Bug 1248470, NSS clang-format: lib/ssl, EXCEPT ssl3con.c, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 18 Feb 2016 17:01:59 +0100
changeset 11903 c2bd9431da866e25510f93210ef3155e175731c0
parent 11902 43e2d2e1cb741aca5c026de3ed72649e00c9fc2e
child 11904 bda3307226f2a663cf21ba0fd92849dabd4ac6f1
push id999
push userkaie@kuix.de
push dateThu, 18 Feb 2016 16:02:13 +0000
reviewerskaie
bugs1248470
Bug 1248470, NSS clang-format: lib/ssl, EXCEPT ssl3con.c, r=kaie
lib/ssl/SSLerrs.h
lib/ssl/authcert.c
lib/ssl/cmpcert.c
lib/ssl/derive.c
lib/ssl/dtlscon.c
lib/ssl/notes.txt
lib/ssl/os2_err.c
lib/ssl/os2_err.h
lib/ssl/preenc.h
lib/ssl/prelib.c
lib/ssl/ssl.h
lib/ssl/ssl3ecc.c
lib/ssl/ssl3ext.c
lib/ssl/ssl3gthr.c
lib/ssl/ssl3prot.h
lib/ssl/sslauth.c
lib/ssl/sslcon.c
lib/ssl/ssldef.c
lib/ssl/sslenum.c
lib/ssl/sslerr.c
lib/ssl/sslerr.h
lib/ssl/sslerrstrs.c
lib/ssl/sslgathr.c
lib/ssl/sslimpl.h
lib/ssl/sslinfo.c
lib/ssl/sslinit.c
lib/ssl/sslmutex.c
lib/ssl/sslmutex.h
lib/ssl/sslnonce.c
lib/ssl/sslproto.h
lib/ssl/sslreveal.c
lib/ssl/sslsecur.c
lib/ssl/sslsnce.c
lib/ssl/sslsock.c
lib/ssl/sslt.h
lib/ssl/ssltrace.c
lib/ssl/tls13con.c
lib/ssl/tls13con.h
lib/ssl/tls13hkdf.c
lib/ssl/tls13hkdf.h
lib/ssl/unix_err.c
lib/ssl/unix_err.h
lib/ssl/win32err.c
lib/ssl/win32err.h
--- a/lib/ssl/SSLerrs.h
+++ b/lib/ssl/SSLerrs.h
@@ -1,466 +1,464 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* SSL-specific security error codes  */
 /* caller must include "sslerr.h" */
 
-ER3(SSL_ERROR_EXPORT_ONLY_SERVER,			SSL_ERROR_BASE + 0,
-"Unable to communicate securely.  Peer does not support high-grade encryption.")
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
+    "Unable to communicate securely.  Peer does not support high-grade encryption.")
 
-ER3(SSL_ERROR_US_ONLY_SERVER,				SSL_ERROR_BASE + 1,
-"Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
+    "Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
 
-ER3(SSL_ERROR_NO_CYPHER_OVERLAP,			SSL_ERROR_BASE + 2,
-"Cannot communicate securely with peer: no common encryption algorithm(s).")
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
+    "Cannot communicate securely with peer: no common encryption algorithm(s).")
 
-ER3(SSL_ERROR_NO_CERTIFICATE,				SSL_ERROR_BASE + 3,
-"Unable to find the certificate or key necessary for authentication.")
+ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
+    "Unable to find the certificate or key necessary for authentication.")
 
-ER3(SSL_ERROR_BAD_CERTIFICATE,				SSL_ERROR_BASE + 4,
-"Unable to communicate securely with peer: peers's certificate was rejected.")
+ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
+    "Unable to communicate securely with peer: peers's certificate was rejected.")
 
-ER3(SSL_ERROR_UNUSED_5,					SSL_ERROR_BASE + 5,
-"Unrecognized SSL error code.")
+ER3(SSL_ERROR_UNUSED_5, SSL_ERROR_BASE + 5,
+    "Unrecognized SSL error code.")
 
-ER3(SSL_ERROR_BAD_CLIENT,				SSL_ERROR_BASE + 6,
-"The server has encountered bad data from the client.")
+ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
+    "The server has encountered bad data from the client.")
 
-ER3(SSL_ERROR_BAD_SERVER,				SSL_ERROR_BASE + 7,
-"The client has encountered bad data from the server.")
+ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
+    "The client has encountered bad data from the server.")
 
-ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,		SSL_ERROR_BASE + 8,
-"Unsupported certificate type.")
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
+    "Unsupported certificate type.")
 
-ER3(SSL_ERROR_UNSUPPORTED_VERSION,			SSL_ERROR_BASE + 9,
-"Peer using unsupported version of security protocol.")
+ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
+    "Peer using unsupported version of security protocol.")
 
-ER3(SSL_ERROR_UNUSED_10,				SSL_ERROR_BASE + 10,
-"Unrecognized SSL error code.")
+ER3(SSL_ERROR_UNUSED_10, SSL_ERROR_BASE + 10,
+    "Unrecognized SSL error code.")
 
-ER3(SSL_ERROR_WRONG_CERTIFICATE,			SSL_ERROR_BASE + 11,
-"Client authentication failed: private key in key database does not match public key in certificate database.")
+ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
+    "Client authentication failed: private key in key database does not match public key in certificate database.")
 
-ER3(SSL_ERROR_BAD_CERT_DOMAIN,				SSL_ERROR_BASE + 12,
-"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
+    "Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
 
-ER3(SSL_ERROR_POST_WARNING,				SSL_ERROR_BASE + 13,
-"Unrecognized SSL error code.")
+ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13,
+    "Unrecognized SSL error code.")
 
-ER3(SSL_ERROR_SSL2_DISABLED,				(SSL_ERROR_BASE + 14),
-"Peer only supports SSL version 2, which is locally disabled.")
+ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
+    "Peer only supports SSL version 2, which is locally disabled.")
 
+ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
+    "SSL received a record with an incorrect Message Authentication Code.")
 
-ER3(SSL_ERROR_BAD_MAC_READ,				(SSL_ERROR_BASE + 15),
-"SSL received a record with an incorrect Message Authentication Code.")
+ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
+    "SSL peer reports incorrect Message Authentication Code.")
 
-ER3(SSL_ERROR_BAD_MAC_ALERT,				(SSL_ERROR_BASE + 16),
-"SSL peer reports incorrect Message Authentication Code.")
+ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
+    "SSL peer cannot verify your certificate.")
 
-ER3(SSL_ERROR_BAD_CERT_ALERT,				(SSL_ERROR_BASE + 17),
-"SSL peer cannot verify your certificate.")
+ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
+    "SSL peer rejected your certificate as revoked.")
 
-ER3(SSL_ERROR_REVOKED_CERT_ALERT,			(SSL_ERROR_BASE + 18),
-"SSL peer rejected your certificate as revoked.")
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
+    "SSL peer rejected your certificate as expired.")
 
-ER3(SSL_ERROR_EXPIRED_CERT_ALERT,			(SSL_ERROR_BASE + 19),
-"SSL peer rejected your certificate as expired.")
-
-ER3(SSL_ERROR_SSL_DISABLED,				(SSL_ERROR_BASE + 20),
-"Cannot connect: SSL is disabled.")
+ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
+    "Cannot connect: SSL is disabled.")
 
-ER3(SSL_ERROR_FORTEZZA_PQG,				(SSL_ERROR_BASE + 21),
-"Cannot connect: SSL peer is in another FORTEZZA domain.")
+ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
+    "Cannot connect: SSL peer is in another FORTEZZA domain.")
 
-ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE          , (SSL_ERROR_BASE + 22),
-"An unknown SSL cipher suite has been requested.")
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE, (SSL_ERROR_BASE + 22),
+    "An unknown SSL cipher suite has been requested.")
 
-ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED          , (SSL_ERROR_BASE + 23),
-"No cipher suites are present and enabled in this program.")
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED, (SSL_ERROR_BASE + 23),
+    "No cipher suites are present and enabled in this program.")
 
-ER3(SSL_ERROR_BAD_BLOCK_PADDING             , (SSL_ERROR_BASE + 24),
-"SSL received a record with bad block padding.")
+ER3(SSL_ERROR_BAD_BLOCK_PADDING, (SSL_ERROR_BASE + 24),
+    "SSL received a record with bad block padding.")
 
-ER3(SSL_ERROR_RX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 25),
-"SSL received a record that exceeded the maximum permissible length.")
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 25),
+    "SSL received a record that exceeded the maximum permissible length.")
 
-ER3(SSL_ERROR_TX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 26),
-"SSL attempted to send a record that exceeded the maximum permissible length.")
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 26),
+    "SSL attempted to send a record that exceeded the maximum permissible length.")
 
 /*
  * Received a malformed (too long or short or invalid content) SSL handshake.
  */
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    , (SSL_ERROR_BASE + 27),
-"SSL received a malformed Hello Request handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, (SSL_ERROR_BASE + 27),
+    "SSL received a malformed Hello Request handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     , (SSL_ERROR_BASE + 28),
-"SSL received a malformed Client Hello handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, (SSL_ERROR_BASE + 28),
+    "SSL received a malformed Client Hello handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO     , (SSL_ERROR_BASE + 29),
-"SSL received a malformed Server Hello handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, (SSL_ERROR_BASE + 29),
+    "SSL received a malformed Server Hello handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE      , (SSL_ERROR_BASE + 30),
-"SSL received a malformed Certificate handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE, (SSL_ERROR_BASE + 30),
+    "SSL received a malformed Certificate handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  , (SSL_ERROR_BASE + 31),
-"SSL received a malformed Server Key Exchange handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 31),
+    "SSL received a malformed Server Key Exchange handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST     , (SSL_ERROR_BASE + 32),
-"SSL received a malformed Certificate Request handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST, (SSL_ERROR_BASE + 32),
+    "SSL received a malformed Certificate Request handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE       , (SSL_ERROR_BASE + 33),
-"SSL received a malformed Server Hello Done handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE, (SSL_ERROR_BASE + 33),
+    "SSL received a malformed Server Hello Done handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY      , (SSL_ERROR_BASE + 34),
-"SSL received a malformed Certificate Verify handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, (SSL_ERROR_BASE + 34),
+    "SSL received a malformed Certificate Verify handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  , (SSL_ERROR_BASE + 35),
-"SSL received a malformed Client Key Exchange handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 35),
+    "SSL received a malformed Client Key Exchange handshake message.")
 
-ER3(SSL_ERROR_RX_MALFORMED_FINISHED         , (SSL_ERROR_BASE + 36),
-"SSL received a malformed Finished handshake message.")
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED, (SSL_ERROR_BASE + 36),
+    "SSL received a malformed Finished handshake message.")
 
 /*
  * Received a malformed (too long or short) SSL record.
  */
-ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    , (SSL_ERROR_BASE + 37),
-"SSL received a malformed Change Cipher Spec record.")
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER, (SSL_ERROR_BASE + 37),
+    "SSL received a malformed Change Cipher Spec record.")
 
-ER3(SSL_ERROR_RX_MALFORMED_ALERT            , (SSL_ERROR_BASE + 38),
-"SSL received a malformed Alert record.")
+ER3(SSL_ERROR_RX_MALFORMED_ALERT, (SSL_ERROR_BASE + 38),
+    "SSL received a malformed Alert record.")
 
-ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE        , (SSL_ERROR_BASE + 39),
-"SSL received a malformed Handshake record.")
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE, (SSL_ERROR_BASE + 39),
+    "SSL received a malformed Handshake record.")
 
-ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
-"SSL received a malformed Application Data record.")
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA, (SSL_ERROR_BASE + 40),
+    "SSL received a malformed Application Data record.")
 
 /*
  * Received an SSL handshake that was inappropriate for the state we're in.
  * E.g. Server received message from server, or wrong state in state machine.
  */
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   , (SSL_ERROR_BASE + 41),
-"SSL received an unexpected Hello Request handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST, (SSL_ERROR_BASE + 41),
+    "SSL received an unexpected Hello Request handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    , (SSL_ERROR_BASE + 42),
-"SSL received an unexpected Client Hello handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO, (SSL_ERROR_BASE + 42),
+    "SSL received an unexpected Client Hello handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    , (SSL_ERROR_BASE + 43),
-"SSL received an unexpected Server Hello handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO, (SSL_ERROR_BASE + 43),
+    "SSL received an unexpected Server Hello handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     , (SSL_ERROR_BASE + 44),
-"SSL received an unexpected Certificate handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, (SSL_ERROR_BASE + 44),
+    "SSL received an unexpected Certificate handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
-"SSL received an unexpected Server Key Exchange handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 45),
+    "SSL received an unexpected Server Key Exchange handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    , (SSL_ERROR_BASE + 46),
-"SSL received an unexpected Certificate Request handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST, (SSL_ERROR_BASE + 46),
+    "SSL received an unexpected Certificate Request handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      , (SSL_ERROR_BASE + 47),
-"SSL received an unexpected Server Hello Done handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE, (SSL_ERROR_BASE + 47),
+    "SSL received an unexpected Server Hello Done handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     , (SSL_ERROR_BASE + 48),
-"SSL received an unexpected Certificate Verify handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, (SSL_ERROR_BASE + 48),
+    "SSL received an unexpected Certificate Verify handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
-"SSL received an unexpected Client Key Exchange handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 49),
+    "SSL received an unexpected Client Key Exchange handshake message.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED        , (SSL_ERROR_BASE + 50),
-"SSL received an unexpected Finished handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED, (SSL_ERROR_BASE + 50),
+    "SSL received an unexpected Finished handshake message.")
 
 /*
  * Received an SSL record that was inappropriate for the state we're in.
  */
-ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   , (SSL_ERROR_BASE + 51),
-"SSL received an unexpected Change Cipher Spec record.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER, (SSL_ERROR_BASE + 51),
+    "SSL received an unexpected Change Cipher Spec record.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_ALERT           , (SSL_ERROR_BASE + 52),
-"SSL received an unexpected Alert record.")
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 52),
+    "SSL received an unexpected Alert record.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       , (SSL_ERROR_BASE + 53),
-"SSL received an unexpected Handshake record.")
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE, (SSL_ERROR_BASE + 53),
+    "SSL received an unexpected Handshake record.")
 
 ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
-"SSL received an unexpected Application Data record.")
+    "SSL received an unexpected Application Data record.")
 
 /*
  * Received record/message with unknown discriminant.
  */
-ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        , (SSL_ERROR_BASE + 55),
-"SSL received a record with an unknown content type.")
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, (SSL_ERROR_BASE + 55),
+    "SSL received a record with an unknown content type.")
 
-ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE          , (SSL_ERROR_BASE + 56),
-"SSL received a handshake message with an unknown message type.")
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE, (SSL_ERROR_BASE + 56),
+    "SSL received a handshake message with an unknown message type.")
 
-ER3(SSL_ERROR_RX_UNKNOWN_ALERT              , (SSL_ERROR_BASE + 57),
-"SSL received an alert record with an unknown alert description.")
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT, (SSL_ERROR_BASE + 57),
+    "SSL received an alert record with an unknown alert description.")
 
 /*
  * Received an alert reporting what we did wrong.  (more alerts above)
  */
-ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT            , (SSL_ERROR_BASE + 58),
-"SSL peer has closed this connection.")
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT, (SSL_ERROR_BASE + 58),
+    "SSL peer has closed this connection.")
 
-ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    , (SSL_ERROR_BASE + 59),
-"SSL peer was not expecting a handshake message it received.")
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 59),
+    "SSL peer was not expecting a handshake message it received.")
 
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   , (SSL_ERROR_BASE + 60),
-"SSL peer was unable to successfully decompress an SSL record it received.")
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT, (SSL_ERROR_BASE + 60),
+    "SSL peer was unable to successfully decompress an SSL record it received.")
 
-ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT       , (SSL_ERROR_BASE + 61),
-"SSL peer was unable to negotiate an acceptable set of security parameters.")
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT, (SSL_ERROR_BASE + 61),
+    "SSL peer was unable to negotiate an acceptable set of security parameters.")
 
-ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT       , (SSL_ERROR_BASE + 62),
-"SSL peer rejected a handshake message for unacceptable content.")
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, (SSL_ERROR_BASE + 62),
+    "SSL peer rejected a handshake message for unacceptable content.")
 
-ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT        , (SSL_ERROR_BASE + 63),
-"SSL peer does not support certificates of the type it received.")
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT, (SSL_ERROR_BASE + 63),
+    "SSL peer does not support certificates of the type it received.")
 
-ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     , (SSL_ERROR_BASE + 64),
-"SSL peer had some unspecified issue with the certificate it received.")
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT, (SSL_ERROR_BASE + 64),
+    "SSL peer had some unspecified issue with the certificate it received.")
 
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE, (SSL_ERROR_BASE + 65),
+    "SSL experienced a failure of its random number generator.")
 
-ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE       , (SSL_ERROR_BASE + 65),
-"SSL experienced a failure of its random number generator.")
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE, (SSL_ERROR_BASE + 66),
+    "Unable to digitally sign data required to verify your certificate.")
 
-ER3(SSL_ERROR_SIGN_HASHES_FAILURE           , (SSL_ERROR_BASE + 66),
-"Unable to digitally sign data required to verify your certificate.")
-
-ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    , (SSL_ERROR_BASE + 67),
-"SSL was unable to extract the public key from the peer's certificate.")
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE, (SSL_ERROR_BASE + 67),
+    "SSL was unable to extract the public key from the peer's certificate.")
 
-ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 68),
-"Unspecified failure while processing SSL Server Key Exchange handshake.")
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 68),
+    "Unspecified failure while processing SSL Server Key Exchange handshake.")
 
-ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 69),
-"Unspecified failure while processing SSL Client Key Exchange handshake.")
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 69),
+    "Unspecified failure while processing SSL Client Key Exchange handshake.")
 
-ER3(SSL_ERROR_ENCRYPTION_FAILURE            , (SSL_ERROR_BASE + 70),
-"Bulk data encryption algorithm failed in selected cipher suite.")
+ER3(SSL_ERROR_ENCRYPTION_FAILURE, (SSL_ERROR_BASE + 70),
+    "Bulk data encryption algorithm failed in selected cipher suite.")
 
-ER3(SSL_ERROR_DECRYPTION_FAILURE            , (SSL_ERROR_BASE + 71),
-"Bulk data decryption algorithm failed in selected cipher suite.")
+ER3(SSL_ERROR_DECRYPTION_FAILURE, (SSL_ERROR_BASE + 71),
+    "Bulk data decryption algorithm failed in selected cipher suite.")
 
-ER3(SSL_ERROR_SOCKET_WRITE_FAILURE          , (SSL_ERROR_BASE + 72),
-"Attempt to write encrypted data to underlying socket failed.")
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE, (SSL_ERROR_BASE + 72),
+    "Attempt to write encrypted data to underlying socket failed.")
 
-ER3(SSL_ERROR_MD5_DIGEST_FAILURE            , (SSL_ERROR_BASE + 73),
-"MD5 digest function failed.")
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE, (SSL_ERROR_BASE + 73),
+    "MD5 digest function failed.")
 
-ER3(SSL_ERROR_SHA_DIGEST_FAILURE            , (SSL_ERROR_BASE + 74),
-"SHA-1 digest function failed.")
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE, (SSL_ERROR_BASE + 74),
+    "SHA-1 digest function failed.")
 
-ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE       , (SSL_ERROR_BASE + 75),
-"MAC computation failed.")
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE, (SSL_ERROR_BASE + 75),
+    "MAC computation failed.")
 
-ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       , (SSL_ERROR_BASE + 76),
-"Failure to create Symmetric Key context.")
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE, (SSL_ERROR_BASE + 76),
+    "Failure to create Symmetric Key context.")
 
-ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        , (SSL_ERROR_BASE + 77),
-"Failure to unwrap the Symmetric key in Client Key Exchange message.")
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE, (SSL_ERROR_BASE + 77),
+    "Failure to unwrap the Symmetric key in Client Key Exchange message.")
 
-ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   , (SSL_ERROR_BASE + 78),
-"SSL Server attempted to use domestic-grade public key with export cipher suite.")
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED, (SSL_ERROR_BASE + 78),
+    "SSL Server attempted to use domestic-grade public key with export cipher suite.")
 
-ER3(SSL_ERROR_IV_PARAM_FAILURE              , (SSL_ERROR_BASE + 79),
-"PKCS11 code failed to translate an IV into a param.")
+ER3(SSL_ERROR_IV_PARAM_FAILURE, (SSL_ERROR_BASE + 79),
+    "PKCS11 code failed to translate an IV into a param.")
 
-ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     , (SSL_ERROR_BASE + 80),
-"Failed to initialize the selected cipher suite.")
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, (SSL_ERROR_BASE + 80),
+    "Failed to initialize the selected cipher suite.")
 
-ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE       , (SSL_ERROR_BASE + 81),
-"Client failed to generate session keys for SSL session.")
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE, (SSL_ERROR_BASE + 81),
+    "Client failed to generate session keys for SSL session.")
 
-ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG         , (SSL_ERROR_BASE + 82),
-"Server has no key for the attempted key exchange algorithm.")
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG, (SSL_ERROR_BASE + 82),
+    "Server has no key for the attempted key exchange algorithm.")
 
-ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL       , (SSL_ERROR_BASE + 83),
-"PKCS#11 token was inserted or removed while operation was in progress.")
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL, (SSL_ERROR_BASE + 83),
+    "PKCS#11 token was inserted or removed while operation was in progress.")
 
-ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND          , (SSL_ERROR_BASE + 84),
-"No PKCS#11 token could be found to do a required operation.")
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND, (SSL_ERROR_BASE + 84),
+    "No PKCS#11 token could be found to do a required operation.")
 
-ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP        , (SSL_ERROR_BASE + 85),
-"Cannot communicate securely with peer: no common compression algorithm(s).")
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP, (SSL_ERROR_BASE + 85),
+    "Cannot communicate securely with peer: no common compression algorithm(s).")
 
-ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED       , (SSL_ERROR_BASE + 86),
-"Cannot perform the operation until the handshake is complete.")
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED, (SSL_ERROR_BASE + 86),
+    "Cannot perform the operation until the handshake is complete.")
 
-ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      , (SSL_ERROR_BASE + 87),
-"Received incorrect handshakes hash values from peer.")
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, (SSL_ERROR_BASE + 87),
+    "Received incorrect handshakes hash values from peer.")
 
-ER3(SSL_ERROR_CERT_KEA_MISMATCH             , (SSL_ERROR_BASE + 88),
-"The certificate provided cannot be used with the selected key exchange algorithm.")
+ER3(SSL_ERROR_CERT_KEA_MISMATCH, (SSL_ERROR_BASE + 88),
+    "The certificate provided cannot be used with the selected key exchange algorithm.")
 
-ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	, (SSL_ERROR_BASE + 89),
-"No certificate authority is trusted for SSL client authentication.")
+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA, (SSL_ERROR_BASE + 89),
+    "No certificate authority is trusted for SSL client authentication.")
 
-ER3(SSL_ERROR_SESSION_NOT_FOUND		, (SSL_ERROR_BASE + 90),
-"Client's SSL session ID not found in server's session cache.")
+ER3(SSL_ERROR_SESSION_NOT_FOUND, (SSL_ERROR_BASE + 90),
+    "Client's SSL session ID not found in server's session cache.")
 
-ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT     , (SSL_ERROR_BASE + 91),
-"Peer was unable to decrypt an SSL record it received.")
+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT, (SSL_ERROR_BASE + 91),
+    "Peer was unable to decrypt an SSL record it received.")
 
-ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT       , (SSL_ERROR_BASE + 92),
-"Peer received an SSL record that was longer than is permitted.")
+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT, (SSL_ERROR_BASE + 92),
+    "Peer received an SSL record that was longer than is permitted.")
 
-ER3(SSL_ERROR_UNKNOWN_CA_ALERT            , (SSL_ERROR_BASE + 93),
-"Peer does not recognize and trust the CA that issued your certificate.")
+ER3(SSL_ERROR_UNKNOWN_CA_ALERT, (SSL_ERROR_BASE + 93),
+    "Peer does not recognize and trust the CA that issued your certificate.")
 
-ER3(SSL_ERROR_ACCESS_DENIED_ALERT         , (SSL_ERROR_BASE + 94),
-"Peer received a valid certificate, but access was denied.")
+ER3(SSL_ERROR_ACCESS_DENIED_ALERT, (SSL_ERROR_BASE + 94),
+    "Peer received a valid certificate, but access was denied.")
 
-ER3(SSL_ERROR_DECODE_ERROR_ALERT          , (SSL_ERROR_BASE + 95),
-"Peer could not decode an SSL handshake message.")
+ER3(SSL_ERROR_DECODE_ERROR_ALERT, (SSL_ERROR_BASE + 95),
+    "Peer could not decode an SSL handshake message.")
 
-ER3(SSL_ERROR_DECRYPT_ERROR_ALERT         , (SSL_ERROR_BASE + 96),
-"Peer reports failure of signature verification or key exchange.")
+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT, (SSL_ERROR_BASE + 96),
+    "Peer reports failure of signature verification or key exchange.")
 
-ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT    , (SSL_ERROR_BASE + 97),
-"Peer reports negotiation not in compliance with export regulations.")
+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT, (SSL_ERROR_BASE + 97),
+    "Peer reports negotiation not in compliance with export regulations.")
 
-ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT      , (SSL_ERROR_BASE + 98),
-"Peer reports incompatible or unsupported protocol version.")
+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT, (SSL_ERROR_BASE + 98),
+    "Peer reports incompatible or unsupported protocol version.")
 
-ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
-"Server requires ciphers more secure than those supported by client.")
+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT, (SSL_ERROR_BASE + 99),
+    "Server requires ciphers more secure than those supported by client.")
 
-ER3(SSL_ERROR_INTERNAL_ERROR_ALERT        , (SSL_ERROR_BASE + 100),
-"Peer reports it experienced an internal error.")
+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT, (SSL_ERROR_BASE + 100),
+    "Peer reports it experienced an internal error.")
 
-ER3(SSL_ERROR_USER_CANCELED_ALERT         , (SSL_ERROR_BASE + 101),
-"Peer user canceled handshake.")
+ER3(SSL_ERROR_USER_CANCELED_ALERT, (SSL_ERROR_BASE + 101),
+    "Peer user canceled handshake.")
 
-ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT      , (SSL_ERROR_BASE + 102),
-"Peer does not permit renegotiation of SSL security parameters.")
+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT, (SSL_ERROR_BASE + 102),
+    "Peer does not permit renegotiation of SSL security parameters.")
 
-ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103),
-"SSL server cache not configured and not disabled for this socket.")
+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED, (SSL_ERROR_BASE + 103),
+    "SSL server cache not configured and not disabled for this socket.")
 
-ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT    , (SSL_ERROR_BASE + 104),
-"SSL peer does not support requested TLS hello extension.")
+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT, (SSL_ERROR_BASE + 104),
+    "SSL peer does not support requested TLS hello extension.")
 
-ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105),
-"SSL peer could not obtain your certificate from the supplied URL.")
+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT, (SSL_ERROR_BASE + 105),
+    "SSL peer could not obtain your certificate from the supplied URL.")
 
-ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT        , (SSL_ERROR_BASE + 106),
-"SSL peer has no certificate for the requested DNS name.")
+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT, (SSL_ERROR_BASE + 106),
+    "SSL peer has no certificate for the requested DNS name.")
 
-ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107),
-"SSL peer was unable to get an OCSP response for its certificate.")
+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT, (SSL_ERROR_BASE + 107),
+    "SSL peer was unable to get an OCSP response for its certificate.")
 
-ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT      , (SSL_ERROR_BASE + 108),
-"SSL peer reported bad certificate hash value.")
+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT, (SSL_ERROR_BASE + 108),
+    "SSL peer reported bad certificate hash value.")
 
 ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109),
-"SSL received an unexpected New Session Ticket handshake message.")
+    "SSL received an unexpected New Session Ticket handshake message.")
 
 ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110),
-"SSL received a malformed New Session Ticket handshake message.")
+    "SSL received a malformed New Session Ticket handshake message.")
 
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE,           (SSL_ERROR_BASE + 111),
-"SSL received a compressed record that could not be decompressed.")
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111),
+    "SSL received a compressed record that could not be decompressed.")
 
-ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED,       (SSL_ERROR_BASE + 112),
-"Renegotiation is not allowed on this SSL socket.")
+ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112),
+    "Renegotiation is not allowed on this SSL socket.")
 
-ER3(SSL_ERROR_UNSAFE_NEGOTIATION,              (SSL_ERROR_BASE + 113),
-"Peer attempted old style (potentially vulnerable) handshake.")
+ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113),
+    "Peer attempted old style (potentially vulnerable) handshake.")
 
 ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114),
-"SSL received an unexpected uncompressed record.")
+    "SSL received an unexpected uncompressed record.")
 
-ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY,    (SSL_ERROR_BASE + 115),
-"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.")
+ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115),
+    "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.")
 
-ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID,      (SSL_ERROR_BASE + 116),
-"SSL received invalid NPN extension data.")
+ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116),
+    "SSL received invalid NPN extension data.")
 
-ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2,  (SSL_ERROR_BASE + 117),
-"SSL feature not supported for SSL 2.0 connections.")
+ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117),
+    "SSL feature not supported for SSL 2.0 connections.")
 
 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118),
-"SSL feature not supported for servers.")
+    "SSL feature not supported for servers.")
 
 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119),
-"SSL feature not supported for clients.")
+    "SSL feature not supported for clients.")
 
-ER3(SSL_ERROR_INVALID_VERSION_RANGE,           (SSL_ERROR_BASE + 120),
-"SSL version range is not valid.")
+ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120),
+    "SSL version range is not valid.")
 
-ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION,   (SSL_ERROR_BASE + 121),
-"SSL peer selected a cipher suite disallowed for the selected protocol version.")
+ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 121),
+    "SSL peer selected a cipher suite disallowed for the selected protocol version.")
 
 ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 122),
-"SSL received a malformed Hello Verify Request handshake message.")
+    "SSL received a malformed Hello Verify Request handshake message.")
 
 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123),
-"SSL received an unexpected Hello Verify Request handshake message.")
+    "SSL received an unexpected Hello Verify Request handshake message.")
 
 ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
-"SSL feature not supported for the protocol version.")
+    "SSL feature not supported for the protocol version.")
 
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS,       (SSL_ERROR_BASE + 125),
-"SSL received an unexpected Certificate Status handshake message.")
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
+    "SSL received an unexpected Certificate Status handshake message.")
 
 ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126),
-"Unsupported hash algorithm used by TLS peer.")
+    "Unsupported hash algorithm used by TLS peer.")
 
 ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
-"Digest function failed.")
+    "Digest function failed.")
 
 ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
-"Incorrect signature algorithm specified in a digitally-signed element.")
+    "Incorrect signature algorithm specified in a digitally-signed element.")
 
 ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
-"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
+    "The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
 
 ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
-"The server supports no protocols that the client advertises in the ALPN extension.")
+    "The server supports no protocols that the client advertises in the ALPN extension.")
 
 ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
-"The server rejected the handshake because the client downgraded to a lower "
-"TLS version than the server supports.")
+    "The server rejected the handshake because the client downgraded to a lower "
+    "TLS version than the server supports.")
 
 ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
-"The server certificate included a public key that was too weak.")
+    "The server certificate included a public key that was too weak.")
 
 ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133),
-"Not enough room in buffer for DTLS record.")
+    "Not enough room in buffer for DTLS record.")
 
 ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134),
-"No supported TLS signature algorithm was configured.")
+    "No supported TLS signature algorithm was configured.")
 
 ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135),
-"The peer used an unsupported combination of signature and hash algorithm.")
+    "The peer used an unsupported combination of signature and hash algorithm.")
 
 ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
-"The peer tried to resume without a correct extended_master_secret extension")
+    "The peer tried to resume without a correct extended_master_secret extension")
 
 ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
-"The peer tried to resume with an unexpected extended_master_secret extension")
+    "The peer tried to resume with an unexpected extended_master_secret extension")
 
 ER3(SSL_ERROR_RX_MALFORMED_KEY_SHARE, (SSL_ERROR_BASE + 138),
-"SSL received a malformed Key Share extension.")
+    "SSL received a malformed Key Share extension.")
 
 ER3(SSL_ERROR_MISSING_KEY_SHARE, (SSL_ERROR_BASE + 139),
-"SSL expected a Key Share extension.")
+    "SSL expected a Key Share extension.")
 
 ER3(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE, (SSL_ERROR_BASE + 140),
-"SSL received a malformed ECDHE key share handshake extension.")
+    "SSL received a malformed ECDHE key share handshake extension.")
 
 ER3(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE, (SSL_ERROR_BASE + 141),
-"SSL received a malformed DHE key share handshake extension.")
+    "SSL received a malformed DHE key share handshake extension.")
 
 ER3(SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 142),
-"SSL received a malformed Encrypted Extensions handshake message.")
+    "SSL received a malformed Encrypted Extensions handshake message.")
 
 ER3(SSL_ERROR_MISSING_EXTENSION_ALERT, (SSL_ERROR_BASE + 143),
-"SSL received a missing_extenson alert.")
+    "SSL received a missing_extenson alert.")
 
 ER3(SSL_ERROR_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 144),
-"SSL had an error performing key exchange.")
+    "SSL had an error performing key exchange.")
 
 ER3(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 145),
-"SSL received an extension that is not permitted for this version.")
+    "SSL received an extension that is not permitted for this version.")
--- a/lib/ssl/authcert.c
+++ b/lib/ssl/authcert.c
@@ -11,79 +11,81 @@
 #include "secitem.h"
 #include "prnetdb.h"
 #include "cert.h"
 #include "nspr.h"
 #include "secder.h"
 #include "key.h"
 #include "nss.h"
 #include "ssl.h"
-#include "pk11func.h"	/* for PK11_ function calls */
+#include "pk11func.h" /* for PK11_ function calls */
 
 /*
  * This callback used by SSL to pull client sertificate upon
  * server request
  */
-SECStatus 
-NSS_GetClientAuthData(void *                       arg, 
-                      PRFileDesc *                 socket, 
-		      struct CERTDistNamesStr *    caNames, 
-		      struct CERTCertificateStr ** pRetCert, 
-		      struct SECKEYPrivateKeyStr **pRetKey)
+SECStatus
+NSS_GetClientAuthData(void *arg,
+                      PRFileDesc *socket,
+                      struct CERTDistNamesStr *caNames,
+                      struct CERTCertificateStr **pRetCert,
+                      struct SECKEYPrivateKeyStr **pRetKey)
 {
-  CERTCertificate *  cert = NULL;
-  SECKEYPrivateKey * privkey = NULL;
-  char *             chosenNickName = (char *)arg;    /* CONST */
-  void *             proto_win  = NULL;
-  SECStatus          rv         = SECFailure;
-  
-  proto_win = SSL_RevealPinArg(socket);
-  
-  if (chosenNickName) {
-    cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
-                                    chosenNickName, certUsageSSLClient,
-                                    PR_FALSE, proto_win);	
-    if ( cert ) {
-      privkey = PK11_FindKeyByAnyCert(cert, proto_win);
-      if ( privkey ) {
-	rv = SECSuccess;
-      } else {
-	CERT_DestroyCertificate(cert);
-      }
+    CERTCertificate *cert = NULL;
+    SECKEYPrivateKey *privkey = NULL;
+    char *chosenNickName = (char *)arg; /* CONST */
+    void *proto_win = NULL;
+    SECStatus rv = SECFailure;
+
+    proto_win = SSL_RevealPinArg(socket);
+
+    if (chosenNickName) {
+        cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                        chosenNickName, certUsageSSLClient,
+                                        PR_FALSE, proto_win);
+        if (cert) {
+            privkey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privkey) {
+                rv = SECSuccess;
+            }
+            else {
+                CERT_DestroyCertificate(cert);
+            }
+        }
     }
-  } else { /* no name given, automatically find the right cert. */
-    CERTCertNicknames * names;
-    int                 i;
-      
-    names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
-				  SEC_CERT_NICKNAMES_USER, proto_win);
-    if (names != NULL) {
-      for (i = 0; i < names->numnicknames; i++) {
-	cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
-                            names->nicknames[i], certUsageSSLClient,
-                            PR_FALSE, proto_win);	
-	if ( !cert )
-	  continue;
-	/* Only check unexpired certs */
-	if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != 
-	    secCertTimeValid ) {
-	  CERT_DestroyCertificate(cert);
-	  continue;
-	}
-	rv = NSS_CmpCertChainWCANames(cert, caNames);
-	if ( rv == SECSuccess ) {
-	  privkey = PK11_FindKeyByAnyCert(cert, proto_win);
-	  if ( privkey )
-	    break;
-	}
-	rv = SECFailure;
-	CERT_DestroyCertificate(cert);
-      } 
-      CERT_FreeNicknames(names);
+    else { /* no name given, automatically find the right cert. */
+        CERTCertNicknames *names;
+        int i;
+
+        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+                                      SEC_CERT_NICKNAMES_USER, proto_win);
+        if (names != NULL) {
+            for (i = 0; i < names->numnicknames; i++) {
+                cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                names->nicknames[i], certUsageSSLClient,
+                                                PR_FALSE, proto_win);
+                if (!cert)
+                    continue;
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
+                    secCertTimeValid) {
+                    CERT_DestroyCertificate(cert);
+                    continue;
+                }
+                rv = NSS_CmpCertChainWCANames(cert, caNames);
+                if (rv == SECSuccess) {
+                    privkey =
+                        PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privkey)
+                        break;
+                }
+                rv = SECFailure;
+                CERT_DestroyCertificate(cert);
+            }
+            CERT_FreeNicknames(names);
+        }
     }
-  }
-  if (rv == SECSuccess) {
-    *pRetCert = cert;
-    *pRetKey  = privkey;
-  }
-  return rv;
+    if (rv == SECSuccess) {
+        *pRetCert = cert;
+        *pRetKey = privkey;
+    }
+    return rv;
 }
-
--- a/lib/ssl/cmpcert.c
+++ b/lib/ssl/cmpcert.c
@@ -13,78 +13,80 @@
 #include "cert.h"
 #include "nspr.h"
 #include "secder.h"
 #include "key.h"
 #include "nss.h"
 
 /*
  * Look to see if any of the signers in the cert chain for "cert" are found
- * in the list of caNames.  
+ * in the list of caNames.
  * Returns SECSuccess if so, SECFailure if not.
  */
 SECStatus
 NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
 {
-  SECItem *         caname;
-  CERTCertificate * curcert;
-  CERTCertificate * oldcert;
-  PRInt32           contentlen;
-  int               j;
-  int               headerlen;
-  int               depth;
-  SECStatus         rv;
-  SECItem           issuerName;
-  SECItem           compatIssuerName;
+    SECItem *caname;
+    CERTCertificate *curcert;
+    CERTCertificate *oldcert;
+    PRInt32 contentlen;
+    int j;
+    int headerlen;
+    int depth;
+    SECStatus rv;
+    SECItem issuerName;
+    SECItem compatIssuerName;
+
+    if (!cert || !caNames || !caNames->nnames || !caNames->names ||
+        !caNames->names->data)
+        return SECFailure;
+    depth = 0;
+    curcert = CERT_DupCertificate(cert);
+
+    while (curcert) {
+        issuerName = curcert->derIssuer;
 
