECSuccess;
+                break;
+            case CKR_PIN_INCORRECT:
+                PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+                break;
+            /* someone called reset while we fetched the password, try again once
+             * if the token is still there. */
+            case CKR_SESSION_HANDLE_INVALID:
+            case CKR_SESSION_CLOSED:
+                if (session != slot->session) {
+                    /* don't bother retrying, we were in a middle of an operation,
+                     * which is now lost. Just fail. */
+                    PORT_SetError(PK11_MapError(crv));
+                    rv = SECFailure;
+                    break;
+                }
+                if (retry++ == 0) {
+                    rv = PK11_InitToken(slot, PR_FALSE);
+                    if (rv == SECSuccess) {
+                        if (slot->session != CK_INVALID_SESSION) {
+                            session = slot->session; /* we should have
+                                                      * a new session now */
+                            mustRetry = PR_TRUE;
+                        } else {
+                            PORT_SetError(PK11_MapError(crv));
+                            rv = SECFailure;
+                        }
+                    }
+                    break;
+                }
+            /* Fall through */
+            default:
+                PORT_SetError(PK11_MapError(crv));
+                rv = SECFailure; /* some failure we can't fix by retrying */
+        }
     } while (mustRetry);
     return rv;
 }
 
 /*
  * Check the user's password. Logout before hand to make sure that
  * we are really checking the password.
  */
@@ -130,23 +131,23 @@ SECStatus
 PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw)
 {
     int len = 0;
     CK_RV crv;
     SECStatus rv;
     PRTime currtime = PR_Now();
 
     if (slot->protectedAuthPath) {
-	len = 0;
-	pw = NULL;
+        len = 0;
+        pw = NULL;
     } else if (pw == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     } else {
-	len = PORT_Strlen(pw);
+        len = PORT_Strlen(pw);
     }
 
     /*
      * If the token doesn't need a login, don't try to relogin because the
      * effect is undefined. It's not clear what it means to check a non-empty
      * password with such a token, so treat that as an error.
      */
     if (!slot->needLogin) {
@@ -158,320 +159,326 @@ PK11_CheckUserPassword(PK11SlotInfo *slo
         }
         return rv;
     }
 
     /* force a logout */
     PK11_EnterSlotMonitor(slot);
     PK11_GETTAB(slot)->C_Logout(slot->session);
 
-    crv = PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
-					(unsigned char *)pw,len);
+    crv = PK11_GETTAB(slot)->C_Login(slot->session, CKU_USER,
+                                     (unsigned char *)pw, len);
     slot->lastLoginCheck = 0;
     PK11_ExitSlotMonitor(slot);
     switch (crv) {
-    /* if we're already logged in, we're good to go */
-    case CKR_OK:
-	slot->authTransact = PK11_Global.transaction;
-	slot->authTime = currtime;
-	rv = SECSuccess;
-	break;
-    case CKR_PIN_INCORRECT:
-	PORT_SetError(SEC_ERROR_BAD_PASSWORD);
-	rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
-	break;
-    default:
-	PORT_SetError(PK11_MapError(crv));
-	rv = SECFailure; /* some failure we can't fix by retrying */
+        /* if we're already logged in, we're good to go */
+        case CKR_OK:
+            slot->authTransact = PK11_Global.transaction;
+            slot->authTime = currtime;
+            rv = SECSuccess;
+            break;
+        case CKR_PIN_INCORRECT:
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+            break;
+        default:
+            PORT_SetError(PK11_MapError(crv));
+            rv = SECFailure; /* some failure we can't fix by retrying */
     }
     return rv;
 }
 
 SECStatus
 PK11_Logout(PK11SlotInfo *slot)
 {
     CK_RV crv;
 
     /* force a logout */
     PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_Logout(slot->session);
     slot->lastLoginCheck = 0;
     PK11_ExitSlotMonitor(slot);
     if (crv != CKR_OK) {
-	PORT_SetError(PK11_MapError(crv));
-	return SECFailure;
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
     }
-    return  SECSuccess;
+    return SECSuccess;
 }
 
 /*
  * transaction stuff is for when we test for the need to do every
  * time auth to see if we already did it for this slot/transaction
  */
-void PK11_StartAuthTransaction(void)
+void
+PK11_StartAuthTransaction(void)
 {
-PK11_Global.transaction++;
-PK11_Global.inTransaction = PR_TRUE;
+    PK11_Global.transaction++;
+    PK11_Global.inTransaction = PR_TRUE;
 }
 
-void PK11_EndAuthTransaction(void)
+void
+PK11_EndAuthTransaction(void)
 {
-PK11_Global.transaction++;
-PK11_Global.inTransaction = PR_FALSE;
+    PK11_Global.transaction++;
+    PK11_Global.inTransaction = PR_FALSE;
 }
 
 /*
  * before we do a private key op, we check to see if we
  * need to reauthenticate.
  */
 void
-PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx)
+PK11_HandlePasswordCheck(PK11SlotInfo *slot, void *wincx)
 {
     int askpw = slot->askpw;
     PRBool NeedAuth = PR_FALSE;
 
-    if (!slot->needLogin) return;
+    if (!slot->needLogin)
+        return;
 
     if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
-	PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
 
-	if (def_slot) {
-	    askpw = def_slot->askpw;
-	    PK11_FreeSlot(def_slot);
-	}
+        if (def_slot) {
+            askpw = def_slot->askpw;
+            PK11_FreeSlot(def_slot);
+        }
     }
 
     /* timeouts are handled by isLoggedIn */
-    if (!PK11_IsLoggedIn(slot,wincx)) {
-	NeedAuth = PR_TRUE;
+    if (!PK11_IsLoggedIn(slot, wincx)) {
+        NeedAuth = PR_TRUE;
     } else if (askpw == -1) {
-	if (!PK11_Global.inTransaction	||
-			 (PK11_Global.transaction != slot->authTransact)) {
-    	    PK11_EnterSlotMonitor(slot);
-	    PK11_GETTAB(slot)->C_Logout(slot->session);
-	    slot->lastLoginCheck = 0;
-    	    PK11_ExitSlotMonitor(slot);
-	    NeedAuth = PR_TRUE;
-	}
+        if (!PK11_Global.inTransaction ||
+            (PK11_Global.transaction != slot->authTransact)) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Logout(slot->session);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+            NeedAuth = PR_TRUE;
+        }
     }
-    if (NeedAuth) PK11_DoPassword(slot, slot->session, PR_TRUE,
-			wincx, PR_FALSE, PR_FALSE);
+    if (NeedAuth)
+        PK11_DoPassword(slot, slot->session, PR_TRUE,
+                        wincx, PR_FALSE, PR_FALSE);
 }
 
 void
 PK11_SlotDBUpdate(PK11SlotInfo *slot)
 {
     SECMOD_UpdateModule(slot->module);
 }
 
 /*
  * set new askpw and timeout values
  */
 void
-PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout)
+PK11_SetSlotPWValues(PK11SlotInfo *slot, int askpw, int timeout)
 {
-        slot->askpw = askpw;
-        slot->timeout = timeout;
-        slot->defaultFlags |= PK11_OWN_PW_DEFAULTS;
-        PK11_SlotDBUpdate(slot);
+    slot->askpw = askpw;
+    slot->timeout = timeout;
+    slot->defaultFlags |= PK11_OWN_PW_DEFAULTS;
+    PK11_SlotDBUpdate(slot);
 }
 
 /*
  * Get the askpw and timeout values for this slot
  */
 void
-PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout)
+PK11_GetSlotPWValues(PK11SlotInfo *slot, int *askpw, int *timeout)
 {
     *askpw = slot->askpw;
     *timeout = slot->timeout;
 
     if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
-	PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
 
-	if (def_slot) {
-	    *askpw = def_slot->askpw;
-	    *timeout = def_slot->timeout;
-	    PK11_FreeSlot(def_slot);
-	}
+        if (def_slot) {
+            *askpw = def_slot->askpw;
+            *timeout = def_slot->timeout;
+            PK11_FreeSlot(def_slot);
+        }
     }
 }
 
 /*
  * Returns true if the token is needLogin and isn't logged in.
  * This function is used to determine if authentication is needed
  * before attempting a potentially privelleged operation.
  */
 PRBool
 pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx)
 {
-    return slot->needLogin && !PK11_IsLoggedIn(slot,wincx);
+    return slot->needLogin && !PK11_IsLoggedIn(slot, wincx);
 }
 
