KNF.

I just spent too long chasing a bug in here and really should have done
this first. Gem of the day... is it an if test or a for loop? No, it is a
super ifloop!

if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {

11 files changed, 1563 insertions, 1606 deletions

diff --git a/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/lib/libssl/src/crypto/pkcs7/bio_pk7.c
index 3d9eba97139..0e4a4f7559d 100644
--- a/lib/libssl/src/crypto/pkcs7/bio_pk7.c
+++ b/lib/libssl/src/crypto/pkcs7/bio_pk7.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_pk7.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: bio_pk7.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,7 +59,8 @@
 #include <stdio.h>
 
 /* Streaming encode support for PKCS#7 */
-BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 
+BIO *
+BIO_new_PKCS7(BIO *out, PKCS7 *p7)
 {
 	return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
 }
diff --git a/lib/libssl/src/crypto/pkcs7/example.c b/lib/libssl/src/crypto/pkcs7/example.c
index 611c27b1134..2dc1b655b18 100644
--- a/lib/libssl/src/crypto/pkcs7/example.c
+++ b/lib/libssl/src/crypto/pkcs7/example.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: example.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: example.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -6,325 +6,335 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
 
-int add_signed_time(PKCS7_SIGNER_INFO *si)
-	{
+int
+add_signed_time(PKCS7_SIGNER_INFO *si)
+{
 	ASN1_UTCTIME *sign_time;
 
 	/* The last parameter is the amount to add/subtract from the current
 	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(1);
-	}
-
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
-	{
+	sign_time = X509_gmtime_adj(NULL, 0);
+	PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+	    V_ASN1_UTCTIME, (char *)sign_time);
+	return (1);
+}
+
+ASN1_UTCTIME *
+get_signed_time(PKCS7_SIGNER_INFO *si)
+{
 	ASN1_TYPE *so;
 
-	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+	so = PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
+		return so->value.utctime;
 	return NULL;
-	}
-	
-static int signed_string_nid= -1;
+}
 
-void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
-	{
+static int signed_string_nid = -1;
+
+void
+add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+{
 	ASN1_OCTET_STRING *os;
 
 	/* To a an object of OID 1.2.3.4.5, which is an octet string */
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
 	/* When we add, we do not free */
-	PKCS7_add_signed_attribute(si,signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	}
+	PKCS7_add_signed_attribute(si, signed_string_nid,
+	    V_ASN1_OCTET_STRING, (char *)os);
+}
 
-int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
-	{
+int
+get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
 	int i;
 
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
+	so = PKCS7_get_signed_attribute(si, signed_string_nid);
+	if (so != NULL) {
+		if (so->type == V_ASN1_OCTET_STRING) {
+			os = so->value.octet_string;
+			i = os->length;
+			if ((i + 1) > len)
+				i = len - 1;
+			memcpy(buf, os->data, i);
+			return (i);
 		}
-	return(0);
 	}
+	return (0);
+}
 
-static int signed_seq2string_nid= -1;
+static int signed_seq2string_nid = -1;
 /* ########################################### */
-int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
+int
+add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
 	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_OCTET_STRING *os1, *os2;
 	ASN1_STRING *seq;
 	unsigned char *data;
-	int i,total;
+	int i, total;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1 = ASN1_OCTET_STRING_new();
+	os2 = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
+	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
+	i = i2d_ASN1_OCTET_STRING(os1, NULL);
+	i += i2d_ASN1_OCTET_STRING(os2, NULL);
+	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+
+	data = malloc(total);
+	p = data;
+	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1, &p);
+	i2d_ASN1_OCTET_STRING(os2, &p);
+
+	seq = ASN1_STRING_new();
+	ASN1_STRING_set(seq, data, total);
 	free(data);
 	ASN1_OCTET_STRING_free(os1);
 	ASN1_OCTET_STRING_free(os2);
 
-	PKCS7_add_signed_attribute(si,signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(1);
-	}
+	PKCS7_add_signed_attribute(si, signed_seq2string_nid,
+	    V_ASN1_SEQUENCE, (char *)seq);
+	return (1);
+}
 
