Bug 1254918 - clang-format NSS: cmd, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 21 Apr 2016 21:50:20 +0200
changeset 12092 e812f2193f12db8ffee2f3a5f0bb407d4e73a682
parent 12091 a8ed4278b46a57d735bcd439afe311f5ba9b496b
child 12093 7385cd8217356eec95efe6d23eeafa07d40b9f06
push id1153
push userkaie@kuix.de
push dateThu, 21 Apr 2016 19:50:33 +0000
reviewerskaie
bugs1254918
Bug 1254918 - clang-format NSS: cmd, r=kaie
cmd/addbuiltin/addbuiltin.c
cmd/atob/atob.c
cmd/bltest/blapitest.c
cmd/bltest/tests/aes_gcm/hex.c
cmd/btoa/btoa.c
cmd/certcgi/certcgi.c
cmd/certutil/certext.c
cmd/certutil/certutil.c
cmd/certutil/certutil.h
cmd/certutil/keystuff.c
cmd/chktest/chktest.c
cmd/crlutil/crlgen.c
cmd/crlutil/crlgen.h
cmd/crlutil/crlgen_lex.c
cmd/crlutil/crlutil.c
cmd/crmf-cgi/crmfcgi.c
cmd/crmftest/testcrmf.c
cmd/dbck/dbck.c
cmd/dbck/dbrecover.c
cmd/dbtest/dbtest.c
cmd/derdump/derdump.c
cmd/digest/digest.c
cmd/ecperf/ecperf.c
cmd/fipstest/aes.sh
cmd/fipstest/fipstest.c
cmd/httpserv/httpserv.c
cmd/lib/basicutil.c
cmd/lib/basicutil.h
cmd/lib/berparse.c
cmd/lib/derprint.c
cmd/lib/ffs.c
cmd/lib/moreoids.c
cmd/lib/pk11table.c
cmd/lib/pk11table.h
cmd/lib/pppolicy.c
cmd/lib/secpwd.c
cmd/lib/secutil.c
cmd/lib/secutil.h
cmd/libpkix/perf/libpkix_buildthreads.c
cmd/libpkix/perf/nss_threads.c
cmd/libpkix/pkix/certsel/test_certselector.c
cmd/libpkix/pkix/certsel/test_comcertselparams.c
cmd/libpkix/pkix/checker/test_certchainchecker.c
cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
cmd/libpkix/pkix/crlsel/test_crlselector.c
cmd/libpkix/pkix/params/test_procparams.c
cmd/libpkix/pkix/params/test_resourcelimits.c
cmd/libpkix/pkix/params/test_trustanchor.c
cmd/libpkix/pkix/params/test_valparams.c
cmd/libpkix/pkix/results/test_buildresult.c
cmd/libpkix/pkix/results/test_policynode.c
cmd/libpkix/pkix/results/test_valresult.c
cmd/libpkix/pkix/results/test_verifynode.c
cmd/libpkix/pkix/store/test_store.c
cmd/libpkix/pkix/top/test_basicchecker.c
cmd/libpkix/pkix/top/test_basicconstraintschecker.c
cmd/libpkix/pkix/top/test_buildchain.c
cmd/libpkix/pkix/top/test_buildchain_partialchain.c
cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
cmd/libpkix/pkix/top/test_buildchain_uchecker.c
cmd/libpkix/pkix/top/test_customcrlchecker.c
cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
cmd/libpkix/pkix/top/test_ocsp.c
cmd/libpkix/pkix/top/test_policychecker.c
cmd/libpkix/pkix/top/test_subjaltnamechecker.c
cmd/libpkix/pkix/top/test_validatechain.c
cmd/libpkix/pkix/top/test_validatechain_NB.c
cmd/libpkix/pkix/top/test_validatechain_bc.c
cmd/libpkix/pkix/util/test_error.c
cmd/libpkix/pkix/util/test_list.c
cmd/libpkix/pkix/util/test_list2.c
cmd/libpkix/pkix/util/test_logger.c
cmd/libpkix/pkix_pl/module/test_colcertstore.c
cmd/libpkix/pkix_pl/module/test_ekuchecker.c
cmd/libpkix/pkix_pl/module/test_httpcertstore.c
cmd/libpkix/pkix_pl/module/test_pk11certstore.c
cmd/libpkix/pkix_pl/module/test_socket.c
cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
cmd/libpkix/pkix_pl/pki/test_cert.c
cmd/libpkix/pkix_pl/pki/test_crl.c
cmd/libpkix/pkix_pl/pki/test_crlentry.c
cmd/libpkix/pkix_pl/pki/test_date.c
cmd/libpkix/pkix_pl/pki/test_generalname.c
cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
cmd/libpkix/pkix_pl/pki/test_x500name.c
cmd/libpkix/pkix_pl/system/stress_test.c
cmd/libpkix/pkix_pl/system/test_bigint.c
cmd/libpkix/pkix_pl/system/test_bytearray.c
cmd/libpkix/pkix_pl/system/test_hashtable.c
cmd/libpkix/pkix_pl/system/test_mem.c
cmd/libpkix/pkix_pl/system/test_monitorlock.c
cmd/libpkix/pkix_pl/system/test_mutex.c
cmd/libpkix/pkix_pl/system/test_mutex2.c
cmd/libpkix/pkix_pl/system/test_mutex3.c
cmd/libpkix/pkix_pl/system/test_object.c
cmd/libpkix/pkix_pl/system/test_oid.c
cmd/libpkix/pkix_pl/system/test_rwlock.c
cmd/libpkix/pkix_pl/system/test_string.c
cmd/libpkix/pkix_pl/system/test_string2.c
cmd/libpkix/pkixutil/pkixutil.c
cmd/libpkix/sample_apps/build_chain.c
cmd/libpkix/sample_apps/dumpcert.c
cmd/libpkix/sample_apps/dumpcrl.c
cmd/libpkix/sample_apps/validate_chain.c
cmd/libpkix/testutil/testutil.c
cmd/libpkix/testutil/testutil.h
cmd/libpkix/testutil/testutil_nss.c
cmd/libpkix/testutil/testutil_nss.h
cmd/listsuites/listsuites.c
cmd/lowhashtest/lowhashtest.c
cmd/makepqg/makepqg.c
cmd/modutil/error.h
cmd/modutil/install-ds.c
cmd/modutil/install-ds.h
cmd/modutil/install.c
cmd/modutil/install.h
cmd/modutil/installparse.c
cmd/modutil/instsec.c
cmd/modutil/lex.Pk11Install_yy.c
cmd/modutil/modutil.c
cmd/modutil/modutil.h
cmd/modutil/pk11.c
cmd/multinit/multinit.c
cmd/ocspclnt/ocspclnt.c
cmd/ocspresp/ocspresp.c
cmd/oidcalc/oidcalc.c
cmd/p7content/p7content.c
cmd/p7env/p7env.c
cmd/p7sign/p7sign.c
cmd/p7verify/p7verify.c
cmd/pk11gcmtest/pk11gcmtest.c
cmd/pk11mode/pk11mode.c
cmd/pk11util/pk11util.c
cmd/pk12util/pk12util.c
cmd/pk12util/pk12util.h
cmd/pk1sign/pk1sign.c
cmd/pkix-errcodes/pkix-errcodes.c
cmd/pp/pp.c
cmd/ppcertdata/ppcertdata.c
cmd/pwdecrypt/pwdecrypt.c
cmd/rsaperf/defkey.c
cmd/rsaperf/rsaperf.c
cmd/rsapoptst/rsapoptst.c
cmd/sdrtest/sdrtest.c
cmd/selfserv/selfserv.c
cmd/shlibsign/mangle/mangle.c
cmd/shlibsign/shlibsign.c
cmd/signtool/certgen.c
cmd/signtool/javascript.c
cmd/signtool/list.c
cmd/signtool/sign.c
cmd/signtool/signtool.c
cmd/signtool/signtool.h
cmd/signtool/util.c
cmd/signtool/verify.c
cmd/signtool/zip.c
cmd/signtool/zip.h
cmd/signver/pk7print.c
cmd/signver/signver.c
cmd/smimetools/cmsutil.c
cmd/ssltap/ssltap.c
cmd/strsclnt/strsclnt.c
cmd/symkeyutil/symkeyutil.c
cmd/tests/baddbdir.c
cmd/tests/conflict.c
cmd/tests/dertimetest.c
cmd/tests/encodeinttest.c
cmd/tests/nonspr10.c
cmd/tests/remtest.c
cmd/tests/secmodtest.c
cmd/tstclnt/tstclnt.c
cmd/vfychain/vfychain.c
cmd/vfyserv/vfyserv.c
cmd/vfyserv/vfyserv.h
cmd/vfyserv/vfyutil.c
--- a/cmd/addbuiltin/addbuiltin.c
+++ b/cmd/addbuiltin/addbuiltin.c
@@ -13,148 +13,152 @@
 #include "secutil.h"
 #include "pk11func.h"
 
 #if defined(WIN32)
 #include <fcntl.h>
 #include <io.h>
 #endif
 
-void dumpbytes(unsigned char *buf, int len)
+void
+dumpbytes(unsigned char *buf, int len)
 {
     int i;
-    for (i=0; i < len; i++) {
-	if ((i !=0) && ((i & 0xf) == 0)) {
-	    printf("\n");
-	}
-	printf("\\%03o",buf[i]);
+    for (i = 0; i < len; i++) {
+        if ((i != 0) && ((i & 0xf) == 0)) {
+            printf("\n");
+        }
+        printf("\\%03o", buf[i]);
     }
     printf("\n");
 }
 
-char *getTrustString(unsigned int trust)
+char *
+getTrustString(unsigned int trust)
 {
     if (trust & CERTDB_TRUSTED) {
-	if (trust & CERTDB_TRUSTED_CA) {
-		return "CKT_NSS_TRUSTED_DELEGATOR";
-	} else {
-		return "CKT_NSS_TRUSTED";
-	}
+        if (trust & CERTDB_TRUSTED_CA) {
+            return "CKT_NSS_TRUSTED_DELEGATOR";
+        } else {
+            return "CKT_NSS_TRUSTED";
+        }
     } else {
-	if (trust & CERTDB_TRUSTED_CA) {
-		return "CKT_NSS_TRUSTED_DELEGATOR";
-	} else if (trust & CERTDB_VALID_CA) {
-		return "CKT_NSS_VALID_DELEGATOR";
-	} else if (trust & CERTDB_TERMINAL_RECORD) {
-		return "CKT_NSS_NOT_TRUSTED";
-	} else {
-		return "CKT_NSS_MUST_VERIFY_TRUST";
-	}
+        if (trust & CERTDB_TRUSTED_CA) {
+            return "CKT_NSS_TRUSTED_DELEGATOR";
+        } else if (trust & CERTDB_VALID_CA) {
+            return "CKT_NSS_VALID_DELEGATOR";
+        } else if (trust & CERTDB_TERMINAL_RECORD) {
+            return "CKT_NSS_NOT_TRUSTED";
+        } else {
+            return "CKT_NSS_MUST_VERIFY_TRUST";
+        }
     }
     return "CKT_NSS_TRUST_UNKNOWN"; /* not reached */
 }
 
 static const SEC_ASN1Template serialTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) },
+    { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
     { 0 }
 };
 
-void print_crl_info(CERTName *name, SECItem *serial)
+void
+print_crl_info(CERTName *name, SECItem *serial)
 {
     PRBool saveWrapeState = SECU_GetWrapEnabled();
     SECU_EnableWrap(PR_FALSE);
 
     SECU_PrintNameQuotesOptional(stdout, name, "# Issuer", 0, PR_FALSE);
     printf("\n");
-    
+
     SECU_PrintInteger(stdout, serial, "# Serial Number", 0);
 
     SECU_EnableWrap(saveWrapeState);
 }
 
 static SECStatus
 ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
 {
     int rv;
     PLArenaPool *arena = NULL;
     CERTSignedCrl *newCrl = NULL;
     CERTCrlEntry *entry;
-    
+
     CERTName *name = NULL;
     SECItem *derName = NULL;
     SECItem *serial = NULL;
-    
+
     rv = SEC_ERROR_NO_MEMORY;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
-    	return rv;
+        return rv;
 
     newCrl = CERT_DecodeDERCrlWithFlags(arena, sdder, SEC_CRL_TYPE,
-					CRL_DECODE_DEFAULT_OPTIONS);
+                                        CRL_DECODE_DEFAULT_OPTIONS);
     if (!newCrl)
-    	return SECFailure;
-    
+        return SECFailure;
+
     name = &newCrl->crl.name;
     derName = &newCrl->crl.derName;
-    
+
     if (newCrl->crl.entries != NULL) {
-	PRInt32 iv = 0;
-	while ((entry = newCrl->crl.entries[iv++]) != NULL) {
-	    if (crlentry == iv) {
-		serial = &entry->serialNumber;
-		break;
-	    }
-	}
+        PRInt32 iv = 0;
+        while ((entry = newCrl->crl.entries[iv++]) != NULL) {
+            if (crlentry == iv) {
+                serial = &entry->serialNumber;
+                break;
+            }
+        }
     }
-    
+
     if (!name || !derName || !serial)
-    	return SECFailure;
-    
-    printf("\n# Distrust \"%s\"\n",nickname);
+        return SECFailure;
+
+    printf("\n# Distrust \"%s\"\n", nickname);
     print_crl_info(name, serial);
 
     printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
     printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
     printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
     printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
-    printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
-    
+    printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
     printf("CKA_ISSUER MULTILINE_OCTAL\n");
-    dumpbytes(derName->data,derName->len);
+    dumpbytes(derName->data, derName->len);
     printf("END\n");
     printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
     printf("\\002\\%03o", serial->len); /* 002: type integer; len >=3 digits */
-    dumpbytes(serial->data,serial->len);
+    dumpbytes(serial->data, serial->len);
     printf("END\n");
-    
+
     printf("CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED\n");
     printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED\n");
     printf("CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED\n");
     printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE\n");
 
-    PORT_FreeArena (arena, PR_FALSE);
+    PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
-void print_info(SECItem *sdder, CERTCertificate *c)
+void
+print_info(SECItem *sdder, CERTCertificate *c)
 {
     PRBool saveWrapeState = SECU_GetWrapEnabled();
     SECU_EnableWrap(PR_FALSE);
 
     SECU_PrintNameQuotesOptional(stdout, &c->issuer, "# Issuer", 0, PR_FALSE);
     printf("\n");
-    
+
     SECU_PrintInteger(stdout, &c->serialNumber, "# Serial Number", 0);
 
     SECU_PrintNameQuotesOptional(stdout, &c->subject, "# Subject", 0, PR_FALSE);
     printf("\n");
 
     SECU_PrintTimeChoice(stdout, &c->validity.notBefore, "# Not Valid Before", 0);
-    SECU_PrintTimeChoice(stdout, &c->validity.notAfter,  "# Not Valid After ", 0);
-    
+    SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
+
     SECU_PrintFingerprints(stdout, sdder, "# Fingerprint", 0);
 
     SECU_EnableWrap(saveWrapeState);
 }
 
 static SECStatus
 ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
                    PRBool excludeCert, PRBool excludeHash)
@@ -164,200 +168,202 @@ ConvertCertificate(SECItem *sdder, char 
     unsigned char sha1_hash[SHA1_LENGTH];
     unsigned char md5_hash[MD5_LENGTH];
     SECItem *serial = NULL;
     PRBool step_up = PR_FALSE;
     const char *trust_info;
 
     cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname);
     if (!cert) {
-	return SECFailure;
+        return SECFailure;
     }
-    serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate);
+    serial = SEC_ASN1EncodeItem(NULL, NULL, cert, serialTemplate);
     if (!serial) {
-	return SECFailure;
+        return SECFailure;
     }
-    
+
     if (!excludeCert) {
-	printf("\n#\n# Certificate \"%s\"\n#\n",nickname);
-	print_info(sdder, cert);
-	printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
-	printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
-	printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
-	printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
-	printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
-	printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
-	printf("CKA_SUBJECT MULTILINE_OCTAL\n");
-	dumpbytes(cert->derSubject.data,cert->derSubject.len);
-	printf("END\n");
-	printf("CKA_ID UTF8 \"0\"\n");
-	printf("CKA_ISSUER MULTILINE_OCTAL\n");
-	dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
-	printf("END\n");
-	printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
-	dumpbytes(serial->data,serial->len);
-	printf("END\n");
-	printf("CKA_VALUE MULTILINE_OCTAL\n");
-	dumpbytes(sdder->data,sdder->len);
-	printf("END\n");
+        printf("\n#\n# Certificate \"%s\"\n#\n", nickname);
+        print_info(sdder, cert);
+        printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
+        printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+        printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+        printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+        printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+        printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
+        printf("CKA_SUBJECT MULTILINE_OCTAL\n");
+        dumpbytes(cert->derSubject.data, cert->derSubject.len);
+        printf("END\n");
+        printf("CKA_ID UTF8 \"0\"\n");
+        printf("CKA_ISSUER MULTILINE_OCTAL\n");
+        dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
+        printf("END\n");
+        printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+        dumpbytes(serial->data, serial->len);
+        printf("END\n");
+        printf("CKA_VALUE MULTILINE_OCTAL\n");
+        dumpbytes(sdder->data, sdder->len);
+        printf("END\n");
     }
-    
-    if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) 
-         == CERTDB_TERMINAL_RECORD)
-      trust_info = "Distrust";
+
+    if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
+        CERTDB_TERMINAL_RECORD)
+        trust_info = "Distrust";
     else
-      trust_info = "Trust for";
-    
+        trust_info = "Trust for";
+
     printf("\n# %s \"%s\"\n", trust_info, nickname);
     print_info(sdder, cert);
 
     printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
     printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
     printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
     printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
-    printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
-    
+    printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
     if (!excludeHash) {
-	PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
-	printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
-	dumpbytes(sha1_hash,SHA1_LENGTH);
-	printf("END\n");
-	PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
-	printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
-	dumpbytes(md5_hash,MD5_LENGTH);
-	printf("END\n");
+        PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
+        printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
+        dumpbytes(sha1_hash, SHA1_LENGTH);
+        printf("END\n");
+        PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
+        printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
+        dumpbytes(md5_hash, MD5_LENGTH);
+        printf("END\n");
     }
 
     printf("CKA_ISSUER MULTILINE_OCTAL\n");
-    dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
+    dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
     printf("END\n");
     printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
-    dumpbytes(serial->data,serial->len);
+    dumpbytes(serial->data, serial->len);
     printf("END\n");
-    
+
     printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n",
-				getTrustString(trust->sslFlags));
+           getTrustString(trust->sslFlags));
     printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n",
-				getTrustString(trust->emailFlags));
+           getTrustString(trust->emailFlags));
     printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n",
-				getTrustString(trust->objectSigningFlags));
+           getTrustString(trust->objectSigningFlags));
 #ifdef notdef
     printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NSS_TRUSTED\n");
     printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
     printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
     printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
     printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
     printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
     printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
 #endif
-    
+
     step_up = (trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
     printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
-                step_up ? "CK_TRUE" : "CK_FALSE");
+           step_up ? "CK_TRUE" : "CK_FALSE");
 
     PORT_Free(sdder->data);
-    return(rv);
-
+    return (rv);
 }
 
-void printheader() {
+void
+printheader()
+{
     printf("# \n"
-"# This Source Code Form is subject to the terms of the Mozilla Public\n"
-"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
-"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
-     "#\n"
-     "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n"
-     "\n"
-     "#\n"
-     "# certdata.txt\n"
-     "#\n"
-     "# This file contains the object definitions for the certs and other\n"
-     "# information \"built into\" NSS.\n"
-     "#\n"
-     "# Object definitions:\n"
-     "#\n"
-     "#    Certificates\n"
-     "#\n"
-     "#  -- Attribute --          -- type --              -- value --\n"
-     "#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE\n"
-     "#  CKA_TOKEN                CK_BBOOL                CK_TRUE\n"
-     "#  CKA_PRIVATE              CK_BBOOL                CK_FALSE\n"
-     "#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE\n"
-     "#  CKA_LABEL                UTF8                    (varies)\n"
-     "#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509\n"
-     "#  CKA_SUBJECT              DER+base64              (varies)\n"
-     "#  CKA_ID                   byte array              (varies)\n"
-     "#  CKA_ISSUER               DER+base64              (varies)\n"
-     "#  CKA_SERIAL_NUMBER        DER+base64              (varies)\n"
-     "#  CKA_VALUE                DER+base64              (varies)\n"
-     "#  CKA_NSS_EMAIL            ASCII7                  (unused here)\n"
-     "#\n"
-     "#    Trust\n"
-     "#\n"
-     "#  -- Attribute --              -- type --          -- value --\n"
-     "#  CKA_CLASS                    CK_OBJECT_CLASS     CKO_TRUST\n"
-     "#  CKA_TOKEN                    CK_BBOOL            CK_TRUE\n"
-     "#  CKA_PRIVATE                  CK_BBOOL            CK_FALSE\n"
-     "#  CKA_MODIFIABLE               CK_BBOOL            CK_FALSE\n"
-     "#  CKA_LABEL                    UTF8                (varies)\n"
-     "#  CKA_ISSUER                   DER+base64          (varies)\n"
-     "#  CKA_SERIAL_NUMBER            DER+base64          (varies)\n"
-     "#  CKA_CERT_HASH                binary+base64       (varies)\n"
-     "#  CKA_EXPIRES                  CK_DATE             (not used here)\n"
-     "#  CKA_TRUST_DIGITAL_SIGNATURE  CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_NON_REPUDIATION    CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_KEY_ENCIPHERMENT   CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_DATA_ENCIPHERMENT  CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_KEY_AGREEMENT      CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_KEY_CERT_SIGN      CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_CRL_SIGN           CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_SERVER_AUTH        CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_CLIENT_AUTH        CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_CODE_SIGNING       CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_EMAIL_PROTECTION   CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_IPSEC_END_SYSTEM   CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_IPSEC_TUNNEL       CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_IPSEC_USER         CK_TRUST            (varies)\n"
-     "#  CKA_TRUST_TIME_STAMPING      CK_TRUST            (varies)\n"
-     "#  (other trust attributes can be defined)\n"
-     "#\n"
-     "\n"
-     "#\n"
-     "# The object to tell NSS that this is a root list and we don't\n"
-     "# have to go looking for others.\n"
-     "#\n"
-     "BEGINDATA\n"
-     "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
-     "CKA_TOKEN CK_BBOOL CK_TRUE\n"
-     "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
-     "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
-     "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
+           "# This Source Code Form is subject to the terms of the Mozilla Public\n"
+           "# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
+           "# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
+           "#\n"
+           "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n"
+           "\n"
+           "#\n"
+           "# certdata.txt\n"
+           "#\n"
+           "# This file contains the object definitions for the certs and other\n"
+           "# information \"built into\" NSS.\n"
+           "#\n"
+           "# Object definitions:\n"
+           "#\n"
+           "#    Certificates\n"
+           "#\n"
+           "#  -- Attribute --          -- type --              -- value --\n"
+           "#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE\n"
+           "#  CKA_TOKEN                CK_BBOOL                CK_TRUE\n"
+           "#  CKA_PRIVATE              CK_BBOOL                CK_FALSE\n"
+           "#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE\n"
+           "#  CKA_LABEL                UTF8                    (varies)\n"
+           "#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509\n"
+           "#  CKA_SUBJECT              DER+base64              (varies)\n"
+           "#  CKA_ID                   byte array              (varies)\n"
+           "#  CKA_ISSUER               DER+base64              (varies)\n"
+           "#  CKA_SERIAL_NUMBER        DER+base64              (varies)\n"
+           "#  CKA_VALUE                DER+base64              (varies)\n"
+           "#  CKA_NSS_EMAIL            ASCII7                  (unused here)\n"
+           "#\n"
+           "#    Trust\n"
+           "#\n"
+           "#  -- Attribute --              -- type --          -- value --\n"
+           "#  CKA_CLASS                    CK_OBJECT_CLASS     CKO_TRUST\n"
+           "#  CKA_TOKEN                    CK_BBOOL            CK_TRUE\n"
+           "#  CKA_PRIVATE                  CK_BBOOL            CK_FALSE\n"
+           "#  CKA_MODIFIABLE               CK_BBOOL            CK_FALSE\n"
+           "#  CKA_LABEL                    UTF8                (varies)\n"
+           "#  CKA_ISSUER                   DER+base64          (varies)\n"
+           "#  CKA_SERIAL_NUMBER            DER+base64          (varies)\n"
+           "#  CKA_CERT_HASH                binary+base64       (varies)\n"
+           "#  CKA_EXPIRES                  CK_DATE             (not used here)\n"
+           "#  CKA_TRUST_DIGITAL_SIGNATURE  CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_NON_REPUDIATION    CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_ENCIPHERMENT   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_DATA_ENCIPHERMENT  CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_AGREEMENT      CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_CERT_SIGN      CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CRL_SIGN           CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_SERVER_AUTH        CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CLIENT_AUTH        CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CODE_SIGNING       CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_EMAIL_PROTECTION   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_END_SYSTEM   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_TUNNEL       CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_USER         CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_TIME_STAMPING      CK_TRUST            (varies)\n"
+           "#  (other trust attributes can be defined)\n"
+           "#\n"
+           "\n"
+           "#\n"
+           "# The object to tell NSS that this is a root list and we don't\n"
+           "# have to go looking for others.\n"
+           "#\n"
+           "BEGINDATA\n"
+           "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
+           "CKA_TOKEN CK_BBOOL CK_TRUE\n"
+           "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+           "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+           "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
 }
 
-static void Usage(char *progName)
+static void
+Usage(char *progName)
 {
     fprintf(stderr, "%s -t trust -n nickname [-i certfile] [-c] [-h]\n", progName);
-    fprintf(stderr, 
+    fprintf(stderr,
             "\tRead a der-encoded cert from certfile or stdin, and output\n"
             "\tit to stdout in a format suitable for the builtin root module.\n"
             "\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n",
             progName);
     fprintf(stderr, "%s -D -n label [-i certfile]\n", progName);
-    fprintf(stderr, 
+    fprintf(stderr,
             "\tRead a der-encoded cert from certfile or stdin, and output\n"
             "\ta distrust record.\n"
-	    "\t(-D is equivalent to -t p,p,p -c -h)\n");
+            "\t(-D is equivalent to -t p,p,p -c -h)\n");
     fprintf(stderr, "%s -C -e crl-entry-number -n label [-i crlfile]\n", progName);
-    fprintf(stderr, 
+    fprintf(stderr,
             "\tRead a CRL from crlfile or stdin, and output\n"
             "\ta distrust record (issuer+serial).\n"
-	    "\t(-C implies -c -h)\n");
+            "\t(-C implies -c -h)\n");
     fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust");
-    fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n", 
-                    "-n nickname");
+    fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
+            "-n nickname");
     fprintf(stderr, "%-15s a label for the distrust record.\n", "");
     fprintf(stderr, "%-15s exclude the certificate (only add a trust record)\n", "-c");
     fprintf(stderr, "%-15s exclude hash from trust record\n", "-h");
     fprintf(stderr, "%-15s     (useful to distrust any matching issuer/serial)\n", "");
     fprintf(stderr, "%-15s     (not allowed when adding positive trust)\n", "");
     fprintf(stderr, "%-15s a CRL entry number, as shown by \"crlutil -S\"\n", "-e");
     fprintf(stderr, "%-15s input file to read (default stdin)\n", "-i file");
     fprintf(stderr, "%-15s     (pipe through atob if the cert is b64-encoded)\n", "");
@@ -371,175 +377,173 @@ enum {
     opt_Distrust,
     opt_ExcludeCert,
     opt_ExcludeHash,
     opt_DistrustCRL,
     opt_CRLEnry
 };
 
 static secuCommandFlag addbuiltin_options[] =
-{
-	{ /* opt_Input         */  'i', PR_TRUE,  0, PR_FALSE },
-	{ /* opt_Nickname      */  'n', PR_TRUE,  0, PR_FALSE },
-	{ /* opt_Trust         */  't', PR_TRUE,  0, PR_FALSE },
-        { /* opt_Distrust      */  'D', PR_FALSE, 0, PR_FALSE },
-        { /* opt_ExcludeCert   */  'c', PR_FALSE, 0, PR_FALSE },
-        { /* opt_ExcludeHash   */  'h', PR_FALSE, 0, PR_FALSE },
-        { /* opt_DistrustCRL   */  'C', PR_FALSE, 0, PR_FALSE },
-        { /* opt_CRLEnry       */  'e', PR_TRUE,  0, PR_FALSE },
-};
+    {
+      { /* opt_Input         */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Nickname      */ 'n', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Trust         */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Distrust      */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ExcludeCert   */ 'c', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ExcludeHash   */ 'h', PR_FALSE, 0, PR_FALSE },
+      { /* opt_DistrustCRL   */ 'C', PR_FALSE, 0, PR_FALSE },
+      { /* opt_CRLEnry       */ 'e', PR_TRUE, 0, PR_FALSE },
+    };
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
     SECStatus rv;
     char *nickname = NULL;
     char *trusts = NULL;
     char *progName;
     PRFileDesc *infile;
     CERTCertTrust trust = { 0 };
     SECItem derItem = { 0 };
     PRInt32 crlentry = 0;
     PRInt32 mutuallyExclusiveOpts = 0;
     PRBool decodeTrust = PR_FALSE;
 
     secuCommand addbuiltin = { 0 };
-    addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag);
+    addbuiltin.numOptions = sizeof(addbuiltin_options) / sizeof(secuCommandFlag);
     addbuiltin.options = addbuiltin_options;
 
     progName = strrchr(argv[0], '/');
-    progName = progName ? progName+1 : argv[0];
+    progName = progName ? progName + 1 : argv[0];
 
     rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin);
 
     if (rv != SECSuccess)
-	Usage(progName);
-    
+        Usage(progName);
+
     if (addbuiltin.options[opt_Trust].activated)
-      ++mutuallyExclusiveOpts;
+        ++mutuallyExclusiveOpts;
     if (addbuiltin.options[opt_Distrust].activated)
-      ++mutuallyExclusiveOpts;
+        ++mutuallyExclusiveOpts;
     if (addbuiltin.options[opt_DistrustCRL].activated)
-      ++mutuallyExclusiveOpts;
+        ++mutuallyExclusiveOpts;
 
     if (mutuallyExclusiveOpts != 1) {
         fprintf(stderr, "%s: you must specify exactly one of -t or -D or -C\n",
                 progName);
         Usage(progName);
     }
-    
+
     if (addbuiltin.options[opt_DistrustCRL].activated) {
-	if (!addbuiltin.options[opt_CRLEnry].activated) {
-	    fprintf(stderr, "%s: you must specify the CRL entry number.\n",
-		    progName);
-	    Usage(progName);
-	}
-	else {
-	    crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
-	    if (crlentry < 1) {
-		fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
-			progName);
-		Usage(progName);
-	    }
-	}
+        if (!addbuiltin.options[opt_CRLEnry].activated) {
+            fprintf(stderr, "%s: you must specify the CRL entry number.\n",
+                    progName);
+            Usage(progName);
+        } else {
+            crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
+            if (crlentry < 1) {
+                fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
+                        progName);
+                Usage(progName);
+            }
+        }
     }
 
     if (!addbuiltin.options[opt_Nickname].activated) {
         fprintf(stderr, "%s: you must specify parameter -n (a nickname or a label).\n",
                 progName);
         Usage(progName);
     }
 
     if (addbuiltin.options[opt_Input].activated) {
-	infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
-	if (!infile) {
-	    fprintf(stderr, "%s: failed to open input file.\n", progName);
-	    exit(1);
-	}
+        infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
+        if (!infile) {
+            fprintf(stderr, "%s: failed to open input file.\n", progName);
+            exit(1);
+        }
     } else {
 #if defined(WIN32)
-	/* If we're going to read binary data from stdin, we must put stdin
+        /* If we're going to read binary data from stdin, we must put stdin
 	** into O_BINARY mode or else incoming \r\n's will become \n's,
 	** and latin-1 characters will be altered.
 	*/
 
-	int smrv = _setmode(_fileno(stdin), _O_BINARY);
-	if (smrv == -1) {
-	    fprintf(stderr,
-	    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
-	            progName);
-	    exit(1);
-	}
+        int smrv = _setmode(_fileno(stdin), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+                    progName);
+            exit(1);
+        }
 #endif
-	infile = PR_STDIN;
+        infile = PR_STDIN;
     }
 