 /*
  * make sure a slot is authenticated...
  * This function only does the authentication if it is needed.
  */
 SECStatus
-PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) {
+PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
+{
     if (!slot) {
-	return SECFailure;
+        return SECFailure;
     }
-    if (pk11_LoginStillRequired(slot,wincx)) {
-	return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
-				PR_FALSE, PR_FALSE);
+    if (pk11_LoginStillRequired(slot, wincx)) {
+        return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
+                               PR_FALSE, PR_FALSE);
     }
     return SECSuccess;
 }
 
 /*
  * Authenticate to "unfriendly" tokens (tokens which need to be logged
  * in to find the certs.
  */
 SECStatus
 pk11_AuthenticateUnfriendly(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
 {
     SECStatus rv = SECSuccess;
     if (!PK11_IsFriendly(slot)) {
-	rv = PK11_Authenticate(slot, loadCerts, wincx);
+        rv = PK11_Authenticate(slot, loadCerts, wincx);
     }
     return rv;
 }
 
-
 /*
  * NOTE: this assumes that we are logged out of the card before hand
  */
 SECStatus
 PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw)
 {
     CK_SESSION_HANDLE rwsession;
     CK_RV crv;
     SECStatus rv = SECFailure;
     int len = 0;
 
     /* get a rwsession */
     rwsession = PK11_GetRWSession(slot);
     if (rwsession == CK_INVALID_SESSION) {
-    	PORT_SetError(SEC_ERROR_BAD_DATA);
-    	return rv;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return rv;
     }
 
     if (slot->protectedAuthPath) {
-	len = 0;
-	ssopw = NULL;
+        len = 0;
+        ssopw = NULL;
     } else if (ssopw == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
     } else {
-	len = PORT_Strlen(ssopw);
+        len = PORT_Strlen(ssopw);
     }
 
     /* check the password */
-    crv = PK11_GETTAB(slot)->C_Login(rwsession,CKU_SO,
-						(unsigned char *)ssopw,len);
+    crv = PK11_GETTAB(slot)->C_Login(rwsession, CKU_SO,
+                                     (unsigned char *)ssopw, len);
     slot->lastLoginCheck = 0;
     switch (crv) {
-    /* if we're already logged in, we're good to go */
-    case CKR_OK:
-	rv = SECSuccess;
-	break;
-    case CKR_PIN_INCORRECT:
-	PORT_SetError(SEC_ERROR_BAD_PASSWORD);
-	rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
-	break;
-    default:
-	PORT_SetError(PK11_MapError(crv));
-	rv = SECFailure; /* some failure we can't fix by retrying */
+        /* if we're already logged in, we're good to go */
+        case CKR_OK:
+            rv = SECSuccess;
+            break;
+        case CKR_PIN_INCORRECT:
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+            break;
+        default:
+            PORT_SetError(PK11_MapError(crv));
+            rv = SECFailure; /* some failure we can't fix by retrying */
     }
     PK11_GETTAB(slot)->C_Logout(rwsession);
     slot->lastLoginCheck = 0;
 
     /* release rwsession */
-    PK11_RestoreROSession(slot,rwsession);
+    PK11_RestoreROSession(slot, rwsession);
     return rv;
 }
 
 /*
  * make sure the password conforms to your token's requirements.
  */
 SECStatus
-PK11_VerifyPW(PK11SlotInfo *slot,char *pw)
+PK11_VerifyPW(PK11SlotInfo *slot, char *pw)
 {
     int len = PORT_Strlen(pw);
 
     if ((slot->minPassword > len) || (slot->maxPassword < len)) {
-	PORT_SetError(SEC_ERROR_BAD_DATA);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
     }
     return SECSuccess;
 }
 
 /*
  * initialize a user PIN Value
  */
 SECStatus
 PK11_InitPin(PK11SlotInfo *slot, const char *ssopw, const char *userpw)
 {
     CK_SESSION_HANDLE rwsession = CK_INVALID_SESSION;
     CK_RV crv;
     SECStatus rv = SECFailure;
     int len;
     int ssolen;
 
-    if (userpw == NULL) userpw = "";
-    if (ssopw == NULL) ssopw = "";
+    if (userpw == NULL)
+        userpw = "";
+    if (ssopw == NULL)
+        ssopw = "";
 
     len = PORT_Strlen(userpw);
     ssolen = PORT_Strlen(ssopw);
 
     /* get a rwsession */
     rwsession = PK11_GetRWSession(slot);
     if (rwsession == CK_INVALID_SESSION) {
-    	PORT_SetError(SEC_ERROR_BAD_DATA);
-	slot->lastLoginCheck = 0;
-    	return rv;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        slot->lastLoginCheck = 0;
+        return rv;
     }
 
     if (slot->protectedAuthPath) {
-	len = 0;
-	ssolen = 0;
-	ssopw = NULL;
-	userpw = NULL;
+        len = 0;
+        ssolen = 0;
+        ssopw = NULL;
+        userpw = NULL;
     }
 
     /* check the password */
-    crv = PK11_GETTAB(slot)->C_Login(rwsession,CKU_SO, 
-					  (unsigned char *)ssopw,ssolen);
+    crv = PK11_GETTAB(slot)->C_Login(rwsession, CKU_SO,
+                                     (unsigned char *)ssopw, ssolen);
     slot->lastLoginCheck = 0;
     if (crv != CKR_OK) {
-	PORT_SetError(PK11_MapError(crv));
-	goto done;
+        PORT_SetError(PK11_MapError(crv));
+        goto done;
     }
 
-    crv = PK11_GETTAB(slot)->C_InitPIN(rwsession,(unsigned char *)userpw,len);
+    crv = PK11_GETTAB(slot)->C_InitPIN(rwsession, (unsigned char *)userpw, len);
     if (crv != CKR_OK) {
-	PORT_SetError(PK11_MapError(crv));
+        PORT_SetError(PK11_MapError(crv));
     } else {
-    	rv = SECSuccess;
+        rv = SECSuccess;
     }
 
 done:
     PK11_GETTAB(slot)->C_Logout(rwsession);
     slot->lastLoginCheck = 0;
-    PK11_RestoreROSession(slot,rwsession);
+    PK11_RestoreROSession(slot, rwsession);
     if (rv == SECSuccess) {
         /* update our view of the world */
-        PK11_InitToken(slot,PR_TRUE);
-	if (slot->needLogin) {
-	    PK11_EnterSlotMonitor(slot);
-	    PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER,
-						(unsigned char *)userpw,len);
-	    slot->lastLoginCheck = 0;
-	    PK11_ExitSlotMonitor(slot);
-	}
+        PK11_InitToken(slot, PR_TRUE);
+        if (slot->needLogin) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Login(slot->session, CKU_USER,
+                                       (unsigned char *)userpw, len);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+        }
     }
     return rv;
 }
 
 /*
  * Change an existing user password
  */
 SECStatus
@@ -480,48 +487,53 @@ PK11_ChangePW(PK11SlotInfo *slot, const 
     CK_RV crv;
     SECStatus rv = SECFailure;
     int newLen = 0;
     int oldLen = 0;
     CK_SESSION_HANDLE rwsession;
 
     /* use NULL values to trigger the protected authentication path */
     if (!slot->protectedAuthPath) {
-	if (newpw == NULL) newpw = "";
-	if (oldpw == NULL) oldpw = "";
+        if (newpw == NULL)
+            newpw = "";
+        if (oldpw == NULL)
+            oldpw = "";
     }
-    if (newpw) newLen = PORT_Strlen(newpw);
-    if (oldpw) oldLen = PORT_Strlen(oldpw);
+    if (newpw)
+        newLen = PORT_Strlen(newpw);
+    if (oldpw)
+        oldLen = PORT_Strlen(oldpw);
 
     /* get a rwsession */
     rwsession = PK11_GetRWSession(slot);
     if (rwsession == CK_INVALID_SESSION) {
-    	PORT_SetError(SEC_ERROR_BAD_DATA);
-    	return rv;
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return rv;
     }
 
     crv = PK11_GETTAB(slot)->C_SetPIN(rwsession,
-		(unsigned char *)oldpw,oldLen,(unsigned char *)newpw,newLen);
+                                      (unsigned char *)oldpw, oldLen, (unsigned char *)newpw, newLen);
     if (crv == CKR_OK) {
-	rv = SECSuccess;
+        rv = SECSuccess;
     } else {
-	PORT_SetError(PK11_MapError(crv));
+        PORT_SetError(PK11_MapError(crv));
     }
 
