Bug 1233037, clang-format on lib/ckfw with manual corrections, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Mon, 18 Jan 2016 15:02:03 +0100
changeset 11813 9c515d64ec7bddad0ea7fe6017420784bff175da
parent 11812 0a86bfa3a3bfc7afa18bcb251a098088acbcb81f
child 11814 82f1db4764f27a51c536476021451c8f3732411d
push id933
push userkaie@kuix.de
push dateMon, 18 Jan 2016 14:03:49 +0000
reviewerskaie
bugs1233037
Bug 1233037, clang-format on lib/ckfw with manual corrections, r=kaie
lib/ckfw/builtins/anchor.c
lib/ckfw/builtins/bfind.c
lib/ckfw/builtins/binst.c
lib/ckfw/builtins/bobject.c
lib/ckfw/builtins/bsession.c
lib/ckfw/builtins/bslot.c
lib/ckfw/builtins/btoken.c
lib/ckfw/builtins/builtins.h
lib/ckfw/builtins/ckbiver.c
lib/ckfw/builtins/constants.c
lib/ckfw/builtins/nssckbi.h
lib/ckfw/capi/anchor.c
lib/ckfw/capi/cfind.c
lib/ckfw/capi/cinst.c
lib/ckfw/capi/ckcapi.h
lib/ckfw/capi/ckcapiver.c
lib/ckfw/capi/cobject.c
lib/ckfw/capi/constants.c
lib/ckfw/capi/crsa.c
lib/ckfw/capi/csession.c
lib/ckfw/capi/cslot.c
lib/ckfw/capi/ctoken.c
lib/ckfw/capi/nsscapi.h
lib/ckfw/capi/staticobj.c
lib/ckfw/ckfw.h
lib/ckfw/ckfwm.h
lib/ckfw/ckfwtm.h
lib/ckfw/ckmd.h
lib/ckfw/crypto.c
lib/ckfw/dbm/anchor.c
lib/ckfw/dbm/ckdbm.h
lib/ckfw/dbm/db.c
lib/ckfw/dbm/find.c
lib/ckfw/dbm/instance.c
lib/ckfw/dbm/object.c
lib/ckfw/dbm/session.c
lib/ckfw/dbm/slot.c
lib/ckfw/dbm/token.c
lib/ckfw/find.c
lib/ckfw/hash.c
lib/ckfw/instance.c
lib/ckfw/mechanism.c
lib/ckfw/mutex.c
lib/ckfw/nssckfw.h
lib/ckfw/nssckfwc.h
lib/ckfw/nssckfwt.h
lib/ckfw/nssckmdt.h
lib/ckfw/nssckt.h
lib/ckfw/nssmkey/ckmk.h
lib/ckfw/nssmkey/ckmkver.c
lib/ckfw/nssmkey/manchor.c
lib/ckfw/nssmkey/mconstants.c
lib/ckfw/nssmkey/mfind.c
lib/ckfw/nssmkey/minst.c
lib/ckfw/nssmkey/mobject.c
lib/ckfw/nssmkey/mrsa.c
lib/ckfw/nssmkey/msession.c
lib/ckfw/nssmkey/mslot.c
lib/ckfw/nssmkey/mtoken.c
lib/ckfw/nssmkey/nssmkey.h
lib/ckfw/nssmkey/staticobj.c
lib/ckfw/object.c
lib/ckfw/session.c
lib/ckfw/sessobj.c
lib/ckfw/slot.c
lib/ckfw/token.c
lib/ckfw/wrap.c
--- a/lib/ckfw/builtins/anchor.c
+++ b/lib/ckfw/builtins/anchor.c
@@ -1,17 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * builtins/anchor.c
  *
  * This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading.  See the 
+ * shared library, which is required for dynamic loading.  See the
  * comments in nssck.api for more information.
  */
 
 #include "builtins.h"
 
 #define MODULE_NAME builtins
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
+#define INSTANCE_NAME (NSSCKMDInstance *) & nss_builtins_mdInstance
 #include "nssck.api"
--- a/lib/ckfw/builtins/bfind.c
+++ b/lib/ckfw/builtins/bfind.c
@@ -9,263 +9,255 @@
 /*
  * builtins/find.c
  *
  * This file implements the NSSCKMDFindObjects object for the
  * "builtin objects" cryptoki module.
  */
 
 struct builtinsFOStr {
-  NSSArena *arena;
-  CK_ULONG n;
-  CK_ULONG i;
-  builtinsInternalObject **objs;
+    NSSArena *arena;
+    CK_ULONG n;
+    CK_ULONG i;
+    builtinsInternalObject **objs;
 };
 
 static void
-builtins_mdFindObjects_Final
-(
-  NSSCKMDFindObjects *mdFindObjects,
-  NSSCKFWFindObjects *fwFindObjects,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
-  NSSArena *arena = fo->arena;
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+    NSSArena *arena = fo->arena;
 
-  nss_ZFreeIf(fo->objs);
-  nss_ZFreeIf(fo);
-  nss_ZFreeIf(mdFindObjects);
-  if ((NSSArena *)NULL != arena) {
-    NSSArena_Destroy(arena);
-  }
+    nss_ZFreeIf(fo->objs);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(mdFindObjects);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
 
-  return;
+    return;
 }
 
 static NSSCKMDObject *
-builtins_mdFindObjects_Next
-(
-  NSSCKMDFindObjects *mdFindObjects,
-  NSSCKFWFindObjects *fwFindObjects,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSArena *arena,
-  CK_RV *pError
-)
+builtins_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
 {
-  struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
-  builtinsInternalObject *io;
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+    builtinsInternalObject *io;
 
-  if( fo->i == fo->n ) {
-    *pError = CKR_OK;
-    return (NSSCKMDObject *)NULL;
-  }
+    if (fo->i == fo->n) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
 
-  io = fo->objs[ fo->i ];
-  fo->i++;
+    io = fo->objs[fo->i];
+    fo->i++;
 
-  return nss_builtins_CreateMDObject(arena, io, pError);
+    return nss_builtins_CreateMDObject(arena, io, pError);
 }
 
 static int
-builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest) {
+builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest)
+{
     unsigned char *start = src;
     int len = 0;
 
-    if (*src ++ != 2) {
-	return 0;
+    if (*src++ != 2) {
+        return 0;
     }
     len = *src++;
     if (len & 0x80) {
-	int count = len & 0x7f;
-	len =0;
+        int count = len & 0x7f;
+        len = 0;
 
-	if (count+2 > size) {
-	    return 0;
-	}
-	while (count-- > 0) {
-	    len = (len << 8) | *src++;
-	}
+        if (count + 2 > size) {
+            return 0;
+        }
+        while (count-- > 0) {
+            len = (len << 8) | *src++;
+        }
     }
-    if (len + (src-start) != size) {
-	return 0;
+    if (len + (src - start) != size) {
+        return 0;
     }
     *dest = src;
     return len;
 }
 
 static CK_BBOOL
-builtins_attrmatch
-(
-  CK_ATTRIBUTE_PTR a,
-  const NSSItem *b
-)
+builtins_attrmatch(
+    CK_ATTRIBUTE_PTR a,
+    const NSSItem *b)
 {
-  PRBool prb;
+    PRBool prb;
 
-  if( a->ulValueLen != b->size ) {
-    /* match a decoded serial number */
-    if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
-	int len;
-	unsigned char *data = NULL;
+    if (a->ulValueLen != b->size) {
+        /* match a decoded serial number */
+        if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+            int len;
+            unsigned char *data = NULL;
 
-	len = builtins_derUnwrapInt(b->data,b->size,&data);
-	if (data &&
-	    (len == a->ulValueLen) && 
-	    nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
-	    return CK_TRUE;
-	}
+            len = builtins_derUnwrapInt(b->data, b->size, &data);
+            if (data &&
+                (len == a->ulValueLen) &&
+                nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+                return CK_TRUE;
+            }
+        }
+        return CK_FALSE;
     }
-    return CK_FALSE;
-  }
 
-  prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+    prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
 
-  if( PR_TRUE == prb ) {
-    return CK_TRUE;
-  } else {
-    return CK_FALSE;
-  }
+    if (PR_TRUE == prb) {
+        return CK_TRUE;
+    }
+    else {
+        return CK_FALSE;
+    }
 }
 
+static CK_BBOOL
+builtins_match(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    builtinsInternalObject *o)
+{
+    CK_ULONG i;
 
-static CK_BBOOL
-builtins_match
-(
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  builtinsInternalObject *o
-)
-{
-  CK_ULONG i;
+    for (i = 0; i < ulAttributeCount; i++) {
+        CK_ULONG j;
 
-  for( i = 0; i < ulAttributeCount; i++ ) {
-    CK_ULONG j;
+        for (j = 0; j < o->n; j++) {
+            if (o->types[j] == pTemplate[i].type) {
+                if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
+                    return CK_FALSE;
+                }
+                else {
+                    break;
+                }
+            }
+        }
 
-    for( j = 0; j < o->n; j++ ) {
-      if( o->types[j] == pTemplate[i].type ) {
-        if( CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j]) ) {
-          return CK_FALSE;
-        } else {
-          break;
+        if (j == o->n) {
+            /* Loop ran to the end: no matching attribute */
+            return CK_FALSE;
         }
-      }
     }
 
-    if( j == o->n ) {
-      /* Loop ran to the end: no matching attribute */
-      return CK_FALSE;
-    }
-  }
-
-  /* Every attribute passed */
-  return CK_TRUE;
+    /* Every attribute passed */
+    return CK_TRUE;
 }
 
 NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+nss_builtins_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  /* This could be made more efficient.  I'm rather rushed. */
-  NSSArena *arena;
-  NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
-  struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
+    /* This could be made more efficient.  I'm rather rushed. */
+    NSSArena *arena;
+    NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
 
-  /*
+/*
    * 99% of the time we get 0 or 1 matches. So we start with a small
    * stack-allocated array to hold the matches and switch to a heap-allocated
    * array later if the number of matches exceeds STACK_BUF_LENGTH.
    */
-  #define STACK_BUF_LENGTH 1
-  builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
-  builtinsInternalObject **temp = stackTemp;
-  PRBool tempIsHeapAllocated = PR_FALSE;
-  PRUint32 i;
+#define STACK_BUF_LENGTH 1
+    builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
+    builtinsInternalObject **temp = stackTemp;
+    PRBool tempIsHeapAllocated = PR_FALSE;
+    PRUint32 i;
 
-  arena = NSSArena_Create();
-  if( (NSSArena *)NULL == arena ) {
-    goto loser;
-  }
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        goto loser;
+    }
 
-  rv = nss_ZNEW(arena, NSSCKMDFindObjects);
-  if( (NSSCKMDFindObjects *)NULL == rv ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  fo = nss_ZNEW(arena, struct builtinsFOStr);
-  if( (struct builtinsFOStr *)NULL == fo ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    fo = nss_ZNEW(arena, struct builtinsFOStr);
+    if ((struct builtinsFOStr *)NULL == fo) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  fo->arena = arena;
-  /* fo->n and fo->i are already zero */
+    fo->arena = arena;
+    /* fo->n and fo->i are already zero */
 
-  rv->etc = (void *)fo;
-  rv->Final = builtins_mdFindObjects_Final;
-  rv->Next = builtins_mdFindObjects_Next;
-  rv->null = (void *)NULL;
+    rv->etc = (void *)fo;
+    rv->Final = builtins_mdFindObjects_Final;
+    rv->Next = builtins_mdFindObjects_Next;
+    rv->null = (void *)NULL;
 
-  for( i = 0; i < nss_builtins_nObjects; i++ ) {
-    builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
+    for (i = 0; i < nss_builtins_nObjects; i++) {
+        builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
 
-    if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
-      if( fo->n == STACK_BUF_LENGTH ) {
-        /* Switch from the small stack array to a heap-allocated array large
+        if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) {
+            if (fo->n == STACK_BUF_LENGTH) {
+                /* Switch from the small stack array to a heap-allocated array large
          * enough to handle matches in all remaining cases. */
-        temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
-                             fo->n + nss_builtins_nObjects - i);
-        if( (builtinsInternalObject **)NULL == temp ) {
-          *pError = CKR_HOST_MEMORY;
-          goto loser;
+                temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
+                                     fo->n + nss_builtins_nObjects - i);
+                if ((builtinsInternalObject **)NULL == temp) {
+                    *pError =
+                        CKR_HOST_MEMORY;
+                    goto loser;
+                }
+                tempIsHeapAllocated = PR_TRUE;
+                (void)nsslibc_memcpy(temp, stackTemp,
+                                     sizeof(builtinsInternalObject *) * fo->n);
+            }
+
+            temp[fo->n] = o;
+            fo->n++;
         }
-        tempIsHeapAllocated = PR_TRUE;
-        (void)nsslibc_memcpy(temp, stackTemp,
-                             sizeof(builtinsInternalObject *) * fo->n);
-      }
-
-      temp[ fo->n ] = o;
-      fo->n++;
     }
-  }
 
-  fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
-  if( (builtinsInternalObject **)NULL == fo->objs ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
+    if ((builtinsInternalObject **)NULL == fo->objs) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
-  if (tempIsHeapAllocated) {
-    nss_ZFreeIf(temp);
-    temp = (builtinsInternalObject **)NULL;
-  }
+    (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
+    if (tempIsHeapAllocated) {
+        nss_ZFreeIf(temp);
+        temp = (builtinsInternalObject **)NULL;
+    }
 
-  return rv;
+    return rv;
 
- loser:
-  if (tempIsHeapAllocated) {
-    nss_ZFreeIf(temp);
-  }
-  nss_ZFreeIf(fo);
-  nss_ZFreeIf(rv);
-  if ((NSSArena *)NULL != arena) {
-     NSSArena_Destroy(arena);
-  }
-  return (NSSCKMDFindObjects *)NULL;
+loser:
+    if (tempIsHeapAllocated) {
+        nss_ZFreeIf(temp);
+    }
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(rv);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+    return (NSSCKMDFindObjects *)NULL;
 }
-
--- a/lib/ckfw/builtins/binst.c
+++ b/lib/ckfw/builtins/binst.c
@@ -2,98 +2,86 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "builtins.h"
 
 /*
  * builtins/instance.c
  *
- * This file implements the NSSCKMDInstance object for the 
+ * This file implements the NSSCKMDInstance object for the
  * "builtin objects" cryptoki module.
  */
 
 /*
  * NSSCKMDInstance methods
  */
 
 static CK_ULONG
-builtins_mdInstance_GetNSlots
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (CK_ULONG)1;
+    return (CK_ULONG)1;
 }
 
 static CK_VERSION
-builtins_mdInstance_GetCryptokiVersion
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_builtins_CryptokiVersion;
+    return nss_builtins_CryptokiVersion;
 }
 
 static NSSUTF8 *
-builtins_mdInstance_GetManufacturerID
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_ManufacturerID;
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
 }
 
 static NSSUTF8 *
-builtins_mdInstance_GetLibraryDescription
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_LibraryDescription;
+    return (NSSUTF8 *)nss_builtins_LibraryDescription;
 }
 
 static CK_VERSION
-builtins_mdInstance_GetLibraryVersion
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
 #define NSS_VERSION_VARIABLE __nss_builtins_version
 #include "verref.h"
-  return nss_builtins_LibraryVersion;
+    return nss_builtins_LibraryVersion;
 }
 
 static CK_RV
-builtins_mdInstance_GetSlots
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKMDSlot *slots[]
-)
+builtins_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
 {
-  slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
-  return CKR_OK;
+    slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
+    return CKR_OK;
 }
 
 const NSSCKMDInstance
-nss_builtins_mdInstance = {
-  (void *)NULL, /* etc */
-  NULL, /* Initialize */
-  NULL, /* Finalize */
-  builtins_mdInstance_GetNSlots,
-  builtins_mdInstance_GetCryptokiVersion,
-  builtins_mdInstance_GetManufacturerID,
-  builtins_mdInstance_GetLibraryDescription,
-  builtins_mdInstance_GetLibraryVersion,
-  NULL, /* ModuleHandlesSessionObjects -- defaults to false */
-  builtins_mdInstance_GetSlots,
-  NULL, /* WaitForSlotEvent */
-  (void *)NULL /* null terminator */
-};
+    nss_builtins_mdInstance = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Finalize */
+        builtins_mdInstance_GetNSlots,
+        builtins_mdInstance_GetCryptokiVersion,
+        builtins_mdInstance_GetManufacturerID,
+        builtins_mdInstance_GetLibraryDescription,
+        builtins_mdInstance_GetLibraryVersion,
+        NULL, /* ModuleHandlesSessionObjects -- defaults to false */
+        builtins_mdInstance_GetSlots,
+        NULL,        /* WaitForSlotEvent */
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/builtins/bobject.c
+++ b/lib/ckfw/builtins/bobject.c
@@ -19,204 +19,188 @@
  * GetAttributeTypes
  * GetAttributeSize
  * GetAttribute
  * SetAttribute - unneeded
  * GetObjectSize
  */
 
 static CK_RV
-builtins_mdObject_Destroy
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CKR_SESSION_READ_ONLY;
+    return CKR_SESSION_READ_ONLY;
 }
 
 static CK_BBOOL
-builtins_mdObject_IsTokenObject
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CK_TRUE;
+    return CK_TRUE;
 }
 
 static CK_ULONG
-builtins_mdObject_GetAttributeCount
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
-  return io->n;
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    return io->n;
 }
 
 static CK_RV
-builtins_mdObject_GetAttributeTypes
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE_PTR typeArray,
-  CK_ULONG ulCount
-)
+builtins_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
 {
-  builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
-  CK_ULONG i;
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
 
-  if( io->n != ulCount ) {
-    return CKR_BUFFER_TOO_SMALL;
-  }
+    if (io->n != ulCount) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
 
-  for( i = 0; i < io->n; i++ ) {
-    typeArray[i] = io->types[i];
-  }
+    for (i = 0; i < io->n; i++) {
+        typeArray[i] = io->types[i];
+    }
 
-  return CKR_OK;
+    return CKR_OK;
 }
 
 static CK_ULONG
-builtins_mdObject_GetAttributeSize
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE attribute,
-  CK_RV *pError
-)
+builtins_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
 {
-  builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
-  CK_ULONG i;
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
 
-  for( i = 0; i < io->n; i++ ) {
-    if( attribute == io->types[i] ) {
-      return (CK_ULONG)(io->items[i].size);
+    for (i = 0; i < io->n; i++) {
+        if (attribute == io->types[i]) {
+            return (CK_ULONG)(io->items[i].size);
+        }
     }
-  }
 
-  *pError = CKR_ATTRIBUTE_TYPE_INVALID;
-  return 0;
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return 0;
 }
 
 static NSSCKFWItem
-builtins_mdObject_GetAttribute
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE attribute,
-  CK_RV *pError
-)
+builtins_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
 {
-  NSSCKFWItem mdItem;
-  builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
-  CK_ULONG i;
+    NSSCKFWItem mdItem;
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
 
-  mdItem.needsFreeing = PR_FALSE;
-  mdItem.item = (NSSItem*) NULL;
+    mdItem.needsFreeing = PR_FALSE;
+    mdItem.item = (NSSItem *)NULL;
 
-  for( i = 0; i < io->n; i++ ) {
-    if( attribute == io->types[i] ) {
-      mdItem.item = (NSSItem*) &io->items[i];
-      return mdItem;
+    for (i = 0; i < io->n; i++) {
+        if (attribute == io->types[i]) {
+            mdItem.item = (NSSItem *)&io->items[i];
+            return mdItem;
+        }
     }
-  }
 
-  *pError = CKR_ATTRIBUTE_TYPE_INVALID;
-  return mdItem;
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return mdItem;
 }
 
 static CK_ULONG
-builtins_mdObject_GetObjectSize
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
-  CK_ULONG i;
-  CK_ULONG rv = sizeof(CK_ULONG);
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
+    CK_ULONG rv = sizeof(CK_ULONG);
 
-  for( i = 0; i < io->n; i++ ) {
-    rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
-  }
+    for (i = 0; i < io->n; i++) {
+        rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
+    }
 
-  return rv;
+    return rv;
 }
 
 static const NSSCKMDObject
-builtins_prototype_mdObject = {
-  (void *)NULL, /* etc */
-  NULL, /* Finalize */
-  builtins_mdObject_Destroy,
-  builtins_mdObject_IsTokenObject,
-  builtins_mdObject_GetAttributeCount,
-  builtins_mdObject_GetAttributeTypes,
-  builtins_mdObject_GetAttributeSize,
-  builtins_mdObject_GetAttribute,
-  NULL, /* FreeAttribute */
-  NULL, /* SetAttribute */
-  builtins_mdObject_GetObjectSize,
-  (void *)NULL /* null terminator */
-};
+    builtins_prototype_mdObject = {
+        (void *)NULL, /* etc */
+        NULL,         /* Finalize */
+        builtins_mdObject_Destroy,
+        builtins_mdObject_IsTokenObject,
+        builtins_mdObject_GetAttributeCount,
+        builtins_mdObject_GetAttributeTypes,
+        builtins_mdObject_GetAttributeSize,
+        builtins_mdObject_GetAttribute,
+        NULL, /* FreeAttribute */
+        NULL, /* SetAttribute */
+        builtins_mdObject_GetObjectSize,
+        (void *)NULL /* null terminator */
+    };
 
 NSS_IMPLEMENT NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
-  NSSArena *arena,
-  builtinsInternalObject *io,
-  CK_RV *pError
-)
+nss_builtins_CreateMDObject(
+    NSSArena *arena,
+    builtinsInternalObject *io,
+    CK_RV *pError)
 {
-  if ( (void*)NULL == io->mdObject.etc) {
-    (void) nsslibc_memcpy(&io->mdObject,&builtins_prototype_mdObject,
-					sizeof(builtins_prototype_mdObject));
-    io->mdObject.etc = (void *)io;
-  }
+    if ((void *)NULL == io->mdObject.etc) {
+        (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject,
+                             sizeof(builtins_prototype_mdObject));
+        io->mdObject.etc = (void *)io;
+    }
 
-  return &io->mdObject;
+    return &io->mdObject;
 }
--- a/lib/ckfw/builtins/bsession.c
+++ b/lib/ckfw/builtins/bsession.c
@@ -2,74 +2,70 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "builtins.h"
 
 /*
  * builtins/session.c
  *
- * This file implements the NSSCKMDSession object for the 
+ * This file implements the NSSCKMDSession object for the
  * "builtin objects" cryptoki module.
  */
 
 static NSSCKMDFindObjects *
-builtins_mdSession_FindObjectsInit
-(
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+builtins_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+    return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
 }
 
 NSS_IMPLEMENT NSSCKMDSession *
-nss_builtins_CreateSession
-(
-  NSSCKFWSession *fwSession,
-  CK_RV *pError
-)
+nss_builtins_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
 {
-  NSSArena *arena;
-  NSSCKMDSession *rv;
+    NSSArena *arena;
+    NSSCKMDSession *rv;
 
-  arena = NSSCKFWSession_GetArena(fwSession, pError);
-  if( (NSSArena *)NULL == arena ) {
-    return (NSSCKMDSession *)NULL;
-  }
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+    if ((NSSArena *)NULL == arena) {
+        return (NSSCKMDSession *)NULL;
+    }
 
-  rv = nss_ZNEW(arena, NSSCKMDSession);
-  if( (NSSCKMDSession *)NULL == rv ) {
-    *pError = CKR_HOST_MEMORY;
-    return (NSSCKMDSession *)NULL;
-  }
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
 
-  /* 
-   * rv was zeroed when allocated, so we only 
-   * need to set the non-zero members.
-   */
+    /*
+     * rv was zeroed when allocated, so we only
+     * need to set the non-zero members.
+     */
 
-  rv->etc = (void *)fwSession;
-  /* rv->Close */
-  /* rv->GetDeviceError */
-  /* rv->Login */
-  /* rv->Logout */
-  /* rv->InitPIN */
-  /* rv->SetPIN */
-  /* rv->GetOperationStateLen */
-  /* rv->GetOperationState */
-  /* rv->SetOperationState */
-  /* rv->CreateObject */
-  /* rv->CopyObject */
-  rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
-  /* rv->SeedRandom */
-  /* rv->GetRandom */
-  /* rv->null */
+    rv->etc = (void *)fwSession;
+    /* rv->Close */
+    /* rv->GetDeviceError */
+    /* rv->Login */
+    /* rv->Logout */
+    /* rv->InitPIN */
+    /* rv->SetPIN */
+    /* rv->GetOperationStateLen */
+    /* rv->GetOperationState */
+    /* rv->SetOperationState */
+    /* rv->CreateObject */
+    /* rv->CopyObject */
+    rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
+    /* rv->SeedRandom */
+    /* rv->GetRandom */
+    /* rv->null */
 
-  return rv;
+    return rv;
 }
--- a/lib/ckfw/builtins/bslot.c
+++ b/lib/ckfw/builtins/bslot.c
@@ -7,85 +7,75 @@
 /*
  * builtins/slot.c
  *
  * This file implements the NSSCKMDSlot object for the
  * "builtin objects" cryptoki module.
  */
 
 static NSSUTF8 *
-builtins_mdSlot_GetSlotDescription
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_SlotDescription;
+    return (NSSUTF8 *)nss_builtins_SlotDescription;
 }
 
 static NSSUTF8 *
-builtins_mdSlot_GetManufacturerID
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_ManufacturerID;
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
 }
 
 static CK_VERSION
-builtins_mdSlot_GetHardwareVersion
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetHardwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_builtins_HardwareVersion;
+    return nss_builtins_HardwareVersion;
 }
 
 static CK_VERSION
-builtins_mdSlot_GetFirmwareVersion
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdSlot_GetFirmwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_builtins_FirmwareVersion;
+    return nss_builtins_FirmwareVersion;
 }
 
 static NSSCKMDToken *
-builtins_mdSlot_GetToken
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSCKMDToken *)&nss_builtins_mdToken;
+    return (NSSCKMDToken *)&nss_builtins_mdToken;
 }
 
 const NSSCKMDSlot
-nss_builtins_mdSlot = {
-  (void *)NULL, /* etc */
-  NULL, /* Initialize */
-  NULL, /* Destroy */
-  builtins_mdSlot_GetSlotDescription,
-  builtins_mdSlot_GetManufacturerID,
-  NULL, /* GetTokenPresent -- defaults to true */
-  NULL, /* GetRemovableDevice -- defaults to false */
-  NULL, /* GetHardwareSlot -- defaults to false */
-  builtins_mdSlot_GetHardwareVersion,
-  builtins_mdSlot_GetFirmwareVersion,
-  builtins_mdSlot_GetToken,
-  (void *)NULL /* null terminator */
-};
+    nss_builtins_mdSlot = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Destroy */
+        builtins_mdSlot_GetSlotDescription,
+        builtins_mdSlot_GetManufacturerID,
+        NULL, /* GetTokenPresent -- defaults to true */
+        NULL, /* GetRemovableDevice -- defaults to false */
+        NULL, /* GetHardwareSlot -- defaults to false */
+        builtins_mdSlot_GetHardwareVersion,
+        builtins_mdSlot_GetFirmwareVersion,
+        builtins_mdSlot_GetToken,
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/builtins/btoken.c
+++ b/lib/ckfw/builtins/btoken.c
@@ -7,145 +7,129 @@
 /*
  * builtins/token.c
  *
  * This file implements the NSSCKMDToken object for the
  * "builtin objects" cryptoki module.
  */
 
 static NSSUTF8 *
-builtins_mdToken_GetLabel
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_TokenLabel;
+    return (NSSUTF8 *)nss_builtins_TokenLabel;
 }
 
 static NSSUTF8 *
-builtins_mdToken_GetManufacturerID
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_ManufacturerID;
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
 }
 
 static NSSUTF8 *
-builtins_mdToken_GetModel
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_TokenModel;
+    return (NSSUTF8 *)nss_builtins_TokenModel;
 }
 
 static NSSUTF8 *
-builtins_mdToken_GetSerialNumber
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+builtins_mdToken_GetSerialNumber(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
+    return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
 }
 
 static CK_BBOOL
-builtins_mdToken_GetIsWriteProtected
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CK_TRUE;
+    return CK_TRUE;
 }
 
 static CK_VERSION
-builtins_mdToken_GetHardwareVersion
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_builtins_HardwareVersion;
+    return nss_builtins_HardwareVersion;
 }
 
 static CK_VERSION
-builtins_mdToken_GetFirmwareVersion
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+builtins_mdToken_GetFirmwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_builtins_FirmwareVersion;
+    return nss_builtins_FirmwareVersion;
 }
 
 static NSSCKMDSession *
-builtins_mdToken_OpenSession
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWSession *fwSession,
-  CK_BBOOL rw,
-  CK_RV *pError
-)
+builtins_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
 {
-  return nss_builtins_CreateSession(fwSession, pError);
+    return nss_builtins_CreateSession(fwSession, pError);
 }
 
 const NSSCKMDToken
-nss_builtins_mdToken = {
-  (void *)NULL, /* etc */
-  NULL, /* Setup */
-  NULL, /* Invalidate */
-  NULL, /* InitToken -- default errs */
-  builtins_mdToken_GetLabel,
-  builtins_mdToken_GetManufacturerID,
-  builtins_mdToken_GetModel,
-  builtins_mdToken_GetSerialNumber,
-  NULL, /* GetHasRNG -- default is false */
-  builtins_mdToken_GetIsWriteProtected,
-  NULL, /* GetLoginRequired -- default is false */
-  NULL, /* GetUserPinInitialized -- default is false */
-  NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
-  NULL, /* GetHasClockOnToken -- default is false */
-  NULL, /* GetHasProtectedAuthenticationPath -- default is false */
-  NULL, /* GetSupportsDualCryptoOperations -- default is false */
-  NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetMaxPinLen -- irrelevant */
-  NULL, /* GetMinPinLen -- irrelevant */
-  NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  builtins_mdToken_GetHardwareVersion,
-  builtins_mdToken_GetFirmwareVersion,
-  NULL, /* GetUTCTime -- no clock */
-  builtins_mdToken_OpenSession,
-  NULL, /* GetMechanismCount -- default is zero */
-  NULL, /* GetMechanismTypes -- irrelevant */
-  NULL, /* GetMechanism -- irrelevant */
-  (void *)NULL /* null terminator */
-};
+    nss_builtins_mdToken = {
+        (void *)NULL, /* etc */
+        NULL,         /* Setup */
+        NULL,         /* Invalidate */
+        NULL,         /* InitToken -- default errs */
+        builtins_mdToken_GetLabel,
+        builtins_mdToken_GetManufacturerID,
+        builtins_mdToken_GetModel,
+        builtins_mdToken_GetSerialNumber,
+        NULL, /* GetHasRNG -- default is false */
+        builtins_mdToken_GetIsWriteProtected,
+        NULL, /* GetLoginRequired -- default is false */
+        NULL, /* GetUserPinInitialized -- default is false */
+        NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+        NULL, /* GetHasClockOnToken -- default is false */
+        NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+        NULL, /* GetSupportsDualCryptoOperations -- default is false */
+        NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxPinLen -- irrelevant */
+        NULL, /* GetMinPinLen -- irrelevant */
+        NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        builtins_mdToken_GetHardwareVersion,
+        builtins_mdToken_GetFirmwareVersion,
+        NULL, /* GetUTCTime -- no clock */
+        builtins_mdToken_OpenSession,
+        NULL,        /* GetMechanismCount -- default is zero */
+        NULL,        /* GetMechanismTypes -- irrelevant */
+        NULL,        /* GetMechanism -- irrelevant */
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/builtins/builtins.h
+++ b/lib/ckfw/builtins/builtins.h
@@ -16,57 +16,51 @@
 /*
  * This is where the Netscape extensions live, at least for now.
  */
 #ifndef CKT_H
 #include "ckt.h"
 #endif /* CKT_H */
 
 struct builtinsInternalObjectStr {
-  CK_ULONG n;
-  const CK_ATTRIBUTE_TYPE *types;
-  const NSSItem *items;
-  NSSCKMDObject mdObject;
+    CK_ULONG n;
+    const CK_ATTRIBUTE_TYPE *types;
+    const NSSItem *items;
+    NSSCKMDObject mdObject;
 };
 typedef struct builtinsInternalObjectStr builtinsInternalObject;
 