 #if defined(WIN32)
     /* We must put stdout into O_BINARY mode or else the output will include
     ** carriage returns.
     */
     {
-	int smrv = _setmode(_fileno(stdout), _O_BINARY);
-	if (smrv == -1) {
-	    fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
-	    exit(1);
-	}
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
+            exit(1);
+        }
     }
 #endif
 
     nickname = strdup(addbuiltin.options[opt_Nickname].arg);
-    
+
     NSS_NoDB_Init(NULL);
 
     if (addbuiltin.options[opt_Distrust].activated ||
         addbuiltin.options[opt_DistrustCRL].activated) {
-      addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
-      addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
+        addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
+        addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
     }
-    
+
     if (addbuiltin.options[opt_Distrust].activated) {
         trusts = strdup("p,p,p");
-	decodeTrust = PR_TRUE;
-    }
-    else if (addbuiltin.options[opt_Trust].activated) {
+        decodeTrust = PR_TRUE;
+    } else if (addbuiltin.options[opt_Trust].activated) {
         trusts = strdup(addbuiltin.options[opt_Trust].arg);
-	decodeTrust = PR_TRUE;
+        decodeTrust = PR_TRUE;
     }
-    
+
     if (decodeTrust) {
-	rv = CERT_DecodeTrustString(&trust, trusts);
-	if (rv) {
-	    fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
-	    Usage(progName);
-	}
+        rv = CERT_DecodeTrustString(&trust, trusts);
+        if (rv) {
+            fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
+            Usage(progName);
+        }
     }
-    
+
     if (addbuiltin.options[opt_Trust].activated &&
         addbuiltin.options[opt_ExcludeHash].activated) {
-	if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) 
-	    != CERTDB_TERMINAL_RECORD) {
-	    fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
-	    Usage(progName);
-	}
+        if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) !=
+            CERTDB_TERMINAL_RECORD) {
+            fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
+            Usage(progName);
+        }
     }
 
     SECU_FileToItem(&derItem, infile);
-    
+
     /*printheader();*/
-    
+
     if (addbuiltin.options[opt_DistrustCRL].activated) {
-	rv = ConvertCRLEntry(&derItem, crlentry, nickname);
+        rv = ConvertCRLEntry(&derItem, crlentry, nickname);
+    } else {
+        rv = ConvertCertificate(&derItem, nickname, &trust,
+                                addbuiltin.options[opt_ExcludeCert].activated,
+                                addbuiltin.options[opt_ExcludeHash].activated);
+        if (rv) {
+            fprintf(stderr, "%s: failed to convert certificate.\n", progName);
+            exit(1);
+        }
     }
-    else {
-	rv = ConvertCertificate(&derItem, nickname, &trust, 
-				addbuiltin.options[opt_ExcludeCert].activated,
-				addbuiltin.options[opt_ExcludeHash].activated);
-	if (rv) {
-	    fprintf(stderr, "%s: failed to convert certificate.\n", progName);
-	    exit(1);
-	}
-    }
-    
+
     if (NSS_Shutdown() != SECSuccess) {
         exit(1);
     }
 
-    return(SECSuccess);
+    return (SECSuccess);
 }
--- a/cmd/atob/atob.c
+++ b/cmd/atob/atob.c
@@ -4,167 +4,171 @@
 
 #include "plgetopt.h"
 #include "secutil.h"
 #include "nssb64.h"
 #include <errno.h>
 
 #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
 #if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
 extern int fprintf(FILE *, char *, ...);
 #endif
 #endif
 
 #if defined(WIN32)
 #include "fcntl.h"
 #include "io.h"
 #endif
 
-static PRInt32 
-output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
+static PRInt32
+output_binary(void *arg, const unsigned char *obuf, PRInt32 size)
 {
     FILE *outFile = arg;
     int nb;
 
     nb = fwrite(obuf, 1, size, outFile);
     if (nb != size) {
-	PORT_SetError(SEC_ERROR_IO);
-	return -1;
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
     }
 
     return nb;
 }
 
 static PRBool
 isBase64Char(char c)
 {
-    return ((c >= 'A' && c <= 'Z')
-	    || (c >= 'a' && c <= 'z')
-	    || (c >= '0' && c <= '9')
-	    || c == '+'
-	    || c == '/'
-	    || c == '=');
+    return ((c >= 'A' && c <= 'Z') ||
+            (c >= 'a' && c <= 'z') ||
+            (c >= '0' && c <= '9') ||
+            c == '+' || c == '/' ||
+            c == '=');
 }
 
 static SECStatus
 decode_file(FILE *outFile, FILE *inFile)
 {
     NSSBase64Decoder *cx;
     SECStatus status = SECFailure;
     char ibuf[4096];
     const char *ptr;
 
     cx = NSSBase64Decoder_Create(output_binary, outFile);
     if (!cx) {
-	return -1;
+        return -1;
     }
 
     for (;;) {
-	if (feof(inFile)) break;
-	if (!fgets(ibuf, sizeof(ibuf), inFile)) {
-	    if (ferror(inFile)) {
-		PORT_SetError(SEC_ERROR_IO);
-		goto loser;
-	    }
-	    /* eof */
-	    break;
-	}
-	for (ptr = ibuf; *ptr; ++ptr) {
-	    char c = *ptr;
-	    if (c == '\n' || c == '\r') {
-		break; /* found end of line */
-	    }
-	    if (!isBase64Char(c)) {
-	      ptr = ibuf; /* ignore line */
-	      break;
-	    }
-	}
-	if (ibuf == ptr) {
-	    continue; /* skip empty or non-base64 line */
-	}
+        if (feof(inFile))
+            break;
+        if (!fgets(ibuf, sizeof(ibuf), inFile)) {
+            if (ferror(inFile)) {
+                PORT_SetError(SEC_ERROR_IO);
+                goto loser;
+            }
+            /* eof */
+            break;
+        }
+        for (ptr = ibuf; *ptr; ++ptr) {
+            char c = *ptr;
+            if (c == '\n' || c == '\r') {
+                break; /* found end of line */
+            }
+            if (!isBase64Char(c)) {
+                ptr = ibuf; /* ignore line */
+                break;
+            }
+        }
+        if (ibuf == ptr) {
+            continue; /* skip empty or non-base64 line */
+        }
 
-	status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf);
-	if (status != SECSuccess) goto loser;
+        status = NSSBase64Decoder_Update(cx, ibuf, ptr - ibuf);
+        if (status != SECSuccess)
+            goto loser;
     }
 
     return NSSBase64Decoder_Destroy(cx, PR_FALSE);
 
-  loser:
-    (void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
+loser:
+    (void)NSSBase64Decoder_Destroy(cx, PR_TRUE);
     return status;
 }
 
-static void Usage(char *progName)
+static void
+Usage(char *progName)
 {
     fprintf(stderr,
-	    "Usage: %s [-i input] [-o output]\n",
-	    progName);
+            "Usage: %s [-i input] [-o output]\n",
+            progName);
     fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
-	    "-i input");
+            "-i input");
     fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
-	    "-o output");
+            "-o output");
     exit(-1);
 }
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
     char *progName;
     SECStatus rv;
     FILE *inFile, *outFile;
     PLOptState *optstate;
     PLOptStatus status;
 
     inFile = 0;
     outFile = 0;
     progName = strrchr(argv[0], '/');
-    progName = progName ? progName+1 : argv[0];
+    progName = progName ? progName + 1 : argv[0];
 
     /* Parse command line arguments */
     optstate = PL_CreateOptState(argc, argv, "?hi:o:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-	switch (optstate->option) {
-	  case '?':
-	  case 'h':
-	    Usage(progName);
-	    break;
+        switch (optstate->option) {
+            case '?':
+            case 'h':
+                Usage(progName);
+                break;
 
-	  case 'i':
-	    inFile = fopen(optstate->value, "r");
-	    if (!inFile) {
-		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
-			progName, optstate->value);
-		return -1;
-	    }
-	    break;
+            case 'i':
+                inFile = fopen(optstate->value, "r");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
 
-	  case 'o':
-	    outFile = fopen(optstate->value, "wb");
-	    if (!outFile) {
-		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
-			progName, optstate->value);
-		return -1;
-	    }
-	    break;
-	}
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+        }
     }
-    if (!inFile) inFile = stdin;
+    if (!inFile)
+        inFile = stdin;
     if (!outFile) {
 #if defined(WIN32)
-	int smrv = _setmode(_fileno(stdout), _O_BINARY);
-	if (smrv == -1) {
-	    fprintf(stderr,
-	    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
-	            progName);
-	    return smrv;
-	}
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+                    progName);
+            return smrv;
+        }
 #endif
-    	outFile = stdout;
+        outFile = stdout;
     }
     rv = decode_file(outFile, inFile);
     if (rv != SECSuccess) {
-	fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
-		progName, PORT_GetError(), errno);
-	return -1;
+        fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+                progName, PORT_GetError(), errno);
+        return -1;
     }
     return 0;
 }
--- a/cmd/bltest/blapitest.c
+++ b/cmd/bltest/blapitest.c
@@ -18,342 +18,343 @@
 #include "softoken.h"
 #include "nspr.h"
 #include "secport.h"
 #include "secoid.h"
 #include "nssutil.h"
 
 #ifndef NSS_DISABLE_ECC
 #include "ecl-curve.h"
-SECStatus EC_DecodeParams(const SECItem *encodedParams, 
-	ECParams **ecparams);
+SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                          ECParams **ecparams);
 SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
-	      const ECParams *srcParams);
+                        const ECParams *srcParams);
 #endif
 
 char *progName;
 char *testdir = NULL;
 
 #define BLTEST_DEFAULT_CHUNKSIZE 4096
 
 #define WORDSIZE sizeof(unsigned long)
 
-#define CHECKERROR(rv, ln) \
-    if (rv) { \
-	PRErrorCode prerror = PR_GetError(); \
-	PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \
-	prerror, PORT_ErrorToString(prerror), ln); \
-	exit(-1); \
+#define CHECKERROR(rv, ln)                                               \
+    if (rv) {                                                            \
+        PRErrorCode prerror = PR_GetError();                             \
+        PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \
+                   prerror, PORT_ErrorToString(prerror), ln);            \
+        exit(-1);                                                        \
     }
 
 /* Macros for performance timing. */
 #define TIMESTART() \
     time1 = PR_IntervalNow();
 
-#define TIMEFINISH(time, reps) \
+#define TIMEFINISH(time, reps)                          \
     time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \
-    time1 = PR_IntervalToMilliseconds(time2); \
-    time = ((double)(time1))/reps;
-
-#define TIMEMARK(seconds) \
-    time1 = PR_SecondsToInterval(seconds); \
-    { \
-        PRInt64 tmp; \
-        if (time2 == 0) { \
-            time2 = 1; \
-        } \
-        LL_DIV(tmp, time1, time2); \
-        if (tmp < 10) { \
-            if (tmp == 0) { \
-                opsBetweenChecks = 1; \
-            } else { \
+    time1 = PR_IntervalToMilliseconds(time2);           \
+    time = ((double)(time1)) / reps;
+
+#define TIMEMARK(seconds)                      \
+    time1 = PR_SecondsToInterval(seconds);     \
+    {                                          \
+        PRInt64 tmp;                           \
+        if (time2 == 0) {                      \
+            time2 = 1;                         \
+        }                                      \
+        LL_DIV(tmp, time1, time2);             \
+        if (tmp < 10) {                        \
+            if (tmp == 0) {                    \
+                opsBetweenChecks = 1;          \
+            } else {                           \
                 LL_L2I(opsBetweenChecks, tmp); \
-            } \
-        } else { \
-            opsBetweenChecks = 10; \
-        } \
-    } \
-    time2 = time1; \
+            }                                  \
+        } else {                               \
+            opsBetweenChecks = 10;             \
+        }                                      \
+    }                                          \
+    time2 = time1;                             \
     time1 = PR_IntervalNow();
 
 #define TIMETOFINISH() \
     PR_IntervalNow() - time1 >= time2
 
-static void Usage()
+static void
+Usage()
 {
 #define PRINTUSAGE(subject, option, predicate) \
     fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "[-DEHSVR]", "List available cipher modes"); /* XXX */
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer");
-    PRINTUSAGE("",	"", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
-    PRINTUSAGE("",	"", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]");
-    PRINTUSAGE("",	"", "[-w wordsize] [-p repetitions | -5 time_interval]");
-    PRINTUSAGE("",	"", "[-4 th_num]");
-    PRINTUSAGE("",	"-m", "cipher mode to use");
-    PRINTUSAGE("",	"-i", "file which contains input buffer");
-    PRINTUSAGE("",	"-o", "file for output buffer");
-    PRINTUSAGE("",	"-k", "file which contains key");
-    PRINTUSAGE("",	"-v", "file which contains initialization vector");
-    PRINTUSAGE("",	"-b", "size of input buffer");
-    PRINTUSAGE("",	"-g", "key size (in bytes)");
-    PRINTUSAGE("",	"-p", "do performance test");
-    PRINTUSAGE("",	"-4", "run test in multithread mode. th_num number of parallel threads");
-    PRINTUSAGE("",	"-5", "run test for specified time interval(in seconds)");
-    PRINTUSAGE("",	"--aad", "File with contains additional auth data");
+    PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+    PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]");
+    PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]");
+    PRINTUSAGE("", "", "[-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for output buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-v", "file which contains initialization vector");
+    PRINTUSAGE("", "-b", "size of input buffer");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "--aad", "File with contains additional auth data");
     PRINTUSAGE("(rsa)", "-e", "rsa public exponent");
     PRINTUSAGE("(rc5)", "-r", "number of rounds");
     PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer");
-    PRINTUSAGE("",	"", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
-    PRINTUSAGE("",	"", "[-p repetitions | -5 time_interval] [-4 th_num]");
-    PRINTUSAGE("",	"-m", "cipher mode to use");
-    PRINTUSAGE("",	"-i", "file which contains input buffer");
-    PRINTUSAGE("",	"-o", "file for output buffer");
-    PRINTUSAGE("",	"-k", "file which contains key");
-    PRINTUSAGE("",	"-v", "file which contains initialization vector");
-    PRINTUSAGE("",	"-p", "do performance test");
-    PRINTUSAGE("",	"-4", "run test in multithread mode. th_num number of parallel threads");
-    PRINTUSAGE("",	"-5", "run test for specified time interval(in seconds)");
-    PRINTUSAGE("",	"--aad", "File with contains additional auth data");
+    PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for output buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-v", "file which contains initialization vector");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "--aad", "File with contains additional auth data");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-H -m mode", "Hash a buffer");
-    PRINTUSAGE("",	"", "[-i plaintext] [-o hash]");
-    PRINTUSAGE("",	"", "[-b bufsize]");
-    PRINTUSAGE("",	"", "[-p repetitions | -5 time_interval] [-4 th_num]");
-    PRINTUSAGE("",	"-m", "cipher mode to use");
-    PRINTUSAGE("",	"-i", "file which contains input buffer");
-    PRINTUSAGE("",	"-o", "file for hash");
-    PRINTUSAGE("",	"-b", "size of input buffer");
-    PRINTUSAGE("",	"-p", "do performance test");
-    PRINTUSAGE("",	"-4", "run test in multithread mode. th_num number of parallel threads");
-    PRINTUSAGE("",	"-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
+    PRINTUSAGE("", "", "[-b bufsize]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for hash");
+    PRINTUSAGE("", "-b", "size of input buffer");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
-    PRINTUSAGE("",	"", "[-i plaintext] [-o signature] [-k key]");
-    PRINTUSAGE("",	"", "[-b bufsize]");
+    PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
+    PRINTUSAGE("", "", "[-b bufsize]");
 #ifndef NSS_DISABLE_ECC
-    PRINTUSAGE("",	"", "[-n curvename]");
+    PRINTUSAGE("", "", "[-n curvename]");
 #endif
-    PRINTUSAGE("",	"", "[-p repetitions | -5 time_interval] [-4 th_num]");
-    PRINTUSAGE("",	"-m", "cipher mode to use");
-    PRINTUSAGE("",	"-i", "file which contains input buffer");
-    PRINTUSAGE("",	"-o", "file for signature");
-    PRINTUSAGE("",	"-k", "file which contains key");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for signature");
+    PRINTUSAGE("", "-k", "file which contains key");
 #ifndef NSS_DISABLE_ECC
-    PRINTUSAGE("",	"-n", "name of curve for EC key generation; one of:");
-    PRINTUSAGE("",  "",   "  sect163k1, nistk163, sect163r1, sect163r2,");
-    PRINTUSAGE("",  "",   "  nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
-    PRINTUSAGE("",  "",   "  sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
-    PRINTUSAGE("",  "",   "  sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
-    PRINTUSAGE("",  "",   "  nistb409, sect571k1, nistk571, sect571r1, nistb571,");
-    PRINTUSAGE("",  "",   "  secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
-    PRINTUSAGE("",  "",   "  nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
-    PRINTUSAGE("",  "",   "  secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
-    PRINTUSAGE("",  "",   "  nistp521, prime192v1, prime192v2, prime192v3,");
-    PRINTUSAGE("",  "",   "  prime239v1, prime239v2, prime239v3, c2pnb163v1,");
-    PRINTUSAGE("",  "",   "  c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
-    PRINTUSAGE("",  "",   "  c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
-    PRINTUSAGE("",  "",   "  c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
-    PRINTUSAGE("",  "",   "  c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
-    PRINTUSAGE("",  "",   "  c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
-    PRINTUSAGE("",  "",   "  secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
-    PRINTUSAGE("",  "",   "  sect131r1, sect131r2");
+    PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
+    PRINTUSAGE("", "", "  sect163k1, nistk163, sect163r1, sect163r2,");
+    PRINTUSAGE("", "", "  nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
+    PRINTUSAGE("", "", "  sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
+    PRINTUSAGE("", "", "  sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
+    PRINTUSAGE("", "", "  nistb409, sect571k1, nistk571, sect571r1, nistb571,");
+    PRINTUSAGE("", "", "  secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
+    PRINTUSAGE("", "", "  nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
+    PRINTUSAGE("", "", "  secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
+    PRINTUSAGE("", "", "  nistp521, prime192v1, prime192v2, prime192v3,");
+    PRINTUSAGE("", "", "  prime239v1, prime239v2, prime239v3, c2pnb163v1,");
+    PRINTUSAGE("", "", "  c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
+    PRINTUSAGE("", "", "  c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
+    PRINTUSAGE("", "", "  c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
+    PRINTUSAGE("", "", "  c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
+    PRINTUSAGE("", "", "  c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
+    PRINTUSAGE("", "", "  secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
+    PRINTUSAGE("", "", "  sect131r1, sect131r2");
 #endif
-    PRINTUSAGE("",	"-p", "do performance test");
-    PRINTUSAGE("",	"-4", "run test in multithread mode. th_num number of parallel threads");
-    PRINTUSAGE("",	"-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
-    PRINTUSAGE("",	"", "[-i plaintext] [-s signature] [-k key]");
-    PRINTUSAGE("",	"", "[-p repetitions | -5 time_interval] [-4 th_num]");
-    PRINTUSAGE("",	"-m", "cipher mode to use");
-    PRINTUSAGE("",	"-i", "file which contains input buffer");
-    PRINTUSAGE("",	"-s", "file which contains signature of input buffer");
-    PRINTUSAGE("",	"-k", "file which contains key");
-    PRINTUSAGE("",	"-p", "do performance test");
-    PRINTUSAGE("",	"-4", "run test in multithread mode. th_num number of parallel threads");
-    PRINTUSAGE("",	"-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-s", "file which contains signature of input buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
     fprintf(stderr, "\n");
-    PRINTUSAGE(progName, "-N -m mode -b bufsize", 
-                                            "Create a nonce plaintext and key");
-    PRINTUSAGE("",      "", "[-g keysize] [-u cxreps]");
-    PRINTUSAGE("",	"-g", "key size (in bytes)");
-    PRINTUSAGE("",      "-u", "number of repetitions of context creation");
+    PRINTUSAGE(progName, "-N -m mode -b bufsize",
+               "Create a nonce plaintext and key");
+    PRINTUSAGE("", "", "[-g keysize] [-u cxreps]");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-u", "number of repetitions of context creation");
     fprintf(stderr, "\n");
-    PRINTUSAGE(progName, "-R [-g keysize] [-e exp]", 
-                                            "Test the RSA populate key function");
-    PRINTUSAGE("",      "", "[-r repetitions]");
-    PRINTUSAGE("",	"-g", "key size (in bytes)");
-    PRINTUSAGE("", 	"-e", "rsa public exponent");
-    PRINTUSAGE("", 	"-r", "repetitions of the test");
+    PRINTUSAGE(progName, "-R [-g keysize] [-e exp]",
+               "Test the RSA populate key function");
+    PRINTUSAGE("", "", "[-r repetitions]");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-e", "rsa public exponent");
+    PRINTUSAGE("", "-r", "repetitions of the test");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-F", "Run the FIPS self-test");
     fprintf(stderr, "\n");
     PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test");
     fprintf(stderr, "\n");
     exit(1);
 }
 
 /*  Helper functions for ascii<-->binary conversion/reading/writing */
 
 /* XXX argh */
 struct item_with_arena {
-    SECItem	*item;
+    SECItem *item;
     PLArenaPool *arena;
 };
 
 static PRInt32
 get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
 {
     struct item_with_arena *it = arg;
     SECItem *binary = it->item;
     SECItem *tmp;
     int index;
     if (binary->data == NULL) {
-	tmp = SECITEM_AllocItem(it->arena, NULL, size);
-	binary->data = tmp->data;
-	binary->len = tmp->len;
-	index = 0;
+        tmp = SECITEM_AllocItem(it->arena, NULL, size);
+        binary->data = tmp->data;
+        binary->len = tmp->len;
+        index = 0;
     } else {
-	SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
-	index = binary->len;
+        SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
+        index = binary->len;
     }
     PORT_Memcpy(&binary->data[index], ibuf, size);
     return binary->len;
 }
 
 static SECStatus
 atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena)
 {
     SECStatus status;
     NSSBase64Decoder *cx;
     struct item_with_arena it;
     int len;
     binary->data = NULL;
     binary->len = 0;
     it.item = binary;
     it.arena = arena;
-    len = (strncmp((const char *)&ascii->data[ascii->len-2],"\r\n",2)) ?
-           ascii->len : ascii->len-2;
+    len = (strncmp((const char *)&ascii->data[ascii->len - 2], "\r\n", 2)) ? ascii->len
+                                                                           : ascii->len - 2;
     cx = NSSBase64Decoder_Create(get_binary, &it);
     status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len);
     status = NSSBase64Decoder_Destroy(cx, PR_FALSE);
     return status;
 }
 
 static PRInt32
 output_ascii(void *arg, const char *obuf, PRInt32 size)
 {
     PRFileDesc *outfile = arg;
     PRInt32 nb = PR_Write(outfile, obuf, size);
     if (nb != size) {
-	PORT_SetError(SEC_ERROR_IO);
-	return -1;
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
     }
     return nb;
 }
 
 static SECStatus
 btoa_file(SECItem *binary, PRFileDesc *outfile)
 {
     SECStatus status;
     NSSBase64Encoder *cx;
     if (binary->len == 0)
-	return SECSuccess;
+        return SECSuccess;
     cx = NSSBase64Encoder_Create(output_ascii, outfile);
     status = NSSBase64Encoder_Update(cx, binary->data, binary->len);
     status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
     status = PR_Write(outfile, "\r\n", 2);
     return status;
 }
 
 SECStatus
 hex_from_2char(unsigned char *c2, unsigned char *byteval)
 {
     int i;
     unsigned char offset;
     *byteval = 0;
-    for (i=0; i<2; i++) {
-	if (c2[i] >= '0' && c2[i] <= '9') {
-	    offset = c2[i] - '0';
-	    *byteval |= offset << 4*(1-i);
-	} else if (c2[i] >= 'a' && c2[i] <= 'f') {
-	    offset = c2[i] - 'a';
-	    *byteval |= (offset + 10) << 4*(1-i);
-	} else if (c2[i] >= 'A' && c2[i] <= 'F') {
-	    offset = c2[i] - 'A';
-	    *byteval |= (offset + 10) << 4*(1-i);
-	} else {
-	    return SECFailure;
-	}
+    for (i = 0; i < 2; i++) {
+        if (c2[i] >= '0' && c2[i] <= '9') {
+            offset = c2[i] - '0';
+            *byteval |= offset << 4 * (1 - i);
+        } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+            offset = c2[i] - 'a';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+            offset = c2[i] - 'A';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else {
+            return SECFailure;
+        }
     }
     return SECSuccess;
 }
 
 SECStatus
 char2_from_hex(unsigned char byteval, char *c2)
 {
     int i;
     unsigned char offset;
-    for (i=0; i<2; i++) {
-	offset = (byteval >> 4*(1-i)) & 0x0f;
-	if (offset < 10) {
-	    c2[i] = '0' + offset;
-	} else {
-	    c2[i] = 'A' + offset - 10;
-	}
+    for (i = 0; i < 2; i++) {
+        offset = (byteval >> 4 * (1 - i)) & 0x0f;
+        if (offset < 10) {
+            c2[i] = '0' + offset;
+        } else {
+            c2[i] = 'A' + offset - 10;
+        }
     }
     return SECSuccess;
 }
 
 void
 serialize_key(SECItem *it, int ni, PRFileDesc *file)
 {
     unsigned char len[4];
     int i;
     NSSBase64Encoder *cx;
     cx = NSSBase64Encoder_Create(output_ascii, file);
-    for (i=0; i<ni; i++, it++) {
-	len[0] = (it->len >> 24) & 0xff;
-	len[1] = (it->len >> 16) & 0xff;
-	len[2] = (it->len >>  8) & 0xff;
-	len[3] = (it->len	 & 0xff);
-	NSSBase64Encoder_Update(cx, len, 4);
-	NSSBase64Encoder_Update(cx, it->data, it->len);
+    for (i = 0; i < ni; i++, it++) {
+        len[0] = (it->len >> 24) & 0xff;
+        len[1] = (it->len >> 16) & 0xff;
+        len[2] = (it->len >> 8) & 0xff;
+        len[3] = (it->len & 0xff);
+        NSSBase64Encoder_Update(cx, len, 4);
+        NSSBase64Encoder_Update(cx, it->data, it->len);
     }
     NSSBase64Encoder_Destroy(cx, PR_FALSE);
     PR_Write(file, "\r\n", 2);
 }
 
 void
 key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
 {
     int fpos = 0;
     int i, len;
     unsigned char *buf = filedata->data;
-    for (i=0; i<ni; i++) {
-	len  = (buf[fpos++] & 0xff) << 24;
-	len |= (buf[fpos++] & 0xff) << 16;
-	len |= (buf[fpos++] & 0xff) <<  8;
-	len |= (buf[fpos++] & 0xff);
-	if (ns <= i) {
-	    if (len > 0) {
-		it->len = len;
-		it->data = PORT_ArenaAlloc(arena, it->len);
-		PORT_Memcpy(it->data, &buf[fpos], it->len);
-	    } else {
-		it->len = 0;
-		it->data = NULL;
-	    }
-	    it++;
-	}
-	fpos += len;
+    for (i = 0; i < ni; i++) {
+        len = (buf[fpos++] & 0xff) << 24;
+        len |= (buf[fpos++] & 0xff) << 16;
+        len |= (buf[fpos++] & 0xff) << 8;
+        len |= (buf[fpos++] & 0xff);
+        if (ns <= i) {
+            if (len > 0) {
+                it->len = len;
+                it->data = PORT_ArenaAlloc(arena, it->len);
+                PORT_Memcpy(it->data, &buf[fpos], it->len);
+            } else {
+                it->len = 0;
+                it->data = NULL;
+            }
+            it++;
+        }
+        fpos += len;
     }
 }
 
 static RSAPrivateKey *
 rsakey_from_filedata(SECItem *filedata)
 {
     RSAPrivateKey *key;
     PLArenaPool *arena;
@@ -415,130 +416,130 @@ eckey_from_filedata(SECItem *filedata)
     return key;
 }
 
 typedef struct curveNameTagPairStr {
     char *curveName;
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
-#define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP192R1
+#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
 /* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
 
 static CurveNameTagPair nameTagPair[] =
-{ 
-  { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
-  { "nistk163", SEC_OID_SECG_EC_SECT163K1},
-  { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
-  { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
-  { "nistb163", SEC_OID_SECG_EC_SECT163R2},
-  { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
-  { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
-  { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
-  { "nistk233", SEC_OID_SECG_EC_SECT233K1},
-  { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
-  { "nistb233", SEC_OID_SECG_EC_SECT233R1},
-  { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
-  { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
-  { "nistk283", SEC_OID_SECG_EC_SECT283K1},
-  { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
-  { "nistb283", SEC_OID_SECG_EC_SECT283R1},
-  { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
-  { "nistk409", SEC_OID_SECG_EC_SECT409K1},
-  { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
-  { "nistb409", SEC_OID_SECG_EC_SECT409R1},
-  { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
-  { "nistk571", SEC_OID_SECG_EC_SECT571K1},
-  { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
-  { "nistb571", SEC_OID_SECG_EC_SECT571R1},
-  { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
-  { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
-  { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
-  { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
-  { "secp192r1", SEC_OID_SECG_EC_SECP192R1},
-  { "nistp192", SEC_OID_SECG_EC_SECP192R1},
-  { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
-  { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
-  { "nistp224", SEC_OID_SECG_EC_SECP224R1},
-  { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
-  { "secp256r1", SEC_OID_SECG_EC_SECP256R1},
-  { "nistp256", SEC_OID_SECG_EC_SECP256R1},
-  { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
-  { "nistp384", SEC_OID_SECG_EC_SECP384R1},
-  { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
-  { "nistp521", SEC_OID_SECG_EC_SECP521R1},
-
-  { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
-  { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
-  { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
-  { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
-  { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
-  { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
-
-  { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
-  { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
-  { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
-  { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
-  { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
-  { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
-  { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
-  { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
-  { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
-  { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
-  { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
-  { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
-  { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
-  { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
-  { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
-  { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
-  { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
-  { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
-  { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
-  { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
-
-  { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
-  { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
-  { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
-  { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
-
-  { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
-  { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
-  { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
-  { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
-};
-
-static SECItem * 
+    {
+      { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+      { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+      { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+      { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+      { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+      { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+      { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+      { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+      { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+      { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+      { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+      { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+      { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+      { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+      { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+      { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+      { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+      { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+      { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+      { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+      { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+      { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+      { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+      { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+      { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+      { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+      { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+      { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+      { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+      { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+      { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+      { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+      { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+      { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+      { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+      { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+      { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+      { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+      { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+      { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+      { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+      { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+      { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+      { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+      { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+      { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+      { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+      { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+      { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+      { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+      { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+      { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+      { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+      { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+      { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+      { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+      { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+      { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+      { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+      { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+      { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+      { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+      { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+      { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+      { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+      { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+      { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+      { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+      { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+      { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+      { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+      { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+      { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+      { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+    };
+
+static SECItem *
 getECParams(const char *curve)
 {
     SECItem *ecparams;
     SECOidData *oidData = NULL;
     SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
     int i, numCurves;
 
     if (curve != NULL) {
-        numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
-	for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); 
-	     i++) {
-	    if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
-	        curveOidTag = nameTagPair[i].curveOidTag;
-	}
+        numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
     }
 
     /* Return NULL if curve name is not recognized */
-    if ((curveOidTag == SEC_OID_UNKNOWN) || 
-	(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+    if ((curveOidTag == SEC_OID_UNKNOWN) ||
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
         fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
-	return NULL;
+        return NULL;
     }
 
     ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
 
-    /* 
+    /*
      * ecparams->data needs to contain the ASN encoding of an object ID (OID)
-     * representing the named curve. The actual OID is in 
+     * representing the named curve. The actual OID is in
      * oidData->oid.data so we simply prepend 0x06 and OID length
      */
     ecparams->data[0] = SEC_ASN1_OBJECT_ID;
     ecparams->data[1] = oidData->oid.len;
     memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
 
     return ecparams;
 }
@@ -587,138 +588,138 @@ dump_rsakey(RSAPrivateKey *key)
     SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0);
     SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0);
     SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0);
     SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0);
     SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0);
 }
 
 typedef enum {
-    bltestBase64Encoded,       /* Base64 encoded ASCII */
-    bltestBinary,	       /* straight binary */
-    bltestHexSpaceDelim,       /* 0x12 0x34 0xab 0xCD ... */
-    bltestHexStream 	       /* 1234abCD ... */
+    bltestBase64Encoded, /* Base64 encoded ASCII */
+    bltestBinary,        /* straight binary */
+    bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */
+    bltestHexStream      /* 1234abCD ... */
 } bltestIOMode;
 
 typedef struct
 {
-    SECItem	   buf;
-    SECItem	   pBuf;
-    bltestIOMode   mode;
-    PRFileDesc*	   file;
+    SECItem buf;
+    SECItem pBuf;
+    bltestIOMode mode;
+    PRFileDesc *file;
 } bltestIO;
 