-  if (!cert || !caNames || !caNames->nnames || !caNames->names ||
-      !caNames->names->data)
-    return SECFailure;
-  depth=0;
-  curcert = CERT_DupCertificate(cert);
-  
-  while( curcert ) {
-    issuerName = curcert->derIssuer;
-    
-    /* compute an alternate issuer name for compatibility with 2.0
-     * enterprise server, which send the CA names without
-     * the outer layer of DER header
-     */
-    rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
-    if ( rv == SECSuccess ) {
-      compatIssuerName.data = &issuerName.data[headerlen];
-      compatIssuerName.len = issuerName.len - headerlen;
-    } else {
-      compatIssuerName.data = NULL;
-      compatIssuerName.len = 0;
+        /* compute an alternate issuer name for compatibility with 2.0
+         * enterprise server, which send the CA names without
+         * the outer layer of DER header
+         */
+        rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
+        if (rv == SECSuccess) {
+            compatIssuerName.data = &issuerName.data[headerlen];
+            compatIssuerName.len = issuerName.len - headerlen;
+        }
+        else {
+            compatIssuerName.data = NULL;
+            compatIssuerName.len = 0;
+        }
+
+        for (j = 0; j < caNames->nnames; j++) {
+            caname = &caNames->names[j];
+            if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
+                rv = SECSuccess;
+                CERT_DestroyCertificate(curcert);
+                goto done;
+            }
+            else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
+                rv = SECSuccess;
+                CERT_DestroyCertificate(curcert);
+                goto done;
+            }
+        }
+        if ((depth <= 20) &&
+            (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) !=
+             SECEqual)) {
+            oldcert = curcert;
+            curcert = CERT_FindCertByName(curcert->dbhandle,
+                                          &curcert->derIssuer);
+            CERT_DestroyCertificate(oldcert);
+            depth++;
+        }
+        else {
+            CERT_DestroyCertificate(curcert);
+            curcert = NULL;
+        }
     }
-    
-    for (j = 0; j < caNames->nnames; j++) {
-      caname = &caNames->names[j];
-      if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
-	rv = SECSuccess;
-	CERT_DestroyCertificate(curcert);
-	goto done;
-      } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
-	rv = SECSuccess;
-	CERT_DestroyCertificate(curcert);
-	goto done;
-      }
-    }
-    if ( ( depth <= 20 ) &&
-	 ( SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject)
-	   != SECEqual ) ) {
-      oldcert = curcert;
-      curcert = CERT_FindCertByName(curcert->dbhandle,
-				    &curcert->derIssuer);
-      CERT_DestroyCertificate(oldcert);
-      depth++;
-    } else {
-      CERT_DestroyCertificate(curcert);
-      curcert = NULL;
-    }
-  }
-  rv = SECFailure;
-  
+    rv = SECFailure;
+
 done:
-  return rv;
+    return rv;
 }
-
--- a/lib/ssl/derive.c
+++ b/lib/ssl/derive.c
@@ -1,18 +1,18 @@
 /*
  * Key Derivation that doesn't use PKCS11
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "ssl.h" 	/* prereq to sslimpl.h */
-#include "certt.h"	/* prereq to sslimpl.h */
-#include "keythi.h"	/* prereq to sslimpl.h */
+#include "ssl.h"    /* prereq to sslimpl.h */
+#include "certt.h"  /* prereq to sslimpl.h */
+#include "keythi.h" /* prereq to sslimpl.h */
 #include "sslimpl.h"
 #ifndef NO_PKCS11_BYPASS
 #include "blapi.h"
 #endif
 
 #include "keyhi.h"
 #include "pk11func.h"
 #include "secasn1.h"
@@ -21,876 +21,889 @@
 
 #include "sslproto.h"
 #include "sslerr.h"
 
 #ifndef NO_PKCS11_BYPASS
 /* make this a macro! */
 #ifdef NOT_A_MACRO
 static void
-buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result,
-            const char * label)
+buildSSLKey(unsigned char *keyBlock, unsigned int keyLen, SECItem *result,
+            const char *label)
 {
     result->type = siBuffer;
     result->data = keyBlock;
-    result->len  = keyLen;
+    result->len = keyLen;
     PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
 }
 #else
-#define buildSSLKey(keyBlock, keyLen, result, label) \
-{ \
-    (result)->type = siBuffer; \
-    (result)->data = keyBlock; \
-    (result)->len  = keyLen; \
-    PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
-}
+#define buildSSLKey(keyBlock, keyLen, result, label)     \
+    {                                                    \
+        (result)->type = siBuffer;                       \
+        (result)->data = keyBlock;                       \
+        (result)->len = keyLen;                          \
+        PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
+    }
 #endif
 
 /*
  * SSL Key generation given pre master secret
  */
 #ifndef NUM_MIXERS
 #define NUM_MIXERS 9
 #endif
-static const char * const mixers[NUM_MIXERS] = { 
-    "A", 
-    "BB", 
-    "CCC", 
-    "DDDD", 
-    "EEEEE", 
-    "FFFFFF", 
+static const char *const mixers[NUM_MIXERS] = {
+    "A",
+    "BB",
+    "CCC",
+    "DDDD",
+    "EEEEE",
+    "FFFFFF",
     "GGGGGGG",
     "HHHHHHHH",
-    "IIIIIIIII" 
+    "IIIIIIIII"
 };
 
-
 SECStatus
 ssl3_KeyAndMacDeriveBypass(
-    ssl3CipherSpec *      pwSpec,
-    const unsigned char * cr,
-    const unsigned char * sr,
-    PRBool                isTLS,
-    PRBool                isExport)
+    ssl3CipherSpec *pwSpec,
+    const unsigned char *cr,
+    const unsigned char *sr,
+    PRBool isTLS,
+    PRBool isExport)
 {
     const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
-    unsigned char * key_block    = pwSpec->key_block;
-    unsigned char * key_block2   = NULL;
-    unsigned int    block_bytes  = 0;
-    unsigned int    block_needed = 0;
-    unsigned int    i;
-    unsigned int    keySize;            /* actual    size of cipher keys */
-    unsigned int    effKeySize;		/* effective size of cipher keys */
-    unsigned int    macSize;		/* size of MAC secret */
-    unsigned int    IVSize;		/* size of IV */
-    PRBool          explicitIV = PR_FALSE;
-    SECStatus       rv    = SECFailure;
-    SECStatus       status = SECSuccess;
-    PRBool          isFIPS = PR_FALSE;
-    PRBool          isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+    unsigned char *key_block = pwSpec->key_block;
+    unsigned char *key_block2 = NULL;
+    unsigned int block_bytes = 0;
+    unsigned int block_needed = 0;
+    unsigned int i;
+    unsigned int keySize;    /* actual    size of cipher keys */
+    unsigned int effKeySize; /* effective size of cipher keys */
+    unsigned int macSize;    /* size of MAC secret */
+    unsigned int IVSize;     /* size of IV */
+    PRBool explicitIV = PR_FALSE;
+    SECStatus rv = SECFailure;
+    SECStatus status = SECSuccess;
+    PRBool isFIPS = PR_FALSE;
+    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
 
-    SECItem         srcr;
-    SECItem         crsr;
+    SECItem srcr;
+    SECItem crsr;
 
-    unsigned char     srcrdata[SSL3_RANDOM_LENGTH * 2];
-    unsigned char     crsrdata[SSL3_RANDOM_LENGTH * 2];
-    PRUint64          md5buf[22];
-    PRUint64          shabuf[40];
+    unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
+    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+    PRUint64 md5buf[22];
+    PRUint64 shabuf[40];
 
 #define md5Ctx ((MD5Context *)md5buf)
 #define shaCtx ((SHA1Context *)shabuf)
 
-    static const SECItem zed  = { siBuffer, NULL, 0 };
+    static const SECItem zed = { siBuffer, NULL, 0 };
 
     if (pwSpec->msItem.data == NULL ||
-        pwSpec->msItem.len  != SSL3_MASTER_SECRET_LENGTH) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return rv;
+        pwSpec->msItem.len != SSL3_MASTER_SECRET_LENGTH) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return rv;
     }
 
-    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data, 
-                                           pwSpec->msItem.len));
+    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
+                    pwSpec->msItem.len));
 
     /* figure out how much is needed */
-    macSize    = pwSpec->mac_size;
-    keySize    = cipher_def->key_size;
+    macSize = pwSpec->mac_size;
+    keySize = cipher_def->key_size;
     effKeySize = cipher_def->secret_key_size;
-    IVSize     = cipher_def->iv_size;
+    IVSize = cipher_def->iv_size;
     if (keySize == 0) {
-	effKeySize = IVSize = 0; /* only MACing */
+        effKeySize = IVSize = 0; /* only MACing */
     }
     if (cipher_def->type == type_block &&
-	pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-	/* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
-	explicitIV = PR_TRUE;
+        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
+        explicitIV = PR_TRUE;
     }
     block_needed =
-	2 * (macSize + effKeySize + ((!isExport && !explicitIV) * IVSize));
+        2 * (macSize + effKeySize + ((!isExport && !explicitIV) * IVSize));
 
     /*
      * clear out our returned keys so we can recover on failure
      */
-    pwSpec->client.write_key_item     = zed;
+    pwSpec->client.write_key_item = zed;
     pwSpec->client.write_mac_key_item = zed;
-    pwSpec->server.write_key_item     = zed;
+    pwSpec->server.write_key_item = zed;
     pwSpec->server.write_mac_key_item = zed;
 
     /* initialize the server random, client random block */
-    srcr.type   = siBuffer;
-    srcr.data   = srcrdata;
-    srcr.len    = sizeof srcrdata;
+    srcr.type = siBuffer;
+    srcr.data = srcrdata;
+    srcr.len = sizeof srcrdata;
     PORT_Memcpy(srcrdata, sr, SSL3_RANDOM_LENGTH);
     PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH, cr, SSL3_RANDOM_LENGTH);
 
     /* initialize the client random, server random block */
-    crsr.type   = siBuffer;
-    crsr.data   = crsrdata;
-    crsr.len    = sizeof crsrdata;
+    crsr.type = siBuffer;
+    crsr.data = crsrdata;
+    crsr.len = sizeof crsrdata;
     PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
     PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
     PRINT_BUF(100, (NULL, "Key & MAC CRSR", crsr.data, crsr.len));
 
     /*
      * generate the key material:
      */
     if (isTLS) {
-	SECItem       keyblk;
+        SECItem keyblk;
 
-	keyblk.type = siBuffer;
-	keyblk.data = key_block;
-	keyblk.len  = block_needed;
+        keyblk.type = siBuffer;
+        keyblk.data = key_block;
+        keyblk.len = block_needed;
 
-	if (isTLS12) {
-	    status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
-				"key expansion", &srcr, &keyblk, isFIPS);
-	} else {
-	    status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
-			     isFIPS);
-	}
-	if (status != SECSuccess) {
-	    goto key_and_mac_derive_fail;
-	}
-	block_bytes = keyblk.len;
-    } else {
-	/* key_block = 
-	 *     MD5(master_secret + SHA('A' + master_secret + 
-	 *                      ServerHello.random + ClientHello.random)) +
-	 *     MD5(master_secret + SHA('BB' + master_secret + 
-	 *                      ServerHello.random + ClientHello.random)) +
-	 *     MD5(master_secret + SHA('CCC' + master_secret + 
-	 *                      ServerHello.random + ClientHello.random)) +
-	 *     [...];
-	 */
-	unsigned int made = 0;
-	for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
-	    unsigned int    outLen;
-	    unsigned char   sha_out[SHA1_LENGTH];
+        if (isTLS12) {
+            status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
+                                "key expansion", &srcr, &keyblk, isFIPS);
+        }
+        else {
+            status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
+                             isFIPS);
+        }
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        block_bytes = keyblk.len;
+    }
+    else {
+       /* key_block =
+        *     MD5(master_secret + SHA('A' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     MD5(master_secret + SHA('BB' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     MD5(master_secret + SHA('CCC' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     [...];
+        */
+        unsigned int made = 0;
+        for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
+            unsigned int outLen;
+            unsigned char sha_out[SHA1_LENGTH];
 
-	    SHA1_Begin(shaCtx);
-	    SHA1_Update(shaCtx, (unsigned char*)(mixers[i]), i+1);
-	    SHA1_Update(shaCtx, pwSpec->msItem.data, pwSpec->msItem.len);
-	    SHA1_Update(shaCtx, srcr.data, srcr.len);
-	    SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
-	    PORT_Assert(outLen == SHA1_LENGTH);
+            SHA1_Begin(shaCtx);
+            SHA1_Update(shaCtx, (unsigned char *)(mixers[i]), i + 1);
+            SHA1_Update(shaCtx, pwSpec->msItem.data, pwSpec->msItem.len);
+            SHA1_Update(shaCtx, srcr.data, srcr.len);
+            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
+            PORT_Assert(outLen == SHA1_LENGTH);
 
-	    MD5_Begin(md5Ctx);
-	    MD5_Update(md5Ctx, pwSpec->msItem.data, pwSpec->msItem.len);
-	    MD5_Update(md5Ctx, sha_out, outLen);
-	    MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
-	    PORT_Assert(outLen == MD5_LENGTH);
-	    made += MD5_LENGTH;
-	}
-	block_bytes = made;
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, pwSpec->msItem.data, pwSpec->msItem.len);
+            MD5_Update(md5Ctx, sha_out, outLen);
+            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
+            PORT_Assert(outLen == MD5_LENGTH);
+            made += MD5_LENGTH;
+        }
+        block_bytes = made;
     }
     PORT_Assert(block_bytes >= block_needed);
     PORT_Assert(block_bytes <= sizeof pwSpec->key_block);
     PRINT_BUF(100, (NULL, "key block", key_block, block_bytes));
 
     /*
      * Put the key material where it goes.
      */
     key_block2 = key_block + block_bytes;
-    i = 0;			/* now shows how much consumed */
+    i = 0; /* now shows how much consumed */
 
-    /* 
+    /*
      * The key_block is partitioned as follows:
      * client_write_MAC_secret[CipherSpec.hash_size]
      */
-    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \
+    buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item, \
                 "Client Write MAC Secret");
     i += macSize;
 
-    /* 
+    /*
      * server_write_MAC_secret[CipherSpec.hash_size]
      */
-    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \
+    buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item, \
                 "Server Write MAC Secret");
     i += macSize;
 
     if (!keySize) {
-	/* only MACing */
-	buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
-	            "Client Write Key (MAC only)");
-	buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
-	            "Server Write Key (MAC only)");
-	buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
-	            "Client Write IV (MAC only)");
-	buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
-	            "Server Write IV (MAC only)");
-    } else if (!isExport) {
-	/* 
-	** Generate Domestic write keys and IVs.
-	** client_write_key[CipherSpec.key_material]
-	*/
-	buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
-	            "Domestic Client Write Key");
-	i += keySize;
+        /* only MACing */
+        buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
+                    "Client Write Key (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
+                    "Server Write Key (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
+                    "Client Write IV (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
+                    "Server Write IV (MAC only)");
+    }
+    else if (!isExport) {
+        /*
+        ** Generate Domestic write keys and IVs.
+        ** client_write_key[CipherSpec.key_material]
+        */
+        buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
+                    "Domestic Client Write Key");
+        i += keySize;
 
-	/* 
-	** server_write_key[CipherSpec.key_material]
-	*/
-	buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
-	            "Domestic Server Write Key");
-	i += keySize;
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        */
+        buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
+                    "Domestic Server Write Key");
+        i += keySize;
 
-	if (IVSize > 0) {
-	    if (explicitIV) {
-		static unsigned char zero_block[32];
-		PORT_Assert(IVSize <= sizeof zero_block);
-		buildSSLKey(&zero_block[0], IVSize, \
-			    &pwSpec->client.write_iv_item, \
-			    "Domestic Client Write IV");
-		buildSSLKey(&zero_block[0], IVSize, \
-			    &pwSpec->server.write_iv_item, \
-			    "Domestic Server Write IV");
-	    } else {
-		/* 
-		** client_write_IV[CipherSpec.IV_size]
-		*/
-		buildSSLKey(&key_block[i], IVSize, \
-			    &pwSpec->client.write_iv_item, \
-			    "Domestic Client Write IV");
-		i += IVSize;
+        if (IVSize > 0) {
+            if (explicitIV) {
+                static unsigned char zero_block[32];
+                PORT_Assert(IVSize <= sizeof zero_block);
+                buildSSLKey(&zero_block[0], IVSize, \
+                            &pwSpec->client.write_iv_item, \
+                            "Domestic Client Write IV");
+                buildSSLKey(&zero_block[0], IVSize, \
+                            &pwSpec->server.write_iv_item, \
+                            "Domestic Server Write IV");
+            }
+            else {
+                /*
+                ** client_write_IV[CipherSpec.IV_size]
+                */
+                buildSSLKey(&key_block[i], IVSize, \
+                            &pwSpec->client.write_iv_item, \
+                            "Domestic Client Write IV");
+                i += IVSize;
 
-		/* 
-		** server_write_IV[CipherSpec.IV_size]
-		*/
-		buildSSLKey(&key_block[i], IVSize, \
-			    &pwSpec->server.write_iv_item, \
-			    "Domestic Server Write IV");
-		i += IVSize;
-	    }
-	}
-	PORT_Assert(i <= block_bytes);
-    } else if (!isTLS) { 
-	/*
-	** Generate SSL3 Export write keys and IVs.
-	*/
-	unsigned int    outLen;
+                /*
+                ** server_write_IV[CipherSpec.IV_size]
+                */
+                buildSSLKey(&key_block[i], IVSize, \
+                            &pwSpec->server.write_iv_item, \
+                            "Domestic Server Write IV");
+                i += IVSize;
+            }
+        }
+        PORT_Assert(i <= block_bytes);
+    }
+    else if (!isTLS) {
+        /*
+        ** Generate SSL3 Export write keys and IVs.
+        */
+        unsigned int outLen;
 
-	/*
-	** client_write_key[CipherSpec.key_material]
-	** final_client_write_key = MD5(client_write_key +
-	**                   ClientHello.random + ServerHello.random);
-	*/
-	MD5_Begin(md5Ctx);
-	MD5_Update(md5Ctx, &key_block[i], effKeySize);
-	MD5_Update(md5Ctx, crsr.data, crsr.len);
-	MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	i += effKeySize;
-	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
-	            "SSL3 Export Client Write Key");
-	key_block2 += keySize;
+        /*
+        ** client_write_key[CipherSpec.key_material]
+        ** final_client_write_key = MD5(client_write_key +
+        **                   ClientHello.random + ServerHello.random);
+        */
+        MD5_Begin(md5Ctx);
+        MD5_Update(md5Ctx, &key_block[i], effKeySize);
+        MD5_Update(md5Ctx, crsr.data, crsr.len);
+        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+        i += effKeySize;
+        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+                    "SSL3 Export Client Write Key");
+        key_block2 += keySize;
 
-	/*
-	** server_write_key[CipherSpec.key_material]
-	** final_server_write_key = MD5(server_write_key +
-	**                    ServerHello.random + ClientHello.random);
-	*/
-	MD5_Begin(md5Ctx);
-	MD5_Update(md5Ctx, &key_block[i], effKeySize);
-	MD5_Update(md5Ctx, srcr.data, srcr.len);
-	MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	i += effKeySize;
-	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
-	            "SSL3 Export Server Write Key");
-	key_block2 += keySize;
-	PORT_Assert(i <= block_bytes);
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        ** final_server_write_key = MD5(server_write_key +
+        **                    ServerHello.random + ClientHello.random);
+        */
+        MD5_Begin(md5Ctx);
+        MD5_Update(md5Ctx, &key_block[i], effKeySize);
+        MD5_Update(md5Ctx, srcr.data, srcr.len);
+        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+        i += effKeySize;
+        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+                    "SSL3 Export Server Write Key");
+        key_block2 += keySize;
+        PORT_Assert(i <= block_bytes);
 
-	if (IVSize) {
-	    /*
-	    ** client_write_IV = 
-	    **	MD5(ClientHello.random + ServerHello.random);
-	    */
-	    MD5_Begin(md5Ctx);
-	    MD5_Update(md5Ctx, crsr.data, crsr.len);
-	    MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	    buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
-	                "SSL3 Export Client Write IV");
-	    key_block2 += IVSize;
+        if (IVSize) {
+            /*
+            ** client_write_IV =
+            **  MD5(ClientHello.random + ServerHello.random);
+            */
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, crsr.data, crsr.len);
+            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+            buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
+                        "SSL3 Export Client Write IV");
+            key_block2 += IVSize;
 
-	    /*
-	    ** server_write_IV = 
-	    **	MD5(ServerHello.random + ClientHello.random);
-	    */
-	    MD5_Begin(md5Ctx);
-	    MD5_Update(md5Ctx, srcr.data, srcr.len);
-	    MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
-	    buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
-	                "SSL3 Export Server Write IV");
-	    key_block2 += IVSize;
-	}
+            /*
+            ** server_write_IV =
+            **  MD5(ServerHello.random + ClientHello.random);
+            */
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, srcr.data, srcr.len);
+            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+            buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
+                        "SSL3 Export Server Write IV");
+            key_block2 += IVSize;
+        }
 
-	PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
-    } else {
-	/*
-	** Generate TLS Export write keys and IVs.
-	*/
-	SECItem       secret ;
-	SECItem       keyblk ;
+        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
+    }
+    else {
+        /*
+        ** Generate TLS Export write keys and IVs.
+        */
+        SECItem secret;
+        SECItem keyblk;
 
-	secret.type = siBuffer;
-	keyblk.type = siBuffer;
-	/*
-	** client_write_key[CipherSpec.key_material]
-	** final_client_write_key = PRF(client_write_key, 
-	**                              "client write key",
-	**                              client_random + server_random);
-	*/
-	secret.data = &key_block[i];
-	secret.len  = effKeySize;
-	i          += effKeySize;
-	keyblk.data = key_block2;
-	keyblk.len  = keySize;
-	status = TLS_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS);
-	if (status != SECSuccess) {
-	    goto key_and_mac_derive_fail;
-	}
-	buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
-	            "TLS Export Client Write Key");
-	key_block2 += keySize;
+        secret.type = siBuffer;
+        keyblk.type = siBuffer;
+        /*
+        ** client_write_key[CipherSpec.key_material]
+        ** final_client_write_key = PRF(client_write_key,
+        **                              "client write key",
+        **                              client_random + server_random);
+        */
+        secret.data = &key_block[i];
+        secret.len = effKeySize;
+        i += effKeySize;
+        keyblk.data = key_block2;
+        keyblk.len = keySize;
+        status = TLS_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS);
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
+                    "TLS Export Client Write Key");
+        key_block2 += keySize;
 
-	/*
-	** server_write_key[CipherSpec.key_material]
-	** final_server_write_key = PRF(server_write_key,
-	**                              "server write key",
-	**                              client_random + server_random);
-	*/
-	secret.data = &key_block[i];
-	secret.len  = effKeySize;
-	i          += effKeySize;
-	keyblk.data = key_block2;
-	keyblk.len  = keySize;
-	status = TLS_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS);
-	if (status != SECSuccess) {
-	    goto key_and_mac_derive_fail;
-	}
-	buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
-	            "TLS Export Server Write Key");
-	key_block2 += keySize;
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        ** final_server_write_key = PRF(server_write_key,
+        **                              "server write key",
+        **                              client_random + server_random);
+        */
+        secret.data = &key_block[i];
+        secret.len = effKeySize;
+        i += effKeySize;
+        keyblk.data = key_block2;
+        keyblk.len = keySize;
+        status = TLS_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS);
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
+                    "TLS Export Server Write Key");
+        key_block2 += keySize;
 
-	/*
-	** iv_block = PRF("", "IV block", client_random + server_random);
-	** client_write_IV[SecurityParameters.IV_size]
-	** server_write_IV[SecurityParameters.IV_size]
-	*/
-	if (IVSize) {
-	    secret.data = NULL;
-	    secret.len  = 0;
-	    keyblk.data = key_block2;
-	    keyblk.len  = 2 * IVSize;
-	    status = TLS_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS);
-	    if (status != SECSuccess) {
-		goto key_and_mac_derive_fail;
-	    }
-	    buildSSLKey(key_block2,          IVSize, \
-	                &pwSpec->client.write_iv_item, \
-			"TLS Export Client Write IV");
-	    buildSSLKey(key_block2 + IVSize, IVSize, \
-	                &pwSpec->server.write_iv_item, \
-			"TLS Export Server Write IV");
-	    key_block2 += 2 * IVSize;
-	}
-	PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
+        /*
+        ** iv_block = PRF("", "IV block", client_random + server_random);
+        ** client_write_IV[SecurityParameters.IV_size]
+        ** server_write_IV[SecurityParameters.IV_size]
+        */
+        if (IVSize) {
+            secret.data = NULL;
+            secret.len = 0;
+            keyblk.data = key_block2;
+            keyblk.len = 2 * IVSize;
+            status = TLS_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS);
+            if (status != SECSuccess) {
+                goto key_and_mac_derive_fail;
+            }
+            buildSSLKey(key_block2, IVSize, \
+                        &pwSpec->client.write_iv_item, \
+                        "TLS Export Client Write IV");
+            buildSSLKey(key_block2 + IVSize, IVSize, \
+                        &pwSpec->server.write_iv_item, \
+                        "TLS Export Server Write IV");
+            key_block2 += 2 * IVSize;
+        }
+        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
     }
     rv = SECSuccess;
 
 key_and_mac_derive_fail:
 
     MD5_DestroyContext(md5Ctx, PR_FALSE);
     SHA1_DestroyContext(shaCtx, PR_FALSE);
 
     if (rv != SECSuccess) {
-	PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
     }
 
     return rv;
 }
 
-
 /* derive the Master Secret from the PMS */
 /* Presently, this is only done wtih RSA PMS, and only on the server side,
- * so isRSA is always true. 
+ * so isRSA is always true.
  */
 SECStatus
-ssl3_MasterSecretDeriveBypass( 
-    ssl3CipherSpec *      pwSpec,
-    const unsigned char * cr,
-    const unsigned char * sr,
-    const SECItem *       pms,
-    PRBool                isTLS,
-    PRBool                isRSA)
+ssl3_MasterSecretDeriveBypass(
+    ssl3CipherSpec *pwSpec,
+    const unsigned char *cr,
+    const unsigned char *sr,
+    const SECItem *pms,
+    PRBool isTLS,
+    PRBool isRSA)
 {
-    unsigned char * key_block    = pwSpec->key_block;
-    SECStatus       rv    = SECSuccess;
-    PRBool          isFIPS = PR_FALSE;
-    PRBool          isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+    unsigned char *key_block = pwSpec->key_block;
+    SECStatus rv = SECSuccess;
+    PRBool isFIPS = PR_FALSE;
+    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
 
-    SECItem         crsr;
+    SECItem crsr;
 
-    unsigned char     crsrdata[SSL3_RANDOM_LENGTH * 2];
-    PRUint64          md5buf[22];
-    PRUint64          shabuf[40];
+    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+    PRUint64 md5buf[22];
+    PRUint64 shabuf[40];
 
 #define md5Ctx ((MD5Context *)md5buf)
 #define shaCtx ((SHA1Context *)shabuf)
 
     /* first do the consistancy checks */
-    if (isRSA) { 
-	PORT_Assert(pms->len == SSL3_RSA_PMS_LENGTH);
-	if (pms->len != SSL3_RSA_PMS_LENGTH) {
-	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	    return SECFailure;
-	}
-	/* caller must test PMS version for rollback */
+    if (isRSA) {
+        PORT_Assert(pms->len == SSL3_RSA_PMS_LENGTH);
+        if (pms->len != SSL3_RSA_PMS_LENGTH) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        /* caller must test PMS version for rollback */
     }
 
     /* initialize the client random, server random block */
-    crsr.type   = siBuffer;
-    crsr.data   = crsrdata;
-    crsr.len    = sizeof crsrdata;
+    crsr.type = siBuffer;
+    crsr.data = crsrdata;
+    crsr.len = sizeof crsrdata;
     PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
     PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
     PRINT_BUF(100, (NULL, "Master Secret CRSR", crsr.data, crsr.len));
 
     /* finally do the key gen */
     if (isTLS) {
-	SECItem master = { siBuffer, NULL, 0 };
+        SECItem master = { siBuffer, NULL, 0 };
 
-	master.data = key_block;
-	master.len = SSL3_MASTER_SECRET_LENGTH;
+        master.data = key_block;
+        master.len = SSL3_MASTER_SECRET_LENGTH;
 
-	if (isTLS12) {
-	    rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
-			    &master, isFIPS);
-	} else {
-	    rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
-	}
-	if (rv != SECSuccess) {
-	    PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
-	}
-    } else {
-	int i;
-	unsigned int made = 0;
-	for (i = 0; i < 3; i++) {
-	    unsigned int    outLen;
-	    unsigned char   sha_out[SHA1_LENGTH];
+        if (isTLS12) {
+            rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
+                            &master, isFIPS);
+        }
+        else {
+            rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
+        }
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        }
+    }
+    else {
+        int i;
+        unsigned int made = 0;
+        for (i = 0; i < 3; i++) {
+            unsigned int outLen;
+            unsigned char sha_out[SHA1_LENGTH];
 
-	    SHA1_Begin(shaCtx);
-	    SHA1_Update(shaCtx, (unsigned char*) mixers[i], i+1);
-	    SHA1_Update(shaCtx, pms->data, pms->len);
-	    SHA1_Update(shaCtx, crsr.data, crsr.len);
-	    SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
-	    PORT_Assert(outLen == SHA1_LENGTH);
+            SHA1_Begin(shaCtx);
+            SHA1_Update(shaCtx, (unsigned char *)mixers[i], i + 1);
+            SHA1_Update(shaCtx, pms->data, pms->len);
+            SHA1_Update(shaCtx, crsr.data, crsr.len);
+            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
+            PORT_Assert(outLen == SHA1_LENGTH);
 
-	    MD5_Begin(md5Ctx);
-	    MD5_Update(md5Ctx, pms->data, pms->len);
-	    MD5_Update(md5Ctx, sha_out, outLen);
-	    MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
-	    PORT_Assert(outLen == MD5_LENGTH);
-	    made += outLen;
-	}
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, pms->data, pms->len);
+            MD5_Update(md5Ctx, sha_out, outLen);
+            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
+            PORT_Assert(outLen == MD5_LENGTH);
+            made += outLen;
+        }
     }
 
     /* store the results */
-    PORT_Memcpy(pwSpec->raw_master_secret, key_block, 
-		SSL3_MASTER_SECRET_LENGTH);
+    PORT_Memcpy(pwSpec->raw_master_secret, key_block,
+                SSL3_MASTER_SECRET_LENGTH);
     pwSpec->msItem.data = pwSpec->raw_master_secret;
-    pwSpec->msItem.len  = SSL3_MASTER_SECRET_LENGTH;
-    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data, 
-                                           pwSpec->msItem.len));
+    pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
+    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
+                    pwSpec->msItem.len));
 
     return rv;
 }
 
 static SECStatus
 ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
-{   SECStatus	      rv;
-    PK11SymKey *    ms = NULL;
-    SECItem         params = {siBuffer, NULL, 0};
+{
+    SECStatus rv;
+    PK11SymKey *ms = NULL;
+    SECItem params = { siBuffer, NULL, 0 };
     CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
-    unsigned char   rand[SSL3_RANDOM_LENGTH];
-    CK_VERSION      pms_version;
+    unsigned char rand[SSL3_RANDOM_LENGTH];
+    CK_VERSION pms_version;
     CK_MECHANISM_TYPE master_derive;
     CK_MECHANISM_TYPE key_derive;
-    CK_FLAGS          keyFlags;
-    
+    CK_FLAGS keyFlags;
+
     if (pms == NULL)
-	return(SECFailure);
+        return (SECFailure);
 
     PORT_Memset(rand, 0, SSL3_RANDOM_LENGTH);
 
     if (isTLS) {
-	if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
-	else master_derive = CKM_TLS_MASTER_KEY_DERIVE;
-	key_derive    = CKM_TLS_KEY_AND_MAC_DERIVE;
-	keyFlags      = CKF_SIGN | CKF_VERIFY;
-    } else {
-	if (isDH) master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
-	else master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
-	key_derive    = CKM_SSL3_KEY_AND_MAC_DERIVE;
-	keyFlags      = 0;
+        if (isDH)
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE;
+        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+        keyFlags = CKF_SIGN | CKF_VERIFY;
+    }
+    else {
+        if (isDH)
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
+        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        keyFlags = 0;
     }
 
-    master_params.pVersion                     = &pms_version;
-    master_params.RandomInfo.pClientRandom     = rand;
+    master_params.pVersion = &pms_version;
+    master_params.RandomInfo.pClientRandom = rand;
     master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
-    master_params.RandomInfo.pServerRandom     = rand;
+    master_params.RandomInfo.pServerRandom = rand;
     master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
 
-    params.data = (unsigned char *) &master_params;
-    params.len  = sizeof master_params;
+    params.data = (unsigned char *)&master_params;
+    params.len = sizeof master_params;
 
     ms = PK11_DeriveWithFlags(pms, master_derive, &params, key_derive,
-			      CKA_DERIVE, 0, keyFlags);
+                              CKA_DERIVE, 0, keyFlags);
     if (ms == NULL)
-	return(SECFailure);
+        return (SECFailure);
 
     rv = PK11_ExtractKeyValue(ms);
     *pcbp = (rv == SECSuccess);
     PK11_FreeSymKey(ms);
-    
-    return(rv);
 
+    return (rv);
 }
-#endif  /* !NO_PKCS11_BYPASS */
+#endif /* !NO_PKCS11_BYPASS */
 
 /* Check the key exchange algorithm for each cipher in the list to see if
- * a master secret key can be extracted. If the KEA will use keys from the 
+ * a master secret key can be extracted. If the KEA will use keys from the
  * specified cert make sure the extract operation is attempted from the slot
  * where the private key resides.
  * If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
  * SECSuccess is returned. In all other cases but one (*pcanbypass) is
  * set to FALSE and SECFailure is returned.
- * In that last case Derive() has been called successfully but the MS is null, 
+ * In that last case Derive() has been called successfully but the MS is null,
  * CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
  * arguments were all valid but the slot cannot be bypassed.
  */
 
 /* XXX Add SSL_CBP_TLS1_1 and test it in protocolmask when setting isTLS. */
 
-SECStatus 
+SECStatus
 SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
-	      PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
+              PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
               PRBool *pcanbypass, void *pwArg)
 {
 #ifdef NO_PKCS11_BYPASS
     if (!pcanbypass) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     *pcanbypass = PR_FALSE;
     return SECSuccess;
 #else
-    SECStatus	      rv;
-    int		      i;
-    PRUint16	      suite;
-    PK11SymKey *      pms = NULL;
-    SECKEYPublicKey * srvPubkey = NULL;
-    KeyType	      privKeytype;
-    PK11SlotInfo *    slot = NULL;
-    SECItem           param;
-    CK_VERSION 	      version;
+    SECStatus rv;
+    int i;
+    PRUint16 suite;
+    PK11SymKey *pms = NULL;
+    SECKEYPublicKey *srvPubkey = NULL;
+    KeyType privKeytype;
+    PK11SlotInfo *slot = NULL;
+    SECItem param;
+    CK_VERSION version;
     CK_MECHANISM_TYPE mechanism_array[2];
-    SECItem           enc_pms = {siBuffer, NULL, 0};
-    PRBool	      isTLS = PR_FALSE;
+    SECItem enc_pms = { siBuffer, NULL, 0 };
+    PRBool isTLS = PR_FALSE;
     SSLCipherSuiteInfo csdef;
-    PRBool	      testrsa = PR_FALSE;
-    PRBool	      testrsa_export = PR_FALSE;
-    PRBool	      testecdh = PR_FALSE;
-    PRBool	      testecdhe = PR_FALSE;
+    PRBool testrsa = PR_FALSE;
+    PRBool testrsa_export = PR_FALSE;
+    PRBool testecdh = PR_FALSE;
+    PRBool testecdhe = PR_FALSE;
 #ifndef NSS_DISABLE_ECC
     SECKEYECParams ecParams = { siBuffer, NULL, 0 };
 #endif
 
     if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
-    
+
     srvPubkey = CERT_ExtractPublicKey(cert);
     if (!srvPubkey)
         return SECFailure;
-	
+
     *pcanbypass = PR_TRUE;
     rv = SECFailure;
-    
+
     /* determine which KEAs to test */
     /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
      * SSL3 and TLS specs forbid negotiating that cipher suite number.
      */
-    for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
-	/* skip SSL2 cipher suites and ones NSS doesn't support */
-	if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess
-	    || SSL_IS_SSL2_CIPHER(suite) )
-	    continue;
-	switch (csdef.keaType) {
-	case ssl_kea_rsa:
-	    switch (csdef.cipherSuite) {
-	    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
-	    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-	    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
-	    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-		testrsa_export = PR_TRUE;
-	    }
-	    if (!testrsa_export)
-		testrsa = PR_TRUE;
-	    break;
-	case ssl_kea_ecdh:
-	    if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
-		testecdhe = PR_TRUE;
-	    else
-		testecdh = PR_TRUE;
-	    break;
-	case ssl_kea_dh:
-	    /* this is actually DHE */
-	default:
-	    continue;
-	}
+    for (i = 0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
+        /* skip SSL2 cipher suites and ones NSS doesn't support */
+        if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess ||
+            SSL_IS_SSL2_CIPHER(suite))
+            continue;
+        switch (csdef.keaType) {
+            case ssl_kea_rsa:
+                switch (csdef.cipherSuite) {
+                    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
+                    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
+                    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+                    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+                        testrsa_export = PR_TRUE;
+                }
+                if (!testrsa_export)
+                    testrsa = PR_TRUE;
+                break;
+            case ssl_kea_ecdh:
+                if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
+                    testecdhe = PR_TRUE;
+                else
+                    testecdh = PR_TRUE;
+                break;
+            case ssl_kea_dh:
+            /* this is actually DHE */
+            default:
+                continue;
+        }
     }
-    
+
     /* For each protocol try to derive and extract an MS.
      * Failure of function any function except MS extract means
      * continue with the next cipher test. Stop testing when the list is
      * exhausted or when the first MS extract--not derive--fails.
      */
     privKeytype = SECKEY_GetPrivateKeyType(srvPrivkey);
-    protocolmask &= SSL_CBP_SSL3|SSL_CBP_TLS1_0;
+    protocolmask &= SSL_CBP_SSL3 | SSL_CBP_TLS1_0;
     while (protocolmask) {
-	if (protocolmask & SSL_CBP_SSL3) {
-	    isTLS = PR_FALSE;
-	    protocolmask ^= SSL_CBP_SSL3;
-	} else {
-	    isTLS = PR_TRUE;
-	    protocolmask ^= SSL_CBP_TLS1_0;
-	}
+        if (protocolmask & SSL_CBP_SSL3) {
+            isTLS = PR_FALSE;
+            protocolmask ^= SSL_CBP_SSL3;
+        }
+        else {
+            isTLS = PR_TRUE;
+            protocolmask ^= SSL_CBP_TLS1_0;
+        }
 
-	if (privKeytype == rsaKey && testrsa_export) {
-	    if (PK11_GetPrivateModulusLen(srvPrivkey) > EXPORT_RSA_KEY_LENGTH) {
-		*pcanbypass = PR_FALSE;
-		rv = SECSuccess;
-		break;
-	    } else
-		testrsa = PR_TRUE;
-	}
-	for (; privKeytype == rsaKey && testrsa; ) {
-	    /* TLS_RSA */
-	    unsigned char     rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
-	    unsigned int      outLen = 0;
-	    CK_MECHANISM_TYPE target;
-	    SECStatus	      irv;
-	    
-	    mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
-	    mechanism_array[1] = CKM_RSA_PKCS;
+        if (privKeytype == rsaKey && testrsa_export) {
+            if (PK11_GetPrivateModulusLen(srvPrivkey) > EXPORT_RSA_KEY_LENGTH) {
+                *pcanbypass = PR_FALSE;
+                rv = SECSuccess;
+                break;
+            }
+            else
+                testrsa = PR_TRUE;
+        }
+        for (; privKeytype == rsaKey && testrsa;) {
+            /* TLS_RSA */
+            unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
+            unsigned int outLen = 0;
+            CK_MECHANISM_TYPE target;
+            SECStatus irv;
 
-	    slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
-	    if (slot == NULL) {
-		PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
-		break;
-	    }
+            mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
+            mechanism_array[1] = CKM_RSA_PKCS;
+
+            slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
+            if (slot == NULL) {
+                PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
+                break;
+            }
 
-	    /* Generate the pre-master secret ...  (client side) */
-	    version.major = 3 /*MSB(clientHelloVersion)*/;
-	    version.minor = 0 /*LSB(clientHelloVersion)*/;
-	    param.data = (unsigned char *)&version;
-	    param.len  = sizeof version;
-	    pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
-	    PK11_FreeSlot(slot);
-	    if (!pms)
-		break;
-	    /* now wrap it */
-	    enc_pms.len  = SECKEY_PublicKeyStrength(srvPubkey);
-	    enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len);
-	    if (enc_pms.data == NULL) {
-	        PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
-	        break;
-	    }
-	    irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms);
-	    if (irv != SECSuccess) 
-		break;
-	    PK11_FreeSymKey(pms);
-	    pms = NULL;
-	    /* now do the server side--check the triple bypass first */
-	    rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen,
-				       sizeof rsaPmsBuf,
-				       (unsigned char *)enc_pms.data,
-				       enc_pms.len);
-	    /* if decrypt worked we're done with the RSA test */
-	    if (rv == SECSuccess) {
-		*pcanbypass = PR_TRUE;
-		break;
-	    }
-	    /* check for fallback to double bypass */
-	    target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE
-			: CKM_SSL3_MASTER_KEY_DERIVE;
-	    pms = PK11_PubUnwrapSymKey(srvPrivkey, &enc_pms,
-				       target, CKA_DERIVE, 0);
-	    rv = ssl_canExtractMS(pms, isTLS, PR_FALSE, pcanbypass);
-	    if (rv == SECSuccess && *pcanbypass == PR_FALSE)
-		goto done;
-	    break;
-	}
+            /* Generate the pre-master secret ...  (client side) */
+            version.major = 3 /*MSB(clientHelloVersion)*/;
+            version.minor = 0 /*LSB(clientHelloVersion)*/;
+            param.data = (unsigned char *)&version;
+            param.len = sizeof version;
+            pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
+            PK11_FreeSlot(slot);
+            if (!pms)
+                break;
+            /* now wrap it */
+            enc_pms.len = SECKEY_PublicKeyStrength(srvPubkey);
+            enc_pms.data = (unsigned char *)PORT_Alloc(enc_pms.len);
+            if (enc_pms.data == NULL) {
+                PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+                break;
+            }
+            irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms);
+            if (irv != SECSuccess)
+                break;
+            PK11_FreeSymKey(pms);
+            pms = NULL;
+            /* now do the server side--check the triple bypass first */
+            rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen,
+                                       sizeof rsaPmsBuf,
+                                       (unsigned char *)enc_pms.data,
+                                       enc_pms.len);
+            /* if decrypt worked we're done with the RSA test */
+            if (rv == SECSuccess) {
+                *pcanbypass = PR_TRUE;
+                break;
+            }
+            /* check for fallback to double bypass */
+            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE
+                           : CKM_SSL3_MASTER_KEY_DERIVE;
+            pms = PK11_PubUnwrapSymKey(srvPrivkey, &enc_pms,
+                                       target, CKA_DERIVE, 0);
+            rv = ssl_canExtractMS(pms, isTLS, PR_FALSE, pcanbypass);
+            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
+                goto done;
+            break;
+        }
 