-extern       builtinsInternalObject nss_builtins_data[];
-extern const PRUint32               nss_builtins_nObjects;
+extern builtinsInternalObject nss_builtins_data[];
+extern const PRUint32 nss_builtins_nObjects;
 
-extern const CK_VERSION   nss_builtins_CryptokiVersion;
-extern const CK_VERSION   nss_builtins_LibraryVersion;
-extern const CK_VERSION   nss_builtins_HardwareVersion;
-extern const CK_VERSION   nss_builtins_FirmwareVersion;
+extern const CK_VERSION nss_builtins_CryptokiVersion;
+extern const CK_VERSION nss_builtins_LibraryVersion;
+extern const CK_VERSION nss_builtins_HardwareVersion;
+extern const CK_VERSION nss_builtins_FirmwareVersion;
 
-extern const NSSUTF8      nss_builtins_ManufacturerID[];
-extern const NSSUTF8      nss_builtins_LibraryDescription[];
-extern const NSSUTF8      nss_builtins_SlotDescription[];
-extern const NSSUTF8      nss_builtins_TokenLabel[];
-extern const NSSUTF8      nss_builtins_TokenModel[];
-extern const NSSUTF8      nss_builtins_TokenSerialNumber[];
+extern const NSSUTF8 nss_builtins_ManufacturerID[];
+extern const NSSUTF8 nss_builtins_LibraryDescription[];
+extern const NSSUTF8 nss_builtins_SlotDescription[];
+extern const NSSUTF8 nss_builtins_TokenLabel[];
+extern const NSSUTF8 nss_builtins_TokenModel[];
+extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
 
 extern const NSSCKMDInstance nss_builtins_mdInstance;
-extern const NSSCKMDSlot     nss_builtins_mdSlot;
-extern const NSSCKMDToken    nss_builtins_mdToken;
+extern const NSSCKMDSlot nss_builtins_mdSlot;
+extern const NSSCKMDToken nss_builtins_mdToken;
 
 NSS_EXTERN NSSCKMDSession *
-nss_builtins_CreateSession
-(
-  NSSCKFWSession *fwSession,
-  CK_RV *pError
-);
+nss_builtins_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
 
 NSS_EXTERN NSSCKMDFindObjects *
-nss_builtins_FindObjectsInit
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-);
+nss_builtins_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
 
 NSS_EXTERN NSSCKMDObject *
-nss_builtins_CreateMDObject
-(
-  NSSArena *arena,
-  builtinsInternalObject *io,
-  CK_RV *pError
-);
+nss_builtins_CreateMDObject(
+    NSSArena *arena,
+    builtinsInternalObject *io,
+    CK_RV *pError);
--- a/lib/ckfw/builtins/ckbiver.c
+++ b/lib/ckfw/builtins/ckbiver.c
@@ -10,10 +10,9 @@
 #define _DEBUG_STRING " (debug)"
 #else
 #define _DEBUG_STRING ""
 #endif
 
 /*
  * Version information
  */
-const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs "
-        NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
+const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
--- a/lib/ckfw/builtins/constants.c
+++ b/lib/ckfw/builtins/constants.c
@@ -16,46 +16,49 @@
 #include "nssckt.h"
 #endif /* NSSCKT_H */
 
 #ifndef NSSCKBI_H
 #include "nssckbi.h"
 #endif /* NSSCKBI_H */
 
 const CK_VERSION
-nss_builtins_CryptokiVersion =  {
-		NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
-		NSS_BUILTINS_CRYPTOKI_VERSION_MINOR };
+    nss_builtins_CryptokiVersion = {
+        NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
+        NSS_BUILTINS_CRYPTOKI_VERSION_MINOR
+    };
 
 const CK_VERSION
-nss_builtins_LibraryVersion = {
-	NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
-	NSS_BUILTINS_LIBRARY_VERSION_MINOR};
+    nss_builtins_LibraryVersion = {
+        NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
+        NSS_BUILTINS_LIBRARY_VERSION_MINOR
+    };
 
 const CK_VERSION
-nss_builtins_HardwareVersion = { 
-	NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
-	NSS_BUILTINS_HARDWARE_VERSION_MINOR };
+    nss_builtins_HardwareVersion = {
+        NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
+        NSS_BUILTINS_HARDWARE_VERSION_MINOR
+    };
 
 const CK_VERSION
-nss_builtins_FirmwareVersion = { 
-	NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
-	NSS_BUILTINS_FIRMWARE_VERSION_MINOR };
+    nss_builtins_FirmwareVersion = {
+        NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
+        NSS_BUILTINS_FIRMWARE_VERSION_MINOR
+    };
 
-const NSSUTF8 
-nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
+const NSSUTF8
+    nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
 
-const NSSUTF8 
-nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
+const NSSUTF8
+    nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
 
-const NSSUTF8 
-nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
+const NSSUTF8
+    nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
 
-const NSSUTF8 
-nss_builtins_TokenLabel[] = { "Builtin Object Token" };
+const NSSUTF8
+    nss_builtins_TokenLabel[] = { "Builtin Object Token" };
 
-const NSSUTF8 
-nss_builtins_TokenModel[] = { "1" };
+const NSSUTF8
+    nss_builtins_TokenModel[] = { "1" };
 
 /* should this be e.g. the certdata.txt RCS revision number? */
-const NSSUTF8 
-nss_builtins_TokenSerialNumber[] = { "1" };
-
+const NSSUTF8
+    nss_builtins_TokenSerialNumber[] = { "1" };
--- a/lib/ckfw/builtins/nssckbi.h
+++ b/lib/ckfw/builtins/nssckbi.h
@@ -13,17 +13,17 @@
  * module you are using, use the appropriate PKCS #11 calls.
  *
  * These version numbers detail changes to the PKCS #11 interface. They map
  * to the PKCS #11 spec versions.
  */
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
 
-/* These version numbers detail the changes 
+/* These version numbers detail the changes
  * to the list of trusted certificates.
  *
  * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
  * for each NSS minor release AND whenever we change the list of
  * trusted certificates.  10 minor versions are allocated for each
  * NSS 3.x branch as follows, allowing us to change the list of
  * trusted certificates up to 9 times on each branch.
  *   - NSS 3.5 branch:  3-9
@@ -47,14 +47,14 @@
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
 #define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6
 #define NSS_BUILTINS_LIBRARY_VERSION "2.6"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
-/* These version numbers detail the semantic changes to ckbi itself 
+/* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
 
 #endif /* NSSCKBI_H */
--- a/lib/ckfw/capi/anchor.c
+++ b/lib/ckfw/capi/anchor.c
@@ -1,17 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * capi/canchor.c
  *
  * This file "anchors" the actual cryptoki entry points in this module's
- * shared library, which is required for dynamic loading.  See the 
+ * shared library, which is required for dynamic loading.  See the
  * comments in nssck.api for more information.
  */
 
 #include "ckcapi.h"
 
 #define MODULE_NAME ckcapi
-#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance
+#define INSTANCE_NAME (NSSCKMDInstance *) & nss_ckcapi_mdInstance
 #include "nssck.api"
--- a/lib/ckfw/capi/cfind.c
+++ b/lib/ckfw/capi/cfind.c
@@ -9,573 +9,559 @@
 /*
  * ckcapi/cfind.c
  *
  * This file implements the NSSCKMDFindObjects object for the
  * "capi" cryptoki module.
  */
 
 struct ckcapiFOStr {
-  NSSArena *arena;
-  CK_ULONG n;
-  CK_ULONG i;
-  ckcapiInternalObject **objs;
+    NSSArena *arena;
+    CK_ULONG n;
+    CK_ULONG i;
+    ckcapiInternalObject **objs;
 };
 
 static void
-ckcapi_mdFindObjects_Final
-(
-  NSSCKMDFindObjects *mdFindObjects,
-  NSSCKFWFindObjects *fwFindObjects,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
-  NSSArena *arena = fo->arena;
-  PRUint32 i;
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+    NSSArena *arena = fo->arena;
+    PRUint32 i;
 
-  /* walk down an free the unused 'objs' */
-  for (i=fo->i; i < fo->n ; i++) {
-    nss_ckcapi_DestroyInternalObject(fo->objs[i]);
-  }
+    /* walk down an free the unused 'objs' */
+    for (i = fo->i; i < fo->n; i++) {
+        nss_ckcapi_DestroyInternalObject(fo->objs[i]);
+    }
 
-  nss_ZFreeIf(fo->objs);
-  nss_ZFreeIf(fo);
-  nss_ZFreeIf(mdFindObjects);
-  if ((NSSArena *)NULL != arena) {
-    NSSArena_Destroy(arena);
-  }
+    nss_ZFreeIf(fo->objs);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(mdFindObjects);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
 
-  return;
+    return;
 }
 
 static NSSCKMDObject *
-ckcapi_mdFindObjects_Next
-(
-  NSSCKMDFindObjects *mdFindObjects,
-  NSSCKFWFindObjects *fwFindObjects,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSArena *arena,
-  CK_RV *pError
-)
+ckcapi_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
 {
-  struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
-  ckcapiInternalObject *io;
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+    ckcapiInternalObject *io;
 
-  if( fo->i == fo->n ) {
-    *pError = CKR_OK;
-    return (NSSCKMDObject *)NULL;
-  }
+    if (fo->i == fo->n) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
 
-  io = fo->objs[ fo->i ];
-  fo->i++;
+    io = fo->objs[fo->i];
+    fo->i++;
 
-  return nss_ckcapi_CreateMDObject(arena, io, pError);
+    return nss_ckcapi_CreateMDObject(arena, io, pError);
 }
 
 static CK_BBOOL
-ckcapi_attrmatch
-(
-  CK_ATTRIBUTE_PTR a,
-  ckcapiInternalObject *o
-)
+ckcapi_attrmatch(
+    CK_ATTRIBUTE_PTR a,
+    ckcapiInternalObject *o)
 {
-  PRBool prb;
-  const NSSItem *b;
+    PRBool prb;
+    const NSSItem *b;
 
-  b = nss_ckcapi_FetchAttribute(o, a->type);
-  if (b == NULL) {
-    return CK_FALSE;
-  }
+    b = nss_ckcapi_FetchAttribute(o, a->type);
+    if (b == NULL) {
+        return CK_FALSE;
+    }
+
+    if (a->ulValueLen != b->size) {
+        /* match a decoded serial number */
+        if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+            unsigned int len;
+            unsigned char *data;
 
-  if( a->ulValueLen != b->size ) {
-    /* match a decoded serial number */
-    if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
-	unsigned int len;
-	unsigned char *data;
-
-	data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL);
-	if ((len == a->ulValueLen) && 
-		nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
-	    return CK_TRUE;
-	}
+            data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL);
+            if ((len == a->ulValueLen) &&
+                nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+                return CK_TRUE;
+            }
+        }
+        return CK_FALSE;
     }
-    return CK_FALSE;
-  }
 
-  prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+    prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
 
-  if( PR_TRUE == prb ) {
-    return CK_TRUE;
-  } else {
-    return CK_FALSE;
-  }
+    if (PR_TRUE == prb) {
+        return CK_TRUE;
+    }
+    else {
+        return CK_FALSE;
+    }
 }
 
-
 static CK_BBOOL
-ckcapi_match
-(
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  ckcapiInternalObject *o
-)
+ckcapi_match(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject *o)
 {
-  CK_ULONG i;
+    CK_ULONG i;
 
-  for( i = 0; i < ulAttributeCount; i++ ) {
-    if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) {
-      return CK_FALSE;
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) {
+            return CK_FALSE;
+        }
     }
-  }
 
-  /* Every attribute passed */
-  return CK_TRUE;
+    /* Every attribute passed */
+    return CK_TRUE;
 }
 
-#define CKAPI_ITEM_CHUNK  20
+#define CKAPI_ITEM_CHUNK 20
 
-#define PUT_Object(obj,err) \
-  { \
-    if (count >= size) { \
-    *listp = *listp ? \
-		nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
-		               (size+CKAPI_ITEM_CHUNK) ) : \
-		nss_ZNEWARRAY(NULL, ckcapiInternalObject *, \
-		               (size+CKAPI_ITEM_CHUNK) ) ; \
-      if ((ckcapiInternalObject **)NULL == *listp) { \
-        err = CKR_HOST_MEMORY; \
-        goto loser; \
-      } \
-      size += CKAPI_ITEM_CHUNK; \
-    } \
-    (*listp)[ count ] = (obj); \
-    count++; \
-  }
-
+#define PUT_Object(obj, err)                                                  \
+    {                                                                         \
+        if (count >= size) {                                                  \
+            *listp = *listp ?                                                 \
+                            nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
+                                              (size +                         \
+                                               CKAPI_ITEM_CHUNK))             \
+                            :                                                 \
+                            nss_ZNEWARRAY(NULL, ckcapiInternalObject *,       \
+                                          (size +                             \
+                                           CKAPI_ITEM_CHUNK));                \
+            if ((ckcapiInternalObject **)NULL == *listp) {                    \
+                err = CKR_HOST_MEMORY;                                        \
+                goto loser;                                                   \
+            }                                                                 \
+            size += CKAPI_ITEM_CHUNK;                                         \
+        }                                                                     \
+        (*listp)[count] = (obj);                                              \
+        count++;                                                              \
+    }
 
 /*
  * pass parameters back through the callback.
  */
 typedef struct BareCollectParamsStr {
-  CK_OBJECT_CLASS objClass;
-  CK_ATTRIBUTE_PTR pTemplate;
-  CK_ULONG ulAttributeCount;
-  ckcapiInternalObject ***listp;
-  PRUint32 size;
-  PRUint32 count;
+    CK_OBJECT_CLASS objClass;
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG ulAttributeCount;
+    ckcapiInternalObject ***listp;
+    PRUint32 size;
+    PRUint32 count;
 } BareCollectParams;
 
 /* collect_bare's callback. Called for each object that
  * supposedly has a PROVINDER_INFO property */
 static BOOL WINAPI
-doBareCollect
-(
-  const CRYPT_HASH_BLOB *msKeyID,
-  DWORD flags,
-  void *reserved,
-  void *args,
-  DWORD cProp,
-  DWORD *propID,
-  void **propData,
-  DWORD *propSize
-)
+doBareCollect(
+    const CRYPT_HASH_BLOB *msKeyID,
+    DWORD flags,
+    void *reserved,
+    void *args,
+    DWORD cProp,
+    DWORD *propID,
+    void **propData,
+    DWORD *propSize)
 {
-  BareCollectParams *bcp = (BareCollectParams *) args;
-  PRUint32 size = bcp->size;
-  PRUint32 count = bcp->count;
-  ckcapiInternalObject ***listp = bcp->listp;
-  ckcapiInternalObject *io = NULL;
-  DWORD i;
-  CRYPT_KEY_PROV_INFO *keyProvInfo = NULL;
-  void *idData;
-  CK_RV error;
- 
-  /* make sure there is a Key Provider Info property */
-  for (i=0; i < cProp; i++) {
-    if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) {
-	keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i];
-	break;
+    BareCollectParams *bcp = (BareCollectParams *)args;
+    PRUint32 size = bcp->size;
+    PRUint32 count = bcp->count;
+    ckcapiInternalObject ***listp = bcp->listp;
+    ckcapiInternalObject *io = NULL;
+    DWORD i;
+    CRYPT_KEY_PROV_INFO *keyProvInfo = NULL;
+    void *idData;
+    CK_RV error;
+
+    /* make sure there is a Key Provider Info property */
+    for (i = 0; i < cProp; i++) {
+        if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) {
+            keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i];
+            break;
+        }
     }
-  }
-  if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) {
-    return 1;
-  }
+    if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) {
+        return 1;
+    }
 
-  /* copy the key ID */
-  idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData);
-  if ((void *)NULL == idData) {
-     goto loser;
-  }
-  nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData);
+    /* copy the key ID */
+    idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData);
+    if ((void *)NULL == idData) {
+        goto loser;
+    }
+    nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData);
 
-  /* build a bare internal object */  
-  io = nss_ZNEW(NULL, ckcapiInternalObject);
-  if ((ckcapiInternalObject *)NULL == io) {
-     goto loser;
-  }
-  io->type = ckcapiBareKey;
-  io->objClass = bcp->objClass;
-  io->u.key.provInfo = *keyProvInfo;
-  io->u.key.provInfo.pwszContainerName = 
-			nss_ckcapi_WideDup(keyProvInfo->pwszContainerName);
-  io->u.key.provInfo.pwszProvName = 
-			nss_ckcapi_WideDup(keyProvInfo->pwszProvName);
-  io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
-  io->u.key.containerName = 
-                        nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName);
-  io->u.key.hProv = 0;
-  io->idData = idData;
-  io->id.data = idData;
-  io->id.size = msKeyID->cbData;
-  idData = NULL;
+    /* build a bare internal object */
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        goto loser;
+    }
+    io->type = ckcapiBareKey;
+    io->objClass = bcp->objClass;
+    io->u.key.provInfo = *keyProvInfo;
+    io->u.key.provInfo.pwszContainerName =
+        nss_ckcapi_WideDup(keyProvInfo->pwszContainerName);
+    io->u.key.provInfo.pwszProvName =
+        nss_ckcapi_WideDup(keyProvInfo->pwszProvName);
+    io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+    io->u.key.containerName =
+        nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName);
+    io->u.key.hProv = 0;
+    io->idData = idData;
+    io->id.data = idData;
+    io->id.size = msKeyID->cbData;
+    idData = NULL;
 
-  /* see if it matches */ 
-  if( CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io) ) {
-    goto loser;
-  }
-  PUT_Object(io, error);
-  bcp->size = size;
-  bcp->count = count;
-  return 1;
+    /* see if it matches */
+    if (CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io)) {
+        goto loser;
+    }
+    PUT_Object(io, error);
+    bcp->size = size;
+    bcp->count = count;
+    return 1;
 
 loser:
-  if (io) {
-    nss_ckcapi_DestroyInternalObject(io);
-  }
-  nss_ZFreeIf(idData);
-  return 1;
+    if (io) {
+        nss_ckcapi_DestroyInternalObject(io);
+    }
+    nss_ZFreeIf(idData);
+    return 1;
 }
 
 /*
  * collect the bare keys running around
  */
 static PRUint32
 collect_bare(
-  CK_OBJECT_CLASS objClass,
-  CK_ATTRIBUTE_PTR pTemplate, 
-  CK_ULONG ulAttributeCount, 
-  ckcapiInternalObject ***listp,
-  PRUint32 *sizep,
-  PRUint32 count,
-  CK_RV *pError
-)
+    CK_OBJECT_CLASS objClass,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
 {
-  BOOL rc;
-  BareCollectParams bareCollectParams;
+    BOOL rc;
+    BareCollectParams bareCollectParams;
 
-  bareCollectParams.objClass = objClass;
-  bareCollectParams.pTemplate = pTemplate;
-  bareCollectParams.ulAttributeCount = ulAttributeCount;
-  bareCollectParams.listp = listp;
-  bareCollectParams.size = *sizep;
-  bareCollectParams.count = count;
+    bareCollectParams.objClass = objClass;
+    bareCollectParams.pTemplate = pTemplate;
+    bareCollectParams.ulAttributeCount = ulAttributeCount;
+    bareCollectParams.listp = listp;
+    bareCollectParams.size = *sizep;
+    bareCollectParams.count = count;
 
-  rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0,
-       NULL, NULL, &bareCollectParams, doBareCollect);
+    rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0,
+                                          NULL, NULL, &bareCollectParams, doBareCollect);
 
-  *sizep = bareCollectParams.size;
-  return bareCollectParams.count;
+    *sizep = bareCollectParams.size;
+    return bareCollectParams.count;
 }
 
 /* find all the certs that represent the appropriate object (cert, priv key, or
  *  pub key) in the cert store.
  */
 static PRUint32
 collect_class(
-  CK_OBJECT_CLASS objClass,
-  LPCSTR storeStr,
-  PRBool hasID,
-  CK_ATTRIBUTE_PTR pTemplate, 
-  CK_ULONG ulAttributeCount, 
-  ckcapiInternalObject ***listp,
-  PRUint32 *sizep,
-  PRUint32 count,
-  CK_RV *pError
-)
+    CK_OBJECT_CLASS objClass,
+    LPCSTR storeStr,
+    PRBool hasID,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
 {
-  PRUint32 size = *sizep;
-  ckcapiInternalObject *next = NULL;
-  HCERTSTORE hStore;
-  PCCERT_CONTEXT certContext = NULL;
-  PRBool  isKey = 
-     (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY);
+    PRUint32 size = *sizep;
+    ckcapiInternalObject *next = NULL;
+    HCERTSTORE hStore;
+    PCCERT_CONTEXT certContext = NULL;
+    PRBool isKey =
+        (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY);
 
-  hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
-  if (NULL == hStore) {
-     return count; /* none found does not imply an error */
-  }
+    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+    if (NULL == hStore) {
+        return count; /* none found does not imply an error */
+    }
 
-  /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't
+    /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't
    * have to enumerate all the certificates */
-  while ((PCERT_CONTEXT) NULL != 
-         (certContext= CertEnumCertificatesInStore(hStore, certContext))) {
-    /* first filter out non user certs if we are looking for keys */
-    if (isKey) {
-      /* make sure there is a Key Provider Info property */
-      CRYPT_KEY_PROV_INFO *keyProvInfo;
-      DWORD size = 0;
-      BOOL rv;
-      rv =CertGetCertificateContextProperty(certContext,
-        CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
-      if (!rv) {
-	int reason = GetLastError();
-        /* we only care if it exists, we don't really need to fetch it yet */
-	if (reason == CRYPT_E_NOT_FOUND) {
-	  continue;
-	}
-      }
-      /* filter out the non-microsoft providers */
-      keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
-      if (keyProvInfo) {
-        rv =CertGetCertificateContextProperty(certContext,
-          CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size);
-        if (rv) {
-	  char *provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
-          nss_ZFreeIf(keyProvInfo);
+    while ((PCERT_CONTEXT)NULL !=
+           (certContext = CertEnumCertificatesInStore(hStore, certContext))) {
+        /* first filter out non user certs if we are looking for keys */
+        if (isKey) {
+            /* make sure there is a Key Provider Info property */
+            CRYPT_KEY_PROV_INFO *keyProvInfo;
+            DWORD size = 0;
+            BOOL rv;
+            rv = CertGetCertificateContextProperty(certContext,
+                                                   CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
+            if (!rv) {
+                int reason = GetLastError();
+                /* we only care if it exists, we don't really need to fetch it yet */
+                if (reason == CRYPT_E_NOT_FOUND) {
+                    continue;
+                }
+            }
+            /* filter out the non-microsoft providers */
+            keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+            if (keyProvInfo) {
+                rv = CertGetCertificateContextProperty(certContext,
+                                                       CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size);
+                if (rv) {
+                    char *provName =
+                        nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+                    nss_ZFreeIf(keyProvInfo);
 
-	  if (provName && 
-		(strncmp(provName, "Microsoft", sizeof("Microsoft")-1) != 0)) {
-	    continue;
-	  }
-	} else {
-	  int reason = GetLastError();
-          /* we only care if it exists, we don't really need to fetch it yet */
-          nss_ZFreeIf(keyProvInfo);
-	  if (reason == CRYPT_E_NOT_FOUND) {
-	   continue;
-	  }
-	  
+                    if (provName &&
+                        (strncmp(provName, "Microsoft", sizeof("Microsoft") -
+                                                            1) != 0)) {
+                        continue;
+                    }
+                }
+                else {
+                    int reason =
+                        GetLastError();
+                    /* we only care if it exists, we don't really need to fetch it yet */
+                    nss_ZFreeIf(keyProvInfo);
+                    if (reason ==
+                        CRYPT_E_NOT_FOUND) {
+                        continue;
+                    }
+                }
+            }
         }
-      }
-    }
-    
-    if ((ckcapiInternalObject *)NULL == next) {
-      next = nss_ZNEW(NULL, ckcapiInternalObject);
-      if ((ckcapiInternalObject *)NULL == next) {
-        *pError = CKR_HOST_MEMORY;
-        goto loser;
-      }
+
+        if ((ckcapiInternalObject *)NULL == next) {
+            next = nss_ZNEW(NULL, ckcapiInternalObject);
+            if ((ckcapiInternalObject *)NULL == next) {
+                *pError = CKR_HOST_MEMORY;
+                goto loser;
+            }
+        }
+        next->type = ckcapiCert;
+        next->objClass = objClass;
+        next->u.cert.certContext = certContext;
+        next->u.cert.hasID = hasID;
+        next->u.cert.certStore = storeStr;
+        if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next)) {
+            /* clear cached values that may be dependent on our old certContext */
+            memset(&next->u.cert, 0, sizeof(next->u.cert));
+            /* get a 'permanent' context */
+            next->u.cert.certContext = CertDuplicateCertificateContext(certContext);
+            next->objClass = objClass;
+            next->u.cert.certContext = certContext;
+            next->u.cert.hasID = hasID;
+            next->u.cert.certStore = storeStr;
+            PUT_Object(next, *pError);
+            next = NULL; /* need to allocate a new one now */
+        }
+        else {
+            /* don't cache the values we just loaded */
+            memset(&next->u.cert, 0, sizeof(next->u.cert));
+        }
     }
-    next->type = ckcapiCert;
-    next->objClass = objClass;
-    next->u.cert.certContext = certContext;
-    next->u.cert.hasID = hasID;
-    next->u.cert.certStore = storeStr;
-    if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next) ) {
-      /* clear cached values that may be dependent on our old certContext */
-      memset(&next->u.cert, 0, sizeof(next->u.cert));
-      /* get a 'permanent' context */
-      next->u.cert.certContext = CertDuplicateCertificateContext(certContext);
-      next->objClass = objClass;
-      next->u.cert.certContext = certContext;
-      next->u.cert.hasID = hasID;
-      next->u.cert.certStore = storeStr;
-      PUT_Object(next, *pError);
-      next = NULL; /* need to allocate a new one now */
-    } else {
-      /* don't cache the values we just loaded */
-      memset(&next->u.cert, 0, sizeof(next->u.cert));
-    }
-  }
 loser:
-  CertCloseStore(hStore, 0);
-  nss_ZFreeIf(next);
-  *sizep = size;
-  return count;
+    CertCloseStore(hStore, 0);
+    nss_ZFreeIf(next);
+    *sizep = size;
+    return count;
 }
 
 NSS_IMPLEMENT PRUint32
 nss_ckcapi_collect_all_certs(
-  CK_ATTRIBUTE_PTR pTemplate, 
-  CK_ULONG ulAttributeCount, 
-  ckcapiInternalObject ***listp,
-  PRUint32 *sizep,
-  PRUint32 count,
-  CK_RV *pError
-)
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
 {
-  count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate, 
-			ulAttributeCount, listp, sizep, count, pError);
-  /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate, 
+    count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate,
                         ulAttributeCount, listp, sizep, count, pError); */
-  count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate, 
-			ulAttributeCount, listp, sizep, count, pError);
-  count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate, 
-			ulAttributeCount, listp, sizep, count, pError);
-  count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate, 
-			ulAttributeCount, listp, sizep, count, pError);
-  count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate, 
-                        ulAttributeCount, listp, sizep, count, pError);
-  count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate, 
-                        ulAttributeCount, listp, sizep, count, pError);
-  return count;
+    count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    return count;
 }
 
 CK_OBJECT_CLASS
-ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate, 
+ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate,
                       CK_ULONG ulAttributeCount)
 {
-  CK_ULONG i;
+    CK_ULONG i;
 
-  for (i=0; i < ulAttributeCount; i++)
-  {
-    if (pTemplate[i].type == CKA_CLASS) {
-      return *(CK_OBJECT_CLASS *) pTemplate[i].pValue;
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (pTemplate[i].type == CKA_CLASS) {
+            return *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        }
     }
-  }
-  /* need to return a value that says 'fetch them all' */
-  return CK_INVALID_HANDLE;
+    /* need to return a value that says 'fetch them all' */
+    return CK_INVALID_HANDLE;
 }
 
 static PRUint32
 collect_objects(
-  CK_ATTRIBUTE_PTR pTemplate, 
-  CK_ULONG ulAttributeCount, 
-  ckcapiInternalObject ***listp,
-  CK_RV *pError
-)
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    CK_RV *pError)
 {
-  PRUint32 i;
-  PRUint32 count = 0;
-  PRUint32 size = 0;
-  CK_OBJECT_CLASS objClass;
+    PRUint32 i;
+    PRUint32 count = 0;
+    PRUint32 size = 0;
+    CK_OBJECT_CLASS objClass;
 
-  /*
-   * first handle the static build in objects (if any)
-   */
-  for( i = 0; i < nss_ckcapi_nObjects; i++ ) {
-    ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i];
+    /*
+     * first handle the static build in objects (if any)
+     */
+    for (i = 0; i < nss_ckcapi_nObjects; i++) {
+        ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i];
 
-    if( CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o) ) {
-      PUT_Object(o, *pError);
+        if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o)) {
+            PUT_Object(o, *pError);
+        }
     }
-  }
 
-  /*
-   * now handle the various object types
-   */
-  objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount);
-  *pError = CKR_OK;
-  switch (objClass) {
-  case CKO_CERTIFICATE:
-    count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, 
-                              &size, count, pError);
-    break;
-  case CKO_PUBLIC_KEY:
-    count = collect_class(objClass, "My", PR_TRUE, pTemplate, 
-			ulAttributeCount, listp, &size, count, pError);
-    count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
-			&size, count, pError);
-    break;
-  case CKO_PRIVATE_KEY:
-    count = collect_class(objClass, "My", PR_TRUE, pTemplate, 
-			ulAttributeCount, listp, &size, count, pError);
-    count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
-			&size, count, pError);
-    break;
-  /* all of them */
-  case CK_INVALID_HANDLE:
-    count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp, 
-                              &size, count, pError);
-    count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate, 
-			ulAttributeCount, listp, &size, count, pError);
-    count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp,
-			&size, count, pError);
-    count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate, 
-			ulAttributeCount, listp, &size, count, pError);
-    count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp,
-			&size, count, pError);
-    break;
-  default:
-    goto done; /* no other object types we understand in this module */
-  }
-  if (CKR_OK != *pError) {
-    goto loser;
-  }
-
+    /*
+     * now handle the various object types
+     */
+    objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount);
+    *pError = CKR_OK;
+    switch (objClass) {
+        case CKO_CERTIFICATE:
+            count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+                                                 &size, count, pError);
+            break;
+        case CKO_PUBLIC_KEY:
+            count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        case CKO_PRIVATE_KEY:
+            count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        /* all of them */
+        case CK_INVALID_HANDLE:
+            count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+                                                 &size, count, pError);
+            count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        default:
+            goto done; /* no other object types we understand in this module */
+    }
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
 
 done:
-  return count;
+    return count;
 loser:
-  nss_ZFreeIf(*listp);
-  return 0;
+    nss_ZFreeIf(*listp);
+    return 0;
 }
 