-typedef SECStatus (* bltestSymmCipherFn)(void *cx,
-					 unsigned char *output,
-					 unsigned int *outputLen,
-					 unsigned int maxOutputLen,
-					 const unsigned char *input,
-					 unsigned int inputLen);
-
-typedef SECStatus (* bltestAEADFn)(void *cx,
-                                   unsigned char *output,
-                                   unsigned int *outputLen,
-                                   unsigned int maxOutputLen,
-                                   const unsigned char *input,
-                                   unsigned int inputLen,
-                                   const unsigned char *nonce,
-                                   unsigned int nonceLen,
-                                   const unsigned char *ad,
-                                   unsigned int adLen);
-
-typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
-					   SECItem *output,
-					   const SECItem *input);
-
-typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
-					 const unsigned char *src,
-					 PRUint32 src_length);
+typedef SECStatus (*bltestSymmCipherFn)(void *cx,
+                                        unsigned char *output,
+                                        unsigned int *outputLen,
+                                        unsigned int maxOutputLen,
+                                        const unsigned char *input,
+                                        unsigned int inputLen);
+
+typedef SECStatus (*bltestAEADFn)(void *cx,
+                                  unsigned char *output,
+                                  unsigned int *outputLen,
+                                  unsigned int maxOutputLen,
+                                  const unsigned char *input,
+                                  unsigned int inputLen,
+                                  const unsigned char *nonce,
+                                  unsigned int nonceLen,
+                                  const unsigned char *ad,
+                                  unsigned int adLen);
+
+typedef SECStatus (*bltestPubKeyCipherFn)(void *key,
+                                          SECItem *output,
+                                          const SECItem *input);
+
+typedef SECStatus (*bltestHashCipherFn)(unsigned char *dest,
+                                        const unsigned char *src,
+                                        PRUint32 src_length);
 
 /* Note: Algorithms are grouped in order to support is_symmkeyCipher /
  * is_pubkeyCipher / is_hashCipher / is_sigCipher
  */
 typedef enum {
     bltestINVALID = -1,
-    bltestDES_ECB,	  /* Symmetric Key Ciphers */
-    bltestDES_CBC,	  /* .			   */
-    bltestDES_EDE_ECB,	  /* .			   */
-    bltestDES_EDE_CBC,	  /* .			   */
-    bltestRC2_ECB,	  /* .			   */
-    bltestRC2_CBC,	  /* .			   */
-    bltestRC4,		  /* .			   */
+    bltestDES_ECB,     /* Symmetric Key Ciphers */
+    bltestDES_CBC,     /* .            */
+    bltestDES_EDE_ECB, /* .            */
+    bltestDES_EDE_CBC, /* .            */
+    bltestRC2_ECB,     /* .            */
+    bltestRC2_CBC,     /* .            */
+    bltestRC4,         /* .            */
 #ifdef NSS_SOFTOKEN_DOES_RC5
-    bltestRC5_ECB,	  /* .			   */
-    bltestRC5_CBC,	  /* .			   */
+    bltestRC5_ECB, /* .            */
+    bltestRC5_CBC, /* .            */
 #endif
-    bltestAES_ECB,        /* .                     */
-    bltestAES_CBC,        /* .                     */
-    bltestAES_CTS,        /* .                     */
-    bltestAES_CTR,        /* .                     */
-    bltestAES_GCM,        /* .                     */
-    bltestCAMELLIA_ECB,   /* .                     */
-    bltestCAMELLIA_CBC,   /* .                     */
-    bltestSEED_ECB,       /* SEED algorithm	   */
-    bltestSEED_CBC,       /* SEED algorithm	   */
-    bltestCHACHA20,       /* ChaCha20 + Poly1305   */
-    bltestRSA,            /* Public Key Ciphers    */
-    bltestRSA_OAEP,       /* . (Public Key Enc.)   */
-    bltestRSA_PSS,        /* . (Public Key Sig.)   */
+    bltestAES_ECB,      /* .                     */
+    bltestAES_CBC,      /* .                     */
+    bltestAES_CTS,      /* .                     */
+    bltestAES_CTR,      /* .                     */
+    bltestAES_GCM,      /* .                     */
+    bltestCAMELLIA_ECB, /* .                     */
+    bltestCAMELLIA_CBC, /* .                     */
+    bltestSEED_ECB,     /* SEED algorithm      */
+    bltestSEED_CBC,     /* SEED algorithm      */
+    bltestCHACHA20,     /* ChaCha20 + Poly1305   */
+    bltestRSA,          /* Public Key Ciphers    */
+    bltestRSA_OAEP,     /* . (Public Key Enc.)   */
+    bltestRSA_PSS,      /* . (Public Key Sig.)   */
 #ifndef NSS_DISABLE_ECC
-    bltestECDSA,          /* . (Public Key Sig.)   */
+    bltestECDSA, /* . (Public Key Sig.)   */
 #endif
-    bltestDSA,            /* . (Public Key Sig.)   */
-    bltestMD2,		  /* Hash algorithms	   */
-    bltestMD5,		  /* .			   */
-    bltestSHA1,           /* .			   */
-    bltestSHA224,         /* .			   */
-    bltestSHA256,         /* .			   */
-    bltestSHA384,         /* .			   */
-    bltestSHA512,         /* .			   */
+    bltestDSA,    /* . (Public Key Sig.)   */
+    bltestMD2,    /* Hash algorithms       */
+    bltestMD5,    /* .             */
+    bltestSHA1,   /* .             */
+    bltestSHA224, /* .             */
+    bltestSHA256, /* .             */
+    bltestSHA384, /* .             */
+    bltestSHA512, /* .             */
     NUMMODES
 } bltestCipherMode;
 
 static char *mode_strings[] =
-{
-    "des_ecb",
-    "des_cbc",
-    "des3_ecb",
-    "des3_cbc",
-    "rc2_ecb",
-    "rc2_cbc",
-    "rc4",
+    {
+      "des_ecb",
+      "des_cbc",
+      "des3_ecb",
+      "des3_cbc",
+      "rc2_ecb",
+      "rc2_cbc",
+      "rc4",
 #ifdef NSS_SOFTOKEN_DOES_RC5
-    "rc5_ecb",
-    "rc5_cbc",
+      "rc5_ecb",
+      "rc5_cbc",
 #endif
-    "aes_ecb",
-    "aes_cbc",
-    "aes_cts",
-    "aes_ctr",
-    "aes_gcm",
-    "camellia_ecb",
-    "camellia_cbc",
-    "seed_ecb",
-    "seed_cbc",
-    "chacha20_poly1305",
-    "rsa",
-    "rsa_oaep",
-    "rsa_pss",
+      "aes_ecb",
+      "aes_cbc",
+      "aes_cts",
+      "aes_ctr",
+      "aes_gcm",
+      "camellia_ecb",
+      "camellia_cbc",
+      "seed_ecb",
+      "seed_cbc",
+      "chacha20_poly1305",
+      "rsa",
+      "rsa_oaep",
+      "rsa_pss",
 #ifndef NSS_DISABLE_ECC
-    "ecdsa",
+      "ecdsa",
 #endif
-    /*"pqg",*/
-    "dsa",
-    "md2",
-    "md5",
-    "sha1",
-    "sha224",
-    "sha256",
-    "sha384",
-    "sha512",
-};
+      /*"pqg",*/
+      "dsa",
+      "md2",
+      "md5",
+      "sha1",
+      "sha224",
+      "sha256",
+      "sha384",
+      "sha512",
+    };
 
 typedef struct
 {
     bltestIO key;
     bltestIO iv;
 } bltestSymmKeyParams;
 
 typedef struct
@@ -726,377 +727,381 @@ typedef struct
     bltestSymmKeyParams sk; /* must be first */
     bltestIO aad;
 } bltestAuthSymmKeyParams;
 
 typedef struct
 {
     bltestIO key;
     bltestIO iv;
-    int	     rounds;
-    int	     wordsize;
+    int rounds;
+    int wordsize;
 } bltestRC5Params;
 
 typedef struct
 {
     bltestIO key;
     int keysizeInBits;
 
     /* OAEP & PSS */
     HASH_HashType hashAlg;
     HASH_HashType maskHashAlg;
-    bltestIO      seed; /* salt if PSS */
+    bltestIO seed; /* salt if PSS */
 } bltestRSAParams;
 
 typedef struct
 {
-    bltestIO   pqgdata;
+    bltestIO pqgdata;
     unsigned int keysize;
-    bltestIO   keyseed;
-    bltestIO   sigseed;
+    bltestIO keyseed;
+    bltestIO sigseed;
     PQGParams *pqg;
 } bltestDSAParams;
 
 #ifndef NSS_DISABLE_ECC
 typedef struct
 {
-    char      *curveName;
-    bltestIO   sigseed;
+    char *curveName;
+    bltestIO sigseed;
 } bltestECDSAParams;
 #endif
 
 typedef struct
 {
     bltestIO key;
-    void *   privKey;
-    void *   pubKey;
+    void *privKey;
+    void *pubKey;
     bltestIO sig; /* if doing verify, the signature (which may come
                    * from sigfile. */
 
     union {
         bltestRSAParams rsa;
         bltestDSAParams dsa;
 #ifndef NSS_DISABLE_ECC
         bltestECDSAParams ecdsa;
 #endif
     } cipherParams;
 } bltestAsymKeyParams;
 
 typedef struct
 {
-    bltestIO   key; /* unused */
-    PRBool     restart;
+    bltestIO key; /* unused */
+    PRBool restart;
 } bltestHashParams;
 
-typedef union
-{
-    bltestIO		key;
+typedef union {
+    bltestIO key;
     bltestSymmKeyParams sk;
     bltestAuthSymmKeyParams ask;
-    bltestRC5Params	rc5;
-    bltestAsymKeyParams	asymk;
-    bltestHashParams	hash;
+    bltestRC5Params rc5;
+    bltestAsymKeyParams asymk;
+    bltestHashParams hash;
 } bltestParams;
 
 typedef struct bltestCipherInfoStr bltestCipherInfo;
 
-struct  bltestCipherInfoStr {
+struct bltestCipherInfoStr {
     PLArenaPool *arena;
     /* link to next in multithreaded test */
     bltestCipherInfo *next;
-    PRThread         *cipherThread;
+    PRThread *cipherThread;
 
     /* MonteCarlo test flag*/
     PRBool mCarlo;
     /* cipher context */
     void *cx;
     /* I/O streams */
     bltestIO input;
     bltestIO output;
     /* Cipher-specific parameters */
     bltestParams params;
     /* Cipher mode */
-    bltestCipherMode  mode;
+    bltestCipherMode mode;
     /* Cipher function (encrypt/decrypt/sign/verify/hash) */
     union {
-	bltestSymmCipherFn   symmkeyCipher;
-	bltestAEADFn         aeadCipher;
-	bltestPubKeyCipherFn pubkeyCipher;
-	bltestHashCipherFn   hashCipher;
+        bltestSymmCipherFn symmkeyCipher;
+        bltestAEADFn aeadCipher;
+        bltestPubKeyCipherFn pubkeyCipher;
+        bltestHashCipherFn hashCipher;
     } cipher;
     /* performance testing */
-    int   repetitionsToPerfom;
-    int   seconds;
-    int	  repetitions;
-    int   cxreps;
+    int repetitionsToPerfom;
+    int seconds;
+    int repetitions;
+    int cxreps;
     double cxtime;
     double optime;
 };
 
 PRBool
 is_symmkeyCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
-	return PR_TRUE;
+        return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_aeadCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     switch (mode) {
-	case bltestCHACHA20:
-	    return PR_TRUE;
-	default:
-	    return PR_FALSE;
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
     }
 }
 
 PRBool
 is_authCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     switch (mode) {
-	case bltestAES_GCM:
-	case bltestCHACHA20:
-	    return PR_TRUE;
-	default:
-	    return PR_FALSE;
+        case bltestAES_GCM:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
     }
 }
 
-
 PRBool
 is_singleShotCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     switch (mode) {
-	case bltestAES_GCM:
-	case bltestAES_CTS:
-	case bltestCHACHA20:
-	    return PR_TRUE;
-	default:
-	    return PR_FALSE;
+        case bltestAES_GCM:
+        case bltestAES_CTS:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
     }
 }
 
 PRBool
 is_pubkeyCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode >= bltestRSA && mode <= bltestDSA)
-	return PR_TRUE;
+        return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_hashCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode >= bltestMD2 && mode <= bltestSHA512)
-	return PR_TRUE;
+        return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_sigCipher(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode >= bltestRSA_PSS && mode <= bltestDSA)
-       return PR_TRUE;
+        return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 cipher_requires_IV(bltestCipherMode mode)
 {
     /* change as needed! */
     switch (mode) {
-	case bltestDES_CBC:
-	case bltestDES_EDE_CBC:
-	case bltestRC2_CBC:
+        case bltestDES_CBC:
+        case bltestDES_EDE_CBC:
+        case bltestRC2_CBC:
 #ifdef NSS_SOFTOKEN_DOES_RC5
-	case bltestRC5_CBC:
+        case bltestRC5_CBC:
 #endif
-	case bltestAES_CBC:
-	case bltestAES_CTS:
-	case bltestAES_CTR:
-	case bltestAES_GCM:
-	case bltestCAMELLIA_CBC:
-	case bltestSEED_CBC:
-	case bltestCHACHA20:
-	    return PR_TRUE;
-	default:
-	    return PR_FALSE;
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_CBC:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
     }
 }
 
 SECStatus finishIO(bltestIO *output, PRFileDesc *file);
 
 SECStatus
 setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
-	char *str, int numBytes)
+        char *str, int numBytes)
 {
     SECStatus rv = SECSuccess;
     SECItem fileData;
     SECItem *in;
     unsigned char *tok;
     unsigned int i, j;
 
     if (file && (numBytes == 0 || file == PR_STDIN)) {
-	/* grabbing data from a file */
-	rv = SECU_FileToItem(&fileData, file);
-	if (rv != SECSuccess)
-	    return SECFailure;
-	in = &fileData;
+        /* grabbing data from a file */
+        rv = SECU_FileToItem(&fileData, file);
+        if (rv != SECSuccess)
+            return SECFailure;
+        in = &fileData;
     } else if (str) {
-	/* grabbing data from command line */
-	fileData.data = (unsigned char *)str;
-	fileData.len = PL_strlen(str);
-	in = &fileData;
+        /* grabbing data from command line */
+        fileData.data = (unsigned char *)str;
+        fileData.len = PL_strlen(str);
+        in = &fileData;
     } else if (file) {
-	/* create nonce */
-	SECITEM_AllocItem(arena, &input->buf, numBytes);
-	RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes);
-	return finishIO(input, file);
+        /* create nonce */
+        SECITEM_AllocItem(arena, &input->buf, numBytes);
+        RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes);
+        return finishIO(input, file);
     } else {
-	return SECFailure;
+        return SECFailure;
     }
 
     switch (input->mode) {
-    case bltestBase64Encoded:
-	if (in->len == 0) {
-	    input->buf.data = NULL;
-	    input->buf.len = 0;
-	    break;
-	}
-	rv = atob(in, &input->buf, arena);
-	break;
-    case bltestBinary:
-	if (in->len == 0) {
-	    input->buf.data = NULL;
-	    input->buf.len = 0;
-	    break;
-	}
-	if (in->data[in->len-1] == '\n') --in->len;
-	if (in->data[in->len-1] == '\r') --in->len;
-	SECITEM_CopyItem(arena, &input->buf, in);
-	break;
-    case bltestHexSpaceDelim:
-	SECITEM_AllocItem(arena, &input->buf, in->len/5);
-	for (i=0, j=0; i<in->len; i+=5, j++) {
-	    tok = &in->data[i];
-	    if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ')
-		/* bad hex token */
-		break;
-
-	    rv = hex_from_2char(&tok[2], input->buf.data + j);
-	    if (rv)
-		break;
-	}
-	break;
-    case bltestHexStream:
-	SECITEM_AllocItem(arena, &input->buf, in->len/2);
-	for (i=0, j=0; i<in->len; i+=2, j++) {
-	    tok = &in->data[i];
-	    rv = hex_from_2char(tok, input->buf.data + j);
-	    if (rv)
-		break;
-	}
-	break;
+        case bltestBase64Encoded:
+            if (in->len == 0) {
+                input->buf.data = NULL;
+                input->buf.len = 0;
+                break;
+            }
+            rv = atob(in, &input->buf, arena);
+            break;
+        case bltestBinary:
+            if (in->len == 0) {
+                input->buf.data = NULL;
+                input->buf.len = 0;
+                break;
+            }
+            if (in->data[in->len - 1] == '\n')
+                --in->len;
+            if (in->data[in->len - 1] == '\r')
+                --in->len;
+            SECITEM_CopyItem(arena, &input->buf, in);
+            break;
+        case bltestHexSpaceDelim:
+            SECITEM_AllocItem(arena, &input->buf, in->len / 5);
+            for (i = 0, j = 0; i <
+                               in->len;
+                 i += 5, j++) {
+                tok = &in->data[i];
+                if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ')
+                    /* bad hex token */
+                    break;
+
+                rv = hex_from_2char(&tok[2], input->buf.data + j);
+                if (rv)
+                    break;
+            }
+            break;
+        case bltestHexStream:
+            SECITEM_AllocItem(arena, &input->buf, in->len / 2);
+            for (i = 0, j = 0; i <
+                               in->len;
+                 i += 2, j++) {
+                tok = &in->data[i];
+                rv = hex_from_2char(tok, input->buf.data + j);
+                if (rv)
+                    break;
+            }
+            break;
     }
 
     if (file)
-	SECITEM_FreeItem(&fileData, PR_FALSE);
+        SECITEM_FreeItem(&fileData, PR_FALSE);
     return rv;
 }
 
 SECStatus
 finishIO(bltestIO *output, PRFileDesc *file)
 {
     SECStatus rv = SECSuccess;
     PRInt32 nb;
     unsigned char byteval;
     SECItem *it;
     char hexstr[5];
     unsigned int i;
     if (output->pBuf.len > 0) {
-	it = &output->pBuf;
+        it = &output->pBuf;
     } else {
-	it = &output->buf;
+        it = &output->buf;
     }
     switch (output->mode) {
-    case bltestBase64Encoded:
-	rv = btoa_file(it, file);
-	break;
-    case bltestBinary:
-	nb = PR_Write(file, it->data, it->len);
-	rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure;
-	break;
-    case bltestHexSpaceDelim:
-	hexstr[0] = '0';
-	hexstr[1] = 'x';
-	hexstr[4] = ' ';
-	for (i=0; i<it->len; i++) {
-	    byteval = it->data[i];
-	    rv = char2_from_hex(byteval, hexstr + 2);
-	    nb = PR_Write(file, hexstr, 5);
-	    if (rv)
-		break;
-	}
-	PR_Write(file, "\n", 1);
-	break;
-    case bltestHexStream:
-	for (i=0; i<it->len; i++) {
-	    byteval = it->data[i];
-	    rv = char2_from_hex(byteval, hexstr);
-	    if (rv)
-		break;
-	    nb = PR_Write(file, hexstr, 2);
-	}
-	PR_Write(file, "\n", 1);
-	break;
+        case bltestBase64Encoded:
+            rv = btoa_file(it, file);
+            break;
+        case bltestBinary:
+            nb = PR_Write(file, it->data, it->len);
+            rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure;
+            break;
+        case bltestHexSpaceDelim:
+            hexstr[0] = '0';
+            hexstr[1] = 'x';
+            hexstr[4] = ' ';
+            for (i = 0; i < it->len; i++) {
+                byteval = it->data[i];
+                rv = char2_from_hex(byteval, hexstr + 2);
+                nb = PR_Write(file, hexstr, 5);
+                if (rv)
+                    break;
+            }
+            PR_Write(file, "\n", 1);
+            break;
+        case bltestHexStream:
+            for (i = 0; i < it->len; i++) {
+                byteval = it->data[i];
+                rv = char2_from_hex(byteval, hexstr);
+                if (rv)
+                    break;
+                nb = PR_Write(file, hexstr, 2);
+            }
+            PR_Write(file, "\n", 1);
+            break;
     }
     return rv;
 }
 
 void
 bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src)
 {
     SECITEM_CopyItem(arena, &dest->buf, &src->buf);
     if (src->pBuf.len > 0) {
-	dest->pBuf.len = src->pBuf.len;
-	dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
+        dest->pBuf.len = src->pBuf.len;
+        dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
     }
     dest->mode = src->mode;
     dest->file = src->file;
 }
 
 void
 misalignBuffer(PLArenaPool *arena, bltestIO *io, int off)
 {
     ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE;
     int length = io->buf.len;
     if (offset != off) {
-	SECITEM_ReallocItemV2(arena, &io->buf, length + 2*WORDSIZE);
-	/* offset may have changed? */
-	offset = (ptrdiff_t)io->buf.data % WORDSIZE;
-	if (offset != off) {
-	    memmove(io->buf.data + off, io->buf.data, length);
-	    io->pBuf.data = io->buf.data + off;
-	    io->pBuf.len = length;
-	} else {
-	    io->pBuf.data = io->buf.data;
-	    io->pBuf.len = length;
-	}
+        SECITEM_ReallocItemV2(arena, &io->buf, length + 2 * WORDSIZE);
+        /* offset may have changed? */
+        offset = (ptrdiff_t)io->buf.data % WORDSIZE;
+        if (offset != off) {
+            memmove(io->buf.data + off, io->buf.data, length);
+            io->pBuf.data = io->buf.data + off;
+            io->pBuf.len = length;
+        } else {
+            io->pBuf.data = io->buf.data;
+            io->pBuf.len = length;
+        }
     } else {
-	io->pBuf.data = io->buf.data;
-	io->pBuf.len = length;
+        io->pBuf.data = io->buf.data;
+        io->pBuf.len = length;
     }
 }
 
 SECStatus
 des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
             unsigned int maxOutputLen, const unsigned char *input,
             unsigned int inputLen)
 {
@@ -1164,98 +1169,98 @@ aes_Decrypt(void *cx, unsigned char *out
             unsigned int inputLen)
 {
     return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen,
                        input, inputLen);
 }
 
 SECStatus
 chacha20_poly1305_Encrypt(void *cx, unsigned char *output,
-                         unsigned int *outputLen, unsigned int maxOutputLen,
-                         const unsigned char *input, unsigned int inputLen,
-                         const unsigned char *nonce, unsigned int nonceLen,
-                         const unsigned char *ad, unsigned int adLen)
+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen,
+                          const unsigned char *nonce, unsigned int nonceLen,
+                          const unsigned char *ad, unsigned int adLen)
 {
     return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output,
                                  outputLen, maxOutputLen, input, inputLen,
                                  nonce, nonceLen, ad, adLen);
 }
 
 SECStatus
 chacha20_poly1305_Decrypt(void *cx, unsigned char *output,
-                         unsigned int *outputLen, unsigned int maxOutputLen,
-                         const unsigned char *input, unsigned int inputLen,
-                         const unsigned char *nonce, unsigned int nonceLen,
-                         const unsigned char *ad, unsigned int adLen)
+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen,
+                          const unsigned char *nonce, unsigned int nonceLen,
+                          const unsigned char *ad, unsigned int adLen)
 {
     return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output,
                                  outputLen, maxOutputLen, input, inputLen,
                                  nonce, nonceLen, ad, adLen);
 }
 
 SECStatus
 camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
-		 unsigned int maxOutputLen, const unsigned char *input,
-		 unsigned int inputLen)
+                 unsigned int maxOutputLen, const unsigned char *input,
+                 unsigned int inputLen)
 {
     return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen,
-			    maxOutputLen,
-			    input, inputLen);
+                            maxOutputLen,
+                            input, inputLen);
 }
 
 SECStatus
 camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
-		 unsigned int maxOutputLen, const unsigned char *input,
-		 unsigned int inputLen)
+                 unsigned int maxOutputLen, const unsigned char *input,
+                 unsigned int inputLen)
 {
     return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
-			    maxOutputLen,
-			    input, inputLen);
+                            maxOutputLen,
+                            input, inputLen);
 }
 
 SECStatus
 seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
-            unsigned int maxOutputLen, const unsigned char *input,
-            unsigned int inputLen)
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
 {
     return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
-                       input, inputLen);
+                        input, inputLen);
 }
 
 SECStatus
 seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
-            unsigned int maxOutputLen, const unsigned char *input,
-            unsigned int inputLen)
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
 {
     return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
-                       input, inputLen);
+                        input, inputLen);
 }
 
 SECStatus
 rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
     SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
     if (rv == SECSuccess) {
         output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
-                                                pubKey->modulus.len - 1;
+                                              pubKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
     SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
     if (rv == SECSuccess) {
         output->len = privKey->modulus.data[0] ? privKey->modulus.len :
-                                                 privKey->modulus.len - 1;
+                                               privKey->modulus.len - 1;
     }
     return rv;
 }
 
 SECStatus
 rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
@@ -1331,20 +1336,20 @@ dsa_verifyDigest(void *cx, SECItem *outp
 
 #ifndef NSS_DISABLE_ECC
 SECStatus
 ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     if (params->cipherParams.ecdsa.sigseed.buf.len > 0) {
         return ECDSA_SignDigestWithSeed(
-                        (ECPrivateKey *)params->privKey,
-                        output, input,
-                        params->cipherParams.ecdsa.sigseed.buf.data,
-                        params->cipherParams.ecdsa.sigseed.buf.len);
+            (ECPrivateKey *)params->privKey,
+            output, input,
+            params->cipherParams.ecdsa.sigseed.buf.data,
+            params->cipherParams.ecdsa.sigseed.buf.len);
     }
     return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input);
 }
 
 SECStatus
 ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
@@ -1355,308 +1360,338 @@ ecdsa_verifyDigest(void *cx, SECItem *ou
 SECStatus
 bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *desp = &cipherInfo->params.sk;
     int minorMode;
     int i;
     switch (cipherInfo->mode) {
-    case bltestDES_ECB:	    minorMode = NSS_DES;	  break;
-    case bltestDES_CBC:	    minorMode = NSS_DES_CBC;	  break;
-    case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3;	  break;
-    case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break;
-    default:
-	return SECFailure;
+        case bltestDES_ECB:
+            minorMode = NSS_DES;
+            break;
+        case bltestDES_CBC:
+            minorMode = NSS_DES_CBC;
+            break;
+        case bltestDES_EDE_ECB:
+            minorMode = NSS_DES_EDE3;
+            break;
+        case bltestDES_EDE_CBC:
+            minorMode = NSS_DES_EDE3_CBC;
+            break;
+        default:
+            return SECFailure;
     }
-    cipherInfo->cx = (void*)DES_CreateContext(desp->key.buf.data,
-					      desp->iv.buf.data,
-					      minorMode, encrypt);
+    cipherInfo->cx = (void *)DES_CreateContext(desp->key.buf.data,
+                                               desp->iv.buf.data,
+                                               minorMode, encrypt);
     if (cipherInfo->cxreps > 0) {
-	DESContext **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)DES_CreateContext(desp->key.buf.data,
-					          desp->iv.buf.data,
-					          minorMode, encrypt);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    DES_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        DESContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)DES_CreateContext(desp->key.buf.data,
+                                                   desp->iv.buf.data,
+                                                   minorMode, encrypt);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            DES_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = des_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = des_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = des_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = des_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *rc2p = &cipherInfo->params.sk;
     int minorMode;
     int i;
     switch (cipherInfo->mode) {
-    case bltestRC2_ECB: minorMode = NSS_RC2;	 break;
-    case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break;
-    default:
-	return SECFailure;
+        case bltestRC2_ECB:
+            minorMode = NSS_RC2;
+            break;
+        case bltestRC2_CBC:
+            minorMode = NSS_RC2_CBC;
+            break;
+        default:
+            return SECFailure;
     }
-    cipherInfo->cx = (void*)RC2_CreateContext(rc2p->key.buf.data,
-					      rc2p->key.buf.len,
-					      rc2p->iv.buf.data,
-					      minorMode,
-					      rc2p->key.buf.len);
+    cipherInfo->cx = (void *)RC2_CreateContext(rc2p->key.buf.data,
+                                               rc2p->key.buf.len,
+                                               rc2p->iv.buf.data,
+                                               minorMode,
+                                               rc2p->key.buf.len);
     if (cipherInfo->cxreps > 0) {
-	RC2Context **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)RC2_CreateContext(rc2p->key.buf.data,
-	                                          rc2p->key.buf.len,
-	                                          rc2p->iv.buf.data,
-	                                          minorMode,
-	                                          rc2p->key.buf.len);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    RC2_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        RC2Context **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)RC2_CreateContext(rc2p->key.buf.data,
+                                                   rc2p->key.buf.len,
+                                                   rc2p->iv.buf.data,
+                                                   minorMode,
+                                                   rc2p->key.buf.len);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            RC2_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = rc2_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = rc2_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     int i;
     bltestSymmKeyParams *rc4p = &cipherInfo->params.sk;
-    cipherInfo->cx = (void*)RC4_CreateContext(rc4p->key.buf.data,
-					      rc4p->key.buf.len);
+    cipherInfo->cx = (void *)RC4_CreateContext(rc4p->key.buf.data,
+                                               rc4p->key.buf.len);
     if (cipherInfo->cxreps > 0) {
-	RC4Context **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)RC4_CreateContext(rc4p->key.buf.data,
-	                                          rc4p->key.buf.len);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    RC4_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        RC4Context **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)RC4_CreateContext(rc4p->key.buf.data,
+                                                   rc4p->key.buf.len);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            RC4_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = rc4_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = rc4_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = rc4_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = rc4_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
 #ifdef NSS_SOFTOKEN_DOES_RC5
     PRIntervalTime time1, time2;
     bltestRC5Params *rc5p = &cipherInfo->params.rc5;
     int minorMode;
     switch (cipherInfo->mode) {
-    case bltestRC5_ECB: minorMode = NSS_RC5;	 break;
-    case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break;
-    default:
-	return SECFailure;
+        case bltestRC5_ECB:
+            minorMode = NSS_RC5;
+            break;
+        case bltestRC5_CBC:
+            minorMode = NSS_RC5_CBC;
+            break;
+        default:
+            return SECFailure;
     }
     TIMESTART();
-    cipherInfo->cx = (void*)RC5_CreateContext(&rc5p->key.buf,
-					      rc5p->rounds, rc5p->wordsize,
-					      rc5p->iv.buf.data, minorMode);
+    cipherInfo->cx = (void *)RC5_CreateContext(&rc5p->key.buf,
+                                               rc5p->rounds, rc5p->wordsize,
+                                               rc5p->iv.buf.data, minorMode);
     TIMEFINISH(cipherInfo->cxtime, 1.0);
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = RC5_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = RC5_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = RC5_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = RC5_Decrypt;
     return SECSuccess;
 #else
     return SECFailure;
 #endif
 }
 