-    PK11_RestoreROSession(slot,rwsession);
+    PK11_RestoreROSession(slot, rwsession);
 
     /* update our view of the world */
-    PK11_InitToken(slot,PR_TRUE);
+    PK11_InitToken(slot, PR_TRUE);
     return rv;
 }
 
 static char *
-pk11_GetPassword(PK11SlotInfo *slot, PRBool retry, void * wincx)
+pk11_GetPassword(PK11SlotInfo *slot, PRBool retry, void *wincx)
 {
-    if (PK11_Global.getPass == NULL) return NULL;
+    if (PK11_Global.getPass == NULL)
+        return NULL;
     return (*PK11_Global.getPass)(slot, retry, wincx);
 }
 
 void
 PK11_SetPasswordFunc(PK11PasswordFunc func)
 {
     PK11_Global.getPass = func;
 }
@@ -533,259 +545,263 @@ PK11_SetVerifyPasswordFunc(PK11VerifyPas
 }
 
 void
 PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func)
 {
     PK11_Global.isLoggedIn = func;
 }
 
-
 /*
  * authenticate to a slot. This loops until we can't recover, the user
  * gives up, or we succeed. If we're already logged in and this function
  * is called we will still prompt for a password, but we will probably
  * succeed no matter what the password was (depending on the implementation
  * of the PKCS 11 module.
  */
 SECStatus
 PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
-			PRBool loadCerts, void *wincx, PRBool alreadyLocked,
-			PRBool contextSpecific)
+                PRBool loadCerts, void *wincx, PRBool alreadyLocked,
+                PRBool contextSpecific)
 {
     SECStatus rv = SECFailure;
-    char * password;
+    char *password;
     PRBool attempt = PR_FALSE;
 
     if (PK11_NeedUserInit(slot)) {
-	PORT_SetError(SEC_ERROR_IO);
-	return SECFailure;
+        PORT_SetError(SEC_ERROR_IO);
+        return SECFailure;
     }
 
-
     /*
      * Central server type applications which control access to multiple
      * slave applications to single crypto devices need to virtuallize the
      * login state. This is done by a callback out of PK11_IsLoggedIn and
      * here. If we are actually logged in, then we got here because the
      * higher level code told us that the particular client application may
      * still need to be logged in. If that is the case, we simply tell the
      * server code that it should now verify the clients password and tell us
      * the results.
      */
-    if (PK11_IsLoggedIn(slot,NULL) && 
-    			(PK11_Global.verifyPass != NULL)) {
-	if (!PK11_Global.verifyPass(slot,wincx)) {
-	    PORT_SetError(SEC_ERROR_BAD_PASSWORD);
-	    return SECFailure;
-	}
-	return SECSuccess;
+    if (PK11_IsLoggedIn(slot, NULL) &&
+        (PK11_Global.verifyPass != NULL)) {
+        if (!PK11_Global.verifyPass(slot, wincx)) {
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            return SECFailure;
+        }
+        return SECSuccess;
     }
 
     /* get the password. This can drop out of the while loop
      * for the following reasons:
-     * 	(1) the user refused to enter a password. 
-     *			(return error to caller)
-     *	(2) the token user password is disabled [usually due to
-     *	   too many failed authentication attempts].
-     *			(return error to caller)
-     *	(3) the password was successful.
+     *  (1) the user refused to enter a password.
+     *                  (return error to caller)
+     *  (2) the token user password is disabled [usually due to
+     *     too many failed authentication attempts].
+     *                  (return error to caller)
+     *  (3) the password was successful.
      */
     while ((password = pk11_GetPassword(slot, attempt, wincx)) != NULL) {
-	/* if the token has a protectedAuthPath, the application may have
+        /* if the token has a protectedAuthPath, the application may have
          * already issued the C_Login as part of it's pk11_GetPassword call.
-         * In this case the application will tell us what the results were in 
+         * In this case the application will tell us what the results were in
          * the password value (retry or the authentication was successful) so
-	 * we can skip our own C_Login call (which would force the token to
-	 * try to login again).
-	 * 
-	 * Applications that don't know about protectedAuthPath will return a 
-	 * password, which we will ignore and trigger the token to 
-	 * 'authenticate' itself anyway. Hopefully the blinking display on 
-	 * the reader, or the flashing light under the thumbprint reader will 
-	 * attract the user's attention */
-	attempt = PR_TRUE;
-	if (slot->protectedAuthPath) {
-	    /* application tried to authenticate and failed. it wants to try
-	     * again, continue looping */
-	    if (strcmp(password, PK11_PW_RETRY) == 0) {
-		rv = SECWouldBlock;
-		PORT_Free(password);
-		continue;
-	    }
-	    /* applicaton tried to authenticate and succeeded we're done */
-	    if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) {
-		rv = SECSuccess;
-		PORT_Free(password);
-		break;
-	    }
-	}
-	rv = pk11_CheckPassword(slot, session, password, 
-				alreadyLocked, contextSpecific);
-	PORT_Memset(password, 0, PORT_Strlen(password));
-	PORT_Free(password);
-	if (rv != SECWouldBlock) break;
+         * we can skip our own C_Login call (which would force the token to
+         * try to login again).
+         *
+         * Applications that don't know about protectedAuthPath will return a
+         * password, which we will ignore and trigger the token to
+         * 'authenticate' itself anyway. Hopefully the blinking display on
+         * the reader, or the flashing light under the thumbprint reader will
+         * attract the user's attention */
+        attempt = PR_TRUE;
+        if (slot->protectedAuthPath) {
+            /* application tried to authenticate and failed. it wants to try
+             * again, continue looping */
+            if (strcmp(password, PK11_PW_RETRY) == 0) {
+                rv = SECWouldBlock;
+                PORT_Free(password);
+                continue;
+            }
+            /* applicaton tried to authenticate and succeeded we're done */
+            if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) {
+                rv = SECSuccess;
+                PORT_Free(password);
+                break;
+            }
+        }
+        rv = pk11_CheckPassword(slot, session, password,
+                                alreadyLocked, contextSpecific);
+        PORT_Memset(password, 0, PORT_Strlen(password));
+        PORT_Free(password);
+        if (rv != SECWouldBlock)
+            break;
     }
     if (rv == SECSuccess) {
-	if (!PK11_IsFriendly(slot)) {
-	    nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
-	                                      slot->nssToken);
-	}
-    } else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+        if (!PK11_IsFriendly(slot)) {
+            nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
+                                                  slot->nssToken);
+        }
+    } else if (!attempt)
+        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
     return rv;
 }
 
-void PK11_LogoutAll(void)
+void
+PK11_LogoutAll(void)
 {
     SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
     SECMODModuleList *modList;
     SECMODModuleList *mlp = NULL;
     int i;
 
     /* NSS is not initialized, there are not tokens to log out */
     if (lock == NULL) {
-	return;
+        return;
     }
 
     SECMOD_GetReadLock(lock);
     modList = SECMOD_GetDefaultModuleList();
     /* find the number of entries */
     for (mlp = modList; mlp != NULL; mlp = mlp->next) {
-	for (i=0; i < mlp->module->slotCount; i++) {
-	    PK11_Logout(mlp->module->slots[i]);
-	}
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11_Logout(mlp->module->slots[i]);
+        }
     }
 
     SECMOD_ReleaseReadLock(lock);
 }
 
 int
 PK11_GetMinimumPwdLength(PK11SlotInfo *slot)
 {
     return ((int)slot->minPassword);
 }
 
 /* Does this slot have a protected pin path? */
 PRBool
 PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot)
 {
-	return slot->protectedAuthPath;
+    return slot->protectedAuthPath;
 }
 
 /*
- * we can initialize the password if 1) The toke is not inited 
+ * we can initialize the password if 1) The toke is not inited
  * (need login == true and see need UserInit) or 2) the token has
  * a NULL password. (slot->needLogin = false & need user Init = false).
  */
-PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot)
+PRBool
+PK11_NeedPWInitForSlot(PK11SlotInfo *slot)
 {
     if (slot->needLogin && PK11_NeedUserInit(slot)) {
-	return PR_TRUE;
+        return PR_TRUE;
     }
     if (!slot->needLogin && !PK11_NeedUserInit(slot)) {
-	return PR_TRUE;
+        return PR_TRUE;
     }
     return PR_FALSE;
 }
 