-	/* Check for NULL to avoid double free. 
-	 * SECItem_FreeItem sets data NULL in secitem.c#265 
-	 */
-	if (enc_pms.data != NULL) {
-	    SECITEM_FreeItem(&enc_pms, PR_FALSE);
+        /* Check for NULL to avoid double free.
+         * SECItem_FreeItem sets data NULL in secitem.c#265
+         */
+        if (enc_pms.data != NULL) {
+            SECITEM_FreeItem(&enc_pms, PR_FALSE);
         }
 #ifndef NSS_DISABLE_ECC
-	for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
-	       (privKeytype == rsaKey && testecdhe); ) {
-	    CK_MECHANISM_TYPE target;
-	    SECKEYPublicKey  *keapub = NULL;
-	    SECKEYPrivateKey *keapriv;
-	    SECKEYPublicKey  *cpub = NULL; /* client's ephemeral ECDH keys */
-	    SECKEYPrivateKey *cpriv = NULL;
-	    SECKEYECParams   *pecParams = NULL;
+        for (; (privKeytype == ecKey && (testecdh || testecdhe)) ||
+               (privKeytype == rsaKey && testecdhe);) {
+            CK_MECHANISM_TYPE target;
+            SECKEYPublicKey *keapub = NULL;
+            SECKEYPrivateKey *keapriv;
+            SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */
+            SECKEYPrivateKey *cpriv = NULL;
+            SECKEYECParams *pecParams = NULL;
 
-	    if (privKeytype == ecKey && testecdhe) {
-		/* TLS_ECDHE_ECDSA */
-		pecParams = &srvPubkey->u.ec.DEREncodedParams;
-	    } else if (privKeytype == rsaKey && testecdhe) {
-		/* TLS_ECDHE_RSA */
-		ECName       ec_curve;
-		int		 serverKeyStrengthInBits;
-		int		 signatureKeyStrength;
-		int		 requiredECCbits;
+            if (privKeytype == ecKey && testecdhe) {
+                /* TLS_ECDHE_ECDSA */
+                pecParams = &srvPubkey->u.ec.DEREncodedParams;
+            }
+            else if (privKeytype == rsaKey && testecdhe) {
+                /* TLS_ECDHE_RSA */
+                ECName ec_curve;
+                int serverKeyStrengthInBits;
+                int signatureKeyStrength;
+                int requiredECCbits;
 
-		/* find a curve of equivalent strength to the RSA key's */
-		requiredECCbits = PK11_GetPrivateModulusLen(srvPrivkey);
-		if (requiredECCbits < 0)
-		    break;
-		requiredECCbits *= BPB;
-		serverKeyStrengthInBits = srvPubkey->u.rsa.modulus.len;
-		if (srvPubkey->u.rsa.modulus.data[0] == 0) {
-		    serverKeyStrengthInBits--;
-		}
-		/* convert to strength in bits */
-		serverKeyStrengthInBits *= BPB;
+                /* find a curve of equivalent strength to the RSA key's */
+                requiredECCbits = PK11_GetPrivateModulusLen(srvPrivkey);
+                if (requiredECCbits < 0)
+                    break;
+                requiredECCbits *= BPB;
+                serverKeyStrengthInBits = srvPubkey->u.rsa.modulus.len;
+                if (srvPubkey->u.rsa.modulus.data[0] == 0) {
+                    serverKeyStrengthInBits--;
+                }
+                /* convert to strength in bits */
+                serverKeyStrengthInBits *= BPB;
 
-		signatureKeyStrength =
-		    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+                signatureKeyStrength =
+                    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
 
-		if ( requiredECCbits > signatureKeyStrength ) 
-		     requiredECCbits = signatureKeyStrength;
+                if (requiredECCbits > signatureKeyStrength)
+                    requiredECCbits = signatureKeyStrength;
 
-		ec_curve =
-		    ssl3_GetCurveWithECKeyStrength(
-					ssl3_GetSupportedECCurveMask(NULL),
-				  	requiredECCbits);
-		rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
-		if (rv == SECFailure) {
-		    break;
-		}
-		pecParams = &ecParams;
-	    }
+                ec_curve =
+                    ssl3_GetCurveWithECKeyStrength(
+                        ssl3_GetSupportedECCurveMask(NULL),
+                        requiredECCbits);
+                rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
+                if (rv == SECFailure) {
+                    break;
+                }
+                pecParams = &ecParams;
+            }
 
-	    if (testecdhe) {
-		/* generate server's ephemeral keys */
-		keapriv = SECKEY_CreateECPrivateKey(pecParams, &keapub, NULL); 
-		if (!keapriv || !keapub) {
-		    if (keapriv)
-			SECKEY_DestroyPrivateKey(keapriv);
-		    if (keapub)
-			SECKEY_DestroyPublicKey(keapub);
-		    PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
-		    rv = SECFailure;
-		    break;
-		}
-	    } else {
-		/* TLS_ECDH_ECDSA */
-		keapub = srvPubkey;
-		keapriv = srvPrivkey;
-		pecParams = &srvPubkey->u.ec.DEREncodedParams;
-	    }
+            if (testecdhe) {
+                /* generate server's ephemeral keys */
+                keapriv = SECKEY_CreateECPrivateKey(pecParams, &keapub, NULL);
+                if (!keapriv || !keapub) {
+                    if (keapriv)
+                        SECKEY_DestroyPrivateKey(keapriv);
+                    if (keapub)
+                        SECKEY_DestroyPublicKey(keapub);
+                    PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
+                    rv = SECFailure;
+                    break;
+                }
+            }
+            else {
+                /* TLS_ECDH_ECDSA */
+                keapub = srvPubkey;
+                keapriv = srvPrivkey;
+                pecParams = &srvPubkey->u.ec.DEREncodedParams;
+            }
 
-	    /* perform client side ops */
-	    /* generate a pair of ephemeral keys using server's parms */
-	    cpriv = SECKEY_CreateECPrivateKey(pecParams, &cpub, NULL);
-	    if (!cpriv || !cpub) {
-		if (testecdhe) {
-		    SECKEY_DestroyPrivateKey(keapriv);
-		    SECKEY_DestroyPublicKey(keapub);
-		}
-		PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
-		rv = SECFailure;
-		break;
-	    }
-	    /* now do the server side */
-	    /* determine the PMS using client's public value */
-	    target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE_DH
-			   : CKM_SSL3_MASTER_KEY_DERIVE_DH;
-	    pms = PK11_PubDeriveWithKDF(keapriv, cpub, PR_FALSE, NULL, NULL,
-				    CKM_ECDH1_DERIVE,
-				    target,
-				    CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
-	    rv = ssl_canExtractMS(pms, isTLS, PR_TRUE, pcanbypass);
-	    SECKEY_DestroyPrivateKey(cpriv);
-	    SECKEY_DestroyPublicKey(cpub);
-	    if (testecdhe) {
-		SECKEY_DestroyPrivateKey(keapriv);
-		SECKEY_DestroyPublicKey(keapub);
-	    }
-	    if (rv == SECSuccess && *pcanbypass == PR_FALSE)
-		goto done;
-	    break;
-	}
-	/* Check for NULL to avoid double free. */
-	if (ecParams.data != NULL) {
-	    PORT_Free(ecParams.data);
-	    ecParams.data = NULL;
-	}
+            /* perform client side ops */
+            /* generate a pair of ephemeral keys using server's parms */
+            cpriv = SECKEY_CreateECPrivateKey(pecParams, &cpub, NULL);
+            if (!cpriv || !cpub) {
+                if (testecdhe) {
+                    SECKEY_DestroyPrivateKey(keapriv);
+                    SECKEY_DestroyPublicKey(keapub);
+                }
+                PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
+                rv = SECFailure;
+                break;
+            }
+            /* now do the server side */
+            /* determine the PMS using client's public value */
+            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE_DH
+                           : CKM_SSL3_MASTER_KEY_DERIVE_DH;
+            pms = PK11_PubDeriveWithKDF(keapriv, cpub, PR_FALSE, NULL, NULL,
+                                        CKM_ECDH1_DERIVE,
+                                        target,
+                                        CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+            rv = ssl_canExtractMS(pms, isTLS, PR_TRUE, pcanbypass);
+            SECKEY_DestroyPrivateKey(cpriv);
+            SECKEY_DestroyPublicKey(cpub);
+            if (testecdhe) {
+                SECKEY_DestroyPrivateKey(keapriv);
+                SECKEY_DestroyPublicKey(keapub);
+            }
+            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
+                goto done;
+            break;
+        }
+        /* Check for NULL to avoid double free. */
+        if (ecParams.data != NULL) {
+            PORT_Free(ecParams.data);
+            ecParams.data = NULL;
+        }
 #endif /* NSS_DISABLE_ECC */
-	if (pms)
-	    PK11_FreeSymKey(pms);
+        if (pms)
+            PK11_FreeSymKey(pms);
     }
 
     /* *pcanbypass has been set */
     rv = SECSuccess;
-    
-  done:
+
+done:
     if (pms)
-	PK11_FreeSymKey(pms);
+        PK11_FreeSymKey(pms);
 
-    /* Check for NULL to avoid double free. 
-     * SECItem_FreeItem sets data NULL in secitem.c#265 
+    /* Check for NULL to avoid double free.
+     * SECItem_FreeItem sets data NULL in secitem.c#265
      */
     if (enc_pms.data != NULL) {
-    	SECITEM_FreeItem(&enc_pms, PR_FALSE);
+        SECITEM_FreeItem(&enc_pms, PR_FALSE);
     }
 #ifndef NSS_DISABLE_ECC
     if (ecParams.data != NULL) {
         PORT_Free(ecParams.data);
         ecParams.data = NULL;
     }
 #endif /* NSS_DISABLE_ECC */
 
     if (srvPubkey) {
-    	SECKEY_DestroyPublicKey(srvPubkey);
-	srvPubkey = NULL;
+        SECKEY_DestroyPublicKey(srvPubkey);
+        srvPubkey = NULL;
     }
 
-
     return rv;
 #endif /* NO_PKCS11_BYPASS */
 }
-
--- a/lib/ssl/dtlscon.c
+++ b/lib/ssl/dtlscon.c
@@ -6,29 +6,29 @@
  * DTLS Protocol
  */
 
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 
 #ifndef PR_ARRAY_SIZE
-#define PR_ARRAY_SIZE(a) (sizeof(a)/sizeof((a)[0]))
+#define PR_ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
 #endif
 
 static SECStatus dtls_TransmitMessageFlight(sslSocket *ss);
 static void dtls_RetransmitTimerExpiredCb(sslSocket *ss);
 static SECStatus dtls_SendSavedWriteData(sslSocket *ss);
 
 /* -28 adjusts for the IP/UDP header */
 static const PRUint16 COMMON_MTU_VALUES[] = {
-    1500 - 28,  /* Ethernet MTU */
-    1280 - 28,  /* IPv6 minimum MTU */
-    576 - 28,   /* Common assumption */
-    256 - 28    /* We're in serious trouble now */
+    1500 - 28, /* Ethernet MTU */
+    1280 - 28, /* IPv6 minimum MTU */
+    576 - 28,  /* Common assumption */
+    256 - 28   /* We're in serious trouble now */
 };
 
 #define DTLS_COOKIE_BYTES 32
 
 /* List copied from ssl3con.c:cipherSuites */
 static const ssl3CipherSuite nonDTLSSuites[] = {
 #ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
@@ -99,19 +99,19 @@ dtls_DTLSVersionToTLSVersion(SSL3Protoco
     }
 
     /* Return a fictional higher version than we know of */
     return SSL_LIBRARY_VERSION_MAX_SUPPORTED + 1;
 }
 
 /* On this socket, Disable non-DTLS cipher suites in the argument's list */
 SECStatus
-ssl3_DisableNonDTLSSuites(sslSocket * ss)
+ssl3_DisableNonDTLSSuites(sslSocket *ss)
 {
-    const ssl3CipherSuite * suite;
+    const ssl3CipherSuite *suite;
 
     for (suite = nonDTLSSuites; *suite; ++suite) {
         PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
     }
     return SECSuccess;
 }
 
 /* Allocate a DTLSQueuedMessage.
@@ -185,18 +185,18 @@ dtls_FreeHandshakeMessages(PRCList *list
  *
  * (1) To pass the length to ssl3_HandleHandshakeMessage()
  * (2) To carry the length of a message currently being reassembled
  *
  * However, unlike ssl3_HandleHandshake(), it is not used to carry
  * the state of reassembly (i.e., whether one is in progress). That
  * is carried in recvdHighWater and recvdFragments.
  */
-#define OFFSET_BYTE(o) (o/8)
-#define OFFSET_MASK(o) (1 << (o%8))
+#define OFFSET_BYTE(o) (o / 8)
+#define OFFSET_MASK(o) (1 << (o % 8))
 
 SECStatus
 dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
 {
     /* XXX OK for now.
      * This doesn't work properly with asynchronous certificate validation.
      * because that returns a WOULDBLOCK error. The current DTLS
      * applications do not need asynchronous validation, but in the
@@ -224,17 +224,17 @@ dtls_HandleHandshake(sslSocket *ss, sslB
 
         /* Parse the header */
         type = buf.buf[0];
         message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
         message_seq = (buf.buf[4] << 8) | buf.buf[5];
         fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
         fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
 
-#define MAX_HANDSHAKE_MSG_LEN 0x1ffff   /* 128k - 1 */
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
         if (message_length > MAX_HANDSHAKE_MSG_LEN) {
             (void)ssl3_DecodeError(ss);
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             return SECFailure;
         }
 #undef MAX_HANDSHAKE_MSG_LEN
 
         buf.buf += 12;
@@ -258,19 +258,19 @@ dtls_HandleHandshake(sslSocket *ss, sslB
          *
          * 1. It's a partial next message.
          * 2. It's a partial or complete message beyond the next
          * 3. It's a message we've already seen
          *
          * If it's the complete next message we accept it right away.
          * This is the common case for short messages
          */
-        if ((message_seq == ss->ssl3.hs.recvMessageSeq)
-            && (fragment_offset == 0)
-            && (fragment_length == message_length)) {
+        if ((message_seq == ss->ssl3.hs.recvMessageSeq) &&
+            (fragment_offset == 0) &&
+            (fragment_length == message_length)) {
             /* Complete next message. Process immediately */
             ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
             ss->ssl3.hs.msg_len = message_length;
 
             /* At this point we are advancing our state machine, so
              * we can free our last flight of messages */
             dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
             ss->ssl3.hs.recvdHighWater = -1;
@@ -282,75 +282,81 @@ dtls_HandleHandshake(sslSocket *ss, sslB
                 ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS;
             }
 
             rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len);
             if (rv == SECFailure) {
                 /* Do not attempt to process rest of messages in this record */
                 break;
             }
-        } else {
+        }
+        else {
             if (message_seq < ss->ssl3.hs.recvMessageSeq) {
                 /* Case 3: we do an immediate retransmit if we're
                  * in a waiting state*/
                 if (ss->ssl3.hs.rtTimerCb == NULL) {
                     /* Ignore */
-                } else if (ss->ssl3.hs.rtTimerCb ==
+                }
+                else if (ss->ssl3.hs.rtTimerCb ==
                          dtls_RetransmitTimerExpiredCb) {
                     SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected",
                                  SSL_GETPID(), ss->fd));
                     /* Check to see if we retransmitted recently. If so,
                      * suppress the triggered retransmit. This avoids
                      * retransmit wars after packet loss.
                      * This is not in RFC 5346 but should be
                      */
                     if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
                         (ss->ssl3.hs.rtTimeoutMs / 4)) {
-                            SSL_TRC(30,
-                            ("%d: SSL3[%d]: Shortcutting retransmit timer",
-                            SSL_GETPID(), ss->fd));
+                        SSL_TRC(30,
+                                ("%d: SSL3[%d]: Shortcutting retransmit timer",
+                                 SSL_GETPID(), ss->fd));
 
-                            /* Cancel the timer and call the CB,
-                             * which re-arms the timer */
-                            dtls_CancelTimer(ss);
-                            dtls_RetransmitTimerExpiredCb(ss);
-                            rv = SECSuccess;
-                            break;
-                        } else {
-                            SSL_TRC(30,
-                            ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
-                            SSL_GETPID(), ss->fd));
-                            rv = SECSuccess;
-                            break;
-                        }
-                } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+                        /* Cancel the timer and call the CB,
+                         * which re-arms the timer */
+                        dtls_CancelTimer(ss);
+                        dtls_RetransmitTimerExpiredCb(ss);
+                        rv = SECSuccess;
+                        break;
+                    }
+                    else {
+                        SSL_TRC(30,
+                                ("%d: SSL3[%d]: We just retransmitted. Ignoring.",
+                                 SSL_GETPID(), ss->fd));
+                        rv = SECSuccess;
+                        break;
+                    }
+                }
+                else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
                     /* Retransmit the messages and re-arm the timer
                      * Note that we are not backing off the timer here.
                      * The spec isn't clear and my reasoning is that this
                      * may be a re-ordered packet rather than slowness,
                      * so let's be aggressive. */
                     dtls_CancelTimer(ss);
                     rv = dtls_TransmitMessageFlight(ss);
                     if (rv == SECSuccess) {
                         rv = dtls_StartTimer(ss, dtls_FinishedTimerCb);
                     }
                     if (rv != SECSuccess)
                         return rv;
                     break;
                 }
-            } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+            }
+            else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
                 /* Case 2
                  *
                  * Ignore this message. This means we don't handle out of
                  * order complete messages that well, but we're still
                  * compliant and this probably does not happen often
                  *
                  * XXX OK for now. Maybe do something smarter at some point?
                  */
-            } else {
+            }
+            else {
                 /* Case 1
                  *
                  * Buffer the fragment for reassembly
                  */
                 /* Make room for the message */
                 if (ss->ssl3.hs.recvdHighWater == -1) {
                     PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
 
@@ -399,17 +405,18 @@ dtls_HandleHandshake(sslSocket *ss, sslB
                  * This avoids having to fill in the bitmask in the common
                  * case of adjacent fragments received in sequence
                  */
                 if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
                     /* Either this is the adjacent fragment or an overlapping
                      * fragment */
                     ss->ssl3.hs.recvdHighWater = fragment_offset +
                                                  fragment_length;
-                } else {
+                }
+                else {
                     for (offset = fragment_offset;
                          offset < fragment_offset + fragment_length;
                          offset++) {
                         ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |=
                             OFFSET_MASK(offset);
                     }
                 }
 
@@ -417,17 +424,18 @@ dtls_HandleHandshake(sslSocket *ss, sslB
                 for (offset = ss->ssl3.hs.recvdHighWater;
                      offset < ss->ssl3.hs.msg_len; offset++) {
                     /* Note that this loop is not efficient, since it counts
                      * bit by bit. If we have a lot of out-of-order packets,
                      * we should optimize this */
                     if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
                         OFFSET_MASK(offset)) {
                         ss->ssl3.hs.recvdHighWater++;
-                    } else {
+                    }
+                    else {
                         break;
                     }
                 }
 
                 /* If we have all the bytes, then we are good to go */
                 if (ss->ssl3.hs.recvdHighWater == ss->ssl3.hs.msg_len) {
                     ss->ssl3.hs.recvdHighWater = -1;
 
@@ -450,44 +458,46 @@ dtls_HandleHandshake(sslSocket *ss, sslB
                 }
             }
         }
 
         buf.buf += fragment_length;
         buf.len -= fragment_length;
     }
 
-    origBuf->len = 0;   /* So ssl3_GatherAppDataRecord will keep looping. */
+    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
 
     /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
      * to deal with asynchronous certificate verification */
     return rv;
 }
 
 /* Enqueue a message (either handshake or CCS)
  *
  * Called from:
  *              dtls_StageHandshakeMessage()
  *              ssl3_SendChangeCipherSpecs()
  */
-SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
-    const SSL3Opaque *pIn, PRInt32 nIn)
+SECStatus
+dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
+                  const SSL3Opaque *pIn, PRInt32 nIn)
 {
     SECStatus rv = SECSuccess;
     DTLSQueuedMessage *msg = NULL;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
     msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn);
 
     if (!msg) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
         rv = SECFailure;
-    } else {
+    }
+    else {
         PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
     }
 
     return rv;
 }
 
 /* Add DTLS handshake message to the pending queue
  * Empty the sendBuf buffer.
@@ -634,27 +644,28 @@ dtls_TransmitMessageFlight(sslSocket *ss
         }
 
         if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
             /* The message will fit, so encrypt and then continue with the
              * next packet */
             sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
                                    msg->data, msg->len,
                                    ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-                                   ssl_SEND_FLAG_USE_EPOCH);
+                                       ssl_SEND_FLAG_USE_EPOCH);
             if (sent != msg->len) {
                 rv = SECFailure;
                 if (sent != -1) {
                     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
                 }
                 break;
             }
 
             room_left = ss->ssl3.mtu - ss->pendingBuf.len;
-        } else {
+        }
+        else {
             /* The message will not fit, so fragment.
              *
              * XXX OK for now. Arrange to coalesce the last fragment
              * of this message with the next message if possible.
              * That would be more efficient.
              */
             PRUint32 fragment_offset = 0;
             unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
@@ -694,34 +705,34 @@ dtls_TransmitMessageFlight(sslSocket *ss
 
                 /* Construct an appropriate-sized fragment */
                 /* Type, length, sequence */
                 PORT_Memcpy(fragment, msg->data, 6);
 
                 /* Offset */
                 fragment[6] = (fragment_offset >> 16) & 0xff;
                 fragment[7] = (fragment_offset >> 8) & 0xff;
-                fragment[8] = (fragment_offset) & 0xff;
+                fragment[8] = (fragment_offset)&0xff;
 
                 /* Fragment length */
                 fragment[9] = (fragment_len >> 16) & 0xff;
                 fragment[10] = (fragment_len >> 8) & 0xff;
-                fragment[11] = (fragment_len) & 0xff;
+                fragment[11] = (fragment_len)&0xff;
 
                 PORT_Memcpy(fragment + 12, content + fragment_offset,
                             fragment_len);
 
                 /*
                  *  Send the record. We do this in two stages
                  * 1. Encrypt
                  */
                 sent = ssl3_SendRecord(ss, msg->epoch, msg->type,
                                        fragment, fragment_len + 12,
                                        ssl_SEND_FLAG_FORCE_INTO_BUFFER |
-                                       ssl_SEND_FLAG_USE_EPOCH);
+                                           ssl_SEND_FLAG_USE_EPOCH);
                 if (sent != (fragment_len + 12)) {
                     rv = SECFailure;
                     if (sent != -1) {
                         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
                     }
                     break;
                 }
 
@@ -747,18 +758,18 @@ dtls_TransmitMessageFlight(sslSocket *ss
 }
 
 /* Flush the data in the pendingBuf and update the max message sent
  * so we can adjust the MTU estimate if we need to.
  * Wrapper for ssl_SendSavedWriteData.
  *
  * Called from dtls_TransmitMessageFlight()
  */
-static
-SECStatus dtls_SendSavedWriteData(sslSocket *ss)
+static SECStatus
+dtls_SendSavedWriteData(sslSocket *ss)
 {
     PRInt32 sent;
 
     sent = ssl_SendSavedWriteData(ss);
     if (sent < 0)
         return SECFailure;
 
     /* We should always have complete writes b/c datagram sockets
@@ -779,28 +790,28 @@ SECStatus dtls_SendSavedWriteData(sslSoc
 /* Compress, MAC, encrypt a DTLS record. Allows specification of
  * the epoch using epoch value. If use_epoch is PR_TRUE then
  * we use the provided epoch. If use_epoch is PR_FALSE then
  * whatever the current value is in effect is used.
  *
  * Called from ssl3_SendRecord()
  */
 SECStatus
-dtls_CompressMACEncryptRecord(sslSocket *        ss,
-                              DTLSEpoch          epoch,
-                              PRBool             use_epoch,
-                              SSL3ContentType    type,
-                              const SSL3Opaque * pIn,
-                              PRUint32           contentLen,
-                              sslBuffer        * wrBuf)
+dtls_CompressMACEncryptRecord(sslSocket *ss,
+                              DTLSEpoch epoch,
+                              PRBool use_epoch,
+                              SSL3ContentType type,
+                              const SSL3Opaque *pIn,
+                              PRUint32 contentLen,
+                              sslBuffer *wrBuf)
 {
     SECStatus rv = SECFailure;
-    ssl3CipherSpec *          cwSpec;
+    ssl3CipherSpec *cwSpec;
 
-    ssl_GetSpecReadLock(ss);    /********************************/
+    ssl_GetSpecReadLock(ss); /********************************/
 
     /* The reason for this switch-hitting code is that we might have
      * a flight of records spanning an epoch boundary, e.g.,
      *
      * ClientKeyExchange (epoch = 0)
      * ChangeCipherSpec (epoch = 0)
      * Finished (epoch = 1)
      *
@@ -809,29 +820,32 @@ dtls_CompressMACEncryptRecord(sslSocket 
      */
     if (use_epoch) {
         if (ss->ssl3.cwSpec->epoch == epoch)
             cwSpec = ss->ssl3.cwSpec;
         else if (ss->ssl3.pwSpec->epoch == epoch)
             cwSpec = ss->ssl3.pwSpec;
         else
             cwSpec = NULL;
-    } else {
+    }
+    else {
         cwSpec = ss->ssl3.cwSpec;
     }
 
     if (cwSpec) {
         if (ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_3) {
             rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
                                                PR_FALSE, type, pIn, contentLen,
                                                wrBuf);
-        } else {
+        }
+        else {
             rv = tls13_ProtectRecord(ss, type, pIn, contentLen, wrBuf);
         }
-    } else {
+    }
+    else {
         PR_NOT_REACHED("Couldn't find a cipher spec matching epoch");
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     }
     ssl_ReleaseSpecReadLock(ss); /************************************/
 
     return rv;
 }
 
@@ -960,75 +974,74 @@ dtls_SetMTU(sslSocket *ss, PRUint16 adve
         if (COMMON_MTU_VALUES[i] <= advertised) {
             ss->ssl3.mtu = COMMON_MTU_VALUES[i];
             SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
             return;
         }
     }
 
     /* Fallback */
-    ss->ssl3.mtu = COMMON_MTU_VALUES[PR_ARRAY_SIZE(COMMON_MTU_VALUES)-1];
+    ss->ssl3.mtu = COMMON_MTU_VALUES[PR_ARRAY_SIZE(COMMON_MTU_VALUES) - 1];
     SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
 }
 
 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a
  * DTLS hello_verify_request
  * Caller must hold Handshake and RecvBuf locks.
  */
 SECStatus
 dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
-    int                 errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
-    SECStatus           rv;
-    PRInt32             temp;
-    SECItem             cookie = {siBuffer, NULL, 0};
-    SSL3AlertDescription desc   = illegal_parameter;
+    int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
+    SECStatus rv;
+    PRInt32 temp;
+    SECItem cookie = { siBuffer, NULL, 0 };
+    SSL3AlertDescription desc = illegal_parameter;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
-        SSL_GETPID(), ss->fd));
+                SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     if (ss->ssl3.hs.ws != wait_server_hello) {
         errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
-        desc    = unexpected_message;
+        desc = unexpected_message;
         goto alert_loser;
     }
 
     /* The version */
     temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
     if (temp < 0) {
-        goto loser;     /* alert has been sent */
+        goto loser; /* alert has been sent */
     }
 
     if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE &&
         temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
         goto alert_loser;
     }
 
     /* The cookie */
     rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length);
     if (rv != SECSuccess) {
-        goto loser;     /* alert has been sent */
+        goto loser; /* alert has been sent */
     }
     if (cookie.len > DTLS_COOKIE_BYTES) {
         desc = decode_error;
-        goto alert_loser;       /* malformed. */
+        goto alert_loser; /* malformed. */
     }
 
     PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len);
     ss->ssl3.hs.cookieLen = cookie.len;
 
-
-    ssl_GetXmitBufLock(ss);             /*******************************/
+    ssl_GetXmitBufLock(ss); /*******************************/
 
     /* Now re-send the client hello */
     rv = ssl3_SendClientHello(ss, PR_TRUE);
 
-    ssl_ReleaseXmitBufLock(ss);         /*******************************/
+    ssl_ReleaseXmitBufLock(ss); /*******************************/
 
     if (rv == SECSuccess)
         return rv;
 
 alert_loser:
     (void)SSL3_SendAlert(ss, alert_fatal, desc);
 
 loser:
@@ -1122,17 +1135,17 @@ dtls_RecordSetRecvd(DTLSRecvdRecords *re
     offset = seq % DTLS_RECVD_RECORDS_WINDOW;
 
     records->data[offset / 8] |= (1 << (offset % 8));
 }
 
 SECStatus
 DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
 {
-    sslSocket * ss = NULL;
+    sslSocket *ss = NULL;
     PRIntervalTime elapsed;
     PRIntervalTime desired;
 
     ss = ssl_FindSocket(socket);
 
     if (!ss)
         return SECFailure;
 
@@ -1142,17 +1155,18 @@ DTLS_GetHandshakeTimeout(PRFileDesc *soc
     if (!ss->ssl3.hs.rtTimerCb)
         return SECFailure;
 
     elapsed = PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted;
     desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs);
     if (elapsed > desired) {
         /* Timer expired */
         *timeout = PR_INTERVAL_NO_WAIT;
-    } else {
+    }
+    else {
         *timeout = desired - elapsed;
     }
 
     return SECSuccess;
 }
 
 /*
  * DTLS relevance checks:
@@ -1170,24 +1184,26 @@ PRBool
 dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *crSpec,
                 const SSL3Ciphertext *cText, PRUint64 *seqNum)
 {
     DTLSEpoch epoch = cText->seq_num.high >> 16;
     PRUint64 dtls_seq_num;
 
     if (crSpec->epoch != epoch) {
         SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, received packet "
-                 "from irrelevant epoch %d", SSL_GETPID(), ss->fd, epoch));
+                 "from irrelevant epoch %d",
+                 SSL_GETPID(), ss->fd, epoch));
         return PR_FALSE;
     }
 
     dtls_seq_num = (((PRUint64)(cText->seq_num.high & 0xffff)) << 32) |
                    ((PRUint64)cText->seq_num.low);
 
     if (dtls_RecordGetRecvd(&crSpec->recvdRecords, dtls_seq_num) != 0) {
         SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, rejecting "
-                 "potentially replayed packet", SSL_GETPID(), ss->fd));
+                 "potentially replayed packet",
+                 SSL_GETPID(), ss->fd));
         return PR_FALSE;
     }
 
     *seqNum = dtls_seq_num;
     return PR_TRUE;
 }
--- a/lib/ssl/notes.txt
+++ b/lib/ssl/notes.txt
@@ -5,130 +5,130 @@
 SSL's Buffers: enumerated and explained.
 
 ---------------------------------------------------------------------------
 incoming:
 
 gs = ss->gather
 hs = ss->ssl3->hs
 
-gs->inbuf	SSL3 only: incoming (encrypted) ssl records are placed here,
-		and then decrypted (or copied) to gs->buf.
+gs->inbuf   SSL3 only: incoming (encrypted) ssl records are placed here,
+        and then decrypted (or copied) to gs->buf.
 
-gs->buf		SSL2: incoming SSL records are put here, and then decrypted
-		in place.
-		SSL3: ssl3_HandleHandshake puts decrypted ssl records here.
+gs->buf     SSL2: incoming SSL records are put here, and then decrypted
+        in place.
+        SSL3: ssl3_HandleHandshake puts decrypted ssl records here.
 
-hs.msg_body	(SSL3 only) When an incoming handshake message spans more 
-		than one ssl record, the first part(s) of it are accumulated 
-		here until it all arrives.
+hs.msg_body (SSL3 only) When an incoming handshake message spans more
+        than one ssl record, the first part(s) of it are accumulated
+        here until it all arrives.
 
-hs.msgState	(SSL3 only) an alternative set of pointers/lengths for gs->buf.
-		Used only when a handleHandshake function returns SECWouldBlock.
-		ssl3_HandleHandshake remembers how far it previously got by
-		using these pointers instead of gs->buf when it is called 
-		after a previous SECWouldBlock return.
+hs.msgState (SSL3 only) an alternative set of pointers/lengths for gs->buf.
+        Used only when a handleHandshake function returns SECWouldBlock.
+        ssl3_HandleHandshake remembers how far it previously got by
+        using these pointers instead of gs->buf when it is called
+        after a previous SECWouldBlock return.
 
 ---------------------------------------------------------------------------
 outgoing:
 
 sec = ss->sec
-ci  = ss->sec->ci	/* connect info */
+ci  = ss->sec->ci   /* connect info */
 
-ci->sendBuf	Outgoing handshake messages are appended to this buffer.
-		This buffer will then be sent as a single SSL record.
+ci->sendBuf Outgoing handshake messages are appended to this buffer.
+        This buffer will then be sent as a single SSL record.
 
-sec->writeBuf	outgoing ssl records are constructed here and encrypted in 
-		place before being written or copied to pendingBuf.
+sec->writeBuf   outgoing ssl records are constructed here and encrypted in
+        place before being written or copied to pendingBuf.
 
-ss->pendingBuf	contains outgoing ciphertext that was saved after a write
-		attempt to the socket failed, e.g. EWouldBlock. 
-		Generally empty with blocking sockets (should be no incomplete
-		writes).
+ss->pendingBuf  contains outgoing ciphertext that was saved after a write
+        attempt to the socket failed, e.g. EWouldBlock.
+        Generally empty with blocking sockets (should be no incomplete
+        writes).
 
-ss->saveBuf	Used only by socks code.  Intended to be used to buffer 
-		outgoing data until a socks handshake completes.  However,
-		this buffer is always empty.  There is no code to put 
-		anything into it.
+ss->saveBuf Used only by socks code.  Intended to be used to buffer
+        outgoing data until a socks handshake completes.  However,
+        this buffer is always empty.  There is no code to put
+        anything into it.
 
 ---------------------------------------------------------------------------
 
-SECWouldBlock means that the function cannot make progress because it is 
-waiting for some event OTHER THAN socket I/O completion (e.g. waiting for 
+SECWouldBlock means that the function cannot make progress because it is
+waiting for some event OTHER THAN socket I/O completion (e.g. waiting for
 user dialog to finish).  It is not the same as EWOULDBLOCK.
 
 ---------------------------------------------------------------------------
 
 Rank (order) of locks
 
 recvLock ->\ firstHandshake -> recvbuf -> ssl3Handshake -> xmitbuf -> "spec"
 sendLock ->/
 
 crypto and hash Data that must be protected while turning plaintext into
 ciphertext:
 
-SSL2: 	(in ssl2_Send*)
-	sec->hash*
-	sec->hashcx 	(ptr and data)
-	sec->enc
-	sec->writecx*	(ptr and content)
-	sec->sendSecret*(ptr and content)
-	sec->sendSequence		locked by xmitBufLock
-	sec->blockSize
-	sec->writeBuf*  (ptr & content)	locked by xmitBufLock
-	"in"				locked by xmitBufLock
+SSL2:   (in ssl2_Send*)
+    sec->hash*
+    sec->hashcx     (ptr and data)
+    sec->enc
+    sec->writecx*   (ptr and content)
+    sec->sendSecret*(ptr and content)
+    sec->sendSequence       locked by xmitBufLock
+    sec->blockSize
+    sec->writeBuf*  (ptr & content) locked by xmitBufLock
+    "in"                locked by xmitBufLock
 
-SSl3:	(in ssl3_SendPlainText)
-	ss->ssl3		    (the pointer)
-	ss->ssl3->current_write*    (the pointer and the data in the spec
-				     and any data referenced by the spec.
+SSl3:   (in ssl3_SendPlainText)
+    ss->ssl3            (the pointer)
+    ss->ssl3->current_write*    (the pointer and the data in the spec
+                     and any data referenced by the spec.
 
-	ss->sec->isServer
-	ss->sec->writebuf* (ptr & content) locked by xmitBufLock
-	"buf" 				   locked by xmitBufLock
+    ss->sec->isServer
+    ss->sec->writebuf* (ptr & content) locked by xmitBufLock
+    "buf"                  locked by xmitBufLock
 
-crypto and hash data that must be protected while turning ciphertext into 
+crypto and hash data that must be protected while turning ciphertext into
 plaintext:
 
-SSL2:	(in ssl2_GatherData)
-	gs->*				(locked by recvBufLock )
-	sec->dec
-	sec->readcx
-	sec->hash* 		(ptr and data)
-	sec->hashcx 		(ptr and data)
+SSL2:   (in ssl2_GatherData)
+    gs->*               (locked by recvBufLock )
+    sec->dec
+    sec->readcx
+    sec->hash*      (ptr and data)
+    sec->hashcx         (ptr and data)
 
-SSL3:	(in ssl3_HandleRecord )
-	ssl3->current_read*	(the pointer and all data refernced)
-	ss->sec->isServer
+SSL3:   (in ssl3_HandleRecord )
+    ssl3->current_read* (the pointer and all data refernced)
+    ss->sec->isServer
 
 
 Data that must be protected while being used by a "writer":
 
 ss->pendingBuf.*
-ss->saveBuf.*		(which is dead)
+ss->saveBuf.*       (which is dead)
 
 in ssl3_sendPlainText
 
 ss->ssl3->current_write-> (spec)
 ss->sec->writeBuf.*
-ss->sec->isServer 
+ss->sec->isServer
 
 in SendBlock
 
 ss->sec->hash->length
 ss->sec->blockSize
 ss->sec->writeBuf.*
 ss->sec->sendSecret
 ss->sec->sendSequence
-ss->sec->writecx	*
+ss->sec->writecx    *
 ss->pendingBuf
 
 --------------------------------------------------------------------------
 
-Data variables (not const) protected by the "sslGlobalDataLock".  
+Data variables (not const) protected by the "sslGlobalDataLock".
 Note, this really should be a reader/writer lock.
 