 SECStatus
 bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     bltestSymmKeyParams *aesp = &cipherInfo->params.sk;
     bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask;
     int minorMode;
     int i;
-    int keylen   = aesp->key.buf.len;
+    int keylen = aesp->key.buf.len;
     unsigned int blocklen = AES_BLOCK_SIZE;
     PRIntervalTime time1, time2;
     unsigned char *params;
     int len;
     CK_AES_CTR_PARAMS ctrParams;
     CK_GCM_PARAMS gcmParams;
 
     params = aesp->iv.buf.data;
     switch (cipherInfo->mode) {
-    case bltestAES_ECB:	    minorMode = NSS_AES;	  break;
-    case bltestAES_CBC:	    minorMode = NSS_AES_CBC;	  break;
-    case bltestAES_CTS:	    minorMode = NSS_AES_CTS;	  break;
-    case bltestAES_CTR:	    
-	minorMode = NSS_AES_CTR;
-	ctrParams.ulCounterBits = 32;
-	len = PR_MIN(aesp->iv.buf.len, blocklen);
-	PORT_Memset(ctrParams.cb, 0, blocklen);
-	PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
-	params = (unsigned char *)&ctrParams;
-	break;
-    case bltestAES_GCM:
-	minorMode = NSS_AES_GCM;
-	gcmParams.pIv = gcmp->sk.iv.buf.data;
-	gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
-	gcmParams.pAAD = gcmp->aad.buf.data;
-	gcmParams.ulAADLen = gcmp->aad.buf.len;
-	gcmParams.ulTagBits = blocklen*8;
-	params = (unsigned char *)&gcmParams;
-	break;
-    default:
-	return SECFailure;
+        case bltestAES_ECB:
+            minorMode = NSS_AES;
+            break;
+        case bltestAES_CBC:
+            minorMode = NSS_AES_CBC;
+            break;
+        case bltestAES_CTS:
+            minorMode = NSS_AES_CTS;
+            break;
+        case bltestAES_CTR:
+            minorMode = NSS_AES_CTR;
+            ctrParams.ulCounterBits = 32;
+            len = PR_MIN(aesp->iv.buf.len, blocklen);
+            PORT_Memset(ctrParams.cb, 0, blocklen);
+            PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
+            params = (unsigned char *)&ctrParams;
+            break;
+        case bltestAES_GCM:
+            minorMode = NSS_AES_GCM;
+            gcmParams.pIv = gcmp->sk.iv.buf.data;
+            gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
+            gcmParams.pAAD = gcmp->aad.buf.data;
+            gcmParams.ulAADLen = gcmp->aad.buf.len;
+            gcmParams.ulTagBits = blocklen * 8;
+            params = (unsigned char *)&gcmParams;
+            break;
+        default:
+            return SECFailure;
     }
-    cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data,
-					      params,
-					      minorMode, encrypt, 
-                                              keylen, blocklen);
+    cipherInfo->cx = (void *)AES_CreateContext(aesp->key.buf.data,
+                                               params,
+                                               minorMode, encrypt,
+                                               keylen, blocklen);
     if (cipherInfo->cxreps > 0) {
-	AESContext **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data,
-					          params,
-					          minorMode, encrypt,
-	                                          keylen, blocklen);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    AES_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        AESContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)AES_CreateContext(aesp->key.buf.data,
+                                                   params,
+                                                   minorMode, encrypt,
+                                                   keylen, blocklen);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            AES_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = aes_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = aes_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = aes_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = aes_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     bltestSymmKeyParams *camelliap = &cipherInfo->params.sk;
     int minorMode;
     int i;
-    int keylen   = camelliap->key.buf.len;
+    int keylen = camelliap->key.buf.len;
     PRIntervalTime time1, time2;
-    
+
     switch (cipherInfo->mode) {
-    case bltestCAMELLIA_ECB:	    minorMode = NSS_CAMELLIA;	  break;
-    case bltestCAMELLIA_CBC:	    minorMode = NSS_CAMELLIA_CBC;  break;
-    default:
-	return SECFailure;
+        case bltestCAMELLIA_ECB:
+            minorMode = NSS_CAMELLIA;
+            break;
+        case bltestCAMELLIA_CBC:
+            minorMode = NSS_CAMELLIA_CBC;
+            break;
+        default:
+            return SECFailure;
     }
-    cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data,
-						   camelliap->iv.buf.data,
-						   minorMode, encrypt, 
-						   keylen);
+    cipherInfo->cx = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+                                                    camelliap->iv.buf.data,
+                                                    minorMode, encrypt,
+                                                    keylen);
     if (cipherInfo->cxreps > 0) {
-	CamelliaContext **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data,
-						       camelliap->iv.buf.data,
-						       minorMode, encrypt,
-						       keylen);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    Camellia_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        CamelliaContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+                                                        camelliap->iv.buf.data,
+                                                        minorMode, encrypt,
+                                                        keylen);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            Camellia_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
+        cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
     int minorMode;
     int i;
 
     switch (cipherInfo->mode) {
-    case bltestSEED_ECB:	minorMode = NSS_SEED;		break;
-    case bltestSEED_CBC:	minorMode = NSS_SEED_CBC;	break;
-    default:
-	return SECFailure;
+        case bltestSEED_ECB:
+            minorMode = NSS_SEED;
+            break;
+        case bltestSEED_CBC:
+            minorMode = NSS_SEED_CBC;
+            break;
+        default:
+            return SECFailure;
     }
-    cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data,
-					      seedp->iv.buf.data,
-					      minorMode, encrypt);
+    cipherInfo->cx = (void *)SEED_CreateContext(seedp->key.buf.data,
+                                                seedp->iv.buf.data,
+                                                minorMode, encrypt);
     if (cipherInfo->cxreps > 0) {
-	SEEDContext **dummycx;
-	dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data,
-					          seedp->iv.buf.data,
-					          minorMode, encrypt);
-	}
-	TIMEFINISH(cipherInfo->cxtime, 1.0);
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    SEED_DestroyContext(dummycx[i], PR_TRUE);
-	}
-	PORT_Free(dummycx);
+        SEEDContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)SEED_CreateContext(seedp->key.buf.data,
+                                                    seedp->iv.buf.data,
+                                                    minorMode, encrypt);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            SEED_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
     }
     if (encrypt)
-	cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
+        cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
     else
-	cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
-	
-	return SECSuccess;
+        cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
+
+    return SECSuccess;
 }
 
 SECStatus
 bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     const unsigned int tagLen = 16;
     const bltestSymmKeyParams *sk = &cipherInfo->params.sk;
     cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data,
                                                     sk->key.buf.len, tagLen);
 
     if (encrypt)
-	cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt;
+        cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt;
     else
-	cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt;
+        cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt;
     return SECSuccess;
 }
 
 SECStatus
 bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     RSAPrivateKey **dummyKey;
@@ -1668,42 +1703,42 @@ bltest_rsa_init(bltestCipherInfo *cipher
     bltestRSAParams *rsap = &asymk->cipherParams.rsa;
 
     /* RSA key gen was done during parameter setup */
     cipherInfo->cx = asymk;
     privKey = (RSAPrivateKey *)asymk->privKey;
 
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
-	/* Create space for n private key objects */
-	dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
-						sizeof(RSAPrivateKey *));
-	/* Time n keygens, storing in the array */
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++)
-	    dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, 
-	                             &privKey->publicExponent);
-	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
-	/* Free the n key objects */
-	for (i=0; i<cipherInfo->cxreps; i++)
-	    PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
-	PORT_Free(dummyKey);
+        /* Create space for n private key objects */
+        dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
+                                                sizeof(RSAPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            dummyKey[i] = RSA_NewKey(rsap->keysizeInBits,
+                                     &privKey->publicExponent);
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
+        PORT_Free(dummyKey);
     }
 
     if ((encrypt && !is_sigCipher(cipherInfo->mode)) ||
         (!encrypt && is_sigCipher(cipherInfo->mode))) {
-	/* Have to convert private key to public key.  Memory
-	 * is freed with private key's arena  */
-	pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
-						 sizeof(RSAPublicKey));
-	pubKey->modulus.len = privKey->modulus.len;
-	pubKey->modulus.data = privKey->modulus.data;
-	pubKey->publicExponent.len = privKey->publicExponent.len;
-	pubKey->publicExponent.data = privKey->publicExponent.data;
-	asymk->pubKey = (void *)pubKey;
+        /* Have to convert private key to public key.  Memory
+         * is freed with private key's arena  */
+        pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
+                                                 sizeof(RSAPublicKey));
+        pubKey->modulus.len = privKey->modulus.len;
+        pubKey->modulus.data = privKey->modulus.data;
+        pubKey->publicExponent.len = privKey->publicExponent.len;
+        pubKey->publicExponent.data = privKey->publicExponent.data;
+        asymk->pubKey = (void *)pubKey;
     }
     switch (cipherInfo->mode) {
         case bltestRSA:
             cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_PublicKeyOp
                                                       : rsa_PrivateKeyOp;
             break;
         case bltestRSA_PSS:
             cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_signDigestPSS
@@ -1718,18 +1753,18 @@ bltest_rsa_init(bltestCipherInfo *cipher
     }
     return SECSuccess;
 }
 
 SECStatus
 blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
 {
     if (keysize < 1024) {
-	int j = PQG_PBITS_TO_INDEX(keysize);
-	return PQG_ParamGen(j, pqg, vfy);
+        int j = PQG_PBITS_TO_INDEX(keysize);
+        return PQG_ParamGen(j, pqg, vfy);
     }
     return PQG_ParamGenV2(keysize, 0, 0, pqg, vfy);
 }
 
 SECStatus
 bltest_pqg_init(bltestDSAParams *dsap)
 {
     SECStatus rv, res;
@@ -1750,136 +1785,137 @@ bltest_dsa_init(bltestCipherInfo *cipher
     PQGParams *dummypqg;
     PRIntervalTime time1, time2;
     bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
     bltestDSAParams *dsap = &asymk->cipherParams.dsa;
     PQGVerify *ignore = NULL;
     cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
-	/* Create space for n private key objects */
-	dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
-	                                         sizeof(DSAPrivateKey *));
-	/* Time n keygens, storing in the array */
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    dummypqg = NULL;
-	    blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore);
-	    DSA_NewKey(dummypqg, &dummyKey[i]);
-	}
-	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
-	/* Free the n key objects */
-	for (i=0; i<cipherInfo->cxreps; i++)
-	    PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
-	PORT_Free(dummyKey);
+        /* Create space for n private key objects */
+        dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+                                                 sizeof(DSAPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummypqg = NULL;
+            blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore);
+            DSA_NewKey(dummypqg, &dummyKey[i]);
+        }
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
+        PORT_Free(dummyKey);
     }
     if (!dsap->pqg && dsap->pqgdata.buf.len > 0) {
-	dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
+        dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
     }
     if (!asymk->privKey && asymk->key.buf.len > 0) {
-	asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
+        asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
-	cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
+        cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
     } else {
-	/* Have to convert private key to public key.  Memory
-	 * is freed with private key's arena  */
-	DSAPublicKey *pubkey;
-	DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
-	pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
-						  sizeof(DSAPublicKey));
-	pubkey->params.prime.len = key->params.prime.len;
-	pubkey->params.prime.data = key->params.prime.data;
-	pubkey->params.subPrime.len = key->params.subPrime.len;
-	pubkey->params.subPrime.data = key->params.subPrime.data;
-	pubkey->params.base.len = key->params.base.len;
-	pubkey->params.base.data = key->params.base.data;
-	pubkey->publicValue.len = key->publicValue.len;
-	pubkey->publicValue.data = key->publicValue.data;
-	asymk->pubKey = pubkey;
-	cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
+        /* Have to convert private key to public key.  Memory
+         * is freed with private key's arena  */
+        DSAPublicKey *pubkey;
+        DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
+        pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
+                                                  sizeof(DSAPublicKey));
+        pubkey->params.prime.len = key->params.prime.len;
+        pubkey->params.prime.data = key->params.prime.data;
+        pubkey->params.subPrime.len = key->params.subPrime.len;
+        pubkey->params.subPrime.data = key->params.subPrime.data;
+        pubkey->params.base.len = key->params.base.len;
+        pubkey->params.base.data = key->params.base.data;
+        pubkey->publicValue.len = key->publicValue.len;
+        pubkey->publicValue.data = key->publicValue.data;
+        asymk->pubKey = pubkey;
+        cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
     }
     return SECSuccess;
 }
 
 #ifndef NSS_DISABLE_ECC
 SECStatus
 bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     ECPrivateKey **dummyKey;
     PRIntervalTime time1, time2;
     bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
     cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
-	/* Create space for n private key objects */
-	dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
-	                                         sizeof(ECPrivateKey *));
-	/* Time n keygens, storing in the array */
-	TIMESTART();
-	for (i=0; i<cipherInfo->cxreps; i++) {
-	    EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
-	}
-	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
-	/* Free the n key objects */
-	for (i=0; i<cipherInfo->cxreps; i++)
-	    PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
-	PORT_Free(dummyKey);
+        /* Create space for n private key objects */
+        dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+                                                sizeof(ECPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
+        }
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
+        PORT_Free(dummyKey);
     }
     if (!asymk->privKey && asymk->key.buf.len > 0) {
         asymk->privKey = eckey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
-	cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
+        cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
     } else {
-	/* Have to convert private key to public key.  Memory
-	 * is freed with private key's arena  */
-	ECPublicKey *pubkey;
-	ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
-	pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
-						  sizeof(ECPublicKey));
-	pubkey->ecParams.type = key->ecParams.type;
-	pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
-	pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
-	pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
-	pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
-	pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
-	pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
-	pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
-	pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
-	pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
-	pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
-	pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
-	pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
-	pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
-	pubkey->ecParams.base.len = key->ecParams.base.len;
-	pubkey->ecParams.base.data = key->ecParams.base.data;
-	pubkey->ecParams.order.len = key->ecParams.order.len;
-	pubkey->ecParams.order.data = key->ecParams.order.data;
-	pubkey->ecParams.cofactor = key->ecParams.cofactor;
-	pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
-	pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
-	pubkey->ecParams.name= key->ecParams.name;
-	pubkey->publicValue.len = key->publicValue.len;
-	pubkey->publicValue.data = key->publicValue.data;
-	asymk->pubKey = pubkey;
-	cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
+        /* Have to convert private key to public key.  Memory
+     * is freed with private key's arena  */
+        ECPublicKey *pubkey;
+        ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
+        pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
+                                                 sizeof(ECPublicKey));
+        pubkey->ecParams.type = key->ecParams.type;
+        pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
+        pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
+        pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
+        pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
+        pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
+        pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
+        pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
+        pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
+        pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
+        pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
+        pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
+        pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
+        pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
+        pubkey->ecParams.base.len = key->ecParams.base.len;
+        pubkey->ecParams.base.data = key->ecParams.base.data;
+        pubkey->ecParams.order.len = key->ecParams.order.len;
+        pubkey->ecParams.order.data = key->ecParams.order.data;
+        pubkey->ecParams.cofactor = key->ecParams.cofactor;
+        pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
+        pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
+        pubkey->ecParams.name = key->ecParams.name;
+        pubkey->publicValue.len = key->publicValue.len;
+        pubkey->publicValue.data = key->publicValue.data;
+        asymk->pubKey = pubkey;
+        cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
 md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
 {
     unsigned int len;
     MD2Context *cx = MD2_NewContext();
-    if (cx == NULL) return SECFailure;
+    if (cx == NULL)
+        return SECFailure;
     MD2_Begin(cx);
     MD2_Update(cx, src, src_length);
     MD2_End(cx, dest, &len, MD2_LENGTH);
     MD2_DestroyContext(cx, PR_TRUE);
     return SECSuccess;
 }
 
 SECStatus
@@ -1888,36 +1924,36 @@ md2_restart(unsigned char *dest, const u
     MD2Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     SECStatus rv = SECSuccess;
     cx = MD2_NewContext();
     MD2_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	MD2_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = MD2_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	MD2_Flatten(cx, cxbytes);
-	cx_cpy = MD2_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    MD2_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName);
-	    goto finish;
-	}
-	MD2_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        MD2_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = MD2_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        MD2_Flatten(cx, cxbytes);
+        cx_cpy = MD2_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            MD2_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName);
+            goto finish;
+        }
+        MD2_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     MD2_End(cx, dest, &len, MD2_LENGTH);
 finish:
     MD2_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -1926,37 +1962,37 @@ md5_restart(unsigned char *dest, const u
     SECStatus rv = SECSuccess;
     MD5Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = MD5_NewContext();
     MD5_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	MD5_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = MD5_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	MD5_Flatten(cx, cxbytes);
-	cx_cpy = MD5_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    MD5_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName);
-	    goto finish;
-	}
-	MD5_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        MD5_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = MD5_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        MD5_Flatten(cx, cxbytes);
+        cx_cpy = MD5_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            MD5_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName);
+            goto finish;
+        }
+        MD5_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     MD5_End(cx, dest, &len, MD5_LENGTH);
 finish:
     MD5_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -1965,37 +2001,37 @@ sha1_restart(unsigned char *dest, const 
     SECStatus rv = SECSuccess;
     SHA1Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA1_NewContext();
     SHA1_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA1_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA1_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA1_Flatten(cx, cxbytes);
-	cx_cpy = SHA1_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA1_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA1_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA1_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA1_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA1_Flatten(cx, cxbytes);
+        cx_cpy = SHA1_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA1_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA1_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     SHA1_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA1_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -2005,37 +2041,37 @@ SHA224_restart(unsigned char *dest, cons
     SHA224Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA224_NewContext();
     SHA224_Begin(cx);
     /* divide message by 4, restarting 3 times */
     quarter = (src_length + 3) / 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA224_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA224_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA224_Flatten(cx, cxbytes);
-	cx_cpy = SHA224_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA224_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName);
-	    goto finish;
-	}
-	
-	SHA224_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA224_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA224_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA224_Flatten(cx, cxbytes);
+        cx_cpy = SHA224_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA224_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName);
+            goto finish;
+        }
+
+        SHA224_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     SHA224_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA224_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -2044,37 +2080,37 @@ SHA256_restart(unsigned char *dest, cons
     SECStatus rv = SECSuccess;
     SHA256Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA256_NewContext();
     SHA256_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA256_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA256_Flatten(cx, cxbytes);
-	cx_cpy = SHA256_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA256_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA256_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA256_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA256_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA256_Flatten(cx, cxbytes);
+        cx_cpy = SHA256_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA256_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA256_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     SHA256_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA256_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -2083,37 +2119,37 @@ SHA384_restart(unsigned char *dest, cons
     SECStatus rv = SECSuccess;
     SHA384Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA384_NewContext();
     SHA384_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA384_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA384_Flatten(cx, cxbytes);
-	cx_cpy = SHA384_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA384_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA384_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA384_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA384_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA384_Flatten(cx, cxbytes);
+        cx_cpy = SHA384_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA384_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA384_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     SHA384_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA384_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
@@ -2122,301 +2158,300 @@ SHA512_restart(unsigned char *dest, cons
     SECStatus rv = SECSuccess;
     SHA512Context *cx, *cx_cpy;
     unsigned char *cxbytes;
     unsigned int len;
     unsigned int i, quarter;
     cx = SHA512_NewContext();
     SHA512_Begin(cx);
     /* divide message by 4, restarting 3 times */
-    quarter = (src_length + 3)/ 4;
-    for (i=0; i < 4 && src_length > 0; i++) {
-	SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length));
-	len = SHA512_FlattenSize(cx);
-	cxbytes = PORT_Alloc(len);
-	SHA512_Flatten(cx, cxbytes);
-	cx_cpy = SHA512_Resurrect(cxbytes, NULL);
-	if (!cx_cpy) {
-	    PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
-	    rv = SECFailure;
-	    goto finish;
-	}
-	rv = PORT_Memcmp(cx, cx_cpy, len);
-	if (rv) {
-	    SHA512_DestroyContext(cx_cpy, PR_TRUE);
-	    PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
-	    goto finish;
-	}
-	SHA512_DestroyContext(cx_cpy, PR_TRUE);
-	PORT_Free(cxbytes);
-	src_length -= quarter;
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA512_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA512_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA512_Flatten(cx, cxbytes);
+        cx_cpy = SHA512_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA512_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA512_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
     }
     SHA512_End(cx, dest, &len, MD5_LENGTH);
 finish:
     SHA512_DestroyContext(cx, PR_TRUE);
     return rv;
 }
 
 SECStatus
 pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
 #ifndef NSS_DISABLE_ECC
-	      int keysize, int exponent, char *curveName)
+              int keysize, int exponent, char *curveName)
 #else
-	      int keysize, int exponent)
+              int keysize, int exponent)
 #endif
 {
     int i;
     SECStatus rv = SECSuccess;
     bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
     bltestRSAParams *rsap;
     RSAPrivateKey **rsaKey = NULL;
     bltestDSAParams *dsap;
     DSAPrivateKey **dsaKey = NULL;
 #ifndef NSS_DISABLE_ECC
     SECItem *tmpECParamsDER;
     ECParams *tmpECParams = NULL;
     SECItem ecSerialize[3];
     ECPrivateKey **ecKey = NULL;
 #endif
     switch (cipherInfo->mode) {
-    case bltestRSA:
-    case bltestRSA_PSS:
-    case bltestRSA_OAEP:
-	rsap = &asymk->cipherParams.rsa;
-        rsaKey = (RSAPrivateKey **)&asymk->privKey;
-	if (keysize > 0) {
-	    SECItem expitem = { 0, 0, 0 };
-	    SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
-	    for (i = 1; i <= sizeof(int); i++)
-		expitem.data[i-1] = exponent >> (8*(sizeof(int) - i));
-	    *rsaKey = RSA_NewKey(keysize * 8, &expitem);
-	    serialize_key(&(*rsaKey)->version, 9, file);
-	    rsap->keysizeInBits = keysize * 8;
-	} else {
-	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
-	    *rsaKey = rsakey_from_filedata(&asymk->key.buf);
-	    rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
-	}
-	break;
-    case bltestDSA:
-	dsap = &asymk->cipherParams.dsa;
-	dsaKey = (DSAPrivateKey **)&asymk->privKey;
-	if (keysize > 0) {
-	    dsap->keysize = keysize*8;
-	    if (!dsap->pqg)
-		bltest_pqg_init(dsap);
-	    rv = DSA_NewKey(dsap->pqg, dsaKey);
-	    CHECKERROR(rv, __LINE__);
-	    serialize_key(&(*dsaKey)->params.prime, 5, file);
-	} else {
-	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
-	    *dsaKey = dsakey_from_filedata(&asymk->key.buf);
-	    dsap->keysize = (*dsaKey)->params.prime.len*8;
-	}
-	break;
+        case bltestRSA:
+        case bltestRSA_PSS:
+        case bltestRSA_OAEP:
+            rsap = &asymk->cipherParams.rsa;
+            rsaKey = (RSAPrivateKey **)&asymk->privKey;
+            if (keysize > 0) {
+                SECItem expitem = { 0, 0, 0 };
+                SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
+                for (i = 1; i <= sizeof(int); i++)
+                    expitem.data[i - 1] = exponent >> (8 * (sizeof(int) - i));
+                *rsaKey = RSA_NewKey(keysize * 8, &expitem);
+                serialize_key(&(*rsaKey)->version, 9, file);
+                rsap->keysizeInBits = keysize * 8;
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *rsaKey = rsakey_from_filedata(&asymk->key.buf);
+                rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
+            }
+            break;
+        case bltestDSA:
+            dsap = &asymk->cipherParams.dsa;
+            dsaKey = (DSAPrivateKey **)&asymk->privKey;
+            if (keysize > 0) {
+                dsap->keysize = keysize * 8;
+                if (!dsap->pqg)
+                    bltest_pqg_init(dsap);
+                rv = DSA_NewKey(dsap->pqg, dsaKey);
+                CHECKERROR(rv, __LINE__);
+                serialize_key(&(*dsaKey)->params.prime, 5, file);
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *dsaKey = dsakey_from_filedata(&asymk->key.buf);
+                dsap->keysize = (*dsaKey)->params.prime.len * 8;
+            }
+            break;
 #ifndef NSS_DISABLE_ECC
-    case bltestECDSA:
-	ecKey = (ECPrivateKey **)&asymk->privKey;
-	if (curveName != NULL) {
-	    tmpECParamsDER = getECParams(curveName);
-	    rv = SECOID_Init();
-	    CHECKERROR(rv, __LINE__);
-	    rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
-	    CHECKERROR(rv, __LINE__);
-	    rv = EC_NewKey(tmpECParams, ecKey);
-	    CHECKERROR(rv, __LINE__);
-	    ecSerialize[0].type = tmpECParamsDER->type;
-	    ecSerialize[0].data = tmpECParamsDER->data;
-	    ecSerialize[0].len  = tmpECParamsDER->len;
-	    ecSerialize[1].type = (*ecKey)->publicValue.type;
-	    ecSerialize[1].data = (*ecKey)->publicValue.data;
-	    ecSerialize[1].len  = (*ecKey)->publicValue.len;
-	    ecSerialize[2].type = (*ecKey)->privateValue.type;
-	    ecSerialize[2].data = (*ecKey)->privateValue.data;
-	    ecSerialize[2].len  = (*ecKey)->privateValue.len;
-	    serialize_key(&(ecSerialize[0]), 3, file);
-	    SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
-	    PORT_FreeArena(tmpECParams->arena, PR_TRUE);
-	    rv = SECOID_Shutdown();
-	    CHECKERROR(rv, __LINE__);
-	} else {
-	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
-	    *ecKey = eckey_from_filedata(&asymk->key.buf);
-	}
-	break;
+        case bltestECDSA:
+            ecKey = (ECPrivateKey **)&asymk->privKey;
+            if (curveName != NULL) {
+                tmpECParamsDER = getECParams(curveName);
+                rv = SECOID_Init();
+                CHECKERROR(rv, __LINE__);
+                rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
+                CHECKERROR(rv, __LINE__);
+                rv = EC_NewKey(tmpECParams, ecKey);
+                CHECKERROR(rv, __LINE__);
+                ecSerialize[0].type = tmpECParamsDER->type;
+                ecSerialize[0].data = tmpECParamsDER->data;
+                ecSerialize[0].len = tmpECParamsDER->len;
+                ecSerialize[1].type = (*ecKey)->publicValue.type;
+                ecSerialize[1].data = (*ecKey)->publicValue.data;
+                ecSerialize[1].len = (*ecKey)->publicValue.len;
+                ecSerialize[2].type = (*ecKey)->privateValue.type;
+                ecSerialize[2].data = (*ecKey)->privateValue.data;
+                ecSerialize[2].len = (*ecKey)->privateValue.len;
+                serialize_key(&(ecSerialize[0]), 3, file);
+                SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
+                PORT_FreeArena(tmpECParams->arena, PR_TRUE);
+                rv = SECOID_Shutdown();
+                CHECKERROR(rv, __LINE__);
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *ecKey = eckey_from_filedata(&asymk->key.buf);
+            }
+            break;
 #endif
-    default:
-	return SECFailure;
+        default:
+            return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
 cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRBool restart;
     int outlen;
     switch (cipherInfo->mode) {
-    case bltestDES_ECB:
-    case bltestDES_CBC:
-    case bltestDES_EDE_ECB:
-    case bltestDES_EDE_CBC:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
-	return bltest_des_init(cipherInfo, encrypt);
-	break;
-    case bltestRC2_ECB:
-    case bltestRC2_CBC:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
-	return bltest_rc2_init(cipherInfo, encrypt);
-	break;
-    case bltestRC4:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
-	return bltest_rc4_init(cipherInfo, encrypt);
-	break;
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_des_init(cipherInfo, encrypt);
+            break;
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_rc2_init(cipherInfo, encrypt);
+            break;
+        case bltestRC4:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_rc4_init(cipherInfo, encrypt);
+            break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
-    case bltestRC5_ECB:
-    case bltestRC5_CBC:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
 #endif
-	return bltest_rc5_init(cipherInfo, encrypt);
-	break;
-    case bltestAES_ECB:
-    case bltestAES_CBC:
-    case bltestAES_CTS:
-    case bltestAES_CTR:
-    case bltestAES_GCM:
-	outlen = cipherInfo->input.pBuf.len;
-	if (cipherInfo->mode == bltestAES_GCM && encrypt) {
-	    outlen += 16;
-	}
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
-	return bltest_aes_init(cipherInfo, encrypt);
-	break;
-    case bltestCAMELLIA_ECB:
-    case bltestCAMELLIA_CBC:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
-	return bltest_camellia_init(cipherInfo, encrypt);
-	break;
-    case bltestSEED_ECB:
-    case bltestSEED_CBC:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
-	return bltest_seed_init(cipherInfo, encrypt);
-	break;
-    case bltestCHACHA20:
-	outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
-	return bltest_chacha20_init(cipherInfo, encrypt);
-	break;
-    case bltestRSA:
-    case bltestRSA_OAEP:
-    case bltestRSA_PSS:
-	if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
-		/* Don't allocate a buffer for PSS in verify mode, as no actual
-		 * output is produced. */
-		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-		                  RSA_MAX_MODULUS_BITS / 8);
-	}
-	return bltest_rsa_init(cipherInfo, encrypt);
-	break;
-    case bltestDSA:
-	if (encrypt) {
-		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-		                  DSA_MAX_SIGNATURE_LEN);
-	}
-	return bltest_dsa_init(cipherInfo, encrypt);
-	break;
+            return bltest_rc5_init(cipherInfo, encrypt);
+            break;
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+            outlen = cipherInfo->input.pBuf.len;
+            if (cipherInfo->mode == bltestAES_GCM && encrypt) {
+                outlen += 16;
+            }
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+            return bltest_aes_init(cipherInfo, encrypt);
+            break;
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_camellia_init(cipherInfo, encrypt);
+            break;
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_seed_init(cipherInfo, encrypt);
+            break;
+        case bltestCHACHA20:
+            outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+            return bltest_chacha20_init(cipherInfo, encrypt);
+            break;
+        case bltestRSA:
+        case bltestRSA_OAEP:
+        case bltestRSA_PSS:
+            if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
+                /* Don't allocate a buffer for PSS in verify mode, as no actual
+         * output is produced. */
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  RSA_MAX_MODULUS_BITS / 8);
+            }
+            return bltest_rsa_init(cipherInfo, encrypt);
+            break;
+        case bltestDSA:
+            if (encrypt) {
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  DSA_MAX_SIGNATURE_LEN);
+            }
+            return bltest_dsa_init(cipherInfo, encrypt);
+            break;
 #ifndef NSS_DISABLE_ECC
-    case bltestECDSA:
-	if (encrypt) {
-		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-		                  2 * MAX_ECKEY_LEN);
-	}
-	return bltest_ecdsa_init(cipherInfo, encrypt);
-	break;
+        case bltestECDSA:
+            if (encrypt) {
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  2 * MAX_ECKEY_LEN);
+            }
+            return bltest_ecdsa_init(cipherInfo, encrypt);
+            break;
 #endif
-    case bltestMD2:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  MD2_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestMD5:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  MD5_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestSHA1:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA1_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestSHA224:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA224_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart 
-	                                          : SHA224_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestSHA256:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA256_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart 
-	                                          : SHA256_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestSHA384:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA384_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart 
-	                                          : SHA384_HashBuf;
-	return SECSuccess;
-	break;
-    case bltestSHA512:
-	restart = cipherInfo->params.hash.restart;
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  SHA512_LENGTH);
-	cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart 
-	                                          : SHA512_HashBuf;
-	return SECSuccess;
-	break;
-    default:
-	return SECFailure;
+        case bltestMD2:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              MD2_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestMD5:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              MD5_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA1:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA1_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA224:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA224_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
+                                                      : SHA224_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA256:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA256_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart
+                                                      : SHA256_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA384:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA384_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart
+                                                      : SHA384_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA512:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA512_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart
+                                                      : SHA512_HashBuf;
+            return SECSuccess;
+            break;
+        default:
+            return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
 cipherDoOp(bltestCipherInfo *cipherInfo)
 {
     PRIntervalTime time1, time2;
     SECStatus rv = SECSuccess;
     int i;
     unsigned int len;
     unsigned int maxLen = cipherInfo->output.pBuf.len;
     unsigned char *dummyOut;
     dummyOut = PORT_Alloc(maxLen);
     if (is_symmkeyCipher(cipherInfo->mode)) {
         const unsigned char *input = cipherInfo->input.pBuf.data;
-        unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ?
-                 cipherInfo->input.pBuf.len :
-                 PR_MIN(cipherInfo->input.pBuf.len, 16);
+        unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ? cipherInfo->input.pBuf.len
+                                                                      : PR_MIN(cipherInfo->input.pBuf.len, 16);
         unsigned char *output = cipherInfo->output.pBuf.data;
         unsigned int outputLen = maxLen;
         unsigned int totalOutputLen = 0;
         TIMESTART();
         rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
                                                  output, &len, outputLen,
                                                  input, inputLen);
         CHECKERROR(rv, __LINE__);
@@ -2425,38 +2460,38 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
             input += inputLen;
             inputLen = cipherInfo->input.pBuf.len - inputLen;
             output += len;
             outputLen -= len;
             rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
                                                      output, &len, outputLen,
                                                      input, inputLen);
             CHECKERROR(rv, __LINE__);
-	    totalOutputLen += len;
+            totalOutputLen += len;
         }
-	cipherInfo->output.pBuf.len = totalOutputLen;
+        cipherInfo->output.pBuf.len = totalOutputLen;
         TIMEFINISH(cipherInfo->optime, 1.0);
         cipherInfo->repetitions = 0;
         if (cipherInfo->repetitionsToPerfom != 0) {
             TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom; i++,
-                     cipherInfo->repetitions++) {
+            for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+                cipherInfo->repetitions++) {
                 (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut,
                                                     &len, maxLen,
                                                     cipherInfo->input.pBuf.data,
                                                     cipherInfo->input.pBuf.len);
-                
+
                 CHECKERROR(rv, __LINE__);
             }
         } else {
             int opsBetweenChecks = 0;
             TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
+            while (!(TIMETOFINISH())) {
                 int j = 0;
-                for (;j < opsBetweenChecks;j++) {
+                for (; j < opsBetweenChecks; j++) {
                     (*cipherInfo->cipher.symmkeyCipher)(
                         cipherInfo->cx, dummyOut, &len, maxLen,
                         cipherInfo->input.pBuf.data,
                         cipherInfo->input.pBuf.len);
                 }
                 cipherInfo->repetitions += j;
             }
         }
@@ -2466,80 +2501,80 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
         unsigned int inputLen = cipherInfo->input.pBuf.len;
         unsigned char *output = cipherInfo->output.pBuf.data;
         unsigned int outputLen;
         bltestSymmKeyParams *sk = &cipherInfo->params.sk;
         bltestAuthSymmKeyParams *ask = &cipherInfo->params.ask;
 