-
-
 NSS_IMPLEMENT NSSCKMDFindObjects *
-nss_ckcapi_FindObjectsInit
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+nss_ckcapi_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  /* This could be made more efficient.  I'm rather rushed. */
-  NSSArena *arena;
-  NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
-  struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL;
-  ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL;
+    /* This could be made more efficient.  I'm rather rushed. */
+    NSSArena *arena;
+    NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL;
+    ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL;
 
-  arena = NSSArena_Create();
-  if( (NSSArena *)NULL == arena ) {
-    goto loser;
-  }
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        goto loser;
+    }
 
-  rv = nss_ZNEW(arena, NSSCKMDFindObjects);
-  if( (NSSCKMDFindObjects *)NULL == rv ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  fo = nss_ZNEW(arena, struct ckcapiFOStr);
-  if( (struct ckcapiFOStr *)NULL == fo ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    fo = nss_ZNEW(arena, struct ckcapiFOStr);
+    if ((struct ckcapiFOStr *)NULL == fo) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo->arena = arena;
+    /* fo->n and fo->i are already zero */
 
-  fo->arena = arena;
-  /* fo->n and fo->i are already zero */
+    rv->etc = (void *)fo;
+    rv->Final = ckcapi_mdFindObjects_Final;
+    rv->Next = ckcapi_mdFindObjects_Next;
+    rv->null = (void *)NULL;
 
-  rv->etc = (void *)fo;
-  rv->Final = ckcapi_mdFindObjects_Final;
-  rv->Next = ckcapi_mdFindObjects_Next;
-  rv->null = (void *)NULL;
+    fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
+    if (*pError != CKR_OK) {
+        goto loser;
+    }
 
-  fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
-  if (*pError != CKR_OK) {
-    goto loser;
-  }
+    fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n);
+    if ((ckcapiInternalObject **)NULL == fo->objs) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n);
-  if( (ckcapiInternalObject **)NULL == fo->objs ) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n);
+    nss_ZFreeIf(temp);
+    temp = (ckcapiInternalObject **)NULL;
 
-  (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n);
-  nss_ZFreeIf(temp);
-  temp = (ckcapiInternalObject **)NULL;
+    return rv;
 
-  return rv;
-
- loser:
-  nss_ZFreeIf(temp);
-  nss_ZFreeIf(fo);
-  nss_ZFreeIf(rv);
-  if ((NSSArena *)NULL != arena) {
-     NSSArena_Destroy(arena);
-  }
-  return (NSSCKMDFindObjects *)NULL;
+loser:
+    nss_ZFreeIf(temp);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(rv);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+    return (NSSCKMDFindObjects *)NULL;
 }
-
--- a/lib/ckfw/capi/cinst.c
+++ b/lib/ckfw/capi/cinst.c
@@ -2,110 +2,96 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ckcapi.h"
 
 /*
  * ckcapi/cinstance.c
  *
- * This file implements the NSSCKMDInstance object for the 
+ * This file implements the NSSCKMDInstance object for the
  * "capi" cryptoki module.
  */
 
 /*
  * NSSCKMDInstance methods
  */
 
 static CK_ULONG
-ckcapi_mdInstance_GetNSlots
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (CK_ULONG)1;
+    return (CK_ULONG)1;
 }
 
 static CK_VERSION
-ckcapi_mdInstance_GetCryptokiVersion
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_CryptokiVersion;
+    return nss_ckcapi_CryptokiVersion;
 }
 
 static NSSUTF8 *
-ckcapi_mdInstance_GetManufacturerID
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
 }
 
 static NSSUTF8 *
-ckcapi_mdInstance_GetLibraryDescription
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_LibraryDescription;
+    return (NSSUTF8 *)nss_ckcapi_LibraryDescription;
 }
 
 static CK_VERSION
-ckcapi_mdInstance_GetLibraryVersion
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_LibraryVersion;
+    return nss_ckcapi_LibraryVersion;
 }
 
 static CK_RV
-ckcapi_mdInstance_GetSlots
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKMDSlot *slots[]
-)
+ckcapi_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
 {
-  slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot;
-  return CKR_OK;
+    slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot;
+    return CKR_OK;
 }
 
 static CK_BBOOL
-ckcapi_mdInstance_ModuleHandlesSessionObjects
-(
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdInstance_ModuleHandlesSessionObjects(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  /* we don't want to allow any session object creation, at least
-   * until we can investigate whether or not we can use those objects
-   */
-  return CK_TRUE;
+    /* we don't want to allow any session object creation, at least
+     * until we can investigate whether or not we can use those objects
+     */
+    return CK_TRUE;
 }
 
 NSS_IMPLEMENT_DATA const NSSCKMDInstance
-nss_ckcapi_mdInstance = {
-  (void *)NULL, /* etc */
-  NULL, /* Initialize */
-  NULL, /* Finalize */
-  ckcapi_mdInstance_GetNSlots,
-  ckcapi_mdInstance_GetCryptokiVersion,
-  ckcapi_mdInstance_GetManufacturerID,
-  ckcapi_mdInstance_GetLibraryDescription,
-  ckcapi_mdInstance_GetLibraryVersion,
-  ckcapi_mdInstance_ModuleHandlesSessionObjects, 
-  /*NULL, /* HandleSessionObjects */
-  ckcapi_mdInstance_GetSlots,
-  NULL, /* WaitForSlotEvent */
-  (void *)NULL /* null terminator */
-};
+    nss_ckcapi_mdInstance = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Finalize */
+        ckcapi_mdInstance_GetNSlots,
+        ckcapi_mdInstance_GetCryptokiVersion,
+        ckcapi_mdInstance_GetManufacturerID,
+        ckcapi_mdInstance_GetLibraryDescription,
+        ckcapi_mdInstance_GetLibraryVersion,
+        ckcapi_mdInstance_ModuleHandlesSessionObjects,
+        /*NULL, /* HandleSessionObjects */
+        ckcapi_mdInstance_GetSlots,
+        NULL,        /* WaitForSlotEvent */
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/capi/ckcapi.h
+++ b/lib/ckfw/capi/ckcapi.h
@@ -26,246 +26,217 @@
 #include "wtypes.h"
 #include "wincrypt.h"
 
 /*
  * statically defined raw objects. Allows us to data description objects
  * to this PKCS #11 module.
  */
 struct ckcapiRawObjectStr {
-  CK_ULONG n;
-  const CK_ATTRIBUTE_TYPE *types;
-  const NSSItem *items;
+    CK_ULONG n;
+    const CK_ATTRIBUTE_TYPE *types;
+    const NSSItem *items;
 };
 typedef struct ckcapiRawObjectStr ckcapiRawObject;
 
-
 /*
  * common values needed for both bare keys and cert referenced keys.
  */
 struct ckcapiKeyParamsStr {
-  NSSItem	  modulus;
-  NSSItem	  exponent;
-  NSSItem	  privateExponent;
-  NSSItem	  prime1;
-  NSSItem	  prime2;
-  NSSItem	  exponent1;
-  NSSItem	  exponent2;
-  NSSItem	  coefficient;
-  unsigned char   publicExponentData[sizeof(CK_ULONG)];
-  void		  *privateKey;
-  void		  *pubKey;
+    NSSItem modulus;
+    NSSItem exponent;
+    NSSItem privateExponent;
+    NSSItem prime1;
+    NSSItem prime2;
+    NSSItem exponent1;
+    NSSItem exponent2;
+    NSSItem coefficient;
+    unsigned char publicExponentData[sizeof(CK_ULONG)];
+    void *privateKey;
+    void *pubKey;
 };
 typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
 
 /*
  * Key objects. Handles bare keys which do not yet have certs associated
  * with them. These are usually short lived, but may exist for several days
  * while the CA is issuing the certificate.
  */
 struct ckcapiKeyObjectStr {
-  CRYPT_KEY_PROV_INFO provInfo;
-  char            *provName;
-  char            *containerName;
-  HCRYPTPROV      hProv;
-  ckcapiKeyParams key;
+    CRYPT_KEY_PROV_INFO provInfo;
+    char *provName;
+    char *containerName;
+    HCRYPTPROV hProv;
+    ckcapiKeyParams key;
 };
 typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
 
 /*
  * Certificate and certificate referenced keys.
  */
 struct ckcapiCertObjectStr {
-  PCCERT_CONTEXT  certContext;
-  PRBool          hasID;
-  const char	  *certStore;
-  NSSItem	  label;
-  NSSItem	  subject;
-  NSSItem	  issuer;
-  NSSItem	  serial;
-  NSSItem	  derCert;
-  ckcapiKeyParams key;
-  unsigned char   *labelData;
-  /* static data: to do, make this dynamic like labelData */
-  unsigned char   derSerial[128];
+    PCCERT_CONTEXT certContext;
+    PRBool hasID;
+    const char *certStore;
+    NSSItem label;
+    NSSItem subject;
+    NSSItem issuer;
+    NSSItem serial;
+    NSSItem derCert;
+    ckcapiKeyParams key;
+    unsigned char *labelData;
+    /* static data: to do, make this dynamic like labelData */
+    unsigned char derSerial[128];
 };
 typedef struct ckcapiCertObjectStr ckcapiCertObject;
 
 typedef enum {
-  ckcapiRaw,
-  ckcapiCert,
-  ckcapiBareKey
+    ckcapiRaw,
+    ckcapiCert,
+    ckcapiBareKey
 } ckcapiObjectType;
 
 /*
  * all the various types of objects are abstracted away in cobject and
  * cfind as ckcapiInternalObjects.
  */
 struct ckcapiInternalObjectStr {
-  ckcapiObjectType type;
-  union {
-    ckcapiRawObject  raw;
-    ckcapiCertObject cert;
-    ckcapiKeyObject  key;
-  } u;
-  CK_OBJECT_CLASS objClass;
-  NSSItem	  hashKey;
-  NSSItem	  id;
-  void		  *idData;
-  unsigned char   hashKeyData[128];
-  NSSCKMDObject mdObject;
+    ckcapiObjectType type;
+    union {
+        ckcapiRawObject raw;
+        ckcapiCertObject cert;
+        ckcapiKeyObject key;
+    } u;
+    CK_OBJECT_CLASS objClass;
+    NSSItem hashKey;
+    NSSItem id;
+    void *idData;
+    unsigned char hashKeyData[128];
+    NSSCKMDObject mdObject;
 };
 typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
 
 /* our raw object data array */
 NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
-NSS_EXTERN_DATA const PRUint32               nss_ckcapi_nObjects;
+NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
 
-NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_CryptokiVersion;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_ManufacturerID;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_LibraryDescription;
-NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_LibraryVersion;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_SlotDescription;
-NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_HardwareVersion;
-NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_FirmwareVersion;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenLabel;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenModel;
-NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenSerialNumber;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber;
 
-NSS_EXTERN_DATA const NSSCKMDInstance  nss_ckcapi_mdInstance;
-NSS_EXTERN_DATA const NSSCKMDSlot      nss_ckcapi_mdSlot;
-NSS_EXTERN_DATA const NSSCKMDToken     nss_ckcapi_mdToken;
+NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
 NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
 
 NSS_EXTERN NSSCKMDSession *
-nss_ckcapi_CreateSession
-(
-  NSSCKFWSession *fwSession,
-  CK_RV *pError
-);
+nss_ckcapi_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
 
 NSS_EXTERN NSSCKMDFindObjects *
-nss_ckcapi_FindObjectsInit
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-);
+nss_ckcapi_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
 
 /*
  * Object Utilities
  */
 NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateMDObject
-(
-  NSSArena *arena,
-  ckcapiInternalObject *io,
-  CK_RV *pError
-);
+nss_ckcapi_CreateMDObject(
+    NSSArena *arena,
+    ckcapiInternalObject *io,
+    CK_RV *pError);
 
 NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateObject
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-);
+nss_ckcapi_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
 
 NSS_EXTERN const NSSItem *
-nss_ckcapi_FetchAttribute
-(
-  ckcapiInternalObject *io, 
-  CK_ATTRIBUTE_TYPE type
-);
+nss_ckcapi_FetchAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type);
 
 NSS_EXTERN void
-nss_ckcapi_DestroyInternalObject
-(
-  ckcapiInternalObject *io
-);
+nss_ckcapi_DestroyInternalObject(
+    ckcapiInternalObject *io);
 
 NSS_EXTERN CK_RV
-nss_ckcapi_FetchKeyContainer
-(
-  ckcapiInternalObject *iKey,
-  HCRYPTPROV  *hProv,
-  DWORD       *keySpec,
-  HCRYPTKEY   *hKey
-);
+nss_ckcapi_FetchKeyContainer(
+    ckcapiInternalObject *iKey,
+    HCRYPTPROV *hProv,
+    DWORD *keySpec,
+    HCRYPTKEY *hKey);
 
 /*
  * generic utilities
  */
 
 /*
  * So everyone else in the worlds stores their bignum data MSB first, but not
  * Microsoft, we need to byte swap everything coming into and out of CAPI.
  */
 void
-ckcapi_ReverseData
-(
-  NSSItem *item
-);
+ckcapi_ReverseData(
+    NSSItem *item);
 
 /*
  * unwrap a single DER value
  */
 unsigned char *
-nss_ckcapi_DERUnwrap
-(
-  unsigned char *src, 
-  unsigned int size, 
-  unsigned int *outSize, 
-  unsigned char **next
-);
+nss_ckcapi_DERUnwrap(
+    unsigned char *src,
+    unsigned int size,
+    unsigned int *outSize,
+    unsigned char **next);
 
 /*
  * Return the size in bytes of a wide string
  */
-int 
-nss_ckcapi_WideSize
-(
-  LPCWSTR wide
-);
+int
+nss_ckcapi_WideSize(
+    LPCWSTR wide);
 
 /*
  * Covert a Unicode wide character string to a UTF8 string
  */
 char *
-nss_ckcapi_WideToUTF8
-(
-  LPCWSTR wide 
-);
+nss_ckcapi_WideToUTF8(
+    LPCWSTR wide);
 
 /*
  * Return a Wide String duplicated with nss allocated memory.
  */
 LPWSTR
-nss_ckcapi_WideDup
-(
-  LPCWSTR wide
-);
+nss_ckcapi_WideDup(
+    LPCWSTR wide);
 
 /*
  * Covert a UTF8 string to Unicode wide character
  */
 LPWSTR
-nss_ckcapi_UTF8ToWide
-(
-  char *buf
-);
-
+nss_ckcapi_UTF8ToWide(
+    char *buf);
 
 NSS_EXTERN PRUint32
 nss_ckcapi_collect_all_certs(
-  CK_ATTRIBUTE_PTR pTemplate, 
-  CK_ULONG ulAttributeCount, 
-  ckcapiInternalObject ***listp,
-  PRUint32 *sizep,
-  PRUint32 count,
-  CK_RV *pError
-);
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError);
 
-#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
- 
+#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0])))
+
 #endif
--- a/lib/ckfw/capi/ckcapiver.c
+++ b/lib/ckfw/capi/ckcapiver.c
@@ -9,10 +9,9 @@
 #define _DEBUG_STRING " (debug)"
 #else
 #define _DEBUG_STRING ""
 #endif
 
 /*
  * Version information
  */
-const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store "
-        NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING;
+const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING;
--- a/lib/ckfw/capi/cobject.c
+++ b/lib/ckfw/capi/cobject.c
@@ -71,2235 +71,2169 @@ const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = 
 const PRUint32 pubKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(pubKeyAttrs);
 static const CK_BBOOL ck_true = CK_TRUE;
 static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509;
 static const CK_KEY_TYPE ckk_rsa = CKK_RSA;
 static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
 static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
 static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
-static const NSSItem ckcapi_trueItem = { 
-  (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) };
-static const NSSItem ckcapi_falseItem = { 
-  (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) };
-static const NSSItem ckcapi_x509Item = { 
-  (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) };
-static const NSSItem ckcapi_rsaItem = { 
-  (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE) };
-static const NSSItem ckcapi_certClassItem = { 
-  (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) };
+static const NSSItem ckcapi_trueItem = {
+    (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_falseItem = {
+    (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_x509Item = {
+    (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE)
+};
+static const NSSItem ckcapi_rsaItem = {
+    (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE)
+};
+static const NSSItem ckcapi_certClassItem = {
+    (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
 static const NSSItem ckcapi_privKeyClassItem = {
-  (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS) };
+    (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
 static const NSSItem ckcapi_pubKeyClassItem = {
-  (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS) };
-static const NSSItem ckcapi_emptyItem = { 
-  (void *)&ck_true, 0};
+    (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckcapi_emptyItem = {
+    (void *)&ck_true, 0
+};
 
 /*
  * these are utilities. The chould be moved to a new utilities file.
  */
 
 /*
  * unwrap a single DER value
  */
 unsigned char *
-nss_ckcapi_DERUnwrap
-(
-  unsigned char *src, 
-  unsigned int size, 
-  unsigned int *outSize, 
-  unsigned char **next
-)
+nss_ckcapi_DERUnwrap(
+    unsigned char *src,
+    unsigned int size,
+    unsigned int *outSize,
+    unsigned char **next)
 {
-  unsigned char *start = src;
-  unsigned char *end = src+size;
-  unsigned int len = 0;
+    unsigned char *start = src;
+    unsigned char *end = src + size;
+    unsigned int len = 0;
 
-  /* initialize error condition return values */
-  *outSize = 0;
-  if (next) {
-    *next = src;
-  }
+    /* initialize error condition return values */
+    *outSize = 0;
+    if (next) {
+        *next = src;
+    }
 
-  if (size < 2) {
-    return start;
-  }
-  src++; /* skip the tag -- should check it against an expected value! */
-  len = (unsigned) *src++;
-  if (len & 0x80) {
-    unsigned int count = len & 0x7f;
-    len = 0;
-
-    if (count+2 > size) {
-      return start;
+    if (size < 2) {
+        return start;
     }
-    while (count-- > 0) {
-      len = (len << 8) | (unsigned) *src++;
+    src++; /* skip the tag -- should check it against an expected value! */
+    len = (unsigned)*src++;
+    if (len & 0x80) {
+        unsigned int count = len & 0x7f;
+        len = 0;
+
+        if (count + 2 > size) {
+            return start;
+        }
+        while (count-- > 0) {
+            len = (len << 8) | (unsigned)*src++;
+        }
     }
-  }
-  if (len + (src-start) > size) {
-    return start;
-  }
-  if (next) {
-    *next = src+len;
-  }
-  *outSize = len;
+    if (len + (src - start) > size) {
+        return start;
+    }
+    if (next) {
+        *next = src + len;
+    }
+    *outSize = len;
 
-  return src;
+    return src;
 }
 
 /*
  * convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be
  * less than sizeof (CK_ULONG).
  */
-CK_ULONG  
-nss_ckcapi_DataToInt
-(
-  NSSItem *data,
-  CK_RV *pError
-)
+CK_ULONG
+nss_ckcapi_DataToInt(
+    NSSItem *data,
+    CK_RV *pError)
 {
-  CK_ULONG value = 0;
-  unsigned long count = data->size;
-  unsigned char *dataPtr = data->data;
-  unsigned long size = 0;
+    CK_ULONG value = 0;
+    unsigned long count = data->size;
+    unsigned char *dataPtr = data->data;
+    unsigned long size = 0;
+
+    *pError = CKR_OK;
 
-  *pError = CKR_OK;
-
-  while (count--) {
-    value = value << 8;
-    value = value + *dataPtr++;
-    if (size || value) {
-      size++;
+    while (count--) {
+        value = value << 8;
+        value = value + *dataPtr++;
+        if (size || value) {
+            size++;
+        }
     }
-  }
-  if (size > sizeof(CK_ULONG)) {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-  }
-  return value;
+    if (size > sizeof(CK_ULONG)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    return value;
 }
 
 /*
  * convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf'
  * and must be at least CK_ULONG. Caller must provide buf.
  */
-CK_ULONG  
-nss_ckcapi_IntToData
-(
-  CK_ULONG value,
-  NSSItem *data,
-  unsigned char *dataPtr,
-  CK_RV *pError
-)
+CK_ULONG
+nss_ckcapi_IntToData(
+    CK_ULONG value,
+    NSSItem *data,
+    unsigned char *dataPtr,
+    CK_RV *pError)
 {
-  unsigned long count = 0;
-  unsigned long i;
-#define SHIFT ((sizeof(CK_ULONG)-1)*8)
-  PRBool first = 0;
+    unsigned long count = 0;
+    unsigned long i;
+#define SHIFT ((sizeof(CK_ULONG) - 1) * 8)
+    PRBool first = 0;
 
-  *pError = CKR_OK;
+    *pError = CKR_OK;
 
-  data->data = dataPtr;
-  for (i=0; i < sizeof(CK_ULONG); i++) {
-    unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff);
+    data->data = dataPtr;
+    for (i = 0; i < sizeof(CK_ULONG); i++) {
+        unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff);
 
-    value = value << 8;
+        value = value << 8;
 
-    /* drop leading zero bytes */
-    if (first && (0 == digit)) {
-	continue;
+        /* drop leading zero bytes */
+        if (first && (0 == digit)) {
+            continue;
+        }
+        *dataPtr++ = digit;
+        count++;
     }
-    *dataPtr++ = digit;
-    count++;
-  }
-  data->size = count;
-  return count;
+    data->size = count;
+    return count;
 }
 
 /*
  * get an attribute from a template. Value is returned in NSS item.
  * data for the item is owned by the template.
  */
 CK_RV
-nss_ckcapi_GetAttribute
-(
-  CK_ATTRIBUTE_TYPE type,
-  CK_ATTRIBUTE *template,
-  CK_ULONG templateSize, 
-  NSSItem *item
-)
+nss_ckcapi_GetAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    NSSItem *item)
 {
-  CK_ULONG i;
+    CK_ULONG i;
 
-  for (i=0; i < templateSize; i++) {
-    if (template[i].type == type) {
-      item->data = template[i].pValue;
-      item->size = template[i].ulValueLen;
-      return CKR_OK;
+    for (i = 0; i < templateSize; i++) {
+        if (template[i].type == type) {
+            item->data = template[i].pValue;
+            item->size = template[i].ulValueLen;
+            return CKR_OK;
+        }
     }
-  }
-  return CKR_TEMPLATE_INCOMPLETE;
+    return CKR_TEMPLATE_INCOMPLETE;
 }
 
 /*
  * get an attribute which is type CK_ULONG.
  */
 CK_ULONG
-nss_ckcapi_GetULongAttribute
-(
-  CK_ATTRIBUTE_TYPE type,
-  CK_ATTRIBUTE *template,
-  CK_ULONG templateSize, 
-  CK_RV *pError
-)
+nss_ckcapi_GetULongAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
 {
-  NSSItem item;
+    NSSItem item;
 
-  *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
-  if (CKR_OK != *pError) {
-    return (CK_ULONG) 0;
-  }
-  if (item.size != sizeof(CK_ULONG)) {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-    return (CK_ULONG) 0;
-  }
-  return *(CK_ULONG *)item.data;
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+    if (item.size != sizeof(CK_ULONG)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (CK_ULONG)0;
+    }
+    return *(CK_ULONG *)item.data;
 }
 
 /*
  * get an attribute which is type CK_BBOOL.
  */
 CK_BBOOL
-nss_ckcapi_GetBoolAttribute
-(
-  CK_ATTRIBUTE_TYPE type,
-  CK_ATTRIBUTE *template,
-  CK_ULONG templateSize, 
-  CK_RV *pError
-)
+nss_ckcapi_GetBoolAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
 {
-  NSSItem item;
+    NSSItem item;
 
-  *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
-  if (CKR_OK != *pError) {
-    return (CK_BBOOL) 0;
-  }
-  if (item.size != sizeof(CK_BBOOL)) {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-    return (CK_BBOOL) 0;
-  }
-  return *(CK_BBOOL *)item.data;
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (CK_BBOOL)0;
+    }
+    if (item.size != sizeof(CK_BBOOL)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (CK_BBOOL)0;
+    }
+    return *(CK_BBOOL *)item.data;
 }
 
 /*
  * get an attribute which is type CK_BBOOL.
  */
 char *
-nss_ckcapi_GetStringAttribute
-(
-  CK_ATTRIBUTE_TYPE type,
-  CK_ATTRIBUTE *template,
-  CK_ULONG templateSize, 
-  CK_RV *pError
-)
+nss_ckcapi_GetStringAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
 {
-  NSSItem item;
-  char *str;
+    NSSItem item;
+    char *str;
 
-  /* get the attribute */
-  *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
-  if (CKR_OK != *pError) {
-    return (char *)NULL;
-  }
-  /* make sure it is null terminated */
-  str = nss_ZNEWARRAY(NULL, char, item.size+1);
-  if ((char *)NULL == str) {
-    *pError = CKR_HOST_MEMORY;
-    return (char *)NULL;
-  }
+    /* get the attribute */
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (char *)NULL;
+    }
+    /* make sure it is null terminated */
+    str = nss_ZNEWARRAY(NULL, char, item.size + 1);
+    if ((char *)NULL == str) {
+        *pError = CKR_HOST_MEMORY;
+        return (char *)NULL;
+    }
 
-  nsslibc_memcpy(str, item.data, item.size);
-  str[item.size] = 0;
+    nsslibc_memcpy(str, item.data, item.size);
+    str[item.size] = 0;
 
-  return str;
+    return str;
 }
 
 /*
  * Return the size in bytes of a wide string, including the terminating null
  * character
  */
 int
-nss_ckcapi_WideSize
-(
-  LPCWSTR wide
-)
+nss_ckcapi_WideSize(
+    LPCWSTR wide)
 {
-  DWORD size;
+    DWORD size;
 
-  if ((LPWSTR)NULL == wide) {
-    return 0;
-  }
-  size = wcslen(wide)+1;
-  return size*sizeof(WCHAR);
+    if ((LPWSTR)NULL == wide) {
+        return 0;
+    }
+    size = wcslen(wide) + 1;
+    return size * sizeof(WCHAR);
 }
 
 /*
  * Covert a Unicode wide character string to a UTF8 string
  */
 char *
-nss_ckcapi_WideToUTF8
-(
-  LPCWSTR wide 
-)
+nss_ckcapi_WideToUTF8(
+    LPCWSTR wide)
 {
-  DWORD size;
-  char *buf;
+    DWORD size;
+    char *buf;
 
-  if ((LPWSTR)NULL == wide) {
-    return (char *)NULL;
-  }
+    if ((LPWSTR)NULL == wide) {
+        return (char *)NULL;
+    }
 
-  size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0);
-  if (size == 0) {
-    return (char *)NULL;
-  }
-  buf = nss_ZNEWARRAY(NULL, char, size);
-  size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0);
-  if (size == 0) {
-    nss_ZFreeIf(buf);
-    return (char *)NULL;
-  }
-  return buf;
+    size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0);
+    if (size == 0) {
+        return (char *)NULL;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, size);
+    size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0);
+    if (size == 0) {
+        nss_ZFreeIf(buf);
+        return (char *)NULL;
+    }
+    return buf;
 }
 
 /*
  * Return a Wide String duplicated with nss allocated memory.
  */
 LPWSTR
-nss_ckcapi_WideDup
-(
-  LPCWSTR wide
-)
+nss_ckcapi_WideDup(
+    LPCWSTR wide)
 {
-  DWORD len;
-  LPWSTR buf;
+    DWORD len;
+    LPWSTR buf;
 
-  if ((LPWSTR)NULL == wide) {
-    return (LPWSTR)NULL;
-  }
+    if ((LPWSTR)NULL == wide) {
+        return (LPWSTR)NULL;
+    }
 
-  len = wcslen(wide)+1;
+    len = wcslen(wide) + 1;
 
-  buf = nss_ZNEWARRAY(NULL, WCHAR, len);
-  if ((LPWSTR) NULL == buf) {
+    buf = nss_ZNEWARRAY(NULL, WCHAR, len);
+    if ((LPWSTR)NULL == buf) {
+        return buf;
+    }
+    nsslibc_memcpy(buf, wide, len * sizeof(WCHAR));
     return buf;
-  }
-  nsslibc_memcpy(buf, wide, len*sizeof(WCHAR));
-  return buf;
 }
 
 /*
  * Covert a UTF8 string to Unicode wide character
  */
 LPWSTR
-nss_ckcapi_UTF8ToWide
-(
-  char *buf
-)
+nss_ckcapi_UTF8ToWide(
+    char *buf)
 {
-  DWORD size;
-  LPWSTR wide;
+    DWORD size;
+    LPWSTR wide;
+
+    if ((char *)NULL == buf) {
+        return (LPWSTR)NULL;
+    }
 
-  if ((char *)NULL == buf) {
-    return (LPWSTR) NULL;
-  }
-    
-  size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
-  if (size == 0) {
-    return (LPWSTR) NULL;
-  }
-  wide = nss_ZNEWARRAY(NULL, WCHAR, size);
-  size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
-  if (size == 0) {
-    nss_ZFreeIf(wide);
-    return (LPWSTR) NULL;
-  }
-  return wide;
+    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
+    if (size == 0) {
+        return (LPWSTR)NULL;
+    }
+    wide = nss_ZNEWARRAY(NULL, WCHAR, size);
+    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
+    if (size == 0) {
+        nss_ZFreeIf(wide);
+        return (LPWSTR)NULL;
+    }
+    return wide;
 }
 
-
 /*
  * keep all the knowlege of how the internalObject is laid out in this function
  *
  * nss_ckcapi_FetchKeyContainer
  *
  * fetches the Provider container and info as well as a key handle for a
  * private key. If something other than a private key is passed in,
  * this function fails with CKR_KEY_TYPE_INCONSISTENT
  */
 NSS_EXTERN CK_RV
-nss_ckcapi_FetchKeyContainer
-(
-  ckcapiInternalObject *iKey,
-  HCRYPTPROV *hProv, 
-  DWORD *keySpec,
-  HCRYPTKEY *hKey
-)
+nss_ckcapi_FetchKeyContainer(
+    ckcapiInternalObject *iKey,
+    HCRYPTPROV *hProv,
+    DWORD *keySpec,
+    HCRYPTKEY *hKey)
 {
-  ckcapiCertObject *co;
-  ckcapiKeyObject *ko;
-  BOOL rc, dummy;
-  DWORD msError;
-
+    ckcapiCertObject *co;
+    ckcapiKeyObject *ko;
+    BOOL rc, dummy;
+    DWORD msError;
 
-  switch (iKey->type) {
-  default:
-  case ckcapiRaw:
-     /* can't have raw private keys */
-     return CKR_KEY_TYPE_INCONSISTENT;
-  case ckcapiCert:
-    if (iKey->objClass != CKO_PRIVATE_KEY) {
-      /* Only private keys have private key provider handles */
-      return CKR_KEY_TYPE_INCONSISTENT;
-    }
-    co = &iKey->u.cert;
+    switch (iKey->type) {
+        default:
+        case ckcapiRaw:
+            /* can't have raw private keys */
+            return CKR_KEY_TYPE_INCONSISTENT;
+        case ckcapiCert:
+            if (iKey->objClass != CKO_PRIVATE_KEY) {
+                /* Only private keys have private key provider handles */
+                return CKR_KEY_TYPE_INCONSISTENT;
+            }
+            co = &iKey->u.cert;
 