-allowedByPolicy		sslcon.c
-maybeAllowedByPolicy	sslcon.c
-chosenPreference	sslcon.c
-policyWasSet		sslcon.c
+allowedByPolicy     sslcon.c
+maybeAllowedByPolicy    sslcon.c
+chosenPreference    sslcon.c
+policyWasSet        sslcon.c
 
-cipherSuites[] 		ssl3con.c
+cipherSuites[]      ssl3con.c
--- a/lib/ssl/os2_err.c
+++ b/lib/ssl/os2_err.c
@@ -1,280 +1,330 @@
 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /*
  * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use 
+ * map system-specific error codes to NSPR error codes.  We would use
  * NSPR's functions, instead of duplicating them, but they're private.
  * As long as SSL's server session cache code must do platform native I/O
  * to accomplish its job, and NSPR's error mapping functions remain private,
  * this code will continue to need to be replicated.
- * 
+ *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "prerror.h"
 #include "prlog.h"
 #include <errno.h>
 
-
 /*
  * Based on win32err.c
  * OS2TODO Stub everything for now to build. HCT
  */
 
 /* forward declaration. */
 void nss_MD_os2_map_default_error(PRInt32 err);
 
-void nss_MD_os2_map_opendir_error(PRInt32 err)
+void
+nss_MD_os2_map_opendir_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_closedir_error(PRInt32 err)
+void
+nss_MD_os2_map_closedir_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_readdir_error(PRInt32 err)
+void
+nss_MD_os2_map_readdir_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_delete_error(PRInt32 err)
+void
+nss_MD_os2_map_delete_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
 /* The error code for stat() is in errno. */
-void nss_MD_os2_map_stat_error(PRInt32 err)
+void
+nss_MD_os2_map_stat_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_fstat_error(PRInt32 err)
+void
+nss_MD_os2_map_fstat_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_rename_error(PRInt32 err)
+void
+nss_MD_os2_map_rename_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
 /* The error code for access() is in errno. */
-void nss_MD_os2_map_access_error(PRInt32 err)
+void
+nss_MD_os2_map_access_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_mkdir_error(PRInt32 err)
+void
+nss_MD_os2_map_mkdir_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_rmdir_error(PRInt32 err)
+void
+nss_MD_os2_map_rmdir_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_read_error(PRInt32 err)
+void
+nss_MD_os2_map_read_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_transmitfile_error(PRInt32 err)
+void
+nss_MD_os2_map_transmitfile_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_write_error(PRInt32 err)
+void
+nss_MD_os2_map_write_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_lseek_error(PRInt32 err)
+void
+nss_MD_os2_map_lseek_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_fsync_error(PRInt32 err)
+void
+nss_MD_os2_map_fsync_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
 /*
  * For both CloseHandle() and closesocket().
  */
-void nss_MD_os2_map_close_error(PRInt32 err)
+void
+nss_MD_os2_map_close_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_socket_error(PRInt32 err)
+void
+nss_MD_os2_map_socket_error(PRInt32 err)
 {
-//  PR_ASSERT(err != WSANOTINITIALISED);
+    //  PR_ASSERT(err != WSANOTINITIALISED);
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_recv_error(PRInt32 err)
+void
+nss_MD_os2_map_recv_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_recvfrom_error(PRInt32 err)
+void
+nss_MD_os2_map_recvfrom_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_send_error(PRInt32 err)
+void
+nss_MD_os2_map_send_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//     case WSAEMSGSIZE: 	prError = PR_INVALID_ARGUMENT_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+      //     case WSAEMSGSIZE:  prError = PR_INVALID_ARGUMENT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_sendto_error(PRInt32 err)
+void
+nss_MD_os2_map_sendto_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAEMSGSIZE: 	prError = PR_INVALID_ARGUMENT_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAEMSGSIZE:     prError = PR_INVALID_ARGUMENT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_accept_error(PRInt32 err)
+void
+nss_MD_os2_map_accept_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
-//    case WSAEINVAL: 	prError = PR_INVALID_STATE_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_acceptex_error(PRInt32 err)
+void
+nss_MD_os2_map_acceptex_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_connect_error(PRInt32 err)
+void
+nss_MD_os2_map_connect_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAEWOULDBLOCK: prError = PR_IN_PROGRESS_ERROR; break;
-//    case WSAEINVAL: 	prError = PR_ALREADY_INITIATED_ERROR; break;
-//    case WSAETIMEDOUT: 	prError = PR_IO_TIMEOUT_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAEWOULDBLOCK: prError = PR_IN_PROGRESS_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_ALREADY_INITIATED_ERROR; break;
+        //    case WSAETIMEDOUT:    prError = PR_IO_TIMEOUT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_bind_error(PRInt32 err)
+void
+nss_MD_os2_map_bind_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//  case WSAEINVAL: 	prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //  case WSAEINVAL:     prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_listen_error(PRInt32 err)
+void
+nss_MD_os2_map_listen_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
-//    case WSAEINVAL: 	prError = PR_INVALID_STATE_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_shutdown_error(PRInt32 err)
+void
+nss_MD_os2_map_shutdown_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_getsockname_error(PRInt32 err)
+void
+nss_MD_os2_map_getsockname_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAEINVAL: 	prError = PR_INVALID_STATE_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_getpeername_error(PRInt32 err)
+void
+nss_MD_os2_map_getpeername_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_getsockopt_error(PRInt32 err)
+void
+nss_MD_os2_map_getsockopt_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_setsockopt_error(PRInt32 err)
+void
+nss_MD_os2_map_setsockopt_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_open_error(PRInt32 err)
+void
+nss_MD_os2_map_open_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-void nss_MD_os2_map_gethostname_error(PRInt32 err)
+void
+nss_MD_os2_map_gethostname_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
 /* Win32 select() only works on sockets.  So in this
-** context, WSAENOTSOCK is equivalent to EBADF on Unix.  
+** context, WSAENOTSOCK is equivalent to EBADF on Unix.
 */
-void nss_MD_os2_map_select_error(PRInt32 err)
+void
+nss_MD_os2_map_select_error(PRInt32 err)
 {
     PRErrorCode prError;
     switch (err) {
-//    case WSAENOTSOCK:	prError = PR_BAD_DESCRIPTOR_ERROR; break;
-    default:		nss_MD_os2_map_default_error(err); return;
+        //    case WSAENOTSOCK: prError = PR_BAD_DESCRIPTOR_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
     }
     PR_SetError(prError, err);
 }
 
-void nss_MD_os2_map_lockf_error(PRInt32 err)
+void
+nss_MD_os2_map_lockf_error(PRInt32 err)
 {
     nss_MD_os2_map_default_error(err);
 }
 
-
-
-void nss_MD_os2_map_default_error(PRInt32 err)
+void
+nss_MD_os2_map_default_error(PRInt32 err)
 {
     PRErrorCode prError;
 
     switch (err) {
-//    case ENOENT: 		prError = PR_FILE_NOT_FOUND_ERROR; break;
-//    case ERROR_ACCESS_DENIED: 	prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
-//    case ERROR_ALREADY_EXISTS: 	prError = PR_FILE_EXISTS_ERROR; break;
-//    case ERROR_DISK_CORRUPT: 	prError = PR_IO_ERROR; break;
-//    case ERROR_DISK_FULL: 	prError = PR_NO_DEVICE_SPACE_ERROR; break;
+//    case ENOENT:      prError = PR_FILE_NOT_FOUND_ERROR; break;
+//    case ERROR_ACCESS_DENIED:     prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
+//    case ERROR_ALREADY_EXISTS:    prError = PR_FILE_EXISTS_ERROR; break;
+//    case ERROR_DISK_CORRUPT:  prError = PR_IO_ERROR; break;
+//    case ERROR_DISK_FULL:     prError = PR_NO_DEVICE_SPACE_ERROR; break;
 //    case ERROR_DISK_OPERATION_FAILED: prError = PR_IO_ERROR; break;
-//    case ERROR_DRIVE_LOCKED: 	prError = PR_FILE_IS_LOCKED_ERROR; break;
+//    case ERROR_DRIVE_LOCKED:  prError = PR_FILE_IS_LOCKED_ERROR; break;
 //    case ERROR_FILENAME_EXCED_RANGE: prError = PR_NAME_TOO_LONG_ERROR; break;
-//    case ERROR_FILE_CORRUPT: 	prError = PR_IO_ERROR; break;
-//    case ERROR_FILE_EXISTS: 	prError = PR_FILE_EXISTS_ERROR; break;
-//    case ERROR_FILE_INVALID: 	prError = PR_BAD_DESCRIPTOR_ERROR; break;
+//    case ERROR_FILE_CORRUPT:  prError = PR_IO_ERROR; break;
+//    case ERROR_FILE_EXISTS:   prError = PR_FILE_EXISTS_ERROR; break;
+//    case ERROR_FILE_INVALID:  prError = PR_BAD_DESCRIPTOR_ERROR; break;
 #if ERROR_FILE_NOT_FOUND != ENOENT
-//    case ERROR_FILE_NOT_FOUND: 	prError = PR_FILE_NOT_FOUND_ERROR; break;
+//    case ERROR_FILE_NOT_FOUND:    prError = PR_FILE_NOT_FOUND_ERROR; break;
 #endif
-    default: 			prError = PR_UNKNOWN_ERROR; break;
+        default:
+            prError = PR_UNKNOWN_ERROR;
+            break;
     }
     PR_SetError(prError, err);
 }
-
--- a/lib/ssl/os2_err.h
+++ b/lib/ssl/os2_err.h
@@ -1,16 +1,16 @@
 /*
  * This file essentially replicates NSPR's source for the functions that
- * map system-specific error codes to NSPR error codes.  We would use 
+ * map system-specific error codes to NSPR error codes.  We would use
  * NSPR's functions, instead of duplicating them, but they're private.
  * As long as SSL's server session cache code must do platform native I/O
  * to accomplish its job, and NSPR's error mapping functions remain private,
  * This code will continue to need to be replicated.
- * 
+ *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*  NSPR doesn't make these functions public, so we have to duplicate
 **  them in NSS.
 */
 
--- a/lib/ssl/preenc.h
+++ b/lib/ssl/preenc.h
@@ -20,94 +20,94 @@ typedef struct PEHeaderStr PEHeader;
 #define PE_MIME_TYPE "application/pre-encrypted"
 
 typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
 typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
 typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
 typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
 
 struct PEFortezzaHeaderStr {
-    unsigned char key[12];      
-    unsigned char iv[24];       
-    unsigned char hash[20];     
-    unsigned char serial[8];    
+    unsigned char key[12];
+    unsigned char iv[24];
+    unsigned char hash[20];
+    unsigned char serial[8];
 };
 
 struct PEFortezzaGeneratedHeaderStr {
-    unsigned char key[12];      
-    unsigned char iv[24];       
-    unsigned char hash[20];     
-    unsigned char Ra[128];      
-    unsigned char Y[128];       
+    unsigned char key[12];
+    unsigned char iv[24];
+    unsigned char hash[20];
+    unsigned char Ra[128];
+    unsigned char Y[128];
 };
 
 struct PEFixedKeyHeaderStr {
-    unsigned char pkcs11Mech[4];  
-    unsigned char labelLen[2];	  
-    unsigned char keyIDLen[2];	  
-    unsigned char ivLen[2];	  
-    unsigned char keyLen[2];	  
-    unsigned char data[1];	  
+    unsigned char pkcs11Mech[4];
+    unsigned char labelLen[2];
+    unsigned char keyIDLen[2];
+    unsigned char ivLen[2];
+    unsigned char keyLen[2];
+    unsigned char data[1];
 };
 
 struct PERSAKeyHeaderStr {
-    unsigned char pkcs11Mech[4];  
-    unsigned char issuerLen[2];	  
-    unsigned char serialLen[2];	  
-    unsigned char ivLen[2];	  
-    unsigned char keyLen[2];	  
-    unsigned char data[1];	  
+    unsigned char pkcs11Mech[4];
+    unsigned char issuerLen[2];
+    unsigned char serialLen[2];
+    unsigned char ivLen[2];
+    unsigned char keyLen[2];
+    unsigned char data[1];
 };
 
 #define PEFIXED_Label(header) (header->data)
 #define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
-#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen)\
-						+GetInt2(header->keyIDLen)])
-#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen)\
-			+GetInt2(header->keyIDLen)+GetInt2(header->keyLen)])
+#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen) + \
+                                          GetInt2(header->keyIDLen)])
+#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen) + \
+                                           GetInt2(header->keyIDLen) + \
+                                           GetInt2(header->keyLen)])
 #define PERSA_Issuer(header) (header->data)
 #define PERSA_Serial(header) (&header->data[GetInt2(header->issuerLen)])
-#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen)\
-						+GetInt2(header->serialLen)])
-#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen)\
-			+GetInt2(header->serialLen)+GetInt2(header->keyLen)])
+#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen) + \
+                                        GetInt2(header->serialLen)])
+#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen) + \
+                                         GetInt2(header->serialLen) + \
+                                         GetInt2(header->keyLen)])
 struct PEHeaderStr {
-    unsigned char magic  [2];		
-    unsigned char len    [2];		
-    unsigned char type   [2];		
-    unsigned char version[2];		
+    unsigned char magic[2];
+    unsigned char len[2];
+    unsigned char type[2];
+    unsigned char version[2];
     union {
-        PEFortezzaHeader          fortezza;
+        PEFortezzaHeader fortezza;
         PEFortezzaGeneratedHeader g_fortezza;
-	PEFixedKeyHeader          fixed;
-	PERSAKeyHeader            rsa;
+        PEFixedKeyHeader fixed;
+        PERSAKeyHeader rsa;
     } u;
 };
 
 #define PE_CRYPT_INTRO_LEN 8
 #define PE_INTRO_LEN 4
-#define PE_BASE_HEADER_LEN  8
+#define PE_BASE_HEADER_LEN 8
 
-#define PRE_BLOCK_SIZE 8         
-
+#define PRE_BLOCK_SIZE 8
 
 #define GetInt2(c) ((c[0] << 8) | c[1])
-#define GetInt4(c) (((unsigned long)c[0] << 24)|((unsigned long)c[1] << 16)\
-			|((unsigned long)c[2] << 8)| ((unsigned long)c[3]))
-#define PutInt2(c,i) ((c[1] = (i) & 0xff), (c[0] = ((i) >> 8) & 0xff))
-#define PutInt4(c,i) ((c[0]=((i) >> 24) & 0xff),(c[1]=((i) >> 16) & 0xff),\
-			(c[2] = ((i) >> 8) & 0xff), (c[3] = (i) & 0xff))
+#define GetInt4(c) (((unsigned long)c[0] << 24) | ((unsigned long)c[1] << 16) | \
+                    ((unsigned long)c[2] << 8) | ((unsigned long)c[3]))
+#define PutInt2(c, i) ((c[1] = (i)&0xff), (c[0] = ((i) >> 8) & 0xff))
+#define PutInt4(c, i) ((c[0] = ((i) >> 24) & 0xff), (c[1] = ((i) >> 16) & 0xff), \
+                       (c[2] = ((i) >> 8) & 0xff), (c[3] = (i)&0xff))
 
-#define PRE_MAGIC		0xc0de
-#define PRE_VERSION		0x1010
-#define PRE_FORTEZZA_FILE	0x00ff  
-#define PRE_FORTEZZA_STREAM	0x00f5  
-#define PRE_FORTEZZA_GEN_STREAM	0x00f6  
-#define PRE_FIXED_FILE		0x000f  
-#define PRE_RSA_FILE		0x001f  
-#define PRE_FIXED_STREAM	0x0005  
+#define PRE_MAGIC 0xc0de
+#define PRE_VERSION 0x1010
+#define PRE_FORTEZZA_FILE 0x00ff
+#define PRE_FORTEZZA_STREAM 0x00f5
+#define PRE_FORTEZZA_GEN_STREAM 0x00f6
+#define PRE_FIXED_FILE 0x000f
+#define PRE_RSA_FILE 0x001f
+#define PRE_FIXED_STREAM 0x0005
 
 PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
-				       int *headerSize);
+                                       int *headerSize);
 
 PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
-				       int *headerSize);
-
+                                       int *headerSize);
--- a/lib/ssl/prelib.c
+++ b/lib/ssl/prelib.c
@@ -12,23 +12,23 @@
 #include "ssl.h"
 #include "keyhi.h"
 #include "secitem.h"
 #include "sslimpl.h"
 #include "pkcs11t.h"
 #include "preenc.h"
 #include "pk11func.h"
 
-PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader, 
-				       int *headerSize)
+PEHeader *
+SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
+                             int *headerSize)
 {
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     return NULL;
 }
 
-PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header, 
-							int *headerSize)
+PEHeader *
+SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
+                             int *headerSize)
 {
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     return NULL;
 }
-
-
--- a/lib/ssl/ssl.h
+++ b/lib/ssl/ssl.h
@@ -10,17 +10,17 @@
 
 #include "prtypes.h"
 #include "prerror.h"
 #include "prio.h"
 #include "seccomon.h"
 #include "cert.h"
 #include "keyt.h"
 
-#include "sslt.h"  /* public ssl data types */
+#include "sslt.h" /* public ssl data types */
 
 #if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
 #define SSL_IMPORT extern __declspec(dllimport)
 #else
 #define SSL_IMPORT extern
 #endif
 
 SEC_BEGIN_PROTOS
@@ -33,99 +33,99 @@ SSL_IMPORT const PRUint16 *SSL_GetImplem
 
 /* number of entries in the above table. */
 SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
 
 /* the same as the above, but is a function */
 SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
 
 /* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
-#define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
+#define SSL_IS_SSL2_CIPHER(which) (((which)&0xfff0) == 0xff00)
 
 /*
 ** Imports fd into SSL, returning a new socket.  Copies SSL configuration
 ** from model.
 */
 SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 
 /*
 ** Imports fd into DTLS, returning a new socket.  Copies DTLS configuration
 ** from model.
 */
 SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
 
 /*
 ** Enable/disable an ssl mode
 **
-** 	SSL_SECURITY:
-** 		enable/disable use of SSL security protocol before connect
+**  SSL_SECURITY:
+**    enable/disable use of SSL security protocol before connect
 **
-** 	SSL_SOCKS:
-** 		enable/disable use of socks before connect
-**		(No longer supported).
+**  SSL_SOCKS:
+**    enable/disable use of socks before connect
+**    (No longer supported).
 **
-** 	SSL_REQUEST_CERTIFICATE:
-** 		require a certificate during secure connect
+**  SSL_REQUEST_CERTIFICATE:
+**    require a certificate during secure connect
 */
 /* options */
-#define SSL_SECURITY			1 /* (on by default) */
-#define SSL_SOCKS			2 /* (off by default) */
-#define SSL_REQUEST_CERTIFICATE		3 /* (off by default) */
-#define SSL_HANDSHAKE_AS_CLIENT		5 /* force accept to hs as client */
-                               		  /* (off by default) */
-#define SSL_HANDSHAKE_AS_SERVER		6 /* force connect to hs as server */
-                               		  /* (off by default) */
+#define SSL_SECURITY 1            /* (on by default) */
+#define SSL_SOCKS 2               /* (off by default) */
+#define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */
+#define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
+                                  /* (off by default) */
+#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
+                                  /* (off by default) */
 
 /* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
-#define SSL_ENABLE_SSL2			7 /* enable ssl v2 (off by default) */
+#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
 
 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
 ** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
 */
-#define SSL_ENABLE_SSL3		        8 /* enable ssl v3 (on by default) */
+#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
 
-#define SSL_NO_CACHE		        9 /* don't use the session cache */
-                    		          /* (off by default) */
-#define SSL_REQUIRE_CERTIFICATE        10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
-                                          /* by default) */
-#define SSL_ENABLE_FDX                 11 /* permit simultaneous read/write */
-                                          /* (off by default) */
+#define SSL_NO_CACHE 9             /* don't use the session cache */
+                                   /* (off by default) */
+#define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
+                                   /* by default) */
+#define SSL_ENABLE_FDX 11          /* permit simultaneous read/write */
+                                   /* (off by default) */
 
 /* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
 ** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
 ** removed soon.
 */
-#define SSL_V2_COMPATIBLE_HELLO        12 /* send v3 client hello in v2 fmt */
-                                          /* (off by default) */
+#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
+                                   /* (off by default) */
 
 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
 ** description of the non-obvious semantics of using SSL_ENABLE_TLS.
 */
-#define SSL_ENABLE_TLS		       13 /* enable TLS (on by default) */
+#define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
 
-#define SSL_ROLLBACK_DETECTION         14 /* for compatibility, default: on */
-#define SSL_NO_STEP_DOWN               15 /* Disable export cipher suites   */
-                                          /* if step-down keys are needed.  */
-					  /* default: off, generate         */
-					  /* step-down keys if needed.      */
-#define SSL_BYPASS_PKCS11              16 /* use PKCS#11 for pub key only   */
-#define SSL_NO_LOCKS                   17 /* Don't use locks for protection */
-#define SSL_ENABLE_SESSION_TICKETS     18 /* Enable TLS SessionTicket       */
-                                          /* extension (off by default)     */
-#define SSL_ENABLE_DEFLATE             19 /* Enable TLS compression with    */
-                                          /* DEFLATE (off by default)       */
-#define SSL_ENABLE_RENEGOTIATION       20 /* Values below (default: never)  */
-#define SSL_REQUIRE_SAFE_NEGOTIATION   21 /* Peer must send Signaling       */
-					  /* Cipher Suite Value (SCSV) or   */
-                                          /* Renegotiation  Info (RI)       */
-					  /* extension in ALL handshakes.   */
-                                          /* default: off                   */
-#define SSL_ENABLE_FALSE_START         22 /* Enable SSL false start (off by */
-                                          /* default, applies only to       */
-                                          /* clients). False start is a     */
+#define SSL_ROLLBACK_DETECTION 14       /* for compatibility, default: on */
+#define SSL_NO_STEP_DOWN 15             /* Disable export cipher suites   */
+                                        /* if step-down keys are needed.  */
+                                        /* default: off, generate         */
+                                        /* step-down keys if needed.      */
+#define SSL_BYPASS_PKCS11 16            /* use PKCS#11 for pub key only   */
+#define SSL_NO_LOCKS 17                 /* Don't use locks for protection */
+#define SSL_ENABLE_SESSION_TICKETS 18   /* Enable TLS SessionTicket       */
+                                        /* extension (off by default)     */
+#define SSL_ENABLE_DEFLATE 19           /* Enable TLS compression with    */
+                                        /* DEFLATE (off by default)       */
+#define SSL_ENABLE_RENEGOTIATION 20     /* Values below (default: never)  */
+#define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling       */
+                                        /* Cipher Suite Value (SCSV) or   */
+                                        /* Renegotiation  Info (RI)       */
+                                        /* extension in ALL handshakes.   */
+                                        /* default: off                   */
+#define SSL_ENABLE_FALSE_START 22       /* Enable SSL false start (off by */
+                                        /* default, applies only to       */
+                                        /* clients). False start is a     */
 /* mode where an SSL client will start sending application data before
  * verifying the server's Finished message. This means that we could end up
  * sending data to an imposter. However, the data will be encrypted and
  * only the true server can derive the session key. Thus, so long as the
  * cipher isn't broken this is safe. The advantage of false start is that
  * it saves a round trip for client-speaks-first protocols when performing a
  * full handshake.
  *
@@ -155,17 +155,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
  * application_data record to every application_data record they send; we do
  * not do that because some implementations cannot handle empty
  * application_data records. Also, we only split application_data records and
  * not other types of records, because some implementations will not accept
  * fragmented records of some other types (e.g. some versions of NSS do not
  * accept fragmented alerts).
  */
 #define SSL_CBC_RANDOM_IV 23
-#define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
+#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
 
 /* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
  * handshake when application layer protocol negotiation is used.
  * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
  * application layer protocol negotiation; otherwise, the NPN extension will
  * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
  * may change in future versions.
  */
@@ -184,34 +184,34 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
 
 /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
  * reused for multiple handshakes or generated each time.
  * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
  * This socket option is for ECDHE, only. It is unrelated to DHE.
  */
 #define SSL_REUSE_SERVER_ECDHE_KEY 27
 
-#define SSL_ENABLE_FALLBACK_SCSV       28 /* Send fallback SCSV in
-                                           * handshakes. */
+#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in \
+                                     * handshakes. */
 
 /* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
  */
 #define SSL_ENABLE_SERVER_DHE 29
 
 /* Use draft-ietf-tls-session-hash. Controls whether we offer the
  * extended_master_secret extension which, when accepted, hashes
  * the handshake transcript into the master secret. This option is
  * disabled by default.
  */
 #define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
 
 /* Request Signed Certificate Timestamps via TLS extension (client) */
 #define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
 
-#ifdef SSL_DEPRECATED_FUNCTION 
+#ifdef SSL_DEPRECATED_FUNCTION
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
 #endif
 
 /* New function names */
 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
@@ -224,23 +224,23 @@ SSL_IMPORT SECStatus SSL_CertDBHandleSet
  * |protos| and |protosLen| define a buffer which contains the server's
  * advertisement. This data is guaranteed to be well formed per the NPN spec.
  * |protoOut| is a buffer provided by the caller, of length 255 (the maximum
  * allowed by the protocol). On successful return, the protocol to be announced
  * to the server will be in |protoOut| and its length in |*protoOutLen|.
  *
  * The callback must return SECFailure or SECSuccess (not SECWouldBlock).
  */
-typedef SECStatus (PR_CALLBACK *SSLNextProtoCallback)(
+typedef SECStatus(PR_CALLBACK *SSLNextProtoCallback)(
     void *arg,
     PRFileDesc *fd,
-    const unsigned char* protos,
+    const unsigned char *protos,
     unsigned int protosLen,
-    unsigned char* protoOut,
-    unsigned int* protoOutLen,
+    unsigned char *protoOut,
+    unsigned int *protoOutLen,
     unsigned int protoMaxOut);
 
 /* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
  * Negotiation. It causes a client to advertise NPN. */
 SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
                                               SSLNextProtoCallback callback,
                                               void *arg);
 
@@ -258,47 +258,47 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCal
  * Since NPN uses the first protocol as the fallback protocol, when sending an
  * ALPN extension, the first protocol is moved to the end of the list. This
  * indicates that the fallback protocol is the least preferred. The other
  * protocols should be in preference order.
  *
  * The supported protocols are specified in |data| in wire-format (8-bit
  * length-prefixed). For example: "\010http/1.1\006spdy/2". */
 SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
-					  const unsigned char *data,
-					  unsigned int length);
+                                          const unsigned char *data,
+                                          unsigned int length);
 
-typedef enum SSLNextProtoState { 
-  SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                */
-  SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement               */
-  SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found      */
-  SSL_NEXT_PROTO_SELECTED   = 3  /* Server selected proto (ALPN)   */
+typedef enum SSLNextProtoState {
+    SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                */
+    SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement               */
+    SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found      */
+    SSL_NEXT_PROTO_SELECTED = 3    /* Server selected proto (ALPN)   */
 } SSLNextProtoState;
 
 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after
  * a handshake to retrieve the result of the Next Protocol negotiation.
  *
  * The length of the negotiated protocol, if any, is written into *bufLen.
  * If the negotiated protocol is longer than bufLenMax, then SECFailure is
  * returned. Otherwise, the negotiated protocol, if any, is written into buf,
  * and SECSuccess is returned. */
 SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
-				      SSLNextProtoState *state,
-				      unsigned char *buf,
-				      unsigned int *bufLen,
-				      unsigned int bufLenMax);
+                                      SSLNextProtoState *state,
+                                      unsigned char *buf,
+                                      unsigned int *bufLen,
+                                      unsigned int bufLenMax);
 
 /*
 ** Control ciphers that SSL uses. If on is non-zero then the named cipher
-** is enabled, otherwise it is disabled. 
+** is enabled, otherwise it is disabled.
 ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
 ** EnableCipher records user preferences.
 ** SetPolicy sets the policy according to the policy module.
 */
-#ifdef SSL_DEPRECATED_FUNCTION 
+#ifdef SSL_DEPRECATED_FUNCTION
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
 SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
 #endif
 
 /* New function names */
 SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
 SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
@@ -446,56 +446,56 @@ SSL_IMPORT SECStatus SSL_VersionRangeGet
 /* Sets the range of enabled-by-default SSL3/TLS versions for the given
 ** protocol variant to |*vrange|.
 */
 SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
     SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
 
 /* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
 SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
-					 SSLVersionRange *vrange);
+                                         SSLVersionRange *vrange);
 
 /* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
 SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
-					 const SSLVersionRange *vrange);
+                                         const SSLVersionRange *vrange);
 
 /* Sets the version to check the server random against for the
  * fallback check defined in [draft-ietf-tls-tls13-11 Section 6.3.1.1].
  * This function is provided to allow for detection of forced downgrade
  * attacks against client-side reconnect-and-fallback outside of TLS
  * by setting |version| to be that of the original connection, rather
  * than that of the new connection.
  *
  * The default, which can also be enabled by setting |version| to
  * zero, is just to check against the max version in the
  * version range (see SSL_VersionRangeSet). */
 SSL_IMPORT SECStatus SSL_SetDowngradeCheckVersion(PRFileDesc *fd,
                                                   PRUint16 version);
 
 /* Values for "policy" argument to SSL_CipherPolicySet */
 /* Values returned by SSL_CipherPolicyGet. */
-#define SSL_NOT_ALLOWED		 0	      /* or invalid or unimplemented */
-#define SSL_ALLOWED		 1
-#define SSL_RESTRICTED		 2	      /* only with "Step-Up" certs. */
+#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
+#define SSL_ALLOWED 1
+#define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
 
 /* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
-#define SSL_REQUIRE_NEVER           ((PRBool)0)
-#define SSL_REQUIRE_ALWAYS          ((PRBool)1)
+#define SSL_REQUIRE_NEVER ((PRBool)0)
+#define SSL_REQUIRE_ALWAYS ((PRBool)1)
 #define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
-#define SSL_REQUIRE_NO_ERROR        ((PRBool)3)
+#define SSL_REQUIRE_NO_ERROR ((PRBool)3)
 
 /* Values for "on" with SSL_ENABLE_RENEGOTIATION */
 /* Never renegotiate at all.                                               */
-#define SSL_RENEGOTIATE_NEVER        ((PRBool)0)
+#define SSL_RENEGOTIATE_NEVER ((PRBool)0)
 /* Renegotiate without restriction, whether or not the peer's client hello */
 /* bears the renegotiation info extension.  Vulnerable, as in the past.    */
 #define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1)
 /* Only renegotiate if the peer's hello bears the TLS renegotiation_info   */
 /* extension. This is safe renegotiation.                                  */
-#define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2) 
+#define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2)
 /* Disallow unsafe renegotiation in server sockets only, but allow clients */
 /* to continue to renegotiate with vulnerable servers.                     */
 /* This value should only be used during the transition period when few    */
 /* servers have been upgraded.                                             */
 #define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3)
 
 /*
 ** Reset the handshake state for fd. This will make the complete SSL
@@ -523,41 +523,41 @@ SSL_IMPORT SECStatus SSL_ForceHandshakeW
 ** certificate at the other end of the connection. For a client, this is
 ** the issuer of the server's certificate; for a server, this is the
 ** issuer of the client's certificate (if any). Subject is the subject of
 ** the other end's certificate. The pointers can be zero if the desired
 ** data is not needed.  All strings returned by this function are owned
 ** by the caller, and need to be freed with PORT_Free.
 */
 SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
-			                int *keySize, int *secretKeySize,
-			                char **issuer, char **subject);
+                                        int *keySize, int *secretKeySize,
+                                        char **issuer, char **subject);
 
 /* Values for "on" */
-#define SSL_SECURITY_STATUS_NOOPT	-1
-#define SSL_SECURITY_STATUS_OFF		0
-#define SSL_SECURITY_STATUS_ON_HIGH	1
-#define SSL_SECURITY_STATUS_ON_LOW	2
-#define SSL_SECURITY_STATUS_FORTEZZA	3 /* NO LONGER SUPPORTED */
+#define SSL_SECURITY_STATUS_NOOPT -1
+#define SSL_SECURITY_STATUS_OFF 0
+#define SSL_SECURITY_STATUS_ON_HIGH 1
+#define SSL_SECURITY_STATUS_ON_LOW 2
+#define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
 
 /*
 ** Return the certificate for our SSL peer. If the client calls this
 ** it will always return the server's certificate. If the server calls
 ** this, it may return NULL if client authentication is not enabled or
 ** if the client had no certificate when asked.
-**	"fd" the socket "file" descriptor
+**  "fd" the socket "file" descriptor
 */
 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
 
 /*
 ** Return the certificates presented by the SSL peer. If the SSL peer
 ** did not present certificates, return NULL with the
 ** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
 ** code other than SSL_ERROR_NO_CERTIFICATE.
-**	"fd" the socket "file" descriptor
+**  "fd" the socket "file" descriptor
 */
 SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
 
 /* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
  * by the TLS server. The return value is a pointer to an internal SECItemArray
  * that contains the returned OCSP responses; it is only valid until the
  * callback function that calls SSL_PeerStapledOCSPResponses returns.
  *
@@ -567,44 +567,44 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi
  * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
  * to be provided by a server.
  *
  * libssl does not do any validation of the OCSP response itself; the
  * authenticate certificate hook is responsible for doing so. The default
  * authenticate certificate hook, SSL_AuthCertificate, does not implement
  * any OCSP stapling funtionality, but this may change in future versions.
  */
-SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
+SSL_IMPORT const SECItemArray *SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
 
 /* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
  * extension data provided by the TLS server. The return value is a pointer
  * to an internal SECItem that contains the returned response (as a serialized
  * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
  * valid until the callback function that calls SSL_PeerSignedCertTimestamps
  * (e.g. the authenticate certificate hook, or the handshake callback) returns.
  *
  * If no Signed Certificate Timestamps were given by the server then the result
  * will be empty. If there was an error, then the result will be NULL.
  *
  * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
  * for Signed Certificate Timestamps to a server.
  *
  * libssl does not do any parsing or validation of the response itself.
  */
-SSL_IMPORT const SECItem * SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
+SSL_IMPORT const SECItem *SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
 
 /* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
  * in the fd's data, which may be sent as part of a server side cert_status
  * handshake message. Parameter |responses| is for the server certificate of
  * the key exchange type |kea|.
  * The function will duplicate the responses array.
  */
 SSL_IMPORT SECStatus
 SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
-			    SSLKEAType kea);
+                            SSLKEAType kea);
 
 /*
  * SSL_SetSignedCertTimestamps stores serialized signed_certificate_timestamp
  * extension data in the fd. The signed_certificate_timestamp data is sent
  * during the handshake (if requested by the client). Parameter |scts|
  * is for the server certificate of the key exchange type |kea|.
  * The function will duplicate the provided data item. To clear previously
  * set data for a given key exchange type |kea|, pass NULL to |scts|.
@@ -639,51 +639,50 @@ SSL_SetSignedCertTimestamps(PRFileDesc *
 ** libssl does not provide a way for the authenticate certificate hook to
 ** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
 ** in the stapled OCSP response or an error in some other OCSP response.
 ** Further, NSS does not provide a convenient way to control or determine
 ** which OCSP response(s) were used to validate a certificate chain.
 ** Consequently, the current version of libssl does not ever send the
 ** bad_certificate_status_response alert. This may change in future releases.
 */
-typedef SECStatus (PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd, 
-                                                    PRBool checkSig,
-                                                    PRBool isServer);
+typedef SECStatus(PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
+                                                   PRBool checkSig,
+                                                   PRBool isServer);
 
-SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd, 
-					     SSLAuthCertificate f,
-				             void *arg);
+SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd,
+                                             SSLAuthCertificate f,
+                                             void *arg);
 
 /* An implementation of the certificate authentication hook */
-SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd, 
-					 PRBool checkSig, PRBool isServer);
+SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd,
+                                         PRBool checkSig, PRBool isServer);
 
 /*
  * Prototype for SSL callback to get client auth data from the application.
- *	arg - application passed argument
- *	caNames - pointer to distinguished names of CAs that the server likes
- *	pRetCert - pointer to pointer to cert, for return of cert
- *	pRetKey - pointer to key pointer, for return of key
+ *  arg - application passed argument
+ *  caNames - pointer to distinguished names of CAs that the server likes
+ *  pRetCert - pointer to pointer to cert, for return of cert
+ *  pRetKey - pointer to key pointer, for return of key
  */
-typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
-                                PRFileDesc *fd,
-                                CERTDistNames *caNames,
-                                CERTCertificate **pRetCert,/*return */
-                                SECKEYPrivateKey **pRetKey);/* return */
+typedef SECStatus(PR_CALLBACK *SSLGetClientAuthData)(void *arg,
+                                                     PRFileDesc *fd,
+                                                     CERTDistNames *caNames,
+                                                     CERTCertificate **pRetCert,  /*return */
+                                                     SECKEYPrivateKey **pRetKey); /* return */
 
 /*
  * Set the client side callback for SSL to retrieve user's private key
  * and certificate.
- *	fd - the file descriptor for the connection in question
- *	f - the application's callback that delivers the key and cert
- *	a - application specific data
+ *  fd - the file descriptor for the connection in question
+ *  f - the application's callback that delivers the key and cert
+ *  a - application specific data
  */
-SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, 
-			                       SSLGetClientAuthData f, void *a);
-
+SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
+                                               SSLGetClientAuthData f, void *a);
 
 /*
 ** SNI extension processing callback function.
 ** It is called when SSL socket receives SNI extension in ClientHello message.
 ** Upon this callback invocation, application is responsible to reconfigure the
 ** socket with the data for a particular server name.
 ** There are three potential outcomes of this function invocation:
 **    * application does not recognize the name or the type and wants the
@@ -701,49 +700,49 @@ SSL_IMPORT SECStatus SSL_GetClientAuthDa
 ** LibSSL will ignore any SNI extension received in a ClientHello message
 ** if application does not register a SSLSNISocketConfig callback.
 ** Each type field of SECItem indicates the name type.
 ** NOTE: currently RFC3546 defines only one name type: sni_host_name.
 ** Client is allowed to send only one name per known type. LibSSL will
 ** send an "unrecognized_name" alert if SNI extension name list contains more
 ** then one name of a type.
 */
-typedef PRInt32 (PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
-                                            const SECItem *srvNameArr,
-                                                  PRUint32 srvNameArrSize,
-                                                  void *arg);
+typedef PRInt32(PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
+                                                 const SECItem *srvNameArr,
+                                                 PRUint32 srvNameArrSize,
+                                                 void *arg);
 
 /*
 ** SSLSNISocketConfig should return an index within 0 and srvNameArrSize-1
 ** when it has reconfigured the socket fd to use certs and keys, etc
 ** for a specific name. There are two other allowed return values. One
 ** tells libSSL to use the default cert and key.  The other tells libSSL
 ** to send the "unrecognized_name" alert.  These values are:
 **/
-#define SSL_SNI_CURRENT_CONFIG_IS_USED           -1
-#define SSL_SNI_SEND_ALERT                       -2
+#define SSL_SNI_CURRENT_CONFIG_IS_USED -1
+#define SSL_SNI_SEND_ALERT -2
 
 /*
 ** Set application implemented SNISocketConfig callback.
 */
-SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd, 
+SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd,
                                              SSLSNISocketConfig f,
                                              void *arg);
 
 /*
 ** Reconfigure fd SSL socket with model socket parameters. Sets
 ** server certs and keys, list of trust anchor, socket options
 ** and all SSL socket call backs and parameters.
 */
 SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd);
 
 /*
  * Set the client side argument for SSL to retrieve PKCS #11 pin.
- *	fd - the file descriptor for the connection in question
- *	a - pkcs11 application specific data
+ *  fd - the file descriptor for the connection in question
+ *  a - pkcs11 application specific data
  */
 SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
 
 /*
 ** This is a callback for dealing with server certs that are not authenticated
 ** by the client.  The client app can decide that it actually likes the
 ** cert by some external means and restart the connection.
 **
@@ -752,162 +751,161 @@ SSL_IMPORT SECStatus SSL_SetPKCS11PinArg
 ** considered invalid, or SECWouldBlock if the application will authenticate
 ** the certificate asynchronously. SECWouldBlock is only supported for
 ** non-blocking sockets.
 **
 ** See the documentation for SSL_AuthCertificateComplete for more information
 ** about the asynchronous behavior that occurs when the bad cert hook returns
 ** SECWouldBlock.
 */
-typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
-SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, 
-				     void *arg);
+typedef SECStatus(PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
+SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
+                                     void *arg);
 
 /*
 ** Configure SSL socket for running a secure server. Needs the
 ** certificate for the server and the servers private key. The arguments
 ** are copied.
 */
 SSL_IMPORT SECStatus SSL_ConfigSecureServer(
-				PRFileDesc *fd, CERTCertificate *cert,
-				SECKEYPrivateKey *key, SSLKEAType kea);
+    PRFileDesc *fd, CERTCertificate *cert,
+    SECKEYPrivateKey *key, SSLKEAType kea);
 
 /*
 ** Allows SSL socket configuration with caller-supplied certificate chain.
 ** If certChainOpt is NULL, tries to find one.
 */
 SSL_IMPORT SECStatus
 SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
                                     const CERTCertificateList *certChainOpt,
                                     SECKEYPrivateKey *key, SSLKEAType kea);
 
 /*
 ** Configure a secure server's session-id cache. Define the maximum number
 ** of entries in the cache, the longevity of the entires, and the directory
-** where the cache files will be placed.  These values can be zero, and 
+** where the cache files will be placed.  These values can be zero, and
 ** if so, the implementation will choose defaults.
-** This version of the function is for use in applications that have only one 
+** This version of the function is for use in applications that have only one
 ** process that uses the cache (even if that process has multiple threads).
 */
-SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int      maxCacheEntries,
-					            PRUint32 timeout,
-					            PRUint32 ssl3_timeout,
-				              const char *   directory);
+SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int maxCacheEntries,
+                                                    PRUint32 timeout,
+                                                    PRUint32 ssl3_timeout,
+                                                    const char *directory);
 
 /* Configure a secure server's session-id cache. Depends on value of
  * enableMPCache, configures malti-proc or single proc cache. */
 SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCacheWithOpt(
-                                                           PRUint32 timeout,
-                                                       PRUint32 ssl3_timeout,
-                                                     const char *   directory,
-                                                          int maxCacheEntries,
-                                                      int maxCertCacheEntries,
-                                                    int maxSrvNameCacheEntries,
-                                                           PRBool enableMPCache);
+    PRUint32 timeout,
+    PRUint32 ssl3_timeout,
+    const char *directory,
+    int maxCacheEntries,
+    int maxCertCacheEntries,
+    int maxSrvNameCacheEntries,
+    PRBool enableMPCache);
 