         TIMESTART();
         rv = (*cipherInfo->cipher.aeadCipher)(
-                cipherInfo->cx,
-                output, &outputLen, maxLen,
-                input, inputLen,
-                sk->iv.buf.data, sk->iv.buf.len,
-                ask->aad.buf.data, ask->aad.buf.len);
+            cipherInfo->cx,
+            output, &outputLen, maxLen,
+            input, inputLen,
+            sk->iv.buf.data, sk->iv.buf.len,
+            ask->aad.buf.data, ask->aad.buf.len);
         CHECKERROR(rv, __LINE__);
         cipherInfo->output.pBuf.len = outputLen;
         TIMEFINISH(cipherInfo->optime, 1.0);
 
         cipherInfo->repetitions = 0;
         if (cipherInfo->repetitionsToPerfom != 0) {
             TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom; i++,
-                     cipherInfo->repetitions++) {
+            for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+                cipherInfo->repetitions++) {
                 rv = (*cipherInfo->cipher.aeadCipher)(
+                    cipherInfo->cx,
+                    output, &outputLen, maxLen,
+                    input, inputLen,
+                    sk->iv.buf.data, sk->iv.buf.len,
+                    ask->aad.buf.data, ask->aad.buf.len);
+                CHECKERROR(rv, __LINE__);
+            }
+        } else {
+            int opsBetweenChecks = 0;
+            TIMEMARK(cipherInfo->seconds);
+            while (!(TIMETOFINISH())) {
+                int j = 0;
+                for (; j < opsBetweenChecks; j++) {
+                    (*cipherInfo->cipher.aeadCipher)(
                         cipherInfo->cx,
                         output, &outputLen, maxLen,
                         input, inputLen,
                         sk->iv.buf.data, sk->iv.buf.len,
                         ask->aad.buf.data, ask->aad.buf.len);
-                CHECKERROR(rv, __LINE__);
-            }
-        } else {
-            int opsBetweenChecks = 0;
-            TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
-                int j = 0;
-                for (;j < opsBetweenChecks;j++) {
-                    (*cipherInfo->cipher.aeadCipher)(
-                            cipherInfo->cx,
-                            output, &outputLen, maxLen,
-                            input, inputLen,
-                            sk->iv.buf.data, sk->iv.buf.len,
-                            ask->aad.buf.data, ask->aad.buf.len);
                 }
                 cipherInfo->repetitions += j;
             }
         }
         TIMEFINISH(cipherInfo->optime, 1.0);
     } else if (is_pubkeyCipher(cipherInfo->mode)) {
         TIMESTART();
         rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx,
                                                 &cipherInfo->output.pBuf,
                                                 &cipherInfo->input.pBuf);
         TIMEFINISH(cipherInfo->optime, 1.0);
         CHECKERROR(rv, __LINE__);
         cipherInfo->repetitions = 0;
         if (cipherInfo->repetitionsToPerfom != 0) {
             TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
+            for (i = 0; i < cipherInfo->repetitionsToPerfom;
                  i++, cipherInfo->repetitions++) {
                 SECItem dummy;
                 dummy.data = dummyOut;
                 dummy.len = maxLen;
-                (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, 
+                (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
                                                    &cipherInfo->input.pBuf);
                 CHECKERROR(rv, __LINE__);
             }
         } else {
             int opsBetweenChecks = 0;
             TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
+            while (!(TIMETOFINISH())) {
                 int j = 0;
-                for (;j < opsBetweenChecks;j++) {
+                for (; j < opsBetweenChecks; j++) {
                     SECItem dummy;
                     dummy.data = dummyOut;
                     dummy.len = maxLen;
                     (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
                                                        &cipherInfo->input.pBuf);
                     CHECKERROR(rv, __LINE__);
                 }
                 cipherInfo->repetitions += j;
@@ -2551,29 +2586,29 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
         rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data,
                                               cipherInfo->input.pBuf.data,
                                               cipherInfo->input.pBuf.len);
         TIMEFINISH(cipherInfo->optime, 1.0);
         CHECKERROR(rv, __LINE__);
         cipherInfo->repetitions = 0;
         if (cipherInfo->repetitionsToPerfom != 0) {
             TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
+            for (i = 0; i < cipherInfo->repetitionsToPerfom;
                  i++, cipherInfo->repetitions++) {
                 (*cipherInfo->cipher.hashCipher)(dummyOut,
                                                  cipherInfo->input.pBuf.data,
                                                  cipherInfo->input.pBuf.len);
                 CHECKERROR(rv, __LINE__);
             }
         } else {
             int opsBetweenChecks = 0;
             TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
+            while (!(TIMETOFINISH())) {
                 int j = 0;
-                for (;j < opsBetweenChecks;j++) {
+                for (; j < opsBetweenChecks; j++) {
                     bltestIO *input = &cipherInfo->input;
                     (*cipherInfo->cipher.hashCipher)(dummyOut,
                                                      input->pBuf.data,
                                                      input->pBuf.len);
                     CHECKERROR(rv, __LINE__);
                 }
                 cipherInfo->repetitions += j;
             }
@@ -2585,87 +2620,89 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
 }
 
 SECStatus
 cipherFinish(bltestCipherInfo *cipherInfo)
 {
     SECStatus rv = SECSuccess;
 
     switch (cipherInfo->mode) {
-    case bltestDES_ECB:
-    case bltestDES_CBC:
-    case bltestDES_EDE_ECB:
-    case bltestDES_EDE_CBC:
-	DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestAES_GCM:
-    case bltestAES_ECB:
-    case bltestAES_CBC:
-    case bltestAES_CTS:
-    case bltestAES_CTR:
-	AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestCAMELLIA_ECB:
-    case bltestCAMELLIA_CBC:
-	Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestSEED_ECB:
-    case bltestSEED_CBC:
-	SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestCHACHA20:
-	ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
-                                        cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestRC2_ECB:
-    case bltestRC2_CBC:
-	RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
-	break;
-    case bltestRC4:
-	RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
-	break;
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+            DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestAES_GCM:
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+            AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+            Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+            SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestCHACHA20:
+            ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
+                                                cipherInfo->cx,
+                                            PR_TRUE);
+            break;
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+            RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestRC4:
+            RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
+            break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
-    case bltestRC5_ECB:
-    case bltestRC5_CBC:
-	RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
-	break;
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
+            break;
 #endif
-    case bltestRSA:      /* keys are alloc'ed within cipherInfo's arena, */
-    case bltestRSA_PSS:  /* will be freed with it. */
-    case bltestRSA_OAEP:
-    case bltestDSA:
+        case bltestRSA:     /* keys are alloc'ed within cipherInfo's arena, */
+        case bltestRSA_PSS: /* will be freed with it. */
+        case bltestRSA_OAEP:
+        case bltestDSA:
 #ifndef NSS_DISABLE_ECC
-    case bltestECDSA:
+        case bltestECDSA:
 #endif
-    case bltestMD2: /* hash contexts are ephemeral */
-    case bltestMD5:
-    case bltestSHA1:
-    case bltestSHA224:
-    case bltestSHA256:
-    case bltestSHA384:
-    case bltestSHA512:
-	return SECSuccess;
-	break;
-    default:
-	return SECFailure;
+        case bltestMD2: /* hash contexts are ephemeral */
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA224:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+            return SECSuccess;
+            break;
+        default:
+            return SECFailure;
     }
     return rv;
 }
 
 void
 print_exponent(SECItem *exp)
 {
     int i;
     int e = 0;
     if (exp->len <= 4) {
-	for (i=exp->len; i >=0; --i) e |= exp->data[exp->len-i] << 8*(i-1);
-	fprintf(stdout, "%12d", e);
+        for (i = exp->len; i >= 0; --i)
+            e |= exp->data[exp->len - i] << 8 * (i - 1);
+        fprintf(stdout, "%12d", e);
     } else {
-	e = 8*exp->len;
-	fprintf(stdout, "~2**%-8d", e);
+        e = 8 * exp->len;
+        fprintf(stdout, "~2**%-8d", e);
     }
 }
 
 static void
 splitToReportUnit(PRInt64 res, int *resArr, int *del, int size)
 {
     PRInt64 remaining = res, tmp = 0;
     PRInt64 Ldel;
@@ -2674,168 +2711,167 @@ splitToReportUnit(PRInt64 res, int *resA
     while (remaining > 0 && ++i < size) {
         LL_I2L(Ldel, del[i]);
         LL_MOD(tmp, remaining, Ldel);
         LL_L2I(resArr[i], tmp);
         LL_DIV(remaining, remaining, Ldel);
     }
 }
 
-static char*
+static char *
 getHighUnitBytes(PRInt64 res)
 {
-    int spl[] = {0, 0, 0, 0};
-    int del[] = {1024, 1024, 1024, 1024};
-    char *marks[] = {"b", "Kb", "Mb", "Gb"};
+    int spl[] = { 0, 0, 0, 0 };
+    int del[] = { 1024, 1024, 1024, 1024 };
+    char *marks[] = { "b", "Kb", "Mb", "Gb" };
     int i = 3;
 
     splitToReportUnit(res, spl, del, 4);
 
-    for (;i>0;i--) {
+    for (; i > 0; i--) {
         if (spl[i] != 0) {
             break;
         }
     }
 
     return PR_smprintf("%d%s", spl[i], marks[i]);
 }
 
-
 static void
 printPR_smpString(const char *sformat, char *reportStr,
                   const char *nformat, PRInt64 rNum)
 {
     if (reportStr) {
         fprintf(stdout, sformat, reportStr);
         PR_smprintf_free(reportStr);
     } else {
         fprintf(stdout, nformat, rNum);
     }
 }
 
-static char*
+static char *
 getHighUnitOps(PRInt64 res)
 {
-    int spl[] = {0, 0, 0, 0};
-    int del[] = {1000, 1000, 1000, 1000};
-    char *marks[] = {"", "T", "M", "B"};
+    int spl[] = { 0, 0, 0, 0 };
+    int del[] = { 1000, 1000, 1000, 1000 };
+    char *marks[] = { "", "T", "M", "B" };
     int i = 3;
 
     splitToReportUnit(res, spl, del, 4);
 
-    for (;i>0;i--) {
+    for (; i > 0; i--) {
         if (spl[i] != 0) {
             break;
         }
     }
 
     return PR_smprintf("%d%s", spl[i], marks[i]);
 }
 
 void
 dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
                       PRBool encrypt, PRBool cxonly)
 {
     bltestCipherInfo *info = infoList;
-    
+
     PRInt64 totalIn = 0;
     PRBool td = PR_TRUE;
 
-    int   repetitions = 0;
-    int   cxreps = 0;
+    int repetitions = 0;
+    int cxreps = 0;
     double cxtime = 0;
     double optime = 0;
     while (info != NULL) {
         repetitions += info->repetitions;
         cxreps += info->cxreps;
         cxtime += info->cxtime;
         optime += info->optime;
-        totalIn += (PRInt64) info->input.buf.len * (PRInt64) info->repetitions;
-        
+        totalIn += (PRInt64)info->input.buf.len * (PRInt64)info->repetitions;
+
         info = info->next;
     }
     info = infoList;
 
     fprintf(stdout, "#%9s", "mode");
     fprintf(stdout, "%12s", "in");
 print_td:
     switch (info->mode) {
-      case bltestDES_ECB:
-      case bltestDES_CBC:
-      case bltestDES_EDE_ECB:
-      case bltestDES_EDE_CBC:
-      case bltestAES_ECB:
-      case bltestAES_CBC:
-      case bltestAES_CTS:
-      case bltestAES_CTR:
-      case bltestAES_GCM:
-      case bltestCAMELLIA_ECB:
-      case bltestCAMELLIA_CBC:
-      case bltestSEED_ECB:
-      case bltestSEED_CBC:
-      case bltestRC2_ECB:
-      case bltestRC2_CBC:
-      case bltestRC4:
-          if (td)
-              fprintf(stdout, "%8s", "symmkey");
-          else
-              fprintf(stdout, "%8d", 8*info->params.sk.key.buf.len);
-          break;
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+        case bltestRC4:
+            if (td)
+                fprintf(stdout, "%8s", "symmkey");
+            else
+                fprintf(stdout, "%8d", 8 * info->params.sk.key.buf.len);
+            break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
-      case bltestRC5_ECB:
-      case bltestRC5_CBC:
-          if (info->params.sk.key.buf.len > 0)
-              printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
-          if (info->rounds > 0)
-              printf("rounds=%d,", info->params.rc5.rounds);
-          if (info->wordsize > 0)
-              printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
-          break;
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            if (info->params.sk.key.buf.len > 0)
+                printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
+            if (info->rounds > 0)
+                printf("rounds=%d,", info->params.rc5.rounds);
+            if (info->wordsize > 0)
+                printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
+            break;
 #endif
-      case bltestRSA:
-      case bltestRSA_PSS:
-      case bltestRSA_OAEP:
-          if (td) {
-              fprintf(stdout, "%8s", "rsa_mod");
-              fprintf(stdout, "%12s", "rsa_pe");
-          } else {
-              bltestAsymKeyParams *asymk = &info->params.asymk;
-              fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
-              print_exponent(
-                  &((RSAPrivateKey *)asymk->privKey)->publicExponent);
-          }
-          break;
-      case bltestDSA:
-          if (td) {
-              fprintf(stdout, "%8s", "pqg_mod");
-          } else {
-              fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
-          }
-          break;
+        case bltestRSA:
+        case bltestRSA_PSS:
+        case bltestRSA_OAEP:
+            if (td) {
+                fprintf(stdout, "%8s", "rsa_mod");
+                fprintf(stdout, "%12s", "rsa_pe");
+            } else {
+                bltestAsymKeyParams *asymk = &info->params.asymk;
+                fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
+                print_exponent(
+                    &((RSAPrivateKey *)asymk->privKey)->publicExponent);
+            }
+            break;
+        case bltestDSA:
+            if (td) {
+                fprintf(stdout, "%8s", "pqg_mod");
+            } else {
+                fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
+            }
+            break;
 #ifndef NSS_DISABLE_ECC
-      case bltestECDSA:
-          if (td) {
-              fprintf(stdout, "%12s", "ec_curve");
-          } else {
-              ECPrivateKey *key = (ECPrivateKey*)info->params.asymk.privKey;
-              ECCurveName curveName = key->ecParams.name;
-              fprintf(stdout, "%12s",
-                      ecCurve_map[curveName]? ecCurve_map[curveName]->text:
-                      "Unsupported curve");
-          }
-          break;
+        case bltestECDSA:
+            if (td) {
+                fprintf(stdout, "%12s", "ec_curve");
+            } else {
+                ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey;
+                ECCurveName curveName = key->ecParams.name;
+                fprintf(stdout, "%12s",
+                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text :
+                                               "Unsupported curve");
+            }
+            break;
 #endif
-      case bltestMD2:
-      case bltestMD5:
-      case bltestSHA1:
-      case bltestSHA256:
-      case bltestSHA384:
-      case bltestSHA512:
-      default:
-          break;
+        case bltestMD2:
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+        default:
+            break;
     }
     if (!td) {
         PRInt64 totalThroughPut;
 
         printPR_smpString("%8s", getHighUnitOps(repetitions),
                           "%8d", repetitions);
 
         printPR_smpString("%8s", getHighUnitOps(cxreps), "%8d", cxreps);
@@ -2846,292 +2882,301 @@ print_td:
 
         totalThroughPut = (PRInt64)(totalIn / totalTimeInt * 1000);
         printPR_smpString("%12s", getHighUnitBytes(totalThroughPut),
                           "%12d", totalThroughPut);
 
         fprintf(stdout, "\n");
         return;
     }
-    
+
     fprintf(stdout, "%8s", "opreps");
     fprintf(stdout, "%8s", "cxreps");
     fprintf(stdout, "%12s", "context");
     fprintf(stdout, "%12s", "op");
     fprintf(stdout, "%12s", "time(sec)");
     fprintf(stdout, "%12s", "thrgput");
     fprintf(stdout, "\n");
     fprintf(stdout, "%8s", mode_strings[info->mode]);
     fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd');
     printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn);
-    
+
     td = !td;
     goto print_td;
 }
 
 void
 printmodes()
 {
     bltestCipherMode mode;
     int nummodes = sizeof(mode_strings) / sizeof(char *);
     fprintf(stderr, "%s: Available modes (specify with -m):\n", progName);
-    for (mode=0; mode<nummodes; mode++)
-	fprintf(stderr, "%s\n", mode_strings[mode]);
+    for (mode = 0; mode < nummodes; mode++)
+        fprintf(stderr, "%s\n", mode_strings[mode]);
 }
 
 bltestCipherMode
 get_mode(const char *modestring)
 {
     bltestCipherMode mode;
     int nummodes = sizeof(mode_strings) / sizeof(char *);
-    for (mode=0; mode<nummodes; mode++)
-	if (PL_strcmp(modestring, mode_strings[mode]) == 0)
-	    return mode;
+    for (mode = 0; mode < nummodes; mode++)
+        if (PL_strcmp(modestring, mode_strings[mode]) == 0)
+            return mode;
     fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring);
     return bltestINVALID;
 }
 
 void
 load_file_data(PLArenaPool *arena, bltestIO *data,
-	       char *fn, bltestIOMode ioMode)
+               char *fn, bltestIOMode ioMode)
 {
     PRFileDesc *file;
     data->mode = ioMode;
     data->file = NULL; /* don't use -- not saving anything */
     data->pBuf.data = NULL;
     data->pBuf.len = 0;
     file = PR_Open(fn, PR_RDONLY, 00660);
     if (file) {
-	setupIO(arena, data, file, NULL, 0);
-	PR_Close(file);
+        setupIO(arena, data, file, NULL, 0);
+        PR_Close(file);
     }
 }
 
 HASH_HashType
 mode_str_to_hash_alg(const SECItem *modeStr)
 {
     bltestCipherMode mode;
-    char* tempModeStr = NULL;
+    char *tempModeStr = NULL;
     if (!modeStr || modeStr->len == 0)
         return HASH_AlgNULL;
     tempModeStr = PORT_Alloc(modeStr->len + 1);
     if (!tempModeStr)
         return HASH_AlgNULL;
     memcpy(tempModeStr, modeStr->data, modeStr->len);
     tempModeStr[modeStr->len] = '\0';
     mode = get_mode(tempModeStr);
     PORT_Free(tempModeStr);
     switch (mode) {
-        case bltestMD2:    return HASH_AlgMD2;
-        case bltestMD5:    return HASH_AlgMD5;
-        case bltestSHA1:   return HASH_AlgSHA1;
-        case bltestSHA224: return HASH_AlgSHA224;
-        case bltestSHA256: return HASH_AlgSHA256;
-        case bltestSHA384: return HASH_AlgSHA384;
-        case bltestSHA512: return HASH_AlgSHA512;
-        default: return HASH_AlgNULL;
+        case bltestMD2:
+            return HASH_AlgMD2;
+        case bltestMD5:
+            return HASH_AlgMD5;
+        case bltestSHA1:
+            return HASH_AlgSHA1;
+        case bltestSHA224:
+            return HASH_AlgSHA224;
+        case bltestSHA256:
+            return HASH_AlgSHA256;
+        case bltestSHA384:
+            return HASH_AlgSHA384;
+        case bltestSHA512:
+            return HASH_AlgSHA512;
+        default:
+            return HASH_AlgNULL;
     }
 }
 
 void
 get_params(PLArenaPool *arena, bltestParams *params,
-	   bltestCipherMode mode, int j)
+           bltestCipherMode mode, int j)
 {
     char filename[256];
     char *modestr = mode_strings[mode];
     bltestIO tempIO;
 
 #ifdef NSS_SOFTOKEN_DOES_RC5
     FILE *file;
     char *mark, *param, *val;
     int index = 0;
 #endif
     switch (mode) {
-    case bltestAES_GCM:
-    case bltestCHACHA20:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
-	load_file_data(arena, &params->ask.aad, filename, bltestBinary);
-    case bltestDES_CBC:
-    case bltestDES_EDE_CBC:
-    case bltestRC2_CBC:
-    case bltestAES_CBC:
-    case bltestAES_CTS:
-    case bltestAES_CTR:
-    case bltestCAMELLIA_CBC:
-    case bltestSEED_CBC: 
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
-	load_file_data(arena, &params->sk.iv, filename, bltestBinary);
-    case bltestDES_ECB:
-    case bltestDES_EDE_ECB:
-    case bltestRC2_ECB:
-    case bltestRC4:
-    case bltestAES_ECB:
-    case bltestCAMELLIA_ECB:
-    case bltestSEED_ECB:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->sk.key, filename, bltestBinary);
-	break;
+        case bltestAES_GCM:
+        case bltestCHACHA20:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
+            load_file_data(arena, &params->ask.aad, filename, bltestBinary);
+        case bltestDES_CBC:
+        case bltestDES_EDE_CBC:
+        case bltestRC2_CBC:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_CBC:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+            load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+        case bltestDES_ECB:
+        case bltestDES_EDE_ECB:
+        case bltestRC2_ECB:
+        case bltestRC4:
+        case bltestAES_ECB:
+        case bltestCAMELLIA_ECB:
+        case bltestSEED_ECB:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->sk.key, filename, bltestBinary);
+            break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
-    case bltestRC5_ECB:
-    case bltestRC5_CBC:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
-	load_file_data(arena, &params->sk.iv, filename, bltestBinary);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->sk.key, filename, bltestBinary);
-	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-			      "params", j);
-	file = fopen(filename, "r");
-	if (!file) return;
-	param = malloc(100);
-	len = fread(param, 1, 100, file);
-	while (index < len) {
-	    mark = PL_strchr(param, '=');
-	    *mark = '\0';
-	    val = mark + 1;
-	    mark = PL_strchr(val, '\n');
-	    *mark = '\0';
-	    if (PL_strcmp(param, "rounds") == 0) {
-		params->rc5.rounds = atoi(val);
-	    } else if (PL_strcmp(param, "wordsize") == 0) {
-		params->rc5.wordsize = atoi(val);
-	    }
-	    index += PL_strlen(param) + PL_strlen(val) + 2;
-	    param = mark + 1;
-	}
-	break;
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+            load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->sk.key, filename, bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "params", j);
+            file = fopen(filename, "r");
+            if (!file)
+                return;
+            param = malloc(100);
+            len = fread(param, 1, 100, file);
+            while (index < len) {
+                mark = PL_strchr(param, '=');
+                *mark = '\0';
+                val = mark + 1;
+                mark = PL_strchr(val, '\n');
+                *mark = '\0';
+                if (PL_strcmp(param, "rounds") == 0) {
+                    params->rc5.rounds = atoi(val);
+                } else if (PL_strcmp(param, "wordsize") == 0) {
+                    params->rc5.wordsize = atoi(val);
+                }
+                index += PL_strlen(param) + PL_strlen(val) + 2;
+                param = mark + 1;
+            }
+            break;
 #endif
-    case bltestRSA_PSS:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
-	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
-	/* fall through */
-    case bltestRSA_OAEP:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
-	load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
-	               filename, bltestBase64Encoded);
-
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
-	load_file_data(arena, &tempIO, filename, bltestBinary);
-	params->asymk.cipherParams.rsa.hashAlg =
-	    mode_str_to_hash_alg(&tempIO.buf);
-
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
-	load_file_data(arena, &tempIO, filename, bltestBinary);
-	params->asymk.cipherParams.rsa.maskHashAlg =
-	    mode_str_to_hash_alg(&tempIO.buf);
-	/* fall through */
-    case bltestRSA:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->asymk.key, filename,
-	               bltestBase64Encoded);
-	params->asymk.privKey =
-	    (void *)rsakey_from_filedata(&params->asymk.key.buf);
-	break;
-    case bltestDSA:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
-	params->asymk.privKey =
-	     (void *)dsakey_from_filedata(&params->asymk.key.buf);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
-	load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
-	               bltestBase64Encoded);
-	params->asymk.cipherParams.dsa.pqg =
-	      pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
-	load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
-	               bltestBase64Encoded);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
-	               bltestBase64Encoded);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
-	break;
+        case bltestRSA_PSS:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+        /* fall through */
+        case bltestRSA_OAEP:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
+            load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
+                           filename, bltestBase64Encoded);
+
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
+            load_file_data(arena, &tempIO, filename, bltestBinary);
+            params->asymk.cipherParams.rsa.hashAlg =
+                mode_str_to_hash_alg(&tempIO.buf);
+
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
+            load_file_data(arena, &tempIO, filename, bltestBinary);
+            params->asymk.cipherParams.rsa.maskHashAlg =
+                mode_str_to_hash_alg(&tempIO.buf);
+        /* fall through */
+        case bltestRSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename,
+                           bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)rsakey_from_filedata(&params->asymk.key.buf);
+            break;
+        case bltestDSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)dsakey_from_filedata(&params->asymk.key.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
+                           bltestBase64Encoded);
+            params->asymk.cipherParams.dsa.pqg =
+                pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
+                           bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
+                           bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+            break;
 #ifndef NSS_DISABLE_ECC
-    case bltestECDSA:
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
-	params->asymk.privKey =
-	      (void *)eckey_from_filedata(&params->asymk.key.buf);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
-	               filename, bltestBase64Encoded);
-	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
-	break;
+        case bltestECDSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)eckey_from_filedata(&params->asymk.key.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
+                           filename, bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+            break;
 #endif
-    case bltestMD2:
-    case bltestMD5:
-    case bltestSHA1:
-    case bltestSHA224:
-    case bltestSHA256:
-    case bltestSHA384:
-    case bltestSHA512:
-	/*params->hash.restart = PR_TRUE;*/
-	params->hash.restart = PR_FALSE;
-	break;
-    default:
-	break;
+        case bltestMD2:
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA224:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+            /*params->hash.restart = PR_TRUE;*/
+            params->hash.restart = PR_FALSE;
+            break;
+        default:
+            break;
     }
 }
 
 SECStatus
 verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode,
-		 PRBool forward, SECStatus sigstatus)
+                 PRBool forward, SECStatus sigstatus)
 {
     PRBool equal;
     char *modestr = mode_strings[mode];
     equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf);
     if (is_sigCipher(mode)) {
-	if (forward) {
-	    if (equal) {
-		printf("Signature self-test for %s passed.\n", modestr);
-	    } else {
-		printf("Signature self-test for %s failed!\n", modestr);
-	    }
-	    return equal ? SECSuccess : SECFailure;
-	} else {
-	    if (sigstatus == SECSuccess) {
-		printf("Verification self-test for %s passed.\n", modestr);
-	    } else {
-		printf("Verification self-test for %s failed!\n", modestr);
-	    }
-	    return sigstatus;
-	}
+        if (forward) {
+            if (equal) {
+                printf("Signature self-test for %s passed.\n", modestr);
+            } else {
+                printf("Signature self-test for %s failed!\n", modestr);
+            }
+            return equal ? SECSuccess : SECFailure;
+        } else {
+            if (sigstatus == SECSuccess) {
+                printf("Verification self-test for %s passed.\n", modestr);
+            } else {
+                printf("Verification self-test for %s failed!\n", modestr);
+            }
+            return sigstatus;
+        }
     } else if (is_hashCipher(mode)) {
-	if (equal) {
-	    printf("Hash self-test for %s passed.\n", modestr);
-	} else {
-	    printf("Hash self-test for %s failed!\n", modestr);
-	}
+        if (equal) {
+            printf("Hash self-test for %s passed.\n", modestr);
+        } else {
+            printf("Hash self-test for %s failed!\n", modestr);
+        }
     } else {
-	if (forward) {
-	    if (equal) {
-		printf("Encryption self-test for %s passed.\n", modestr);
-	    } else {
-		printf("Encryption self-test for %s failed!\n", modestr);
-	    }
-	} else {
-	    if (equal) {
-		printf("Decryption self-test for %s passed.\n", modestr);
-	    } else {
-		printf("Decryption self-test for %s failed!\n", modestr);
-	    }
-	}
+        if (forward) {
+            if (equal) {
+                printf("Encryption self-test for %s passed.\n", modestr);
+            } else {
+                printf("Encryption self-test for %s failed!\n", modestr);
+            }
+        } else {
+            if (equal) {
+                printf("Decryption self-test for %s passed.\n", modestr);
+            } else {
+                printf("Decryption self-test for %s failed!\n", modestr);
+            }
+        }
     }
     return equal ? SECSuccess : SECFailure;
 }
 
 static SECStatus
 ReadFileToItem(SECItem *dst, const char *filename)
 {
     PRFileDesc *file;
     SECStatus rv;
 
     file = PR_Open(filename, PR_RDONLY, 00660);
     if (!file) {
-	return SECFailure;
+        return SECFailure;
     }
     rv = SECU_FileToItem(dst, file);
     PR_Close(file);
     return rv;
 }
 
 static SECStatus
 blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
@@ -3148,164 +3193,166 @@ blapi_selftest(bltestCipherMode *modes, 
     SECItem item;
     SECStatus rv = SECSuccess, srv;
 
     PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     cipherInfo.arena = arena;
 
     nummodes = (numModes == 0) ? NUMMODES : numModes;
-    for (i=0; i < nummodes; i++) {
-	if (numModes > 0)
-	    mode = modes[i];
-	else
-	    mode = i;
-	if (mode == bltestINVALID) {
-	    fprintf(stderr, "%s: Skipping invalid mode.\n",progName);
-	    continue;
-	}
-	modestr = mode_strings[mode];
-	cipherInfo.mode = mode;
-	params = &cipherInfo.params;
-	/* get the number of tests in the directory */
-	sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
-	if (ReadFileToItem(&item, filename) != SECSuccess) {
-	    fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
-	    rv = SECFailure;
-	    continue;
-	}
-	/* loop over the tests in the directory */
-	numtests = 0;
-	for (j=0; j<item.len; j++) {
-	    if (!isdigit(item.data[j])) {
-		break;
-	    }
-	    numtests *= 10;
-	    numtests += (int) (item.data[j] - '0');
-	}
-	for (j=0; j<numtests; j++) {
-	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-	            "plaintext", j);
-	    load_file_data(arena, &pt, filename,
-	                   is_sigCipher(mode) ? bltestBase64Encoded
-	                                      : bltestBinary);
-	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-	            "ciphertext", j);
-	    load_file_data(arena, &ct, filename, bltestBase64Encoded);
-
-	    get_params(arena, params, mode, j);
-	    /* Forward Operation (Encrypt/Sign/Hash)
-	    ** Align the input buffer (plaintext) according to request
-	    ** then perform operation and compare to ciphertext
-	    */
-	    if (encrypt) {
-		bltestCopyIO(arena, &cipherInfo.input, &pt);
-		misalignBuffer(arena, &cipherInfo.input, inoff);
-		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
-		rv |= cipherInit(&cipherInfo, PR_TRUE);
-		misalignBuffer(arena, &cipherInfo.output, outoff);
-		rv |= cipherDoOp(&cipherInfo);
-		rv |= cipherFinish(&cipherInfo);
-		rv |= verify_self_test(&cipherInfo.output, 
-		                       &ct, mode, PR_TRUE, SECSuccess);
-		/* If testing hash, only one op to test */
-		if (is_hashCipher(mode))
-		    continue;
-		if (is_sigCipher(mode)) {
-		    /* Verify operations support detached signature files. For
-		    ** consistency between tests that run Sign/Verify back to
-		    ** back (eg: self-tests) and tests that are only running
-		    ** verify operations, copy the output into the sig buf,
-		    ** and then copy the sig buf back out when verifying. For
-		    ** self-tests, this is unnecessary copying, but for
-		    ** verify-only operations, this ensures that the output
-		    ** buffer is properly configured
-		    */
-		    bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
-		}
-	    }
-	    if (!decrypt)
-		continue;
-	    /* Reverse Operation (Decrypt/Verify)
-	    ** Align the input buffer (ciphertext) according to request
-	    ** then perform operation and compare to plaintext
-	    */
-	    if (is_sigCipher(mode)) {
-		bltestCopyIO(arena, &cipherInfo.input, &pt);
-		bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
-	    } else {
-		bltestCopyIO(arena, &cipherInfo.input, &ct);
-		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
-	    }
-	    misalignBuffer(arena, &cipherInfo.input, inoff);
-	    rv |= cipherInit(&cipherInfo, PR_FALSE);
-	    misalignBuffer(arena, &cipherInfo.output, outoff);
-	    srv = SECSuccess;
-	    srv |= cipherDoOp(&cipherInfo);
-	    rv |= cipherFinish(&cipherInfo);
-	    rv |= verify_self_test(&cipherInfo.output, 
-	                           &pt, mode, PR_FALSE, srv);
-	}
+    for (i = 0; i < nummodes; i++) {
+        if (numModes > 0)
+            mode = modes[i];
+        else
+            mode = i;
+        if (mode == bltestINVALID) {
+            fprintf(stderr, "%s: Skipping invalid mode.\n", progName);
+            continue;
+        }
+        modestr = mode_strings[mode];
+        cipherInfo.mode = mode;
+        params = &cipherInfo.params;
+        /* get the number of tests in the directory */
+        sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
+        if (ReadFileToItem(&item, filename) != SECSuccess) {
+            fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
+            rv = SECFailure;
+            continue;
+        }
+        /* loop over the tests in the directory */
+        numtests = 0;
+        for (j = 0; j < item.len; j++) {
+            if (!isdigit(item.data[j])) {
+                break;
+            }
+            numtests *= 10;
+            numtests += (int)(item.data[j] - '0');
+        }
+        for (j = 0; j < numtests; j++) {
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "plaintext", j);
+            load_file_data(arena, &pt, filename,
+                           is_sigCipher(mode) ? bltestBase64Encoded
+                                              : bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "ciphertext", j);
+            load_file_data(arena, &ct, filename, bltestBase64Encoded);
+
+            get_params(arena, params, mode, j);
+            /* Forward Operation (Encrypt/Sign/Hash)
+            ** Align the input buffer (plaintext) according to request
+            ** then perform operation and compare to ciphertext
+            */
+            if (encrypt) {
+                bltestCopyIO(arena, &cipherInfo.input, &pt);
+                misalignBuffer(arena, &cipherInfo.input, inoff);
+                memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+                rv |= cipherInit(&cipherInfo, PR_TRUE);
+                misalignBuffer(arena, &cipherInfo.output, outoff);
+                rv |= cipherDoOp(&cipherInfo);
+                rv |= cipherFinish(&cipherInfo);
+                rv |= verify_self_test(&cipherInfo.output,
+                                       &ct, mode, PR_TRUE, SECSuccess);
+                /* If testing hash, only one op to test */
+                if (is_hashCipher(mode))
+                    continue;
+                if (is_sigCipher(mode)) {
+                    /* Verify operations support detached signature files. For
+                    ** consistency between tests that run Sign/Verify back to
+                    ** back (eg: self-tests) and tests that are only running
+                    ** verify operations, copy the output into the sig buf,
+                    ** and then copy the sig buf back out when verifying. For
+                    ** self-tests, this is unnecessary copying, but for
+                    ** verify-only operations, this ensures that the output
+                    ** buffer is properly configured
+                    */
+                    bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
+                }
+            }
+            if (!decrypt)
+                continue;
+            /* Reverse Operation (Decrypt/Verify)
+            ** Align the input buffer (ciphertext) according to request
+            ** then perform operation and compare to plaintext
+            */
+            if (is_sigCipher(mode)) {
+                bltestCopyIO(arena, &cipherInfo.input, &pt);
+                bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
+            } else {
+                bltestCopyIO(arena, &cipherInfo.input, &ct);
+                memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+            }
+            misalignBuffer(arena, &cipherInfo.input, inoff);
+            rv |= cipherInit(&cipherInfo, PR_FALSE);
+            misalignBuffer(arena, &cipherInfo.output, outoff);
+            srv = SECSuccess;
+            srv |= cipherDoOp(&cipherInfo);
+            rv |= cipherFinish(&cipherInfo);
+            rv |= verify_self_test(&cipherInfo.output,
+                                   &pt, mode, PR_FALSE, srv);
+        }
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
     bltestIO keydata;
     PLArenaPool *arena = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
     if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) {
-	RSAPrivateKey *key;
-	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
-	key = rsakey_from_filedata(&keydata.buf);
-	dump_rsakey(key);
+        RSAPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = rsakey_from_filedata(&keydata.buf);
+        dump_rsakey(key);
     } else if (mode == bltestDSA) {
 #if 0
-	PQGParams *pqg;
-	get_file_data(filename, &item, PR_TRUE);
-	pqg = pqg_from_filedata(&item);
-	dump_pqg(pqg);
+    PQGParams *pqg;
+    get_file_data(filename, &item, PR_TRUE);
+    pqg = pqg_from_filedata(&item);
+    dump_pqg(pqg);
 #endif
-	DSAPrivateKey *key;
-	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
-	key = dsakey_from_filedata(&keydata.buf);
-	dump_dsakey(key);
+        DSAPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = dsakey_from_filedata(&keydata.buf);
+        dump_dsakey(key);
 #ifndef NSS_DISABLE_ECC
     } else if (mode == bltestECDSA) {
-	ECPrivateKey *key;
-	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
-	key = eckey_from_filedata(&keydata.buf);
-	dump_eckey(key);
+        ECPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = eckey_from_filedata(&keydata.buf);
+        dump_eckey(key);
 #endif
     }
     PORT_FreeArena(arena, PR_FALSE);
     return SECFailure;
 }
 