-PRBool PK11_NeedPWInit()
+PRBool
+PK11_NeedPWInit()
 {
     PK11SlotInfo *slot = PK11_GetInternalKeySlot();
     PRBool ret = PK11_NeedPWInitForSlot(slot);
 
     PK11_FreeSlot(slot);
     return ret;
 }
 
-PRBool 
-pk11_InDelayPeriod(PRIntervalTime lastTime, PRIntervalTime delayTime, 
-						PRIntervalTime *retTime)
+PRBool
+pk11_InDelayPeriod(PRIntervalTime lastTime, PRIntervalTime delayTime,
+                   PRIntervalTime *retTime)
 {
     PRIntervalTime time;
 
     *retTime = time = PR_IntervalNow();
-    return (PRBool) (lastTime) && ((time-lastTime) < delayTime);
+    return (PRBool)(lastTime) && ((time - lastTime) < delayTime);
 }
 
 /*
  * Determine if the token is logged in. We have to actually query the token,
  * because it's state can change without intervention from us.
  */
 PRBool
-PK11_IsLoggedIn(PK11SlotInfo *slot,void *wincx)
+PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx)
 {
     CK_SESSION_INFO sessionInfo;
     int askpw = slot->askpw;
     int timeout = slot->timeout;
     CK_RV crv;
     PRIntervalTime curTime;
     static PRIntervalTime login_delay_time = 0;
 
     if (login_delay_time == 0) {
-	login_delay_time = PR_SecondsToInterval(1);
+        login_delay_time = PR_SecondsToInterval(1);
     }
 
     /* If we don't have our own password default values, use the system
      * ones */
     if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
-	PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
 
-	if (def_slot) {
-	    askpw = def_slot->askpw;
-	    timeout = def_slot->timeout;
-	    PK11_FreeSlot(def_slot);
-	}
+        if (def_slot) {
+            askpw = def_slot->askpw;
+            timeout = def_slot->timeout;
+            PK11_FreeSlot(def_slot);
+        }
     }
 
     if ((wincx != NULL) && (PK11_Global.isLoggedIn != NULL) &&
-	(*PK11_Global.isLoggedIn)(slot, wincx) == PR_FALSE) { return PR_FALSE; }
-
+        (*PK11_Global.isLoggedIn)(slot, wincx) == PR_FALSE) {
+        return PR_FALSE;
+    }
 
     /* forget the password if we've been inactive too long */
     if (askpw == 1) {
-	PRTime currtime = PR_Now();
-	PRTime result;
-	PRTime mult;
-	
-	LL_I2L(result, timeout);
-	LL_I2L(mult, 60*1000*1000);
-	LL_MUL(result,result,mult);
-	LL_ADD(result, result, slot->authTime);
-	if (LL_CMP(result, <, currtime) ) {
-	    PK11_EnterSlotMonitor(slot);
-	    PK11_GETTAB(slot)->C_Logout(slot->session);
-	    slot->lastLoginCheck = 0;
-	    PK11_ExitSlotMonitor(slot);
-	} else {
-	    slot->authTime = currtime;
-	}
+        PRTime currtime = PR_Now();
+        PRTime result;
+        PRTime mult;
+
+        LL_I2L(result, timeout);
+        LL_I2L(mult, 60 * 1000 * 1000);
+        LL_MUL(result, result, mult);
+        LL_ADD(result, result, slot->authTime);
+        if (LL_CMP(result, <, currtime)) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Logout(slot->session);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+        } else {
+            slot->authTime = currtime;
+        }
     }
 
     PK11_EnterSlotMonitor(slot);
-    if (pk11_InDelayPeriod(slot->lastLoginCheck,login_delay_time, &curTime)) {
-	sessionInfo.state = slot->lastState;
-	crv = CKR_OK;
+    if (pk11_InDelayPeriod(slot->lastLoginCheck, login_delay_time, &curTime)) {
+        sessionInfo.state = slot->lastState;
+        crv = CKR_OK;
     } else {
-	crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo);
-	if (crv == CKR_OK) {
-	    slot->lastState = sessionInfo.state;
-	    slot->lastLoginCheck = curTime;
-	}
+        crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
+        if (crv == CKR_OK) {
+            slot->lastState = sessionInfo.state;
+            slot->lastLoginCheck = curTime;
+        }
     }
     PK11_ExitSlotMonitor(slot);
     /* if we can't get session info, something is really wrong */
     if (crv != CKR_OK) {
-	slot->session = CK_INVALID_SESSION;
-	return PR_FALSE;
+        slot->session = CK_INVALID_SESSION;
+        return PR_FALSE;
     }
 
     switch (sessionInfo.state) {
-    case CKS_RW_PUBLIC_SESSION:
-    case CKS_RO_PUBLIC_SESSION:
-    default:
-	break; /* fail */
-    case CKS_RW_USER_FUNCTIONS:
-    case CKS_RW_SO_FUNCTIONS:
-    case CKS_RO_USER_FUNCTIONS:
-	return PR_TRUE;
+        case CKS_RW_PUBLIC_SESSION:
+        case CKS_RO_PUBLIC_SESSION:
+        default:
+            break; /* fail */
+        case CKS_RW_USER_FUNCTIONS:
+        case CKS_RW_SO_FUNCTIONS:
+        case CKS_RO_USER_FUNCTIONS:
+            return PR_TRUE;
     }
-    return PR_FALSE; 
+    return PR_FALSE;
 }
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -10,699 +10,703 @@
 #include "secmod.h"
 #include "secmodi.h"
 #include "secmodti.h"
 #include "pkcs11.h"
 #include "pk11func.h"
 #include "cert.h"
 #include "certi.h"
 #include "secitem.h"
-#include "key.h" 
+#include "key.h"
 #include "secoid.h"
 #include "pkcs7t.h"
 #include "cmsreclist.h"
 
 #include "certdb.h"
 #include "secerr.h"
 #include "sslerr.h"
 
 #include "pki3hack.h"
 #include "dev3hack.h"
 
-#include "devm.h" 
+#include "devm.h"
 #include "nsspki.h"
 #include "pki.h"
 #include "pkim.h"
 #include "pkitm.h"
 #include "pkistore.h" /* to remove temp cert */
 #include "devt.h"
 
 extern const NSSError NSS_ERROR_NOT_FOUND;
 extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
 
 struct nss3_cert_cbstr {
-    SECStatus(* callback)(CERTCertificate*, void *);
+    SECStatus (*callback)(CERTCertificate *, void *);
     nssList *cached;
     void *arg;
 };
 
 /* Translate from NSSCertificate to CERTCertificate, then pass the latter
  * to a callback.
  */
-static PRStatus convert_cert(NSSCertificate *c, void *arg)
+static PRStatus
+convert_cert(NSSCertificate *c, void *arg)
 {
     CERTCertificate *nss3cert;
     SECStatus secrv;
     struct nss3_cert_cbstr *nss3cb = (struct nss3_cert_cbstr *)arg;
     /* 'c' is not adopted. caller will free it */
     nss3cert = STAN_GetCERTCertificate(c);
-    if (!nss3cert) return PR_FAILURE;
+    if (!nss3cert)
+        return PR_FAILURE;
     secrv = (*nss3cb->callback)(nss3cert, nss3cb->arg);
     return (secrv) ? PR_FAILURE : PR_SUCCESS;
 }
 