 /*
 ** Like SSL_ConfigServerSessionIDCache, with one important difference.
-** If the application will run multiple processes (as opposed to, or in 
+** If the application will run multiple processes (as opposed to, or in
 ** addition to multiple threads), then it must call this function, instead
 ** of calling SSL_ConfigServerSessionIDCache().
 ** This has nothing to do with the number of processORs, only processEs.
 ** This function sets up a Server Session ID (SID) cache that is safe for
 ** access by multiple processes on the same system.
 */
-SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int      maxCacheEntries, 
-				                PRUint32 timeout,
-			       	                PRUint32 ssl3_timeout, 
-		                          const char *   directory);
+SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
+                                                PRUint32 timeout,
+                                                PRUint32 ssl3_timeout,
+                                                const char *directory);
 
-/* Get and set the configured maximum number of mutexes used for the 
-** server's store of SSL sessions.  This value is used by the server 
-** session ID cache initialization functions shown above.  Note that on 
-** some platforms, these mutexes are actually implemented with POSIX 
+/* Get and set the configured maximum number of mutexes used for the
+** server's store of SSL sessions.  This value is used by the server
+** session ID cache initialization functions shown above.  Note that on
+** some platforms, these mutexes are actually implemented with POSIX
 ** semaphores, or with unnamed pipes.  The default value varies by platform.
-** An attempt to set a too-low maximum will return an error and the 
+** An attempt to set a too-low maximum will return an error and the
 ** configured value will not be changed.
 */
-SSL_IMPORT PRUint32  SSL_GetMaxServerCacheLocks(void);
+SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks(void);
 SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
 
 /* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
  * SSL_InheritMPServerSIDCache when envString is NULL.
  */
-#define SSL_ENV_VAR_NAME            "SSL_INHERITANCE"
+#define SSL_ENV_VAR_NAME "SSL_INHERITANCE"
 
-/* called in child to inherit SID Cache variables. 
+/* called in child to inherit SID Cache variables.
  * If envString is NULL, this function will use the value of the environment
- * variable "SSL_INHERITANCE", otherwise the string value passed in will be 
+ * variable "SSL_INHERITANCE", otherwise the string value passed in will be
  * used.
  */
-SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString);
+SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char *envString);
 
 /*
 ** Set the callback that gets called when a TLS handshake is complete. The
 ** handshake callback is called after verifying the peer's Finished message and
 ** before processing incoming application data.
 **
 ** For the initial handshake: If the handshake false started (see
 ** SSL_ENABLE_FALSE_START), then application data may already have been sent
 ** before the handshake callback is called. If we did not false start then the
 ** callback will get called before any application data is sent.
 */
-typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
-                                                 void *client_data);
-SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, 
-			          SSLHandshakeCallback cb, void *client_data);
+typedef void(PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
+                                                void *client_data);
+SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd,
+                                           SSLHandshakeCallback cb, void *client_data);
 
 /* Applications that wish to enable TLS false start must set this callback
 ** function. NSS will invoke the functon to determine if a particular
 ** connection should use false start or not. SECSuccess indicates that the
 ** callback completed successfully, and if so *canFalseStart indicates if false
 ** start can be used. If the callback does not return SECSuccess then the
 ** handshake will be canceled. NSS's recommended criteria can be evaluated by
 ** calling SSL_RecommendedCanFalseStart.
 **
 ** If no false start callback is registered then false start will never be
 ** done, even if the SSL_ENABLE_FALSE_START option is enabled.
 **/
-typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)(
+typedef SECStatus(PR_CALLBACK *SSLCanFalseStartCallback)(
     PRFileDesc *fd, void *arg, PRBool *canFalseStart);
 
 SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback(
     PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg);
 
 /* This function sets *canFalseStart according to the recommended criteria for
 ** false start. These criteria may change from release to release and may depend
 ** on which handshake features have been negotiated and/or properties of the
 ** certifciates/keys used on the connection.
 */
 SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd,
                                                   PRBool *canFalseStart);
 
 /*
 ** For the server, request a new handshake.  For the client, begin a new
-** handshake.  If flushCache is non-zero, the SSL3 cache entry will be 
+** handshake.  If flushCache is non-zero, the SSL3 cache entry will be
 ** flushed first, ensuring that a full SSL handshake will be done.
-** If flushCache is zero, and an SSL connection is established, it will 
-** do the much faster session restart handshake.  This will change the 
+** If flushCache is zero, and an SSL connection is established, it will
+** do the much faster session restart handshake.  This will change the
 ** session keys without doing another private key operation.
 */
 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
 
 /*
 ** Same as above, but with an I/O timeout.
  */
 SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
                                                 PRBool flushCache,
                                                 PRIntervalTime timeout);
 
-
-#ifdef SSL_DEPRECATED_FUNCTION 
+#ifdef SSL_DEPRECATED_FUNCTION
 /* deprecated!
 ** For the server, request a new handshake.  For the client, begin a new
-** handshake.  Flushes SSL3 session cache entry first, ensuring that a 
-** full handshake will be done.  
+** handshake.  Flushes SSL3 session cache entry first, ensuring that a
+** full handshake will be done.
 ** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
 */
 SSL_IMPORT SECStatus SSL_RedoHandshake(PRFileDesc *fd);
 #endif
 
 /*
  * Allow the application to pass a URL or hostname into the SSL library.
  */
@@ -947,93 +945,93 @@ SSL_IMPORT SECStatus SSL_ShutdownServerS
 
 /*
 ** Set peer information so we can correctly look up SSL session later.
 ** You only have to do this if you're tunneling through a proxy.
 */
 SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
 
 /*
-** Reveal the security information for the peer. 
+** Reveal the security information for the peer.
 */
-SSL_IMPORT CERTCertificate * SSL_RevealCert(PRFileDesc * socket);
-SSL_IMPORT void * SSL_RevealPinArg(PRFileDesc * socket);
-SSL_IMPORT char * SSL_RevealURL(PRFileDesc * socket);
+SSL_IMPORT CERTCertificate *SSL_RevealCert(PRFileDesc *socket);
+SSL_IMPORT void *SSL_RevealPinArg(PRFileDesc *socket);
+SSL_IMPORT char *SSL_RevealURL(PRFileDesc *socket);
 
 /* This callback may be passed to the SSL library via a call to
  * SSL_GetClientAuthDataHook() for each SSL client socket.
  * It will be invoked when SSL needs to know what certificate and private key
  * (if any) to use to respond to a request for client authentication.
  * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
  * the nickname of the cert/key pair to use.
- * If arg is NULL, this function will search the cert and key databases for 
+ * If arg is NULL, this function will search the cert and key databases for
  * a suitable match and send it if one is found.
  */
 SSL_IMPORT SECStatus
-NSS_GetClientAuthData(void *                       arg,
-                      PRFileDesc *                 socket,
-                      struct CERTDistNamesStr *    caNames,
-                      struct CERTCertificateStr ** pRetCert,
+NSS_GetClientAuthData(void *arg,
+                      PRFileDesc *socket,
+                      struct CERTDistNamesStr *caNames,
+                      struct CERTCertificateStr **pRetCert,
                       struct SECKEYPrivateKeyStr **pRetKey);
 
 /*
 ** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
 ** Input is a list of ciphers in descending preference order and a length
 ** of the list. As a side effect, this causes the use_srtp extension to be
 ** negotiated.
 **
 ** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at
 ** least one cipher suite in |ciphers| is implemented, returns SECSuccess.
 ** Otherwise returns SECFailure.
 */
 SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
-					const PRUint16 *ciphers,
-					unsigned int numCiphers);
+                                        const PRUint16 *ciphers,
+                                        unsigned int numCiphers);
 
 /*
 ** Get the selected DTLS-SRTP cipher suite (if any).
 ** To be called after the handshake completes.
 ** Returns SECFailure if not negotiated.
 */
 SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd,
-				       PRUint16 *cipher);
+                                       PRUint16 *cipher);
 
 /*
  * Look to see if any of the signers in the cert chain for "cert" are found
- * in the list of caNames.  
+ * in the list of caNames.
  * Returns SECSuccess if so, SECFailure if not.
  * Used by NSS_GetClientAuthData.  May be used by other callback functions.
  */
-SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert, 
-                                          CERTDistNames *caNames);
+SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
+                                              CERTDistNames *caNames);
 
-/* 
+/*
  * Returns key exchange type of the keys in an SSL server certificate.
  */
-SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
+SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate *cert);
 
 /* Set cipher policies to a predefined Domestic (U.S.A.) policy.
  * This essentially allows all supported ciphers.
  */
 SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
 
 /* Set cipher policies to a predefined Policy that is exportable from the USA
  *   according to present U.S. policies as we understand them.
  * It is the same as NSS_SetDomesticPolicy now.
  */
 SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
 
 /* Set cipher policies to a predefined Policy that is exportable from the USA
- *   according to present U.S. policies as we understand them, and that the 
+ *   according to present U.S. policies as we understand them, and that the
  *   nation of France will permit to be imported into their country.
  * It is the same as NSS_SetDomesticPolicy now.
  */
 SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
 
-SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
+SSL_IMPORT SSL3Statistics *SSL_GetStatistics(void);
 
 /* Report more information than SSL_SecurityStatus.
  * Caller supplies the info struct.  This function fills it in.
  * The information here will be zeroed prior to details being confirmed.  The
  * details are confirmed either when a Finished message is received, or - for a
  * client - when the second flight of messages have been sent.  This function
  * therefore produces unreliable results prior to receiving the
  * SSLHandshakeCallback or the SSLCanFalseStartCallback.
@@ -1047,18 +1045,18 @@ SSL_IMPORT SECStatus SSL_GetChannelInfo(
  * SSLSNISocketConfig, and other callbacks that might be called during the
  * processing of the first flight of client of server handshake messages.
  * Values are marked as being unavailable when renegotiation is initiated.
  */
 SSL_IMPORT SECStatus
 SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
                               SSLPreliminaryChannelInfo *info,
                               PRUintn len);
-SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, 
-                                        SSLCipherSuiteInfo *info, PRUintn len);
+SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
+                                            SSLCipherSuiteInfo *info, PRUintn len);
 
 /* Returnes negotiated through SNI host info. */
 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
 
 /* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket and out must
 ** already be allocated. If hasContext is false, it uses the no-context
 ** construction from the RFC and ignores the context and contextLen
@@ -1072,17 +1070,17 @@ SSL_IMPORT SECStatus SSL_ExportKeyingMat
                                               unsigned int contextLen,
                                               unsigned char *out,
                                               unsigned int outLen);
 
 /*
 ** Return a new reference to the certificate that was most recently sent
 ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
 */
-SSL_IMPORT CERTCertificate * SSL_LocalCertificate(PRFileDesc *fd);
+SSL_IMPORT CERTCertificate *SSL_LocalCertificate(PRFileDesc *fd);
 
 /* Test an SSL configuration to see if  SSL_BYPASS_PKCS11 can be turned on.
 ** Check the key exchange algorithm for each cipher in the list to see if
 ** a master secret key can be extracted after being derived with the mechanism
 ** required by the protocolmask argument. If the KEA will use keys from the
 ** specified cert make sure the extract operation is attempted from the slot
 ** where the private key resides.
 ** If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
@@ -1096,30 +1094,30 @@ SSL_IMPORT CERTCertificate * SSL_LocalCe
 ** NO WORSE with the bypass enabled than without"; it does NOT mean that every
 ** cipher suite listed will work properly with the selected protocols.
 **
 ** Caveat: If export cipher suites are included in the argument list Canbypass
 ** will return FALSE.
 **/
 
 /* protocol mask bits */
-#define SSL_CBP_SSL3	0x0001	        /* test SSL v3 mechanisms */
-#define SSL_CBP_TLS1_0	0x0002		/* test TLS v1.0 mechanisms */
+#define SSL_CBP_SSL3 0x0001   /* test SSL v3 mechanisms */
+#define SSL_CBP_TLS1_0 0x0002 /* test TLS v1.0 mechanisms */
 
 SSL_IMPORT SECStatus SSL_CanBypass(CERTCertificate *cert,
                                    SECKEYPrivateKey *privKey,
-				   PRUint32 protocolmask,
-				   PRUint16 *ciphers, int nciphers,
+                                   PRUint32 protocolmask,
+                                   PRUint16 *ciphers, int nciphers,
                                    PRBool *pcanbypass, void *pwArg);
 
 /*
 ** Did the handshake with the peer negotiate the given extension?
 ** Output parameter valid only if function returns SECSuccess
 */
-SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
                                                       SSLExtensionType extId,
                                                       PRBool *yes);
 
 /*
 ** How long should we wait before retransmitting the next flight of
 ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
 ** handshake.
 */
@@ -1199,12 +1197,12 @@ extern const char *NSSSSL_GetVersion(voi
  * example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
  * return SECSuccess (normally), but that does not mean that the application
  * should continue using the connection. If the application passes a non-zero
  * value for second argument (error), or if SSL_AuthCertificateComplete returns
  * anything other than SECSuccess, then the application should close the
  * connection.
  */
 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
-						 PRErrorCode error);
+                                                 PRErrorCode error);
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -6,17 +6,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* ECC code moved here from ssl3con.c */
 
 #include "nss.h"
 #include "cert.h"
 #include "ssl.h"
-#include "cryptohi.h"   /* for DSAU_ stuff */
+#include "cryptohi.h" /* for DSAU_ stuff */
 #include "keyhi.h"
 #include "secder.h"
 #include "secitem.h"
 
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "sslerr.h"
 #include "prtime.h"
@@ -29,156 +29,157 @@
 #include "pk11func.h"
 #include "secmod.h"
 
 #include <stdio.h>
 
 #ifndef NSS_DISABLE_ECC
 
 #ifndef PK11_SETATTRS
-#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-                (x)->pValue=(v); (x)->ulValueLen = (l);
+#define PK11_SETATTRS(x, id, v, l) \
+    (x)->type = (id);              \
+    (x)->pValue = (v);             \
+    (x)->ulValueLen = (l);
 #endif
 
-#define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \
-    (ss->serverCerts[type].serverKeyPair ? \
-    ss->serverCerts[type].serverKeyPair->pubKey : NULL)
+#define SSL_GET_SERVER_PUBLIC_KEY(sock, type)                                          \
+    (ss->serverCerts[type].serverKeyPair ? ss->serverCerts[type].serverKeyPair->pubKey \
+                                         : NULL)
 
 #define SSL_IS_CURVE_NEGOTIATED(curvemsk, curveName) \
-    ((curveName > ec_noName) && \
-     (curveName < ec_pastLastName) && \
+    ((curveName > ec_noName) &&                      \
+     (curveName < ec_pastLastName) &&                \
      ((1UL << curveName) & curvemsk) != 0)
 
-
-
 static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve);
 
 #define supportedCurve(x) (((x) > ec_noName) && ((x) < ec_pastLastName))
 
 /* Table containing OID tags for elliptic curves named in the
  * ECC-TLS IETF draft.
  */
 static const SECOidTag ecName2OIDTag[] = {
-        0,
-        SEC_OID_SECG_EC_SECT163K1,  /*  1 */
-        SEC_OID_SECG_EC_SECT163R1,  /*  2 */
-        SEC_OID_SECG_EC_SECT163R2,  /*  3 */
-        SEC_OID_SECG_EC_SECT193R1,  /*  4 */
-        SEC_OID_SECG_EC_SECT193R2,  /*  5 */
-        SEC_OID_SECG_EC_SECT233K1,  /*  6 */
-        SEC_OID_SECG_EC_SECT233R1,  /*  7 */
-        SEC_OID_SECG_EC_SECT239K1,  /*  8 */
-        SEC_OID_SECG_EC_SECT283K1,  /*  9 */
-        SEC_OID_SECG_EC_SECT283R1,  /* 10 */
-        SEC_OID_SECG_EC_SECT409K1,  /* 11 */
-        SEC_OID_SECG_EC_SECT409R1,  /* 12 */
-        SEC_OID_SECG_EC_SECT571K1,  /* 13 */
-        SEC_OID_SECG_EC_SECT571R1,  /* 14 */
-        SEC_OID_SECG_EC_SECP160K1,  /* 15 */
-        SEC_OID_SECG_EC_SECP160R1,  /* 16 */
-        SEC_OID_SECG_EC_SECP160R2,  /* 17 */
-        SEC_OID_SECG_EC_SECP192K1,  /* 18 */
-        SEC_OID_SECG_EC_SECP192R1,  /* 19 */
-        SEC_OID_SECG_EC_SECP224K1,  /* 20 */
-        SEC_OID_SECG_EC_SECP224R1,  /* 21 */
-        SEC_OID_SECG_EC_SECP256K1,  /* 22 */
-        SEC_OID_SECG_EC_SECP256R1,  /* 23 */
-        SEC_OID_SECG_EC_SECP384R1,  /* 24 */
-        SEC_OID_SECG_EC_SECP521R1,  /* 25 */
+    0,
+    SEC_OID_SECG_EC_SECT163K1, /*  1 */
+    SEC_OID_SECG_EC_SECT163R1, /*  2 */
+    SEC_OID_SECG_EC_SECT163R2, /*  3 */
+    SEC_OID_SECG_EC_SECT193R1, /*  4 */
+    SEC_OID_SECG_EC_SECT193R2, /*  5 */
+    SEC_OID_SECG_EC_SECT233K1, /*  6 */
+    SEC_OID_SECG_EC_SECT233R1, /*  7 */
+    SEC_OID_SECG_EC_SECT239K1, /*  8 */
+    SEC_OID_SECG_EC_SECT283K1, /*  9 */
+    SEC_OID_SECG_EC_SECT283R1, /* 10 */
+    SEC_OID_SECG_EC_SECT409K1, /* 11 */
+    SEC_OID_SECG_EC_SECT409R1, /* 12 */
+    SEC_OID_SECG_EC_SECT571K1, /* 13 */
+    SEC_OID_SECG_EC_SECT571R1, /* 14 */
+    SEC_OID_SECG_EC_SECP160K1, /* 15 */
+    SEC_OID_SECG_EC_SECP160R1, /* 16 */
+    SEC_OID_SECG_EC_SECP160R2, /* 17 */
+    SEC_OID_SECG_EC_SECP192K1, /* 18 */
+    SEC_OID_SECG_EC_SECP192R1, /* 19 */
+    SEC_OID_SECG_EC_SECP224K1, /* 20 */
+    SEC_OID_SECG_EC_SECP224R1, /* 21 */
+    SEC_OID_SECG_EC_SECP256K1, /* 22 */
+    SEC_OID_SECG_EC_SECP256R1, /* 23 */
+    SEC_OID_SECG_EC_SECP384R1, /* 24 */
+    SEC_OID_SECG_EC_SECP521R1, /* 25 */
 };
 
 static const PRUint16 curve2bits[] = {
-          0, /*  ec_noName     = 0,   */
-        163, /*  ec_sect163k1  = 1,   */
-        163, /*  ec_sect163r1  = 2,   */
-        163, /*  ec_sect163r2  = 3,   */
-        193, /*  ec_sect193r1  = 4,   */
-        193, /*  ec_sect193r2  = 5,   */
-        233, /*  ec_sect233k1  = 6,   */
-        233, /*  ec_sect233r1  = 7,   */
-        239, /*  ec_sect239k1  = 8,   */
-        283, /*  ec_sect283k1  = 9,   */
-        283, /*  ec_sect283r1  = 10,  */
-        409, /*  ec_sect409k1  = 11,  */
-        409, /*  ec_sect409r1  = 12,  */
-        571, /*  ec_sect571k1  = 13,  */
-        571, /*  ec_sect571r1  = 14,  */
-        160, /*  ec_secp160k1  = 15,  */
-        160, /*  ec_secp160r1  = 16,  */
-        160, /*  ec_secp160r2  = 17,  */
-        192, /*  ec_secp192k1  = 18,  */
-        192, /*  ec_secp192r1  = 19,  */
-        224, /*  ec_secp224k1  = 20,  */
-        224, /*  ec_secp224r1  = 21,  */
-        256, /*  ec_secp256k1  = 22,  */
-        256, /*  ec_secp256r1  = 23,  */
-        384, /*  ec_secp384r1  = 24,  */
-        521, /*  ec_secp521r1  = 25,  */
-      65535  /*  ec_pastLastName      */
+    0,    /*  ec_noName     = 0,   */
+    163,  /*  ec_sect163k1  = 1,   */
+    163,  /*  ec_sect163r1  = 2,   */
+    163,  /*  ec_sect163r2  = 3,   */
+    193,  /*  ec_sect193r1  = 4,   */
+    193,  /*  ec_sect193r2  = 5,   */
+    233,  /*  ec_sect233k1  = 6,   */
+    233,  /*  ec_sect233r1  = 7,   */
+    239,  /*  ec_sect239k1  = 8,   */
+    283,  /*  ec_sect283k1  = 9,   */
+    283,  /*  ec_sect283r1  = 10,  */
+    409,  /*  ec_sect409k1  = 11,  */
+    409,  /*  ec_sect409r1  = 12,  */
+    571,  /*  ec_sect571k1  = 13,  */
+    571,  /*  ec_sect571r1  = 14,  */
+    160,  /*  ec_secp160k1  = 15,  */
+    160,  /*  ec_secp160r1  = 16,  */
+    160,  /*  ec_secp160r2  = 17,  */
+    192,  /*  ec_secp192k1  = 18,  */
+    192,  /*  ec_secp192r1  = 19,  */
+    224,  /*  ec_secp224k1  = 20,  */
+    224,  /*  ec_secp224r1  = 21,  */
+    256,  /*  ec_secp256k1  = 22,  */
+    256,  /*  ec_secp256r1  = 23,  */
+    384,  /*  ec_secp384r1  = 24,  */
+    521,  /*  ec_secp521r1  = 25,  */
+    65535 /*  ec_pastLastName      */
 };
 
 typedef struct Bits2CurveStr {
-    PRUint16    bits;
-    ECName      curve;
+    PRUint16 bits;
+    ECName curve;
 } Bits2Curve;
 
-static const Bits2Curve bits2curve [] = {
-   {    192,     ec_secp192r1    /*  = 19,  fast */  },
-   {    160,     ec_secp160r2    /*  = 17,  fast */  },
-   {    160,     ec_secp160k1    /*  = 15,  */       },
-   {    160,     ec_secp160r1    /*  = 16,  */       },
-   {    163,     ec_sect163k1    /*  = 1,   */       },
-   {    163,     ec_sect163r1    /*  = 2,   */       },
-   {    163,     ec_sect163r2    /*  = 3,   */       },
-   {    192,     ec_secp192k1    /*  = 18,  */       },
-   {    193,     ec_sect193r1    /*  = 4,   */       },
-   {    193,     ec_sect193r2    /*  = 5,   */       },
-   {    224,     ec_secp224r1    /*  = 21,  fast */  },
-   {    224,     ec_secp224k1    /*  = 20,  */       },
-   {    233,     ec_sect233k1    /*  = 6,   */       },
-   {    233,     ec_sect233r1    /*  = 7,   */       },
-   {    239,     ec_sect239k1    /*  = 8,   */       },
-   {    256,     ec_secp256r1    /*  = 23,  fast */  },
-   {    256,     ec_secp256k1    /*  = 22,  */       },
-   {    283,     ec_sect283k1    /*  = 9,   */       },
-   {    283,     ec_sect283r1    /*  = 10,  */       },
-   {    384,     ec_secp384r1    /*  = 24,  fast */  },
-   {    409,     ec_sect409k1    /*  = 11,  */       },
-   {    409,     ec_sect409r1    /*  = 12,  */       },
-   {    521,     ec_secp521r1    /*  = 25,  fast */  },
-   {    571,     ec_sect571k1    /*  = 13,  */       },
-   {    571,     ec_sect571r1    /*  = 14,  */       },
-   {  65535,     ec_noName    }
+static const Bits2Curve bits2curve[] = {
+    { 192, ec_secp192r1 /*  = 19,  fast */ },
+    { 160, ec_secp160r2 /*  = 17,  fast */ },
+    { 160, ec_secp160k1 /*  = 15,  */ },
+    { 160, ec_secp160r1 /*  = 16,  */ },
+    { 163, ec_sect163k1 /*  = 1,   */ },
+    { 163, ec_sect163r1 /*  = 2,   */ },
+    { 163, ec_sect163r2 /*  = 3,   */ },
+    { 192, ec_secp192k1 /*  = 18,  */ },
+    { 193, ec_sect193r1 /*  = 4,   */ },
+    { 193, ec_sect193r2 /*  = 5,   */ },
+    { 224, ec_secp224r1 /*  = 21,  fast */ },
+    { 224, ec_secp224k1 /*  = 20,  */ },
+    { 233, ec_sect233k1 /*  = 6,   */ },
+    { 233, ec_sect233r1 /*  = 7,   */ },
+    { 239, ec_sect239k1 /*  = 8,   */ },
+    { 256, ec_secp256r1 /*  = 23,  fast */ },
+    { 256, ec_secp256k1 /*  = 22,  */ },
+    { 283, ec_sect283k1 /*  = 9,   */ },
+    { 283, ec_sect283r1 /*  = 10,  */ },
+    { 384, ec_secp384r1 /*  = 24,  fast */ },
+    { 409, ec_sect409k1 /*  = 11,  */ },
+    { 409, ec_sect409r1 /*  = 12,  */ },
+    { 521, ec_secp521r1 /*  = 25,  fast */ },
+    { 571, ec_sect571k1 /*  = 13,  */ },
+    { 571, ec_sect571r1 /*  = 14,  */ },
+    { 65535, ec_noName }
 };
 
 typedef struct ECDHEKeyPairStr {
-    ssl3KeyPair *  pair;
-    int            error;  /* error code of the call-once function */
+    ssl3KeyPair *pair;
+    int error; /* error code of the call-once function */
     PRCallOnceType once;
 } ECDHEKeyPair;
 
 /* arrays of ECDHE KeyPairs */
 static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
 
 SECStatus
-ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
+ssl3_ECName2Params(PLArenaPool *arena, ECName curve, SECKEYECParams *params)
 {
     SECOidData *oidData = NULL;
     PRUint32 policyFlags = 0;
 
     if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
         ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
         return SECFailure;
     }
 
-    if ( (NSS_GetAlgorithmPolicy(ecName2OIDTag[curve], &policyFlags) 
-		== SECSuccess) && !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
+    if ((NSS_GetAlgorithmPolicy(ecName2OIDTag[curve], &policyFlags) ==
+         SECSuccess) &&
+        !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
-	return SECFailure;
+        return SECFailure;
     }
 
     SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
     /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
      * representing the named curve. The actual OID is in
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
@@ -187,17 +188,17 @@ ssl3_ECName2Params(PLArenaPool * arena, 
     memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
 
     return SECSuccess;
 }
 
 ECName
 ssl3_PubKey2ECName(SECKEYPublicKey *pubKey)
 {
-    SECItem oid = { siBuffer, NULL, 0};
+    SECItem oid = { siBuffer, NULL, 0 };
     SECOidData *oidData = NULL;
     PRUint32 policyFlags = 0;
     ECName i;
     SECKEYECParams *params;
 
     if (pubKey->keyType != ecKey) {
         PORT_Assert(0);
         return ec_noName;
@@ -205,179 +206,187 @@ ssl3_PubKey2ECName(SECKEYPublicKey *pubK
 
     params = &pubKey->u.ec.DEREncodedParams;
 
     /*
      * params->data needs to contain the ASN encoding of an object ID (OID)
      * representing a named curve. Here, we strip away everything
      * before the actual OID and use the OID to look up a named curve.
      */
-    if (params->data[0] != SEC_ASN1_OBJECT_ID) return ec_noName;
+    if (params->data[0] != SEC_ASN1_OBJECT_ID)
+        return ec_noName;
     oid.len = params->len - 2;
     oid.data = params->data + 2;
-    if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
-    if ((NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags)
-		== SECSuccess) && !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
-	return ec_noName;
+    if ((oidData = SECOID_FindOID(&oid)) == NULL)
+        return ec_noName;
+    if ((NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags) ==
+         SECSuccess) &&
+        !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
+        return ec_noName;
     }
     for (i = ec_noName + 1; i < ec_pastLastName; i++) {
         if (ecName2OIDTag[i] == oidData->offset)
             return i;
     }
 
     return ec_noName;
 }
 
 /* Caller must set hiLevel error code. */
 static SECStatus
 ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
                         SECItem ec_params, SECItem server_ecpoint,
                         SSL3Random *client_rand, SSL3Random *server_rand,
                         SSL3Hashes *hashes, PRBool bypassPKCS11)
 {
-    PRUint8     * hashBuf;
-    PRUint8     * pBuf;
-    SECStatus     rv            = SECSuccess;
-    unsigned int  bufLen;
+    PRUint8 *hashBuf;
+    PRUint8 *pBuf;
+    SECStatus rv = SECSuccess;
+    unsigned int bufLen;
     /*
      * XXX For now, we only support named curves (the appropriate
      * checks are made before this method is called) so ec_params
      * takes up only two bytes. ECPoint needs to fit in 256 bytes
      * (because the spec says the length must fit in one byte)
      */
-    PRUint8       buf[2*SSL3_RANDOM_LENGTH + 2 + 1 + 256];
+    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 1 + 256];
 
-    bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
+    bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
     if (bufLen <= sizeof buf) {
         hashBuf = buf;
-    } else {
+    }
+    else {
         hashBuf = PORT_Alloc(bufLen);
         if (!hashBuf) {
             return SECFailure;
         }
     }
 
     memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
-        pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
     memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
-        pBuf += SSL3_RANDOM_LENGTH;
+    pBuf += SSL3_RANDOM_LENGTH;
     memcpy(pBuf, ec_params.data, ec_params.len);
-        pBuf += ec_params.len;
+    pBuf += ec_params.len;
     pBuf[0] = (PRUint8)(server_ecpoint.len);
     pBuf += 1;
     memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
-        pBuf += server_ecpoint.len;
+    pBuf += server_ecpoint.len;
     PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
 
     rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
                                    bypassPKCS11);
 
     PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
     PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
-              hashes->u.s.md5, MD5_LENGTH));
+                   hashes->u.s.md5, MD5_LENGTH));
     PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
-              hashes->u.s.sha, SHA1_LENGTH));
+                   hashes->u.s.sha, SHA1_LENGTH));
 
     if (hashBuf != buf)
         PORT_Free(hashBuf);
     return rv;
 }
 
-
 /* Called from ssl3_SendClientKeyExchange(). */
 SECStatus
-ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
+ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
 {
-    PK11SymKey *        pms             = NULL;
-    SECStatus           rv              = SECFailure;
-    PRBool              isTLS, isTLS12;
-    CK_MECHANISM_TYPE   target;
-    SECKEYPublicKey     *pubKey = NULL;         /* Ephemeral ECDH key */
-    SECKEYPrivateKey    *privKey = NULL;        /* Ephemeral ECDH key */
+    PK11SymKey *pms = NULL;
+    SECStatus rv = SECFailure;
+    PRBool isTLS, isTLS12;
+    CK_MECHANISM_TYPE target;
+    SECKEYPublicKey *pubKey = NULL;   /* Ephemeral ECDH key */
+    SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
-    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
     isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     /* Generate ephemeral EC keypair */
     if (svrPubKey->keyType != ecKey) {
         PORT_SetError(SEC_ERROR_BAD_KEY);
         goto loser;
     }
     /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
     privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
                                         &pubKey, ss->pkcs11PinArg);
     if (!privKey || !pubKey) {
-            ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
-            rv = SECFailure;
-            goto loser;
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        rv = SECFailure;
+        goto loser;
     }
     PRINT_BUF(50, (ss, "ECDH public value:",
-                                        pubKey->u.ec.publicValue.data,
-                                        pubKey->u.ec.publicValue.len));
+                   pubKey->u.ec.publicValue.data,
+                   pubKey->u.ec.publicValue.len));
 
     if (isTLS12) {
         target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-    } else if (isTLS) {
+    }
+    else if (isTLS) {
         target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    } else {
+    }
+    else {
         target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
-                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-                            CKD_NULL, NULL, NULL);
+                                CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                                CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
-        SSL3AlertDescription desc  = illegal_parameter;
+        SSL3AlertDescription desc = illegal_parameter;
         (void)SSL3_SendAlert(ss, alert_fatal, desc);
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
     SECKEY_DestroyPrivateKey(privKey);
     privKey = NULL;
 
     rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
-                                        pubKey->u.ec.publicValue.len + 1);
+                                    pubKey->u.ec.publicValue.len + 1);
     if (rv != SECSuccess) {
-        goto loser;     /* err set by ssl3_AppendHandshake* */
+        goto loser; /* err set by ssl3_AppendHandshake* */
     }
 
     rv = ssl3_AppendHandshakeVariable(ss,
-                                        pubKey->u.ec.publicValue.data,
-                                        pubKey->u.ec.publicValue.len, 1);
+                                      pubKey->u.ec.publicValue.data,
+                                      pubKey->u.ec.publicValue.len, 1);
     SECKEY_DestroyPublicKey(pubKey);
     pubKey = NULL;
 
     if (rv != SECSuccess) {
-        goto loser;     /* err set by ssl3_AppendHandshake* */
+        goto loser; /* err set by ssl3_AppendHandshake* */
     }
 
-    rv = ssl3_InitPendingCipherSpec(ss,  pms);
-    PK11_FreeSymKey(pms); pms = NULL;
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    PK11_FreeSymKey(pms);
+    pms = NULL;
 
     if (rv != SECSuccess) {
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
     rv = SECSuccess;
 
 loser:
-    if(pms) PK11_FreeSymKey(pms);
-    if(privKey) SECKEY_DestroyPrivateKey(privKey);
-    if(pubKey) SECKEY_DestroyPublicKey(pubKey);
+    if (pms)
+        PK11_FreeSymKey(pms);
+    if (privKey)
+        SECKEY_DestroyPrivateKey(privKey);
+    if (pubKey)
+        SECKEY_DestroyPublicKey(pubKey);
     return rv;
 }
 
-
 ECName
 tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair)
 {
     return ssl3_PubKey2ECName(pair->pubKey);
 }
 
 /* This function returns the size of the key_exchange field in
  * the KeyShareEntry structure. */
@@ -390,102 +399,104 @@ tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair
 
 /* This function encodes the key_exchange field in
  * the KeyShareEntry structure. */
 SECStatus
 tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair)
 {
     const SECItem *publicValue;
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
-    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 
     publicValue = &pair->pubKey->u.ec.publicValue;
 
     return ssl3_AppendHandshakeVariable(ss, publicValue->data,
                                         publicValue->len, 1);
 }
 
 /*
 ** Called from ssl3_HandleClientKeyExchange()
 */
 SECStatus
 ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
                                  PRUint32 length,
                                  SECKEYPublicKey *srvrPubKey,
                                  SECKEYPrivateKey *srvrPrivKey)
 {
-    PK11SymKey *      pms;
-    SECStatus         rv;
-    SECKEYPublicKey   clntPubKey;
-    CK_MECHANISM_TYPE   target;
+    PK11SymKey *pms;
+    SECStatus rv;
+    SECKEYPublicKey clntPubKey;
+    CK_MECHANISM_TYPE target;
     PRBool isTLS, isTLS12;
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     clntPubKey.keyType = ecKey;
     clntPubKey.u.ec.DEREncodedParams.len =
         srvrPubKey->u.ec.DEREncodedParams.len;
     clntPubKey.u.ec.DEREncodedParams.data =
         srvrPubKey->u.ec.DEREncodedParams.data;
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
                                        1, &b, &length);
     if (rv != SECSuccess) {
         SEND_ALERT
-        return SECFailure;      /* XXX Who sets the error code?? */
+        return SECFailure; /* XXX Who sets the error code?? */
     }
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     if (isTLS12) {
         target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
-    } else if (isTLS) {
+    }
+    else if (isTLS) {
         target = CKM_TLS_MASTER_KEY_DERIVE_DH;
-    } else {
+    }
+    else {
         target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
     }
 
     /*  Determine the PMS */
     pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
-                            CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
-                            CKD_NULL, NULL, NULL);
+                                CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                                CKD_NULL, NULL, NULL);
 
     if (pms == NULL) {
         /* last gasp.  */
         ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
         return SECFailure;
     }
 
-    rv = ssl3_InitPendingCipherSpec(ss,  pms);
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
     PK11_FreeSymKey(pms);
     if (rv != SECSuccess) {
         SEND_ALERT
         return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
     }
     return SECSuccess;
 }
 
 /*
 ** Take an encoded key share and make a public key out of it.
 ** returns NULL on error.
 */
 SECKEYPublicKey *
 tls13_ImportECDHKeyShare(sslSocket *ss, SSL3Opaque *b,
                          PRUint32 length, ECName curve)
 {
-    PLArenaPool *    arena = NULL;
+    PLArenaPool *arena = NULL;
     SECKEYPublicKey *peerKey = NULL;
     SECStatus rv;
-    SECItem ecPoint  = {siBuffer, NULL, 0};
+    SECItem ecPoint = { siBuffer, NULL, 0 };
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ecPoint, 1, &b, &length);
     if (rv != SECSuccess) {
         tls13_FatalError(ss, SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE,
                          illegal_parameter);
         return NULL;
     }
     if (length || !ecPoint.len) {
@@ -524,28 +535,28 @@ tls13_ImportECDHKeyShare(sslSocket *ss, 
         SECSuccess) {
         goto no_memory;
     }
     peerKey->pkcs11Slot = NULL;
     peerKey->pkcs11ID = CK_INVALID_HANDLE;
 
     return peerKey;
 
-no_memory:      /* no-memory error has already been set. */
+no_memory: /* no-memory error has already been set. */
     PORT_FreeArena(arena, PR_FALSE);
     ssl_MapLowLevelError(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE);
     return NULL;
 }
 
 PK11SymKey *
-tls13_ComputeECDHSharedKey(sslSocket* ss,
+tls13_ComputeECDHSharedKey(sslSocket *ss,
                            SECKEYPrivateKey *myPrivKey,
                            SECKEYPublicKey *peerKey)
 {
-    PK11SymKey* shared;
+    PK11SymKey *shared;
 
     /* Determine the PMS */
     shared = PK11_PubDeriveWithKDF(myPrivKey, peerKey, PR_FALSE, NULL, NULL,
                                    CKM_ECDH1_DERIVE,
                                    tls13_GetHkdfMechanism(ss), CKA_DERIVE, 0,
                                    CKD_NULL, NULL, NULL);
 
     if (!shared) {
@@ -554,50 +565,51 @@ tls13_ComputeECDHSharedKey(sslSocket* ss
     }
 
     return shared;
 }
 
 ECName
 ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
 {
-    int    i;
+    int i;
 
-    for ( i = 0; bits2curve[i].curve != ec_noName; i++) {
+    for (i = 0; bits2curve[i].curve != ec_noName; i++) {
         if (bits2curve[i].bits < requiredECCbits)
             continue;
         if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
             return bits2curve[i].curve;
         }
     }
     PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
     return ec_noName;
 }
 
 /* find the "weakest link".  Get strength of signature key and of sym key.
  * choose curve for the weakest of those two.
  */
 ECName
 ssl3_GetCurveNameForServerSocket(sslSocket *ss)
 {
-    SECKEYPublicKey * svrPublicKey = NULL;
+    SECKEYPublicKey *svrPublicKey = NULL;
     ECName ec_curve = ec_noName;
-    int    signatureKeyStrength = 521;
-    int    requiredECCbits = ss->sec.secretKeyBits * 2;
+    int signatureKeyStrength = 521;
+    int requiredECCbits = ss->sec.secretKeyBits * 2;
 
     if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
         svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
         if (svrPublicKey)
             ec_curve = ssl3_PubKey2ECName(svrPublicKey);
         if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
             PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
             return ec_noName;
         }
-        signatureKeyStrength = curve2bits[ ec_curve ];
-    } else {
+        signatureKeyStrength = curve2bits[ec_curve];
+    }
+    else {
         /* RSA is our signing cert */
         int serverKeyStrengthInBits;
 
         svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
         if (!svrPublicKey) {
             PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
             return ec_noName;
         }
@@ -608,31 +620,31 @@ ssl3_GetCurveNameForServerSocket(sslSock
             serverKeyStrengthInBits--;
         }
         /* convert to strength in bits */
         serverKeyStrengthInBits *= BPB;
 
         signatureKeyStrength =
             SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
     }
-    if ( requiredECCbits > signatureKeyStrength )
-         requiredECCbits = signatureKeyStrength;
+    if (requiredECCbits > signatureKeyStrength)
+        requiredECCbits = signatureKeyStrength;
 
     return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
                                           requiredECCbits);
 }
 
 /* function to clear out the lists */
 static SECStatus
 ssl3_ShutdownECDHECurves(void *appData, void *nssData)
 {
     int i;
     ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
 