-void ThreadExecTest(void *data)
+void
+ThreadExecTest(void *data)
 {
-    bltestCipherInfo *cipherInfo = (bltestCipherInfo*)data;
+    bltestCipherInfo *cipherInfo = (bltestCipherInfo *)data;
 
     if (cipherInfo->mCarlo == PR_TRUE) {
         int mciter;
-        for (mciter=0; mciter<10000; mciter++) {
+        for (mciter = 0; mciter < 10000; mciter++) {
             cipherDoOp(cipherInfo);
             memcpy(cipherInfo->input.buf.data,
                    cipherInfo->output.buf.data,
                    cipherInfo->input.buf.len);
         }
     } else {
         cipherDoOp(cipherInfo);
     }
     cipherFinish(cipherInfo);
 }
 
-static void rsaPrivKeyReset(RSAPrivateKey *tstKey)
+static void
+rsaPrivKeyReset(RSAPrivateKey *tstKey)
 {
     PLArenaPool *arena;
 
     tstKey->version.data = NULL;
     tstKey->version.len = 0;
     tstKey->modulus.data = NULL;
     tstKey->modulus.len = 0;
     tstKey->publicExponent.data = NULL;
@@ -3321,176 +3368,174 @@ static void rsaPrivKeyReset(RSAPrivateKe
     tstKey->exponent2.data = NULL;
     tstKey->exponent2.len = 0;
     tstKey->coefficient.data = NULL;
     tstKey->coefficient.len = 0;
 
     arena = tstKey->arena;
     tstKey->arena = NULL;
     if (arena) {
-	PORT_FreeArena(arena, PR_TRUE);
+        PORT_FreeArena(arena, PR_TRUE);
     }
 }
 
-
-#define RSA_TEST_EQUAL(comp) \
-    if (!SECITEM_ItemsAreEqual(&(src->comp),&(dest->comp))) { \
-	fprintf(stderr, "key->" #comp " not equal"); \
-	if (src->comp.len != dest->comp.len) { \
-	    fprintf(stderr, "src_len = %d, dest_len = %d",  \
-					src->comp.len, dest->comp.len); \
-	} \
-	fprintf(stderr, "\n"); \
-	areEqual = PR_FALSE; \
+#define RSA_TEST_EQUAL(comp)                                   \
+    if (!SECITEM_ItemsAreEqual(&(src->comp), &(dest->comp))) { \
+        fprintf(stderr, "key->" #comp " not equal");           \
+        if (src->comp.len != dest->comp.len) {                 \
+            fprintf(stderr, "src_len = %d, dest_len = %d",     \
+                    src->comp.len, dest->comp.len);            \
+        }                                                      \
+        fprintf(stderr, "\n");                                 \
+        areEqual = PR_FALSE;                                   \
     }
-	    
-
-static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
+
+static PRBool
+rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
 {
     PRBool areEqual = PR_TRUE;
     RSA_TEST_EQUAL(modulus)
     RSA_TEST_EQUAL(publicExponent)
     RSA_TEST_EQUAL(privateExponent)
     RSA_TEST_EQUAL(prime1)
     RSA_TEST_EQUAL(prime2)
     RSA_TEST_EQUAL(exponent1)
     RSA_TEST_EQUAL(exponent2)
     RSA_TEST_EQUAL(coefficient)
     if (!areEqual) {
-	fprintf(stderr, "original key:\n");
-	dump_rsakey(src);
-	fprintf(stderr, "recreated key:\n");
-	dump_rsakey(dest);
+        fprintf(stderr, "original key:\n");
+        dump_rsakey(src);
+        fprintf(stderr, "recreated key:\n");
+        dump_rsakey(dest);
     }
     return areEqual;
 }
 
 /*
  * Test the RSA populate command to see that it can really build
  * keys from it's components.
  */
-static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
+static int
+doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
 {
     RSAPrivateKey *srcKey;
     RSAPrivateKey tstKey = { 0 };
     SECItem expitem = { 0, 0, 0 };
     SECStatus rv;
     unsigned char pubExp[4];
     int expLen = 0;
     int failed = 0;
     int i;
 
-    for (i=0; i < sizeof(unsigned long); i++) {
-	int shift = (sizeof(unsigned long) - i -1 ) * 8;
-	if (expLen || (exponent && ((unsigned long)0xffL << shift))) {
-	    pubExp[expLen] = (unsigned char) ((exponent >> shift) & 0xff);
-	    expLen++;
+    for (i = 0; i < sizeof(unsigned long); i++) {
+        int shift = (sizeof(unsigned long) - i - 1) * 8;
+        if (expLen || (exponent && ((unsigned long)0xffL << shift))) {
+            pubExp[expLen] = (unsigned char)((exponent >> shift) & 0xff);
+            expLen++;
         }
     }
 
     expitem.data = pubExp;
     expitem.len = expLen;
 
     srcKey = RSA_NewKey(keySize, &expitem);
     if (srcKey == NULL) {
-	fprintf(stderr, "RSA Key Gen failed");
-	return -1;
+        fprintf(stderr, "RSA Key Gen failed");
+        return -1;
     }
 
     /* test the basic case - most common, public exponent, modulus, prime */
     tstKey.arena = NULL;
     rsaPrivKeyReset(&tstKey);
 
     tstKey.publicExponent = srcKey->publicExponent;
     tstKey.modulus = srcKey->modulus;
     tstKey.prime1 = srcKey->prime1;
 
     rv = RSA_PopulatePrivateKey(&tstKey);
     if (rv != SECSuccess) {
-	fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
+        failed = 1;
     } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
-	fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
+        failed = 1;
     }
 
     /* test the basic2 case, public exponent, modulus, prime2 */
     rsaPrivKeyReset(&tstKey);
 
     tstKey.publicExponent = srcKey->publicExponent;
     tstKey.modulus = srcKey->modulus;
     tstKey.prime1 = srcKey->prime2; /* test with q in the prime1 position */
 
     rv = RSA_PopulatePrivateKey(&tstKey);
     if (rv != SECSuccess) {
-	fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
+        failed = 1;
     } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
-	fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
+        failed = 1;
     }
 
     /* test the medium case, private exponent, prime1, prime2 */
     rsaPrivKeyReset(&tstKey);
 
     tstKey.privateExponent = srcKey->privateExponent;
     tstKey.prime1 = srcKey->prime2; /* purposefully swap them to make */
     tstKey.prime2 = srcKey->prime1; /* sure populated swaps them back */
 
     rv = RSA_PopulatePrivateKey(&tstKey);
     if (rv != SECSuccess) {
-	fprintf(stderr, "RSA Populate failed: privExp p q\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate failed: privExp p q\n");
+        failed = 1;
     } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
-	fprintf(stderr, "RSA Populate key mismatch: privExp  p q\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate key mismatch: privExp  p q\n");
+        failed = 1;
     }
 
     /* test the advanced case, public exponent, private exponent, prime2 */
     rsaPrivKeyReset(&tstKey);
 
     tstKey.privateExponent = srcKey->privateExponent;
     tstKey.publicExponent = srcKey->publicExponent;
     tstKey.prime2 = srcKey->prime2; /* use q in the prime2 position */
 
     rv = RSA_PopulatePrivateKey(&tstKey);
     if (rv != SECSuccess) {
-	fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
-	fprintf(stderr, " - not fatal\n");
-	/* it's possible that we can't uniquely determine the original key
-	 * from just the exponents and prime. Populate returns an error rather
-	 * than return the wrong key. */
+        fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
+        fprintf(stderr, " - not fatal\n");
+        /* it's possible that we can't uniquely determine the original key
+     * from just the exponents and prime. Populate returns an error rather
+     * than return the wrong key. */
     } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
-	/* if we returned a key, it *must* be correct */
-	fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  q\n");
-	rv = RSA_PrivateKeyCheck(&tstKey);
-	failed = 1;
+        /* if we returned a key, it *must* be correct */
+        fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  q\n");
+        rv = RSA_PrivateKeyCheck(&tstKey);
+        failed = 1;
     }
 
     /* test the advanced case2, public exponent, private exponent, modulus */
     rsaPrivKeyReset(&tstKey);
 
     tstKey.privateExponent = srcKey->privateExponent;
     tstKey.publicExponent = srcKey->publicExponent;
     tstKey.modulus = srcKey->modulus;
 
     rv = RSA_PopulatePrivateKey(&tstKey);
     if (rv != SECSuccess) {
-	fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
+        failed = 1;
     } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
-	fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  mod\n");
-	failed = 1;
+        fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  mod\n");
+        failed = 1;
     }
 
     return failed ? -1 : 0;
 }
 
-
-
 /* bltest commands */
 enum {
     cmd_Decrypt = 0,
     cmd_Encrypt,
     cmd_FIPS,
     cmd_Hash,
     cmd_Nonce,
     cmd_Dump,
@@ -3535,261 +3580,260 @@ enum {
     opt_OutputOffset,
     opt_MonteCarlo,
     opt_ThreadNum,
     opt_SecondsToRun,
     opt_CmdLine
 };
 
 static secuCommandFlag bltest_commands[] =
-{
-    { /* cmd_Decrypt	*/ 'D', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Encrypt	*/ 'E', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_FIPS	*/ 'F', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Hash	*/ 'H', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Nonce      */ 'N', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Dump	*/ 'P', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_RSAPopulate*/ 'R', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Sign	*/ 'S', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_SelfTest	*/ 'T', PR_FALSE, 0, PR_FALSE },
-    { /* cmd_Verify	*/ 'V', PR_FALSE, 0, PR_FALSE }
-};
+    {
+      { /* cmd_Decrypt  */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Encrypt  */ 'E', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Nonce      */ 'N', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_RSAPopulate*/ 'R', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Verify   */ 'V', PR_FALSE, 0, PR_FALSE }
+    };
 
 static secuCommandFlag bltest_options[] =
-{
-    { /* opt_B64	  */ 'a', PR_FALSE, 0, PR_FALSE },
-    { /* opt_BufSize	  */ 'b', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Restart	  */ 'c', PR_FALSE, 0, PR_FALSE },
-    { /* opt_SelfTestDir  */ 'd', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Exponent	  */ 'e', PR_TRUE,  0, PR_FALSE },
-    { /* opt_SigFile      */ 'f', PR_TRUE,  0, PR_FALSE },
-    { /* opt_KeySize	  */ 'g', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Hex	  */ 'h', PR_FALSE, 0, PR_FALSE },
-    { /* opt_Input	  */ 'i', PR_TRUE,  0, PR_FALSE },
-    { /* opt_PQGFile	  */ 'j', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Key	  */ 'k', PR_TRUE,  0, PR_FALSE },
-    { /* opt_HexWSpc	  */ 'l', PR_FALSE, 0, PR_FALSE },
-    { /* opt_Mode	  */ 'm', PR_TRUE,  0, PR_FALSE },
+    {
+      { /* opt_B64    */ 'a', PR_FALSE, 0, PR_FALSE },
+      { /* opt_BufSize    */ 'b', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Restart    */ 'c', PR_FALSE, 0, PR_FALSE },
+      { /* opt_SelfTestDir  */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Exponent   */ 'e', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SigFile      */ 'f', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeySize    */ 'g', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Hex    */ 'h', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Input      */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PQGFile    */ 'j', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Key    */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_HexWSpc    */ 'l', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Mode   */ 'm', PR_TRUE, 0, PR_FALSE },
 #ifndef NSS_DISABLE_ECC
-    { /* opt_CurveName	  */ 'n', PR_TRUE,  0, PR_FALSE },
+      { /* opt_CurveName      */ 'n', PR_TRUE, 0, PR_FALSE },
 #endif
-    { /* opt_Output	  */ 'o', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Repetitions  */ 'p', PR_TRUE,  0, PR_FALSE },
-    { /* opt_ZeroBuf	  */ 'q', PR_FALSE, 0, PR_FALSE },
-    { /* opt_Rounds	  */ 'r', PR_TRUE,  0, PR_FALSE },
-    { /* opt_Seed	  */ 's', PR_TRUE,  0, PR_FALSE },
-    { /* opt_SigSeedFile  */ 't', PR_TRUE,  0, PR_FALSE },
-    { /* opt_CXReps       */ 'u', PR_TRUE,  0, PR_FALSE },
-    { /* opt_IV		  */ 'v', PR_TRUE,  0, PR_FALSE },
-    { /* opt_WordSize	  */ 'w', PR_TRUE,  0, PR_FALSE },
-    { /* opt_UseSeed	  */ 'x', PR_FALSE, 0, PR_FALSE },
-    { /* opt_UseSigSeed	  */ 'y', PR_FALSE, 0, PR_FALSE },
-    { /* opt_SeedFile	  */ 'z', PR_FALSE, 0, PR_FALSE },
-    { /* opt_AAD	  */  0 , PR_TRUE,  0, PR_FALSE, "aad" },
-    { /* opt_InputOffset  */ '1', PR_TRUE,  0, PR_FALSE },
-    { /* opt_OutputOffset */ '2', PR_TRUE,  0, PR_FALSE },
-    { /* opt_MonteCarlo   */ '3', PR_FALSE, 0, PR_FALSE },
-    { /* opt_ThreadNum    */ '4', PR_TRUE,  0, PR_FALSE },
-    { /* opt_SecondsToRun */ '5', PR_TRUE,  0, PR_FALSE },
-    { /* opt_CmdLine	  */ '-', PR_FALSE, 0, PR_FALSE }
-};
-
-int main(int argc, char **argv)
+      { /* opt_Output     */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Repetitions  */ 'p', PR_TRUE, 0, PR_FALSE },
+      { /* opt_ZeroBuf    */ 'q', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Rounds     */ 'r', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Seed   */ 's', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SigSeedFile  */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CXReps       */ 'u', PR_TRUE, 0, PR_FALSE },
+      { /* opt_IV         */ 'v', PR_TRUE, 0, PR_FALSE },
+      { /* opt_WordSize   */ 'w', PR_TRUE, 0, PR_FALSE },
+      { /* opt_UseSeed    */ 'x', PR_FALSE, 0, PR_FALSE },
+      { /* opt_UseSigSeed     */ 'y', PR_FALSE, 0, PR_FALSE },
+      { /* opt_SeedFile   */ 'z', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AAD    */ 0, PR_TRUE, 0, PR_FALSE, "aad" },
+      { /* opt_InputOffset  */ '1', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE },
+      { /* opt_MonteCarlo   */ '3', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ThreadNum    */ '4', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CmdLine    */ '-', PR_FALSE, 0, PR_FALSE }
+    };
+
+int
+main(int argc, char **argv)
 {
     SECStatus rv = SECFailure;
 
-    double              totalTime = 0.0;
-    PRIntervalTime      time1, time2;
-    PRFileDesc          *outfile = NULL;
-    bltestCipherInfo    *cipherInfoListHead, *cipherInfo = NULL;
-    bltestIOMode        ioMode;
-    int                 bufsize, exponent, curThrdNum;
+    double totalTime = 0.0;
+    PRIntervalTime time1, time2;
+    PRFileDesc *outfile = NULL;
+    bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
+    bltestIOMode ioMode;
+    int bufsize, exponent, curThrdNum;
 #ifndef NSS_DISABLE_ECC
-    char		*curveName = NULL;
+    char *curveName = NULL;
 #endif
-    int			 i, commandsEntered;
-    int			 inoff, outoff;
-    int                  threads = 1;
+    int i, commandsEntered;
+    int inoff, outoff;
+    int threads = 1;
 
     secuCommand bltest;
     bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag);
     bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag);
     bltest.commands = bltest_commands;
     bltest.options = bltest_options;
 
     progName = strrchr(argv[0], '/');
-    if (!progName) 
-	progName = strrchr(argv[0], '\\');
-    progName = progName ? progName+1 : argv[0];
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
 
     rv = NSS_InitializePRErrorTable();
     if (rv != SECSuccess) {
-	SECU_PrintPRandOSError(progName);
-	return -1;
+        SECU_PrintPRandOSError(progName);
+        return -1;
     }
     rv = RNG_RNGInit();
     if (rv != SECSuccess) {
-	SECU_PrintPRandOSError(progName);
-	return -1;
+        SECU_PrintPRandOSError(progName);
+        return -1;
     }
     rv = BL_Init();
     if (rv != SECSuccess) {
-	SECU_PrintPRandOSError(progName);
-	return -1;
+        SECU_PrintPRandOSError(progName);
+        return -1;
     }
     RNG_SystemInfoForRNG();
 
-
     rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
     if (rv == SECFailure) {
-	fprintf(stderr, "%s: command line parsing error!\n", progName);
-	goto print_usage;
+        fprintf(stderr, "%s: command line parsing error!\n", progName);
+        goto print_usage;
     }
     rv = SECFailure;
 
     cipherInfo = PORT_ZNew(bltestCipherInfo);
     cipherInfoListHead = cipherInfo;
 
     /* Check the number of commands entered on the command line. */
     commandsEntered = 0;
-    for (i=0; i<bltest.numCommands; i++)
-	if (bltest.commands[i].activated)
-	    commandsEntered++;
+    for (i = 0; i < bltest.numCommands; i++)
+        if (bltest.commands[i].activated)
+            commandsEntered++;
 
     if (commandsEntered > 1 &&
-	!(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) {
-	fprintf(stderr, "%s: one command at a time!\n", progName);
+        !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) {
+        fprintf(stderr, "%s: one command at a time!\n", progName);
         goto print_usage;
     }
 
     if (commandsEntered == 0) {
-	fprintf(stderr, "%s: you must enter a command!\n", progName);
+        fprintf(stderr, "%s: you must enter a command!\n", progName);
         goto print_usage;
     }
 
-
     if (bltest.commands[cmd_Sign].activated)
-	bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+        bltest.commands[cmd_Encrypt].activated = PR_TRUE;
     if (bltest.commands[cmd_Verify].activated)
-	bltest.commands[cmd_Decrypt].activated = PR_TRUE;
+        bltest.commands[cmd_Decrypt].activated = PR_TRUE;
     if (bltest.commands[cmd_Hash].activated)
-	bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+        bltest.commands[cmd_Encrypt].activated = PR_TRUE;
 
     inoff = outoff = 0;
     if (bltest.options[opt_InputOffset].activated)
-	inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg);
+        inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg);
     if (bltest.options[opt_OutputOffset].activated)
-	outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg);
-
-    testdir = (bltest.options[opt_SelfTestDir].activated) ? 
-                 strdup(bltest.options[opt_SelfTestDir].arg) : ".";
+        outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg);
+
+    testdir = (bltest.options[opt_SelfTestDir].activated) ? strdup(bltest.options[opt_SelfTestDir].arg)
+                                                          : ".";
 
     /*
      * Handle three simple cases first
      */
 
     /* test the RSA_PopulatePrivateKey function */
     if (bltest.commands[cmd_RSAPopulate].activated) {
-	unsigned int keySize = 1024;
-	unsigned long exponent = 65537;
-	int rounds = 1;
-	int ret = -1;
-	
-	if (bltest.options[opt_KeySize].activated) {
-	    keySize = PORT_Atoi(bltest.options[opt_KeySize].arg);
-	}
-	if (bltest.options[opt_Rounds].activated) {
-	    rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
-	}
-	if (bltest.options[opt_Exponent].activated) {
-	    exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
-	}
-
-	for (i=0; i < rounds; i++) {
-	    printf("Running RSA Populate test round %d\n",i);
-	    ret = doRSAPopulateTest(keySize,exponent);
-	    if (ret != 0) {
-		break;
-	    }
-	}
-	if (ret != 0) {
-	    fprintf(stderr,"RSA Populate test round %d: FAILED\n",i);
-	}
-	return ret;
+        unsigned int keySize = 1024;
+        unsigned long exponent = 65537;
+        int rounds = 1;
+        int ret = -1;
+
+        if (bltest.options[opt_KeySize].activated) {
+            keySize = PORT_Atoi(bltest.options[opt_KeySize].arg);
+        }
+        if (bltest.options[opt_Rounds].activated) {
+            rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
+        }
+        if (bltest.options[opt_Exponent].activated) {
+            exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+        }
+
+        for (i = 0; i < rounds; i++) {
+            printf("Running RSA Populate test round %d\n", i);
+            ret = doRSAPopulateTest(keySize, exponent);
+            if (ret != 0) {
+                break;
+            }
+        }
+        if (ret != 0) {
+            fprintf(stderr, "RSA Populate test round %d: FAILED\n", i);
+        }
+        return ret;
     }
 
     /* Do BLAPI self-test */
     if (bltest.commands[cmd_SelfTest].activated) {
-	PRBool encrypt = PR_TRUE, decrypt = PR_TRUE;
-	/* user may specified a set of ciphers to test.  parse them. */
-	bltestCipherMode modesToTest[NUMMODES];
-	int numModesToTest = 0;
-	char *tok, *str;
-	str = bltest.options[opt_Mode].arg;
-	while (str) {
-	    tok = strchr(str, ',');
-	    if (tok) *tok = '\0';
-	    modesToTest[numModesToTest++] = get_mode(str);
-	    if (tok) {
-		*tok = ',';
-		str = tok + 1;
-	    } else {
-		break;
-	    }
-	}
-	if (bltest.commands[cmd_Decrypt].activated &&
-	    !bltest.commands[cmd_Encrypt].activated)
-	    encrypt = PR_FALSE;
-	if (bltest.commands[cmd_Encrypt].activated &&
-	    !bltest.commands[cmd_Decrypt].activated)
-	    decrypt = PR_FALSE;
-	rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
-	                    encrypt, decrypt);
-	PORT_Free(cipherInfo);
-	return rv == SECSuccess ? 0 : 1;
+        PRBool encrypt = PR_TRUE, decrypt = PR_TRUE;
+        /* user may specified a set of ciphers to test.  parse them. */
+        bltestCipherMode modesToTest[NUMMODES];
+        int numModesToTest = 0;
+        char *tok, *str;
+        str = bltest.options[opt_Mode].arg;
+        while (str) {
+            tok = strchr(str, ',');
+            if (tok)
+                *tok = '\0';
+            modesToTest[numModesToTest++] = get_mode(str);
+            if (tok) {
+                *tok = ',';
+                str = tok + 1;
+            } else {
+                break;
+            }
+        }
+        if (bltest.commands[cmd_Decrypt].activated &&
+            !bltest.commands[cmd_Encrypt].activated)
+            encrypt = PR_FALSE;
+        if (bltest.commands[cmd_Encrypt].activated &&
+            !bltest.commands[cmd_Decrypt].activated)
+            decrypt = PR_FALSE;
+        rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
+                            encrypt, decrypt);
+        PORT_Free(cipherInfo);
+        return rv == SECSuccess ? 0 : 1;
     }
 
     /* Do FIPS self-test */
     if (bltest.commands[cmd_FIPS].activated) {
-	CK_RV ckrv = sftk_FIPSEntryOK();
-	fprintf(stdout, "CK_RV: %ld.\n", ckrv);
+        CK_RV ckrv = sftk_FIPSEntryOK();
+        fprintf(stdout, "CK_RV: %ld.\n", ckrv);
         PORT_Free(cipherInfo);
         if (ckrv == CKR_OK)
             return SECSuccess;
         return SECFailure;
     }
 
     /*
      * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify
      */
 
     if ((bltest.commands[cmd_Decrypt].activated ||
-	 bltest.commands[cmd_Verify].activated) &&
-	bltest.options[opt_BufSize].activated) {
-	fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n",
-			 progName);
+         bltest.commands[cmd_Verify].activated) &&
+        bltest.options[opt_BufSize].activated) {
+        fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n",
+                progName);
         goto print_usage;
     }
 
     if (bltest.options[opt_Mode].activated) {
-	cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg);
-	if (cipherInfo->mode == bltestINVALID) {
+        cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg);
+        if (cipherInfo->mode == bltestINVALID) {
             goto print_usage;
-	}
+        }
     } else {
-	fprintf(stderr, "%s: You must specify a cipher mode with -m.\n",
-			 progName);
+        fprintf(stderr, "%s: You must specify a cipher mode with -m.\n",
+                progName);
         goto print_usage;
     }
 
-    
     if (bltest.options[opt_Repetitions].activated &&
         bltest.options[opt_SecondsToRun].activated) {
         fprintf(stderr, "%s: Operation time should be defined in either "
-                "repetitions(-p) or seconds(-5) not both",
+                        "repetitions(-p) or seconds(-5) not both",
                 progName);
         goto print_usage;
     }
 
     if (bltest.options[opt_Repetitions].activated) {
         cipherInfo->repetitionsToPerfom =
             PORT_Atoi(bltest.options[opt_Repetitions].arg);
     } else {
@@ -3797,17 +3841,16 @@ int main(int argc, char **argv)
     }
 
     if (bltest.options[opt_SecondsToRun].activated) {
         cipherInfo->seconds = PORT_Atoi(bltest.options[opt_SecondsToRun].arg);
     } else {
         cipherInfo->seconds = 0;
     }
 
-
     if (bltest.options[opt_CXReps].activated) {
         cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg);
     } else {
         cipherInfo->cxreps = 0;
     }
 
     if (bltest.options[opt_ThreadNum].activated) {
         threads = PORT_Atoi(bltest.options[opt_ThreadNum].arg);
@@ -3819,57 +3862,59 @@ int main(int argc, char **argv)
     /* Dump a file (rsakey, dsakey, etc.) */
     if (bltest.commands[cmd_Dump].activated) {
         rv = dump_file(cipherInfo->mode, bltest.options[opt_Input].arg);
         PORT_Free(cipherInfo);
         return rv;
     }
 
     /* default input mode is binary */
-    ioMode = (bltest.options[opt_B64].activated)     ? bltestBase64Encoded :
-	     (bltest.options[opt_Hex].activated)     ? bltestHexStream :
-	     (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim :
-						       bltestBinary;
+    ioMode = (bltest.options[opt_B64].activated)
+                 ? bltestBase64Encoded
+                 : (bltest.options[opt_Hex].activated)
+                       ? bltestHexStream
+                       : (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim
+                                                                 : bltestBinary;
 
     if (bltest.options[opt_Exponent].activated)
-	exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+        exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
     else
-	exponent = 65537;
+        exponent = 65537;
 
 #ifndef NSS_DISABLE_ECC
     if (bltest.options[opt_CurveName].activated)
-	curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
+        curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
     else
-	curveName = NULL;
+        curveName = NULL;
 #endif
 
     if (bltest.commands[cmd_Verify].activated &&
         !bltest.options[opt_SigFile].activated) {
         fprintf(stderr, "%s: You must specify a signature file with -f.\n",
                 progName);
 
-print_usage:
+    print_usage:
         if (cipherInfo) {
             PORT_Free(cipherInfo);
         }
         Usage();
     }
 
     if (bltest.options[opt_MonteCarlo].activated) {
         cipherInfo->mCarlo = PR_TRUE;
     } else {
         cipherInfo->mCarlo = PR_FALSE;
     }
 
-    for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) {
-        int            keysize = 0;
-        PRFileDesc     *file = NULL, *infile;
-        bltestParams   *params;
-        char           *instr = NULL;
-        PLArenaPool    *arena;
+    for (curThrdNum = 0; curThrdNum < threads; curThrdNum++) {
+        int keysize = 0;
+        PRFileDesc *file = NULL, *infile;
+        bltestParams *params;
+        char *instr = NULL;
+        PLArenaPool *arena;
 
         if (curThrdNum > 0) {
             bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo);
             if (!newCInfo) {
                 fprintf(stderr, "%s: Can not allocate  memory.\n", progName);
                 goto exit_point;
             }
             newCInfo->mode = cipherInfo->mode;
@@ -3883,51 +3928,51 @@ print_usage:
         }
         arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
         if (!arena) {
             fprintf(stderr, "%s: Can not allocate memory.\n", progName);
             goto exit_point;
         }
         cipherInfo->arena = arena;
         params = &cipherInfo->params;
-        
+
         /* Set up an encryption key. */
         keysize = 0;
         file = NULL;
         if (is_symmkeyCipher(cipherInfo->mode) ||
-	    is_aeadCipher(cipherInfo->mode)) {
-            char *keystr = NULL;  /* if key is on command line */
+            is_aeadCipher(cipherInfo->mode)) {
+            char *keystr = NULL; /* if key is on command line */
             if (bltest.options[opt_Key].activated) {
                 if (bltest.options[opt_CmdLine].activated) {
                     keystr = bltest.options[opt_Key].arg;
                 } else {
                     file = PR_Open(bltest.options[opt_Key].arg,
                                    PR_RDONLY, 00660);
                 }
             } else {
                 if (bltest.options[opt_KeySize].activated)
                     keysize = PORT_Atoi(bltest.options[opt_KeySize].arg);
                 else
                     keysize = 8; /* use 64-bit default (DES) */
                 /* save the random key for reference */
-                file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
+                file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
             }
             params->key.mode = ioMode;
             setupIO(cipherInfo->arena, &params->key, file, keystr, keysize);
             if (file)
                 PR_Close(file);
         } else if (is_pubkeyCipher(cipherInfo->mode)) {
             if (bltest.options[opt_Key].activated) {
                 file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660);
             } else {
                 if (bltest.options[opt_KeySize].activated)
                     keysize = PORT_Atoi(bltest.options[opt_KeySize].arg);
                 else
                     keysize = 64; /* use 512-bit default */
-                file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
+                file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
             }
             params->key.mode = bltestBase64Encoded;
 #ifndef NSS_DISABLE_ECC
             pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
 #else
             pubkeyInitKey(cipherInfo, file, keysize, exponent);
 #endif
             PR_Close(file);
@@ -3948,17 +3993,17 @@ print_usage:
                 if (bltest.options[opt_CmdLine].activated) {
                     ivstr = bltest.options[opt_IV].arg;
                 } else {
                     file = PR_Open(bltest.options[opt_IV].arg,
                                    PR_RDONLY, 00660);
                 }
             } else {
                 /* save the random iv for reference */
-                file = PR_Open("tmp.iv", PR_WRONLY|PR_CREATE_FILE, 00660);
+                file = PR_Open("tmp.iv", PR_WRONLY | PR_CREATE_FILE, 00660);
             }
             memset(&skp->iv, 0, sizeof skp->iv);
             skp->iv.mode = ioMode;
             setupIO(cipherInfo->arena, &skp->iv, file, ivstr, keysize);
             if (file) {
                 PR_Close(file);
             }
         }
@@ -3981,29 +4026,29 @@ print_usage:
             }
             memset(&askp->aad, 0, sizeof askp->aad);
             askp->aad.mode = ioMode;
             setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0);
             if (file) {
                 PR_Close(file);
             }
         }
-        
+
         if (bltest.commands[cmd_Verify].activated) {
             file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
             if (is_sigCipher(cipherInfo->mode)) {
                 memset(&params->asymk.sig, 0, sizeof(bltestIO));
                 params->asymk.sig.mode = ioMode;
                 setupIO(cipherInfo->arena, &params->asymk.sig, file, NULL, 0);
             }
             if (file) {
                 PR_Close(file);
             }
         }
-        
+
         if (bltest.options[opt_PQGFile].activated) {
             file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660);
             params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded;
             setupIO(cipherInfo->arena, &params->asymk.cipherParams.dsa.pqgdata,
                     file, NULL, 0);
             if (file) {
                 PR_Close(file);
             }
@@ -4011,20 +4056,20 @@ print_usage:
 