 /* For this case, I will malloc the return strings */
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
-	{
+int
+get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+{
 	ASN1_TYPE *so;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
-	if (so && (so->type == V_ASN1_SEQUENCE))
-		{
+	so = PKCS7_get_signed_attribute(si, signed_seq2string_nid);
+	if (so && (so->type == V_ASN1_SEQUENCE)) {
 		ASN1_const_CTX c;
 		ASN1_STRING *s;
 		long length;
-		ASN1_OCTET_STRING *os1,*os2;
+		ASN1_OCTET_STRING *os1, *os2;
 
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
+		s = so->value.sequence;
+		c.p = ASN1_STRING_data(s);
+		c.max = c.p + ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c, &length))
+			goto err;
 		/* Length is the length of the seqence */
 
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
+		if (!asn1_const_Finish(&c))
+			goto err;
+		*str1 = malloc(os1->length + 1);
+		*str2 = malloc(os2->length + 1);
+		memcpy(*str1, os1->data, os1->length);
+		memcpy(*str2, os2->data, os2->length);
 		(*str1)[os1->length]='\0';
 		(*str2)[os2->length]='\0';
 		ASN1_OCTET_STRING_free(os1);
 		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
+		return (1);
 	}
+err:
+	return (0);
+}
 
 
 /* #######################################
  * THE OTHER WAY TO DO THINGS
  * #######################################
  */
-X509_ATTRIBUTE *create_time(void)
-	{
+X509_ATTRIBUTE *
+create_time(void)
+{
 	ASN1_UTCTIME *sign_time;
 	X509_ATTRIBUTE *ret;
 
 	/* The last parameter is the amount to add/subtract from the current
 	 * time (in seconds) */
-	sign_time=X509_gmtime_adj(NULL,0);
-	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
-		V_ASN1_UTCTIME,(char *)sign_time);
-	return(ret);
-	}
-
-ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
-	{
+	sign_time = X509_gmtime_adj(NULL, 0);
+	ret = X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+	    V_ASN1_UTCTIME, (char *)sign_time);
+	return (ret);
+}
+
+ASN1_UTCTIME *
+sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+{
 	ASN1_TYPE *so;
 	PKCS7_SIGNER_INFO si;
 
-	si.auth_attr=sk;
-	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+	si.auth_attr = sk;
+	so = PKCS7_get_signed_attribute(&si, NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-	    return so->value.utctime;
+		return so->value.utctime;
 	return NULL;
-	}
-	
-X509_ATTRIBUTE *create_string(char *str)
-	{
+}
+
+X509_ATTRIBUTE *
+create_string(char *str)
+{
 	ASN1_OCTET_STRING *os;
 	X509_ATTRIBUTE *ret;
 
 	/* To a an object of OID 1.2.3.4.5, which is an octet string */
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
-	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
 	/* When we add, we do not free */
-	ret=X509_ATTRIBUTE_create(signed_string_nid,
-		V_ASN1_OCTET_STRING,(char *)os);
-	return(ret);
-	}
-
-int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
-	{
+	ret = X509_ATTRIBUTE_create(signed_string_nid,
+	    V_ASN1_OCTET_STRING, (char *)os);
+	return (ret);
+}
+
+int
+sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
 	int i;
 	PKCS7_SIGNER_INFO si;
 
-	si.auth_attr=sk;
+	si.auth_attr = sk;
 
 	if (signed_string_nid == -1)
-		signed_string_nid=
-			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+		signed_string_nid =
+		    OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_string_nid);
-	if (so != NULL)
-		{
-		if (so->type == V_ASN1_OCTET_STRING)
-			{
-			os=so->value.octet_string;
-			i=os->length;
-			if ((i+1) > len)
-				i=len-1;
-			memcpy(buf,os->data,i);
-			return(i);
-			}
+	so = PKCS7_get_signed_attribute(&si, signed_string_nid);
+	if (so != NULL) {
+		if (so->type == V_ASN1_OCTET_STRING) {
+			os = so->value.octet_string;
+			i = os->length;
+			if ((i + 1) > len)
+				i = len - 1;
+			memcpy(buf, os->data, i);
+			return (i);
 		}
-	return(0);
 	}
+	return (0);
+}
 