-    for (i=0; i < ec_pastLastName; i++, keyPair++) {
+    for (i = 0; i < ec_pastLastName; i++, keyPair++) {
         if (keyPair->pair) {
             ssl3_FreeKeyPair(keyPair->pair);
         }
     }
     memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
     return SECSuccess;
 }
 
@@ -644,21 +656,21 @@ ssl3_ECRegister(void)
     if (rv != SECSuccess) {
         gECDHEKeyPairs[ec_noName].error = PORT_GetError();
     }
     return (PRStatus)rv;
 }
 
 /* Create an ECDHE key pair for a given curve */
 SECStatus
-ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair)
+ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair **keyPair)
 {
-    SECKEYPrivateKey *    privKey  = NULL;
-    SECKEYPublicKey *     pubKey   = NULL;
-    SECKEYECParams        ecParams = { siBuffer, NULL, 0 };
+    SECKEYPrivateKey *privKey = NULL;
+    SECKEYPublicKey *pubKey = NULL;
+    SECKEYECParams ecParams = { siBuffer, NULL, 0 };
 
     if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
         return SECFailure;
     }
     privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
     SECITEM_FreeItem(&ecParams, PR_FALSE);
 
     if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
@@ -672,20 +684,20 @@ ssl3_CreateECDHEphemeralKeyPair(ECName e
         return SECFailure;
     }
 
     return SECSuccess;
 }
 
 /* CallOnce function, called once for each named curve. */
 static PRStatus
-ssl3_CreateECDHEphemeralKeyPairOnce(void * arg)
+ssl3_CreateECDHEphemeralKeyPairOnce(void *arg)
 {
-    ECName                ec_curve = (ECName)arg;
-    ssl3KeyPair *         keyPair  = NULL;
+    ECName ec_curve = (ECName)arg;
+    ssl3KeyPair *keyPair = NULL;
 
     PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
 
     /* ok, no one has generated a global key for this curve yet, do so */
     if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
         gECDHEKeyPairs[ec_curve].error = PORT_GetError();
         return PR_FAILURE;
     }
@@ -701,17 +713,17 @@ ssl3_CreateECDHEphemeralKeyPairOnce(void
  * strength as the signing certificate (ECC or RSA).
  * We need an API to specify the curve. This won't be a real
  * issue until we further develop server-side support for ECC
  * cipher suites.
  */
 static SECStatus
 ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
 {
-    ssl3KeyPair *         keyPair        = NULL;
+    ssl3KeyPair *keyPair = NULL;
 
     /* if there's no global key for this curve, make one. */
     if (gECDHEKeyPairs[ec_curve].pair == NULL) {
         PRStatus status;
 
         status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
         if (status != PR_SUCCESS) {
             PORT_SetError(gECDHEKeyPairs[ec_noName].error);
@@ -733,91 +745,91 @@ ssl3_CreateECDHEphemeralKeys(sslSocket *
     ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
 
     return SECSuccess;
 }
 
 SECStatus
 ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
-    PLArenaPool *    arena     = NULL;
-    SECKEYPublicKey *peerKey   = NULL;
-    PRBool           isTLS, isTLS12;
-    SECStatus        rv;
-    int              errCode   = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
-    SSL3AlertDescription desc  = illegal_parameter;
-    SSL3Hashes       hashes;
-    SECItem          signature = {siBuffer, NULL, 0};
+    PLArenaPool *arena = NULL;
+    SECKEYPublicKey *peerKey = NULL;
+    PRBool isTLS, isTLS12;
+    SECStatus rv;
+    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
+    SSL3AlertDescription desc = illegal_parameter;
+    SSL3Hashes hashes;
+    SECItem signature = { siBuffer, NULL, 0 };
 
-    SECItem          ec_params = {siBuffer, NULL, 0};
-    SECItem          ec_point  = {siBuffer, NULL, 0};
-    unsigned char    paramBuf[3]; /* only for curve_type == named_curve */
+    SECItem ec_params = { siBuffer, NULL, 0 };
+    SECItem ec_point = { siBuffer, NULL, 0 };
+    unsigned char paramBuf[3]; /* only for curve_type == named_curve */
     SSLSignatureAndHashAlg sigAndHash;
 
     sigAndHash.hashAlg = ssl_hash_none;
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
     isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
 
     /* XXX This works only for named curves, revisit this when
      * we support generic curves.
      */
-    ec_params.len  = sizeof paramBuf;
+    ec_params.len = sizeof paramBuf;
     ec_params.data = paramBuf;
     rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
     if (rv != SECSuccess) {
-        goto loser;             /* malformed. */
+        goto loser; /* malformed. */
     }
 
     /* Fail if the curve is not a named curve */
     if ((ec_params.data[0] != ec_type_named) ||
         (ec_params.data[1] != 0) ||
         !supportedCurve(ec_params.data[2])) {
-            errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
-            desc = handshake_failure;
-            goto alert_loser;
+        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+        desc = handshake_failure;
+        goto alert_loser;
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
     if (rv != SECSuccess) {
-        goto loser;             /* malformed. */
+        goto loser; /* malformed. */
     }
     /* Fail if the ec point uses compressed representation */
     if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
-            errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
-            desc = handshake_failure;
-            goto alert_loser;
+        errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+        desc = handshake_failure;
+        goto alert_loser;
     }
 
     if (isTLS12) {
         rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
                                                    &sigAndHash);
         if (rv != SECSuccess) {
-            goto loser;         /* malformed or unsupported. */
+            goto loser; /* malformed or unsupported. */
         }
         rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
             ss, &sigAndHash, ss->sec.peerCert);
         if (rv != SECSuccess) {
             goto loser;
         }
     }
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
     if (rv != SECSuccess) {
-        goto loser;             /* malformed. */
+        goto loser; /* malformed. */
     }
 
     if (length != 0) {
         if (isTLS)
             desc = decode_error;
-        goto alert_loser;               /* malformed. */
+        goto alert_loser; /* malformed. */
     }
 
     PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
-        ec_params.len));
+                   ec_params.len));
     PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
 
     /* failures after this point are not malformed handshakes. */
     /* TLS: send decrypt_error if signature failed. */
     desc = isTLS ? decrypt_error : handshake_failure;
 
     /*
      *  check to make sure the hash is signed by right guy
@@ -828,124 +840,126 @@ ssl3_HandleECDHServerKeyExchange(sslSock
                                  &hashes, ss->opt.bypassPKCS11);
 
     if (rv != SECSuccess) {
         errCode =
             ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
         goto alert_loser;
     }
     rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
-                                isTLS, ss->pkcs11PinArg);
-    if (rv != SECSuccess)  {
+                                 isTLS, ss->pkcs11PinArg);
+    if (rv != SECSuccess) {
         errCode =
             ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
         goto alert_loser;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto no_memory;
     }
 
     peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
     if (peerKey == NULL) {
         goto no_memory;
     }
 
-    peerKey->arena                 = arena;
-    peerKey->keyType               = ecKey;
+    peerKey->arena = arena;
+    peerKey->keyType = ecKey;
 
     /* set up EC parameters in peerKey */
     if (ssl3_ECName2Params(arena, ec_params.data[2],
-            &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
+                           &peerKey->u.ec.DEREncodedParams) !=
+        SECSuccess) {
         /* we should never get here since we already
          * checked that we are dealing with a supported curve
          */
         errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
         goto alert_loser;
     }
 
     /* copy publicValue in peerKey */
-    if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue,  &ec_point))
-    {
+    if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) {
         goto no_memory;
     }
-    peerKey->pkcs11Slot         = NULL;
-    peerKey->pkcs11ID           = CK_INVALID_HANDLE;
+    peerKey->pkcs11Slot = NULL;
+    peerKey->pkcs11ID = CK_INVALID_HANDLE;
 
     ss->sec.peerKey = peerKey;
     ss->ssl3.hs.ws = wait_cert_request;
 
     return SECSuccess;
 
 alert_loser:
     (void)SSL3_SendAlert(ss, alert_fatal, desc);
 loser:
     if (arena) {
         PORT_FreeArena(arena, PR_FALSE);
     }
-    PORT_SetError( errCode );
+    PORT_SetError(errCode);
     return SECFailure;
 
-no_memory:      /* no-memory error has already been set. */
+no_memory: /* no-memory error has already been set. */
     if (arena) {
         PORT_FreeArena(arena, PR_FALSE);
     }
     ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
     return SECFailure;
 }
 
 SECStatus
 ssl3_SendECDHServerKeyExchange(
     sslSocket *ss,
     const SSLSignatureAndHashAlg *sigAndHash)
 {
-    const ssl3KEADef * kea_def     = ss->ssl3.hs.kea_def;
-    SECStatus          rv          = SECFailure;
-    int                length;
-    PRBool             isTLS, isTLS12;
-    SECItem            signed_hash = {siBuffer, NULL, 0};
-    SSL3Hashes         hashes;
+    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
+    SECStatus rv = SECFailure;
+    int length;
+    PRBool isTLS, isTLS12;
+    SECItem signed_hash = { siBuffer, NULL, 0 };
+    SSL3Hashes hashes;
 
-    SECKEYPublicKey *  ecdhePub;
-    SECItem            ec_params = {siBuffer, NULL, 0};
-    unsigned char      paramBuf[3];
-    ECName             curve;
-    SSL3KEAType        certIndex;
+    SECKEYPublicKey *ecdhePub;
+    SECItem ec_params = { siBuffer, NULL, 0 };
+    unsigned char paramBuf[3];
+    ECName curve;
+    SSL3KEAType certIndex;
 
     /* Generate ephemeral ECDH key pair and send the public key */
     curve = ssl3_GetCurveNameForServerSocket(ss);
     if (curve == ec_noName) {
         goto loser;
     }
 
     if (ss->opt.reuseServerECDHEKey) {
         rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
-    } else {
+    }
+    else {
         rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
     }
     if (rv != SECSuccess) {
         goto loser;
     }
 
     ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
     PORT_Assert(ecdhePub != NULL);
     if (!ecdhePub) {
         PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
         return SECFailure;
     }
 
-    ec_params.len  = sizeof paramBuf;
+    ec_params.len = sizeof paramBuf;
     ec_params.data = paramBuf;
     curve = ssl3_PubKey2ECName(ecdhePub);
     if (curve != ec_noName) {
         ec_params.data[0] = ec_type_named;
         ec_params.data[1] = 0x00;
         ec_params.data[2] = curve;
-    } else {
+    }
+    else {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
         goto loser;
     }
 
     rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
                                  ec_params,
                                  ecdhePub->u.ec.publicValue,
                                  &ss->ssl3.hs.client_random,
@@ -966,55 +980,55 @@ ssl3_SendECDHServerKeyExchange(
     if (kea_def->kea == kea_ecdhe_rsa)
         certIndex = kt_rsa;
     else /* kea_def->kea == kea_ecdhe_ecdsa */
         certIndex = kt_ecdh;
 
     rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
                          &signed_hash, isTLS);
     if (rv != SECSuccess) {
-        goto loser;             /* ssl3_SignHashes has set err. */
+        goto loser; /* ssl3_SignHashes has set err. */
     }
     if (signed_hash.data == NULL) {
         /* how can this happen and rv == SECSuccess ?? */
         PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
         goto loser;
     }
 
     length = ec_params.len +
              1 + ecdhePub->u.ec.publicValue.len +
              (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
 
     rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
     if (rv != SECSuccess) {
-        goto loser;     /* err set by AppendHandshake. */
+        goto loser; /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
     if (rv != SECSuccess) {
-        goto loser;     /* err set by AppendHandshake. */
+        goto loser; /* err set by AppendHandshake. */
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
                                       ecdhePub->u.ec.publicValue.len, 1);
     if (rv != SECSuccess) {
-        goto loser;     /* err set by AppendHandshake. */
+        goto loser; /* err set by AppendHandshake. */
     }
 
     if (isTLS12) {
         rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
         if (rv != SECSuccess) {
-            goto loser;         /* err set by AppendHandshake. */
+            goto loser; /* err set by AppendHandshake. */
         }
     }
 
     rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
                                       signed_hash.len, 2);
     if (rv != SECSuccess) {
-        goto loser;     /* err set by AppendHandshake. */
+        goto loser; /* err set by AppendHandshake. */
     }
 
     PORT_Free(signed_hash.data);
     return SECSuccess;
 
 loser:
     if (signed_hash.data != NULL)
         PORT_Free(signed_hash.data);
@@ -1107,93 +1121,94 @@ static const ssl3CipherSuite ecSuites[] 
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     0 /* end of list marker */
 };
 
 /* On this socket, Disable the ECC cipher suites in the argument's list */
 SECStatus
-ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
+ssl3_DisableECCSuites(sslSocket *ss, const ssl3CipherSuite *suite)
 {
     if (!suite)
         suite = ecSuites;
     for (; *suite; ++suite) {
         PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
     }
     return SECSuccess;
 }
 
 /* Look at the server certs configured on this socket, and disable any
  * ECC cipher suites that are not supported by those certs.
  */
 void
-ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss)
+ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss)
 {
-    CERTCertificate * svrCert;
+    CERTCertificate *svrCert;
 
     svrCert = ss->serverCerts[kt_rsa].serverCert;
     if (!svrCert) {
         ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
     }
 
     svrCert = ss->serverCerts[kt_ecdh].serverCert;
     if (!svrCert) {
         ssl3_DisableECCSuites(ss, ecdh_suites);
         ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
-    } else {
+    }
+    else {
         SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
 
         switch (sigTag) {
-        case SEC_OID_PKCS1_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
-        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
-            ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
-            break;
-        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
-        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
-        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
-        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
-        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
-        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
-        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
-            ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
-            break;
-        default:
-            ssl3_DisableECCSuites(ss, ecdh_suites);
-            break;
+            case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+                ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
+                break;
+            case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+            case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+            case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+            case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+            case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+            case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+            case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+                ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
+                break;
+            default:
+                ssl3_DisableECCSuites(ss, ecdh_suites);
+                break;
         }
     }
 }
 
 /* Ask: is ANY ECC cipher suite enabled on this socket? */
 /* Order(N^2).  Yuk.  Also, this ignores export policy. */
 PRBool
-ssl3_IsECCEnabled(sslSocket * ss)
+ssl3_IsECCEnabled(sslSocket *ss)
 {
-    const ssl3CipherSuite * suite;
+    const ssl3CipherSuite *suite;
     PK11SlotInfo *slot;
 
     /* make sure we can do ECC */
-    slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE,  ss->pkcs11PinArg);
+    slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
     if (!slot) {
         return PR_FALSE;
     }
     PK11_FreeSlot(slot);
 
     /* make sure an ECC cipher is enabled */
     for (suite = ecSuites; *suite; ++suite) {
-        PRBool    enabled = PR_FALSE;
-        SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
+        PRBool enabled = PR_FALSE;
+        SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
 
         PORT_Assert(rv == SECSuccess); /* else is coding error */
         if (rv == SECSuccess && enabled)
             return PR_TRUE;
     }
     return PR_FALSE;
 }
 
@@ -1212,20 +1227,20 @@ static const PRUint8 suiteBECList[] = {
 static const PRUint8 tlsECList[] = {
      1,  2,  3,  4,  5,  6,  7,  8,
      9, 10, 11, 12, 13, 14, 15, 16,
     17, 18, 19, 20, 21, 22, 23, 24,
     25
 };
 
 static const PRUint8 ecPtFmt[6] = {
-    BE(11),         /* Extension type */
-    BE( 2),         /* octets that follow */
-         1,         /* octets that follow */
-         0          /* uncompressed type only */
+    BE(11), /* Extension type */
+    BE(2),  /* octets that follow */
+    1,      /* octets that follow */
+    0       /* uncompressed type only */
 };
 
 /* This function already presumes we can do ECC, ssl3_IsECCEnabled must be
  * called before this function. It looks to see if we have a token which
  * is capable of doing smaller than SuiteB curves. If the token can, we
  * presume the token can do the whole SSL suite of curves. If it can't we
  * presume the token that allowed ECC to be enabled can only do suite B
  * curves. */
@@ -1242,121 +1257,122 @@ ssl3_SuiteBOnly(sslSocket *ss)
         /* nope, presume we can only do suite B */
         return PR_TRUE;
     }
     /* we can, presume we can do all curves */
     PK11_FreeSlot(slot);
     return PR_FALSE;
 }
 
-#define APPEND_CURVE(CURVE_ID) \
-    if ((NSS_GetAlgorithmPolicy(ecName2OIDTag[CURVE_ID], &policy) \
-	       == SECFailure) || (policy & NSS_USE_ALG_IN_SSL_KX)) { \
-    	enabledCurves[pos++] = 0; \
-    	enabledCurves[pos++] = CURVE_ID; \
+#define APPEND_CURVE(CURVE_ID)                                       \
+    if ((NSS_GetAlgorithmPolicy(ecName2OIDTag[CURVE_ID], &policy) == \
+         SECFailure) ||                                              \
+        (policy & NSS_USE_ALG_IN_SSL_KX)) {                          \
+        enabledCurves[pos++] = 0;                                    \
+        enabledCurves[pos++] = CURVE_ID;                             \
     }
 
 /* Send our "canned" (precompiled) Supported Elliptic Curves extension,
  * which says that we support all TLS-defined named curves.
  */
 PRInt32
 ssl3_SendSupportedCurvesXtn(
-                        sslSocket * ss,
-                        PRBool      append,
-                        PRUint32    maxBytes)
+    sslSocket *ss,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     unsigned char enabledCurves[64];
     PRUint32 policy;
     PRInt32 extension_length;
     PRInt32 ecListSize = 0;
     unsigned int pos = 0;
     unsigned int i;
 
     if (!ss || !ssl3_IsECCEnabled(ss))
         return 0;
 
-    PORT_Assert(sizeof(enabledCurves) > sizeof(tlsECList)*2);
+    PORT_Assert(sizeof(enabledCurves) > sizeof(tlsECList) * 2);
     if (ssl3_SuiteBOnly(ss)) {
-	for (i=0; i < sizeof(suiteBECList); i++) {
-	    APPEND_CURVE(suiteBECList[i]);
-	}
+        for (i = 0; i < sizeof(suiteBECList); i++) {
+            APPEND_CURVE(suiteBECList[i]);
+        }
         ecListSize = pos;
-    } else {
-	for (i=0; i < sizeof(tlsECList); i++) {
-	    APPEND_CURVE(tlsECList[i]);
-	}
+    }
+    else {
+        for (i = 0; i < sizeof(tlsECList); i++) {
+            APPEND_CURVE(tlsECList[i]);
+        }
         ecListSize = pos;
     }
     extension_length =
-	2 /* extension type */ +
-	2 /* extension length */ +
-	2 /* elliptic curves length */ +
-	ecListSize;
-
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* elliptic curves length */ +
+        ecListSize;
 
     if (maxBytes < (PRUint32)extension_length) {
         return 0;
     }
- 
+
     if (append) {
-	SECStatus rv;
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_elliptic_curves_xtn, 2);
- 	if (rv != SECSuccess)
-	    return -1;
-	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
- 	if (rv != SECSuccess)
-	    return -1;
-	rv = ssl3_AppendHandshakeVariable(ss, enabledCurves,ecListSize, 2);
-	if (rv != SECSuccess)
-	    return -1;
+        SECStatus rv;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_elliptic_curves_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_AppendHandshakeVariable(ss, enabledCurves, ecListSize, 2);
+        if (rv != SECSuccess)
+            return -1;
         if (!ss->sec.isServer) {
             TLSExtensionData *xtnData = &ss->xtnData;
             xtnData->advertised[xtnData->numAdvertised++] =
                 ssl_elliptic_curves_xtn;
         }
     }
     return extension_length;
 }
 
 PRUint32
 ssl3_GetSupportedECCurveMask(sslSocket *ss)
 {
     int i;
-    PRUint32 curves  = 0;
+    PRUint32 curves = 0;
     PRUint32 policyFlags = 0;
 
-    PORT_Assert(ec_pastLastName < sizeof(PRUint32)*8);
-   
+    PORT_Assert(ec_pastLastName < sizeof(PRUint32) * 8);
+
     if (ssl3_SuiteBOnly(ss)) {
         curves = SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
-    } else {
-	curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
+    }
+    else {
+        curves = SSL3_ALL_SUPPORTED_CURVES_MASK;
     }
 
-    for (i= ec_noName+1; i < ec_pastLastName; i++) {
-	PRUint32 curve_bit = (1U << i);
-	if ((curves & curve_bit) &&
-	   (NSS_GetAlgorithmPolicy(ecName2OIDTag[i], &policyFlags) 
-		== SECSuccess) &&
-	   !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
-		curves &= ~curve_bit;
-	}
+    for (i = ec_noName + 1; i < ec_pastLastName; i++) {
+        PRUint32 curve_bit = (1U << i);
+        if ((curves & curve_bit) &&
+            (NSS_GetAlgorithmPolicy(ecName2OIDTag[i], &policyFlags) ==
+             SECSuccess) &&
+            !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
+            curves &= ~curve_bit;
+        }
     }
     return curves;
-	
 }
 
 /* Send our "canned" (precompiled) Supported Point Formats extension,
  * which says that we only support uncompressed points.
  */
 PRInt32
 ssl3_SendSupportedPointFormatsXtn(
-                        sslSocket * ss,
-                        PRBool      append,
-                        PRUint32    maxBytes)
+    sslSocket *ss,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     if (!ss || !ssl3_IsECCEnabled(ss))
         return 0;
     if (append && maxBytes >= (sizeof ecPtFmt)) {
         SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
         if (rv != SECSuccess)
             return -1;
         if (!ss->sec.isServer) {
@@ -1376,57 +1392,57 @@ ssl3_HandleSupportedPointFormatsXtn(sslS
                                     SECItem *data)
 {
     int i;
 
     if (data->len < 2 || data->len > 255 || !data->data ||
         data->len != (unsigned int)data->data[0] + 1) {
         return ssl3_DecodeError(ss);
     }
-    for (i = data->len; --i > 0; ) {
+    for (i = data->len; --i > 0;) {
         if (data->data[i] == 0) {
             /* indicate that we should send a reply */
             SECStatus rv;
             rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                              &ssl3_SendSupportedPointFormatsXtn);
+                                                         &ssl3_SendSupportedPointFormatsXtn);
             return rv;
         }
     }
 
     /* evil client doesn't support uncompressed */
     ssl3_DisableECCSuites(ss, ecSuites);
     return SECSuccess;
 }
 
-
-#define SSL3_GET_SERVER_PUBLICKEY(sock, type) \
-    (ss->serverCerts[type].serverKeyPair ? \
-    ss->serverCerts[type].serverKeyPair->pubKey : NULL)
+#define SSL3_GET_SERVER_PUBLICKEY(sock, type)                                          \
+    (ss->serverCerts[type].serverKeyPair ? ss->serverCerts[type].serverKeyPair->pubKey \
+                                         : NULL)
 
 /* Extract the TLS curve name for the public key in our EC server cert. */
-ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
+ECName
+ssl3_GetSvrCertCurveName(sslSocket *ss)
 {
-    SECKEYPublicKey       *srvPublicKey;
-    ECName                ec_curve       = ec_noName;
+    SECKEYPublicKey *srvPublicKey;
+    ECName ec_curve = ec_noName;
 
     srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
     if (srvPublicKey) {
         ec_curve = ssl3_PubKey2ECName(srvPublicKey);
     }
     return ec_curve;
 }
 
 /* Ensure that the curve in our server cert is one of the ones supported
  * by the remote client, and disable all ECC cipher suites if not.
  */
 SECStatus
 ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
-    PRInt32  list_len;
-    PRUint32 peerCurves   = 0;
+    PRInt32 list_len;
+    PRUint32 peerCurves = 0;
     PRUint32 mutualCurves = 0;
     PRUint16 svrCertCurveName;
 
     if (!data->data || data->len < 4) {
         (void)ssl3_DecodeError(ss);
         return SECFailure;
     }
 
@@ -1434,17 +1450,17 @@ ssl3_HandleSupportedCurvesXtn(sslSocket 
     list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
         (void)ssl3_DecodeError(ss);
         return SECFailure;
     }
     /* build bit vector of peer's supported curve names */
     while (data->len) {
         PRInt32 curve_name =
-                ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+            ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
         if (curve_name < 0) {
             return SECFailure; /* fatal alert already sent */
         }
         if (curve_name > ec_noName && curve_name < ec_pastLastName) {
             peerCurves |= (1U << curve_name);
         }
     }
     /* What curves do we support in common? */
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -16,89 +16,89 @@
 #include "pk11pub.h"
 #ifdef NO_PKCS11_BYPASS
 #include "blapit.h"
 #else
 #include "blapi.h"
 #endif
 #include "prinit.h"
 
-static unsigned char  key_name[SESS_TICKET_KEY_NAME_LEN];
-static PK11SymKey    *session_ticket_enc_key_pkcs11 = NULL;
-static PK11SymKey    *session_ticket_mac_key_pkcs11 = NULL;
+static unsigned char key_name[SESS_TICKET_KEY_NAME_LEN];
+static PK11SymKey *session_ticket_enc_key_pkcs11 = NULL;
+static PK11SymKey *session_ticket_mac_key_pkcs11 = NULL;
 
 #ifndef NO_PKCS11_BYPASS
-static unsigned char  session_ticket_enc_key[AES_256_KEY_LENGTH];
-static unsigned char  session_ticket_mac_key[SHA256_LENGTH];
-
-static PRBool         session_ticket_keys_initialized = PR_FALSE;
+static unsigned char session_ticket_enc_key[AES_256_KEY_LENGTH];
+static unsigned char session_ticket_mac_key[SHA256_LENGTH];
+
+static PRBool session_ticket_keys_initialized = PR_FALSE;
 #endif
 static PRCallOnceType generate_session_keys_once;
 
 /* forward static function declarations */
 static SECStatus ssl3_ParseEncryptedSessionTicket(sslSocket *ss,
-    SECItem *data, EncryptedSessionTicket *enc_session_ticket);
+                                                  SECItem *data, EncryptedSessionTicket *enc_session_ticket);
 static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf,
-    PRUint32 bytes);
+                                   PRUint32 bytes);
 static SECStatus ssl3_AppendNumberToItem(SECItem *item, PRUint32 num,
-    PRInt32 lenSize);
+                                         PRInt32 lenSize);
 static SECStatus ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss,
-    PK11SymKey **aes_key, PK11SymKey **mac_key);
+                                                 PK11SymKey **aes_key, PK11SymKey **mac_key);
 #ifndef NO_PKCS11_BYPASS
 static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
-    PRUint32 *aes_key_length, const unsigned char **mac_key,
-    PRUint32 *mac_key_length);
+                                           PRUint32 *aes_key_length, const unsigned char **mac_key,
+                                           PRUint32 *mac_key_length);
 #endif
-static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss,
-    PRBool append, PRUint32 maxBytes);
+static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket *ss,
+                                             PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
-    PRUint16 ex_type, SECItem *data);
+                                                 PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
-                        PRUint16 ex_type, SECItem *data);
+                                                   PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
-                        PRUint16 ex_type, SECItem *data);
+                                              PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
-                        PRUint16 ex_type, SECItem *data);
+                                                   PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
                                               SECItem *data);
 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
                                                PRUint32 maxBytes);
 static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
                                           PRUint32 maxBytes);
 static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
                                           PRUint32 maxBytes);
 static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append,
                                          PRUint32 maxBytes);
 static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append,
                                          PRUint32 maxBytes);
-static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
+static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
                                              SECItem *data);
-static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
+static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
                                              SECItem *data);
-static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
-    PRBool append, PRUint32 maxBytes);
+static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket *ss,
+                                               PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-    PRUint16 ex_type, SECItem *data);
+                                                   PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
                                                    PRUint16 ex_type,
                                                    SECItem *data);
-static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
+static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
                                                PRUint32 maxBytes);
 static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
                                          PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
                                              SECItem *data);
 
 static PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
                                                      PRBool append,
                                                      PRUint32 maxBytes);
 static SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
                                                          PRUint16 ex_type,
                                                          SECItem *data);
-static PRInt32 ssl3_ServerSendSignedCertTimestampXtn(sslSocket * ss,
+static PRInt32 ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
                                                      PRBool append,
                                                      PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleSignedCertTimestampXtn(sslSocket *ss,
                                                          PRUint16 ex_type,
                                                          SECItem *data);
 static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
                                               PRUint32 maxBytes);
 static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
@@ -138,69 +138,69 @@ ssl3_AppendToItem(SECItem *item, const u
  * Write a number in network byte order. Using this function means the
  * SECItem structure cannot be freed.  The caller is expected to call
  * this function on a shallow copy of the structure.
  */
 static SECStatus
 ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize)
 {
     SECStatus rv;
-    PRUint8   b[4];
-    PRUint8 * p = b;
+    PRUint8 b[4];
+    PRUint8 *p = b;
 
     switch (lenSize) {
-    case 4:
-        *p++ = (PRUint8) (num >> 24);
-    case 3:
-        *p++ = (PRUint8) (num >> 16);
-    case 2:
-        *p++ = (PRUint8) (num >> 8);
-    case 1:
-        *p = (PRUint8) num;
+        case 4:
+            *p++ = (PRUint8)(num >> 24);
+        case 3:
+            *p++ = (PRUint8)(num >> 16);
+        case 2:
+            *p++ = (PRUint8)(num >> 8);
+        case 1:
+            *p = (PRUint8)num;
     }
     rv = ssl3_AppendToItem(item, &b[0], lenSize);
     return rv;
 }
 
-static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData)
+static SECStatus
+ssl3_SessionTicketShutdown(void *appData, void *nssData)
 {
     if (session_ticket_enc_key_pkcs11) {
         PK11_FreeSymKey(session_ticket_enc_key_pkcs11);
         session_ticket_enc_key_pkcs11 = NULL;
     }
     if (session_ticket_mac_key_pkcs11) {
         PK11_FreeSymKey(session_ticket_mac_key_pkcs11);
         session_ticket_mac_key_pkcs11 = NULL;
     }
     PORT_Memset(&generate_session_keys_once, 0,
-        sizeof(generate_session_keys_once));
+                sizeof(generate_session_keys_once));
     return SECSuccess;
 }
 
-
 static PRStatus
 ssl3_GenerateSessionTicketKeysPKCS11(void *data)
 {
     SECStatus rv;
     sslSocket *ss = (sslSocket *)data;
     SECKEYPrivateKey *svrPrivKey = ss->serverCerts[kt_rsa].SERVERKEY;
     SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey;
 
     if (svrPrivKey == NULL || svrPubKey == NULL) {
         SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.",
-                        SSL_GETPID(), ss->fd));
+                 SSL_GETPID(), ss->fd));
         goto loser;
     }
 
     /* Get a copy of the session keys from shared memory. */
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+                sizeof(SESS_TICKET_KEY_NAME_PREFIX));
     if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey,
-            ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-            &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
+                                        ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
+                                        &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11))
         return PR_FAILURE;
 
     rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL);
     if (rv != SECSuccess)
         goto loser;
 
     return PR_SUCCESS;
 
@@ -209,50 +209,51 @@ loser:
     return PR_FAILURE;
 }
 
 static SECStatus
 ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key,
                                 PK11SymKey **mac_key)
 {
     if (PR_CallOnceWithArg(&generate_session_keys_once,
-            ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS)
+                           ssl3_GenerateSessionTicketKeysPKCS11, ss) !=
+        PR_SUCCESS)
         return SECFailure;
 
     if (session_ticket_enc_key_pkcs11 == NULL ||
         session_ticket_mac_key_pkcs11 == NULL)
         return SECFailure;
 
     *aes_key = session_ticket_enc_key_pkcs11;
     *mac_key = session_ticket_mac_key_pkcs11;
     return SECSuccess;
 }
 
 #ifndef NO_PKCS11_BYPASS
 static PRStatus
 ssl3_GenerateSessionTicketKeys(void)
 {
     PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX,
-        sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+                sizeof(SESS_TICKET_KEY_NAME_PREFIX));
 
     if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN],
-            session_ticket_enc_key, session_ticket_mac_key))
+                                  session_ticket_enc_key, session_ticket_mac_key))
         return PR_FAILURE;
 
     session_ticket_keys_initialized = PR_TRUE;
     return PR_SUCCESS;
 }
 
 static SECStatus
 ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
-    PRUint32 *aes_key_length, const unsigned char **mac_key,
-    PRUint32 *mac_key_length)
+                          PRUint32 *aes_key_length, const unsigned char **mac_key,
+                          PRUint32 *mac_key_length)
 {
     if (PR_CallOnce(&generate_session_keys_once,
-            ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
+                    ssl3_GenerateSessionTicketKeys) != PR_SUCCESS)
         return SECFailure;
 
     if (!session_ticket_keys_initialized)
         return SECFailure;
 
     *aes_key = session_ticket_enc_key;
     *aes_key_length = sizeof(session_ticket_enc_key);
     *mac_key = session_ticket_mac_key;
@@ -263,121 +264,123 @@ ssl3_GetSessionTicketKeys(const unsigned
 #endif
 
 /* Table of handlers for received TLS hello extensions, one per extension.
  * In the second generation, this table will be dynamic, and functions
  * will be registered here.
  */
 /* This table is used by the server, to handle client hello extensions. */
 static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
-    { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
+    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
 #ifndef NSS_DISABLE_ECC
-    { ssl_elliptic_curves_xtn,    &ssl3_HandleSupportedCurvesXtn },
-    { ssl_ec_point_formats_xtn,   &ssl3_HandleSupportedPointFormatsXtn },
+    { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
+    { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
 #endif
-    { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
+    { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
+    { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
     { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
-    { ssl_use_srtp_xtn,           &ssl3_ServerHandleUseSRTPXtn },
-    { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
+    { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
+    { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
     { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
     { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
     { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
     { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
     { ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
     { -1, NULL }
 };
 
 /* These two tables are used by the client, to handle server hello
  * extensions. */
 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
-    { ssl_server_name_xtn,        &ssl3_HandleServerNameXtn },
+    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
     /* TODO: add a handler for ssl_ec_point_formats_xtn */
-    { ssl_session_ticket_xtn,     &ssl3_ClientHandleSessionTicketXtn },
+    { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-    { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
+    { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
     { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
-    { ssl_use_srtp_xtn,           &ssl3_ClientHandleUseSRTPXtn },
-    { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
+    { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
+    { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
     { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
     { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
-    { ssl_tls13_key_share_xtn,    &tls13_ClientHandleKeyShareXtn },
+    { ssl_tls13_key_share_xtn, &tls13_ClientHandleKeyShareXtn },
     { -1, NULL }
 };
 
 static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = {
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { -1, NULL }
 };
 
 /* Tables of functions to format TLS hello extensions, one function per
  * extension.
  * These static tables are for the formatting of client hello extensions.
  * The server's table of hello senders is dynamic, in the socket struct,
  * and sender functions are registered there.
  */
-static const
-ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
-    { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
-    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
+static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
+    {
+      { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
+      { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
 #ifndef NSS_DISABLE_ECC
-    { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
-    { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
+      { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
+      { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
 #endif
-    { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
-    { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
-    { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
-    { ssl_use_srtp_xtn,           &ssl3_ClientSendUseSRTPXtn },
-    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
-    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
-    { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
-    { ssl_extended_master_secret_xtn,       &ssl3_SendExtendedMasterSecretXtn},
-    { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
-    { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
-    /* any extra entries will appear as { 0, NULL }    */
-};
-
-static const
-ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
-    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
-    /* any extra entries will appear as { 0, NULL }    */
-};
+      { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
+      { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
+      { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
+      { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
+      { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
+      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+      { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+      { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
+      { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
+      { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
+      /* any extra entries will appear as { 0, NULL }    */
+    };
+
+static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] =
+    {
+      { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
+      /* any extra entries will appear as { 0, NULL }    */
+    };
 
 static PRBool
 arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
 {
     unsigned int i;
     for (i = 0; i < len; i++) {
         if (ex_type == array[i])
             return PR_TRUE;
     }
     return PR_FALSE;
 }
 
 PRBool
-ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) {
+ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type)
+{
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->negotiated,
                                   xtnData->numNegotiated, ex_type);
 }
 
 static PRBool
-ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) {
+ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type)
+{
     TLSExtensionData *xtnData = &ss->xtnData;
     return arrayContainsExtension(xtnData->advertised,
                                   xtnData->numAdvertised, ex_type);
 }
 
 /* Format an SNI extension, using the name from the socket's URL,
  * unless that name is a dotted decimal string.
  * Used by client and server.
  */
 PRInt32
-ssl3_SendServerNameXtn(sslSocket * ss, PRBool append,
+ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
                        PRUint32 maxBytes)
 {
     SECStatus rv;
     if (!ss)
         return 0;
     if (!ss->sec.isServer) {
         PRUint32 len;
         PRNetAddr netAddr;
@@ -385,61 +388,68 @@ ssl3_SendServerNameXtn(sslSocket * ss, P
         /* must have a hostname */
         if (!ss->url || !ss->url[0])
             return 0;
         /* must not be an IPv4 or IPv6 address */
         if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
             /* is an IP address (v4 or v6) */
             return 0;
         }
-        len  = PORT_Strlen(ss->url);
+        len = PORT_Strlen(ss->url);
         if (append && maxBytes >= len + 9) {
             /* extension_type */
             rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
-            if (rv != SECSuccess) return -1;
+            if (rv != SECSuccess)
+                return -1;
             /* length of extension_data */
             rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2);
-            if (rv != SECSuccess) return -1;
+            if (rv != SECSuccess)
+                return -1;
             /* length of server_name_list */
             rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
-            if (rv != SECSuccess) return -1;
+            if (rv != SECSuccess)
+                return -1;
             /* Name Type (sni_host_name) */
-            rv = ssl3_AppendHandshake(ss,       "\0",    1);
-            if (rv != SECSuccess) return -1;
+            rv = ssl3_AppendHandshake(ss, "\0", 1);
+            if (rv != SECSuccess)
+                return -1;
             /* HostName (length and value) */
             rv = ssl3_AppendHandshakeVariable(ss, (PRUint8 *)ss->url, len, 2);
-            if (rv != SECSuccess) return -1;
+            if (rv != SECSuccess)
+                return -1;
             if (!ss->sec.isServer) {
                 TLSExtensionData *xtnData = &ss->xtnData;
                 xtnData->advertised[xtnData->numAdvertised++] =
                     ssl_server_name_xtn;
             }
         }
         return len + 9;
     }
     /* Server side */
     if (append && maxBytes >= 4) {
         rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
-        if (rv != SECSuccess)  return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* length of extension_data */
         rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
     }
     return 4;
 }
 
 /* handle an incoming SNI extension, by ignoring it. */
 SECStatus
-ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
+ssl3_HandleServerNameXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECItem *names = NULL;
     PRUint32 listCount = 0, namesPos = 0, i;
     TLSExtensionData *xtnData = &ss->xtnData;
-    SECItem  ldata;
-    PRInt32  listLenBytes = 0;
+    SECItem ldata;
+    PRInt32 listLenBytes = 0;
 
     if (!ss->sec.isServer) {
         return SECSuccess; /* ignore extension */
     }
 
     /* Server side - consume client data and register server sender. */
     /* do not parse the data if don't have user extension handling function. */
     if (!ss->sniSocketConfig) {
@@ -476,25 +486,25 @@ ssl3_HandleServerNameXtn(sslSocket * ss,
             return SECFailure;
         }
         listCount += 1;
     }
     names = PORT_ZNewArray(SECItem, listCount);
     if (!names) {
         return SECFailure;
     }
-    for (i = 0;i < listCount;i++) {
+    for (i = 0; i < listCount; i++) {
         unsigned int j;
-        PRInt32  type;
+        PRInt32 type;
         SECStatus rv;
         PRBool nametypePresent = PR_FALSE;
         /* Name Type (sni_host_name) */
         type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len);
         /* Check if we have such type in the list */
-        for (j = 0;j < listCount && names[j].data;j++) {
+        for (j = 0; j < listCount && names[j].data; j++) {
             /* TODO bug 998524: .type is not assigned a value */
             if (names[j].type == type) {
                 nametypePresent = PR_TRUE;
                 break;
             }
         }
         /* HostName (length and value) */
         rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2,
@@ -521,19 +531,19 @@ ssl3_HandleServerNameXtn(sslSocket * ss,
 }
 
 /* Called by both clients and servers.
  * Clients sends a filled in session ticket if one is available, and otherwise
  * sends an empty ticket.  Servers always send empty tickets.
  */
 PRInt32
 ssl3_SendSessionTicketXtn(
-                        sslSocket * ss,
-                        PRBool      append,
-                        PRUint32    maxBytes)
+    sslSocket *ss,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     NewSessionTicket *session_ticket = NULL;
     sslSessionID *sid = ss->sec.ci.sid;
 