         /* Set up the input buffer */
         if (bltest.options[opt_Input].activated) {
             if (bltest.options[opt_CmdLine].activated) {
                 instr = bltest.options[opt_Input].arg;
                 infile = NULL;
             } else {
                 /* form file name from testdir and input arg. */
-                char * filename = bltest.options[opt_Input].arg;
-                if (bltest.options[opt_SelfTestDir].activated && 
+                char *filename = bltest.options[opt_Input].arg;
+                if (bltest.options[opt_SelfTestDir].activated &&
                     testdir && filename && filename[0] != '/') {
-                    filename = PR_smprintf("%s/tests/%s/%s", testdir, 
+                    filename = PR_smprintf("%s/tests/%s/%s", testdir,
                                            mode_strings[cipherInfo->mode],
                                            filename);
                     if (!filename) {
                         fprintf(stderr, "%s: Can not allocate memory.\n",
                                 progName);
                         goto exit_point;
                     }
                     infile = PR_Open(filename, PR_RDONLY, 00660);
@@ -4035,44 +4080,44 @@ print_usage:
             }
         } else if (bltest.options[opt_BufSize].activated) {
             /* save the random plaintext for reference */
             char *tmpFName = PR_smprintf("tmp.in.%d", curThrdNum);
             if (!tmpFName) {
                 fprintf(stderr, "%s: Can not allocate memory.\n", progName);
                 goto exit_point;
             }
-            infile = PR_Open(tmpFName, PR_WRONLY|PR_CREATE_FILE, 00660);
+            infile = PR_Open(tmpFName, PR_WRONLY | PR_CREATE_FILE, 00660);
             PR_smprintf_free(tmpFName);
         } else {
             infile = PR_STDIN;
         }
         if (!infile) {
             fprintf(stderr, "%s: Failed to open input file.\n", progName);
             goto exit_point;
         }
         cipherInfo->input.mode = ioMode;
 
         /* Set up the output stream */
         if (bltest.options[opt_Output].activated) {
             /* form file name from testdir and input arg. */
-            char * filename = bltest.options[opt_Output].arg;
-            if (bltest.options[opt_SelfTestDir].activated && 
+            char *filename = bltest.options[opt_Output].arg;
+            if (bltest.options[opt_SelfTestDir].activated &&
                 testdir && filename && filename[0] != '/') {
-                filename = PR_smprintf("%s/tests/%s/%s", testdir, 
+                filename = PR_smprintf("%s/tests/%s/%s", testdir,
                                        mode_strings[cipherInfo->mode],
                                        filename);
                 if (!filename) {
                     fprintf(stderr, "%s: Can not allocate memory.\n", progName);
                     goto exit_point;
                 }
-                outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
+                outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
                 PR_smprintf_free(filename);
             } else {
-                outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660);
+                outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
             }
         } else {
             outfile = PR_STDOUT;
         }
         if (!outfile) {
             fprintf(stderr, "%s: Failed to open output file.\n", progName);
             rv = SECFailure;
             goto exit_point;
@@ -4098,55 +4143,54 @@ print_usage:
         cipherInit(cipherInfo, bltest.commands[cmd_Encrypt].activated);
         misalignBuffer(cipherInfo->arena, &cipherInfo->output, outoff);
     }
 
     if (!bltest.commands[cmd_Nonce].activated) {
         TIMESTART();
         cipherInfo = cipherInfoListHead;
         while (cipherInfo != NULL) {
-            cipherInfo->cipherThread = 
+            cipherInfo->cipherThread =
                 PR_CreateThread(PR_USER_THREAD,
-                                    ThreadExecTest,
-                                    cipherInfo,
-                                    PR_PRIORITY_NORMAL,
-                                    PR_GLOBAL_THREAD,
-                                    PR_JOINABLE_THREAD,
-                                    0);
+                                ThreadExecTest,
+                                cipherInfo,
+                                PR_PRIORITY_NORMAL,
+                                PR_GLOBAL_THREAD,
+                                PR_JOINABLE_THREAD,
+                                0);
             cipherInfo = cipherInfo->next;
-        } 
+        }
 
         cipherInfo = cipherInfoListHead;
         while (cipherInfo != NULL) {
             PR_JoinThread(cipherInfo->cipherThread);
             finishIO(&cipherInfo->output, outfile);
             cipherInfo = cipherInfo->next;
         }
         TIMEFINISH(totalTime, 1);
     }
-    
+
     cipherInfo = cipherInfoListHead;
     if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 ||
         threads > 1)
         dump_performance_info(cipherInfoListHead, totalTime,
                               bltest.commands[cmd_Encrypt].activated,
-	                      (cipherInfo->repetitions == 0));
-    
+                              (cipherInfo->repetitions == 0));
+
     rv = SECSuccess;
 
-  exit_point:
+exit_point:
     if (outfile && outfile != PR_STDOUT)
-	PR_Close(outfile);
+        PR_Close(outfile);
     cipherInfo = cipherInfoListHead;
     while (cipherInfo != NULL) {
         bltestCipherInfo *tmpInfo = cipherInfo;
 
         if (cipherInfo->arena)
             PORT_FreeArena(cipherInfo->arena, PR_TRUE);
         cipherInfo = cipherInfo->next;
         PORT_Free(tmpInfo);
     }
 
     /*NSS_Shutdown();*/
 
     return SECSuccess;
 }
-
--- a/cmd/bltest/tests/aes_gcm/hex.c
+++ b/cmd/bltest/tests/aes_gcm/hex.c
@@ -1,68 +1,78 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <stdlib.h>
 
-int tohex(int c)
+int
+tohex(int c)
 {
-   if ((c >= '0') && (c <= '9')) {
+    if ((c >= '0') && (c <= '9')) {
         return c - '0';
-   }
-   if ((c >= 'a') && (c <= 'f')) {
+    }
+    if ((c >= 'a') && (c <= 'f')) {
         return c - 'a' + 10;
-   }
-   if ((c >= 'A') && (c <= 'F')) {
+    }
+    if ((c >= 'A') && (c <= 'F')) {
         return c - 'A' + 10;
-   }
-   return 0;
+    }
+    return 0;
 }
 
-int isspace(int c)
+int
+isspace(int c)
 {
-   if (c <= ' ') return 1;
-   if (c == '\n') return 1;
-   if (c == '\t') return 1;
-   if (c == ':') return 1;
-   if (c == ';') return 1;
-   if (c == ',') return 1;
-   return 0;
+    if (c <= ' ')
+        return 1;
+    if (c == '\n')
+        return 1;
+    if (c == '\t')
+        return 1;
+    if (c == ':')
+        return 1;
+    if (c == ';')
+        return 1;
+    if (c == ',')
+        return 1;
+    return 0;
 }
 
-void verify_nibble(int nibble, int current)
+void
+verify_nibble(int nibble, int current)
 {
-   if (nibble != 0) {
-        fprintf(stderr,"count mismatch %d (nibbles=0x%x)\n",nibble,current);
+    if (nibble != 0) {
+        fprintf(stderr, "count mismatch %d (nibbles=0x%x)\n", nibble, current);
         fflush(stderr);
-   }
+    }
 }
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
-   int c;
-   int current = 0;
-   int nibble = 0;
-   int skip = 0;
+    int c;
+    int current = 0;
+    int nibble = 0;
+    int skip = 0;
 
-   if (argv[1]) {
+    if (argv[1]) {
         skip = atoi(argv[1]);
-   }
+    }
 
 #define NIBBLE_COUNT 2
-   while ((c=getchar()) != EOF) {
-      if (isspace(c)) {
-        verify_nibble(nibble,current);
-        continue;
-      }
-      if (skip) {
-        skip--;
-        continue;
-      }
-      current = current << 4 | tohex(c);
-      nibble++;
-      if (nibble == NIBBLE_COUNT) {
-        putchar(current);
-        nibble = 0;
-        current = 0;
-      }
-   }
-   return 0;
+    while ((c = getchar()) != EOF) {
+        if (isspace(c)) {
+            verify_nibble(nibble, current);
+            continue;
+        }
+        if (skip) {
+            skip--;
+            continue;
+        }
+        current = current << 4 | tohex(c);
+        nibble++;
+        if (nibble == NIBBLE_COUNT) {
+            putchar(current);
+            nibble = 0;
+            current = 0;
+        }
+    }
+    return 0;
 }
--- a/cmd/btoa/btoa.c
+++ b/cmd/btoa/btoa.c
@@ -4,196 +4,200 @@
 
 #include "plgetopt.h"
 #include "secutil.h"
 #include "nssb64.h"
 #include <errno.h>
 
 #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
 #if !defined(WIN32)
-extern int fread(char *, size_t, size_t, FILE*);
-extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
 extern int fprintf(FILE *, char *, ...);
 #endif
 #endif
 
 #if defined(WIN32)
 #include "fcntl.h"
 #include "io.h"
 #endif
 
-static PRInt32 
-output_ascii (void *arg, const char *obuf, PRInt32 size)
+static PRInt32
+output_ascii(void *arg, const char *obuf, PRInt32 size)
 {
     FILE *outFile = arg;
     int nb;
 
     nb = fwrite(obuf, 1, size, outFile);
     if (nb != size) {
-	PORT_SetError(SEC_ERROR_IO);
-	return -1;
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
     }
 
     return nb;
 }
 
 static SECStatus
 encode_file(FILE *outFile, FILE *inFile)
 {
     NSSBase64Encoder *cx;
     int nb;
     SECStatus status = SECFailure;
     unsigned char ibuf[4096];
 
     cx = NSSBase64Encoder_Create(output_ascii, outFile);
     if (!cx) {
-	return -1;
+        return -1;
     }
 
     for (;;) {
-	if (feof(inFile)) break;
-	nb = fread(ibuf, 1, sizeof(ibuf), inFile);
-	if (nb != sizeof(ibuf)) {
-	    if (nb == 0) {
-		if (ferror(inFile)) {
-		    PORT_SetError(SEC_ERROR_IO);
-		    goto loser;
-		}
-		/* eof */
-		break;
-	    }
-	}
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb != sizeof(ibuf)) {
+            if (nb == 0) {
+                if (ferror(inFile)) {
+                    PORT_SetError(SEC_ERROR_IO);
+                    goto loser;
+                }
+                /* eof */
+                break;
+            }
+        }
 
-	status = NSSBase64Encoder_Update(cx, ibuf, nb);
-	if (status != SECSuccess) goto loser;
+        status = NSSBase64Encoder_Update(cx, ibuf, nb);
+        if (status != SECSuccess)
+            goto loser;
     }
 
     status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
     if (status != SECSuccess)
-	return status;
+        return status;
 
     /*
      * Add a trailing CRLF.  Note this must be done *after* the call
      * to Destroy above (because only then are we sure all data has
      * been written out).
      */
     fwrite("\r\n", 1, 2, outFile);
     return SECSuccess;
 
-  loser:
-    (void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
+loser:
+    (void)NSSBase64Encoder_Destroy(cx, PR_TRUE);
     return status;
 }
 
-static void Usage(char *progName)
+static void
+Usage(char *progName)
 {
     fprintf(stderr,
-	    "Usage: %s [-i input] [-o output]\n",
-	    progName);
+            "Usage: %s [-i input] [-o output]\n",
+            progName);
     fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
-	    "-i input");
+            "-i input");
     fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
-	    "-o output");
+            "-o output");
     fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n",
-	    "-w suffix");
+            "-w suffix");
     fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n",
-	    "");
+            "");
     exit(-1);
 }
 
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
 {
     char *progName;
     SECStatus rv;
     FILE *inFile, *outFile;
     PLOptState *optstate;
     PLOptStatus status;
     char *suffix = NULL;
 
     inFile = 0;
     outFile = 0;
     progName = strrchr(argv[0], '/');
     if (!progName)
-	progName = strrchr(argv[0], '\\');
-    progName = progName ? progName+1 : argv[0];
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
 
     /* Parse command line arguments */
     optstate = PL_CreateOptState(argc, argv, "i:o:w:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
-	switch (optstate->option) {
-	  default:
-	    Usage(progName);
-	    break;
+        switch (optstate->option) {
+            default:
+                Usage(progName);
+                break;
 
-	  case 'i':
-	    inFile = fopen(optstate->value, "rb");
-	    if (!inFile) {
-		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
-			progName, optstate->value);
-		return -1;
-	    }
-	    break;
+            case 'i':
+                inFile = fopen(optstate->value, "rb");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
 
-	  case 'o':
-	    outFile = fopen(optstate->value, "wb");
-	    if (!outFile) {
-		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
-			progName, optstate->value);
-		return -1;
-	    }
-	    break;
-	
-	  case 'w':
-	    if (!strcmp(optstate->value, "c"))
-		suffix = strdup("CERTIFICATE");
-	    else
-		suffix = strdup(optstate->value);
-	    break;
-	}
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'w':
+                if (!strcmp(optstate->value, "c"))
+                    suffix = strdup("CERTIFICATE");
+                else
+                    suffix = strdup(optstate->value);
+                break;
+        }
     }
     if (status == PL_OPT_BAD)
-	Usage(progName);
+        Usage(progName);
     if (!inFile) {
 #if defined(WIN32)
-	/* If we're going to read binary data from stdin, we must put stdin
-	** into O_BINARY mode or else incoming \r\n's will become \n's.
-	*/
+        /* If we're going to read binary data from stdin, we must put stdin
+        ** into O_BINARY mode or else incoming \r\n's will become \n's.
+        */
 
-	int smrv = _setmode(_fileno(stdin), _O_BINARY);
-	if (smrv == -1) {
-	    fprintf(stderr,
-	    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
-	            progName);
-	    return smrv;
-	}
+        int smrv = _setmode(_fileno(stdin), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+                    progName);
+            return smrv;
+        }
 #endif
-    	inFile = stdin;
+        inFile = stdin;
     }
     if (!outFile) {
 #if defined(WIN32)
-	/* We're going to write binary data to stdout. We must put stdout
-	** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
-	*/
+        /* We're going to write binary data to stdout. We must put stdout
+        ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
+        */
 
-	int smrv = _setmode(_fileno(stdout), _O_BINARY);
-	if (smrv == -1) {
-	    fprintf(stderr,
-	    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
-	            progName);
-	    return smrv;
-	}
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+                    progName);
+            return smrv;
+        }
 #endif
-    	outFile = stdout;
+        outFile = stdout;
     }
     if (suffix) {
-	fprintf(outFile, "-----BEGIN %s-----\n", suffix);
+        fprintf(outFile, "-----BEGIN %s-----\n", suffix);
     }
     rv = encode_file(outFile, inFile);
     if (rv != SECSuccess) {
-	fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
-		progName, PORT_GetError(), errno);
-	return -1;
+        fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+                progName, PORT_GetError(), errno);
+        return -1;
     }
     if (suffix) {
-	fprintf(outFile, "-----END %s-----\n", suffix);
+        fprintf(outFile, "-----END %s-----\n", suffix);
     }
     return 0;
 }
--- a/cmd/certcgi/certcgi.c
+++ b/cmd/certcgi/certcgi.c
@@ -1,15 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* Cert-O-Matic CGI */
 
-
 #include "nspr.h"
 #include "prtypes.h"
 #include "prtime.h"
 #include "prlong.h"
 
 #include "pk11func.h"
 #include "cert.h"
 #include "cryptohi.h"
@@ -17,2148 +16,2090 @@
 #include "secder.h"
 #include "genname.h"
 #include "xconst.h"
 #include "secutil.h"
 #include "pk11pqg.h"
 #include "certxutl.h"
 #include "nss.h"
 
-
 /* #define TEST           1 */
 /* #define FILEOUT        1 */
 /* #define OFFLINE        1 */
-#define START_FIELDS   100
-#define PREFIX_LEN     6
-#define SERIAL_FILE    "../serial"
-#define DB_DIRECTORY   ".."
+#define START_FIELDS 100
+#define PREFIX_LEN 6
+#define SERIAL_FILE "../serial"
+#define DB_DIRECTORY ".."
 
 static char *progName;
 
 typedef struct PairStr Pair;
 
 struct PairStr {
     char *name;
     char *data;
 };
 
-
 char prefix[PREFIX_LEN];
 
-
 const SEC_ASN1Template CERTIA5TypeTemplate[] = {
     { SEC_ASN1_IA5_STRING }
 };
 
-
-
-SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-				 NULL, NULL};
-
+SECKEYPrivateKey *privkeys[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+                                  NULL, NULL };
 
 #ifdef notdef
 const SEC_ASN1Template CERT_GeneralNameTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
 };
 #endif
 
-
 static void
-error_out(char  *error_string)
+error_out(char *error_string)
 {
     printf("Content-type: text/plain\n\n");
     printf("%s", error_string);
     fflush(stderr);
     fflush(stdout);
     exit(1);
 }
 
 static void
 error_allocate(void)
 {
     error_out("ERROR: Unable to allocate memory");
 }
 
-
 static char *
-make_copy_string(char  *read_pos, 
-		 int   length, 
-		 char  sentinal_value)
-    /* copys string from to a new string it creates and 
+make_copy_string(char *read_pos,
+                 int length,
+                 char sentinal_value)
+/* copys string from to a new string it creates and
        returns a pointer to the new string */
 {
-    int                remaining = length;
-    char               *write_pos;
-    char               *new;
+    int remaining = length;
+    char *write_pos;
+    char *new;
 
-    new = write_pos = (char *) PORT_Alloc (length);
+    new = write_pos = (char *)PORT_Alloc(length);
     if (new == NULL) {
-	error_allocate();
+        error_allocate();
     }
     while (*read_pos != sentinal_value) {
-	if (remaining == 1) {
-	    remaining += length;
-	    length = length * 2;
-	    new = PORT_Realloc(new,length);
-	    if (new == NULL) {
-		error_allocate();
-	    }
-	    write_pos = new + length - remaining;
-	}
-	*write_pos = *read_pos;
-	++write_pos;
-	++read_pos;
-	remaining = remaining - 1;
+        if (remaining == 1) {
+            remaining += length;
+            length = length * 2;
+            new = PORT_Realloc(new, length);
+            if (new == NULL) {
+                error_allocate();
+            }
+            write_pos = new + length - remaining;
+        }
+        *write_pos = *read_pos;
+        ++write_pos;
+        ++read_pos;
+        remaining = remaining - 1;
     }
     *write_pos = '\0';
     return new;
 }
 
-
 static SECStatus
 clean_input(Pair *data)
-    /* converts the non-alphanumeric characters in a form post 
+/* converts the non-alphanumeric characters in a form post
        from hex codes back to characters */
 {
-    int           length;
-    int           hi_digit;
-    int           low_digit;
-    char          character;
-    char          *begin_pos;
-    char          *read_pos;
-    char          *write_pos;
-    PRBool        name = PR_TRUE;
+    int length;
+    int hi_digit;
+    int low_digit;
+    char character;
+    char *begin_pos;
+    char *read_pos;
+    char *write_pos;
+    PRBool name = PR_TRUE;
 
     begin_pos = data->name;
     while (begin_pos != NULL) {
-	length = strlen(begin_pos);
-	read_pos = write_pos = begin_pos;
-	while ((read_pos - begin_pos) < length) {
-	    if (*read_pos == '+') {
-		*read_pos = ' ';
-	    }
-	    if (*read_pos == '%') {
-		hi_digit = *(read_pos + 1);
-		low_digit = *(read_pos +2);
-		read_pos += 3;
-		if (isdigit(hi_digit)){
-		    hi_digit = hi_digit - '0';
-		} else {
-		    hi_digit = toupper(hi_digit);
-		    if (isxdigit(hi_digit)) {
-			hi_digit = (hi_digit - 'A') + 10;
-		    } else {
-			error_out("ERROR: Form data incorrectly formated");
-		    }
-		}
-		if (isdigit(low_digit)){
-		    low_digit = low_digit - '0';
-		} else {
-		    low_digit = toupper(low_digit);
-		    if ((low_digit >='A') && (low_digit <= 'F')) {
-			low_digit = (low_digit - 'A') + 10;
-		    } else {
-			error_out("ERROR: Form data incorrectly formated");
-		    }
-		}
-		character = (hi_digit << 4) | low_digit;
-		if (character != 10) {
-		    *write_pos = character;
-		    ++write_pos;
-		}
-	    } else {
-		*write_pos = *read_pos;
-		++write_pos;
-		++read_pos;
-	    }
-	}
-	*write_pos = '\0';
-	if (name == PR_TRUE) {
-	    begin_pos = data->data;
-	    name = PR_FALSE;
-	} else {
-	    data++;
-	    begin_pos = data->name;
-	    name = PR_TRUE;
-	}
+        length = strlen(begin_pos);
+        read_pos = write_pos = begin_pos;
+        while ((read_pos - begin_pos) < length) {
+            if (*read_pos == '+') {
+                *read_pos = ' ';
+            }
+            if (*read_pos == '%') {
+                hi_digit = *(read_pos + 1);
+                low_digit = *(read_pos + 2);
+                read_pos += 3;
+                if (isdigit(hi_digit)) {
+                    hi_digit = hi_digit - '0';
+                } else {
+                    hi_digit = toupper(hi_digit);
+                    if (isxdigit(hi_digit)) {
+                        hi_digit = (hi_digit - 'A') + 10;
+                    } else {
+                        error_out("ERROR: Form data incorrectly formated");
+                    }
+                }
+                if (isdigit(low_digit)) {
+                    low_digit = low_digit - '0';
+                } else {
+                    low_digit = toupper(low_digit);
+                    if ((low_digit >= 'A') && (low_digit <= 'F')) {
+                        low_digit = (low_digit - 'A') + 10;
+                    } else {
+                        error_out("ERROR: Form data incorrectly formated");
+                    }
+                }
+                character = (hi_digit << 4) | low_digit;
+                if (character != 10) {
+                    *write_pos = character;
+                    ++write_pos;
+                }
+            } else {
+                *write_pos = *read_pos;
+                ++write_pos;
+                ++read_pos;
+            }
+        }
+        *write_pos = '\0';
+        if (name == PR_TRUE) {
+            begin_pos = data->data;
+            name = PR_FALSE;
+        } else {
+            data++;
+            begin_pos = data->name;
+            name = PR_TRUE;
+        }
     }
     return SECSuccess;
 }
 
 static char *
-make_name(char  *new_data)
-    /* gets the next field name in the input string and returns
+make_name(char *new_data)
+/* gets the next field name in the input string and returns
        a pointer to a string containing a copy of it */
 {
-    int         length = 20;
-    char        *name;
+    int length = 20;
+    char *name;
 
     name = make_copy_string(new_data, length, '=');
     return name;
 }
-	
+
 static char *
-make_data(char  *new_data)
-    /* gets the data for the next field in the input string 
+make_data(char *new_data)
+/* gets the data for the next field in the input string
        and returns a pointer to a string containing it */
 {
-    int         length = 100;
-    char        *data;
-    char        *read_pos;
+    int length = 100;
+    char *data;
+    char *read_pos;
 
     read_pos = new_data;
     while (*(read_pos - 1) != '=') {
-	++read_pos;
+        ++read_pos;
     }
     data = make_copy_string(read_pos, length, '&');
     return data;
 }
 
-
 static Pair
-make_pair(char  *new_data)
-    /* makes a pair name/data pair from the input string */
+make_pair(char *new_data)
+/* makes a pair name/data pair from the input string */
 {
-    Pair        temp;
+    Pair temp;
 
     temp.name = make_name(new_data);
     temp.data = make_data(new_data);
     return temp;
 }
 
-
-
 static Pair *
-make_datastruct(char  *data, int len)
-    /* parses the input from the form post into a data 
+make_datastruct(char *data, int len)
+/* parses the input from the form post into a data
        structure of field name/data pairs */
 {
-    Pair              *datastruct;
-    Pair              *current;
-    char              *curr_pos;
-    int               fields = START_FIELDS;
-    int               remaining = START_FIELDS;
+    Pair *datastruct;
+    Pair *current;
+    char *curr_pos;
+    int fields = START_FIELDS;
+    int remaining = START_FIELDS;
 
     curr_pos = data;
-    datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair));
+    datastruct = current = (Pair *)PORT_Alloc(fields * sizeof(Pair));
     if (datastruct == NULL) {
-	error_allocate();
+        error_allocate();
     }
     while (curr_pos - data < len) {
-	if (remaining == 1) {
-	    remaining += fields;
-	    fields = fields * 2;
-	    datastruct = (Pair *) PORT_Realloc
-		(datastruct, fields * sizeof(Pair));
-	    if (datastruct == NULL) {
-		error_allocate();
-	    }
-	    current = datastruct + (fields - remaining);
-	}
-	*current = make_pair(curr_pos);
-	while (*curr_pos != '&') {
-	    ++curr_pos;
-	}
-	++curr_pos;
-	++current;
-	remaining = remaining - 1;
+        if (remaining == 1) {
+            remaining += fields;
+            fields = fields * 2;
+            datastruct = (Pair *)PORT_Realloc(datastruct, fields *
+                                                              sizeof(Pair));
+            if (datastruct == NULL) {
+                error_allocate();
+            }
+            current = datastruct + (fields - remaining);
+        }
+        *current = make_pair(curr_pos);
+        while (*curr_pos != '&') {
+            ++curr_pos;
+        }
+        ++curr_pos;
+        ++current;
+        remaining = remaining - 1;
     }
     current->name = NULL;
     return datastruct;
 }
 
 static char *
-return_name(Pair  *data_struct,
-	    int   n)
-    /* returns a pointer to the name of the nth 
+return_name(Pair *data_struct,
+            int n)
+/* returns a pointer to the name of the nth
        (starting from 0) item in the data structure */
 {
-    char          *name;
+    char *name;
 
     if ((data_struct + n)->name != NULL) {
-	name = (data_struct + n)->name;
-	return name;
+        name = (data_struct + n)->name;
+        return name;
     } else {
-	return NULL;
+        return NULL;
     }
 }
 
 static char *
-return_data(Pair  *data_struct,int n)
-    /* returns a pointer to the data of the nth (starting from 0) 
+return_data(Pair *data_struct, int n)
+/* returns a pointer to the data of the nth (starting from 0)
        itme in the data structure */
 {
-    char          *data;
+    char *data;
 
     data = (data_struct + n)->data;
     return data;
 }
 
-
 static char *
-add_prefix(char  *field_name)
+add_prefix(char *field_name)
 {
-    extern char  prefix[PREFIX_LEN];
-    int          i = 0;
-    char         *rv;
-    char         *write;
+    extern char prefix[PREFIX_LEN];
+    int i = 0;
+    char *rv;
+    char *write;
 
     rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1);
-    for(i = 0; i < PORT_Strlen(prefix); i++) {
-	*write = prefix[i];
-	write++;
+    for (i = 0; i < PORT_Strlen(prefix); i++) {
+        *write = prefix[i];
+        write++;
     }
     *write = '\0';
-    rv = PORT_Strcat(rv,field_name);
+    rv = PORT_Strcat(rv, field_name);
     return rv;
 }
 
-
 static char *
-find_field(Pair    *data, 
-	   char    *field_name, 
-	   PRBool  add_pre)
-    /* returns a pointer to the data of the first pair 
+find_field(Pair *data,
+           char *field_name,
+           PRBool add_pre)
+/* returns a pointer to the data of the first pair
        thats name matches the string it is passed */
 {
-    int            i = 0;
-    char           *retrieved;
-    int            found = 0;
+    int i = 0;
+    char *retrieved;
+    int found = 0;
 
     if (add_pre) {
-	field_name = add_prefix(field_name);
+        field_name = add_prefix(field_name);
     }
-    while(return_name(data, i) != NULL) {
-	if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
-	    retrieved = return_data(data, i);
-	    found = 1;
-	    break;
-	}
-	i++;
+    while (return_name(data, i) != NULL) {
+        if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+            retrieved = return_data(data, i);
+            found = 1;
+            break;
+        }
+        i++;
     }
     if (!found) {
-	retrieved = NULL;
+        retrieved = NULL;
     }
     return retrieved;
 }
 
 static PRBool
-find_field_bool(Pair    *data, 
-		char    *fieldname, 
-		PRBool  add_pre)
+find_field_bool(Pair *data,
+                char *fieldname,
+                PRBool add_pre)
 {
-    char                *rv;
+    char *rv;
 
     rv = find_field(data, fieldname, add_pre);
-	
-    if  ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
-	return PR_TRUE;
+
+    if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
+        return PR_TRUE;
     } else {
-	return PR_FALSE;
+        return PR_FALSE;
     }
 }
 
 static CERTCertificateRequest *
-makeCertReq(Pair             *form_data,
-	    int              which_priv_key)
-    /* makes and encodes a certrequest */
+makeCertReq(Pair *form_data,
+            int which_priv_key)
+/* makes and encodes a certrequest */
 {
 
-    PK11SlotInfo             *slot;
-    CERTCertificateRequest   *certReq = NULL;
+    PK11SlotInfo *slot;
+    CERTCertificateRequest *certReq = NULL;
     CERTSubjectPublicKeyInfo *spki;
-    SECKEYPrivateKey         *privkey = NULL;
-    SECKEYPublicKey          *pubkey = NULL;
-    CERTName                 *name;
-    char                     *key;
-    extern SECKEYPrivateKey  *privkeys[9];
-    int                      keySizeInBits;
-    char                     *challenge = "foo";
-    SECStatus                rv = SECSuccess;
-    PQGParams                *pqgParams = NULL;
-    PQGVerify                *pqgVfy = NULL;
+    SECKEYPrivateKey *privkey = NULL;
+    SECKEYPublicKey *pubkey = NULL;
+    CERTName *name;
+    char *key;
+    extern SECKEYPrivateKey *privkeys[9];
+    int keySizeInBits;
+    char *challenge = "foo";
+    SECStatus rv = SECSuccess;
+    PQGParams *pqgParams = NULL;
+    PQGVerify *pqgVfy = NULL;
 
     name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE));
     if (name == NULL) {
-	error_out("ERROR: Unable to create Subject Name");
+        error_out("ERROR: Unable to create Subject Name");
     }
     key = find_field(form_data, "key", PR_TRUE);
     if (key == NULL) {
-	switch (*find_field(form_data, "keysize", PR_TRUE)) {
-	  case '0':
-	    keySizeInBits = 2048;
-	    break;
-	  case '1':
-	    keySizeInBits = 1024;
-	    break;
-	  case '2':
-	    keySizeInBits = 512;
-	    break;
-	  default:
-	    error_out("ERROR: Unsupported Key length selected");
-	}
-	if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
-	    rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
-	    if (rv != SECSuccess) {
-		error_out("ERROR: Unable to generate PQG parameters");
-	    }
-	    slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
-	    privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, 
-					   pqgParams,&pubkey, PR_FALSE, 
-					   PR_TRUE, NULL);
-	} else {
-	    privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
-	}
-	privkeys[which_priv_key] = privkey;
-	spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
+        switch (*find_field(form_data, "keysize", PR_TRUE)) {
+            case '0':
+                keySizeInBits = 2048;
+                break;
+            case '1':
+                keySizeInBits = 1024;
+                break;
+            case '2':
+                keySizeInBits = 512;
+                break;
+            default:
+                error_out("ERROR: Unsupported Key length selected");
+        }
+        if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
+            rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
+            if (rv != SECSuccess) {
+                error_out("ERROR: Unable to generate PQG parameters");
+            }
+            slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+            privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN,
+                                           pqgParams, &pubkey, PR_FALSE,
+                                           PR_TRUE, NULL);
+        } else {
+            privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
+        }
+        privkeys[which_priv_key] = privkey;
+        spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
     } else {
-	spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, 
-							    NULL);
-	if (spki == NULL) {
-	    error_out("ERROR: Unable to decode Public Key and Challenge String");
-	}
+        spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge,
+                                                            NULL);
+        if (spki == NULL) {
+            error_out("ERROR: Unable to decode Public Key and Challenge String");
+        }
     }
     certReq = CERT_CreateCertificateRequest(name, spki, NULL);
     if (certReq == NULL) {
-	error_out("ERROR: Unable to create Certificate Request");
+        error_out("ERROR: Unable to create Certificate Request");
     }
     if (pubkey != NULL) {
-	SECKEY_DestroyPublicKey(pubkey);
+        SECKEY_DestroyPublicKey(pubkey);
     }
     if (spki != NULL) {
-	SECKEY_DestroySubjectPublicKeyInfo(spki);
+        SECKEY_DestroySubjectPublicKeyInfo(spki);
     }
     if (pqgParams != NULL) {
-	PK11_PQG_DestroyParams(pqgParams);
+        PK11_PQG_DestroyParams(pqgParams);
     }
     if (pqgVfy != NULL) {
-	PK11_PQG_DestroyVerify(pqgVfy);
+        PK11_PQG_DestroyVerify(pqgVfy);
     }
     return certReq;
 }
 