-    /* OK, get the Provider */
-    rc = CryptAcquireCertificatePrivateKey(co->certContext,
-      CRYPT_ACQUIRE_CACHE_FLAG|CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, hProv, 
-      keySpec, &dummy);
-    if (!rc) {
-      goto loser;
-    }
-    break;
-  case ckcapiBareKey:
-    if (iKey->objClass != CKO_PRIVATE_KEY) {
-       /* Only private keys have private key provider handles */
-       return CKR_KEY_TYPE_INCONSISTENT;
-    }
-    ko = &iKey->u.key;
+            /* OK, get the Provider */
+            rc = CryptAcquireCertificatePrivateKey(co->certContext,
+                                                   CRYPT_ACQUIRE_CACHE_FLAG |
+                                                       CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+                                                   NULL, hProv,
+                                                   keySpec, &dummy);
+            if (!rc) {
+                goto loser;
+            }
+            break;
+        case ckcapiBareKey:
+            if (iKey->objClass != CKO_PRIVATE_KEY) {
+                /* Only private keys have private key provider handles */
+                return CKR_KEY_TYPE_INCONSISTENT;
+            }
+            ko = &iKey->u.key;
 
-    /* OK, get the Provider */
-    if (0 == ko->hProv) {
-      rc = CryptAcquireContext(hProv,
-			       ko->containerName, 
-			       ko->provName,
-                               ko->provInfo.dwProvType , 0);
-      if (!rc) {
-        goto loser;
-      }
-    } else {
-      *hProv = ko->hProv;
+            /* OK, get the Provider */
+            if (0 == ko->hProv) {
+                rc =
+                    CryptAcquireContext(hProv,
+                                        ko->containerName,
+                                        ko->provName,
+                                        ko->provInfo.dwProvType, 0);
+                if (!rc) {
+                    goto loser;
+                }
+            }
+            else {
+                *hProv =
+                    ko->hProv;
+            }
+            *keySpec = ko->provInfo.dwKeySpec;
+            break;
     }
-    *keySpec = ko->provInfo.dwKeySpec;
-    break;
-  }
 
-  /* and get the crypto handle */
-  rc = CryptGetUserKey(*hProv, *keySpec, hKey);
-  if (!rc) {
-    goto loser;
-  }
-  return CKR_OK;
+    /* and get the crypto handle */
+    rc = CryptGetUserKey(*hProv, *keySpec, hKey);
+    if (!rc) {
+        goto loser;
+    }
+    return CKR_OK;
 loser:
-  /* map the microsoft error before leaving */
-  msError = GetLastError();
-  switch (msError) {
-  case ERROR_INVALID_HANDLE:
-  case ERROR_INVALID_PARAMETER:
-  case NTE_BAD_KEY:
-  case NTE_NO_KEY:
-  case NTE_BAD_PUBLIC_KEY:
-  case NTE_BAD_KEYSET:
-  case NTE_KEYSET_NOT_DEF:
-    return CKR_KEY_TYPE_INCONSISTENT;
-  case NTE_BAD_UID:
-  case NTE_KEYSET_ENTRY_BAD:
-    return CKR_DEVICE_ERROR;
-  }
-  return CKR_GENERAL_ERROR;
+    /* map the microsoft error before leaving */
+    msError = GetLastError();
+    switch (msError) {
+        case ERROR_INVALID_HANDLE:
+        case ERROR_INVALID_PARAMETER:
+        case NTE_BAD_KEY:
+        case NTE_NO_KEY:
+        case NTE_BAD_PUBLIC_KEY:
+        case NTE_BAD_KEYSET:
+        case NTE_KEYSET_NOT_DEF:
+            return CKR_KEY_TYPE_INCONSISTENT;
+        case NTE_BAD_UID:
+        case NTE_KEYSET_ENTRY_BAD:
+            return CKR_DEVICE_ERROR;
+    }
+    return CKR_GENERAL_ERROR;
 }
 
-
 /*
  * take a DER PUBLIC Key block and return the modulus and exponent
  */
 static void
-ckcapi_CertPopulateModulusExponent
-(
-  ckcapiInternalObject *io
-)
+ckcapi_CertPopulateModulusExponent(
+    ckcapiInternalObject *io)
 {
-  ckcapiKeyParams *kp = &io->u.cert.key;
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  unsigned char *pkData =
-      certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData;
-  unsigned int size=
-      certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData;
-  unsigned int newSize;
-  unsigned char *ptr, *newptr;
+    ckcapiKeyParams *kp = &io->u.cert.key;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    unsigned char *pkData =
+        certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData;
+    unsigned int size =
+        certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData;
+    unsigned int newSize;
+    unsigned char *ptr, *newptr;
 
-  /* find the start of the modulus -- this will not give good results if
-   * the key isn't an rsa key! */
-  ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL);
-  kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize, 
-                                           &kp->modulus.size, &newptr);
-  /* changed from signed to unsigned int */
-  if (0 == *(char *)kp->modulus.data) {
-    kp->modulus.data = ((char *)kp->modulus.data)+1;
-    kp->modulus.size = kp->modulus.size - 1;
-  }
-  /* changed from signed to unsigned int */
-  kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr-ptr)+newSize, 
-						&kp->exponent.size, NULL);
-  if (0 == *(char *)kp->exponent.data) {
-    kp->exponent.data = ((char *)kp->exponent.data)+1;
-    kp->exponent.size = kp->exponent.size - 1;
-  }
-  return;
+    /* find the start of the modulus -- this will not give good results if
+     * the key isn't an rsa key! */
+    ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL);
+    kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize,
+                                            &kp->modulus.size, &newptr);
+    /* changed from signed to unsigned int */
+    if (0 == *(char *)kp->modulus.data) {
+        kp->modulus.data = ((char *)kp->modulus.data) + 1;
+        kp->modulus.size = kp->modulus.size - 1;
+    }
+    /* changed from signed to unsigned int */
+    kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr - ptr) + newSize,
+                                             &kp->exponent.size, NULL);
+    if (0 == *(char *)kp->exponent.data) {
+        kp->exponent.data = ((char *)kp->exponent.data) + 1;
+        kp->exponent.size = kp->exponent.size - 1;
+    }
+    return;
 }
 
 typedef struct _CAPI_RSA_KEY_BLOB {
-  PUBLICKEYSTRUC header;
-  RSAPUBKEY  rsa;
-  char	     data[1];
+    PUBLICKEYSTRUC header;
+    RSAPUBKEY rsa;
+    char data[1];
 } CAPI_RSA_KEY_BLOB;
 
-#define CAPI_MODULUS_OFFSET(modSize)     0
-#define CAPI_PRIME_1_OFFSET(modSize)     (modSize)
-#define CAPI_PRIME_2_OFFSET(modSize)     ((modSize)+(modSize)/2)
-#define CAPI_EXPONENT_1_OFFSET(modSize)  ((modSize)*2)
-#define CAPI_EXPONENT_2_OFFSET(modSize)  ((modSize)*2+(modSize)/2)
+#define CAPI_MODULUS_OFFSET(modSize) 0
+#define CAPI_PRIME_1_OFFSET(modSize) (modSize)
+#define CAPI_PRIME_2_OFFSET(modSize) ((modSize) + (modSize) / 2)
+#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2)
+#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2 + (modSize) / 2)
 #define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3)
-#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3+(modSize)/2)
+#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3 + (modSize) / 2)
 
 void
-ckcapi_FetchPublicKey
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchPublicKey(
+    ckcapiInternalObject *io)
 {
-  ckcapiKeyParams *kp;
-  HCRYPTPROV hProv;
-  DWORD keySpec;
-  HCRYPTKEY hKey = 0;
-  CK_RV error;
-  DWORD bufLen;
-  BOOL rc;
-  unsigned long modulus;
-  char *buf = NULL;
-  CAPI_RSA_KEY_BLOB *blob;
+    ckcapiKeyParams *kp;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey = 0;
+    CK_RV error;
+    DWORD bufLen;
+    BOOL rc;
+    unsigned long modulus;
+    char *buf = NULL;
+    CAPI_RSA_KEY_BLOB *blob;
 
-  error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
-  if (CKR_OK != error) {
-    goto loser;
-  }
-  kp = (ckcapiCert == io->type) ?  &io->u.cert.key : &io->u.key.key;
+    error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
 
-  rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
-  if (!rc) {
-    goto loser;
-  }
-  buf = nss_ZNEWARRAY(NULL, char, bufLen);
-  rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
-  if (!rc) {
-    goto loser;
-  }
-  /* validate the blob */
-  blob = (CAPI_RSA_KEY_BLOB *)buf;
-  if ((PUBLICKEYBLOB != blob->header.bType) ||
-      (0x02 != blob->header.bVersion) ||
-      (0x31415352 != blob->rsa.magic)) {
-    goto loser;
-  }
-  modulus = blob->rsa.bitlen/8;
-  kp->pubKey = buf;
-  buf = NULL;
+    rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, bufLen);
+    rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    /* validate the blob */
+    blob = (CAPI_RSA_KEY_BLOB *)buf;
+    if ((PUBLICKEYBLOB != blob->header.bType) ||
+        (0x02 != blob->header.bVersion) ||
+        (0x31415352 != blob->rsa.magic)) {
+        goto loser;
+    }
+    modulus = blob->rsa.bitlen / 8;
+    kp->pubKey = buf;
+    buf = NULL;
 
-  kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)];
-  kp->modulus.size = modulus;
-  ckcapi_ReverseData(&kp->modulus);
-  nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent,
-                     kp->publicExponentData, &error);
+    kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)];
+    kp->modulus.size = modulus;
+    ckcapi_ReverseData(&kp->modulus);
+    nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent,
+                         kp->publicExponentData, &error);
 
 loser:
-  nss_ZFreeIf(buf);
-  if (0 != hKey) {
-     CryptDestroyKey(hKey);
-  }
-  return;
+    nss_ZFreeIf(buf);
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return;
 }
 
 void
-ckcapi_FetchPrivateKey
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchPrivateKey(
+    ckcapiInternalObject *io)
 {
-  ckcapiKeyParams *kp;
-  HCRYPTPROV hProv;
-  DWORD keySpec;
-  HCRYPTKEY hKey = 0;
-  CK_RV error;
-  DWORD bufLen;
-  BOOL rc;
-  unsigned long modulus;
-  char *buf = NULL;
-  CAPI_RSA_KEY_BLOB *blob;
+    ckcapiKeyParams *kp;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey = 0;
+    CK_RV error;
+    DWORD bufLen;
+    BOOL rc;
+    unsigned long modulus;
+    char *buf = NULL;
+    CAPI_RSA_KEY_BLOB *blob;
 
-  error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
-  if (CKR_OK != error) {
-    goto loser;
-  }
-  kp = (ckcapiCert == io->type) ?  &io->u.cert.key : &io->u.key.key;
+    error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
 
-  rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
-  if (!rc) {
-    goto loser;
-  }
-  buf = nss_ZNEWARRAY(NULL, char, bufLen);
-  rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
-  if (!rc) {
-    goto loser;
-  }
-  /* validate the blob */
-  blob = (CAPI_RSA_KEY_BLOB *)buf;
-  if ((PRIVATEKEYBLOB != blob->header.bType) ||
-      (0x02 != blob->header.bVersion) ||
-      (0x32415352 != blob->rsa.magic)) {
-    goto loser;
-  }
-  modulus = blob->rsa.bitlen/8;
-  kp->privateKey = buf;
-  buf = NULL;
+    rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, bufLen);
+    rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    /* validate the blob */
+    blob = (CAPI_RSA_KEY_BLOB *)buf;
+    if ((PRIVATEKEYBLOB != blob->header.bType) ||
+        (0x02 != blob->header.bVersion) ||
+        (0x32415352 != blob->rsa.magic)) {
+        goto loser;
+    }
+    modulus = blob->rsa.bitlen / 8;
+    kp->privateKey = buf;
+    buf = NULL;
 
-  kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)];
-  kp->privateExponent.size = modulus;
-  ckcapi_ReverseData(&kp->privateExponent);
-  kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)];
-  kp->prime1.size = modulus/2;
-  ckcapi_ReverseData(&kp->prime1);
-  kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)];
-  kp->prime2.size = modulus/2;
-  ckcapi_ReverseData(&kp->prime2);
-  kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)];
-  kp->exponent1.size = modulus/2;
-  ckcapi_ReverseData(&kp->exponent1);
-  kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)];
-  kp->exponent2.size = modulus/2;
-  ckcapi_ReverseData(&kp->exponent2);
-  kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)];
-  kp->coefficient.size = modulus/2;
-  ckcapi_ReverseData(&kp->coefficient);
+    kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)];
+    kp->privateExponent.size = modulus;
+    ckcapi_ReverseData(&kp->privateExponent);
+    kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)];
+    kp->prime1.size = modulus / 2;
+    ckcapi_ReverseData(&kp->prime1);
+    kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)];
+    kp->prime2.size = modulus / 2;
+    ckcapi_ReverseData(&kp->prime2);
+    kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)];
+    kp->exponent1.size = modulus / 2;
+    ckcapi_ReverseData(&kp->exponent1);
+    kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)];
+    kp->exponent2.size = modulus / 2;
+    ckcapi_ReverseData(&kp->exponent2);
+    kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)];
+    kp->coefficient.size = modulus / 2;
+    ckcapi_ReverseData(&kp->coefficient);
 
 loser:
-  nss_ZFreeIf(buf);
-  if (0 != hKey) {
-     CryptDestroyKey(hKey);
-  }
-  return;
+    nss_ZFreeIf(buf);
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return;
 }
 
-
 void
-ckcapi_PopulateModulusExponent
-(
-  ckcapiInternalObject *io
-)
+ckcapi_PopulateModulusExponent(
+    ckcapiInternalObject *io)
 {
-  if (ckcapiCert == io->type) {
-    ckcapi_CertPopulateModulusExponent(io);
-  } else {
-    ckcapi_FetchPublicKey(io);
-  } 
-  return;
+    if (ckcapiCert == io->type) {
+        ckcapi_CertPopulateModulusExponent(io);
+    }
+    else {
+        ckcapi_FetchPublicKey(io);
+    }
+    return;
 }
 
 /*
  * fetch the friendly name attribute.
  * can only be called with ckcapiCert type objects!
  */
 void
-ckcapi_FetchLabel
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchLabel(
+    ckcapiInternalObject *io)
 {
-  ckcapiCertObject *co = &io->u.cert;
-  char *label;
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  char labelDataUTF16[128];
-  DWORD size = sizeof(labelDataUTF16);
-  DWORD size8 = sizeof(co->labelData);
-  BOOL rv;
+    ckcapiCertObject *co = &io->u.cert;
+    char *label;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    char labelDataUTF16[128];
+    DWORD size = sizeof(labelDataUTF16);
+    DWORD size8 = sizeof(co->labelData);
+    BOOL rv;
 
-  rv = CertGetCertificateContextProperty(certContext,
-	CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size);
-  if (rv) {
-    co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
-    if ((CHAR *)NULL == co->labelData) {
-      rv = 0;
-    } else {
-      size = strlen(co->labelData);
+    rv = CertGetCertificateContextProperty(certContext,
+                                           CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size);
+    if (rv) {
+        co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
+        if ((CHAR *)NULL == co->labelData) {
+            rv = 0;
+        }
+        else {
+            size = strlen(co->labelData);
+        }
     }
-  }
-  label = co->labelData;
-  /* we are presuming a user cert, make sure it has a nickname, even if
-   * Microsoft never gave it one */
-  if (!rv && co->hasID) {
-    DWORD mserror = GetLastError();
+    label = co->labelData;
+    /* we are presuming a user cert, make sure it has a nickname, even if
+     * Microsoft never gave it one */
+    if (!rv && co->hasID) {
+        DWORD mserror = GetLastError();
 #define DEFAULT_NICKNAME "no Microsoft nickname"
-    label = DEFAULT_NICKNAME;
-    size = sizeof(DEFAULT_NICKNAME);
-    rv = 1;
-  }
-    
-  if (rv) {
-    co->label.data = label;
-    co->label.size = size;
-  }
-  return;
+        label = DEFAULT_NICKNAME;
+        size = sizeof(DEFAULT_NICKNAME);
+        rv = 1;
+    }
+
+    if (rv) {
+        co->label.data = label;
+        co->label.size = size;
+    }
+    return;
 }
 
 void
-ckcapi_FetchSerial
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchSerial(
+    ckcapiInternalObject *io)
 {
-  ckcapiCertObject *co = &io->u.cert;
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  DWORD size = sizeof(co->derSerial);
+    ckcapiCertObject *co = &io->u.cert;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = sizeof(co->derSerial);
 
-  BOOL rc = CryptEncodeObject(X509_ASN_ENCODING,
-                         X509_MULTI_BYTE_INTEGER,
-                         &certContext->pCertInfo->SerialNumber,
-			 co->derSerial,
-                         &size);
-  if (rc) {
-    co->serial.data = co->derSerial;
-    co->serial.size = size;
-  }
-  return;
+    BOOL rc = CryptEncodeObject(X509_ASN_ENCODING,
+                                X509_MULTI_BYTE_INTEGER,
+                                &certContext->pCertInfo->SerialNumber,
+                                co->derSerial,
+                                &size);
+    if (rc) {
+        co->serial.data = co->derSerial;
+        co->serial.size = size;
+    }
+    return;
 }
 
 /*
  * fetch the key ID.
  */
 void
-ckcapi_FetchID
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchID(
+    ckcapiInternalObject *io)
 {
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  DWORD size = 0;
-  BOOL rc;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = 0;
+    BOOL rc;
 
-  rc = CertGetCertificateContextProperty(certContext,
-	CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
-  if (!rc) {
+    rc = CertGetCertificateContextProperty(certContext,
+                                           CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+    if (!rc) {
+        return;
+    }
+    io->idData = nss_ZNEWARRAY(NULL, char, size);
+    if (io->idData == NULL) {
+        return;
+    }
+
+    rc = CertGetCertificateContextProperty(certContext,
+                                           CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size);
+    if (!rc) {
+        nss_ZFreeIf(io->idData);
+        io->idData = NULL;
+        return;
+    }
+    io->id.data = io->idData;
+    io->id.size = size;
     return;
-  }
-  io->idData = nss_ZNEWARRAY(NULL, char, size);
-  if (io->idData == NULL) {
-    return;
-  }
-
-  rc = CertGetCertificateContextProperty(certContext,
-	CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size);
-  if (!rc) {
-    nss_ZFreeIf(io->idData);
-    io->idData = NULL;
-    return;
-  }
-  io->id.data = io->idData;
-  io->id.size = size;
-  return;
 }
 
 /*
  * fetch the hash key.
  */
 void
-ckcapi_CertFetchHashKey
-(
-  ckcapiInternalObject *io
-)
+ckcapi_CertFetchHashKey(
+    ckcapiInternalObject *io)
 {
-  ckcapiCertObject *co = &io->u.cert;
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  DWORD size = certContext->cbCertEncoded;
-  DWORD max = sizeof(io->hashKeyData)-1;
-  DWORD offset = 0;
+    ckcapiCertObject *co = &io->u.cert;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = certContext->cbCertEncoded;
+    DWORD max = sizeof(io->hashKeyData) - 1;
+    DWORD offset = 0;
 
-  /* make sure we don't over flow. NOTE: cutting the top of a cert is
-   * not a big issue because the signature for will be unique for the cert */
-  if (size > max) {
-    offset = size - max;
-    size = max;
-  }
+    /* make sure we don't over flow. NOTE: cutting the top of a cert is
+     * not a big issue because the signature for will be unique for the cert */
+    if (size > max) {
+        offset = size - max;
+        size = max;
+    }
 
-  nsslibc_memcpy(io->hashKeyData,certContext->pbCertEncoded+offset, size);
-  io->hashKeyData[size] = (char)(io->objClass & 0xff);
+    nsslibc_memcpy(io->hashKeyData, certContext->pbCertEncoded + offset, size);
+    io->hashKeyData[size] = (char)(io->objClass & 0xff);
 
-  io->hashKey.data = io->hashKeyData;
-  io->hashKey.size = size+1;
-  return;
+    io->hashKey.data = io->hashKeyData;
+    io->hashKey.size = size + 1;
+    return;
 }
 
 /*
  * fetch the hash key.
  */
 void
-ckcapi_KeyFetchHashKey
-(
-  ckcapiInternalObject *io
-)
+ckcapi_KeyFetchHashKey(
+    ckcapiInternalObject *io)
 {
-  ckcapiKeyObject *ko = &io->u.key;
-  DWORD size;
-  DWORD max = sizeof(io->hashKeyData)-2;
-  DWORD offset = 0;
-  DWORD provLen = strlen(ko->provName);
-  DWORD containerLen = strlen(ko->containerName);
+    ckcapiKeyObject *ko = &io->u.key;
+    DWORD size;
+    DWORD max = sizeof(io->hashKeyData) - 2;
+    DWORD offset = 0;
+    DWORD provLen = strlen(ko->provName);
+    DWORD containerLen = strlen(ko->containerName);
 
- 
-  size = provLen + containerLen; 
+    size = provLen + containerLen;
 
-  /* make sure we don't overflow, try to keep things unique */
-  if (size > max) {
-    DWORD diff = ((size - max)+1)/2;
-    provLen -= diff;
-    containerLen -= diff;
-    size = provLen+containerLen;
-  }
+    /* make sure we don't overflow, try to keep things unique */
+    if (size > max) {
+        DWORD diff = ((size - max) + 1) / 2;
+        provLen -= diff;
+        containerLen -= diff;
+        size = provLen + containerLen;
+    }
 
-  nsslibc_memcpy(io->hashKeyData, ko->provName, provLen);
-  nsslibc_memcpy(&io->hashKeyData[provLen],
-                 ko->containerName,
-		 containerLen);
-  io->hashKeyData[size] = (char)(io->objClass & 0xff);
-  io->hashKeyData[size+1] = (char)(ko->provInfo.dwKeySpec & 0xff);
+    nsslibc_memcpy(io->hashKeyData, ko->provName, provLen);
+    nsslibc_memcpy(&io->hashKeyData[provLen],
+                   ko->containerName,
+                   containerLen);
+    io->hashKeyData[size] = (char)(io->objClass & 0xff);
+    io->hashKeyData[size + 1] = (char)(ko->provInfo.dwKeySpec & 0xff);
 
-  io->hashKey.data = io->hashKeyData;
-  io->hashKey.size = size+2;
-  return;
+    io->hashKey.data = io->hashKeyData;
+    io->hashKey.size = size + 2;
+    return;
 }
 
 /*
  * fetch the hash key.
  */
 void
-ckcapi_FetchHashKey
-(
-  ckcapiInternalObject *io
-)
+ckcapi_FetchHashKey(
+    ckcapiInternalObject *io)
 {
-  if (ckcapiCert == io->type) {
-    ckcapi_CertFetchHashKey(io);
-  } else {
-    ckcapi_KeyFetchHashKey(io);
-  } 
-  return;
-}
- 
-const NSSItem *
-ckcapi_FetchCertAttribute
-(
-  ckcapiInternalObject *io,
-  CK_ATTRIBUTE_TYPE type
-)
-{
-  PCCERT_CONTEXT certContext = io->u.cert.certContext;
-  switch(type) {
-  case CKA_CLASS:
-    return &ckcapi_certClassItem;
-  case CKA_TOKEN:
-    return &ckcapi_trueItem;
-  case CKA_MODIFIABLE:
-  case CKA_PRIVATE:
-    return &ckcapi_falseItem;
-  case CKA_CERTIFICATE_TYPE:
-    return &ckcapi_x509Item;
-  case CKA_LABEL:
-    if (0 == io->u.cert.label.size) {
-      ckcapi_FetchLabel(io);
+    if (ckcapiCert == io->type) {
+        ckcapi_CertFetchHashKey(io);
+    }
+    else {
+        ckcapi_KeyFetchHashKey(io);
     }
-    return &io->u.cert.label;
-  case CKA_SUBJECT:
-    if (0 == io->u.cert.subject.size) {
-      io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
-      io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
-    }
-    return &io->u.cert.subject;
-  case CKA_ISSUER:
-    if (0 == io->u.cert.issuer.size) {
-      io->u.cert.issuer.data = certContext->pCertInfo->Issuer.pbData;
-      io->u.cert.issuer.size = certContext->pCertInfo->Issuer.cbData;
-    }
-    return &io->u.cert.issuer;
-  case CKA_SERIAL_NUMBER:
-    if (0 == io->u.cert.serial.size) {
-      /* not exactly right. This should be the encoded serial number, but
-       * it's the decoded serial number! */
-      ckcapi_FetchSerial(io);
+    return;
+}
+
+const NSSItem *
+ckcapi_FetchCertAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
+{
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_certClassItem;
+        case CKA_TOKEN:
+            return &ckcapi_trueItem;
+        case CKA_MODIFIABLE:
+        case CKA_PRIVATE:
+            return &ckcapi_falseItem;
+        case CKA_CERTIFICATE_TYPE:
+            return &ckcapi_x509Item;
+        case CKA_LABEL:
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (0 == io->u.cert.subject.size) {
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_ISSUER:
+            if (0 == io->u.cert.issuer.size) {
+                io->u.cert.issuer.data =
+                    certContext->pCertInfo->Issuer.pbData;
+                io->u.cert.issuer.size =
+                    certContext->pCertInfo->Issuer.cbData;
+            }
+            return &io->u.cert.issuer;
+        case CKA_SERIAL_NUMBER:
+            if (0 == io->u.cert.serial.size) {
+                /* not exactly right. This should be the encoded serial number, but
+                 * it's the decoded serial number! */
+                ckcapi_FetchSerial(io);
+            }
+            return &io->u.cert.serial;
+        case CKA_VALUE:
+            if (0 == io->u.cert.derCert.size) {
+                io->u.cert.derCert.data =
+                    io->u.cert.certContext->pbCertEncoded;
+                io->u.cert.derCert.size =
+                    io->u.cert.certContext->cbCertEncoded;
+            }
+            return &io->u.cert.derCert;
+        case CKA_ID:
+            if (!io->u.cert.hasID) {
+                return NULL;
+            }
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            break;
     }
-    return &io->u.cert.serial;
-  case CKA_VALUE:
-    if (0 == io->u.cert.derCert.size) {
-      io->u.cert.derCert.data = io->u.cert.certContext->pbCertEncoded;
-      io->u.cert.derCert.size = io->u.cert.certContext->cbCertEncoded;
-    }
-    return &io->u.cert.derCert;
-  case CKA_ID:
-    if (!io->u.cert.hasID) {
-      return NULL;
-    }
-    if (0 == io->id.size) {
-      ckcapi_FetchID(io);
-    }
-    return &io->id;
-  default:
-    break;
-  }
-  return NULL;
+    return NULL;
 }
 
 const NSSItem *
-ckcapi_FetchPubKeyAttribute
-(
-  ckcapiInternalObject *io, 
-  CK_ATTRIBUTE_TYPE type
-)
+ckcapi_FetchPubKeyAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
 {
-  PRBool isCertType = (ckcapiCert == io->type);
-  ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
-  
-  switch(type) {
-  case CKA_CLASS:
-    return &ckcapi_pubKeyClassItem;
-  case CKA_TOKEN:
-  case CKA_LOCAL:
-  case CKA_ENCRYPT:
-  case CKA_VERIFY:
-  case CKA_VERIFY_RECOVER:
-    return &ckcapi_trueItem;
-  case CKA_PRIVATE:
-  case CKA_MODIFIABLE:
-  case CKA_DERIVE:
-  case CKA_WRAP:
-    return &ckcapi_falseItem;
-  case CKA_KEY_TYPE:
-    return &ckcapi_rsaItem;
-  case CKA_LABEL:
-    if (!isCertType) {
-      return &ckcapi_emptyItem;
+    PRBool isCertType = (ckcapiCert == io->type);
+    ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_pubKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+            return &ckcapi_trueItem;
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+        case CKA_DERIVE:
+        case CKA_WRAP:
+            return &ckcapi_falseItem;
+        case CKA_KEY_TYPE:
+            return &ckcapi_rsaItem;
+        case CKA_LABEL:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.subject.size) {
+                PCCERT_CONTEXT certContext =
+                    io->u.cert.certContext;
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_MODULUS:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->modulus;
+        case CKA_PUBLIC_EXPONENT:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->exponent;
+        case CKA_ID:
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            break;
     }
-    if (0 == io->u.cert.label.size) {
-      ckcapi_FetchLabel(io);
-    }
-    return &io->u.cert.label;
-  case CKA_SUBJECT:
-    if (!isCertType) {
-      return &ckcapi_emptyItem;
-    }
-    if (0 == io->u.cert.subject.size) {
-      PCCERT_CONTEXT certContext= io->u.cert.certContext;
-      io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
-      io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
-    }
-    return &io->u.cert.subject;
-  case CKA_MODULUS:
-    if (0 == kp->modulus.size) {
-	ckcapi_PopulateModulusExponent(io);
-    }
-    return &kp->modulus;
-  case CKA_PUBLIC_EXPONENT:
-    if (0 == kp->modulus.size) {
-	ckcapi_PopulateModulusExponent(io);
-    }
-    return &kp->exponent;
-  case CKA_ID:
-    if (0 == io->id.size) {
-      ckcapi_FetchID(io);
-    }
-    return &io->id;
-  default:
-    break;
-  }
-  return NULL;
+    return NULL;
 }
 
 const NSSItem *
-ckcapi_FetchPrivKeyAttribute
-(
-  ckcapiInternalObject *io, 
-  CK_ATTRIBUTE_TYPE type
-)
+ckcapi_FetchPrivKeyAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
 {
-  PRBool isCertType = (ckcapiCert == io->type);
-  ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+    PRBool isCertType = (ckcapiCert == io->type);
+    ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
 
-  switch(type) {
-  case CKA_CLASS:
-    return &ckcapi_privKeyClassItem;
-  case CKA_TOKEN:
-  case CKA_LOCAL:
-  case CKA_SIGN:
-  case CKA_DECRYPT:
-  case CKA_SIGN_RECOVER:
-    return &ckcapi_trueItem;
-  case CKA_SENSITIVE:
-  case CKA_PRIVATE:    /* should move in the future */
-  case CKA_MODIFIABLE:
-  case CKA_DERIVE:
-  case CKA_UNWRAP:
-  case CKA_EXTRACTABLE: /* will probably move in the future */
-  case CKA_ALWAYS_SENSITIVE:
-  case CKA_NEVER_EXTRACTABLE:
-    return &ckcapi_falseItem;
-  case CKA_KEY_TYPE:
-    return &ckcapi_rsaItem;
-  case CKA_LABEL:
-    if (!isCertType) {
-      return &ckcapi_emptyItem;
-    }
-    if (0 == io->u.cert.label.size) {
-      ckcapi_FetchLabel(io);
-    }
-    return &io->u.cert.label;
-  case CKA_SUBJECT:
-    if (!isCertType) {
-      return &ckcapi_emptyItem;
-    }
-    if (0 == io->u.cert.subject.size) {
-      PCCERT_CONTEXT certContext= io->u.cert.certContext;
-      io->u.cert.subject.data = certContext->pCertInfo->Subject.pbData;
-      io->u.cert.subject.size = certContext->pCertInfo->Subject.cbData;
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_privKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+        case CKA_SIGN:
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+            return &ckcapi_trueItem;
+        case CKA_SENSITIVE:
+        case CKA_PRIVATE: /* should move in the future */
+        case CKA_MODIFIABLE:
+        case CKA_DERIVE:
+        case CKA_UNWRAP:
+        case CKA_EXTRACTABLE: /* will probably move in the future */
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+            return &ckcapi_falseItem;
+        case CKA_KEY_TYPE:
+            return &ckcapi_rsaItem;
+        case CKA_LABEL:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.subject.size) {
+                PCCERT_CONTEXT certContext =
+                    io->u.cert.certContext;
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_MODULUS:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->modulus;
+        case CKA_PUBLIC_EXPONENT:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->exponent;
+        case CKA_PRIVATE_EXPONENT:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->privateExponent;
+        case CKA_PRIME_1:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->prime1;
+        case CKA_PRIME_2:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->prime2;
+        case CKA_EXPONENT_1:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->exponent1;
+        case CKA_EXPONENT_2:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->exponent2;
+        case CKA_COEFFICIENT:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->coefficient;
+        case CKA_ID:
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            return NULL;
     }
-    return &io->u.cert.subject;
-  case CKA_MODULUS:
-    if (0 == kp->modulus.size) {
-      ckcapi_PopulateModulusExponent(io);
-    }
-    return &kp->modulus;
-  case CKA_PUBLIC_EXPONENT:
-    if (0 == kp->modulus.size) {
-      ckcapi_PopulateModulusExponent(io);
-    }
-    return &kp->exponent;
-  case CKA_PRIVATE_EXPONENT:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->privateExponent;
-  case CKA_PRIME_1:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->prime1;
-  case CKA_PRIME_2:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->prime2;
-  case CKA_EXPONENT_1:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->exponent1;
-  case CKA_EXPONENT_2:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->exponent2;
-  case CKA_COEFFICIENT:
-    if (0 == kp->privateExponent.size) {
-      ckcapi_FetchPrivateKey(io);
-    }
-    return &kp->coefficient;
-  case CKA_ID:
-    if (0 == io->id.size) {
-      ckcapi_FetchID(io);
-    }
-    return &io->id;
-  default:
-    return NULL;
-  }
 }
 
 const NSSItem *
-nss_ckcapi_FetchAttribute
-(
-  ckcapiInternalObject *io, 
-  CK_ATTRIBUTE_TYPE type
-)
+nss_ckcapi_FetchAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
 {
-  CK_ULONG i;
+    CK_ULONG i;
 