     /* Ignore the SessionTicket extension if processing is disabled. */
     if (!ss->opt.enableSessionTickets)
         return 0;
@@ -555,20 +565,22 @@ ssl3_SendSessionTicketXtn(
          * will only be holding the lock when we are the client and when we're
          * attempting to resume an existing session.
          */
 
         session_ticket = &sid->u.ssl3.locked.sessionTicket;
         if (session_ticket->ticket.data) {
             if (ss->xtnData.ticketTimestampVerified) {
                 extension_length += session_ticket->ticket.len;
-            } else if (!append &&
-                (session_ticket->ticket_lifetime_hint == 0 ||
-                (session_ticket->ticket_lifetime_hint +
-                    session_ticket->received_timestamp > ssl_Time()))) {
+            }
+            else if (!append &&
+                     (session_ticket->ticket_lifetime_hint == 0 ||
+                      (session_ticket->ticket_lifetime_hint +
+                           session_ticket->received_timestamp >
+                       ssl_Time()))) {
                 extension_length += session_ticket->ticket.len;
                 ss->xtnData.ticketTimestampVerified = PR_TRUE;
             }
         }
     }
 
     if (maxBytes < (PRUint32)extension_length) {
         PORT_Assert(0);
@@ -578,41 +590,42 @@ ssl3_SendSessionTicketXtn(
         SECStatus rv;
         /* extension_type */
         rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
         if (session_ticket && session_ticket->ticket.data &&
             ss->xtnData.ticketTimestampVerified) {
             rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data,
-                session_ticket->ticket.len, 2);
+                                              session_ticket->ticket.len, 2);
             ss->xtnData.ticketTimestampVerified = PR_FALSE;
             ss->xtnData.sentSessionTicketInClientHello = PR_TRUE;
-        } else {
+        }
+        else {
             rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
         }
         if (rv != SECSuccess)
             goto loser;
 
         if (!ss->sec.isServer) {
             TLSExtensionData *xtnData = &ss->xtnData;
             xtnData->advertised[xtnData->numAdvertised++] =
                 ssl_session_ticket_xtn;
         }
     }
     return extension_length;
 
- loser:
+loser:
     ss->xtnData.ticketTimestampVerified = PR_FALSE;
     return -1;
 }
 
 /* handle an incoming Next Protocol Negotiation extension. */
 static SECStatus
-ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type,
+ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
     if (ss->firstHsDone || data->len != 0) {
         /* Clients MUST send an empty NPN extension, if any. */
         PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
         return SECFailure;
     }
 
@@ -624,22 +637,22 @@ ssl3_ServerHandleNextProtoNegoXtn(sslSoc
 
     return SECSuccess;
 }
 
 /* ssl3_ValidateNextProtoNego checks that the given block of data is valid: none
  * of the lengths may be 0 and the sum of the lengths must equal the length of
  * the block. */
 SECStatus
-ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length)
+ssl3_ValidateNextProtoNego(const unsigned char *data, unsigned int length)
 {
     unsigned int offset = 0;
 
     while (offset < length) {
-        unsigned int newOffset = offset + 1 + (unsigned int) data[offset];
+        unsigned int newOffset = offset + 1 + (unsigned int)data[offset];
         /* Reject embedded nulls to protect against buggy applications that
          * store protocol identifiers in null-terminated strings.
          */
         if (newOffset > length || data[offset] == 0) {
             return SECFailure;
         }
         offset = newOffset;
     }
@@ -725,17 +738,17 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *
 
     if (!ss->nextProtoCallback) {
         /* we're not configured for it */
         return SECSuccess;
     }
 
     rv = ssl3_SelectAppProtocol(ss, ex_type, data);
     if (rv != SECSuccess) {
-      return rv;
+        return rv;
     }
 
     /* prepare to send back a response, if we negotiated */
     if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
         rv = ssl3_RegisterServerHelloExtensionSender(
             ss, ex_type, ssl3_ServerSendAppProtoXtn);
         if (rv != SECSuccess) {
             (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
@@ -819,17 +832,17 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
     ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name);
 }
 
 static PRInt32
-ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
+ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
                                 PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
         return 0;
     }
@@ -843,27 +856,27 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
         SECStatus rv;
         rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
         rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
         if (rv != SECSuccess)
             goto loser;
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_next_proto_nego_xtn;
+            ssl_next_proto_nego_xtn;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
 static PRInt32
-ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     unsigned char *alpn_protos = NULL;
 
     /* Renegotiations do not send this extension. */
     if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
         return 0;
     }
@@ -888,17 +901,18 @@ ssl3_ClientSendAppProtoXtn(sslSocket * s
             return SECFailure;
         }
         if (len > 0) {
             /* Each protocol string is prefixed with a single byte length. */
             unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
             if (i <= len) {
                 memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
                 memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
-            } else {
+            }
+            else {
                 /* This seems to be invalid data so we'll send as-is. */
                 memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
             }
         }
 
         rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
         if (rv != SECSuccess) {
             goto loser;
@@ -909,30 +923,30 @@ ssl3_ClientSendAppProtoXtn(sslSocket * s
         }
         rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
         PORT_Free(alpn_protos);
         alpn_protos = NULL;
         if (rv != SECSuccess) {
             goto loser;
         }
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_app_layer_protocol_xtn;
+            ssl_app_layer_protocol_xtn;
     }
 
     return extension_length;
 
 loser:
     if (alpn_protos) {
         PORT_Free(alpn_protos);
     }
     return -1;
 }
 
 static PRInt32
-ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     /* we're in over our heads if any of these fail */
     PORT_Assert(ss->opt.enableALPN);
     PORT_Assert(ss->ssl3.nextProto.data);
     PORT_Assert(ss->ssl3.nextProto.len > 0);
     PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
@@ -966,47 +980,48 @@ ssl3_ServerSendAppProtoXtn(sslSocket * s
         }
     }
 
     return extension_length;
 }
 
 static SECStatus
 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-                                 SECItem *data)
+                                  SECItem *data)
 {
     /* The echoed extension must be empty. */
     if (data->len != 0) {
-       return SECSuccess;  /* Ignore the extension. */
+        return SECSuccess; /* Ignore the extension. */
     }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
 
     return SECSuccess;
 }
 
 static PRInt32
 ssl3_ServerSendStatusRequestXtn(
-                        sslSocket * ss,
-                        PRBool      append,
-                        PRUint32    maxBytes)
+    sslSocket *ss,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     SSLKEAType effectiveExchKeyType;
     SECStatus rv;
 
     /* ssl3_SendCertificateStatus (which sents the certificate status data)
      * uses the exact same logic to select the server certificate
      * and determine if we have the status for that certificate. */
 
     if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
         ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
         effectiveExchKeyType = ssl_kea_rsa;
-    } else {
+    }
+    else {
         effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
     }
 
     if (!ss->certStatusArray[effectiveExchKeyType] ||
         !ss->certStatusArray[effectiveExchKeyType]->len) {
         return 0;
     }
 
@@ -1027,411 +1042,461 @@ ssl3_ServerSendStatusRequestXtn(
     }
 
     return extension_length;
 }
 
 /* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
  * client side. See RFC 4366 section 3.6. */
 static PRInt32
-ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
-                               PRUint32 maxBytes)
+ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
+                                PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     if (!ss->opt.enableOCSPStapling)
-       return 0;
+        return 0;
 
     /* extension_type (2-bytes) +
      * length(extension_data) (2-bytes) +
      * status_type (1) +
      * responder_id_list length (2) +
      * request_extensions length (2)
      */
     extension_length = 9;
 
     if (maxBytes < (PRUint32)extension_length) {
-       PORT_Assert(0);
-       return 0;
+        PORT_Assert(0);
+        return 0;
     }
     if (append) {
-       SECStatus rv;
-       TLSExtensionData *xtnData;
-
-       /* extension_type */
-       rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-       if (rv != SECSuccess)
-           return -1;
-       rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-       if (rv != SECSuccess)
-           return -1;
-       rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
-       if (rv != SECSuccess)
-           return -1;
-       /* A zero length responder_id_list means that the responders are
-        * implicitly known to the server. */
-       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-       if (rv != SECSuccess)
-           return -1;
-       /* A zero length request_extensions means that there are no extensions.
-        * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-        * means that the server can replay a cached OCSP response to us. */
-       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-       if (rv != SECSuccess)
-           return -1;
-
-       xtnData = &ss->xtnData;
-       xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+        SECStatus rv;
+        TLSExtensionData *xtnData;
+
+        /* extension_type */
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length responder_id_list means that the responders are
+         * implicitly known to the server. */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length request_extensions means that there are no extensions.
+         * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+         * means that the server can replay a cached OCSP response to us. */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData = &ss->xtnData;
+        xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
     }
     return extension_length;
 }
 
 /*
  * NewSessionTicket
  * Called from ssl3_HandleFinished
  */
 SECStatus
 ssl3_SendNewSessionTicket(sslSocket *ss)
 {
     PRUint32 i;
-    SECStatus            rv;
-    NewSessionTicket     ticket;
-    SECItem              plaintext;
-    SECItem              plaintext_item = {0, NULL, 0};
-    SECItem              ciphertext     = {0, NULL, 0};
-    PRUint32             ciphertext_length;
-    PRBool               ms_is_wrapped;
-    unsigned char        wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
-    SECItem              ms_item = {0, NULL, 0};
-    SSL3KEAType          effectiveExchKeyType = ssl_kea_null;
-    PRUint32             padding_length;
-    PRUint32             message_length;
-    PRUint32             cert_length = 0;
-    PRUint8              length_buf[4];
-    PRUint32             now;
-    PK11SymKey          *aes_key_pkcs11;
-    PK11SymKey          *mac_key_pkcs11;
+    SECStatus rv;
+    NewSessionTicket ticket;
+    SECItem plaintext;
+    SECItem plaintext_item = { 0, NULL, 0 };
+    SECItem ciphertext = { 0, NULL, 0 };
+    PRUint32 ciphertext_length;
+    PRBool ms_is_wrapped;
+    unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
+    SECItem ms_item = { 0, NULL, 0 };
+    SSL3KEAType effectiveExchKeyType = ssl_kea_null;
+    PRUint32 padding_length;
+    PRUint32 message_length;
+    PRUint32 cert_length = 0;
+    PRUint8 length_buf[4];
+    PRUint32 now;
+    PK11SymKey *aes_key_pkcs11;
+    PK11SymKey *mac_key_pkcs11;
 #ifndef NO_PKCS11_BYPASS
     const unsigned char *aes_key;
     const unsigned char *mac_key;
-    PRUint32             aes_key_length;
-    PRUint32             mac_key_length;
-    PRUint64             aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-    AESContext          *aes_ctx;
+    PRUint32 aes_key_length;
+    PRUint32 mac_key_length;
+    PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
+    AESContext *aes_ctx;
     const SECHashObject *hashObj = NULL;
-    PRUint64             hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-    HMACContext         *hmac_ctx;
+    PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
+    HMACContext *hmac_ctx;
 #endif
-    CK_MECHANISM_TYPE    cipherMech = CKM_AES_CBC;
-    PK11Context         *aes_ctx_pkcs11;
-    CK_MECHANISM_TYPE    macMech = CKM_SHA256_HMAC;
-    PK11Context         *hmac_ctx_pkcs11 = NULL;
-    unsigned char        computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-    unsigned int         computed_mac_length;
-    unsigned char        iv[AES_BLOCK_SIZE];
-    SECItem              ivItem;
-    SECItem             *srvName = NULL;
-    PRUint32             srvNameLen = 0;
-    CK_MECHANISM_TYPE    msWrapMech = 0; /* dummy default value,
+    CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
+    PK11Context *aes_ctx_pkcs11;
+    CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
+    PK11Context *hmac_ctx_pkcs11 = NULL;
+    unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+    unsigned int computed_mac_length;
+    unsigned char iv[AES_BLOCK_SIZE];
+    SECItem ivItem;
+    SECItem *srvName = NULL;
+    PRUint32 srvNameLen = 0;
+    CK_MECHANISM_TYPE msWrapMech = 0; /* dummy default value,
                                           * must be >= 0 */
 
     SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
                 SSL_GETPID(), ss->fd));
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT;
     if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
         cert_length = 3 + ss->sec.ci.sid->peerCert->derCert.len;
     }
 
     /* Get IV and encryption keys */
     ivItem.data = iv;
     ivItem.len = sizeof(iv);
     rv = PK11_GenerateRandom(iv, sizeof(iv));
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
         rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-            &mac_key, &mac_key_length);
-    } else
+                                       &mac_key, &mac_key_length);
+    }
+    else
 #endif
     {
         rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-            &mac_key_pkcs11);
+                                             &mac_key_pkcs11);
     }
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
         /* The master secret is available unwrapped. */
         ms_item.data = ss->ssl3.pwSpec->msItem.data;
         ms_item.len = ss->ssl3.pwSpec->msItem.len;
         ms_is_wrapped = PR_FALSE;
-    } else {
+    }
+    else {
         /* Extract the master secret wrapped. */
         sslSessionID sid;
         PORT_Memset(&sid, 0, sizeof(sslSessionID));
 
         if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
             ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
             effectiveExchKeyType = kt_rsa;
-        } else {
+        }
+        else {
             effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
         }
 
         rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec,
-            effectiveExchKeyType);
+                                           effectiveExchKeyType);
         if (rv == SECSuccess) {
             if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
                 goto loser;
             memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
-                sid.u.ssl3.keys.wrapped_master_secret_len);
+                   sid.u.ssl3.keys.wrapped_master_secret_len);
             ms_item.data = wrapped_ms;
             ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
             msWrapMech = sid.u.ssl3.masterWrapMech;
-        } else {
+        }
+        else {
             /* TODO: else send an empty ticket. */
             goto loser;
         }
         ms_is_wrapped = PR_TRUE;
     }
     /* Prep to send negotiated name */
     srvName = &ss->ssl3.pwSpec->srvVirtName;
     if (srvName->data && srvName->len) {
         srvNameLen = 2 + srvName->len; /* len bytes + name len */
     }
 
     ciphertext_length =
-        sizeof(PRUint16)                     /* ticket_version */
-        + sizeof(SSL3ProtocolVersion)        /* ssl_version */
-        + sizeof(ssl3CipherSuite)            /* ciphersuite */
-        + 1                                  /* compression */
-        + 10                                 /* cipher spec parameters */
-        + 1                                  /* SessionTicket.ms_is_wrapped */
-        + 1                                  /* effectiveExchKeyType */
-        + 4                                  /* msWrapMech */
-        + 2                                  /* master_secret.length */
-        + ms_item.len                        /* master_secret */
-        + 1                                  /* client_auth_type */
-        + cert_length                        /* cert */
-        + 1                                  /* server name type */
-        + srvNameLen                         /* name len + length field */
-        + 1                                  /* extendedMasterSecretUsed */
+        sizeof(PRUint16)              /* ticket_version */
+        + sizeof(SSL3ProtocolVersion) /* ssl_version */
+        + sizeof(ssl3CipherSuite)     /* ciphersuite */
+        + 1                           /* compression */
+        + 10                          /* cipher spec parameters */
+        + 1                           /* SessionTicket.ms_is_wrapped */
+        + 1                           /* effectiveExchKeyType */
+        + 4                           /* msWrapMech */
+        + 2                           /* master_secret.length */
+        + ms_item.len                 /* master_secret */
+        + 1                           /* client_auth_type */
+        + cert_length                 /* cert */
+        + 1                           /* server name type */
+        + srvNameLen                  /* name len + length field */
+        + 1                           /* extendedMasterSecretUsed */
         + sizeof(ticket.ticket_lifetime_hint);
-    padding_length =  AES_BLOCK_SIZE -
-        (ciphertext_length % AES_BLOCK_SIZE);
+    padding_length = AES_BLOCK_SIZE -
+                     (ciphertext_length %
+                      AES_BLOCK_SIZE);
     ciphertext_length += padding_length;
 
     message_length =
-        sizeof(ticket.ticket_lifetime_hint)    /* ticket_lifetime_hint */
-        + 2 /* length field for NewSessionTicket.ticket */
-        + SESS_TICKET_KEY_NAME_LEN             /* key_name */
-        + AES_BLOCK_SIZE                       /* iv */
-        + 2 /* length field for NewSessionTicket.ticket.encrypted_state */
-        + ciphertext_length                    /* encrypted_state */
-        + TLS_EX_SESS_TICKET_MAC_LENGTH;       /* mac */
+        sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */
+        + 2                                 /* length field for NewSessionTicket.ticket */
+        + SESS_TICKET_KEY_NAME_LEN          /* key_name */
+        + AES_BLOCK_SIZE                    /* iv */
+        + 2                                 /* length field for NewSessionTicket.ticket.encrypted_state */
+        + ciphertext_length                 /* encrypted_state */
+        + TLS_EX_SESS_TICKET_MAC_LENGTH;    /* mac */
 
     if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
         goto loser;
 
     plaintext = plaintext_item;
 
     /* ticket_version */
     rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
-        sizeof(PRUint16));
-    if (rv != SECSuccess) goto loser;
+                                 sizeof(PRUint16));
+    if (rv != SECSuccess)
+        goto loser;
 
     /* ssl_version */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
-        sizeof(SSL3ProtocolVersion));
-    if (rv != SECSuccess) goto loser;
+                                 sizeof(SSL3ProtocolVersion));
+    if (rv != SECSuccess)
+        goto loser;
 
     /* ciphersuite */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
-        sizeof(ssl3CipherSuite));
-    if (rv != SECSuccess) goto loser;
+                                 sizeof(ssl3CipherSuite));
+    if (rv != SECSuccess)
+        goto loser;
 
     /* compression */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     /* cipher spec parameters */
     rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authAlgorithm, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authKeyBits, 4);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaType, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaKeyBits, 4);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     /* master_secret */
     rv = ssl3_AppendNumberToItem(&plaintext, ms_is_wrapped, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, effectiveExchKeyType, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, msWrapMech, 4);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendNumberToItem(&plaintext, ms_item.len, 2);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
     rv = ssl3_AppendToItem(&plaintext, ms_item.data, ms_item.len);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     /* client_identity */
     if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
         rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = ssl3_AppendNumberToItem(&plaintext,
-            ss->sec.ci.sid->peerCert->derCert.len, 3);
-        if (rv != SECSuccess) goto loser;
+                                     ss->sec.ci.sid->peerCert->derCert.len, 3);
+        if (rv != SECSuccess)
+            goto loser;
         rv = ssl3_AppendToItem(&plaintext,
-            ss->sec.ci.sid->peerCert->derCert.data,
-            ss->sec.ci.sid->peerCert->derCert.len);
-        if (rv != SECSuccess) goto loser;
-    } else {
+                               ss->sec.ci.sid->peerCert->derCert.data,
+                               ss->sec.ci.sid->peerCert->derCert.len);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+    else {
         rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
     }
 
     /* timestamp */
     now = ssl_Time();
     rv = ssl3_AppendNumberToItem(&plaintext, now,
-        sizeof(ticket.ticket_lifetime_hint));
-    if (rv != SECSuccess) goto loser;
+                                 sizeof(ticket.ticket_lifetime_hint));
+    if (rv != SECSuccess)
+        goto loser;
 
     if (srvNameLen) {
         /* Name Type (sni_host_name) */
         rv = ssl3_AppendNumberToItem(&plaintext, srvName->type, 1);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         /* HostName (length and value) */
         rv = ssl3_AppendNumberToItem(&plaintext, srvName->len, 2);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
-        if (rv != SECSuccess) goto loser;
-    } else {
+        if (rv != SECSuccess)
+            goto loser;
+    }
+    else {
         /* No Name */
-        rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME,
-                                     1);
-        if (rv != SECSuccess) goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
+        if (rv != SECSuccess)
+            goto loser;
     }
 
     /* extendedMasterSecretUsed */
     rv = ssl3_AppendNumberToItem(
         &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     PORT_Assert(plaintext.len == padding_length);
     for (i = 0; i < padding_length; i++)
         plaintext.data[i] = (unsigned char)padding_length;
 
     if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
         rv = SECFailure;
         goto loser;
     }
 
-    /* Generate encrypted portion of ticket. */
+/* Generate encrypted portion of ticket. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
         aes_ctx = (AESContext *)aes_ctx_buf;
         rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv,
-            NSS_AES_CBC, 1, AES_BLOCK_SIZE);
-        if (rv != SECSuccess) goto loser;
+                             NSS_AES_CBC, 1, AES_BLOCK_SIZE);
+        if (rv != SECSuccess)
+            goto loser;
 
         rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len,
-            ciphertext.len, plaintext_item.data,
-            plaintext_item.len);
-        if (rv != SECSuccess) goto loser;
-    } else
+                         ciphertext.len, plaintext_item.data,
+                         plaintext_item.len);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+    else
 #endif
     {
         aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-            CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
+                                                    CKA_ENCRYPT, aes_key_pkcs11, &ivItem);
         if (!aes_ctx_pkcs11)
             goto loser;
 
         rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data,
-            (int *)&ciphertext.len, ciphertext.len,
-            plaintext_item.data, plaintext_item.len);
+                           (int *)&ciphertext.len, ciphertext.len,
+                           plaintext_item.data, plaintext_item.len);
         PK11_Finalize(aes_ctx_pkcs11);
         PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
     }
 
     /* Convert ciphertext length to network order. */
     length_buf[0] = (ciphertext.len >> 8) & 0xff;
-    length_buf[1] = (ciphertext.len     ) & 0xff;
-
-    /* Compute MAC. */
+    length_buf[1] = (ciphertext.len) & 0xff;
+
+/* Compute MAC. */
 #ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
         hmac_ctx = (HMACContext *)hmac_ctx_buf;
         hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
         if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-                mac_key_length, PR_FALSE) != SECSuccess)
+                      mac_key_length, PR_FALSE) != SECSuccess)
             goto loser;
 
         HMAC_Begin(hmac_ctx);
         HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
         HMAC_Update(hmac_ctx, iv, sizeof(iv));
         HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
         HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
         HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-            sizeof(computed_mac));
-    } else
+                    sizeof(computed_mac));
+    }
+    else
 #endif
     {
         SECItem macParam;
         macParam.data = NULL;
         macParam.len = 0;
         hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-            CKA_SIGN, mac_key_pkcs11, &macParam);
+                                                     CKA_SIGN, mac_key_pkcs11, &macParam);
         if (!hmac_ctx_pkcs11)
             goto loser;
 
         rv = PK11_DigestBegin(hmac_ctx_pkcs11);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
-            SESS_TICKET_KEY_NAME_LEN);
-        if (rv != SECSuccess) goto loser;
+                           SESS_TICKET_KEY_NAME_LEN);
+        if (rv != SECSuccess)
+            goto loser;
         rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-            &computed_mac_length, sizeof(computed_mac));
-        if (rv != SECSuccess) goto loser;
+                              &computed_mac_length, sizeof(computed_mac));
+        if (rv != SECSuccess)
+            goto loser;
     }
 
     /* Serialize the handshake message. */
     rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket, message_length);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint,
-        sizeof(ticket.ticket_lifetime_hint));
-    if (rv != SECSuccess) goto loser;
+                                    sizeof(ticket.ticket_lifetime_hint));
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshakeNumber(ss,
-        message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2);
-    if (rv != SECSuccess) goto loser;
+                                    message_length - sizeof(ticket.ticket_lifetime_hint) - 2,
+                                    2);
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshake(ss, iv, sizeof(iv));
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshakeVariable(ss, ciphertext.data, ciphertext.len, 2);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = ssl3_AppendHandshake(ss, computed_mac, computed_mac_length);
-    if (rv != SECSuccess) goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
 loser:
     if (hmac_ctx_pkcs11)
         PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
     if (plaintext_item.data)
         SECITEM_FreeItem(&plaintext_item, PR_FALSE);
     if (ciphertext.data)
         SECITEM_FreeItem(&ciphertext, PR_FALSE);
@@ -1442,17 +1507,17 @@ loser:
 /* When a client receives a SessionTicket extension a NewSessionTicket
  * message is expected during the handshake.
  */
 SECStatus
 ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
     if (data->len != 0) {
-        return SECSuccess;  /* Ignore the extension. */
+        return SECSuccess; /* Ignore the extension. */
     }
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
 SECStatus
@@ -1474,192 +1539,199 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
 
     /* Parse the received ticket sent in by the client.  We are
      * lenient about some parse errors, falling back to a fullshake
      * instead of terminating the current connection.
      */
     if (data->len == 0) {
         ss->xtnData.emptySessionTicket = PR_TRUE;
-    } else {
+    }
+    else {
         PRUint32 i;
-        SECItem                extension_data;
+        SECItem extension_data;
         EncryptedSessionTicket enc_session_ticket;
-        unsigned char          computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
-        unsigned int           computed_mac_length;
+        unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+        unsigned int computed_mac_length;
 #ifndef NO_PKCS11_BYPASS
-        const SECHashObject   *hashObj;
-        const unsigned char   *aes_key;
-        const unsigned char   *mac_key;
-        PRUint32               aes_key_length;
-        PRUint32               mac_key_length;
-        PRUint64               hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
-        HMACContext           *hmac_ctx;
-        PRUint64               aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
-        AESContext            *aes_ctx;
+        const SECHashObject *hashObj;
+        const unsigned char *aes_key;
+        const unsigned char *mac_key;
+        PRUint32 aes_key_length;
+        PRUint32 mac_key_length;
+        PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
+        HMACContext *hmac_ctx;
+        PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS];
+        AESContext *aes_ctx;
 #endif
-        PK11SymKey            *aes_key_pkcs11;
-        PK11SymKey            *mac_key_pkcs11;
-        PK11Context           *hmac_ctx_pkcs11;
-        CK_MECHANISM_TYPE      macMech = CKM_SHA256_HMAC;
-        PK11Context           *aes_ctx_pkcs11;
-        CK_MECHANISM_TYPE      cipherMech = CKM_AES_CBC;
-        unsigned char *        padding;
-        PRUint32               padding_length;
-        unsigned char         *buffer;
-        unsigned int           buffer_len;
-        PRInt32                temp;
-        SECItem                cert_item;
-        PRInt8                 nameType = TLS_STE_NO_SERVER_NAME;
+        PK11SymKey *aes_key_pkcs11;
+        PK11SymKey *mac_key_pkcs11;
+        PK11Context *hmac_ctx_pkcs11;
+        CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
+        PK11Context *aes_ctx_pkcs11;
+        CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
+        unsigned char *padding;
+        PRUint32 padding_length;
+        unsigned char *buffer;
+        unsigned int buffer_len;
+        PRInt32 temp;
+        SECItem cert_item;
+        PRInt8 nameType = TLS_STE_NO_SERVER_NAME;
 
         /* Turn off stateless session resumption if the client sends a
          * SessionTicket extension, even if the extension turns out to be
          * malformed (ss->sec.ci.sid is non-NULL when doing session
          * renegotiation.)
          */
         if (ss->sec.ci.sid != NULL) {
             if (ss->sec.uncache)
                 ss->sec.uncache(ss->sec.ci.sid);
             ssl_FreeSID(ss->sec.ci.sid);
             ss->sec.ci.sid = NULL;
         }
 
         extension_data.data = data->data; /* Keep a copy for future use. */
         extension_data.len = data->len;
 
-        if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket)
-            != SECSuccess) {
+        if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) !=
+            SECSuccess) {
             return SECSuccess; /* Pretend it isn't there */
         }
 
-        /* Get session ticket keys. */
+/* Get session ticket keys. */
 #ifndef NO_PKCS11_BYPASS
         if (ss->opt.bypassPKCS11) {
             rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
-                &mac_key, &mac_key_length);
-        } else
+                                           &mac_key, &mac_key_length);
+        }
+        else
 #endif
         {
             rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
-                &mac_key_pkcs11);
+                                                 &mac_key_pkcs11);
         }
         if (rv != SECSuccess) {
             SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
-                        SSL_GETPID(), ss->fd));
+                     SSL_GETPID(), ss->fd));
             goto loser;
         }
 
         /* If the ticket sent by the client was generated under a key different
          * from the one we have, bypass ticket processing.
          */
         if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
-                SESS_TICKET_KEY_NAME_LEN) != 0) {
+                        SESS_TICKET_KEY_NAME_LEN) != 0) {
             SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
-                        SSL_GETPID(), ss->fd));
+                     SSL_GETPID(), ss->fd));
             goto no_ticket;
         }
 
         /* Verify the MAC on the ticket.  MAC verification may also
          * fail if the MAC key has been recently refreshed.
          */
 #ifndef NO_PKCS11_BYPASS
         if (ss->opt.bypassPKCS11) {
             hmac_ctx = (HMACContext *)hmac_ctx_buf;
             hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
             if (HMAC_Init(hmac_ctx, hashObj, mac_key,
-                    sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
+                          sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess)
                 goto no_ticket;
             HMAC_Begin(hmac_ctx);
             HMAC_Update(hmac_ctx, extension_data.data,
-                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+                        extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
             if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
-                    sizeof(computed_mac)) != SECSuccess)
+                            sizeof(computed_mac)) != SECSuccess)
                 goto no_ticket;
-        } else
+        }
+        else
 #endif
         {
             SECItem macParam;
             macParam.data = NULL;
             macParam.len = 0;
             hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech,
-                CKA_SIGN, mac_key_pkcs11, &macParam);
+                                                         CKA_SIGN, mac_key_pkcs11, &macParam);
             if (!hmac_ctx_pkcs11) {
                 SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
-                            SSL_GETPID(), ss->fd, PORT_GetError()));
+                         SSL_GETPID(), ss->fd, PORT_GetError()));
                 goto no_ticket;
-            } else {
+            }
+            else {
                 SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
-                            SSL_GETPID(), ss->fd));
+                         SSL_GETPID(), ss->fd));
             }
             rv = PK11_DigestBegin(hmac_ctx_pkcs11);
             rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data,
-                extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
+                               extension_data.len -
+                                   TLS_EX_SESS_TICKET_MAC_LENGTH);
             if (rv != SECSuccess) {
                 PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
                 goto no_ticket;
             }
             rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
-                &computed_mac_length, sizeof(computed_mac));
+                                  &computed_mac_length, sizeof(computed_mac));
             PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
             if (rv != SECSuccess)
                 goto no_ticket;
         }
         if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
-                computed_mac_length) != 0) {
+                             computed_mac_length) !=
+            0) {
             SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
-                        SSL_GETPID(), ss->fd));
+                     SSL_GETPID(), ss->fd));
             goto no_ticket;
         }
 
         /* We ignore key_name for now.
          * This is ok as MAC verification succeeded.
          */
 
         /* Decrypt the ticket. */
 
         /* Plaintext is shorter than the ciphertext due to padding. */
         decrypted_state = SECITEM_AllocItem(NULL, NULL,
-            enc_session_ticket.encrypted_state.len);
+                                            enc_session_ticket.encrypted_state.len);
 
 #ifndef NO_PKCS11_BYPASS
         if (ss->opt.bypassPKCS11) {
             aes_ctx = (AESContext *)aes_ctx_buf;
             rv = AES_InitContext(aes_ctx, aes_key,
-                sizeof(session_ticket_enc_key), enc_session_ticket.iv,
-                NSS_AES_CBC, 0,AES_BLOCK_SIZE);
+                                 sizeof(session_ticket_enc_key), enc_session_ticket.iv,
+                                 NSS_AES_CBC, 0, AES_BLOCK_SIZE);
             if (rv != SECSuccess) {
                 SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-                            SSL_GETPID(), ss->fd));
+                         SSL_GETPID(), ss->fd));
                 goto no_ticket;
             }
 
             rv = AES_Decrypt(aes_ctx, decrypted_state->data,
-                &decrypted_state->len, decrypted_state->len,
-                enc_session_ticket.encrypted_state.data,
-                enc_session_ticket.encrypted_state.len);
+                             &decrypted_state->len, decrypted_state->len,
+                             enc_session_ticket.encrypted_state.data,
+                             enc_session_ticket.encrypted_state.len);
             if (rv != SECSuccess)
                 goto no_ticket;
-        } else
+        }
+        else
 #endif
         {
             SECItem ivItem;
             ivItem.data = enc_session_ticket.iv;
             ivItem.len = AES_BLOCK_SIZE;
             aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech,
-                CKA_DECRYPT, aes_key_pkcs11, &ivItem);
+                                                        CKA_DECRYPT, aes_key_pkcs11, &ivItem);
             if (!aes_ctx_pkcs11) {
                 SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
-                            SSL_GETPID(), ss->fd));
+                         SSL_GETPID(), ss->fd));
                 goto no_ticket;
             }
 
             rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data,
-                (int *)&decrypted_state->len, decrypted_state->len,
-                enc_session_ticket.encrypted_state.data,
-                enc_session_ticket.encrypted_state.len);
+                               (int *)&decrypted_state->len, decrypted_state->len,
+                               enc_session_ticket.encrypted_state.data,
+                               enc_session_ticket.encrypted_state.len);
             PK11_Finalize(aes_ctx_pkcs11);
             PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE);
             if (rv != SECSuccess)
                 goto no_ticket;
         }
 
         /* Check padding. */
         padding_length =
@@ -1680,115 +1752,131 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc
         parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
         if (parsed_session_ticket == NULL) {
             rv = SECFailure;
             goto loser;
         }
 
         /* Read ticket_version and reject if the version is wrong */
         temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket;
+        if (temp != TLS_EX_SESS_TICKET_VERSION)
+            goto no_ticket;
 
         parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
 
         /* Read SSLVersion. */
         temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
 
         /* Read cipher_suite. */
-        temp =  ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
 
         /* Read compression_method. */
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
 
         /* Read cipher spec parameters. */
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->authAlgorithm = (SSLSignType)temp;
         temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->authKeyBits = (PRUint32)temp;
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->keaType = (SSLKEAType)temp;
         temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->keaKeyBits = (PRUint32)temp;
 
         /* Read wrapped master_secret. */
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
 
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->exchKeyType = (SSL3KEAType)temp;
 
         temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
 
         temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
-        if (temp < 0) goto no_ticket;
+        if (temp < 0)
+            goto no_ticket;
         parsed_session_ticket->ms_length = (PRUint16)temp;
-        if (parsed_session_ticket->ms_length == 0 ||  /* sanity check MS. */
+        if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */
             parsed_session_ticket->ms_length >
-            sizeof(parsed_session_ticket->master_secret))
+                sizeof(parsed_session_ticket->master_secret))
             goto no_ticket;
 
         /* Allow for the wrapped master secret to be longer. */
         if (buffer_len < parsed_session_ticket->ms_length)
             goto no_ticket;
         PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
-            parsed_session_ticket->ms_length);
+                    parsed_session_ticket->ms_length);
         buffer += parsed_session_ticket->ms_length;
         buffer_len -= parsed_session_ticket->ms_length;
 
         /* Read client_identity */
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
         if (temp < 0)
             goto no_ticket;
         parsed_session_ticket->client_identity.client_auth_type =
             (ClientAuthenticationType)temp;
-        switch(parsed_session_ticket->client_identity.client_auth_type) {
+        switch (parsed_session_ticket->client_identity.client_auth_type) {
             case CLIENT_AUTH_ANONYMOUS:
                 break;
             case CLIENT_AUTH_CERTIFICATE:
                 rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3,
-                    &buffer, &buffer_len);
-                if (rv != SECSuccess) goto no_ticket;
+                                                   &buffer, &buffer_len);
+                if (rv != SECSuccess)
+                    goto no_ticket;
                 rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
-                    &cert_item);
-                if (rv != SECSuccess) goto no_ticket;
+                                      &cert_item);
+                if (rv != SECSuccess)
+                    goto no_ticket;
                 break;
             default:
                 goto no_ticket;
         }
         /* Read timestamp. */
         temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len);
         if (temp < 0)
             goto no_ticket;
         parsed_session_ticket->timestamp = (PRUint32)temp;
 
         /* Read server name */
         nameType =
-                ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+            ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
         if (nameType != TLS_STE_NO_SERVER_NAME) {
             SECItem name_item;
             rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
                                                &buffer_len);
-            if (rv != SECSuccess) goto no_ticket;
+            if (rv != SECSuccess)
+                goto no_ticket;
             rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->srvName,
                                   &name_item);
-            if (rv != SECSuccess) goto no_ticket;
+            if (rv != SECSuccess)
+                goto no_ticket;
             parsed_session_ticket->srvName.type = nameType;
         }
 
         /* Read extendedMasterSecretUsed */
         temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
         if (temp < 0)
             goto no_ticket;
         PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
@@ -1798,92 +1886,92 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc
         if (buffer_len != padding_length)
             goto no_ticket;
 
         /* Use the ticket if it has not expired, otherwise free the allocated
          * memory since the ticket is of no use.
          */
         if (parsed_session_ticket->timestamp != 0 &&
             parsed_session_ticket->timestamp +
-            TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) {
+                    TLS_EX_SESS_TICKET_LIFETIME_HINT >
+                ssl_Time()) {
 
             sid = ssl3_NewSessionID(ss, PR_TRUE);
             if (sid == NULL) {
                 rv = SECFailure;
                 goto loser;
             }
 
             /* Copy over parameters. */
             sid->version = parsed_session_ticket->ssl_version;
             sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
             sid->u.ssl3.compression = parsed_session_ticket->compression_method;
             sid->authAlgorithm = parsed_session_ticket->authAlgorithm;
             sid->authKeyBits = parsed_session_ticket->authKeyBits;
             sid->keaType = parsed_session_ticket->keaType;
             sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
 
-            /* Copy master secret. */
+/* Copy master secret. */
 #ifndef NO_PKCS11_BYPASS
             if (ss->opt.bypassPKCS11 &&
-                    parsed_session_ticket->ms_is_wrapped)
+                parsed_session_ticket->ms_is_wrapped)
                 goto no_ticket;
 #endif
             if (parsed_session_ticket->ms_length >
-                    sizeof(sid->u.ssl3.keys.wrapped_master_secret))
+                sizeof(sid->u.ssl3.keys.wrapped_master_secret))
                 goto no_ticket;
             PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
-                parsed_session_ticket->master_secret,
-                parsed_session_ticket->ms_length);
+                        parsed_session_ticket->master_secret,
+                        parsed_session_ticket->ms_length);
             sid->u.ssl3.keys.wrapped_master_secret_len =
                 parsed_session_ticket->ms_length;
             sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType;
             sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
             sid->u.ssl3.keys.msIsWrapped =
                 parsed_session_ticket->ms_is_wrapped;
-            sid->u.ssl3.masterValid    = PR_TRUE;
+            sid->u.ssl3.masterValid = PR_TRUE;
             sid->u.ssl3.keys.resumable = PR_TRUE;
-            sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->
-                extendedMasterSecretUsed;
+            sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->extendedMasterSecretUsed;
 
             /* Copy over client cert from session ticket if there is one. */
             if (parsed_session_ticket->peer_cert.data != NULL) {
                 if (sid->peerCert != NULL)
                     CERT_DestroyCertificate(sid->peerCert);
                 sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
-                    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
+                                                        &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
                 if (sid->peerCert == NULL) {
                     rv = SECFailure;
                     goto loser;
                 }
             }
             if (parsed_session_ticket->srvName.data != NULL) {
                 sid->u.ssl3.srvName = parsed_session_ticket->srvName;
             }
             ss->statelessResume = PR_TRUE;
             ss->sec.ci.sid = sid;
         }
     }
 
     if (0) {
-no_ticket:
+    no_ticket:
         SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
-                        SSL_GETPID(), ss->fd));
+                 SSL_GETPID(), ss->fd));
         ssl3stats = SSL_GetStatistics();
-        SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
+        SSL_AtomicIncrementLong(&ssl3stats->hch_sid_ticket_parse_failures);
     }
     rv = SECSuccess;
 
 loser:
-        /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
-         * in that case do not free sid
-         */
-        if (sid && (ss->sec.ci.sid != sid)) {
-            ssl_FreeSID(sid);
-            sid = NULL;
-        }
+    /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+     * in that case do not free sid
+     */
+    if (sid && (ss->sec.ci.sid != sid)) {
+        ssl_FreeSID(sid);
+        sid = NULL;
+    }
     if (decrypted_state != NULL) {
         SECITEM_FreeItem(decrypted_state, PR_TRUE);
         decrypted_state = NULL;
     }
 
     if (parsed_session_ticket != NULL) {
         if (parsed_session_ticket->peer_cert.data) {
             SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
@@ -1911,28 +1999,32 @@ ssl3_ConsumeFromItem(SECItem *item, unsi
     return SECSuccess;
 }
 
 static SECStatus
 ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data,
                                  EncryptedSessionTicket *enc_session_ticket)
 {
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
-            SESS_TICKET_KEY_NAME_LEN) != SECSuccess)
+                             SESS_TICKET_KEY_NAME_LEN) !=
+        SECSuccess)
         return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
-            AES_BLOCK_SIZE) != SECSuccess)
+                             AES_BLOCK_SIZE) !=
+        SECSuccess)
         return SECFailure;
     if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
-            2, &data->data, &data->len) != SECSuccess)
+                                      2, &data->data, &data->len) !=
+        SECSuccess)
         return SECFailure;
     if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
-            TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess)
+                             TLS_EX_SESS_TICKET_MAC_LENGTH) !=
+        SECSuccess)
         return SECFailure;
-    if (data->len != 0)  /* Make sure that we have consumed all bytes. */
+    if (data->len != 0) /* Make sure that we have consumed all bytes. */
         return SECFailure;
 
     return SECSuccess;
 }
 
 /* go through hello extensions in buffer "b".
  * For each one, find the extension handler in the table, and
  * if present, invoke that handler.
@@ -1940,87 +2032,87 @@ ssl3_ParseEncryptedSessionTicket(sslSock
  * Clients reject any extensions with unadvertised extension types.
  * In TLS >= 1.3, the client checks that extensions appear in the
  * right phase.
  */
 SECStatus
 ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
                            SSL3HandshakeType handshakeMessage)
 {
-    const ssl3HelloExtensionHandler * handlers;
+    const ssl3HelloExtensionHandler *handlers;
     PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
 
     switch (handshakeMessage) {
         case client_hello:
             handlers = clientHelloHandlers;
             break;
         case encrypted_extensions:
             PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
-            /* fall through */
+        /* fall through */
         case server_hello:
             if (ss->version > SSL_LIBRARY_VERSION_3_0) {
                 handlers = serverHelloHandlersTLS;
-            } else {
+            }
+            else {
                 handlers = serverHelloHandlersSSL3;
             }
             break;
         default:
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
             PORT_Assert(0);
             return SECFailure;
     }
 
     while (*length) {
-        const ssl3HelloExtensionHandler * handler;
+        const ssl3HelloExtensionHandler *handler;
         SECStatus rv;
-        PRInt32   extension_type;
-        SECItem   extension_data;
+        PRInt32 extension_type;
+        SECItem extension_data;
 