 /*
- * build a cert nickname based on the token name and the label of the 
+ * build a cert nickname based on the token name and the label of the
  * certificate If the label in NULL, build a label based on the ID.
  */
-static int toHex(int x) { return (x < 10) ? (x+'0') : (x+'a'-10); }
+static int
+toHex(int x)
+{
+    return (x < 10) ? (x + '0') : (x + 'a' - 10);
+}
 #define MAX_CERT_ID 4
 #define DEFAULT_STRING "Cert ID "
 static char *
-pk11_buildNickname(PK11SlotInfo *slot,CK_ATTRIBUTE *cert_label,
-			CK_ATTRIBUTE *key_label, CK_ATTRIBUTE *cert_id)
+pk11_buildNickname(PK11SlotInfo *slot, CK_ATTRIBUTE *cert_label,
+                   CK_ATTRIBUTE *key_label, CK_ATTRIBUTE *cert_id)
 {
     int prefixLen = PORT_Strlen(slot->token_name);
     int suffixLen = 0;
     char *suffix = NULL;
-    char buildNew[sizeof(DEFAULT_STRING)+MAX_CERT_ID*2];
-    char *next,*nickname;
+    char buildNew[sizeof(DEFAULT_STRING) + MAX_CERT_ID * 2];
+    char *next, *nickname;
 
     if (cert_label && (cert_label->ulValueLen)) {
-	suffixLen = cert_label->ulValueLen;
-	suffix = (char*)cert_label->pValue;
+        suffixLen = cert_label->ulValueLen;
+        suffix = (char *)cert_label->pValue;
     } else if (key_label && (key_label->ulValueLen)) {
-	suffixLen = key_label->ulValueLen;
-	suffix = (char*)key_label->pValue;
+        suffixLen = key_label->ulValueLen;
+        suffix = (char *)key_label->pValue;
     } else if (cert_id && cert_id->ulValueLen > 0) {
-	int i,first = cert_id->ulValueLen - MAX_CERT_ID;
-	int offset = sizeof(DEFAULT_STRING);
-	char *idValue = (char *)cert_id->pValue;
+        int i, first = cert_id->ulValueLen - MAX_CERT_ID;
+        int offset = sizeof(DEFAULT_STRING);
+        char *idValue = (char *)cert_id->pValue;
 
-	PORT_Memcpy(buildNew,DEFAULT_STRING,sizeof(DEFAULT_STRING)-1);
-	next = buildNew + offset;
-	if (first < 0) first = 0;
-	for (i=first; i < (int) cert_id->ulValueLen; i++) {
-		*next++ = toHex((idValue[i] >> 4) & 0xf);
-		*next++ = toHex(idValue[i] & 0xf);
-	}
-	*next++ = 0;
-	suffix = buildNew;
-	suffixLen = PORT_Strlen(buildNew);
+        PORT_Memcpy(buildNew, DEFAULT_STRING, sizeof(DEFAULT_STRING) - 1);
+        next = buildNew + offset;
+        if (first < 0)
+            first = 0;
+        for (i = first; i < (int)cert_id->ulValueLen; i++) {
+            *next++ = toHex((idValue[i] >> 4) & 0xf);
+            *next++ = toHex(idValue[i] & 0xf);
+        }
+        *next++ = 0;
+        suffix = buildNew;
+        suffixLen = PORT_Strlen(buildNew);
     } else {
-	PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
-	return NULL;
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
     }
 
     /* if is internal key slot, add code to skip the prefix!! */
-    next = nickname = (char *)PORT_Alloc(prefixLen+1+suffixLen+1);
-    if (nickname == NULL) return NULL;
+    next = nickname = (char *)PORT_Alloc(prefixLen + 1 + suffixLen + 1);
+    if (nickname == NULL)
+        return NULL;
 
-    PORT_Memcpy(next,slot->token_name,prefixLen);
+    PORT_Memcpy(next, slot->token_name, prefixLen);
     next += prefixLen;
     *next++ = ':';
-    PORT_Memcpy(next,suffix,suffixLen);
+    PORT_Memcpy(next, suffix, suffixLen);
     next += suffixLen;
     *next++ = 0;
     return nickname;
 }
 
 PRBool
 PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert,
-						CK_OBJECT_HANDLE certID)
+                CK_OBJECT_HANDLE certID)
 {
     CK_OBJECT_CLASS theClass;
 
-    if (slot == NULL) return PR_FALSE;
-    if (cert == NULL) return PR_FALSE;
+    if (slot == NULL)
+        return PR_FALSE;
+    if (cert == NULL)
+        return PR_FALSE;
 
     theClass = CKO_PRIVATE_KEY;
-    if (pk11_LoginStillRequired(slot,NULL)) {
-	theClass = CKO_PUBLIC_KEY;
+    if (pk11_LoginStillRequired(slot, NULL)) {
+        theClass = CKO_PUBLIC_KEY;
     }
-    if (PK11_MatchItem(slot, certID , theClass) != CK_INVALID_HANDLE) {
-	return PR_TRUE;
+    if (PK11_MatchItem(slot, certID, theClass) != CK_INVALID_HANDLE) {
+        return PR_TRUE;
     }
 
-   if (theClass == CKO_PUBLIC_KEY) {
-	SECKEYPublicKey *pubKey= CERT_ExtractPublicKey(cert);
-	CK_ATTRIBUTE theTemplate;
+    if (theClass == CKO_PUBLIC_KEY) {
+        SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(cert);
+        CK_ATTRIBUTE theTemplate;
 
-	if (pubKey == NULL) {
-	   return PR_FALSE;
-	}
+        if (pubKey == NULL) {
+            return PR_FALSE;
+        }
 
-	PK11_SETATTRS(&theTemplate,0,NULL,0);
-	switch (pubKey->keyType) {
-	case rsaKey:
-	case rsaPssKey:
-	case rsaOaepKey:
-	    PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data,
-						pubKey->u.rsa.modulus.len);
-	    break;
-	case dsaKey:
-	    PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dsa.publicValue.data,
-						pubKey->u.dsa.publicValue.len);
-	    break;
-	case dhKey:
-	    PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dh.publicValue.data,
-						pubKey->u.dh.publicValue.len);
-	    break;
-	case ecKey:
-	    PK11_SETATTRS(&theTemplate,CKA_EC_POINT, 
-			  pubKey->u.ec.publicValue.data,
-			  pubKey->u.ec.publicValue.len);
-	    break;
-	case keaKey:
-	case fortezzaKey:
-	case nullKey:
-	    /* fall through and return false */
-	    break;
-	}
+        PK11_SETATTRS(&theTemplate, 0, NULL, 0);
+        switch (pubKey->keyType) {
+            case rsaKey:
+            case rsaPssKey:
+            case rsaOaepKey:
+                PK11_SETATTRS(&theTemplate, CKA_MODULUS, pubKey->u.rsa.modulus.data,
+                              pubKey->u.rsa.modulus.len);
+                break;
+            case dsaKey:
+                PK11_SETATTRS(&theTemplate, CKA_VALUE, pubKey->u.dsa.publicValue.data,
+                              pubKey->u.dsa.publicValue.len);
+                break;
+            case dhKey:
+                PK11_SETATTRS(&theTemplate, CKA_VALUE, pubKey->u.dh.publicValue.data,
+                              pubKey->u.dh.publicValue.len);
+                break;
+            case ecKey:
+                PK11_SETATTRS(&theTemplate, CKA_EC_POINT,
+                              pubKey->u.ec.publicValue.data,
+                              pubKey->u.ec.publicValue.len);
+                break;
+            case keaKey:
+            case fortezzaKey:
+            case nullKey:
+                /* fall through and return false */
+                break;
+        }
 
-	if (theTemplate.ulValueLen == 0) {
-	    SECKEY_DestroyPublicKey(pubKey);
-	    return PR_FALSE;
-	}
-	pk11_SignedToUnsigned(&theTemplate);
-	if (pk11_FindObjectByTemplate(slot,&theTemplate,1) != CK_INVALID_HANDLE) {
-	    SECKEY_DestroyPublicKey(pubKey);
-	    return PR_TRUE;
-	}
-	SECKEY_DestroyPublicKey(pubKey);
+        if (theTemplate.ulValueLen == 0) {
+            SECKEY_DestroyPublicKey(pubKey);
+            return PR_FALSE;
+        }
+        pk11_SignedToUnsigned(&theTemplate);
+        if (pk11_FindObjectByTemplate(slot, &theTemplate, 1) != CK_INVALID_HANDLE) {
+            SECKEY_DestroyPublicKey(pubKey);
+            return PR_TRUE;
+        }
+        SECKEY_DestroyPublicKey(pubKey);
     }
     return PR_FALSE;
 }
 
 /*
  * Check out if a cert has ID of zero. This is a magic ID that tells
  * NSS that this cert may be an automagically trusted cert.
  * The Cert has to be self signed as well. That check is done elsewhere.
- *  
+ *
  */
 PRBool
 pk11_isID0(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID)
 {
-    CK_ATTRIBUTE keyID = {CKA_ID, NULL, 0};
+    CK_ATTRIBUTE keyID = { CKA_ID, NULL, 0 };
     PRBool isZero = PR_FALSE;
     int i;
     CK_RV crv;
 