-  if (io->type == ckcapiRaw) {
-    for( i = 0; i < io->u.raw.n; i++ ) {
-      if( type == io->u.raw.types[i] ) {
-        return &io->u.raw.items[i];
-      }
+    if (io->type == ckcapiRaw) {
+        for (i = 0; i < io->u.raw.n; i++) {
+            if (type == io->u.raw.types[i]) {
+                return &io->u.raw.items[i];
+            }
+        }
+        return NULL;
+    }
+    /* deal with the common attributes */
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            return ckcapi_FetchCertAttribute(io, type);
+        case CKO_PRIVATE_KEY:
+            return ckcapi_FetchPrivKeyAttribute(io, type);
+        case CKO_PUBLIC_KEY:
+            return ckcapi_FetchPubKeyAttribute(io, type);
     }
     return NULL;
-  }
-  /* deal with the common attributes */
-  switch (io->objClass) {
-  case CKO_CERTIFICATE:
-   return ckcapi_FetchCertAttribute(io, type); 
-  case CKO_PRIVATE_KEY:
-   return ckcapi_FetchPrivKeyAttribute(io, type); 
-  case CKO_PUBLIC_KEY:
-   return ckcapi_FetchPubKeyAttribute(io, type); 
-  }
-  return NULL;
 }
 
 /*
  * check to see if the certificate already exists
  */
 static PRBool
 ckcapi_cert_exists(
-  NSSItem *value,
-  ckcapiInternalObject **io
-)
+    NSSItem *value,
+    ckcapiInternalObject **io)
 {
-  int count,i;
-  PRUint32 size = 0;
-  ckcapiInternalObject **listp = NULL;
-  CK_ATTRIBUTE myTemplate[2];
-  CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
-  CK_ULONG templateCount = 2;
-  CK_RV error;
-  PRBool found = PR_FALSE;
+    int count, i;
+    PRUint32 size = 0;
+    ckcapiInternalObject **listp = NULL;
+    CK_ATTRIBUTE myTemplate[2];
+    CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
+    CK_ULONG templateCount = 2;
+    CK_RV error;
+    PRBool found = PR_FALSE;
 
-  myTemplate[0].type = CKA_CLASS;
-  myTemplate[0].pValue = &cert_class;
-  myTemplate[0].ulValueLen = sizeof(cert_class);
-  myTemplate[1].type = CKA_VALUE;
-  myTemplate[1].pValue = value->data;
-  myTemplate[1].ulValueLen = value->size;
+    myTemplate[0].type = CKA_CLASS;
+    myTemplate[0].pValue = &cert_class;
+    myTemplate[0].ulValueLen = sizeof(cert_class);
+    myTemplate[1].type = CKA_VALUE;
+    myTemplate[1].pValue = value->data;
+    myTemplate[1].ulValueLen = value->size;
 
-  count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp, 
-			&size, 0, &error);
+    count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp,
+                                         &size, 0, &error);
 
-  /* free them */
-  if (count > 1) {
-    *io = listp[0];
-    found = PR_TRUE;
-  }
-    
-  for (i=1; i < count; i++) {
-    nss_ckcapi_DestroyInternalObject(listp[i]);
-  }
-  nss_ZFreeIf(listp);
-  return found;
+    /* free them */
+    if (count > 1) {
+        *io = listp[0];
+        found = PR_TRUE;
+    }
+
+    for (i = 1; i < count; i++) {
+        nss_ckcapi_DestroyInternalObject(listp[i]);
+    }
+    nss_ZFreeIf(listp);
+    return found;
 }
 
 static PRBool
-ckcapi_cert_hasEmail
-(
-  PCCERT_CONTEXT certContext
-)
+ckcapi_cert_hasEmail(
+    PCCERT_CONTEXT certContext)
 {
-  int count;
+    int count;
 
-  count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE, 
-                            0, NULL, NULL, 0);
+    count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE,
+                              0, NULL, NULL, 0);
 
-  return count > 1 ? PR_TRUE : PR_FALSE;
+    return count > 1 ? PR_TRUE : PR_FALSE;
 }
 
 static PRBool
-ckcapi_cert_isRoot
-(
-  PCCERT_CONTEXT certContext
-)
+ckcapi_cert_isRoot(
+    PCCERT_CONTEXT certContext)
 {
-  return CertCompareCertificateName(certContext->dwCertEncodingType,
-	&certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject);
+    return CertCompareCertificateName(certContext->dwCertEncodingType,
+                                      &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject);
 }
 
 static PRBool
-ckcapi_cert_isCA
-(
-  PCCERT_CONTEXT certContext
-)
+ckcapi_cert_isCA(
+    PCCERT_CONTEXT certContext)
 {
-  PCERT_EXTENSION extension;
-  CERT_BASIC_CONSTRAINTS2_INFO basicInfo;
-  DWORD size = sizeof(basicInfo);
-  BOOL rc;
+    PCERT_EXTENSION extension;
+    CERT_BASIC_CONSTRAINTS2_INFO basicInfo;
+    DWORD size = sizeof(basicInfo);
+    BOOL rc;
 
-  extension = CertFindExtension (szOID_BASIC_CONSTRAINTS,
-				certContext->pCertInfo->cExtension,
-				certContext->pCertInfo->rgExtension);
-  if ((PCERT_EXTENSION) NULL == extension ) {
-    return PR_FALSE;
-  }
-  rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2,
-          extension->Value.pbData, extension->Value.cbData, 
-          0, &basicInfo, &size);
-  if (!rc) {
-    return PR_FALSE;
-  }
-  return (PRBool) basicInfo.fCA;
+    extension = CertFindExtension(szOID_BASIC_CONSTRAINTS,
+                                  certContext->pCertInfo->cExtension,
+                                  certContext->pCertInfo->rgExtension);
+    if ((PCERT_EXTENSION)NULL == extension) {
+        return PR_FALSE;
+    }
+    rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2,
+                           extension->Value.pbData, extension->Value.cbData,
+                           0, &basicInfo, &size);
+    if (!rc) {
+        return PR_FALSE;
+    }
+    return (PRBool)basicInfo.fCA;
 }
 
 static CRYPT_KEY_PROV_INFO *
-ckcapi_cert_getPrivateKeyInfo
-(
-  PCCERT_CONTEXT certContext,
-  NSSItem *keyID
-)
+ckcapi_cert_getPrivateKeyInfo(
+    PCCERT_CONTEXT certContext,
+    NSSItem *keyID)
 {
-  BOOL rc;
-  CRYPT_HASH_BLOB msKeyID;
-  DWORD size = 0;
-  CRYPT_KEY_PROV_INFO *prov = NULL;
+    BOOL rc;
+    CRYPT_HASH_BLOB msKeyID;
+    DWORD size = 0;
+    CRYPT_KEY_PROV_INFO *prov = NULL;
 
-  msKeyID.cbData = keyID->size;
-  msKeyID.pbData = keyID->data;
+    msKeyID.cbData = keyID->size;
+    msKeyID.pbData = keyID->data;
 
-  rc = CryptGetKeyIdentifierProperty(
-	  &msKeyID,
-       	  CERT_KEY_PROV_INFO_PROP_ID,
-	  0, NULL, NULL, NULL, &size);
-  if (!rc) {
-    return (CRYPT_KEY_PROV_INFO *)NULL;
-  }
-  prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
-  if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
-    return (CRYPT_KEY_PROV_INFO *) NULL;
-  }
-  rc = CryptGetKeyIdentifierProperty(
-	  &msKeyID,
-       	  CERT_KEY_PROV_INFO_PROP_ID,
-	  0, NULL, NULL, prov, &size);
-  if (!rc) {
-    nss_ZFreeIf(prov);
-    return (CRYPT_KEY_PROV_INFO *)NULL;
-  }
-  
-  return prov;
+    rc = CryptGetKeyIdentifierProperty(
+        &msKeyID,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        0, NULL, NULL, NULL, &size);
+    if (!rc) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+    if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    rc = CryptGetKeyIdentifierProperty(
+        &msKeyID,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        0, NULL, NULL, prov, &size);
+    if (!rc) {
+        nss_ZFreeIf(prov);
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+
+    return prov;
 }
 
 static CRYPT_KEY_PROV_INFO *
-ckcapi_cert_getProvInfo
-(
-  ckcapiInternalObject *io
-)
+ckcapi_cert_getProvInfo(
+    ckcapiInternalObject *io)
 {
-  BOOL rc;
-  DWORD size = 0;
-  CRYPT_KEY_PROV_INFO *prov = NULL;
+    BOOL rc;
+    DWORD size = 0;
+    CRYPT_KEY_PROV_INFO *prov = NULL;
 
-  rc = CertGetCertificateContextProperty(
-	  io->u.cert.certContext,
-       	  CERT_KEY_PROV_INFO_PROP_ID,
-	  NULL, &size);
-  if (!rc) {
-    return (CRYPT_KEY_PROV_INFO *)NULL;
-  }
-  prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
-  if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
-    return (CRYPT_KEY_PROV_INFO *) NULL;
-  }
-  rc = CertGetCertificateContextProperty(
-	  io->u.cert.certContext,
-       	  CERT_KEY_PROV_INFO_PROP_ID,
-	  prov, &size);
-  if (!rc) {
-    nss_ZFreeIf(prov);
-    return (CRYPT_KEY_PROV_INFO *)NULL;
-  }
+    rc = CertGetCertificateContextProperty(
+        io->u.cert.certContext,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        NULL, &size);
+    if (!rc) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+    if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    rc = CertGetCertificateContextProperty(
+        io->u.cert.certContext,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        prov, &size);
+    if (!rc) {
+        nss_ZFreeIf(prov);
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
 
-  return prov;
+    return prov;
 }
-  
+
 /* forward declaration */
 static void
-ckcapi_removeObjectFromHash
-(
-  ckcapiInternalObject *io
-);
+ckcapi_removeObjectFromHash(
+    ckcapiInternalObject *io);
 
 /*
  * Finalize - unneeded
- * Destroy 
+ * Destroy
  * IsTokenObject - CK_TRUE
  * GetAttributeCount
  * GetAttributeTypes
  * GetAttributeSize
  * GetAttribute
  * SetAttribute
  * GetObjectSize
  */
 
 static CK_RV
-ckcapi_mdObject_Destroy
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
-  CK_OBJECT_CLASS objClass;
-  BOOL rc;
-  DWORD provType;
-  DWORD msError;
-  PRBool isCertType = (PRBool)(ckcapiCert == io->type);
-  HCERTSTORE hStore = 0;
-
-  if (ckcapiRaw == io->type) {
-    /* there is not 'object write protected' error, use the next best thing */
-    return CKR_TOKEN_WRITE_PROTECTED;
-  }
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_OBJECT_CLASS objClass;
+    BOOL rc;
+    DWORD provType;
+    DWORD msError;
+    PRBool isCertType = (PRBool)(ckcapiCert == io->type);
+    HCERTSTORE hStore = 0;
 
-  objClass = io->objClass;
-  if (CKO_CERTIFICATE == objClass) {
-    PCCERT_CONTEXT certContext;
-
-    /* get the store */
-    hStore = CertOpenSystemStore(0, io->u.cert.certStore);
-    if (0 == hStore) {
-      rc = 0;
-      goto loser;
-    }
-    certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0, 
-      CERT_FIND_EXISTING, io->u.cert.certContext, NULL); 
-    if ((PCCERT_CONTEXT)NULL ==  certContext) {
-      rc = 0;
-      goto loser;
-    }
-    rc = CertDeleteCertificateFromStore(certContext);
-  } else {
-    char *provName = NULL;
-    char *containerName = NULL;
-    HCRYPTPROV hProv;
-    CRYPT_HASH_BLOB msKeyID;
-
-    if (0 == io->id.size) {
-      ckcapi_FetchID(io);
+    if (ckcapiRaw == io->type) {
+        /* there is not 'object write protected' error, use the next best thing */
+        return CKR_TOKEN_WRITE_PROTECTED;
     }
 
-    if (isCertType) {
-      CRYPT_KEY_PROV_INFO * provInfo = ckcapi_cert_getProvInfo(io);
-      provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName);
-      containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
-      provType = provInfo->dwProvType;
-      nss_ZFreeIf(provInfo);
-    } else {
-      provName = io->u.key.provName;
-      containerName = io->u.key.containerName;
-      provType = io->u.key.provInfo.dwProvType;
-      io->u.key.provName = NULL;
-      io->u.key.containerName = NULL;
+    objClass = io->objClass;
+    if (CKO_CERTIFICATE == objClass) {
+        PCCERT_CONTEXT certContext;
+
+        /* get the store */
+        hStore = CertOpenSystemStore(0, io->u.cert.certStore);
+        if (0 == hStore) {
+            rc = 0;
+            goto loser;
+        }
+        certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0,
+                                                 CERT_FIND_EXISTING, io->u.cert.certContext, NULL);
+        if ((PCCERT_CONTEXT)NULL == certContext) {
+            rc = 0;
+            goto loser;
+        }
+        rc = CertDeleteCertificateFromStore(certContext);
     }
-    /* first remove the key id pointer */
-    msKeyID.cbData = io->id.size;
-    msKeyID.pbData = io->id.data;
-    rc = CryptSetKeyIdentifierProperty(&msKeyID, 
-	CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL);
-    if (rc) {
-      rc = CryptAcquireContext(&hProv, containerName, provName, provType,
-		CRYPT_DELETEKEYSET);
+    else {
+        char *provName = NULL;
+        char *containerName = NULL;
+        HCRYPTPROV hProv;
+        CRYPT_HASH_BLOB msKeyID;
+
+        if (0 == io->id.size) {
+            ckcapi_FetchID(io);
+        }
+
+        if (isCertType) {
+            CRYPT_KEY_PROV_INFO *provInfo = ckcapi_cert_getProvInfo(io);
+            provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName);
+            containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
+            provType = provInfo->dwProvType;
+            nss_ZFreeIf(provInfo);
+        }
+        else {
+            provName = io->u.key.provName;
+            containerName = io->u.key.containerName;
+            provType = io->u.key.provInfo.dwProvType;
+            io->u.key.provName = NULL;
+            io->u.key.containerName = NULL;
+        }
+        /* first remove the key id pointer */
+        msKeyID.cbData = io->id.size;
+        msKeyID.pbData = io->id.data;
+        rc = CryptSetKeyIdentifierProperty(&msKeyID,
+                                           CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL);
+        if (rc) {
+            rc = CryptAcquireContext(&hProv, containerName, provName, provType,
+                                     CRYPT_DELETEKEYSET);
+        }
+        nss_ZFreeIf(provName);
+        nss_ZFreeIf(containerName);
     }
-    nss_ZFreeIf(provName);
-    nss_ZFreeIf(containerName);
-  }
 loser:
 
-  if (hStore) {
-    CertCloseStore(hStore, 0);
-  }
-  if (!rc) {
-    msError = GetLastError();
-    return CKR_GENERAL_ERROR;
-  }
+    if (hStore) {
+        CertCloseStore(hStore, 0);
+    }
+    if (!rc) {
+        msError = GetLastError();
+        return CKR_GENERAL_ERROR;
+    }
 
-  /* remove it from the hash */
-  ckcapi_removeObjectFromHash(io);
+    /* remove it from the hash */
+    ckcapi_removeObjectFromHash(io);
 
-  /* free the puppy.. */
-  nss_ckcapi_DestroyInternalObject(io);
-  return CKR_OK;
+    /* free the puppy.. */
+    nss_ckcapi_DestroyInternalObject(io);
+    return CKR_OK;
 }
 
 static CK_BBOOL
-ckcapi_mdObject_IsTokenObject
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CK_TRUE;
+    return CK_TRUE;
 }
 
 static CK_ULONG
-ckcapi_mdObject_GetAttributeCount
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
 
-  if (ckcapiRaw == io->type) {
-     return io->u.raw.n;
-  }
-  switch (io->objClass) {
-  case CKO_CERTIFICATE:
-    return certAttrsCount;
-  case CKO_PUBLIC_KEY:
-    return pubKeyAttrsCount;
-  case CKO_PRIVATE_KEY:
-    return privKeyAttrsCount;
-  default:
-    break;
-  }
-  return 0;
+    if (ckcapiRaw == io->type) {
+        return io->u.raw.n;
+    }
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            return certAttrsCount;
+        case CKO_PUBLIC_KEY:
+            return pubKeyAttrsCount;
+        case CKO_PRIVATE_KEY:
+            return privKeyAttrsCount;
+        default:
+            break;
+    }
+    return 0;
 }
 
 static CK_RV
-ckcapi_mdObject_GetAttributeTypes
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE_PTR typeArray,
-  CK_ULONG ulCount
-)
+ckcapi_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
 {
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
-  CK_ULONG i;
-  CK_RV error = CKR_OK;
-  const CK_ATTRIBUTE_TYPE *attrs = NULL;
-  CK_ULONG size = ckcapi_mdObject_GetAttributeCount(
-			mdObject, fwObject, mdSession, fwSession, 
-			mdToken, fwToken, mdInstance, fwInstance, &error);
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_ULONG i;
+    CK_RV error = CKR_OK;
+    const CK_ATTRIBUTE_TYPE *attrs = NULL;
+    CK_ULONG size = ckcapi_mdObject_GetAttributeCount(
+        mdObject, fwObject, mdSession, fwSession,
+        mdToken, fwToken, mdInstance, fwInstance, &error);
 
-  if( size != ulCount ) {
-    return CKR_BUFFER_TOO_SMALL;
-  }
-  if (io->type == ckcapiRaw) {
-    attrs = io->u.raw.types;
-  } else switch(io->objClass) {
-    case CKO_CERTIFICATE:
-      attrs = certAttrs;
-      break;
-    case CKO_PUBLIC_KEY:
-      attrs = pubKeyAttrs;
-      break;
-    case CKO_PRIVATE_KEY:
-      attrs = privKeyAttrs;
-      break;
-    default:
-      return CKR_OK;
-  }
-  
-  for( i = 0; i < size; i++) {
-    typeArray[i] = attrs[i];
-  }
+    if (size != ulCount) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    if (io->type == ckcapiRaw) {
+        attrs = io->u.raw.types;
+    }
+    else
+        switch (io->objClass) {
+            case CKO_CERTIFICATE:
+                attrs =
+                    certAttrs;
+                break;
+            case CKO_PUBLIC_KEY:
+                attrs =
+                    pubKeyAttrs;
+                break;
+            case CKO_PRIVATE_KEY:
+                attrs =
+                    privKeyAttrs;
+                break;
+            default:
+                return CKR_OK;
+        }
 
-  return CKR_OK;
+    for (i = 0; i < size; i++) {
+        typeArray[i] = attrs[i];
+    }
+
+    return CKR_OK;
 }
 
 static CK_ULONG
-ckcapi_mdObject_GetAttributeSize
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE attribute,
-  CK_RV *pError
-)
+ckcapi_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
 {
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
 
-  const NSSItem *b;
+    const NSSItem *b;
 
-  b = nss_ckcapi_FetchAttribute(io, attribute);
+    b = nss_ckcapi_FetchAttribute(io, attribute);
 
-  if ((const NSSItem *)NULL == b) {
-    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
-    return 0;
-  }
-  return b->size;
+    if ((const NSSItem *)NULL == b) {
+        *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+        return 0;
+    }
+    return b->size;
 }
 
 static CK_RV
-ckcapi_mdObject_SetAttribute
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE attribute,
-  NSSItem           *value
-)
+ckcapi_mdObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
 {
-  return CKR_OK;
+    return CKR_OK;
 }
 
 static NSSCKFWItem
-ckcapi_mdObject_GetAttribute
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_TYPE attribute,
-  CK_RV *pError
-)
+ckcapi_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
 {
-  NSSCKFWItem mdItem;
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    NSSCKFWItem mdItem;
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
 
-  mdItem.needsFreeing = PR_FALSE;
-  mdItem.item = (NSSItem*)nss_ckcapi_FetchAttribute(io, attribute);
+    mdItem.needsFreeing = PR_FALSE;
+    mdItem.item = (NSSItem *)nss_ckcapi_FetchAttribute(io, attribute);
 
-  if ((NSSItem *)NULL == mdItem.item) {
-    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
-  }
+    if ((NSSItem *)NULL == mdItem.item) {
+        *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    }
 
-  return mdItem;
+    return mdItem;
 }
 
 static CK_ULONG
-ckcapi_mdObject_GetObjectSize
-(
-  NSSCKMDObject *mdObject,
-  NSSCKFWObject *fwObject,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
-  CK_ULONG rv = 1;
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_ULONG rv = 1;
 
-  /* size is irrelevant to this token */
-  return rv;
+    /* size is irrelevant to this token */
+    return rv;
 }
 
 static const NSSCKMDObject
-ckcapi_prototype_mdObject = {
-  (void *)NULL, /* etc */
-  NULL, /* Finalize */
-  ckcapi_mdObject_Destroy,
-  ckcapi_mdObject_IsTokenObject,
-  ckcapi_mdObject_GetAttributeCount,
-  ckcapi_mdObject_GetAttributeTypes,
-  ckcapi_mdObject_GetAttributeSize,
-  ckcapi_mdObject_GetAttribute,
-  NULL, /* FreeAttribute */
-  ckcapi_mdObject_SetAttribute,
-  ckcapi_mdObject_GetObjectSize,
-  (void *)NULL /* null terminator */
-};
+    ckcapi_prototype_mdObject = {
+        (void *)NULL, /* etc */
+        NULL,         /* Finalize */
+        ckcapi_mdObject_Destroy,
+        ckcapi_mdObject_IsTokenObject,
+        ckcapi_mdObject_GetAttributeCount,
+        ckcapi_mdObject_GetAttributeTypes,
+        ckcapi_mdObject_GetAttributeSize,
+        ckcapi_mdObject_GetAttribute,
+        NULL, /* FreeAttribute */
+        ckcapi_mdObject_SetAttribute,
+        ckcapi_mdObject_GetObjectSize,
+        (void *)NULL /* null terminator */
+    };
 
 static nssHash *ckcapiInternalObjectHash = NULL;
 
 NSS_IMPLEMENT NSSCKMDObject *
-nss_ckcapi_CreateMDObject
-(
-  NSSArena *arena,
-  ckcapiInternalObject *io,
-  CK_RV *pError
-)
+nss_ckcapi_CreateMDObject(
+    NSSArena *arena,
+    ckcapiInternalObject *io,
+    CK_RV *pError)
 {
-  if ((nssHash *)NULL == ckcapiInternalObjectHash) {
-    ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10);
-  }
-  if (ckcapiCert == io->type) {
-    /* the hash key, not a cryptographic key */
-    NSSItem *key = &io->hashKey;
-    ckcapiInternalObject *old_o = NULL;
+    if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+        ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10);
+    }
+    if (ckcapiCert == io->type) {
+        /* the hash key, not a cryptographic key */
+        NSSItem *key = &io->hashKey;
+        ckcapiInternalObject *old_o = NULL;
 
-    if (key->size == 0) {
-      ckcapi_FetchHashKey(io);
+        if (key->size == 0) {
+            ckcapi_FetchHashKey(io);
+        }
+        old_o = (ckcapiInternalObject *)
+            nssHash_Lookup(ckcapiInternalObjectHash, key);
+        if (!old_o) {
+            nssHash_Add(ckcapiInternalObjectHash, key, io);
+        }
+        else if (old_o != io) {
+            nss_ckcapi_DestroyInternalObject(io);
+            io = old_o;
+        }
     }
-    old_o = (ckcapiInternalObject *) 
-              nssHash_Lookup(ckcapiInternalObjectHash, key);
-    if (!old_o) {
-      nssHash_Add(ckcapiInternalObjectHash, key, io);
-    } else if (old_o != io) {
-      nss_ckcapi_DestroyInternalObject(io);
-      io = old_o;
+
+    if ((void *)NULL == io->mdObject.etc) {
+        (void)nsslibc_memcpy(&io->mdObject, &ckcapi_prototype_mdObject,
+                             sizeof(ckcapi_prototype_mdObject));
+        io->mdObject.etc = (void *)io;
     }
-  }
-    
-  if ( (void*)NULL == io->mdObject.etc) {
-    (void) nsslibc_memcpy(&io->mdObject,&ckcapi_prototype_mdObject,
-					sizeof(ckcapi_prototype_mdObject));
-    io->mdObject.etc = (void *)io;
-  }
-  return &io->mdObject;
+    return &io->mdObject;
 }
 
 static void
-ckcapi_removeObjectFromHash
-(
-  ckcapiInternalObject *io
-)
+ckcapi_removeObjectFromHash(
+    ckcapiInternalObject *io)
 {
-  NSSItem *key = &io->hashKey;
+    NSSItem *key = &io->hashKey;
 
-  if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+    if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+        return;
+    }
+    if (key->size == 0) {
+        ckcapi_FetchHashKey(io);
+    }
+    nssHash_Remove(ckcapiInternalObjectHash, key);
     return;
-  }
-  if (key->size == 0) {
-    ckcapi_FetchHashKey(io);
-  }
-  nssHash_Remove(ckcapiInternalObjectHash, key);
-  return;
 }
 
 void
-nss_ckcapi_DestroyInternalObject
-(
-  ckcapiInternalObject *io
-)
+nss_ckcapi_DestroyInternalObject(
+    ckcapiInternalObject *io)
 {
-  switch (io->type) {
-  case ckcapiRaw:
+    switch (io->type) {
+        case ckcapiRaw:
+            return;
+        case ckcapiCert:
+            CertFreeCertificateContext(io->u.cert.certContext);
+            nss_ZFreeIf(io->u.cert.labelData);
+            nss_ZFreeIf(io->u.cert.key.privateKey);
+            nss_ZFreeIf(io->u.cert.key.pubKey);
+            nss_ZFreeIf(io->idData);
+            break;
+        case ckcapiBareKey:
+            nss_ZFreeIf(io->u.key.provInfo.pwszContainerName);
+            nss_ZFreeIf(io->u.key.provInfo.pwszProvName);
+            nss_ZFreeIf(io->u.key.provName);
+            nss_ZFreeIf(io->u.key.containerName);
+            nss_ZFreeIf(io->u.key.key.privateKey);
+            nss_ZFreeIf(io->u.key.key.pubKey);
+            if (0 != io->u.key.hProv) {
+                CryptReleaseContext(io->u.key.hProv, 0);
+            }
+            nss_ZFreeIf(io->idData);
+            break;
+    }
+    nss_ZFreeIf(io);
     return;
-  case ckcapiCert:
-    CertFreeCertificateContext(io->u.cert.certContext);
-    nss_ZFreeIf(io->u.cert.labelData);
-    nss_ZFreeIf(io->u.cert.key.privateKey);
-    nss_ZFreeIf(io->u.cert.key.pubKey);
-    nss_ZFreeIf(io->idData);
-    break;
-  case ckcapiBareKey:
-    nss_ZFreeIf(io->u.key.provInfo.pwszContainerName);
-    nss_ZFreeIf(io->u.key.provInfo.pwszProvName);
-    nss_ZFreeIf(io->u.key.provName);
-    nss_ZFreeIf(io->u.key.containerName);
-    nss_ZFreeIf(io->u.key.key.privateKey);
-    nss_ZFreeIf(io->u.key.key.pubKey);
-    if (0 != io->u.key.hProv) {
-      CryptReleaseContext(io->u.key.hProv, 0);
-    }
-    nss_ZFreeIf(io->idData);
-    break;
-  }
-  nss_ZFreeIf(io);
-  return;
 }
 
 static ckcapiInternalObject *
-nss_ckcapi_CreateCertificate
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+nss_ckcapi_CreateCertificate(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  NSSItem value;
-  NSSItem keyID;
-  char *storeStr;
-  ckcapiInternalObject *io = NULL;
-  PCCERT_CONTEXT certContext = NULL;
-  PCCERT_CONTEXT storedCertContext = NULL;
-  CRYPT_KEY_PROV_INFO *prov_info = NULL;
-  char *nickname = NULL;
-  HCERTSTORE hStore = 0;
-  DWORD msError = 0;
-  PRBool hasID;
-  CK_RV dummy;
-  BOOL rc;
+    NSSItem value;
+    NSSItem keyID;
+    char *storeStr;
+    ckcapiInternalObject *io = NULL;
+    PCCERT_CONTEXT certContext = NULL;
+    PCCERT_CONTEXT storedCertContext = NULL;
+    CRYPT_KEY_PROV_INFO *prov_info = NULL;
+    char *nickname = NULL;
+    HCERTSTORE hStore = 0;
+    DWORD msError = 0;
+    PRBool hasID;
+    CK_RV dummy;
+    BOOL rc;
+
+    *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate,
+                                      ulAttributeCount, &value);
+
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
 
-  *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate, 
-				  ulAttributeCount, &value);
+    *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+                                      ulAttributeCount, &keyID);
+
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
 
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
+    if (ckcapi_cert_exists(&value, &io)) {
+        return io;
+    }
 
-  *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, 
-				  ulAttributeCount, &keyID);
+    /* OK, we are creating a new one, figure out what store it belongs to..
+   * first get a certContext handle.. */
+    certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
+                                               value.data, value.size);
+    if ((PCCERT_CONTEXT)NULL == certContext) {
+        msError = GetLastError();
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
 
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-
-  if (ckcapi_cert_exists(&value, &io)) {
-    return io;
-  }
+    /* do we have a private key laying around... */
+    prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID);
+    if (prov_info) {
+        CRYPT_DATA_BLOB msKeyID;
+        storeStr = "My";
+        hasID = PR_TRUE;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_KEY_PROV_INFO_PROP_ID,
+                                               0, prov_info);
+        nss_ZFreeIf(prov_info);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
+        msKeyID.cbData = keyID.size;
+        msKeyID.pbData = keyID.data;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_KEY_IDENTIFIER_PROP_ID,
+                                               0, &msKeyID);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
 