-X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
-	{
+X509_ATTRIBUTE *
+add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
 	unsigned char *p;
-	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_OCTET_STRING *os1, *os2;
 	ASN1_STRING *seq;
 	X509_ATTRIBUTE *ret;
 	unsigned char *data;
-	int i,total;
+	int i, total;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
-
-	os1=ASN1_OCTET_STRING_new();
-	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
-	i =i2d_ASN1_OCTET_STRING(os1,NULL);
-	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
-	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
-	data=malloc(total);
-	p=data;
-	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(os1,&p);
-	i2d_ASN1_OCTET_STRING(os2,&p);
-
-	seq=ASN1_STRING_new();
-	ASN1_STRING_set(seq,data,total);
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1 = ASN1_OCTET_STRING_new();
+	os2 = ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
+	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
+	i = i2d_ASN1_OCTET_STRING(os1, NULL);
+	i += i2d_ASN1_OCTET_STRING(os2, NULL);
+	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+
+	data = malloc(total);
+	p = data;
+	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1, &p);
+	i2d_ASN1_OCTET_STRING(os2, &p);
+
+	seq = ASN1_STRING_new();
+	ASN1_STRING_set(seq, data, total);
 	free(data);
 	ASN1_OCTET_STRING_free(os1);
 	ASN1_OCTET_STRING_free(os2);
 
-	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
-		V_ASN1_SEQUENCE,(char *)seq);
-	return(ret);
-	}
+	ret = X509_ATTRIBUTE_create(signed_seq2string_nid,
+	    V_ASN1_SEQUENCE, (char *)seq);
+	return (ret);
+}
 
 /* For this case, I will malloc the return strings */
-int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
-	{
+int
+sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+{
 	ASN1_TYPE *so;
 	PKCS7_SIGNER_INFO si;
 
 	if (signed_seq2string_nid == -1)
-		signed_seq2string_nid=
-			OBJ_create("1.9.9999","OID_example","Our example OID");
+		signed_seq2string_nid =
+		    OBJ_create("1.9.9999","OID_example","Our example OID");
 
-	si.auth_attr=sk;
+	si.auth_attr = sk;
 	/* To retrieve */
-	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
-	if (so->type == V_ASN1_SEQUENCE)
-		{
+	so = PKCS7_get_signed_attribute(&si, signed_seq2string_nid);
+	if (so->type == V_ASN1_SEQUENCE) {
 		ASN1_const_CTX c;
 		ASN1_STRING *s;
 		long length;
-		ASN1_OCTET_STRING *os1,*os2;
+		ASN1_OCTET_STRING *os1, *os2;
 
-		s=so->value.sequence;
-		c.p=ASN1_STRING_data(s);
-		c.max=c.p+ASN1_STRING_length(s);
-		if (!asn1_GetSequence(&c,&length)) goto err;
+		s = so->value.sequence;
+		c.p = ASN1_STRING_data(s);
+		c.max = c.p + ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c, &length))
+			goto err;
 		/* Length is the length of the seqence */
 
-		c.q=c.p;
-		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		c.q=c.p;
-		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+		c.q = c.p;
+		if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
 			goto err;
-		c.slen-=(c.p-c.q);
+		c.slen -= (c.p - c.q);
 
-		if (!asn1_const_Finish(&c)) goto err;
-		*str1=malloc(os1->length+1);
-		*str2=malloc(os2->length+1);
-		memcpy(*str1,os1->data,os1->length);
-		memcpy(*str2,os2->data,os2->length);
+		if (!asn1_const_Finish(&c))
+			goto err;
+		*str1 = malloc(os1->length + 1);
+		*str2 = malloc(os2->length + 1);
+		memcpy(*str1, os1->data, os1->length);
+		memcpy(*str2, os2->data, os2->length);
 		(*str1)[os1->length]='\0';
 		(*str2)[os2->length]='\0';
 		ASN1_OCTET_STRING_free(os1);
 		ASN1_OCTET_STRING_free(os2);
-		return(1);
-		}
-err:
-	return(0);
+		return (1);
 	}
+err:
+	return (0);
+}
 
 
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
index e3a5b53d753..8be54475187 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_asn1.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_asn1.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,40 +69,45 @@
 ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
 
 ASN1_ADB(PKCS7) = {
-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+	ADB_ENTRY(NID_pkcs7_data,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+	ADB_ENTRY(NID_pkcs7_signed,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+	ADB_ENTRY(NID_pkcs7_enveloped,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_signedAndEnveloped,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped,
+		PKCS7_SIGN_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_digest,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+	ADB_ENTRY(NID_pkcs7_encrypted,
+	    ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
 
 /* PKCS#7 streaming support */
-static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
+static int
+pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	ASN1_STREAM_ARG *sarg = exarg;
 	PKCS7 **pp7 = (PKCS7 **)pval;
 