-
-    crv = PK11_GetAttributes(NULL,slot,certID,&keyID,1);
+    crv = PK11_GetAttributes(NULL, slot, certID, &keyID, 1);
     if (crv != CKR_OK) {
-	return isZero;
+        return isZero;
     }
 
     if (keyID.ulValueLen != 0) {
-	char *value = (char *)keyID.pValue;
-	isZero = PR_TRUE; /* ID exists, may be zero */
-	for (i=0; i < (int) keyID.ulValueLen; i++) {
-	    if (value[i] != 0) {
-		isZero = PR_FALSE; /* nope */
-		break;
-	    }
-	}
+        char *value = (char *)keyID.pValue;
+        isZero = PR_TRUE; /* ID exists, may be zero */
+        for (i = 0; i < (int)keyID.ulValueLen; i++) {
+            if (value[i] != 0) {
+                isZero = PR_FALSE; /* nope */
+                break;
+            }
+        }
     }
     PORT_Free(keyID.pValue);
     return isZero;
-
 }
 
 /*
  * Create an NSSCertificate from a slot/certID pair, return it as a
  * CERTCertificate.  Optionally, output the nickname string.
  */
 static CERTCertificate *
-pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, 
-	      CK_ATTRIBUTE *privateLabel, char **nickptr)
+pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
+              CK_ATTRIBUTE *privateLabel, char **nickptr)
 {
     NSSCertificate *c;
     nssCryptokiObject *co = NULL;
     nssPKIObject *pkio;
     NSSToken *token;
     NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
 
     /* Get the cryptoki object from the handle */
     token = PK11Slot_GetNSSToken(slot);
     if (token->defaultSession) {
-	co = nssCryptokiObject_Create(token, token->defaultSession, certID);
+        co = nssCryptokiObject_Create(token, token->defaultSession, certID);
     } else {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
     }
     if (!co) {
-	return NULL;
+        return NULL;
     }
 
     /* Create a PKI object from the cryptoki instance */
     pkio = nssPKIObject_Create(NULL, co, td, NULL, nssPKIMonitor);
     if (!pkio) {
-	nssCryptokiObject_Destroy(co);
-	return NULL;
+        nssCryptokiObject_Destroy(co);
+        return NULL;
     }
 
     /* Create a certificate */
     c = nssCertificate_Create(pkio);
     if (!c) {
-	nssPKIObject_Destroy(pkio);
-	return NULL;
+        nssPKIObject_Destroy(pkio);
+        return NULL;
     }
 
-    /* Build and output a nickname, if desired. 
+    /* Build and output a nickname, if desired.
      * This must be done before calling nssTrustDomain_AddCertsToCache
      * because that function may destroy c, pkio and co!
      */
     if ((nickptr) && (co->label)) {
-	CK_ATTRIBUTE label, id;
+        CK_ATTRIBUTE label, id;
 
-	label.type = CKA_LABEL;
-	label.pValue = co->label;
-	label.ulValueLen = PORT_Strlen(co->label);
+        label.type = CKA_LABEL;
+        label.pValue = co->label;
+        label.ulValueLen = PORT_Strlen(co->label);
 
-	id.type = CKA_ID;
-	id.pValue = c->id.data;
-	id.ulValueLen = c->id.size;
+        id.type = CKA_ID;
+        id.pValue = c->id.data;
+        id.ulValueLen = c->id.size;
 
-	*nickptr = pk11_buildNickname(slot, &label, privateLabel, &id);
+        *nickptr = pk11_buildNickname(slot, &label, privateLabel, &id);
     }
 
     /* This function may destroy the cert in "c" and all its subordinate
-     * structures, and replace the value in "c" with the address of a 
+     * structures, and replace the value in "c" with the address of a
      * different NSSCertificate that it found in the cache.
      * Presumably, the nickname which we just output above remains valid. :)
      */
     (void)nssTrustDomain_AddCertsToCache(td, &c, 1);
     return STAN_GetCERTCertificateOrRelease(c);
 }
 
 /*
  * Build an CERTCertificate structure from a PKCS#11 object ID.... certID
  * Must be a CertObject. This code does not explicitly checks that.
  */
 CERTCertificate *
-PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID,
-						CK_ATTRIBUTE *privateLabel)
+PK11_MakeCertFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
+                        CK_ATTRIBUTE *privateLabel)
 {
-    char * nickname = NULL;
+    char *nickname = NULL;
     CERTCertificate *cert = NULL;
     CERTCertTrust *trust;
 
-    cert = pk11_fastCert(slot,certID,privateLabel, &nickname);
-    if (cert == NULL) 
-    	goto loser;
+    cert = pk11_fastCert(slot, certID, privateLabel, &nickname);
+    if (cert == NULL)
+        goto loser;
 
     if (nickname) {
-	if (cert->nickname != NULL) {
-	    cert->dbnickname = cert->nickname;
-	} 
-	cert->nickname = PORT_ArenaStrdup(cert->arena,nickname);
-	PORT_Free(nickname);
-	nickname = NULL;
+        if (cert->nickname != NULL) {
+            cert->dbnickname = cert->nickname;
+        }
+        cert->nickname = PORT_ArenaStrdup(cert->arena, nickname);
+        PORT_Free(nickname);
+        nickname = NULL;
     }
 
     /* remember where this cert came from.... If we have just looked
      * it up from the database and it already has a slot, don't add a new
      * one. */
     if (cert->slot == NULL) {
-	cert->slot = PK11_ReferenceSlot(slot);
-	cert->pkcs11ID = certID;
-	cert->ownSlot = PR_TRUE;
-	cert->series = slot->series;
+        cert->slot = PK11_ReferenceSlot(slot);
+        cert->pkcs11ID = certID;
+        cert->ownSlot = PR_TRUE;
+        cert->series = slot->series;
     }
 
-    trust = (CERTCertTrust*)PORT_ArenaAlloc(cert->arena, sizeof(CERTCertTrust));
-    if (trust == NULL) 
-    	goto loser;
-    PORT_Memset(trust,0, sizeof(CERTCertTrust));
+    trust = (CERTCertTrust *)PORT_ArenaAlloc(cert->arena, sizeof(CERTCertTrust));
+    if (trust == NULL)
+        goto loser;
+    PORT_Memset(trust, 0, sizeof(CERTCertTrust));
 
-    if(! pk11_HandleTrustObject(slot, cert, trust) ) {
-	unsigned int type;
+    if (!pk11_HandleTrustObject(slot, cert, trust)) {
+        unsigned int type;
+
+        /* build some cert trust flags */
+        if (CERT_IsCACert(cert, &type)) {
+            unsigned int trustflags = CERTDB_VALID_CA;
 
-	/* build some cert trust flags */
-	if (CERT_IsCACert(cert, &type)) {
-	    unsigned int trustflags = CERTDB_VALID_CA;
-	   
-	    /* Allow PKCS #11 modules to give us trusted CA's. We only accept
-	     * valid CA's which are self-signed here. They must have an object
-	     * ID of '0'.  */ 
-	    if (pk11_isID0(slot,certID) && 
-		cert->isRoot) {
-		trustflags |= CERTDB_TRUSTED_CA;
-		/* is the slot a fortezza card? allow the user or
-		 * admin to turn on objectSigning, but don't turn
-		 * full trust on explicitly */
-		if (PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) {
-		    trust->objectSigningFlags |= CERTDB_VALID_CA;
-		}
-	    }
-	    if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
-		trust->sslFlags |= trustflags;
-	    }
-	    if ((type & NS_CERT_TYPE_EMAIL_CA) == NS_CERT_TYPE_EMAIL_CA) {
-		trust->emailFlags |= trustflags;
-	    }
-	    if ((type & NS_CERT_TYPE_OBJECT_SIGNING_CA) 
-					== NS_CERT_TYPE_OBJECT_SIGNING_CA) {
-		trust->objectSigningFlags |= trustflags;
-	    }
-	}
+            /* Allow PKCS #11 modules to give us trusted CA's. We only accept
+             * valid CA's which are self-signed here. They must have an object
+             * ID of '0'.  */
+            if (pk11_isID0(slot, certID) &&
+                cert->isRoot) {
+                trustflags |= CERTDB_TRUSTED_CA;
+                /* is the slot a fortezza card? allow the user or
+                 * admin to turn on objectSigning, but don't turn
+                 * full trust on explicitly */
+                if (PK11_DoesMechanism(slot, CKM_KEA_KEY_DERIVE)) {
+                    trust->objectSigningFlags |= CERTDB_VALID_CA;
+                }
+            }
+            if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
+                trust->sslFlags |= trustflags;
+            }
+            if ((type & NS_CERT_TYPE_EMAIL_CA) == NS_CERT_TYPE_EMAIL_CA) {
+                trust->emailFlags |= trustflags;
+            }
+            if ((type & NS_CERT_TYPE_OBJECT_SIGNING_CA) == NS_CERT_TYPE_OBJECT_SIGNING_CA) {
+                trust->objectSigningFlags |= trustflags;
+            }
+        }
     }
 