-  /* OK, we are creating a new one, figure out what store it belongs to.. 
-   * first get a certContext handle.. */
-  certContext = CertCreateCertificateContext(X509_ASN_ENCODING, 
-                                             value.data, value.size);
-  if ((PCCERT_CONTEXT) NULL == certContext) {
-    msError = GetLastError();
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
+        /* does it look like a CA */
+    }
+    else if (ckcapi_cert_isCA(certContext)) {
+        storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
+        /* does it look like an S/MIME cert */
+    }
+    else if (ckcapi_cert_hasEmail(certContext)) {
+        storeStr = "AddressBook";
+    }
+    else {
+        /* just pick a store */
+        storeStr = "CA";
+    }
 
-  /* do we have a private key laying around... */
-  prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID);
-  if (prov_info) {
-    CRYPT_DATA_BLOB msKeyID;
-    storeStr = "My";
-    hasID = PR_TRUE;
-    rc = CertSetCertificateContextProperty(certContext,
-       	        CERT_KEY_PROV_INFO_PROP_ID,
-                0, prov_info);
-    nss_ZFreeIf(prov_info);
-    if (!rc) {
-      msError = GetLastError();
-      *pError = CKR_DEVICE_ERROR;
-      goto loser;
+    /* get the nickname, not an error if we can't find it */
+    nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate,
+                                             ulAttributeCount, &dummy);
+    if (nickname) {
+        LPWSTR nicknameUTF16 = NULL;
+        CRYPT_DATA_BLOB nicknameBlob;
+
+        nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname);
+        nss_ZFreeIf(nickname);
+        nickname = NULL;
+        if ((LPWSTR)NULL == nicknameUTF16) {
+            *pError = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16);
+        nicknameBlob.pbData = (BYTE *)nicknameUTF16;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob);
+        nss_ZFreeIf(nicknameUTF16);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
     }
-    msKeyID.cbData = keyID.size;
-    msKeyID.pbData = keyID.data;
-    rc = CertSetCertificateContextProperty(certContext,
-       	        CERT_KEY_IDENTIFIER_PROP_ID,
-                0, &msKeyID);
+
+    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+    if (0 == hStore) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    rc = CertAddCertificateContextToStore(hStore, certContext,
+                                          CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext);
+    CertFreeCertificateContext(certContext);
+    certContext = NULL;
+    CertCloseStore(hStore, 0);
+    hStore = 0;
     if (!rc) {
-      msError = GetLastError();
-      *pError = CKR_DEVICE_ERROR;
-      goto loser;
-    }
-    
-  /* does it look like a CA */
-  } else if (ckcapi_cert_isCA(certContext)) {
-    storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
-  /* does it look like an S/MIME cert */
-  } else if (ckcapi_cert_hasEmail(certContext)) {
-    storeStr = "AddressBook";
-  } else {
-  /* just pick a store */
-    storeStr = "CA";
-  }
-
-  /* get the nickname, not an error if we can't find it */
-  nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate, 
-				  ulAttributeCount, &dummy);
-  if (nickname) {
-    LPWSTR nicknameUTF16 = NULL;
-    CRYPT_DATA_BLOB nicknameBlob;
-
-    nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname);
-    nss_ZFreeIf(nickname);
-    nickname = NULL;
-    if ((LPWSTR)NULL == nicknameUTF16) {
-      *pError = CKR_HOST_MEMORY;
-      goto loser;
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
     }
-    nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16);
-    nicknameBlob.pbData = (BYTE *)nicknameUTF16;
-    rc = CertSetCertificateContextProperty(certContext,
-	CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob);
-    nss_ZFreeIf(nicknameUTF16);
-    if (!rc) {
-      msError = GetLastError();
-      *pError = CKR_DEVICE_ERROR;
-      goto loser;
+
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
     }
-  }
-
-  hStore = CertOpenSystemStore((HCRYPTPROV) NULL, storeStr);
-  if (0 == hStore) {
-    msError = GetLastError();
-    *pError = CKR_DEVICE_ERROR;
-    goto loser;
-  }
-
-  rc = CertAddCertificateContextToStore(hStore, certContext, 
-       CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext);
-  CertFreeCertificateContext(certContext);
-  certContext = NULL;
-  CertCloseStore(hStore, 0);
-  hStore = 0;
-  if (!rc) {
-    msError = GetLastError();
-    *pError = CKR_DEVICE_ERROR;
-    goto loser;
-  }
-
-  io = nss_ZNEW(NULL, ckcapiInternalObject);
-  if ((ckcapiInternalObject *)NULL == io) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
-  io->type = ckcapiCert;
-  io->objClass = CKO_CERTIFICATE;
-  io->u.cert.certContext = storedCertContext;
-  io->u.cert.hasID = hasID;
-  return io;
+    io->type = ckcapiCert;
+    io->objClass = CKO_CERTIFICATE;
+    io->u.cert.certContext = storedCertContext;
+    io->u.cert.hasID = hasID;
+    return io;
 
 loser:
-  if (certContext) {
-    CertFreeCertificateContext(certContext);
-    certContext = NULL;
-  }
-  if (storedCertContext) {
-    CertFreeCertificateContext(storedCertContext);
-    storedCertContext = NULL;
-  }
-  if (0 != hStore) {
-    CertCloseStore(hStore, 0);
-  }
-  return (ckcapiInternalObject *)NULL;
-
+    if (certContext) {
+        CertFreeCertificateContext(certContext);
+        certContext = NULL;
+    }
+    if (storedCertContext) {
+        CertFreeCertificateContext(storedCertContext);
+        storedCertContext = NULL;
+    }
+    if (0 != hStore) {
+        CertCloseStore(hStore, 0);
+    }
+    return (ckcapiInternalObject *)NULL;
 }
 
 static char *
-ckcapi_getDefaultProvider
-(
-  CK_RV *pError
-)
+ckcapi_getDefaultProvider(
+    CK_RV *pError)
 {
-  char *name = NULL;
-  BOOL rc;
-  DWORD nameLength = 0;
+    char *name = NULL;
+    BOOL rc;
+    DWORD nameLength = 0;
+
+    rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL,
+                                 &nameLength);
+    if (!rc) {
+        return (char *)NULL;
+    }
 
-  rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL,
-		&nameLength);
-  if (!rc) {
-    return (char *)NULL;
-  }
+    name = nss_ZNEWARRAY(NULL, char, nameLength);
+    if ((char *)NULL == name) {
+        return (char *)NULL;
+    }
+    rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name,
+                                 &nameLength);
+    if (!rc) {
+        nss_ZFreeIf(name);
+        return (char *)NULL;
+    }
 
-  name = nss_ZNEWARRAY(NULL, char, nameLength);
-  if ((char *)NULL == name ) {
-    return (char *)NULL;
-  }
-  rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name,
-		&nameLength);
-  if (!rc) {
-    nss_ZFreeIf(name);
-    return (char *)NULL;
-  }
-
-  return name;
+    return name;
 }
 
 static char *
-ckcapi_getContainer
-(
-  CK_RV *pError,
-  NSSItem *id
-)
+ckcapi_getContainer(
+    CK_RV *pError,
+    NSSItem *id)
 {
-  RPC_STATUS rstat;
-  UUID uuid;
-  char *uuidStr;
-  char *container;
+    RPC_STATUS rstat;
+    UUID uuid;
+    char *uuidStr;
+    char *container;
 
-  rstat = UuidCreate(&uuid);
-  rstat = UuidToString(&uuid, &uuidStr);
+    rstat = UuidCreate(&uuid);
+    rstat = UuidToString(&uuid, &uuidStr);
 
-  /* convert it from rcp memory to our own */
-  container = nssUTF8_Duplicate(uuidStr, NULL);
-  RpcStringFree(&uuidStr);
-  
-  return container;
+    /* convert it from rcp memory to our own */
+    container = nssUTF8_Duplicate(uuidStr, NULL);
+    RpcStringFree(&uuidStr);
+
+    return container;
 }
 
 static CK_RV
-ckcapi_buildPrivateKeyBlob
-(
-  NSSItem  *keyBlob, 
-  NSSItem  *modulus,
-  NSSItem  *publicExponent,
-  NSSItem  *privateExponent,
-  NSSItem  *prime1,
-  NSSItem  *prime2,
-  NSSItem  *exponent1,
-  NSSItem  *exponent2,
-  NSSItem  *coefficient, 
-  PRBool   isKeyExchange
-)
+ckcapi_buildPrivateKeyBlob(
+    NSSItem *keyBlob,
+    NSSItem *modulus,
+    NSSItem *publicExponent,
+    NSSItem *privateExponent,
+    NSSItem *prime1,
+    NSSItem *prime2,
+    NSSItem *exponent1,
+    NSSItem *exponent2,
+    NSSItem *coefficient,
+    PRBool isKeyExchange)
 {
-  CAPI_RSA_KEY_BLOB *keyBlobData = NULL;
-  unsigned char *target;
-  unsigned long modSize = modulus->size;
-  unsigned long dataSize;
-  CK_RV error = CKR_OK;
+    CAPI_RSA_KEY_BLOB *keyBlobData = NULL;
+    unsigned char *target;
+    unsigned long modSize = modulus->size;
+    unsigned long dataSize;
+    CK_RV error = CKR_OK;
+
+    /* validate extras */
+    if (privateExponent->size != modSize) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (prime1->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (prime2->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (exponent1->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (exponent2->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (coefficient->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    dataSize = (modSize * 4) + (modSize / 2) + sizeof(CAPI_RSA_KEY_BLOB);
+    keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize);
+    if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
 
-  /* validate extras */
-  if (privateExponent->size != modSize) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  if (prime1->size != modSize/2) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  if (prime2->size != modSize/2) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  if (exponent1->size != modSize/2) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  if (exponent2->size != modSize/2) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  if (coefficient->size != modSize/2) {
-    error = CKR_ATTRIBUTE_VALUE_INVALID;
-    goto loser;
-  }
-  dataSize = (modSize*4)+(modSize/2) + sizeof(CAPI_RSA_KEY_BLOB);
-  keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize);
-  if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) {
-    error = CKR_HOST_MEMORY;
-    goto loser;
-  }
+    keyBlobData->header.bType = PRIVATEKEYBLOB;
+    keyBlobData->header.bVersion = 0x02;
+    keyBlobData->header.reserved = 0x00;
+    keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX : CALG_RSA_SIGN;
+    keyBlobData->rsa.magic = 0x32415352;
+    keyBlobData->rsa.bitlen = modSize * 8;
+    keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent, &error);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)];
+    nsslibc_memcpy(target, modulus->data, modulus->size);
+    modulus->data = target;
+    ckcapi_ReverseData(modulus);
+
+    target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)];
+    nsslibc_memcpy(target, privateExponent->data, privateExponent->size);
+    privateExponent->data = target;
+    ckcapi_ReverseData(privateExponent);
 
-  keyBlobData->header.bType = PRIVATEKEYBLOB;
-  keyBlobData->header.bVersion = 0x02;
-  keyBlobData->header.reserved = 0x00;
-  keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX:CALG_RSA_SIGN;
-  keyBlobData->rsa.magic = 0x32415352;
-  keyBlobData->rsa.bitlen = modSize * 8;
-  keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent,&error);
-  if (CKR_OK != error) {
-    goto loser;
-  }
+    target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)];
+    nsslibc_memcpy(target, prime1->data, prime1->size);
+    prime1->data = target;
+    ckcapi_ReverseData(prime1);
 
-  target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)];
-  nsslibc_memcpy(target, modulus->data, modulus->size);
-  modulus->data = target;
-  ckcapi_ReverseData(modulus);
+    target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)];
+    nsslibc_memcpy(target, prime2->data, prime2->size);
+    prime2->data = target;
+    ckcapi_ReverseData(prime2);
 
-  target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)];
-  nsslibc_memcpy(target, privateExponent->data, privateExponent->size);
-  privateExponent->data = target;
-  ckcapi_ReverseData(privateExponent);
+    target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)];
+    nsslibc_memcpy(target, exponent1->data, exponent1->size);
+    exponent1->data = target;
+    ckcapi_ReverseData(exponent1);
 
-  target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)];
-  nsslibc_memcpy(target, prime1->data, prime1->size);
-  prime1->data = target;
-  ckcapi_ReverseData(prime1);
-
-  target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)];
-  nsslibc_memcpy(target, prime2->data, prime2->size);
-  prime2->data = target;
-  ckcapi_ReverseData(prime2);
-
-  target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)];
-  nsslibc_memcpy(target, exponent1->data, exponent1->size);
-  exponent1->data = target;
-  ckcapi_ReverseData(exponent1);
+    target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)];
+    nsslibc_memcpy(target, exponent2->data, exponent2->size);
+    exponent2->data = target;
+    ckcapi_ReverseData(exponent2);
 
-  target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)];
-  nsslibc_memcpy(target, exponent2->data, exponent2->size);
-  exponent2->data = target;
-  ckcapi_ReverseData(exponent2);
+    target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)];
+    nsslibc_memcpy(target, coefficient->data, coefficient->size);
+    coefficient->data = target;
+    ckcapi_ReverseData(coefficient);
 
-  target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)];
-  nsslibc_memcpy(target, coefficient->data, coefficient->size);
-  coefficient->data = target;
-  ckcapi_ReverseData(coefficient);
+    keyBlob->data = keyBlobData;
+    keyBlob->size = dataSize;
 
-  keyBlob->data = keyBlobData;
-  keyBlob->size = dataSize;
-
-  return CKR_OK;
+    return CKR_OK;
 
 loser:
-  nss_ZFreeIf(keyBlobData);
-  return error;
+    nss_ZFreeIf(keyBlobData);
+    return error;
 }
 
 static ckcapiInternalObject *
-nss_ckcapi_CreatePrivateKey
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+nss_ckcapi_CreatePrivateKey(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  NSSItem modulus;
-  NSSItem publicExponent;
-  NSSItem privateExponent;
-  NSSItem exponent1;
-  NSSItem exponent2;
-  NSSItem prime1;
-  NSSItem prime2;
-  NSSItem coefficient;
-  NSSItem keyID;
-  NSSItem keyBlob;
-  ckcapiInternalObject *io = NULL;
-  char *providerName = NULL;
-  char *containerName = NULL;
-  char *idData = NULL;
-  CRYPT_KEY_PROV_INFO provInfo;
-  CRYPT_HASH_BLOB msKeyID;
-  CK_KEY_TYPE keyType;
-  HCRYPTPROV hProv = 0;
-  HCRYPTKEY hKey = 0;
-  PRBool decrypt;
-  DWORD keySpec;
-  DWORD msError;
-  BOOL rc;
+    NSSItem modulus;
+    NSSItem publicExponent;
+    NSSItem privateExponent;
+    NSSItem exponent1;
+    NSSItem exponent2;
+    NSSItem prime1;
+    NSSItem prime2;
+    NSSItem coefficient;
+    NSSItem keyID;
+    NSSItem keyBlob;
+    ckcapiInternalObject *io = NULL;
+    char *providerName = NULL;
+    char *containerName = NULL;
+    char *idData = NULL;
+    CRYPT_KEY_PROV_INFO provInfo;
+    CRYPT_HASH_BLOB msKeyID;
+    CK_KEY_TYPE keyType;
+    HCRYPTPROV hProv = 0;
+    HCRYPTKEY hKey = 0;
+    PRBool decrypt;
+    DWORD keySpec;
+    DWORD msError;
+    BOOL rc;
 
-  keyType = nss_ckcapi_GetULongAttribute
-                  (CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  if (CKK_RSA != keyType) {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-    return (ckcapiInternalObject *)NULL;
-  }
+    keyType = nss_ckcapi_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    if (CKK_RSA != keyType) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (ckcapiInternalObject *)NULL;
+    }
 
-  decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT, 
-				pTemplate, ulAttributeCount, pError);
-  if (CKR_TEMPLATE_INCOMPLETE == *pError) {
-    decrypt = PR_TRUE; /* default to true */
-  }
-  decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP, 
-				pTemplate, ulAttributeCount, pError);
-  if (CKR_TEMPLATE_INCOMPLETE == *pError) {
-    decrypt = PR_TRUE; /* default to true */
-  }
-  keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE;
+    decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT,
+                                          pTemplate, ulAttributeCount, pError);
+    if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+        decrypt = PR_TRUE; /* default to true */
+    }
+    decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP,
+                                                     pTemplate, ulAttributeCount, pError);
+    if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+        decrypt = PR_TRUE; /* default to true */
+    }
+    keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE;
 
-  *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate, 
-				  ulAttributeCount, &modulus);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate, 
-				  ulAttributeCount, &publicExponent);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate, 
-				  ulAttributeCount, &privateExponent);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate, 
-				  ulAttributeCount, &prime1);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate, 
-				  ulAttributeCount, &prime2);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate, 
-				  ulAttributeCount, &exponent1);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate, 
-				  ulAttributeCount, &exponent2);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate, 
-				  ulAttributeCount, &coefficient);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate, 
-				  ulAttributeCount, &keyID);
-  if (CKR_OK != *pError) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  providerName = ckcapi_getDefaultProvider(pError);
-  if ((char *)NULL == providerName ) {
-    return (ckcapiInternalObject *)NULL;
-  }
-  containerName = ckcapi_getContainer(pError, &keyID);
-  if ((char *)NULL == containerName) {
-    goto loser;
-  }
-  rc = CryptAcquireContext(&hProv, containerName, providerName, 
-                           PROV_RSA_FULL, CRYPT_NEWKEYSET);
-  if (!rc) {
-    msError = GetLastError();
-    *pError = CKR_DEVICE_ERROR;
-    goto loser;
-  }
+    *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate,
+                                      ulAttributeCount, &modulus);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate,
+                                      ulAttributeCount, &publicExponent);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate,
+                                      ulAttributeCount, &privateExponent);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate,
+                                      ulAttributeCount, &prime1);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate,
+                                      ulAttributeCount, &prime2);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate,
+                                      ulAttributeCount, &exponent1);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate,
+                                      ulAttributeCount, &exponent2);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate,
+                                      ulAttributeCount, &coefficient);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+                                      ulAttributeCount, &keyID);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    providerName = ckcapi_getDefaultProvider(pError);
+    if ((char *)NULL == providerName) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    containerName = ckcapi_getContainer(pError, &keyID);
+    if ((char *)NULL == containerName) {
+        goto loser;
+    }
+    rc = CryptAcquireContext(&hProv, containerName, providerName,
+                             PROV_RSA_FULL, CRYPT_NEWKEYSET);
+    if (!rc) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
 
-  *pError = ckcapi_buildPrivateKeyBlob(
-		&keyBlob, 
-		&modulus, 
-		&publicExponent, 
-		&privateExponent,
-		&prime1,
-		&prime2, 
-		&exponent1, 
-		&exponent2, 
-		&coefficient, 
-		decrypt);
-  if (CKR_OK != *pError) {
-    goto loser;
-  }
+    *pError = ckcapi_buildPrivateKeyBlob(
+        &keyBlob,
+        &modulus,
+        &publicExponent,
+        &privateExponent,
+        &prime1,
+        &prime2,
+        &exponent1,
+        &exponent2,
+        &coefficient,
+        decrypt);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
 
-  rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size, 
-		      0, CRYPT_EXPORTABLE, &hKey);
-  if (!rc) {
-    msError = GetLastError();
-    *pError = CKR_DEVICE_ERROR;
-    goto loser;
-  }
+    rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size,
+                        0, CRYPT_EXPORTABLE, &hKey);
+    if (!rc) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
 
-  idData = nss_ZNEWARRAY(NULL, char, keyID.size);
-  if ((void *)NULL == idData) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
-  nsslibc_memcpy(idData, keyID.data, keyID.size);
+    idData = nss_ZNEWARRAY(NULL, char, keyID.size);
+    if ((void *)NULL == idData) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    nsslibc_memcpy(idData, keyID.data, keyID.size);
 
-  provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName);
-  provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName);
-  provInfo.dwProvType = PROV_RSA_FULL;
-  provInfo.dwFlags = 0;
-  provInfo.cProvParam = 0;
-  provInfo.rgProvParam = NULL;
-  provInfo.dwKeySpec = keySpec;
+    provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName);
+    provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName);
+    provInfo.dwProvType = PROV_RSA_FULL;
+    provInfo.dwFlags = 0;
+    provInfo.cProvParam = 0;
+    provInfo.rgProvParam = NULL;
+    provInfo.dwKeySpec = keySpec;
 
-  msKeyID.cbData = keyID.size;
-  msKeyID.pbData = keyID.data;
+    msKeyID.cbData = keyID.size;
+    msKeyID.pbData = keyID.data;
 
-  rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID,
-                                     0, NULL, NULL, &provInfo);
-  if (!rc) {
-    goto loser;
-  }
+    rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID,
+                                       0, NULL, NULL, &provInfo);
+    if (!rc) {
+        goto loser;
+    }
 
-  /* handle error here */
-  io = nss_ZNEW(NULL, ckcapiInternalObject);
-  if ((ckcapiInternalObject *)NULL == io) {
-    *pError = CKR_HOST_MEMORY;
-    goto loser;
-  }
-  io->type = ckcapiBareKey;
-  io->objClass = CKO_PRIVATE_KEY;
-  io->u.key.provInfo = provInfo;
-  io->u.key.provName = providerName;
-  io->u.key.containerName = containerName;
-  io->u.key.hProv = hProv; /* save the handle */
-  io->idData = idData;
-  io->id.data = idData;
-  io->id.size = keyID.size;
-  /* done with the key handle */
-  CryptDestroyKey(hKey);
-  return io;
+    /* handle error here */
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    io->type = ckcapiBareKey;
+    io->objClass = CKO_PRIVATE_KEY;
+    io->u.key.provInfo = provInfo;
+    io->u.key.provName = providerName;
+    io->u.key.containerName = containerName;
+    io->u.key.hProv = hProv; /* save the handle */
+    io->idData = idData;
+    io->id.data = idData;
+    io->id.size = keyID.size;
+    /* done with the key handle */
+    CryptDestroyKey(hKey);
+    return io;
 
 loser:
-  nss_ZFreeIf(containerName);
-  nss_ZFreeIf(providerName);
-  nss_ZFreeIf(idData);
-  if (0 != hProv) {
-    CryptReleaseContext(hProv, 0);
-  }
-  if (0 != hKey) {
-    CryptDestroyKey(hKey);
-  }
-  return (ckcapiInternalObject *)NULL;
+    nss_ZFreeIf(containerName);
+    nss_ZFreeIf(providerName);
+    nss_ZFreeIf(idData);
+    if (0 != hProv) {
+        CryptReleaseContext(hProv, 0);
+    }
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return (ckcapiInternalObject *)NULL;
 }
 
-
 NSS_EXTERN NSSCKMDObject *
-nss_ckcapi_CreateObject
-(
-  NSSCKFWSession *fwSession,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+nss_ckcapi_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  CK_OBJECT_CLASS objClass;
-  ckcapiInternalObject *io = NULL;
-  CK_BBOOL isToken;
+    CK_OBJECT_CLASS objClass;
+    ckcapiInternalObject *io = NULL;
+    CK_BBOOL isToken;
 
-  /*
-   * only create token objects
-   */
-  isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate, 
-					ulAttributeCount, pError);
-  if (CKR_OK != *pError) {
-    return (NSSCKMDObject *) NULL;
-  }
-  if (!isToken) {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-    return (NSSCKMDObject *) NULL;
-  }
+    /*
+     * only create token objects
+     */
+    isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate,
+                                          ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDObject *)NULL;
+    }
+    if (!isToken) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (NSSCKMDObject *)NULL;
+    }
 
-  /*
-   * only create keys and certs.
-   */
-  objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate, 
-					  ulAttributeCount, pError);
-  if (CKR_OK != *pError) {
-    return (NSSCKMDObject *) NULL;
-  }
+    /*
+     * only create keys and certs.
+     */
+    objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate,
+                                            ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDObject *)NULL;
+    }
 #ifdef notdef
-  if (objClass == CKO_PUBLIC_KEY) {
-    return CKR_OK; /* fake public key creation, happens as a side effect of
-                    * private key creation */
-  }
+    if (objClass == CKO_PUBLIC_KEY) {
+        return CKR_OK; /* fake public key creation, happens as a side effect of
+                        * private key creation */
+    }
 #endif
-  if (objClass == CKO_CERTIFICATE) {
-    io = nss_ckcapi_CreateCertificate(fwSession, pTemplate, 
-				      ulAttributeCount, pError);
-  } else if (objClass == CKO_PRIVATE_KEY) {
-    io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate, 
-                                     ulAttributeCount, pError);
-  } else {
-    *pError = CKR_ATTRIBUTE_VALUE_INVALID;
-  }
+    if (objClass == CKO_CERTIFICATE) {
+        io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
+                                          ulAttributeCount, pError);
+    }
+    else if (objClass == CKO_PRIVATE_KEY) {
+        io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
+                                         ulAttributeCount, pError);
+    }
+    else {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+    }
 
-  if ((ckcapiInternalObject *)NULL == io) {
-    return (NSSCKMDObject *) NULL;
-  }
-  return nss_ckcapi_CreateMDObject(NULL, io, pError);
+    if ((ckcapiInternalObject *)NULL == io) {
+        return (NSSCKMDObject *)NULL;
+    }
+    return nss_ckcapi_CreateMDObject(NULL, io, pError);
 }
--- a/lib/ckfw/capi/constants.c
+++ b/lib/ckfw/capi/constants.c
@@ -16,45 +16,48 @@
 #include "nssckt.h"
 #endif /* NSSCKT_H */
 
 #ifndef NSSCAPI_H
 #include "nsscapi.h"
 #endif /* NSSCAPI_H */
 
 NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_CryptokiVersion =  {
-		NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR,
-		NSS_CKCAPI_CRYPTOKI_VERSION_MINOR };
-
-NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_ManufacturerID = (NSSUTF8 *) "Mozilla Foundation";
+    nss_ckcapi_CryptokiVersion = {
+        NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR,
+        NSS_CKCAPI_CRYPTOKI_VERSION_MINOR
+    };
 
 NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_LibraryDescription = (NSSUTF8 *) "NSS Access to Microsoft Certificate Store";
-
-NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_LibraryVersion = {
-	NSS_CKCAPI_LIBRARY_VERSION_MAJOR,
-	NSS_CKCAPI_LIBRARY_VERSION_MINOR};
+    nss_ckcapi_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation";
 
 NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_SlotDescription = (NSSUTF8 *) "Microsoft Certificate Store";
+    nss_ckcapi_LibraryDescription = (NSSUTF8 *)"NSS Access to Microsoft Certificate Store";
 
 NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_HardwareVersion = { 
-	NSS_CKCAPI_HARDWARE_VERSION_MAJOR,
-	NSS_CKCAPI_HARDWARE_VERSION_MINOR };
+    nss_ckcapi_LibraryVersion = {
+        NSS_CKCAPI_LIBRARY_VERSION_MAJOR,
+        NSS_CKCAPI_LIBRARY_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_SlotDescription = (NSSUTF8 *)"Microsoft Certificate Store";
 
 NSS_IMPLEMENT_DATA const CK_VERSION
-nss_ckcapi_FirmwareVersion = { 
-	NSS_CKCAPI_FIRMWARE_VERSION_MAJOR,
-	NSS_CKCAPI_FIRMWARE_VERSION_MINOR };
+    nss_ckcapi_HardwareVersion = {
+        NSS_CKCAPI_HARDWARE_VERSION_MAJOR,
+        NSS_CKCAPI_HARDWARE_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckcapi_FirmwareVersion = {
+        NSS_CKCAPI_FIRMWARE_VERSION_MAJOR,
+        NSS_CKCAPI_FIRMWARE_VERSION_MINOR
+    };
 
 NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenLabel = (NSSUTF8 *) "Microsoft Certificate Store";
+    nss_ckcapi_TokenLabel = (NSSUTF8 *)"Microsoft Certificate Store";
 
 NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenModel = (NSSUTF8 *) "1";
+    nss_ckcapi_TokenModel = (NSSUTF8 *)"1";
 
 NSS_IMPLEMENT_DATA const NSSUTF8 *
-nss_ckcapi_TokenSerialNumber = (NSSUTF8 *) "1";
-
+    nss_ckcapi_TokenSerialNumber = (NSSUTF8 *)"1";
--- a/lib/ckfw/capi/crsa.c
+++ b/lib/ckfw/capi/crsa.c
@@ -1,711 +1,687 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ckcapi.h"
 #include "secdert.h"
 
-#define SSL3_SHAMD5_HASH_SIZE  36 /* LEN_MD5 (16) + LEN_SHA1 (20) */
+#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */
 
 /*
  * ckcapi/crsa.c
  *
  * This file implements the NSSCKMDMechnaism and NSSCKMDCryptoOperation objects
  * for the RSA operation on the CAPI cryptoki module.
  */
 
 /*
  * write a Decimal value to a string
  */
 
 static char *
 putDecimalString(char *cstr, unsigned long value)
 {
-  unsigned long tenpower;
-  int first = 1;
+    unsigned long tenpower;
+    int first = 1;
+
+    for (tenpower = 10000000; tenpower; tenpower /= 10) {
+        unsigned char digit = (unsigned char)(value / tenpower);
+        value = value % tenpower;
 
-  for (tenpower=10000000; tenpower; tenpower /= 10) {
-    unsigned char digit = (unsigned char )(value/tenpower);
-    value = value % tenpower;
-
-    /* drop leading zeros */
-    if (first && (0 == digit)) {
-      continue;
+        /* drop leading zeros */
+        if (first && (0 == digit)) {
+            continue;
+        }
+        first = 0;
+        *cstr++ = digit + '0';
     }
-    first = 0;
-    *cstr++ = digit + '0';
-  }
 
-  /* if value was zero, put one of them out */
-  if (first) {
-    *cstr++ = '0';
-  }
-  return cstr;
+    /* if value was zero, put one of them out */
+    if (first) {
+        *cstr++ = '0';
+    }
+    return cstr;
 }
 
-
 /*
  * Create a Capi OID string value from a DER OID
  */
 static char *
-nss_ckcapi_GetOidString
-(
-  unsigned char *oidTag,
-  unsigned int oidTagSize,
-  CK_RV *pError
-)
+nss_ckcapi_GetOidString(
+    unsigned char *oidTag,
+    unsigned int oidTagSize,
+    CK_RV *pError)
 {
-  unsigned char *oid;
-  char *oidStr;
-  char *cstr;
-  unsigned long value;
-  unsigned int oidSize;
+    unsigned char *oid;
+    char *oidStr;
+    char *cstr;
+    unsigned long value;
+    unsigned int oidSize;
 
-  if (DER_OBJECT_ID != *oidTag) {
-    /* wasn't an oid */
-    *pError = CKR_DATA_INVALID;
-    return NULL;
-  }
-  oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL);
+    if (DER_OBJECT_ID != *oidTag) {
+        /* wasn't an oid */
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
+    oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL);
 
-  if (oidSize < 2) {
-    *pError = CKR_DATA_INVALID;
-    return NULL;
-  }
+    if (oidSize < 2) {
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
 
-  oidStr = nss_ZNEWARRAY( NULL, char, oidSize*4 );
-  if ((char *)NULL == oidStr) {
-    *pError = CKR_HOST_MEMORY;
-    return NULL;
-  }
-  cstr = oidStr;
-  cstr = putDecimalString(cstr, (*oid) / 40);
-  *cstr++ = '.';
-  cstr = putDecimalString(cstr, (*oid) % 40);
-  oidSize--;
+    oidStr = nss_ZNEWARRAY(NULL, char, oidSize * 4);
+    if ((char *)NULL == oidStr) {
+        *pError = CKR_HOST_MEMORY;
+        return NULL;
+    }
+    cstr = oidStr;
+    cstr = putDecimalString(cstr, (*oid) / 40);
+    *cstr++ = '.';
+    cstr = putDecimalString(cstr, (*oid) % 40);
+    oidSize--;
 