-	switch(operation)
-		{
-
-		case ASN1_OP_STREAM_PRE:
+	switch (operation) {
+	case ASN1_OP_STREAM_PRE:
 		if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
 			return 0;
-		case ASN1_OP_DETACHED_PRE:
+
+	case ASN1_OP_DETACHED_PRE:
 		sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
 		if (!sarg->ndef_bio)
 			return 0;
 		break;
 
-		case ASN1_OP_STREAM_POST:
-		case ASN1_OP_DETACHED_POST:
+	case ASN1_OP_STREAM_POST:
+	case ASN1_OP_DETACHED_POST:
 		if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
 			return 0;
 		break;
-
-		}
+	}
 	return 1;
 }
 
@@ -127,10 +132,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
 
 /* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
+static int
+si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
-	if(operation == ASN1_OP_FREE_POST) {
+	if (operation == ASN1_OP_FREE_POST) {
 		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
 		EVP_PKEY_free(si->pkey);
 	}
@@ -139,14 +144,16 @@ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
 	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial,
+	    PKCS7_ISSUER_AND_SERIAL),
 	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
 	/* NB this should be a SET OF but we use a SEQUENCE OF so the
 	 * original order * is retained when the structure is reencoded.
 	 * Since the attributes are implicitly tagged this will not affect
 	 * the encoding.
 	 */
-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr,
+	    X509_ATTRIBUTE, 0),
 	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
 	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
 	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
@@ -170,10 +177,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 
 /* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
+static int
+ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
-	if(operation == ASN1_OP_FREE_POST) {
+	if (operation == ASN1_OP_FREE_POST) {
 		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
 		X509_free(ri->cert);
 	}
@@ -182,7 +189,8 @@ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial,
+	    PKCS7_ISSUER_AND_SERIAL),
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
 	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
@@ -231,17 +239,18 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
  * encoding.
  */
 
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES,
+	X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
 
-/* When verifying attributes we need to use the received order. So 
+/* When verifying attributes we need to use the received order. So
  * we use SEQUENCE OF and tag it to SET OF
  */
 
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG |
+	ASN1_TFLG_UNIVERSAL, V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
 
 IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c
index f4c2fadac9b..2f4d5089f5b 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_attr.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_attr.c,v 1.8 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,21 +66,24 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
+int
+PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
 	ASN1_STRING *seq;
-	if(!(seq = ASN1_STRING_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+	if (!(seq = ASN1_STRING_new())) {
+		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,
+		    ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
-	seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data,
-				ASN1_ITEM_rptr(X509_ALGORS));
-        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
-							V_ASN1_SEQUENCE, seq);
+	seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
+	    ASN1_ITEM_rptr(X509_ALGORS));
+	return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+	    V_ASN1_SEQUENCE, seq);
 }
 
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-	{
+STACK_OF(X509_ALGOR) *
+PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
 	ASN1_TYPE *cap;
 	const unsigned char *p;
 
@@ -89,33 +92,37 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
 		return NULL;
 	p = cap->value.sequence->data;
 	return (STACK_OF(X509_ALGOR) *)
-		ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
-				ASN1_ITEM_rptr(X509_ALGORS));
-	}
+	ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
+	    ASN1_ITEM_rptr(X509_ALGORS));
+}
 
 /* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+int
+PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 {
 	X509_ALGOR *alg;
 
-	if(!(alg = X509_ALGOR_new())) {
-		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+	if (!(alg = X509_ALGOR_new())) {
+		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
 	ASN1_OBJECT_free(alg->algorithm);
 	alg->algorithm = OBJ_nid2obj (nid);
 	if (arg > 0) {
 		ASN1_INTEGER *nbit;
-		if(!(alg->parameter = ASN1_TYPE_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		if (!(alg->parameter = ASN1_TYPE_new())) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		if(!(nbit = ASN1_INTEGER_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		if (!(nbit = ASN1_INTEGER_new())) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
-		if(!ASN1_INTEGER_set (nbit, arg)) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		if (!ASN1_INTEGER_set (nbit, arg)) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
 		alg->parameter->value.integer = nbit;
@@ -125,41 +132,43 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 	return 1;
 }
 
-int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
-	{
+int
+PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+{
 	if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
 		return 0;
 	if (!coid)
 		coid = OBJ_nid2obj(NID_pkcs7_data);
 	return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-				V_ASN1_OBJECT, coid);
-	}
+	    V_ASN1_OBJECT, coid);
+}
 