-    if (PK11_IsUserCert(slot,cert,certID)) {
-	trust->sslFlags |= CERTDB_USER;
-	trust->emailFlags |= CERTDB_USER;
-	/*    trust->objectSigningFlags |= CERTDB_USER; */
+    if (PK11_IsUserCert(slot, cert, certID)) {
+        trust->sslFlags |= CERTDB_USER;
+        trust->emailFlags |= CERTDB_USER;
+        /*    trust->objectSigningFlags |= CERTDB_USER; */
     }
     CERT_LockCertTrust(cert);
     cert->trust = trust;
     CERT_UnlockCertTrust(cert);
 
     return cert;
 
 loser:
-    if (nickname) 
-    	PORT_Free(nickname);
-    if (cert) 
-    	CERT_DestroyCertificate(cert);
+    if (nickname)
+        PORT_Free(nickname);
+    if (cert)
+        CERT_DestroyCertificate(cert);
     return NULL;
 }
 
-	
 /*
  * Build get a certificate from a private key
  */
 CERTCertificate *
 PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey)
 {
     PK11SlotInfo *slot = privKey->pkcs11Slot;
     CK_OBJECT_HANDLE handle = privKey->pkcs11ID;
-    CK_OBJECT_HANDLE certID = 
-		PK11_MatchItem(slot,handle,CKO_CERTIFICATE);
+    CK_OBJECT_HANDLE certID =
+        PK11_MatchItem(slot, handle, CKO_CERTIFICATE);
     CERTCertificate *cert;
 
     if (certID == CK_INVALID_HANDLE) {
-	PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
-	return NULL;
+        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
+        return NULL;
     }
-    cert = PK11_MakeCertFromHandle(slot,certID,NULL);
+    cert = PK11_MakeCertFromHandle(slot, certID, NULL);
     return (cert);
-
 }
 
 /*
  * delete a cert and it's private key (if no other certs are pointing to the
  * private key.
  */
 SECStatus
-PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx)
+PK11_DeleteTokenCertAndKey(CERTCertificate *cert, void *wincx)
 {
-    SECKEYPrivateKey *privKey = PK11_FindKeyByAnyCert(cert,wincx);
+    SECKEYPrivateKey *privKey = PK11_FindKeyByAnyCert(cert, wincx);
     CK_OBJECT_HANDLE pubKey;
     PK11SlotInfo *slot = NULL;
 
     pubKey = pk11_FindPubKeyByAnyCert(cert, &slot, wincx);
     if (privKey) {
-	/* For 3.4, utilize the generic cert delete function */
-	SEC_DeletePermCertificate(cert);
-	PK11_DeleteTokenPrivateKey(privKey, PR_FALSE);
+        /* For 3.4, utilize the generic cert delete function */
+        SEC_DeletePermCertificate(cert);
+        PK11_DeleteTokenPrivateKey(privKey, PR_FALSE);
     }
-    if ((pubKey != CK_INVALID_HANDLE) && (slot != NULL)) { 
-    	PK11_DestroyTokenObject(slot,pubKey);
+    if ((pubKey != CK_INVALID_HANDLE) && (slot != NULL)) {
+        PK11_DestroyTokenObject(slot, pubKey);
         PK11_FreeSlot(slot);
     }
     return SECSuccess;
 }
 
 /*
  * cert callback structure
  */
 typedef struct pk11DoCertCallbackStr {
-	SECStatus(* callback)(PK11SlotInfo *slot, CERTCertificate*, void *);
-	SECStatus(* noslotcallback)(CERTCertificate*, void *);
-	SECStatus(* itemcallback)(CERTCertificate*, SECItem *, void *);
-	void *callbackArg;
+    SECStatus (*callback)(PK11SlotInfo *slot, CERTCertificate *, void *);
+    SECStatus (*noslotcallback)(CERTCertificate *, void *);
+    SECStatus (*itemcallback)(CERTCertificate *, SECItem *, void *);
+    void *callbackArg;
 } pk11DoCertCallback;
 
-
 typedef struct pk11CertCallbackStr {
-	SECStatus(* callback)(CERTCertificate*,SECItem *,void *);
-	void *callbackArg;
+    SECStatus (*callback)(CERTCertificate *, SECItem *, void *);
+    void *callbackArg;
 } pk11CertCallback;
 
-struct fake_der_cb_argstr
-{
-    SECStatus(* callback)(CERTCertificate*, SECItem *, void *);
+struct fake_der_cb_argstr {
+    SECStatus (*callback)(CERTCertificate *, SECItem *, void *);
     void *arg;
 };
 
-static SECStatus fake_der_cb(CERTCertificate *c, void *a)
+static SECStatus
+fake_der_cb(CERTCertificate *c, void *a)
 {
     struct fake_der_cb_argstr *fda = (struct fake_der_cb_argstr *)a;
     return (*fda->callback)(c, &c->derCert, fda->arg);
 }
 
 /*
  * Extract all the certs on a card from a slot.
  */
 SECStatus
-PK11_TraverseSlotCerts(SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
-						void *arg, void *wincx) 
+PK11_TraverseSlotCerts(SECStatus (*callback)(CERTCertificate *, SECItem *, void *),
+                       void *arg, void *wincx)
 {
     NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
     struct fake_der_cb_argstr fda;
     struct nss3_cert_cbstr pk11cb;
 
     /* authenticate to the tokens first */
-    (void) pk11_TraverseAllSlots( NULL, NULL, PR_TRUE, wincx);
+    (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
 
     fda.callback = callback;
     fda.arg = arg;
     pk11cb.callback = fake_der_cb;
     pk11cb.arg = &fda;
     NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb);
     return SECSuccess;
 }
 
 static void
-transfer_token_certs_to_collection(nssList *certList, NSSToken *token, 
+transfer_token_certs_to_collection(nssList *certList, NSSToken *token,
                                    nssPKIObjectCollection *collection)
 {
     NSSCertificate **certs;
     PRUint32 i, count;
     NSSToken **tokens, **tp;
     count = nssList_Count(certList);
     if (count == 0) {
-	return;
+        return;
     }
     certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
     if (!certs) {
-	return;
+        return;
     }
     nssList_GetArray(certList, (void **)certs, count);
-    for (i=0; i<count; i++) {
-	tokens = nssPKIObject_GetTokens(&certs[i]->object, NULL);
-	if (tokens) {
-	    for (tp = tokens; *tp; tp++) {
-		if (*tp == token) {
-		    nssPKIObjectCollection_AddObject(collection, 
-		                                     (nssPKIObject *)certs[i]);
-		}
-	    }
-	    nssTokenArray_Destroy(tokens);
-	}
-	CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(certs[i]));
+    for (i = 0; i < count; i++) {
+        tokens = nssPKIObject_GetTokens(&certs[i]->object, NULL);
+        if (tokens) {
+            for (tp = tokens; *tp; tp++) {
+                if (*tp == token) {
+                    nssPKIObjectCollection_AddObject(collection,
+                                                     (nssPKIObject *)certs[i]);
+                }
+            }
+            nssTokenArray_Destroy(tokens);
+        }
+        CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(certs[i]));
     }
     nss_ZFreeIf(certs);
 }
 