         /* Get the extension's type field */
         extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
-        if (extension_type < 0)  /* failure to decode extension_type */
-            return SECFailure;   /* alert already sent */
+        if (extension_type < 0) /* failure to decode extension_type */
+            return SECFailure;  /* alert already sent */
 
         /* get the data for this extension, so we can pass it or skip it. */
         rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
         if (rv != SECSuccess)
             return rv; /* alert already sent */
 
         /* Check whether the server sent an extension which was not advertised
          * in the ClientHello */
         if (!ss->sec.isServer &&
-            !ssl3_ClientExtensionAdvertised(ss,extension_type)) {
+            !ssl3_ClientExtensionAdvertised(ss, extension_type)) {
             (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension);
             return SECFailure;
         }
 
         /* Check whether an extension has been sent multiple times. */
         if (ssl3_ExtensionNegotiated(ss, extension_type)) {
             (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
             return SECFailure;
         }
 
         /* Check that this is a legal extension in TLS 1.3 */
-        if (isTLS13 && !tls13_ExtensionAllowed(extension_type,
-                                               handshakeMessage)) {
+        if (isTLS13 && !tls13_ExtensionAllowed(extension_type, handshakeMessage)) {
             if (handshakeMessage == client_hello) {
                 /* Skip extensions not used in TLS 1.3 */
                 continue;
             }
             tls13_FatalError(ss, SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION,
                              unsupported_extension);
             return SECFailure;
         }
 
         /* find extension_type in table of Hello Extension Handlers */
         for (handler = handlers; handler->ex_type >= 0; handler++) {
             /* if found, call this handler */
             if (handler->ex_type == extension_type) {
                 rv = (*handler->ex_handler)(ss, (PRUint16)extension_type,
-                                                        &extension_data);
+                                            &extension_data);
                 if (rv != SECSuccess) {
                     if (!ss->ssl3.fatalAlertSent) {
                         /* send a generic alert if the handler didn't already */
                         (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
                     }
                     return SECFailure;
                 }
             }
@@ -2034,29 +2126,31 @@ ssl3_HandleHelloExtensions(sslSocket *ss
 SECStatus
 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
                                         ssl3HelloExtensionSenderFunc cb)
 {
     int i;
     ssl3HelloExtensionSender *sender;
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
         sender = &ss->xtnData.serverHelloSenders[0];
-    } else {
+    }
+    else {
         if (tls13_ExtensionAllowed(ex_type, server_hello)) {
             PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
             sender = &ss->xtnData.serverHelloSenders[0];
-        } else {
+        }
+        else {
             PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
             sender = &ss->xtnData.encryptedExtensionsSenders[0];
         }
     }
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
         if (!sender->ex_sender) {
-            sender->ex_type   = ex_type;
+            sender->ex_type = ex_type;
             sender->ex_sender = cb;
             return SECSuccess;
         }
         /* detect duplicate senders */
         PORT_Assert(sender->ex_type != ex_type);
         if (sender->ex_type == ex_type) {
             /* duplicate */
             break;
@@ -2073,46 +2167,46 @@ ssl3_CallHelloExtensionSenders(sslSocket
                                const ssl3HelloExtensionSender *sender)
 {
     PRInt32 total_exten_len = 0;
     int i;
 
     if (!sender) {
         if (ss->version > SSL_LIBRARY_VERSION_3_0) {
             sender = &clientHelloSendersTLS[0];
-        } else {
+        }
+        else {
             sender = &clientHelloSendersSSL3[0];
         }
     }
 
     for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
         if (sender->ex_sender) {
             PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
             if (extLen < 0)
                 return -1;
-            maxBytes        -= extLen;
+            maxBytes -= extLen;
             total_exten_len += extLen;
         }
     }
     return total_exten_len;
 }
 
-
 /* Extension format:
  * Extension number:   2 bytes
  * Extension length:   2 bytes
  * Verify Data Length: 1 byte
  * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
  * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
  */
 static PRInt32
 ssl3_SendRenegotiationInfoXtn(
-                        sslSocket * ss,
-                        PRBool      append,
-                        PRUint32    maxBytes)
+    sslSocket *ss,
+    PRBool append,
+    PRUint32 maxBytes)
 {
     PRInt32 len = 0;
     PRInt32 needed;
 
     /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
      * both the SCSV and the empty RI, so when we send SCSV in
      * the initial handshake, we don't also send RI.
      */
@@ -2125,60 +2219,63 @@ ssl3_SendRenegotiationInfoXtn(
     needed = 5 + len;
     if (maxBytes < (PRUint32)needed) {
         return 0;
     }
     if (append) {
         SECStatus rv;
         /* extension_type */
         rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* length of extension_data */
         rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* verify_Data from previous Finished message(s) */
         rv = ssl3_AppendHandshakeVariable(ss,
-                  ss->ssl3.hs.finishedMsgs.data, len, 1);
-        if (rv != SECSuccess) return -1;
+                                          ss->ssl3.hs.finishedMsgs.data, len, 1);
+        if (rv != SECSuccess)
+            return -1;
         if (!ss->sec.isServer) {
             TLSExtensionData *xtnData = &ss->xtnData;
             xtnData->advertised[xtnData->numAdvertised++] =
-                                                   ssl_renegotiation_info_xtn;
+                ssl_renegotiation_info_xtn;
         }
     }
     return needed;
 }
 
 static SECStatus
 ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
     SECStatus rv = SECSuccess;
 
     /* remember that we got this extension. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     PORT_Assert(ss->sec.isServer);
     /* prepare to send back the appropriate response */
     rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-                                            ssl3_ServerSendStatusRequestXtn);
+                                                 ssl3_ServerSendStatusRequestXtn);
     return rv;
 }
 
 /* This function runs in both the client and server.  */
 static SECStatus
 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv = SECSuccess;
     PRUint32 len = 0;
 
     if (ss->firstHsDone) {
         len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
                                : ss->ssl3.hs.finishedBytes * 2;
     }
-    if (data->len != 1 + len || data->data[0] != len ) {
+    if (data->len != 1 + len || data->data[0] != len) {
         (void)ssl3_DecodeError(ss);
         return SECFailure;
     }
     if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
                                 data->data + 1, len)) {
         (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
         PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
         return SECFailure;
@@ -2200,43 +2297,46 @@ ssl3_ClientSendUseSRTPXtn(sslSocket *ss,
     PRUint32 ext_data_len;
     PRInt16 i;
     SECStatus rv;
 
     if (!ss)
         return 0;
 
     if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
-        return 0;  /* Not relevant */
+        return 0; /* Not relevant */
 
     ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
 
     if (append && maxBytes >= 4 + ext_data_len) {
         /* Extension type */
         rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* Length of extension data */
         rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* Length of the SRTP cipher list */
         rv = ssl3_AppendHandshakeNumber(ss,
                                         2 * ss->ssl3.dtlsSRTPCipherCount,
                                         2);
-        if (rv != SECSuccess) return -1;
+        if (rv != SECSuccess)
+            return -1;
         /* The SRTP ciphers */
         for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
             rv = ssl3_AppendHandshakeNumber(ss,
                                             ss->ssl3.dtlsSRTPCiphers[i],
                                             2);
         }
         /* Empty MKI value */
         ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
 
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_use_srtp_xtn;
+            ssl_use_srtp_xtn;
     }
 
     return 4 + ext_data_len;
 }
 
 static PRInt32
 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
 {
@@ -2244,52 +2344,56 @@ ssl3_ServerSendUseSRTPXtn(sslSocket *ss,
 
     /* Server side */
     if (!append || maxBytes < 9) {
         return 9;
     }
 
     /* Extension type */
     rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
-    if (rv != SECSuccess) return -1;
+    if (rv != SECSuccess)
+        return -1;
     /* Length of extension data */
     rv = ssl3_AppendHandshakeNumber(ss, 5, 2);
-    if (rv != SECSuccess) return -1;
+    if (rv != SECSuccess)
+        return -1;
     /* Length of the SRTP cipher list */
     rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
-    if (rv != SECSuccess) return -1;
+    if (rv != SECSuccess)
+        return -1;
     /* The selected cipher */
     rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2);
-    if (rv != SECSuccess) return -1;
+    if (rv != SECSuccess)
+        return -1;
     /* Empty MKI value */
     ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
 
     return 9;
 }
 
 static SECStatus
-ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
+ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
-    SECItem ciphers = {siBuffer, NULL, 0};
+    SECItem ciphers = { siBuffer, NULL, 0 };
     PRUint16 i;
     PRUint16 cipher = 0;
     PRBool found = PR_FALSE;
     SECItem litem;
 
     if (!data->data || !data->len) {
         (void)ssl3_DecodeError(ss);
         return SECFailure;
     }
 
     /* Get the cipher list */
     rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2,
                                        &data->data, &data->len);
     if (rv != SECSuccess) {
-        return SECFailure;  /* fatal alert already sent */
+        return SECFailure; /* fatal alert already sent */
     }
     /* Now check that the server has picked just 1 (i.e., len = 2) */
     if (ciphers.len != 2) {
         (void)ssl3_DecodeError(ss);
         return SECFailure;
     }
 
     /* Get the selected cipher */
@@ -2331,20 +2435,20 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * 
 
     /* OK, this looks fine. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn;
     ss->ssl3.dtlsSRTPCipherSuite = cipher;
     return SECSuccess;
 }
 
 static SECStatus
-ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
+ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
-    SECItem ciphers = {siBuffer, NULL, 0};
+    SECItem ciphers = { siBuffer, NULL, 0 };
     PRUint16 i;
     unsigned int j;
     PRUint16 cipher = 0;
     PRBool found = PR_FALSE;
     SECItem litem;
 
     if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
         /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
@@ -2405,17 +2509,17 @@ ssl3_ServerHandleUseSRTPXtn(sslSocket * 
     return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn,
                                                    ssl3_ServerSendUseSRTPXtn);
 }
 
 /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
  * from a client.
  * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
 static SECStatus
-ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
+ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     SECStatus rv;
     SECItem algorithms;
     const unsigned char *b;
     unsigned int numAlgorithms, i;
 
     /* Ignore this extension if we aren't doing TLS 1.2 or greater. */
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
@@ -2429,39 +2533,39 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * 
     }
     /* Trailing data, empty value, or odd-length value is invalid. */
     if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
         (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
         PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
         return SECFailure;
     }
 
-    numAlgorithms = algorithms.len/2;
+    numAlgorithms = algorithms.len / 2;
 
     /* We don't care to process excessive numbers of algorithms. */
     if (numAlgorithms > 512) {
         numAlgorithms = 512;
     }
 
     ss->ssl3.hs.clientSigAndHash =
-            PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms);
+        PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms);
     if (!ss->ssl3.hs.clientSigAndHash) {
         (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
         PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
         return SECFailure;
     }
     ss->ssl3.hs.numClientSigAndHash = 0;
 
     b = algorithms.data;
     ss->ssl3.hs.numClientSigAndHash = 0;
     for (i = 0; i < numAlgorithms; i++) {
         SSLSignatureAndHashAlg *sigAndHash =
             &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash];
-        sigAndHash->hashAlg = (SSLHashType)*(b++);
-        sigAndHash->sigAlg = (SSLSignType)*(b++);
+        sigAndHash->hashAlg = (SSLHashType) * (b++);
+        sigAndHash->sigAlg = (SSLSignType) * (b++);
         if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) {
             ++ss->ssl3.hs.numClientSigAndHash;
         }
     }
 
     if (!ss->ssl3.hs.numClientSigAndHash) {
         /* We didn't understand any of the client's requested signature
          * formats. We'll use the defaults. */
@@ -2476,32 +2580,32 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * 
 
 /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
  * 1.2 ClientHellos. */
 static PRInt32
 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     unsigned int i;
-    PRInt32 pos=0;
+    PRInt32 pos = 0;
     PRUint32 policy;
     PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2];
 
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
         return 0;
     }
 
-    for (i=0; i < ss->ssl3.signatureAlgorithmCount; i++) {
-	SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(
-				ss->ssl3.signatureAlgorithms[i].hashAlg);
-	if ((NSS_GetAlgorithmPolicy(hashOID, & policy) != SECSuccess) ||
-		(policy & NSS_USE_ALG_IN_SSL_KX)) {
-	    buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg;
-	    buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg;
-	}
+    for (i = 0; i < ss->ssl3.signatureAlgorithmCount; i++) {
+        SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(
+            ss->ssl3.signatureAlgorithms[i].hashAlg);
+        if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) ||
+            (policy & NSS_USE_ALG_IN_SSL_KX)) {
+            buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg;
+            buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg;
+        }
     }
 
     extension_length =
         2 /* extension type */ +
         2 /* extension length */ +
         2 /* supported_signature_algorithms length */ +
         pos;
 
@@ -2522,17 +2626,17 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss,
         }
 
         rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2);
         if (rv != SECSuccess) {
             return -1;
         }
 
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_signature_algorithms_xtn;
+            ssl_signature_algorithms_xtn;
     }
 
     return extension_length;
 }
 
 unsigned int
 ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
 {
@@ -2584,55 +2688,55 @@ ssl3_AppendPaddingExtension(sslSocket *s
 
     return extensionLen;
 }
 
 /* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
  * version extension.
  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
 static PRInt32
-ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
         return 0;
     }
 
-    extension_length = 6;  /* Type + length + number */
+    extension_length = 6; /* Type + length + number */
     if (maxBytes < (PRUint32)extension_length) {
         PORT_Assert(0);
         return 0;
     }
     if (append) {
         SECStatus rv;
         rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
         rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
         if (rv != SECSuccess)
             goto loser;
         rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
         if (rv != SECSuccess)
             goto loser;
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_tls13_draft_version_xtn;
+            ssl_tls13_draft_version_xtn;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
 /* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
  * version extension.
  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
 static SECStatus
-ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
+ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
                                  SECItem *data)
 {
     PRInt32 draft_version;
 
     /* Ignore this extension if we aren't doing TLS 1.3 */
     if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
         return SECSuccess;
     }
@@ -2663,17 +2767,17 @@ ssl3_ServerHandleDraftVersionXtn(sslSock
                      SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
         ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
     }
 
     return SECSuccess;
 }
 
 static PRInt32
-ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append,
+ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
                                  PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     if (!ss->opt.enableExtendedMS) {
         return 0;
     }
 
@@ -2684,43 +2788,42 @@ ssl3_SendExtendedMasterSecretXtn(sslSock
         PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
         return -1;
     }
 #endif
 
     /* Always send the extension in this function, since the
      * client always sends it and this function is only called on
      * the server if we negotiated the extension. */
-    extension_length = 4;  /* Type + length (0) */
+    extension_length = 4; /* Type + length (0) */
     if (maxBytes < extension_length) {
         PORT_Assert(0);
         return 0;
     }
 
     if (append) {
         SECStatus rv;
         rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
         rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
         if (rv != SECSuccess)
             goto loser;
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_extended_master_secret_xtn;
+            ssl_extended_master_secret_xtn;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
-
 static SECStatus
-ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
+ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss, PRUint16 ex_type,
                                    SECItem *data)
 {
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
         return SECSuccess;
     }
 
     if (!ss->opt.enableExtendedMS) {
         return SECSuccess;
@@ -2776,17 +2879,18 @@ ssl3_ClientSendSignedCertTimestampXtn(ss
         if (rv != SECSuccess)
             goto loser;
         /* zero length */
         rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
         if (rv != SECSuccess)
             goto loser;
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
             ssl_signed_cert_timestamp_xtn;
-    } else if (maxBytes < extension_length) {
+    }
+    else if (maxBytes < extension_length) {
         PORT_Assert(0);
         return 0;
     }
 
     return extension_length;
 loser:
     return -1;
 }
@@ -2812,28 +2916,29 @@ ssl3_ClientHandleSignedCertTimestampXtn(
     }
     *scts = *data;
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     return SECSuccess;
 }
 
 static PRInt32
-ssl3_ServerSendSignedCertTimestampXtn(sslSocket * ss,
+ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
                                       PRBool append,
                                       PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     SSLKEAType effectiveExchKeyType;
     const SECItem *scts;
 
     if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
         ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
         effectiveExchKeyType = ssl_kea_rsa;
-    } else {
+    }
+    else {
         effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
     }
 
     scts = &ss->signedCertTimestamps[effectiveExchKeyType];
 
     if (!scts->len) {
         /* No timestamps to send */
         return 0;
@@ -2848,36 +2953,38 @@ ssl3_ServerSendSignedCertTimestampXtn(ss
         return 0;
     }
     if (append) {
         SECStatus rv;
         /* extension_type */
         rv = ssl3_AppendHandshakeNumber(ss,
                                         ssl_signed_cert_timestamp_xtn,
                                         2);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
         /* extension_data */
         rv = ssl3_AppendHandshakeVariable(ss, scts->data, scts->len, 2);
-        if (rv != SECSuccess) goto loser;
+        if (rv != SECSuccess)
+            goto loser;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
 static SECStatus
 ssl3_ServerHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
                                         SECItem *data)
 {
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     PORT_Assert(ss->sec.isServer);
     return ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
-        ssl3_ServerSendSignedCertTimestampXtn);
+                                                   ssl3_ServerSendSignedCertTimestampXtn);
 }
 
 /*
  *     [draft-ietf-tls-tls13-11] Section 6.3.2.3.
  *
  *     struct {
  *         NamedGroup group;
  *         opaque key_exchange<1..2^16-1>;
@@ -2922,17 +3029,17 @@ tls13_EncodeKeyShareEntry(sslSocket *ss,
     rv = tls13_EncodeECDHEKeyShareKEX(ss, pair);
     if (rv != SECSuccess)
         return rv;
 
     return SECSuccess;
 }
 
 static PRInt32
-tls13_ClientSendKeyShareXtn(sslSocket * ss, PRBool append,
+tls13_ClientSendKeyShareXtn(sslSocket *ss, PRBool append,
                             PRUint32 maxBytes)
 {
     SECStatus rv;
     PRUint32 entry_length;
     PRUint32 extension_length;
 
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
         return 0;
@@ -2954,39 +3061,39 @@ tls13_ClientSendKeyShareXtn(sslSocket * 
 
     if (append) {
         rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
         rv = ssl3_AppendHandshakeNumber(ss, entry_length + 2, 2); /* Extension length */
         if (rv != SECSuccess)
             goto loser;
-        rv = ssl3_AppendHandshakeNumber(ss, entry_length, 2);  /* Vector length */
+        rv = ssl3_AppendHandshakeNumber(ss, entry_length, 2); /* Vector length */
         if (rv != SECSuccess)
             goto loser;
         rv = tls13_EncodeKeyShareEntry(ss, ss->ephemeralECDHKeyPair);
         if (rv != SECSuccess)
             goto loser;
 
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-                ssl_tls13_key_share_xtn;
+            ssl_tls13_key_share_xtn;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
 
 static SECStatus
 tls13_HandleKeyShareEntry(sslSocket *ss, SECItem *data)
 {
     SECStatus rv;
     PRInt32 group;
-    TLS13KeyShareEntry* ks = NULL;
+    TLS13KeyShareEntry *ks = NULL;
     SECItem share = { siBuffer, NULL, 0 };
 
     group = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
     if (group < 0) {
         PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
         goto loser;
     }
 
@@ -3026,17 +3133,17 @@ tls13_ClientHandleKeyShareXtn(sslSocket 
         /* This can't happen because the extension processing
          * code filters out TLS 1.3 extensions when not in
          * TLS 1.3 mode. */
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
-		SSL_GETPID(), ss->fd));
+                SSL_GETPID(), ss->fd));
 
     rv = tls13_HandleKeyShareEntry(ss, data);
     if (rv != SECSuccess) {
         PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
         return SECFailure;
     }
 
     if (data->len) {
@@ -3057,17 +3164,17 @@ tls13_ServerHandleKeyShareXtn(sslSocket 
     PRInt32 length;
 
     PORT_Assert(ss->sec.isServer);
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
         return SECSuccess;
     }
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
-		SSL_GETPID(), ss->fd));
+                SSL_GETPID(), ss->fd));
 
     /* Redundant length because of TLS encoding (this vector consumes
      * the entire extension.) */
     length = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data,
                                          &data->len);
     if (length < 0)
         goto loser;
     if (length != data->len) {
@@ -3093,27 +3200,27 @@ tls13_ServerSendKeyShareXtn(sslSocket *s
                             PRUint32 maxBytes)
 {
     PRUint32 extension_length;
     PRUint32 entry_length;
     SECStatus rv;
 
     switch (ss->ssl3.hs.kea_def->exchKeyType) {
 #ifndef NSS_DISABLE_ECC
-    case ssl_kea_ecdh:
-        PORT_Assert(ss->ephemeralECDHKeyPair);
-        break;
+        case ssl_kea_ecdh:
+            PORT_Assert(ss->ephemeralECDHKeyPair);
+            break;
 #endif
-    default:
-        /* got an unknown or unsupported Key Exchange Algorithm.
-         * Can't happen because tls13_HandleClientKeyShare
-         * enforces that we are ssl_kea_ecdh. */
-        PORT_Assert(0);
-        tls13_FatalError(ss, SEC_ERROR_UNSUPPORTED_KEYALG, internal_error);
-        return SECFailure;
+        default:
+            /* got an unknown or unsupported Key Exchange Algorithm.
+             * Can't happen because tls13_HandleClientKeyShare
+             * enforces that we are ssl_kea_ecdh. */
+            PORT_Assert(0);
+            tls13_FatalError(ss, SEC_ERROR_UNSUPPORTED_KEYALG, internal_error);
+            return SECFailure;
     }
 
     entry_length = tls13_SizeOfKeyShareEntry(ss->ephemeralECDHKeyPair);
     extension_length = 2 + 2 + entry_length; /* Type + length + entry_length */
     if (maxBytes < extension_length) {
         PORT_Assert(0);
         return 0;
     }
@@ -3132,9 +3239,8 @@ tls13_ServerSendKeyShareXtn(sslSocket *s
             goto loser;
     }
 
     return extension_length;
 
 loser:
     return -1;
 }
-
--- a/lib/ssl/ssl3gthr.c
+++ b/lib/ssl/ssl3gthr.c
@@ -1,430 +1,442 @@
 /*
- * Gather (Read) entire SSL3 records from socket into buffer.  
+ * Gather (Read) entire SSL3 records from socket into buffer.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "cert.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "ssl3prot.h"
 
-/* 
+/*
  * Attempt to read in an entire SSL3 record.
- * Blocks here for blocking sockets, otherwise returns -1 with 
- * 	PR_WOULD_BLOCK_ERROR when socket would block.
+ * Blocks here for blocking sockets, otherwise returns -1 with
+ *  PR_WOULD_BLOCK_ERROR when socket would block.
  *
  * returns  1 if received a complete SSL3 record.
  * returns  0 if recv returns EOF
- * returns -1 if recv returns < 0  
- *	(The error value may have already been set to PR_WOULD_BLOCK_ERROR)
+ * returns -1 if recv returns < 0
+ *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
  *
  * Caller must hold the recv buf lock.
  *
  * The Gather state machine has 3 states:  GS_INIT, GS_HEADER, GS_DATA.
  * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
  * GS_DATA:   waiting for the body of the SSL3 record   to come in.
  *
  * This loop returns when either
  *      (a) an error or EOF occurs,
- *	(b) PR_WOULD_BLOCK_ERROR,
- * 	(c) data (entire SSL3 record) has been received.
+ *  (b) PR_WOULD_BLOCK_ERROR,
+ *  (c) data (entire SSL3 record) has been received.
  */
 static int
 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
 {
     unsigned char *bp;
     unsigned char *lbp;
-    int            nb;
-    int            err;
-    int            rv		= 1;
+    int nb;
+    int err;
+    int rv = 1;
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     if (gs->state == GS_INIT) {
-	gs->state       = GS_HEADER;
-	gs->remainder   = 5;
-	gs->offset      = 0;
-	gs->writeOffset = 0;
-	gs->readOffset  = 0;
-	gs->inbuf.len   = 0;
+        gs->state = GS_HEADER;
+        gs->remainder = 5;
+        gs->offset = 0;
+        gs->writeOffset = 0;
+        gs->readOffset = 0;
+        gs->inbuf.len = 0;
     }
-    
+
     lbp = gs->inbuf.buf;
-    for(;;) {
-	SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
-		SSL_GETPID(), ss->fd, gs->state, gs->remainder));
-	bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
-	nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
+    for (;;) {
+        SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
+                     SSL_GETPID(), ss->fd, gs->state, gs->remainder));
+        bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
+        nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
 
-	if (nb > 0) {
-	    PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
-	} else if (nb == 0) {
-	    /* EOF */
-	    SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
-	    rv = 0;
-	    break;
-	} else /* if (nb < 0) */ {
-	    SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
-		     PR_GetError()));
-	    rv = SECFailure;
-	    break;
-	}
+        if (nb > 0) {
+            PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
+        }
+        else if (nb == 0) {
+            /* EOF */
+            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
+            rv = 0;
+            break;
+        }
+        else /* if (nb < 0) */ {
+            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
+                     PR_GetError()));
+            rv = SECFailure;
+            break;
+        }
 
-	PORT_Assert( (unsigned int)nb <= gs->remainder );
-	if ((unsigned int)nb > gs->remainder) {
-	    /* ssl_DefRecv is misbehaving!  this error is fatal to SSL. */
-	    gs->state = GS_INIT;         /* so we don't crash next time */
-	    rv = SECFailure;
-	    break;
-	}
+        PORT_Assert((unsigned int)nb <= gs->remainder);
+        if ((unsigned int)nb > gs->remainder) {
+            /* ssl_DefRecv is misbehaving!  this error is fatal to SSL. */
+            gs->state = GS_INIT; /* so we don't crash next time */
+            rv = SECFailure;
+            break;
+        }
 
-	gs->offset    += nb;
-	gs->remainder -= nb;
-	if (gs->state == GS_DATA)
-	    gs->inbuf.len += nb;
+        gs->offset += nb;
+        gs->remainder -= nb;
+        if (gs->state == GS_DATA)
+            gs->inbuf.len += nb;
 
-	/* if there's more to go, read some more. */
-	if (gs->remainder > 0) {
-	    continue;
-	}
+        /* if there's more to go, read some more. */
+        if (gs->remainder > 0) {
+            continue;
+        }
 
-	/* have received entire record header, or entire record. */
-	switch (gs->state) {
-	case GS_HEADER:
-	    /*
-	    ** Have received SSL3 record header in gs->hdr.
-	    ** Now extract the length of the following encrypted data, 
-	    ** and then read in the rest of the SSL3 record into gs->inbuf.
-	    */
-	    gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
+        /* have received entire record header, or entire record. */
+        switch (gs->state) {
+            case GS_HEADER:
+              /*
+              ** Have received SSL3 record header in gs->hdr.
+              ** Now extract the length of the following encrypted data,
+              ** and then read in the rest of the SSL3 record into gs->inbuf.
+              */
+                gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
 
-	    /* This is the max fragment length for an encrypted fragment
-	    ** plus the size of the record header.
-	    */
-	    if(gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
-		SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-		gs->state = GS_INIT;
-		PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
-		return SECFailure;
-	    }
+                /* This is the max fragment length for an encrypted fragment
+                ** plus the size of the record header.
+                */
+                if (gs->remainder > (MAX_FRAGMENT_LENGTH + 2048 + 5)) {
+                    SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                    gs->state = GS_INIT;
+                    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+                    return SECFailure;
+                }
 
-	    gs->state     = GS_DATA;
-	    gs->offset    = 0;
-	    gs->inbuf.len = 0;
+                gs->state = GS_DATA;
+                gs->offset = 0;
+                gs->inbuf.len = 0;
 
-	    if (gs->remainder > gs->inbuf.space) {
-		err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
-		if (err) {	/* realloc has set error code to no mem. */
-		    return err;
-		}
-		lbp = gs->inbuf.buf;
-	    }
-	    break;	/* End this case.  Continue around the loop. */
+                if (gs->remainder > gs->inbuf.space) {
+                    err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
+                    if (err) { /* realloc has set error code to no mem. */
+                        return err;
+                    }
+                    lbp = gs->inbuf.buf;
+                }
+                break; /* End this case.  Continue around the loop. */
 
-
-	case GS_DATA:
-	    /* 
-	    ** SSL3 record has been completely received.
-	    */
-	    gs->state = GS_INIT;
-	    return 1;
-	}
+            case GS_DATA:
+                /*
+                ** SSL3 record has been completely received.
+                */
+                gs->state = GS_INIT;
+                return 1;
+        }
     }
 
     return rv;
 }
 
 /*
  * Read in an entire DTLS record.
  *
  * Blocks here for blocking sockets, otherwise returns -1 with
- * 	PR_WOULD_BLOCK_ERROR when socket would block.
+ *  PR_WOULD_BLOCK_ERROR when socket would block.
  *
  * This is simpler than SSL because we are reading on a datagram socket
  * and datagrams must contain >=1 complete records.
  *
  * returns  1 if received a complete DTLS record.
  * returns  0 if recv returns EOF
  * returns -1 if recv returns < 0
- *	(The error value may have already been set to PR_WOULD_BLOCK_ERROR)
+ *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
  *
  * Caller must hold the recv buf lock.
  *
  * This loop returns when either
  *      (a) an error or EOF occurs,
- *	(b) PR_WOULD_BLOCK_ERROR,
- * 	(c) data (entire DTLS record) has been received.
+ *  (b) PR_WOULD_BLOCK_ERROR,
+ *  (c) data (entire DTLS record) has been received.
  */
 static int
 dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
 {
-    int            nb;
-    int            err;
-    int            rv		= 1;
+    int nb;
+    int err;
+    int rv = 1;
 
     SSL_TRC(30, ("dtls_GatherData"));
 
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
 
     gs->state = GS_HEADER;
     gs->offset = 0;
 
-    if (gs->dtlsPacketOffset == gs->dtlsPacket.len) {  /* No data left */
+    if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
         gs->dtlsPacketOffset = 0;
         gs->dtlsPacket.len = 0;
 
         /* Resize to the maximum possible size so we can fit a full datagram */
-	/* This is the max fragment length for an encrypted fragment
-	** plus the size of the record header.
-	** This magic constant is copied from ssl3_GatherData, with 5 changed
-	** to 13 (the size of the record header).
-	*/
+        /* This is the max fragment length for an encrypted fragment
+        ** plus the size of the record header.
+        ** This magic constant is copied from ssl3_GatherData, with 5 changed
+        ** to 13 (the size of the record header).
+        */
         if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
             err = sslBuffer_Grow(&gs->dtlsPacket,
-				 MAX_FRAGMENT_LENGTH + 2048 + 13);
-            if (err) {	/* realloc has set error code to no mem. */
+                                 MAX_FRAGMENT_LENGTH + 2048 + 13);
+            if (err) { /* realloc has set error code to no mem. */
                 return err;
             }
         }
 
         /* recv() needs to read a full datagram at a time */
         nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
 
         if (nb > 0) {
             PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
-        } else if (nb == 0) {
+        }
+        else if (nb == 0) {
             /* EOF */
             SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
             rv = 0;
             return rv;
-        } else /* if (nb < 0) */ {
+        }
+        else /* if (nb < 0) */ {
             SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
                      PR_GetError()));
             rv = SECFailure;
             return rv;
         }
 
         gs->dtlsPacket.len = nb;
     }
 
     /* At this point we should have >=1 complete records lined up in
      * dtlsPacket. Read off the header.
      */
     if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
         SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
-		 "too short to contain header", SSL_GETPID(), ss->fd));
+                 "too short to contain header",
+                 SSL_GETPID(), ss->fd));
         PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
         gs->dtlsPacketOffset = 0;
         gs->dtlsPacket.len = 0;
         rv = SECFailure;
         return rv;
     }
     memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
     gs->dtlsPacketOffset += 13;
 
     /* Have received SSL3 record header in gs->hdr. */
     gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
 
     if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
         SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
-		 "to contain rest of body", SSL_GETPID(), ss->fd));
+                 "to contain rest of body",
+                 SSL_GETPID(), ss->fd));
         PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
         gs->dtlsPacketOffset = 0;
         gs->dtlsPacket.len = 0;
         rv = SECFailure;
         return rv;
     }
 
     /* OK, we have at least one complete packet, copy into inbuf */
     if (gs->remainder > gs->inbuf.space) {
-	err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
-	if (err) {	/* realloc has set error code to no mem. */
-	    return err;
-	}
+        err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
+        if (err) { /* realloc has set error code to no mem. */
+            return err;
+        }
     }
 
     memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
-	   gs->remainder);
+           gs->remainder);
     gs->inbuf.len = gs->remainder;
     gs->offset = gs->remainder;
     gs->dtlsPacketOffset += gs->remainder;
     gs->state = GS_INIT;
 
     return 1;
 }
 
 /* Gather in a record and when complete, Handle that record.
- * Repeat this until the handshake is complete, 
+ * Repeat this until the handshake is complete,
  * or until application data is available.
  *
- * Returns  1 when the handshake is completed without error, or 
+ * Returns  1 when the handshake is completed without error, or
  *                 application data is available.
  * Returns  0 if ssl3_GatherData hits EOF.
  * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
  * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
  *
- * Called from ssl_GatherRecord1stHandshake       in sslcon.c, 
+ * Called from ssl_GatherRecord1stHandshake       in sslcon.c,
  *    and from SSL_ForceHandshake in sslsecur.c
  *    and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
  *
  * Caller must hold the recv buf lock.
  */
 int
 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
 {
     SSL3Ciphertext cText;
-    int            rv;
-    PRBool         keepGoing = PR_TRUE;
+    int rv;
+    PRBool keepGoing = PR_TRUE;
 
     SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
 
     /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
      * which requires the 1stHandshakeLock, which must be acquired before the
      * RecvBufLock.
      */
-    PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
-    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
 
     do {
-	PRBool handleRecordNow = PR_FALSE;
+        PRBool handleRecordNow = PR_FALSE;
 
-	ssl_GetSSL3HandshakeLock(ss);
+        ssl_GetSSL3HandshakeLock(ss);
 
-	/* Without this, we may end up wrongly reporting
-	 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
-	 * peer while we are waiting to be restarted.
-	 */
-	if (ss->ssl3.hs.restartTarget) {
-	    ssl_ReleaseSSL3HandshakeLock(ss);
-	    PORT_SetError(PR_WOULD_BLOCK_ERROR);
-	    return (int) SECFailure;
-	}
+        /* Without this, we may end up wrongly reporting
+         * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
+         * peer while we are waiting to be restarted.
+         */
+        if (ss->ssl3.hs.restartTarget) {
+            ssl_ReleaseSSL3HandshakeLock(ss);
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+            return (int)SECFailure;
+        }
 
-	/* Treat an empty msgState like a NULL msgState. (Most of the time
-	 * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
-	 * behind a non-NULL but zero-length msgState).
-	 * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
-	 */
-	if (ss->ssl3.hs.msgState.buf) {
-	    if (ss->ssl3.hs.msgState.len == 0) {
-		ss->ssl3.hs.msgState.buf = NULL;
-	    } else {
-		handleRecordNow = PR_TRUE;
-	    }
-	}
+        /* Treat an empty msgState like a NULL msgState. (Most of the time
+         * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
+         * behind a non-NULL but zero-length msgState).
+         * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
+         */
+        if (ss->ssl3.hs.msgState.buf) {
+            if (ss->ssl3.hs.msgState.len == 0) {
+                ss->ssl3.hs.msgState.buf = NULL;
+            }
+            else {
+                handleRecordNow = PR_TRUE;
+            }
+        }
 
-	ssl_ReleaseSSL3HandshakeLock(ss);
+        ssl_ReleaseSSL3HandshakeLock(ss);
 
-	if (handleRecordNow) {
-	    /* ssl3_HandleHandshake previously returned SECWouldBlock and the
-	     * as-yet-unprocessed plaintext of that previous handshake record.
-	     * We need to process it now before we overwrite it with the next
-	     * handshake record.
-	     */
-	    rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
-	} else {
-	    /* bring in the next sslv3 record. */
-	    if (ss->recvdCloseNotify) {
-		/* RFC 5246 Section 7.2.1:
-		 *   Any data received after a closure alert is ignored.
-		 */
-		return 0;
-	    }
-	    if (!IS_DTLS(ss)) {
-		rv = ssl3_GatherData(ss, &ss->gs, flags);
-	    } else {
-		rv = dtls_GatherData(ss, &ss->gs, flags);
-		
-		/* If we got a would block error, that means that no data was
-		 * available, so we check the timer to see if it's time to
-		 * retransmit */
-		if (rv == SECFailure &&
-		    (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
-		    ssl_GetSSL3HandshakeLock(ss);
-		    dtls_CheckTimer(ss);
-		    ssl_ReleaseSSL3HandshakeLock(ss);
-		    /* Restore the error in case something succeeded */
-		    PORT_SetError(PR_WOULD_BLOCK_ERROR);
-		}
-	    }
+        if (handleRecordNow) {
+            /* ssl3_HandleHandshake previously returned SECWouldBlock and the
+             * as-yet-unprocessed plaintext of that previous handshake record.
+             * We need to process it now before we overwrite it with the next
+             * handshake record.
+             */
+            rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
+        }
+        else {
+            /* bring in the next sslv3 record. */
+            if (ss->recvdCloseNotify) {
+                /* RFC 5246 Section 7.2.1:
+                 *   Any data received after a closure alert is ignored.
+                 */
+                return 0;
+            }
+            if (!IS_DTLS(ss)) {
+                rv = ssl3_GatherData(ss, &ss->gs, flags);
+            }
+            else {
+                rv = dtls_GatherData(ss, &ss->gs, flags);
 
-	    if (rv <= 0) {
-		return rv;
-	    }
+                /* If we got a would block error, that means that no data was
+                 * available, so we check the timer to see if it's time to
+                 * retransmit */
+                if (rv == SECFailure &&
+                    (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
+                    ssl_GetSSL3HandshakeLock(ss);
+                    dtls_CheckTimer(ss);
+                    ssl_ReleaseSSL3HandshakeLock(ss);
+                    /* Restore the error in case something succeeded */
+                    PORT_SetError(PR_WOULD_BLOCK_ERROR);
+                }
+            }
+
+            if (rv <= 0) {
+                return rv;
+            }
 
-	    /* decipher it, and handle it if it's a handshake.
-	     * If it's application data, ss->gs.buf will not be empty upon return.
-	     * If it's a change cipher spec, alert, or handshake message,
-	     * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
-	     */
-	    cText.type    = (SSL3ContentType)ss->gs.hdr[0];
-	    cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+            /* decipher it, and handle it if it's a handshake.
+             * If it's application data, ss->gs.buf will not be empty upon return.
+             * If it's a change cipher spec, alert, or handshake message,
+             * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
+             */
+            cText.type = (SSL3ContentType)ss->gs.hdr[0];
+            cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+
+            if (IS_DTLS(ss)) {
+                int i;
 
-	    if (IS_DTLS(ss)) {
-		int i;
-
-		cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
-		/* DTLS sequence number */
-		cText.seq_num.high = 0; cText.seq_num.low = 0;
-		for (i = 0; i < 4; i++) {
-		    cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;
-		    cText.seq_num.high |= ss->gs.hdr[3 + i];
-