-int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
-	{
-	if (!t && !(t=X509_gmtime_adj(NULL,0)))
-		{
+int
+PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+{
+	if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
 		PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
-				ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
-	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
-						V_ASN1_UTCTIME, t);
 	}
+	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+	    V_ASN1_UTCTIME, t);
+}
 
-int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
-				const unsigned char *md, int mdlen)
-	{
+int
+PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, const unsigned char *md,
+    int mdlen)
+{
 	ASN1_OCTET_STRING *os;
+
 	os = ASN1_OCTET_STRING_new();
 	if (!os)
 		return 0;
-	if (!ASN1_STRING_set(os, md, mdlen)
-		|| !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING, os))
-		{
+	if (!ASN1_STRING_set(os, md, mdlen) ||
+	    !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+	    V_ASN1_OCTET_STRING, os)) {
 		ASN1_OCTET_STRING_free(os);
 		return 0;
-		}
-	return 1;
 	}
+	return 1;
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
index 13578443bcc..225dc2fd974 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: pk7_dgst.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_dgst.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 5d85f6e1242..46f9c2b8c6c 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: pk7_doit.c,v 1.22 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,82 +65,82 @@
 #include <openssl/err.h>
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value);
+    void *value);
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
 
-static int PKCS7_type_is_other(PKCS7* p7)
-	{
-	int isOther=1;
-	
-	int nid=OBJ_obj2nid(p7->type);
+static int
+PKCS7_type_is_other(PKCS7* p7)
+{
+	int isOther = 1;
+
+	int nid = OBJ_obj2nid(p7->type);
 
-	switch( nid )
-		{
+	switch (nid ) {
 	case NID_pkcs7_data:
 	case NID_pkcs7_signed:
 	case NID_pkcs7_enveloped:
 	case NID_pkcs7_signedAndEnveloped:
 	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
-		isOther=0;
+		isOther = 0;
 		break;
 	default:
-		isOther=1;
-		}
+		isOther = 1;
+	}
 
 	return isOther;
 
-	}
+}
 
-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
-	{
-	if ( PKCS7_type_is_data(p7))
+static ASN1_OCTET_STRING *
+PKCS7_get_octet_string(PKCS7 *p7)
+{
+	if (PKCS7_type_is_data(p7))
 		return p7->d.data;
-	if ( PKCS7_type_is_other(p7) && p7->d.other
-		&& (p7->d.other->type == V_ASN1_OCTET_STRING))
+	if (PKCS7_type_is_other(p7) && p7->d.other &&
+	    (p7->d.other->type == V_ASN1_OCTET_STRING))
 		return p7->d.other->value.octet_string;
 	return NULL;
-	}
+}
 
-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
-	{
+static int
+PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
 	BIO *btmp;
 	const EVP_MD *md;
-	if ((btmp=BIO_new(BIO_f_md())) == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
+	if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
 		goto err;
-		}
+	}
 
-	md=EVP_get_digestbyobj(alg->algorithm);
-	if (md == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+	md = EVP_get_digestbyobj(alg->algorithm);
+	if (md == NULL) {
+		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,
+		    PKCS7_R_UNKNOWN_DIGEST_TYPE);
 		goto err;
-		}
+	}
 
-	BIO_set_md(btmp,md);
+	BIO_set_md(btmp, md);
 	if (*pbio == NULL)
-		*pbio=btmp;
-	else if (!BIO_push(*pbio,btmp))
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
+		*pbio = btmp;
+	else if (!BIO_push(*pbio, btmp)) {
+		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
 		goto err;
-		}
-	btmp=NULL;
+	}
+	btmp = NULL;
 
 	return 1;
 
-	err:
+err:
 	if (btmp)
 		BIO_free(btmp);
 	return 0;
 
-	}
+}
 
-static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
-					unsigned char *key, int keylen)
-	{
+static int
+pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
+{
 	EVP_PKEY_CTX *pctx = NULL;
 	EVP_PKEY *pkey = NULL;
 	unsigned char *ek = NULL;
@@ -148,7 +148,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
 	size_t eklen;
 
 	pkey = X509_get_pubkey(ri->cert);
-
 	if (!pkey)
 		return 0;
 
@@ -160,22 +159,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-				EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
-		{
+	    EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
 		goto err;
 
 	ek = malloc(eklen);
 