-  value = 0;
-  while (oidSize--) {
-    oid++;
-    value = (value << 7) + (*oid & 0x7f);
-    if (0 == (*oid & 0x80)) {
-      *cstr++ = '.';
-      cstr = putDecimalString(cstr, value);
-      value = 0;
+    value = 0;
+    while (oidSize--) {
+        oid++;
+        value = (value << 7) + (*oid & 0x7f);
+        if (0 == (*oid & 0x80)) {
+            *cstr++ = '.';
+            cstr = putDecimalString(cstr, value);
+            value = 0;
+        }
     }
-  }
 
-  *cstr = 0; /* NULL terminate */
+    *cstr = 0; /* NULL terminate */
 
-  if (value != 0) {
-    nss_ZFreeIf(oidStr);
-    *pError = CKR_DATA_INVALID;
-    return NULL;
-  }
-  return oidStr;
+    if (value != 0) {
+        nss_ZFreeIf(oidStr);
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
+    return oidStr;
 }
 
-
 /*
- * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, 
- * which includes the hash OID. CAPI expects to take a Hash Context. While 
- * CAPI does have the capability of setting a raw hash value, it does not 
+ * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+ * which includes the hash OID. CAPI expects to take a Hash Context. While
+ * CAPI does have the capability of setting a raw hash value, it does not
  * have the ability to sign an arbitrary value. This function tries to
  * reduce the passed in data into something that CAPI could actually sign.
  */
 static CK_RV
-ckcapi_GetRawHash
-(
-  const NSSItem *input,
-  NSSItem *hash, 
-  ALG_ID *hashAlg
-)
+ckcapi_GetRawHash(
+    const NSSItem *input,
+    NSSItem *hash,
+    ALG_ID *hashAlg)
 {
-   unsigned char *current;
-   unsigned char *algid;
-   unsigned char *oid;
-   unsigned char *hashData;
-   char *oidStr;
-   CK_RV error;
-   unsigned int oidSize;
-   unsigned int size;
-   /*
+    unsigned char *current;
+    unsigned char *algid;
+    unsigned char *oid;
+    unsigned char *hashData;
+    char *oidStr;
+    CK_RV error;
+    unsigned int oidSize;
+    unsigned int size;
+    /*
     * there are 2 types of hashes NSS typically tries to sign, regular
     * RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes.
     * CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any
     * random hash that is exactly the same size as an SSL3 hash, then we can
     * just pass the data through. CAPI has know way of knowing if the value
     * is really a combined hash or some other arbitrary data, so it's safe to
     * handle this case first.
     */
-  if (SSL3_SHAMD5_HASH_SIZE == input->size) {
-    hash->data = input->data;
-    hash->size = input->size;
-    *hashAlg = CALG_SSL3_SHAMD5;
-    return CKR_OK;
-  }
+    if (SSL3_SHAMD5_HASH_SIZE == input->size) {
+        hash->data = input->data;
+        hash->size = input->size;
+        *hashAlg = CALG_SSL3_SHAMD5;
+        return CKR_OK;
+    }
 
-  current = (unsigned char *)input->data;
+    current = (unsigned char *)input->data;
+
+    /* make sure we have a sequence tag */
+    if ((DER_SEQUENCE | DER_CONSTRUCTED) != *current) {
+        return CKR_DATA_INVALID;
+    }
 
-  /* make sure we have a sequence tag */
-  if ((DER_SEQUENCE|DER_CONSTRUCTED) != *current) {
-    return CKR_DATA_INVALID;
-  }
+    /* parse the input block to get 1) the hash oid, and 2) the raw hash value.
+     * unfortunatly CAPI doesn't have a builtin function to do this work, so
+     * we go ahead and do it by hand here.
+     *
+     * format is:
+     *  SEQUENCE {
+     *     SECQUENCE { // algid
+     *       OID {}    // oid
+     *       ANY {}    // optional params
+     *     }
+     *     OCTECT {}   // hash
+     */
 
-  /* parse the input block to get 1) the hash oid, and 2) the raw hash value.
-   * unfortunatly CAPI doesn't have a builtin function to do this work, so
-   * we go ahead and do it by hand here.
-   *
-   * format is:
-   *  SEQUENCE {
-   *     SECQUENCE { // algid
-   *       OID {}    // oid
-   *       ANY {}    // optional params 
-   *     }
-   *     OCTECT {}   // hash
-   */
+    /* unwrap */
+    algid = nss_ckcapi_DERUnwrap(current, input->size, &size, NULL);
 
-  /* unwrap */
-  algid = nss_ckcapi_DERUnwrap(current,input->size, &size, NULL);
-  
-  if (algid+size != current+input->size) {
-    /* make sure there is not extra data at the end */
-    return CKR_DATA_INVALID;
-  }
+    if (algid + size != current + input->size) {
+        /* make sure there is not extra data at the end */
+        return CKR_DATA_INVALID;
+    }
 
-  if ((DER_SEQUENCE|DER_CONSTRUCTED) != *algid) {
-    /* wasn't an algid */
-    return CKR_DATA_INVALID;
-  }
-  oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData);
+    if ((DER_SEQUENCE | DER_CONSTRUCTED) != *algid) {
+        /* wasn't an algid */
+        return CKR_DATA_INVALID;
+    }
+    oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData);
 
-  if (DER_OCTET_STRING != *hashData) {
-    /* wasn't a hash */
-    return CKR_DATA_INVALID;
-  }
+    if (DER_OCTET_STRING != *hashData) {
+        /* wasn't a hash */
+        return CKR_DATA_INVALID;
+    }
 
-  /* get the real hash */
-  current = hashData;
-  size = size - (hashData-algid);
-  hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL);
+    /* get the real hash */
+    current = hashData;
+    size = size - (hashData - algid);
+    hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL);
 
-  /* get the real oid as a string. Again, Microsoft does not
-   * export anything that does this for us */
-  oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error);
-  if ((char *)NULL == oidStr ) {
-    return error;
-  }
+    /* get the real oid as a string. Again, Microsoft does not
+     * export anything that does this for us */
+    oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error);
+    if ((char *)NULL == oidStr) {
+        return error;
+    }
 
-  /* look up the hash alg from the oid (fortunately CAPI does to this) */ 
-  *hashAlg = CertOIDToAlgId(oidStr);
-  nss_ZFreeIf(oidStr);
-  if (0 == *hashAlg) {
-    return CKR_HOST_MEMORY;
-  }
+    /* look up the hash alg from the oid (fortunately CAPI does to this) */
+    *hashAlg = CertOIDToAlgId(oidStr);
+    nss_ZFreeIf(oidStr);
+    if (0 == *hashAlg) {
+        return CKR_HOST_MEMORY;
+    }
 
-  /* hash looks reasonably consistent, we should be able to sign it now */
-  return CKR_OK;
+    /* hash looks reasonably consistent, we should be able to sign it now */
+    return CKR_OK;
 }
 
 /*
  * So everyone else in the worlds stores their bignum data MSB first, but not
  * Microsoft, we need to byte swap everything coming into and out of CAPI.
  */
 void
 ckcapi_ReverseData(NSSItem *item)
 {
-  int end = (item->size)-1;
-  int middle = (item->size)/2;
-  unsigned char *buf = item->data;
-  int i;
+    int end = (item->size) - 1;
+    int middle = (item->size) / 2;
+    unsigned char *buf = item->data;
+    int i;
 
-  for (i=0; i < middle; i++) {
-    unsigned char  tmp = buf[i];
-    buf[i] = buf[end-i];
-    buf[end-i] = tmp;
-  }
-  return;
+    for (i = 0; i < middle; i++) {
+        unsigned char tmp = buf[i];
+        buf[i] = buf[end - i];
+        buf[end - i] = tmp;
+    }
+    return;
 }
 
-typedef struct ckcapiInternalCryptoOperationRSAPrivStr 
-               ckcapiInternalCryptoOperationRSAPriv;
-struct ckcapiInternalCryptoOperationRSAPrivStr
-{
-  NSSCKMDCryptoOperation mdOperation;
-  NSSCKMDMechanism     *mdMechanism;
-  ckcapiInternalObject *iKey;
-  HCRYPTPROV           hProv;
-  DWORD                keySpec;
-  HCRYPTKEY            hKey;
-  NSSItem	       *buffer;
+typedef struct ckcapiInternalCryptoOperationRSAPrivStr
+    ckcapiInternalCryptoOperationRSAPriv;
+struct ckcapiInternalCryptoOperationRSAPrivStr {
+    NSSCKMDCryptoOperation mdOperation;
+    NSSCKMDMechanism *mdMechanism;
+    ckcapiInternalObject *iKey;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey;
+    NSSItem *buffer;
 };
 
 /*
  * ckcapi_mdCryptoOperationRSAPriv_Create
  */
 static NSSCKMDCryptoOperation *
-ckcapi_mdCryptoOperationRSAPriv_Create
-(
-  const NSSCKMDCryptoOperation *proto,
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKMDObject *mdKey,
-  CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSAPriv_Create(
+    const NSSCKMDCryptoOperation *proto,
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDObject *mdKey,
+    CK_RV *pError)
 {
-  ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc;
-  const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS);
-  const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE);
-  ckcapiInternalCryptoOperationRSAPriv *iOperation;
-  CK_RV   error;
-  HCRYPTPROV  hProv;
-  DWORD       keySpec;
-  HCRYPTKEY   hKey;
+    ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc;
+    const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS);
+    const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE);
+    ckcapiInternalCryptoOperationRSAPriv *iOperation;
+    CK_RV error;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey;
 
-  /* make sure we have the right objects */
-  if (((const NSSItem *)NULL == classItem) ||
-      (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
-      (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
-      ((const NSSItem *)NULL == keyType) ||
-      (sizeof(CK_KEY_TYPE) != keyType->size) ||
-      (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
-    *pError =  CKR_KEY_TYPE_INCONSISTENT;
-    return (NSSCKMDCryptoOperation *)NULL;
-  }
+    /* make sure we have the right objects */
+    if (((const NSSItem *)NULL == classItem) ||
+        (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
+        (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
+        ((const NSSItem *)NULL == keyType) ||
+        (sizeof(CK_KEY_TYPE) != keyType->size) ||
+        (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
+        *pError = CKR_KEY_TYPE_INCONSISTENT;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
 
-  error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey);
-  if (error != CKR_OK) {
-    *pError = error;
-    return (NSSCKMDCryptoOperation *)NULL;
-  }
+    error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey);
+    if (error != CKR_OK) {
+        *pError = error;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
 
-  iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv);
-  if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) {
-    *pError = CKR_HOST_MEMORY;
-    return (NSSCKMDCryptoOperation *)NULL;
-  }
-  iOperation->mdMechanism = mdMechanism;
-  iOperation->iKey = iKey;
-  iOperation->hProv = hProv;
-  iOperation->keySpec = keySpec;
-  iOperation->hKey = hKey;
+    iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv);
+    if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+    iOperation->mdMechanism = mdMechanism;
+    iOperation->iKey = iKey;
+    iOperation->hProv = hProv;
+    iOperation->keySpec = keySpec;
+    iOperation->hKey = hKey;
 
-  nsslibc_memcpy(&iOperation->mdOperation, 
-                 proto, sizeof(NSSCKMDCryptoOperation));
-  iOperation->mdOperation.etc = iOperation;
+    nsslibc_memcpy(&iOperation->mdOperation,
+                   proto, sizeof(NSSCKMDCryptoOperation));
+    iOperation->mdOperation.etc = iOperation;
 
-  return &iOperation->mdOperation;
+    return &iOperation->mdOperation;
 }
 
 static CK_RV
-ckcapi_mdCryptoOperationRSAPriv_Destroy
-(
-  NSSCKMDCryptoOperation *mdOperation,
-  NSSCKFWCryptoOperation *fwOperation,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdCryptoOperationRSAPriv_Destroy(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  ckcapiInternalCryptoOperationRSAPriv *iOperation =
-       (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
 
-  if (iOperation->hKey) {
-    CryptDestroyKey(iOperation->hKey);
-  }
-  if (iOperation->buffer) {
-    nssItem_Destroy(iOperation->buffer);
-  }
-  nss_ZFreeIf(iOperation);
-  return CKR_OK;
+    if (iOperation->hKey) {
+        CryptDestroyKey(iOperation->hKey);
+    }
+    if (iOperation->buffer) {
+        nssItem_Destroy(iOperation->buffer);
+    }
+    nss_ZFreeIf(iOperation);
+    return CKR_OK;
 }
 
 static CK_ULONG
-ckcapi_mdCryptoOperationRSA_GetFinalLength
-(
-  NSSCKMDCryptoOperation *mdOperation,
-  NSSCKFWCryptoOperation *fwOperation,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSA_GetFinalLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  ckcapiInternalCryptoOperationRSAPriv *iOperation =
-       (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
-  const NSSItem *modulus = 
-       nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS);
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    const NSSItem *modulus =
+        nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS);
 
-  return modulus->size;
+    return modulus->size;
 }
 
-
 /*
  * ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength
  * we won't know the length until we actually decrypt the
  * input block. Since we go to all the work to decrypt the
  * the block, we'll save if for when the block is asked for
  */
 static CK_ULONG
-ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength
-(
-  NSSCKMDCryptoOperation *mdOperation,
-  NSSCKFWCryptoOperation *fwOperation,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  const NSSItem *input,
-  CK_RV *pError
-)
+ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    CK_RV *pError)
 {
-  ckcapiInternalCryptoOperationRSAPriv *iOperation =
-       (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
-  BOOL rc;
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    BOOL rc;
 
-  /* Microsoft's Decrypt operation works in place. Since we don't want
-   * to trash our input buffer, we make a copy of it */
-  iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL);
-  if ((NSSItem *) NULL == iOperation->buffer) {
-    *pError = CKR_HOST_MEMORY;
-    return 0;
-  }
-  /* Sigh, reverse it */
-  ckcapi_ReverseData(iOperation->buffer);
-  
-  rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0, 
-		    iOperation->buffer->data, &iOperation->buffer->size);
-  if (!rc) {
-    DWORD msError = GetLastError();
-    switch (msError) {
-    case NTE_BAD_DATA:
-      *pError = CKR_ENCRYPTED_DATA_INVALID;
-      break;
-    case NTE_FAIL:
-    case NTE_BAD_UID:
-      *pError = CKR_DEVICE_ERROR;
-      break;
-    default:
-      *pError = CKR_GENERAL_ERROR; 
+    /* Microsoft's Decrypt operation works in place. Since we don't want
+     * to trash our input buffer, we make a copy of it */
+    iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL);
+    if ((NSSItem *)NULL == iOperation->buffer) {
+        *pError = CKR_HOST_MEMORY;
+        return 0;
     }
-    return 0;
-  }
+    /* Sigh, reverse it */
+    ckcapi_ReverseData(iOperation->buffer);
 
-  return iOperation->buffer->size;
+    rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0,
+                      iOperation->buffer->data, &iOperation->buffer->size);
+    if (!rc) {
+        DWORD msError = GetLastError();
+        switch (msError) {
+            case NTE_BAD_DATA:
+                *pError =
+                    CKR_ENCRYPTED_DATA_INVALID;
+                break;
+            case NTE_FAIL:
+            case NTE_BAD_UID:
+                *pError =
+                    CKR_DEVICE_ERROR;
+                break;
+            default:
+                *pError =
+                    CKR_GENERAL_ERROR;
+        }
+        return 0;
+    }
+
+    return iOperation->buffer->size;
 }
 
 /*
  * ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal
  *
- * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to 
+ * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
  * have been called previously.
  */
 static CK_RV
-ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal
-(
-  NSSCKMDCryptoOperation *mdOperation,
-  NSSCKFWCryptoOperation *fwOperation,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  const NSSItem *input,
-  NSSItem *output
-)
+ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
 {
-  ckcapiInternalCryptoOperationRSAPriv *iOperation =
-       (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
-  NSSItem *buffer = iOperation->buffer;
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    NSSItem *buffer = iOperation->buffer;
 
-  if ((NSSItem *)NULL == buffer) {
-    return CKR_GENERAL_ERROR;
-  }
-  nsslibc_memcpy(output->data, buffer->data, buffer->size);
-  output->size = buffer->size;
-  return CKR_OK;
+    if ((NSSItem *)NULL == buffer) {
+        return CKR_GENERAL_ERROR;
+    }
+    nsslibc_memcpy(output->data, buffer->data, buffer->size);
+    output->size = buffer->size;
+    return CKR_OK;
 }
 
 /*
  * ckcapi_mdCryptoOperationRSASign_UpdateFinal
  *
  */
 static CK_RV
-ckcapi_mdCryptoOperationRSASign_UpdateFinal
-(
-  NSSCKMDCryptoOperation *mdOperation,
-  NSSCKFWCryptoOperation *fwOperation,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  const NSSItem *input,
-  NSSItem *output
-)
+ckcapi_mdCryptoOperationRSASign_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
 {
-  ckcapiInternalCryptoOperationRSAPriv *iOperation =
-       (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
-  CK_RV error = CKR_OK;
-  DWORD msError;
-  NSSItem hash;
-  HCRYPTHASH hHash = 0;
-  ALG_ID  hashAlg;
-  DWORD  hashSize;
-  DWORD  len; /* temp length value we throw away */
-  BOOL   rc;
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    CK_RV error = CKR_OK;
+    DWORD msError;
+    NSSItem hash;
+    HCRYPTHASH hHash = 0;
+    ALG_ID hashAlg;
+    DWORD hashSize;
+    DWORD len; /* temp length value we throw away */
+    BOOL rc;
 
-  /*
-   * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value, 
-   * which includes the hash OID. CAPI expects to take a Hash Context. While 
-   * CAPI does have the capability of setting a raw hash value, it does not 
-   * have the ability to sign an arbitrary value. This function tries to
-   * reduce the passed in data into something that CAPI could actually sign.
-   */
-  error = ckcapi_GetRawHash(input, &hash, &hashAlg);
-  if (CKR_OK != error) {
-    goto loser;
-  }
+    /*
+     * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+     * which includes the hash OID. CAPI expects to take a Hash Context. While
+     * CAPI does have the capability of setting a raw hash value, it does not
+     * have the ability to sign an arbitrary value. This function tries to
+     * reduce the passed in data into something that CAPI could actually sign.
+     */
+    error = ckcapi_GetRawHash(input, &hash, &hashAlg);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash);
+    if (!rc) {
+        goto loser;
+    }
 
-  rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash);
-  if (!rc) {
-    goto loser;
-  }
+    /* make sure the hash lens match before we set it */
+    len = sizeof(DWORD);
+    rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0);
+    if (!rc) {
+        goto loser;
+    }
 
-  /* make sure the hash lens match before we set it */
-  len = sizeof(DWORD);
-  rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0);
-  if (!rc) {
-    goto loser;
-  }
+    if (hash.size != hashSize) {
+        /* The input must have been bad for this to happen */
+        error = CKR_DATA_INVALID;
+        goto loser;
+    }
 
-  if (hash.size != hashSize) {
-    /* The input must have been bad for this to happen */
-    error = CKR_DATA_INVALID;
-    goto loser;
-  }
+    /* we have an explicit hash, set it, note that the length is
+     * implicit by the hashAlg used in create */
+    rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0);
+    if (!rc) {
+        goto loser;
+    }
 
-  /* we have an explicit hash, set it, note that the length is
-   * implicit by the hashAlg used in create */
-  rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0);
-  if (!rc) {
-    goto loser;
-  }
-
-  /* OK, we have the data in a hash structure, sign it! */
-  rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0,
-                     output->data, &output->size);
-  if (!rc) {
-    goto loser;
-  }
+    /* OK, we have the data in a hash structure, sign it! */
+    rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0,
+                       output->data, &output->size);
+    if (!rc) {
+        goto loser;
+    }
 
-  /* Don't return a signature that might have been broken because of a cosmic
-   * ray, or a broken processor, verify that it is valid... */
-  rc = CryptVerifySignature(hHash, output->data, output->size, 
-                            iOperation->hKey, NULL, 0);
-  if (!rc) {
-    goto loser;
-  }
+    /* Don't return a signature that might have been broken because of a cosmic
+     * ray, or a broken processor, verify that it is valid... */
+    rc = CryptVerifySignature(hHash, output->data, output->size,
+                              iOperation->hKey, NULL, 0);
+    if (!rc) {
+        goto loser;
+    }
 
-  /* OK, Microsoft likes to do things completely differently than anyone
-   * else. We need to reverse the data we received here */
-  ckcapi_ReverseData(output);
-  CryptDestroyHash(hHash);
-  return CKR_OK;
+    /* OK, Microsoft likes to do things completely differently than anyone
+     * else. We need to reverse the data we received here */
+    ckcapi_ReverseData(output);
+    CryptDestroyHash(hHash);
+    return CKR_OK;
 
 loser:
-  /* map the microsoft error */
-  if (CKR_OK == error) {
-    msError = GetLastError();
-    switch (msError) {
-    case ERROR_NOT_ENOUGH_MEMORY:
-      error = CKR_HOST_MEMORY;
-      break;
-    case NTE_NO_MEMORY:
-      error = CKR_DEVICE_MEMORY;
-      break;
-    case ERROR_MORE_DATA:
-      return CKR_BUFFER_TOO_SMALL;
-    case ERROR_INVALID_PARAMETER: /* these params were derived from the */
-    case ERROR_INVALID_HANDLE:    /* inputs, so if they are bad, the input */ 
-    case NTE_BAD_ALGID:           /* data is bad */
-    case NTE_BAD_HASH:
-      error = CKR_DATA_INVALID;
-      break;
-    case ERROR_BUSY:
-    case NTE_FAIL:
-    case NTE_BAD_UID:
-      error = CKR_DEVICE_ERROR;
-      break;
-    default:
-      error = CKR_GENERAL_ERROR;
-      break;
+    /* map the microsoft error */
+    if (CKR_OK == error) {
+        msError = GetLastError();
+        switch (msError) {
+            case ERROR_NOT_ENOUGH_MEMORY:
+                error =
+                    CKR_HOST_MEMORY;
+                break;
+            case NTE_NO_MEMORY:
+                error =
+                    CKR_DEVICE_MEMORY;
+                break;
+            case ERROR_MORE_DATA:
+                return CKR_BUFFER_TOO_SMALL;
+            case ERROR_INVALID_PARAMETER: /* these params were derived from the */
+            case ERROR_INVALID_HANDLE:    /* inputs, so if they are bad, the input */
+            case NTE_BAD_ALGID:           /* data is bad */
+            case NTE_BAD_HASH:
+                error =
+                    CKR_DATA_INVALID;
+                break;
+            case ERROR_BUSY:
+            case NTE_FAIL:
+            case NTE_BAD_UID:
+                error =
+                    CKR_DEVICE_ERROR;
+                break;
+            default:
+                error =
+                    CKR_GENERAL_ERROR;
+                break;
+        }
     }
-  }
-  if (hHash) {
-    CryptDestroyHash(hHash);
-  }
-  return error;
+    if (hHash) {
+        CryptDestroyHash(hHash);
+    }
+    return error;
 }
-  
 
 NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
-ckcapi_mdCryptoOperationRSADecrypt_proto = {
-  NULL, /* etc */
-  ckcapi_mdCryptoOperationRSAPriv_Destroy,
-  NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
-  ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength,
-  NULL, /* Final - not needed for one shot operation */
-  NULL, /* Update - not needed for one shot operation */
-  NULL, /* DigetUpdate - not needed for one shot operation */
-  ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal,
-  NULL, /* UpdateCombo - not needed for one shot operation */
-  NULL, /* DigetKey - not needed for one shot operation */
-  (void *)NULL /* null terminator */
-};
+    ckcapi_mdCryptoOperationRSADecrypt_proto = {
+        NULL, /* etc */
+        ckcapi_mdCryptoOperationRSAPriv_Destroy,
+        NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
+        ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength,
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
 
 NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
-ckcapi_mdCryptoOperationRSASign_proto = {
-  NULL, /* etc */
-  ckcapi_mdCryptoOperationRSAPriv_Destroy,
-  ckcapi_mdCryptoOperationRSA_GetFinalLength,
-  NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
-  NULL, /* Final - not needed for one shot operation */
-  NULL, /* Update - not needed for one shot operation */
-  NULL, /* DigetUpdate - not needed for one shot operation */
-  ckcapi_mdCryptoOperationRSASign_UpdateFinal,
-  NULL, /* UpdateCombo - not needed for one shot operation */
-  NULL, /* DigetKey - not needed for one shot operation */
-  (void *)NULL /* null terminator */
-};
+    ckcapi_mdCryptoOperationRSASign_proto = {
+        NULL, /* etc */
+        ckcapi_mdCryptoOperationRSAPriv_Destroy,
+        ckcapi_mdCryptoOperationRSA_GetFinalLength,
+        NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckcapi_mdCryptoOperationRSASign_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
 
 /********** NSSCKMDMechansim functions ***********************/
 /*
  * ckcapi_mdMechanismRSA_Destroy
  */
 static void
-ckcapi_mdMechanismRSA_Destroy
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKFWMechanism *fwMechanism,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdMechanismRSA_Destroy(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  nss_ZFreeIf(fwMechanism);
+    nss_ZFreeIf(fwMechanism);
 }
 
 /*
  * ckcapi_mdMechanismRSA_GetMinKeySize
  */
 static CK_ULONG
-ckcapi_mdMechanismRSA_GetMinKeySize
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKFWMechanism *fwMechanism,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdMechanismRSA_GetMinKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return 384;
+    return 384;
 }
 
 /*
  * ckcapi_mdMechanismRSA_GetMaxKeySize
  */
 static CK_ULONG
-ckcapi_mdMechanismRSA_GetMaxKeySize
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKFWMechanism *fwMechanism,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdMechanismRSA_GetMaxKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return 16384;
+    return 16384;
 }
 
 /*
  * ckcapi_mdMechanismRSA_DecryptInit
  */
-static NSSCKMDCryptoOperation * 
-ckcapi_mdMechanismRSA_DecryptInit
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKFWMechanism *fwMechanism,
-  CK_MECHANISM     *pMechanism,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKMDObject *mdKey,
-  NSSCKFWObject *fwKey,
-  CK_RV *pError
-)
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_DecryptInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
 {
-  return ckcapi_mdCryptoOperationRSAPriv_Create(
-		&ckcapi_mdCryptoOperationRSADecrypt_proto,
-		mdMechanism, mdKey, pError);
+    return ckcapi_mdCryptoOperationRSAPriv_Create(
+        &ckcapi_mdCryptoOperationRSADecrypt_proto,
+        mdMechanism, mdKey, pError);
 }
 
 /*
  * ckcapi_mdMechanismRSA_SignInit
  */
-static NSSCKMDCryptoOperation * 
-ckcapi_mdMechanismRSA_SignInit
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKFWMechanism *fwMechanism,
-  CK_MECHANISM     *pMechanism,
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKMDObject *mdKey,
-  NSSCKFWObject *fwKey,
-  CK_RV *pError
-)
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_SignInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
 {
-  return ckcapi_mdCryptoOperationRSAPriv_Create(
-		&ckcapi_mdCryptoOperationRSASign_proto,
-		mdMechanism, mdKey, pError);
+    return ckcapi_mdCryptoOperationRSAPriv_Create(
+        &ckcapi_mdCryptoOperationRSASign_proto,
+        mdMechanism, mdKey, pError);
 }
 
-
 NSS_IMPLEMENT_DATA const NSSCKMDMechanism
-nss_ckcapi_mdMechanismRSA = {
-  (void *)NULL, /* etc */
-  ckcapi_mdMechanismRSA_Destroy,
-  ckcapi_mdMechanismRSA_GetMinKeySize,
-  ckcapi_mdMechanismRSA_GetMaxKeySize,
-  NULL, /* GetInHardware - default false */
-  NULL, /* EncryptInit - default errs */
-  ckcapi_mdMechanismRSA_DecryptInit,
-  NULL, /* DigestInit - default errs*/
-  ckcapi_mdMechanismRSA_SignInit,
-  NULL, /* VerifyInit - default errs */
-  ckcapi_mdMechanismRSA_SignInit,  /* SignRecoverInit */
-  NULL, /* VerifyRecoverInit - default errs */
-  NULL, /* GenerateKey - default errs */
-  NULL, /* GenerateKeyPair - default errs */
-  NULL, /* GetWrapKeyLength - default errs */
-  NULL, /* WrapKey - default errs */
-  NULL, /* UnwrapKey - default errs */
-  NULL, /* DeriveKey - default errs */
-  (void *)NULL /* null terminator */
-};
+    nss_ckcapi_mdMechanismRSA = {
+        (void *)NULL, /* etc */
+        ckcapi_mdMechanismRSA_Destroy,
+        ckcapi_mdMechanismRSA_GetMinKeySize,
+        ckcapi_mdMechanismRSA_GetMaxKeySize,
+        NULL, /* GetInHardware - default false */
+        NULL, /* EncryptInit - default errs */
+        ckcapi_mdMechanismRSA_DecryptInit,
+        NULL, /* DigestInit - default errs*/
+        ckcapi_mdMechanismRSA_SignInit,
+        NULL,                           /* VerifyInit - default errs */
+        ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */
+        NULL,                           /* VerifyRecoverInit - default errs */
+        NULL,                           /* GenerateKey - default errs */
+        NULL,                           /* GenerateKeyPair - default errs */
+        NULL,                           /* GetWrapKeyLength - default errs */
+        NULL,                           /* WrapKey - default errs */
+        NULL,                           /* UnwrapKey - default errs */
+        NULL,                           /* DeriveKey - default errs */
+        (void *)NULL                    /* null terminator */
+    };
--- a/lib/ckfw/capi/csession.c
+++ b/lib/ckfw/capi/csession.c
@@ -2,92 +2,86 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ckcapi.h"
 
 /*
  * ckcapi/csession.c
  *
- * This file implements the NSSCKMDSession object for the 
+ * This file implements the NSSCKMDSession object for the
  * "nss to capi" cryptoki module.
  */
 
 static NSSCKMDFindObjects *
-ckcapi_mdSession_FindObjectsInit
-(
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+ckcapi_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+    return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
 }
 
 static NSSCKMDObject *
-ckcapi_mdSession_CreateObject
-(
-  NSSCKMDSession *mdSession,
-  NSSCKFWSession *fwSession,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSArena        *arena,
-  CK_ATTRIBUTE_PTR pTemplate,
-  CK_ULONG ulAttributeCount,
-  CK_RV *pError
-)
+ckcapi_mdSession_CreateObject(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
 {
-  return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
+    return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
 }
 
 NSS_IMPLEMENT NSSCKMDSession *
-nss_ckcapi_CreateSession
-(
-  NSSCKFWSession *fwSession,
-  CK_RV *pError
-)
+nss_ckcapi_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
 {
-  NSSArena *arena;
-  NSSCKMDSession *rv;
+    NSSArena *arena;
+    NSSCKMDSession *rv;
 
-  arena = NSSCKFWSession_GetArena(fwSession, pError);
-  if( (NSSArena *)NULL == arena ) {
-    return (NSSCKMDSession *)NULL;
-  }
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+    if ((NSSArena *)NULL == arena) {
+        return (NSSCKMDSession *)NULL;
+    }
 
-  rv = nss_ZNEW(arena, NSSCKMDSession);
-  if( (NSSCKMDSession *)NULL == rv ) {
-    *pError = CKR_HOST_MEMORY;
-    return (NSSCKMDSession *)NULL;
-  }
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
 
-  /* 
-   * rv was zeroed when allocated, so we only 
-   * need to set the non-zero members.
-   */
+    /*
+     * rv was zeroed when allocated, so we only
+     * need to set the non-zero members.
+     */
 