 CERTCertificate *
-PK11_FindCertFromNickname(const char *nickname, void *wincx) 
+PK11_FindCertFromNickname(const char *nickname, void *wincx)
 {
     PRStatus status;
     CERTCertificate *rvCert = NULL;
     NSSCertificate *cert = NULL;
     NSSCertificate **certs = NULL;
-    static const NSSUsage usage = {PR_TRUE /* ... */ };
+    static const NSSUsage usage = { PR_TRUE /* ... */ };
     NSSToken *token;
     NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
     PK11SlotInfo *slot = NULL;
     SECStatus rv;
     char *nickCopy;
     char *delimit = NULL;
     char *tokenName;
 
     nickCopy = PORT_Strdup(nickname);
     if (!nickCopy) {
         /* error code is set */
         return NULL;
     }
-    if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) {
-	tokenName = nickCopy;
-	nickname = delimit + 1;
-	*delimit = '\0';
-	/* find token by name */
-	token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
-	if (token) {
-	    slot = PK11_ReferenceSlot(token->pk11slot);
-	} else {
-	    PORT_SetError(SEC_ERROR_NO_TOKEN);
-	}
-	*delimit = ':';
+    if ((delimit = PORT_Strchr(nickCopy, ':')) != NULL) {
+        tokenName = nickCopy;
+        nickname = delimit + 1;
+        *delimit = '\0';
+        /* find token by name */
+        token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
+        if (token) {
+            slot = PK11_ReferenceSlot(token->pk11slot);
+        } else {
+            PORT_SetError(SEC_ERROR_NO_TOKEN);
+        }
+        *delimit = ':';
     } else {
-	slot = PK11_GetInternalKeySlot();
-	token = PK11Slot_GetNSSToken(slot);
+        slot = PK11_GetInternalKeySlot();
+        token = PK11Slot_GetNSSToken(slot);
     }
     if (token) {
-	nssList *certList;
-	nssCryptokiObject **instances;
-	nssPKIObjectCollection *collection;
-	nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
-	if (!PK11_IsPresent(slot)) {
-	    goto loser;
-	}
-   	rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
-	if (rv != SECSuccess) {
-	    goto loser;
-	}
-	collection = nssCertificateCollection_Create(defaultTD, NULL);
-	if (!collection) {
-	    goto loser;
-	}
-	certList = nssList_Create(NULL, PR_FALSE);
-	if (!certList) {
-	    nssPKIObjectCollection_Destroy(collection);
-	    goto loser;
-	}
-	(void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD, 
-	                                                  nickname, 
-	                                                  certList);
-	transfer_token_certs_to_collection(certList, token, collection);
-	instances = nssToken_FindCertificatesByNickname(token,
-	                                                NULL,
-	                                                nickname,
-	                                                tokenOnly,
-	                                                0,
-	                                                &status);
-	nssPKIObjectCollection_AddInstances(collection, instances, 0);
-	nss_ZFreeIf(instances);
-	/* if it wasn't found, repeat the process for email address */
-	if (nssPKIObjectCollection_Count(collection) == 0 &&
-	    PORT_Strchr(nickname, '@') != NULL) 
-	{
-	    char* lowercaseName = CERT_FixupEmailAddr(nickname);
-	    if (lowercaseName) {
-		(void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD, 
-								      lowercaseName, 
-								      certList);
-		transfer_token_certs_to_collection(certList, token, collection);
-		instances = nssToken_FindCertificatesByEmail(token,
-							     NULL,
-							     lowercaseName,
-							     tokenOnly,
-							     0,
-							     &status);
-		nssPKIObjectCollection_AddInstances(collection, instances, 0);
-		nss_ZFreeIf(instances);
-		PORT_Free(lowercaseName);
-	    }
-	}
-	certs = nssPKIObjectCollection_GetCertificates(collection, 
-	                                               NULL, 0, NULL);
-	nssPKIObjectCollection_Destroy(collection);
-	if (certs) {
-	    cert = nssCertificateArray_FindBestCertificate(certs, NULL, 
-	                                                   &usage, NULL);
-	    if (cert) {
-		rvCert = STAN_GetCERTCertificateOrRelease(cert);
-	    }
-	    nssCertificateArray_Destroy(certs);
-	}
-	nssList_Destroy(certList);
+        nssList *certList;
+        nssCryptokiObject **instances;
+        nssPKIObjectCollection *collection;
+        nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+        if (!PK11_IsPresent(slot)) {
+            goto loser;
+        }
+        rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        collection = nssCertificateCollection_Create(defaultTD, NULL);
+        if (!collection) {
+            goto loser;
+        }
+        certList = nssList_Create(NULL, PR_FALSE);
+        if (!certList) {
+            nssPKIObjectCollection_Destroy(collection);
+            goto loser;
+        }
+        (void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD,
+                                                          nickname,
+                                                          certList);
+        transfer_token_certs_to_collection(certList, token, collection);
+        instances = nssToken_FindCertificatesByNickname(token,
+                                                        NULL,
+                                                        nickname,
+                                                        tokenOnly,
+                                                        0,
+                                                        &status);
+        nssPKIObjectCollection_AddInstances(collection, instances, 0);
+        nss_ZFreeIf(instances);
+        /* if it wasn't found, repeat the process for email address */
+        if (nssPKIObjectCollection_Count(collection) == 0 &&
+            PORT_Strchr(nickname, '@') != NULL) {
+            char *lowercaseName = CERT_FixupEmailAddr(nickname);
+            if (lowercaseName) {
+                (void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD,
+                                                                      lowercaseName,
+                                                                      certList);
+                transfer_token_certs_to_collection(certList, token, collection);
+                instances = nssToken_FindCertificatesByEmail(token,
+                                                             NULL,
+                                                             lowercaseName,
+                                                             tokenOnly,
+                                                             0,
+                                                             &status);
+                nssPKIObjectCollection_AddInstances(collection, instances, 0);
+                nss_ZFreeIf(instances);
+                PORT_Free(lowercaseName);
+            }
+        }
+        certs = nssPKIObjectCollection_GetCertificates(collection,
+                                                       NULL, 0, NULL);
+        nssPKIObjectCollection_Destroy(collection);
+        if (certs) {
+            cert = nssCertificateArray_FindBestCertificate(certs, NULL,
+                                                           &usage, NULL);
+            if (cert) {
+                rvCert = STAN_GetCERTCertificateOrRelease(cert);
+            }
+            nssCertificateArray_Destroy(certs);
+        }
+        nssList_Destroy(certList);
     }
     if (slot) {
-	PK11_FreeSlot(slot);
+        PK11_FreeSlot(slot);
     }
-    if (nickCopy) PORT_Free(nickCopy);
+    if (nickCopy)
+        PORT_Free(nickCopy);
     return rvCert;
 loser:
     if (slot) {
-	PK11_FreeSlot(slot);
+        PK11_FreeSlot(slot);
     }
-    if (nickCopy) PORT_Free(nickCopy);
+    if (nickCopy)
+        PORT_Free(nickCopy);
     return NULL;
 }
 
 /* Traverse slots callback */
 typedef struct FindCertsEmailArgStr {
-    char         *email;
+    char *email;
     CERTCertList *certList;
 } FindCertsEmailArg;
 
-SECStatus 
+SECStatus
 FindCertsEmailCallback(CERTCertificate *cert, SECItem *item, void *arg)
 {
-    FindCertsEmailArg *cbparam = (FindCertsEmailArg *) arg;	
+    FindCertsEmailArg *cbparam = (FindCertsEmailArg *)arg;
     const char *cert_email = CERT_GetFirstEmailAddress(cert);
     PRBool found = PR_FALSE;
 
     /* Email address present in certificate? */
-    if (cert_email == NULL){
-	return SECSuccess;
+    if (cert_email == NULL) {
+        return SECSuccess;
     }
- 
+
     /* Parameter correctly set? */
     if (cbparam->email == NULL) {
-	return SECFailure;
+        return SECFailure;
     }
 
     /* Loop over all email addresses */
     do {
-	if (!strcmp(cert_email, cbparam->email)) {
-	    /* found one matching email address */
-	    PRTime now = PR_Now();
-	    found = PR_TRUE;
-	    CERT_AddCertToListSorted(cbparam->certList, 
-	                             CERT_DupCertificate(cert),
-			             CERT_SortCBValidity, &now);
-	}
-	cert_email = CERT_GetNextEmailAddress(cert, cert_email);
-    } while (cert_email && !found);   
+        if (!strcmp(cert_email, cbparam->email)) {
+            /* found one matching email address */
+            PRTime now = PR_Now();
+            found = PR_TRUE;
+            CERT_AddCertToListSorted(cbparam->certList,
+                                     CERT_DupCertificate(cert),
+                                     CERT_SortCBValidity, &now);
+        }
+        cert_email = CERT_GetNextEmailAddress(cert, cert_email);
+    } while (cert_email && !found);
 
     return SECSuccess;