-
-
 static CERTCertificate *
-MakeV1Cert(CERTCertDBHandle        *handle, 
-	   CERTCertificateRequest  *req,
-	   char                    *issuerNameStr, 
-	   PRBool                  selfsign, 
-	   int                     serialNumber,
-	   int                     warpmonths,
-	   Pair                    *data)
+MakeV1Cert(CERTCertDBHandle *handle,
+           CERTCertificateRequest *req,
+           char *issuerNameStr,
+           PRBool selfsign,
+           int serialNumber,
+           int warpmonths,
+           Pair *data)
 {
-    CERTCertificate                 *issuerCert = NULL;
-    CERTValidity                    *validity;
-    CERTCertificate                 *cert = NULL;
-    PRExplodedTime                  printableTime;
-    PRTime                          now, 
-	                            after;
-    if ( !selfsign ) {
-	issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
-	if (!issuerCert) {
-	    error_out("ERROR: Could not find issuer's certificate");
-	    return NULL;
-	}
+    CERTCertificate *issuerCert = NULL;
+    CERTValidity *validity;
+    CERTCertificate *cert = NULL;
+    PRExplodedTime printableTime;
+    PRTime now,
+        after;
+    if (!selfsign) {
+        issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+        if (!issuerCert) {
+            error_out("ERROR: Could not find issuer's certificate");
+            return NULL;
+        }
     }
     if (find_field_bool(data, "manValidity", PR_TRUE)) {
-	(void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
+        (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
     } else {
-	now = PR_Now();
+        now = PR_Now();
     }
-    PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
-    if ( warpmonths ) {
-	printableTime.tm_month += warpmonths;
-	now = PR_ImplodeTime (&printableTime);
-	PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
+    PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    if (warpmonths) {
+        printableTime.tm_month += warpmonths;
+        now = PR_ImplodeTime(&printableTime);
+        PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
     }
     if (find_field_bool(data, "manValidity", PR_TRUE)) {
-	(void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
-	PR_ExplodeTime (after, PR_GMTParameters, &printableTime);
+        (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
+        PR_ExplodeTime(after, PR_GMTParameters, &printableTime);
     } else {
-	printableTime.tm_month += 3;
-	after = PR_ImplodeTime (&printableTime);
+        printableTime.tm_month += 3;
+        after = PR_ImplodeTime(&printableTime);
     }
     /* note that the time is now in micro-second unit */
-    validity = CERT_CreateValidity (now, after);
+    validity = CERT_CreateValidity(now, after);
 
-    if ( selfsign ) {
-	cert = CERT_CreateCertificate
-	    (serialNumber,&(req->subject), validity, req);
+    if (selfsign) {
+        cert = CERT_CreateCertificate(serialNumber, &(req->subject), validity, req);
     } else {
-	cert = CERT_CreateCertificate
-	    (serialNumber,&(issuerCert->subject), validity, req);
+        cert = CERT_CreateCertificate(serialNumber, &(issuerCert->subject), validity, req);
     }
-    
+
     CERT_DestroyValidity(validity);
-    if ( issuerCert ) {
-	CERT_DestroyCertificate (issuerCert);
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
     }
-    return(cert);
+    return (cert);
 }
 
 static int
-get_serial_number(Pair  *data)
+get_serial_number(Pair *data)
 {
-    int                 serial = 0;
-    int                 error;
-    char                *filename = SERIAL_FILE;
-    char                *SN;
-    FILE                *serialFile;
-
+    int serial = 0;
+    int error;
+    char *filename = SERIAL_FILE;
+    char *SN;
+    FILE *serialFile;
 
     if (find_field_bool(data, "serial-auto", PR_TRUE)) {
-	serialFile = fopen(filename, "r");
-	if (serialFile != NULL) {
-	    size_t nread = fread(&serial, sizeof(int), 1, serialFile);
-	    if (ferror(serialFile) != 0 || nread != 1) {
-		error_out("Error: Unable to read serial number file");
-	    }
-	    if (serial == -1) {
-		serial = 21;
-	    }
-	    fclose(serialFile);
-	    ++serial;
-	    serialFile = fopen(filename,"w");
-	    if (serialFile == NULL) {
-	        error_out("ERROR: Unable to open serial number file for writing");
-	    }
-	    fwrite(&serial, sizeof(int), 1, serialFile);
-	    if (ferror(serialFile) != 0) {
-		error_out("Error: Unable to write to serial number file");
-	    }
-	} else {
-	    fclose(serialFile);
-	    serialFile = fopen(filename,"w");
-	    if (serialFile == NULL) {
-		error_out("ERROR: Unable to open serial number file");
-	    }
-	    serial = 21;
-	    fwrite(&serial, sizeof(int), 1, serialFile);
-	    if (ferror(serialFile) != 0) {
-		error_out("Error: Unable to write to serial number file");
-	    }
-	    error = ferror(serialFile);
-	    if (error != 0) {
-		error_out("ERROR: Unable to write to serial file");
-	    }
-	}
-	fclose(serialFile);
+        serialFile = fopen(filename, "r");
+        if (serialFile != NULL) {
+            size_t nread = fread(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0 || nread != 1) {
+                error_out("Error: Unable to read serial number file");
+            }
+            if (serial == -1) {
+                serial = 21;
+            }
+            fclose(serialFile);
+            ++serial;
+            serialFile = fopen(filename, "w");
+            if (serialFile == NULL) {
+                error_out("ERROR: Unable to open serial number file for writing");
+            }
+            fwrite(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0) {
+                error_out("Error: Unable to write to serial number file");
+            }
+        } else {
+            fclose(serialFile);
+            serialFile = fopen(filename, "w");
+            if (serialFile == NULL) {
+                error_out("ERROR: Unable to open serial number file");
+            }
+            serial = 21;
+            fwrite(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0) {
+                error_out("Error: Unable to write to serial number file");
+            }
+            error = ferror(serialFile);
+            if (error != 0) {
+                error_out("ERROR: Unable to write to serial file");
+            }
+        }
+        fclose(serialFile);
     } else {
-	SN = find_field(data, "serial_value", PR_TRUE);
-	while (*SN != '\0') {
-	    serial = serial * 16;
-	    if ((*SN >= 'A') && (*SN <='F')) {
-		serial += *SN - 'A' + 10; 
-	    } else {
-		if ((*SN >= 'a') && (*SN <='f')) {
-		    serial += *SN - 'a' + 10;
-		} else {
-		    serial += *SN - '0';
-		}
-	    }
-	    ++SN;
-	}
+        SN = find_field(data, "serial_value", PR_TRUE);
+        while (*SN != '\0') {
+            serial = serial * 16;
+            if ((*SN >= 'A') && (*SN <= 'F')) {
+                serial += *SN - 'A' + 10;
+            } else {
+                if ((*SN >= 'a') && (*SN <= 'f')) {
+                    serial += *SN - 'a' + 10;
+                } else {
+                    serial += *SN - '0';
+                }
+            }
+            ++SN;
+        }
     }
     return serial;
 }
-	
-
 
-typedef SECStatus (* EXTEN_VALUE_ENCODER)
-		(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
+typedef SECStatus (*EXTEN_VALUE_ENCODER)(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
 
-static SECStatus 
+static SECStatus
 EncodeAndAddExtensionValue(
-	PLArenaPool          *arena,
-	void                 *extHandle, 
-	void                 *value, 
-	PRBool 		     criticality,
-	int 		     extenType, 
-	EXTEN_VALUE_ENCODER  EncodeValueFn)
+    PLArenaPool *arena,
+    void *extHandle,
+    void *value,
+    PRBool criticality,
+    int extenType,
+    EXTEN_VALUE_ENCODER EncodeValueFn)
 {
-    SECItem                  encodedValue;
-    SECStatus                rv;
-	
+    SECItem encodedValue;
+    SECStatus rv;
 
     encodedValue.data = NULL;
     encodedValue.len = 0;
     rv = (*EncodeValueFn)(arena, value, &encodedValue);
     if (rv != SECSuccess) {
-	error_out("ERROR: Unable to encode extension value");
+        error_out("ERROR: Unable to encode extension value");
     }
-    rv = CERT_AddExtension
-	(extHandle, extenType, &encodedValue, criticality, PR_TRUE);
+    rv = CERT_AddExtension(extHandle, extenType, &encodedValue, criticality, PR_TRUE);
     return (rv);
 }
 
-
-
-static SECStatus 
-AddKeyUsage (void  *extHandle, 
-	     Pair  *data)
+static SECStatus
+AddKeyUsage(void *extHandle,
+            Pair *data)
 {
-    SECItem        bitStringValue;
-    unsigned char  keyUsage = 0x0;
+    SECItem bitStringValue;
+    unsigned char keyUsage = 0x0;
 
-    if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){
-	keyUsage |= (0x80 >> 0);
+    if (find_field_bool(data, "keyUsage-digitalSignature", PR_TRUE)) {
+        keyUsage |= (0x80 >> 0);
     }
-    if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){
-	keyUsage |= (0x80 >> 1);
+    if (find_field_bool(data, "keyUsage-nonRepudiation", PR_TRUE)) {
+        keyUsage |= (0x80 >> 1);
     }
-    if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){
-	keyUsage |= (0x80 >> 2);
+    if (find_field_bool(data, "keyUsage-keyEncipherment", PR_TRUE)) {
+        keyUsage |= (0x80 >> 2);
     }
-    if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){
-	keyUsage |= (0x80 >> 3);
+    if (find_field_bool(data, "keyUsage-dataEncipherment", PR_TRUE)) {
+        keyUsage |= (0x80 >> 3);
     }
-    if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){
-	keyUsage |= (0x80 >> 4);
+    if (find_field_bool(data, "keyUsage-keyAgreement", PR_TRUE)) {
+        keyUsage |= (0x80 >> 4);
     }
-    if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) {
-	keyUsage |= (0x80 >> 5);
+    if (find_field_bool(data, "keyUsage-keyCertSign", PR_TRUE)) {
+        keyUsage |= (0x80 >> 5);
     }
-    if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) {
-	keyUsage |= (0x80 >> 6);
+    if (find_field_bool(data, "keyUsage-cRLSign", PR_TRUE)) {
+        keyUsage |= (0x80 >> 6);
     }
 
     bitStringValue.data = &keyUsage;
     bitStringValue.len = 1;
 
-    return (CERT_EncodeAndAddBitStrExtension
-	    (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
-	     (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
-
+    return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
+                                             (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
 }
 
 static CERTOidSequence *
 CreateOidSequence(void)
 {
-  CERTOidSequence *rv = (CERTOidSequence *)NULL;
-  PLArenaPool *arena = (PLArenaPool *)NULL;
+    CERTOidSequence *rv = (CERTOidSequence *)NULL;
+    PLArenaPool *arena = (PLArenaPool *)NULL;
 
-  arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  if( (PLArenaPool *)NULL == arena ) {
-    goto loser;
-  }
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if ((PLArenaPool *)NULL == arena) {
+        goto loser;
+    }
 
-  rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
-  if( (CERTOidSequence *)NULL == rv ) {
-    goto loser;
-  }
+    rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
+    if ((CERTOidSequence *)NULL == rv) {
+        goto loser;
+    }
 
-  rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
-  if( (SECItem **)NULL == rv->oids ) {
-    goto loser;
-  }
+    rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
+    if ((SECItem **)NULL == rv->oids) {
+        goto loser;
+    }
 
-  rv->arena = arena;
-  return rv;
+    rv->arena = arena;
+    return rv;
 
- loser:
-  if( (PLArenaPool *)NULL != arena ) {
-    PORT_FreeArena(arena, PR_FALSE);
-  }
+loser:
+    if ((PLArenaPool *)NULL != arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
 
-  return (CERTOidSequence *)NULL;
+    return (CERTOidSequence *)NULL;
 }
 
 static SECStatus
 AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
 {
-  SECItem **oids;
-  PRUint32 count = 0;
-  SECOidData *od;
-
-  od = SECOID_FindOIDByTag(oidTag);
-  if( (SECOidData *)NULL == od ) {
-    return SECFailure;
-  }
-
-  for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) {
-    count++;
-  }
+    SECItem **oids;
+    PRUint32 count = 0;
+    SECOidData *od;
 
-  /* ArenaZRealloc */
-
-  {
-    PRUint32 i;
+    od = SECOID_FindOIDByTag(oidTag);
+    if ((SECOidData *)NULL == od) {
+        return SECFailure;
+    }
 
-    oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2));
-    if( (SECItem **)NULL == oids ) {
-      return SECFailure;
-    }
-    
-    for( i = 0; i < count; i++ ) {
-      oids[i] = os->oids[i];
+    for (oids = os->oids; (SECItem *)NULL != *oids; oids++) {
+        count++;
     }
 
-    /* ArenaZFree(os->oids); */
-  }
+    /* ArenaZRealloc */
+
+    {
+        PRUint32 i;
+
+        oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count + 2));
+        if ((SECItem **)NULL == oids) {
+            return SECFailure;
+        }
 
-  os->oids = oids;
-  os->oids[count] = &od->oid;
+        for (i = 0; i < count; i++) {
+            oids[i] = os->oids[i];
+        }
 
-  return SECSuccess;
+        /* ArenaZFree(os->oids); */
+    }
+
+    os->oids = oids;
+    os->oids[count] = &od->oid;
+
+    return SECSuccess;
 }
 
 static SECItem *
 EncodeOidSequence(CERTOidSequence *os)
 {
-  SECItem *rv;
-  extern const SEC_ASN1Template CERT_OidSeqTemplate[];
+    SECItem *rv;
+    extern const SEC_ASN1Template CERT_OidSeqTemplate[];
 
-  rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
-  if( (SECItem *)NULL == rv ) {
-    goto loser;
-  }
+    rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
+    if ((SECItem *)NULL == rv) {
+        goto loser;
+    }
 
-  if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) {
-    goto loser;
-  }
+    if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) {
+        goto loser;
+    }
 
-  return rv;
+    return rv;
 
- loser:
-  return (SECItem *)NULL;
+loser:
+    return (SECItem *)NULL;
 }
 
 static SECStatus
 AddExtKeyUsage(void *extHandle, Pair *data)
 {
-  SECStatus rv;
-  CERTOidSequence *os;
-  SECItem *value;
-  PRBool crit;
+    SECStatus rv;
+    CERTOidSequence *os;
+    SECItem *value;
+    PRBool crit;
 
-  os = CreateOidSequence();
-  if( (CERTOidSequence *)NULL == os ) {
-    return SECFailure;
-  }
+    os = CreateOidSequence();
+    if ((CERTOidSequence *)NULL == os) {
+        return SECFailure;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
-    if( SECSuccess != rv ) goto loser;
-  }
-
-  if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
-    if( SECSuccess != rv ) goto loser;
-  }
+    if (find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) {
-    rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
-    if( SECSuccess != rv ) goto loser;
-  }
-
-  value = EncodeOidSequence(os);
+    if (find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
+        if (SECSuccess != rv)
+            goto loser;
+    }
 
-  crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
+    if (find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    value = EncodeOidSequence(os);
 
-  rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
-                         crit, PR_TRUE);
-  /*FALLTHROUGH*/
- loser:
-  CERT_DestroyOidSequence(os);
-  return rv;
+    crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
+
+    rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
+                           crit, PR_TRUE);
+/*FALLTHROUGH*/
+loser:
+    CERT_DestroyOidSequence(os);
+    return rv;
 }
 
 static SECStatus
-AddSubKeyID(void             *extHandle, 
-	    Pair             *data, 
-	    CERTCertificate  *subjectCert)
+AddSubKeyID(void *extHandle,
+            Pair *data,
+            CERTCertificate *subjectCert)
 {
-    SECItem                  encodedValue;
-    SECStatus                rv;
-    char                     *read;
-    char                     *write;
-    char                     *first;
-    char                     character;
-    int                      high_digit = 0,
-	                     low_digit = 0;
-    int                      len;
-    PRBool                   odd = PR_FALSE;
-
+    SECItem encodedValue;
+    SECStatus rv;
+    char *read;
+    char *write;
+    char *first;
+    char character;
+    int high_digit = 0,
+        low_digit = 0;
+    int len;
+    PRBool odd = PR_FALSE;
 
     encodedValue.data = NULL;
     encodedValue.len = 0;
-    first = read = write = find_field(data,"subjectKeyIdentifier-text", 
-				      PR_TRUE);
+    first = read = write = find_field(data, "subjectKeyIdentifier-text",
+                                      PR_TRUE);
     len = PORT_Strlen(first);
-    odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE;
+    odd = ((len % 2) != 0) ? PR_TRUE : PR_FALSE;
     if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) {
-	if (odd) {
-	    error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
-	}
-	while (*read != '\0') {
-	    if (!isxdigit(*read)) {
-		error_out("ERROR: Improperly formated subject key identifier");
-	    }
-	    *read = toupper(*read);
-	    if ((*read >= 'A') && (*read <= 'F')) {
-		high_digit = *read - 'A' + 10;
-	    }  else {
-		high_digit = *read - '0';
-	    }
-	    ++read;
-	    if (!isxdigit(*read)) {
-		error_out("ERROR: Improperly formated subject key identifier");
-	    }
-	    *read = toupper(*read);
-	    if ((*read >= 'A') && (*read <= 'F')) {
-		low_digit = *(read) - 'A' + 10;
-	    } else {
-		low_digit = *(read) - '0';
-	    }
-	    character = (high_digit << 4) | low_digit;
-	    *write = character;
-	    ++write;
-	    ++read;
-	}
-	*write = '\0';
-	len = write - first;
+        if (odd) {
+            error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
+        }
+        while (*read != '\0') {
+            if (!isxdigit(*read)) {
+                error_out("ERROR: Improperly formated subject key identifier");
+            }
+            *read = toupper(*read);
+            if ((*read >= 'A') && (*read <= 'F')) {
+                high_digit = *read - 'A' + 10;
+            } else {
+                high_digit = *read - '0';
+            }
+            ++read;
+            if (!isxdigit(*read)) {
+                error_out("ERROR: Improperly formated subject key identifier");
+            }
+            *read = toupper(*read);
+            if ((*read >= 'A') && (*read <= 'F')) {
+                low_digit = *(read) - 'A' + 10;
+            } else {
+                low_digit = *(read) - '0';
+            }
+            character = (high_digit << 4) | low_digit;
+            *write = character;
+            ++write;
+            ++read;
+        }
+        *write = '\0';
+        len = write - first;
     }
-    subjectCert->subjectKeyID.data = (unsigned char *) find_field
-	(data,"subjectKeyIdentifier-text", PR_TRUE);
+    subjectCert->subjectKeyID.data = (unsigned char *)find_field(data, "subjectKeyIdentifier-text", PR_TRUE);
     subjectCert->subjectKeyID.len = len;
-    rv = CERT_EncodeSubjectKeyID
-	(NULL, &subjectCert->subjectKeyID, &encodedValue);
+    rv = CERT_EncodeSubjectKeyID(NULL, &subjectCert->subjectKeyID, &encodedValue);
     if (rv) {
-	return (rv);
+        return (rv);
     }
-    return (CERT_AddExtension(extHandle,  SEC_OID_X509_SUBJECT_KEY_ID, 
-			      &encodedValue, PR_FALSE, PR_TRUE));
+    return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
+                              &encodedValue, PR_FALSE, PR_TRUE));
 }
 
-
-static SECStatus 
-AddAuthKeyID (void              *extHandle,
-	      Pair              *data, 
-	      char              *issuerNameStr, 
-	      CERTCertDBHandle  *handle)
+static SECStatus
+AddAuthKeyID(void *extHandle,
+             Pair *data,
+             char *issuerNameStr,
+             CERTCertDBHandle *handle)
 {
-    CERTAuthKeyID               *authKeyID = NULL;    
-    PLArenaPool                 *arena = NULL;
-    SECStatus                   rv = SECSuccess;
-    CERTCertificate             *issuerCert = NULL;
-    CERTGeneralName             *genNames;
-    CERTName                    *directoryName = NULL;
-
+    CERTAuthKeyID *authKeyID = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CERTCertificate *issuerCert = NULL;
+    CERTGeneralName *genNames;
+    CERTName *directoryName = NULL;
 
     issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if ( !arena ) {
-	error_allocate();
+    if (!arena) {
+        error_allocate();
     }
 
-    authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID));
+    authKeyID = PORT_ArenaZAlloc(arena, sizeof(CERTAuthKeyID));
     if (authKeyID == NULL) {
-	error_allocate();
+        error_allocate();
     }
-    if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", 
-			PR_TRUE)) {
-	authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen 
-				       ((char *)issuerCert->subjectKeyID.data));
-	if (authKeyID->keyID.data == NULL) {
-	    error_allocate();
-	}
-	PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data, 
-		     authKeyID->keyID.len = 
-		        PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+    if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier",
+                        PR_TRUE)) {
+        authKeyID->keyID.data = PORT_ArenaAlloc(arena, PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+        if (authKeyID->keyID.data == NULL) {
+            error_allocate();
+        }
+        PORT_Memcpy(authKeyID->keyID.data, issuerCert->subjectKeyID.data,
+                    authKeyID->keyID.len =
+                        PORT_Strlen((char *)issuerCert->subjectKeyID.data));
     } else {
-	
-	PORT_Assert (arena);
-	genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName)));
-	if (genNames == NULL){
-	    error_allocate();
-	}
-	genNames->l.next = genNames->l.prev = &(genNames->l);
-	genNames->type = certDirectoryName;
+
+        PORT_Assert(arena);
+        genNames = (CERTGeneralName *)PORT_ArenaZAlloc(arena, (sizeof(CERTGeneralName)));
+        if (genNames == NULL) {
+            error_allocate();
+        }
+        genNames->l.next = genNames->l.prev = &(genNames->l);
+        genNames->type = certDirectoryName;
 
-	directoryName = CERT_AsciiToName(issuerCert->subjectName);
-	if (!directoryName) {
-	    error_out("ERROR: Unable to create Directory Name");
-	}
-	rv = CERT_CopyName (arena, &genNames->name.directoryName, 
-			    directoryName);
-        CERT_DestroyName (directoryName);
-	if (rv != SECSuccess) {
-	    error_out("ERROR: Unable to copy Directory Name");
-	}
-	authKeyID->authCertIssuer = genNames;
-	if (authKeyID->authCertIssuer == NULL && SECFailure == 
-	                                            PORT_GetError ()) {
-	    error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
-	}
-	authKeyID->authCertSerialNumber = issuerCert->serialNumber;
+        directoryName = CERT_AsciiToName(issuerCert->subjectName);
+        if (!directoryName) {
+            error_out("ERROR: Unable to create Directory Name");
+        }
+        rv = CERT_CopyName(arena, &genNames->name.directoryName,
+                           directoryName);
+        CERT_DestroyName(directoryName);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to copy Directory Name");
+        }
+        authKeyID->authCertIssuer = genNames;
+        if (authKeyID->authCertIssuer == NULL && SECFailure ==
+                                                     PORT_GetError()) {
+            error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
+        }
+        authKeyID->authCertSerialNumber = issuerCert->serialNumber;
     }
-    rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, 
-				    SEC_OID_X509_AUTH_KEY_ID, 
-				    (EXTEN_VALUE_ENCODER)
-				    CERT_EncodeAuthKeyID);
+    rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
+                                    SEC_OID_X509_AUTH_KEY_ID,
+                                    (EXTEN_VALUE_ENCODER)
+                                        CERT_EncodeAuthKeyID);
     if (arena) {
-	PORT_FreeArena (arena, PR_FALSE);
+        PORT_FreeArena(arena, PR_FALSE);
     }
     return (rv);
 }
 
-
-static SECStatus 
-AddPrivKeyUsagePeriod(void             *extHandle, 
-		      Pair             *data, 
-		      CERTCertificate  *cert)
+static SECStatus
+AddPrivKeyUsagePeriod(void *extHandle,
+                      Pair *data,
+                      CERTCertificate *cert)
 {
     char *notBeforeStr;
     char *notAfterStr;
     PLArenaPool *arena = NULL;
     SECStatus rv = SECSuccess;
     CERTPrivKeyUsagePeriod *pkup;
 
-
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if ( !arena ) {
-	error_allocate();
+    if (!arena) {
+        error_allocate();
     }
-    pkup = PORT_ArenaZNew (arena, CERTPrivKeyUsagePeriod);
+    pkup = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
     if (pkup == NULL) {
-	error_allocate();
+        error_allocate();
     }
-    notBeforeStr = (char *) PORT_Alloc(16 );
-    notAfterStr = (char *) PORT_Alloc(16 );
+    notBeforeStr = (char *)PORT_Alloc(16);
+    notAfterStr = (char *)PORT_Alloc(16);
     *notBeforeStr = '\0';
     *notAfterStr = '\0';
     pkup->arena = arena;
     pkup->notBefore.len = 0;
     pkup->notBefore.data = NULL;
     pkup->notAfter.len = 0;
     pkup->notAfter.data = NULL;
     if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) ||
-	find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
-	pkup->notBefore.len = 15;
-	pkup->notBefore.data = (unsigned char *)notBeforeStr;
-	if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", 
-			    PR_TRUE)) {
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					   "privKeyUsagePeriod-notBefore-year",
-					   PR_TRUE));
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					   "privKeyUsagePeriod-notBefore-month",
-					   PR_TRUE));
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					   "privKeyUsagePeriod-notBefore-day",
-					   PR_TRUE));
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					   "privKeyUsagePeriod-notBefore-hour",
-					   PR_TRUE));
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					  "privKeyUsagePeriod-notBefore-minute",
-					   PR_TRUE));
-	    PORT_Strcat(notBeforeStr,find_field(data,
-					  "privKeyUsagePeriod-notBefore-second",
-					   PR_TRUE));
-	    if ((*(notBeforeStr + 14) != '\0') ||
-		(!isdigit(*(notBeforeStr + 13))) ||
-		(*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
-		(!isdigit(*(notBeforeStr + 11))) ||
-		(*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
-		(!isdigit(*(notBeforeStr + 9))) ||
-		(*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
-		(!isdigit(*(notBeforeStr + 7))) ||
-		(*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
-		(!isdigit(*(notBeforeStr + 5))) ||
-		(*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
-		(!isdigit(*(notBeforeStr + 3))) ||
-		(!isdigit(*(notBeforeStr + 2))) ||
-		(!isdigit(*(notBeforeStr + 1))) ||
-		(!isdigit(*(notBeforeStr + 0))) ||
-		(*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
-		(*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
-		(*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
-		error_out("ERROR: Improperly formated private key usage period");
-	    }
-	    *(notBeforeStr + 14) = 'Z';
-	    *(notBeforeStr + 15) = '\0';
-	} else {
-	    if ((*(cert->validity.notBefore.data) > '5') || 
-		((*(cert->validity.notBefore.data) == '5') &&
-		 (*(cert->validity.notBefore.data + 1) != '0'))) {
-		PORT_Strcat(notBeforeStr, "19");
-	    } else {
-		PORT_Strcat(notBeforeStr, "20");
-	    }
-	    PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
-	}
+        find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+        pkup->notBefore.len = 15;
+        pkup->notBefore.data = (unsigned char *)notBeforeStr;
+        if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual",
+                            PR_TRUE)) {
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-year",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-month",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-day",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-hour",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-minute",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-second",
+                                                 PR_TRUE));
+            if ((*(notBeforeStr + 14) != '\0') ||
+                (!isdigit(*(notBeforeStr + 13))) ||
+                (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
+                (!isdigit(*(notBeforeStr + 11))) ||
+                (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
+                (!isdigit(*(notBeforeStr + 9))) ||
+                (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
+                (!isdigit(*(notBeforeStr + 7))) ||
+                (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
+                (!isdigit(*(notBeforeStr + 5))) ||
+                (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
+                (!isdigit(*(notBeforeStr + 3))) ||
+                (!isdigit(*(notBeforeStr + 2))) ||
+                (!isdigit(*(notBeforeStr + 1))) ||
+                (!isdigit(*(notBeforeStr + 0))) ||
+                (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
+                (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
+                (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
+                error_out("ERROR: Improperly formated private key usage period");
+            }
+            *(notBeforeStr + 14) = 'Z';
+            *(notBeforeStr + 15) = '\0';
+        } else {
+            if ((*(cert->validity.notBefore.data) > '5') ||
+                ((*(cert->validity.notBefore.data) == '5') &&
+                 (*(cert->validity.notBefore.data + 1) != '0'))) {
+                PORT_Strcat(notBeforeStr, "19");
+            } else {
+                PORT_Strcat(notBeforeStr, "20");
+            }
+            PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
+        }
     }
     if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) ||
-	find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
-	pkup->notAfter.len = 15;
-	pkup->notAfter.data = (unsigned char *)notAfterStr;
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year", 
-				      PR_TRUE));
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month",
-				      PR_TRUE));
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day", 
-				      PR_TRUE));
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour", 
-				      PR_TRUE));
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute",
-				      PR_TRUE));
-	PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second",
-				      PR_TRUE));
-	if ((*(notAfterStr + 14) != '\0') ||
-	    (!isdigit(*(notAfterStr + 13))) ||
-	    (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
-	    (!isdigit(*(notAfterStr + 11))) ||
-	    (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
-	    (!isdigit(*(notAfterStr + 9))) ||
-	    (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
-	    (!isdigit(*(notAfterStr + 7))) ||
-	    (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
-	    (!isdigit(*(notAfterStr + 5))) ||
-	    (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
-	    (!isdigit(*(notAfterStr + 3))) ||
-	    (!isdigit(*(notAfterStr + 2))) ||
-	    (!isdigit(*(notAfterStr + 1))) ||
-	    (!isdigit(*(notAfterStr + 0))) ||
-	    (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
-	    (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
-	    (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
-	    error_out("ERROR: Improperly formated private key usage period");
-	}
-	*(notAfterStr + 14) = 'Z';
-	*(notAfterStr + 15) = '\0';
+        find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+        pkup->notAfter.len = 15;
+        pkup->notAfter.data = (unsigned char *)notAfterStr;
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-year",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-month",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-day",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-hour",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-minute",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-second",
+                                            PR_TRUE));
+        if ((*(notAfterStr + 14) != '\0') ||
+            (!isdigit(*(notAfterStr + 13))) ||
+            (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
+            (!isdigit(*(notAfterStr + 11))) ||
+            (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
+            (!isdigit(*(notAfterStr + 9))) ||
+            (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
+            (!isdigit(*(notAfterStr + 7))) ||
+            (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
+            (!isdigit(*(notAfterStr + 5))) ||
+            (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
+            (!isdigit(*(notAfterStr + 3))) ||
+            (!isdigit(*(notAfterStr + 2))) ||
+            (!isdigit(*(notAfterStr + 1))) ||
+            (!isdigit(*(notAfterStr + 0))) ||
+            (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
+            (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
+            (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
+            error_out("ERROR: Improperly formated private key usage period");
+        }
+        *(notAfterStr + 14) = 'Z';
+        *(notAfterStr + 15) = '\0';
     }