-  rv->etc = (void *)fwSession;
-  /* rv->Close */
-  /* rv->GetDeviceError */
-  /* rv->Login */
-  /* rv->Logout */
-  /* rv->InitPIN */
-  /* rv->SetPIN */
-  /* rv->GetOperationStateLen */
-  /* rv->GetOperationState */
-  /* rv->SetOperationState */
-  rv->CreateObject = ckcapi_mdSession_CreateObject;
-  /* rv->CopyObject */
-  rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit;
-  /* rv->SeedRandom */
-  /* rv->GetRandom */
-  /* rv->null */
+    rv->etc = (void *)fwSession;
+    /* rv->Close */
+    /* rv->GetDeviceError */
+    /* rv->Login */
+    /* rv->Logout */
+    /* rv->InitPIN */
+    /* rv->SetPIN */
+    /* rv->GetOperationStateLen */
+    /* rv->GetOperationState */
+    /* rv->SetOperationState */
+    rv->CreateObject = ckcapi_mdSession_CreateObject;
+    /* rv->CopyObject */
+    rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit;
+    /* rv->SeedRandom */
+    /* rv->GetRandom */
+    /* rv->null */
 
-  return rv;
+    return rv;
 }
--- a/lib/ckfw/capi/cslot.c
+++ b/lib/ckfw/capi/cslot.c
@@ -7,85 +7,75 @@
 /*
  * ckcapi/cslot.c
  *
  * This file implements the NSSCKMDSlot object for the
  * "nss to capi" cryptoki module.
  */
 
 static NSSUTF8 *
-ckcapi_mdSlot_GetSlotDescription
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_SlotDescription;
+    return (NSSUTF8 *)nss_ckcapi_SlotDescription;
 }
 
 static NSSUTF8 *
-ckcapi_mdSlot_GetManufacturerID
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
 }
 
 static CK_VERSION
-ckcapi_mdSlot_GetHardwareVersion
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdSlot_GetHardwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_HardwareVersion;
+    return nss_ckcapi_HardwareVersion;
 }
 
 static CK_VERSION
-ckcapi_mdSlot_GetFirmwareVersion
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdSlot_GetFirmwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_FirmwareVersion;
+    return nss_ckcapi_FirmwareVersion;
 }
 
 static NSSCKMDToken *
-ckcapi_mdSlot_GetToken
-(
-  NSSCKMDSlot *mdSlot,
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSCKMDToken *)&nss_ckcapi_mdToken;
+    return (NSSCKMDToken *)&nss_ckcapi_mdToken;
 }
 
 NSS_IMPLEMENT_DATA const NSSCKMDSlot
-nss_ckcapi_mdSlot = {
-  (void *)NULL, /* etc */
-  NULL, /* Initialize */
-  NULL, /* Destroy */
-  ckcapi_mdSlot_GetSlotDescription,
-  ckcapi_mdSlot_GetManufacturerID,
-  NULL, /* GetTokenPresent -- defaults to true */
-  NULL, /* GetRemovableDevice -- defaults to false */
-  NULL, /* GetHardwareSlot -- defaults to false */
-  ckcapi_mdSlot_GetHardwareVersion,
-  ckcapi_mdSlot_GetFirmwareVersion,
-  ckcapi_mdSlot_GetToken,
-  (void *)NULL /* null terminator */
-};
+    nss_ckcapi_mdSlot = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Destroy */
+        ckcapi_mdSlot_GetSlotDescription,
+        ckcapi_mdSlot_GetManufacturerID,
+        NULL, /* GetTokenPresent -- defaults to true */
+        NULL, /* GetRemovableDevice -- defaults to false */
+        NULL, /* GetHardwareSlot -- defaults to false */
+        ckcapi_mdSlot_GetHardwareVersion,
+        ckcapi_mdSlot_GetFirmwareVersion,
+        ckcapi_mdSlot_GetToken,
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/capi/ctoken.c
+++ b/lib/ckfw/capi/ctoken.c
@@ -7,202 +7,178 @@
 /*
  * ckcapi/ctoken.c
  *
  * This file implements the NSSCKMDToken object for the
  * "nss to capi" cryptoki module.
  */
 
 static NSSUTF8 *
-ckcapi_mdToken_GetLabel
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_TokenLabel;
+    return (NSSUTF8 *)nss_ckcapi_TokenLabel;
 }
 
 static NSSUTF8 *
-ckcapi_mdToken_GetManufacturerID
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
 }
 
 static NSSUTF8 *
-ckcapi_mdToken_GetModel
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_TokenModel;
+    return (NSSUTF8 *)nss_ckcapi_TokenModel;
 }
 
 static NSSUTF8 *
-ckcapi_mdToken_GetSerialNumber
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-)
+ckcapi_mdToken_GetSerialNumber(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
 {
-  return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber;
+    return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber;
 }
 
 static CK_BBOOL
-ckcapi_mdToken_GetIsWriteProtected
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CK_FALSE;
+    return CK_FALSE;
 }
 
 /* fake out Mozilla so we don't try to initialize the token */
 static CK_BBOOL
-ckcapi_mdToken_GetUserPinInitialized
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetUserPinInitialized(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return CK_TRUE;
+    return CK_TRUE;
 }
 
 static CK_VERSION
-ckcapi_mdToken_GetHardwareVersion
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_HardwareVersion;
+    return nss_ckcapi_HardwareVersion;
 }
 
 static CK_VERSION
-ckcapi_mdToken_GetFirmwareVersion
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetFirmwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return nss_ckcapi_FirmwareVersion;
+    return nss_ckcapi_FirmwareVersion;
 }
 
 static NSSCKMDSession *
-ckcapi_mdToken_OpenSession
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWSession *fwSession,
-  CK_BBOOL rw,
-  CK_RV *pError
-)
+ckcapi_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
 {
-  return nss_ckcapi_CreateSession(fwSession, pError);
+    return nss_ckcapi_CreateSession(fwSession, pError);
 }
 
 static CK_ULONG
-ckcapi_mdToken_GetMechanismCount
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-)
+ckcapi_mdToken_GetMechanismCount(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
 {
-  return (CK_ULONG)1;
+    return (CK_ULONG)1;
 }
 
 static CK_RV
-ckcapi_mdToken_GetMechanismTypes
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_MECHANISM_TYPE types[]
-)
+ckcapi_mdToken_GetMechanismTypes(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE types[])
 {
-  types[0] = CKM_RSA_PKCS;
-  return CKR_OK;
+    types[0] = CKM_RSA_PKCS;
+    return CKR_OK;
 }
 
 static NSSCKMDMechanism *
-ckcapi_mdToken_GetMechanism
-(
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance,
-  CK_MECHANISM_TYPE which,
-  CK_RV *pError
-)
+ckcapi_mdToken_GetMechanism(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError)
 {
-  if (which != CKM_RSA_PKCS) {
-    *pError = CKR_MECHANISM_INVALID;
-    return (NSSCKMDMechanism *)NULL;
-  }
-  return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA;
+    if (which != CKM_RSA_PKCS) {
+        *pError = CKR_MECHANISM_INVALID;
+        return (NSSCKMDMechanism *)NULL;
+    }
+    return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA;
 }
 
 NSS_IMPLEMENT_DATA const NSSCKMDToken
-nss_ckcapi_mdToken = {
-  (void *)NULL, /* etc */
-  NULL, /* Setup */
-  NULL, /* Invalidate */
-  NULL, /* InitToken -- default errs */
-  ckcapi_mdToken_GetLabel,
-  ckcapi_mdToken_GetManufacturerID,
-  ckcapi_mdToken_GetModel,
-  ckcapi_mdToken_GetSerialNumber,
-  NULL, /* GetHasRNG -- default is false */
-  ckcapi_mdToken_GetIsWriteProtected,
-  NULL, /* GetLoginRequired -- default is false */
-  ckcapi_mdToken_GetUserPinInitialized,
-  NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
-  NULL, /* GetHasClockOnToken -- default is false */
-  NULL, /* GetHasProtectedAuthenticationPath -- default is false */
-  NULL, /* GetSupportsDualCryptoOperations -- default is false */
-  NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetMaxPinLen -- irrelevant */
-  NULL, /* GetMinPinLen -- irrelevant */
-  NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
-  ckcapi_mdToken_GetHardwareVersion,
-  ckcapi_mdToken_GetFirmwareVersion,
-  NULL, /* GetUTCTime -- no clock */
-  ckcapi_mdToken_OpenSession,
-  ckcapi_mdToken_GetMechanismCount,
-  ckcapi_mdToken_GetMechanismTypes,
-  ckcapi_mdToken_GetMechanism,
-  (void *)NULL /* null terminator */
-};
+    nss_ckcapi_mdToken = {
+        (void *)NULL, /* etc */
+        NULL,         /* Setup */
+        NULL,         /* Invalidate */
+        NULL,         /* InitToken -- default errs */
+        ckcapi_mdToken_GetLabel,
+        ckcapi_mdToken_GetManufacturerID,
+        ckcapi_mdToken_GetModel,
+        ckcapi_mdToken_GetSerialNumber,
+        NULL, /* GetHasRNG -- default is false */
+        ckcapi_mdToken_GetIsWriteProtected,
+        NULL, /* GetLoginRequired -- default is false */
+        ckcapi_mdToken_GetUserPinInitialized,
+        NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+        NULL, /* GetHasClockOnToken -- default is false */
+        NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+        NULL, /* GetSupportsDualCryptoOperations -- default is false */
+        NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxPinLen -- irrelevant */
+        NULL, /* GetMinPinLen -- irrelevant */
+        NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        ckcapi_mdToken_GetHardwareVersion,
+        ckcapi_mdToken_GetFirmwareVersion,
+        NULL, /* GetUTCTime -- no clock */
+        ckcapi_mdToken_OpenSession,
+        ckcapi_mdToken_GetMechanismCount,
+        ckcapi_mdToken_GetMechanismTypes,
+        ckcapi_mdToken_GetMechanism,
+        (void *)NULL /* null terminator */
+    };
--- a/lib/ckfw/capi/nsscapi.h
+++ b/lib/ckfw/capi/nsscapi.h
@@ -13,29 +13,29 @@
  * module you are using, use the appropriate PKCS #11 calls.
  *
  * These version numbers detail changes to the PKCS #11 interface. They map
  * to the PKCS #11 spec versions.
  */
 #define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2
 #define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20
 
-/* These version numbers detail the changes 
+/* These version numbers detail the changes
  * to the list of trusted certificates.
  *
  * NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_CKCAPI_LIBRARY_VERSION_MAJOR 1
 #define NSS_CKCAPI_LIBRARY_VERSION_MINOR 1
 #define NSS_CKCAPI_LIBRARY_VERSION "1.1"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1
 #define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0
 
-/* These version numbers detail the semantic changes to ckbi itself 
+/* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1
 #define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0
 
 #endif /* NSSCKBI_H */
--- a/lib/ckfw/capi/staticobj.c
+++ b/lib/ckfw/capi/staticobj.c
@@ -12,28 +12,29 @@ static const CK_TRUST ckt_netscape_trust
 static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
 static const CK_BBOOL ck_true = CK_TRUE;
 static const CK_OBJECT_CLASS cko_data = CKO_DATA;
 static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
 static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
 
 /* example of a static object */
-static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL
+static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
 };
 
-static const NSSItem nss_ckcapi_items_1 [] = {
-  { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Mozilla CAPI Access", (PRUint32)20 }
+static const NSSItem nss_ckcapi_items_1[] = {
+    { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+    { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)"Mozilla CAPI Access", (PRUint32)20 }
 };
 
 ckcapiInternalObject nss_ckcapi_data[] = {
-  { ckcapiRaw,
-    { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} ,
-  },
+    {
+        ckcapiRaw,
+        { 5, nss_ckcapi_types_1, nss_ckcapi_items_1 },
+    },
 
 };
 
 const PRUint32 nss_ckcapi_nObjects = 1;
--- a/lib/ckfw/ckfw.h
+++ b/lib/ckfw/ckfw.h
@@ -35,17 +35,17 @@
  *  nssCKFWInstance_Destroy
  *
  *  -- implement public accessors --
  *  nssCKFWInstance_GetMDInstance
  *  nssCKFWInstance_GetArena
  *  nssCKFWInstance_MayCreatePthreads
  *  nssCKFWInstance_CreateMutex
  *  nssCKFWInstance_GetConfigurationData
- *  nssCKFWInstance_GetInitArgs 
+ *  nssCKFWInstance_GetInitArgs
  *
  *  -- private accessors --
  *  nssCKFWInstance_CreateSessionHandle
  *  nssCKFWInstance_ResolveSessionHandle
  *  nssCKFWInstance_DestroySessionHandle
  *  nssCKFWInstance_FindSessionHandle
  *  nssCKFWInstance_CreateObjectHandle
  *  nssCKFWInstance_ResolveObjectHandle
@@ -67,305 +67,250 @@
  *  nssCKFWInstance_verifyPointer
  */
 
 /*
  * nssCKFWInstance_Create
  *
  */
 NSS_EXTERN NSSCKFWInstance *
-nssCKFWInstance_Create
-(
-  CK_C_INITIALIZE_ARGS_PTR pInitArgs,
-  CryptokiLockingState LockingState,
-  NSSCKMDInstance *mdInstance,
-  CK_RV *pError
-);
+nssCKFWInstance_Create(
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+    CryptokiLockingState LockingState,
+    NSSCKMDInstance *mdInstance,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_Destroy
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWInstance_Destroy
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_Destroy(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetMDInstance
  *
  */
 NSS_EXTERN NSSCKMDInstance *
-nssCKFWInstance_GetMDInstance
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetMDInstance(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetArena
  *
  */
 NSS_EXTERN NSSArena *
-nssCKFWInstance_GetArena
-(
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-);
+nssCKFWInstance_GetArena(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_MayCreatePthreads
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWInstance_MayCreatePthreads
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_MayCreatePthreads(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_CreateMutex
  *
  */
 NSS_EXTERN NSSCKFWMutex *
-nssCKFWInstance_CreateMutex
-(
-  NSSCKFWInstance *fwInstance,
-  NSSArena *arena,
-  CK_RV *pError
-);
+nssCKFWInstance_CreateMutex(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_GetConfigurationData
  *
  */
 NSS_EXTERN NSSUTF8 *
-nssCKFWInstance_GetConfigurationData
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetConfigurationData(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetInitArgs
  *
  */
 NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
-nssCKFWInstance_GetInitArgs
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetInitArgs(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_CreateSessionHandle
  *
  */
 NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_CreateSessionHandle
-(
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWSession *fwSession,
-  CK_RV *pError
-);
+nssCKFWInstance_CreateSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_ResolveSessionHandle
  *
  */
 NSS_EXTERN NSSCKFWSession *
-nssCKFWInstance_ResolveSessionHandle
-(
-  NSSCKFWInstance *fwInstance,
-  CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_ResolveSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
 
 /*
  * nssCKFWInstance_DestroySessionHandle
  *
  */
 NSS_EXTERN void
-nssCKFWInstance_DestroySessionHandle
-(
-  NSSCKFWInstance *fwInstance,
-  CK_SESSION_HANDLE hSession
-);
+nssCKFWInstance_DestroySessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
 
 /*
  * nssCKFWInstance_FindSessionHandle
  *
  */
 NSS_EXTERN CK_SESSION_HANDLE
-nssCKFWInstance_FindSessionHandle
-(
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWSession *fwSession
-);
+nssCKFWInstance_FindSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession);
 
 /*
  * nssCKFWInstance_CreateObjectHandle
  *
  */
 NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_CreateObjectHandle
-(
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWObject *fwObject,
-  CK_RV *pError
-);
+nssCKFWInstance_CreateObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_ResolveObjectHandle
  *
  */
 NSS_EXTERN NSSCKFWObject *
-nssCKFWInstance_ResolveObjectHandle
-(
-  NSSCKFWInstance *fwInstance,
-  CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_ResolveObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject);
 
 /*
  * nssCKFWInstance_ReassignObjectHandle
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWInstance_ReassignObjectHandle
-(
-  NSSCKFWInstance *fwInstance,
-  CK_OBJECT_HANDLE hObject,
-  NSSCKFWObject *fwObject
-);
+nssCKFWInstance_ReassignObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject,
+    NSSCKFWObject *fwObject);
 
 /*
  * nssCKFWInstance_DestroyObjectHandle
  *
  */
 NSS_EXTERN void
-nssCKFWInstance_DestroyObjectHandle
-(
-  NSSCKFWInstance *fwInstance,
-  CK_OBJECT_HANDLE hObject
-);
+nssCKFWInstance_DestroyObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject);
 
 /*
  * nssCKFWInstance_FindObjectHandle
  *
  */
 NSS_EXTERN CK_OBJECT_HANDLE
-nssCKFWInstance_FindObjectHandle
-(
-  NSSCKFWInstance *fwInstance,
-  NSSCKFWObject *fwObject
-);
+nssCKFWInstance_FindObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject);
 
 /*
  * nssCKFWInstance_GetNSlots
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetNSlots
-(
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-);
+nssCKFWInstance_GetNSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_GetCryptokiVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetCryptokiVersion
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetCryptokiVersion(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetManufacturerID
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWInstance_GetManufacturerID
-(
-  NSSCKFWInstance *fwInstance,
-  CK_CHAR manufacturerID[32]
-);
+nssCKFWInstance_GetManufacturerID(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR manufacturerID[32]);
 
 /*
  * nssCKFWInstance_GetFlags
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWInstance_GetFlags
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetFlags(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetLibraryDescription
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWInstance_GetLibraryDescription
-(
-  NSSCKFWInstance *fwInstance,
-  CK_CHAR libraryDescription[32]
-);
+nssCKFWInstance_GetLibraryDescription(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR libraryDescription[32]);
 
 /*
  * nssCKFWInstance_GetLibraryVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWInstance_GetLibraryVersion
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetLibraryVersion(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetModuleHandlesSessionObjects
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWInstance_GetModuleHandlesSessionObjects
-(
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWInstance_GetSlots
  *
  */
 NSS_EXTERN NSSCKFWSlot **
-nssCKFWInstance_GetSlots
-(
-  NSSCKFWInstance *fwInstance,
-  CK_RV *pError
-);
+nssCKFWInstance_GetSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_WaitForSlotEvent
  *
  */
 NSS_EXTERN NSSCKFWSlot *
-nssCKFWInstance_WaitForSlotEvent
-(
-  NSSCKFWInstance *fwInstance,
-  CK_BBOOL block,
-  CK_RV *pError
-);
+nssCKFWInstance_WaitForSlotEvent(
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL block,
+    CK_RV *pError);
 
 /*
  * nssCKFWInstance_verifyPointer
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWInstance_verifyPointer
-(
-  const NSSCKFWInstance *fwInstance
-);
-
+nssCKFWInstance_verifyPointer(
+    const NSSCKFWInstance *fwInstance);
 
 /*
  * NSSCKFWSlot
  *
  *  -- create/destroy --
  *  nssCKFWSlot_Create
  *  nssCKFWSlot_Destroy
  *
@@ -388,168 +333,138 @@ nssCKFWInstance_verifyPointer
  *  nssCKFWSlot_GetToken
  */
 
 /*
  * nssCKFWSlot_Create
  *
  */
 NSS_EXTERN NSSCKFWSlot *
-nssCKFWSlot_Create
-(
-  NSSCKFWInstance *fwInstance,
-  NSSCKMDSlot *mdSlot,
-  CK_SLOT_ID slotID,
-  CK_RV *pError
-);
+nssCKFWSlot_Create(
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *mdSlot,
+    CK_SLOT_ID slotID,
+    CK_RV *pError);
 
 /*
  * nssCKFWSlot_Destroy
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWSlot_Destroy
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_Destroy(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetMDSlot
  *
  */
 NSS_EXTERN NSSCKMDSlot *
-nssCKFWSlot_GetMDSlot
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDSlot(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetFWInstance
  *
  */
 
 NSS_EXTERN NSSCKFWInstance *
-nssCKFWSlot_GetFWInstance
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFWInstance(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetMDInstance
  *
  */
 
 NSS_EXTERN NSSCKMDInstance *
-nssCKFWSlot_GetMDInstance
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetMDInstance(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetSlotID
  *
  */
 NSS_EXTERN CK_SLOT_ID
-nssCKFWSlot_GetSlotID
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetSlotID(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetSlotDescription
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWSlot_GetSlotDescription
-(
-  NSSCKFWSlot *fwSlot,
-  CK_CHAR slotDescription[64]
-);
+nssCKFWSlot_GetSlotDescription(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR slotDescription[64]);
 
 /*
  * nssCKFWSlot_GetManufacturerID
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWSlot_GetManufacturerID
-(
-  NSSCKFWSlot *fwSlot,
-  CK_CHAR manufacturerID[32]
-);
+nssCKFWSlot_GetManufacturerID(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR manufacturerID[32]);
 
 /*
  * nssCKFWSlot_GetTokenPresent
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetTokenPresent
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetTokenPresent(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetRemovableDevice
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetRemovableDevice
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetRemovableDevice(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetHardwareSlot
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWSlot_GetHardwareSlot
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareSlot(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetHardwareVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetHardwareVersion
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetHardwareVersion(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetFirmwareVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWSlot_GetFirmwareVersion
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_GetFirmwareVersion(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * nssCKFWSlot_GetToken
- * 
+ *
  */
 NSS_EXTERN NSSCKFWToken *
-nssCKFWSlot_GetToken
-(
-  NSSCKFWSlot *fwSlot,
-  CK_RV *pError
-);
+nssCKFWSlot_GetToken(
+    NSSCKFWSlot *fwSlot,
+    CK_RV *pError);
 
 /*
  * nssCKFWSlot_ClearToken
  *
  */
 NSS_EXTERN void
-nssCKFWSlot_ClearToken
-(
-  NSSCKFWSlot *fwSlot
-);
+nssCKFWSlot_ClearToken(
+    NSSCKFWSlot *fwSlot);
 
 /*
  * NSSCKFWToken
  *
  *  -- create/destroy --
  *  nssCKFWToken_Create
  *  nssCKFWToken_Destroy
  *
@@ -601,469 +516,381 @@ nssCKFWSlot_ClearToken
  *  nssCKFWToken_GetMechanism
  */
 
 /*
  * nssCKFWToken_Create
  *
  */
 NSS_EXTERN NSSCKFWToken *
-nssCKFWToken_Create
-(
-  NSSCKFWSlot *fwSlot,
-  NSSCKMDToken *mdToken,
-  CK_RV *pError
-);
+nssCKFWToken_Create(
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDToken *mdToken,
+    CK_RV *pError);
 
 /*
  * nssCKFWToken_Destroy
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_Destroy
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_Destroy(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMDToken
  *
  */
 NSS_EXTERN NSSCKMDToken *
-nssCKFWToken_GetMDToken
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDToken(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetArena
  *
  */
 NSS_EXTERN NSSArena *
-nssCKFWToken_GetArena
-(
-  NSSCKFWToken *fwToken,
-  CK_RV *pError
-);
+nssCKFWToken_GetArena(
+    NSSCKFWToken *fwToken,
+    CK_RV *pError);
 
 /*
  * nssCKFWToken_GetFWSlot
  *
  */
 NSS_EXTERN NSSCKFWSlot *
-nssCKFWToken_GetFWSlot
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFWSlot(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMDSlot
  *
  */
 NSS_EXTERN NSSCKMDSlot *
-nssCKFWToken_GetMDSlot
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDSlot(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetSessionState
  *
  */
 NSS_EXTERN CK_STATE
-nssCKFWToken_GetSessionState
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionState(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_InitToken
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_InitToken
-(
-  NSSCKFWToken *fwToken,
-  NSSItem *pin,
-  NSSUTF8 *label
-);
+nssCKFWToken_InitToken(
+    NSSCKFWToken *fwToken,
+    NSSItem *pin,
+    NSSUTF8 *label);
 
 /*
  * nssCKFWToken_GetLabel
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetLabel
-(
-  NSSCKFWToken *fwToken,
-  CK_CHAR label[32]
-);
+nssCKFWToken_GetLabel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR label[32]);
 
 /*
  * nssCKFWToken_GetManufacturerID
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetManufacturerID
-(
-  NSSCKFWToken *fwToken,
-  CK_CHAR manufacturerID[32]
-);
+nssCKFWToken_GetManufacturerID(
+    NSSCKFWToken *fwToken,
+    CK_CHAR manufacturerID[32]);
 
 /*
  * nssCKFWToken_GetModel
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetModel
-(
-  NSSCKFWToken *fwToken,
-  CK_CHAR model[16]
-);
+nssCKFWToken_GetModel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR model[16]);
 
 /*
  * nssCKFWToken_GetSerialNumber
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetSerialNumber
-(
-  NSSCKFWToken *fwToken,
-  CK_CHAR serialNumber[16]
-);
+nssCKFWToken_GetSerialNumber(
+    NSSCKFWToken *fwToken,
+    CK_CHAR serialNumber[16]);
 
 /*
  * nssCKFWToken_GetHasRNG
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasRNG
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasRNG(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetIsWriteProtected
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetIsWriteProtected
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetIsWriteProtected(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetLoginRequired
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetLoginRequired
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetLoginRequired(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetUserPinInitialized
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetUserPinInitialized
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetUserPinInitialized(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetRestoreKeyNotNeeded
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetRestoreKeyNotNeeded
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRestoreKeyNotNeeded(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetHasClockOnToken
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasClockOnToken
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasClockOnToken(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetHasProtectedAuthenticationPath
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetHasProtectedAuthenticationPath
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetSupportsDualCryptoOperations
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWToken_GetSupportsDualCryptoOperations
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSupportsDualCryptoOperations(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMaxSessionCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxSessionCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxSessionCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMaxRwSessionCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxRwSessionCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxRwSessionCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMaxPinLen
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMaxPinLen
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMaxPinLen(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMinPinLen
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMinPinLen
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMinPinLen(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetTotalPublicMemory
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPublicMemory
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPublicMemory(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetFreePublicMemory
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePublicMemory
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePublicMemory(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetTotalPrivateMemory
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetTotalPrivateMemory
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetTotalPrivateMemory(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetFreePrivateMemory
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetFreePrivateMemory
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFreePrivateMemory(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetHardwareVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWToken_GetHardwareVersion
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetHardwareVersion(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetFirmwareVersion
  *
  */
 NSS_EXTERN CK_VERSION
-nssCKFWToken_GetFirmwareVersion
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetFirmwareVersion(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetUTCTime
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetUTCTime
-(
-  NSSCKFWToken *fwToken,
-  CK_CHAR utcTime[16]
-);
+nssCKFWToken_GetUTCTime(
+    NSSCKFWToken *fwToken,
+    CK_CHAR utcTime[16]);
 
 /*
  * nssCKFWToken_OpenSession
  *
  */
 NSS_EXTERN NSSCKFWSession *
-nssCKFWToken_OpenSession
-(
-  NSSCKFWToken *fwToken,
-  CK_BBOOL rw,
-  CK_VOID_PTR pApplication,
-  CK_NOTIFY Notify,
-  CK_RV *pError
-);
+nssCKFWToken_OpenSession(
+    NSSCKFWToken *fwToken,
+    CK_BBOOL rw,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_RV *pError);
 
 /*
  * nssCKFWToken_GetMechanismCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetMechanismCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMechanismCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMechanismTypes
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_GetMechanismTypes
-(
-  NSSCKFWToken *fwToken,
-  CK_MECHANISM_TYPE types[]
-);
+nssCKFWToken_GetMechanismTypes(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE types[]);
 
 /*
  * nssCKFWToken_GetMechanism
  *
  */
 NSS_EXTERN NSSCKFWMechanism *
-nssCKFWToken_GetMechanism
-(
-  NSSCKFWToken *fwToken,
-  CK_MECHANISM_TYPE which,
-  CK_RV *pError
-);
+nssCKFWToken_GetMechanism(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError);
 
 /*
  * nssCKFWToken_SetSessionState
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_SetSessionState
-(
-  NSSCKFWToken *fwToken,
-  CK_STATE newState
-);
+nssCKFWToken_SetSessionState(
+    NSSCKFWToken *fwToken,
+    CK_STATE newState);
 
 /*
  * nssCKFWToken_RemoveSession
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_RemoveSession
-(
-  NSSCKFWToken *fwToken,
-  NSSCKFWSession *fwSession
-);
+nssCKFWToken_RemoveSession(
+    NSSCKFWToken *fwToken,
+    NSSCKFWSession *fwSession);
 
 /*
  * nssCKFWToken_CloseAllSessions
  *
  */
 NSS_EXTERN CK_RV
-nssCKFWToken_CloseAllSessions
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_CloseAllSessions(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetSessionCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetSessionCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetRwSessionCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRwSessionCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRwSessionCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetRoSessionCount
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWToken_GetRoSessionCount
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetRoSessionCount(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetSessionObjectHash
  *
  */
 NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetSessionObjectHash
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetSessionObjectHash(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetMDObjectHash
  *
  */
 NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetMDObjectHash
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetMDObjectHash(
+    NSSCKFWToken *fwToken);
 
 /*
  * nssCKFWToken_GetObjectHandleHash
  *
  */
 NSS_EXTERN nssCKFWHash *
-nssCKFWToken_GetObjectHandleHash
-(
-  NSSCKFWToken *fwToken
-);
+nssCKFWToken_GetObjectHandleHash(
+    NSSCKFWToken *fwToken);
 
 /*
  * NSSCKFWMechanism
  *
  *  -- create/destroy --
  *  nssCKFWMechanism_Create
  *  nssCKFWMechanism_Destroy
  *
@@ -1102,387 +929,325 @@ nssCKFWToken_GetObjectHandleHash
  *  nssCKFWMechanism_DeriveKey
  */
 
 /*
  * nssCKFWMechanism_Create
  *
  */
 NSS_EXTERN NSSCKFWMechanism *
-nssCKFWMechanism_Create
-(
-  NSSCKMDMechanism *mdMechanism,
-  NSSCKMDToken *mdToken,
-  NSSCKFWToken *fwToken,
-  NSSCKMDInstance *mdInstance,
-  NSSCKFWInstance *fwInstance
-);
+nssCKFWMechanism_Create(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
 
 /*
  * nssCKFWMechanism_Destroy
  *
  */
 NSS_EXTERN void
-nssCKFWMechanism_Destroy
-(
-  NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_Destroy(
+    NSSCKFWMechanism *fwMechanism);
 
 /*
  * nssCKFWMechanism_GetMDMechanism
  *
  */
 
 NSS_EXTERN NSSCKMDMechanism *
-nssCKFWMechanism_GetMDMechanism
-(
-  NSSCKFWMechanism *fwMechanism
-);
+nssCKFWMechanism_GetMDMechanism(
+    NSSCKFWMechanism *fwMechanism);
 
 /*
  * nssCKFWMechanism_GetMinKeySize
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMinKeySize
-(
-  NSSCKFWMechanism *fwMechanism,
-  CK_RV *pError
-);
+nssCKFWMechanism_GetMinKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
 
 /*
  * nssCKFWMechanism_GetMaxKeySize
  *
  */
 NSS_EXTERN CK_ULONG
-nssCKFWMechanism_GetMaxKeySize
-(
-  NSSCKFWMechanism *fwMechanism,
-  CK_RV *pError
-);
+nssCKFWMechanism_GetMaxKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
 
 /*
  * nssCKFWMechanism_GetInHardware
  *
  */
 NSS_EXTERN CK_BBOOL
-nssCKFWMechanism_GetInHardware
-(
-  NSSCKFWMechanism *fwMechanism,
-  CK_RV *pError
-);