-	if (ek == NULL)
-		{
+	if (ek == NULL) {
 		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
 		goto err;
@@ -185,20 +182,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
 
 	ret = 1;
 
-	err:
+err:
 	if (pkey)
 		EVP_PKEY_free(pkey);
 	if (pctx)
 		EVP_PKEY_CTX_free(pctx);
 	free(ek);
 	return ret;
-
-	}
+}
 
 
-static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
-			       PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
-	{
+static int
+pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
+    EVP_PKEY *pkey)
+{
 	EVP_PKEY_CTX *pctx = NULL;
 	unsigned char *ek = NULL;
 	size_t eklen;
@@ -213,95 +210,88 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
-				EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
-		{
+	    EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
-				ri->enc_key->data, ri->enc_key->length) <= 0)
+	    ri->enc_key->data, ri->enc_key->length) <= 0)
 		goto err;
 
 	ek = malloc(eklen);
-
-	if (ek == NULL)
-		{
+	if (ek == NULL) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
-				ri->enc_key->data, ri->enc_key->length) <= 0)
-		{
+	    ri->enc_key->data, ri->enc_key->length) <= 0) {
 		ret = 0;
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
 		goto err;
-		}
+	}
 
 	ret = 1;
 
-	if (*pek)
-		{
+	if (*pek) {
 		OPENSSL_cleanse(*pek, *peklen);
 		free(*pek);
-		}
+	}
 
 	*pek = ek;
 	*peklen = eklen;
 
-	err:
+err:
 	if (pctx)
 		EVP_PKEY_CTX_free(pctx);
 	if (!ret && ek)
 		free(ek);
 
 	return ret;
-	}
+}
 
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
-	{
+BIO *
+PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
 	int i;
-	BIO *out=NULL,*btmp=NULL;
+	BIO *out = NULL, *btmp = NULL;
 	X509_ALGOR *xa = NULL;
-	const EVP_CIPHER *evp_cipher=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	X509_ALGOR *xalg=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
+	const EVP_CIPHER *evp_cipher = NULL;
+	STACK_OF(X509_ALGOR) *md_sk = NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+	X509_ALGOR *xalg = NULL;
+	PKCS7_RECIP_INFO *ri = NULL;
+	ASN1_OCTET_STRING *os = NULL;
+
+	i = OBJ_obj2nid(p7->type);
+	p7->state = PKCS7_S_HEADER;
+
+	switch (i) {
 	case NID_pkcs7_signed:
-		md_sk=p7->d.sign->md_algs;
+		md_sk = p7->d.sign->md_algs;
 		os = PKCS7_get_octet_string(p7->d.sign->contents);
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
+		rsk = p7->d.signed_and_enveloped->recipientinfo;
+		md_sk = p7->d.signed_and_enveloped->md_algs;
+		xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+		if (evp_cipher == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
+			    PKCS7_R_CIPHER_NOT_INITIALIZED);
 			goto err;
-			}
+		}
 		break;
 	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		xalg=p7->d.enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
+		rsk = p7->d.enveloped->recipientinfo;
+		xalg = p7->d.enveloped->enc_data->algorithm;
+		evp_cipher = p7->d.enveloped->enc_data->cipher;
+		if (evp_cipher == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
+			    PKCS7_R_CIPHER_NOT_INITIALIZED);
 			goto err;
-			}
+		}
 		break;
 	case NID_pkcs7_digest:
 		xa = p7->d.digest->md;
@@ -310,37 +300,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 	case NID_pkcs7_data:
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
+		PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		goto err;
+	}
 
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
 		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
 			goto err;
 
 	if (xa && !PKCS7_bio_add_digest(&out, xa))
-			goto err;
+		goto err;
 
-	if (evp_cipher != NULL)
-		{
+	if (evp_cipher != NULL) {
 		unsigned char key[EVP_MAX_KEY_LENGTH];
 		unsigned char iv[EVP_MAX_IV_LENGTH];
-		int keylen,ivlen;
+		int keylen, ivlen;
 		EVP_CIPHER_CTX *ctx;
 
-		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+		if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
 			goto err;
-			}
+		}
 		BIO_get_cipher_ctx(btmp, &ctx);
-		keylen=EVP_CIPHER_key_length(evp_cipher);
-		ivlen=EVP_CIPHER_iv_length(evp_cipher);
+		keylen = EVP_CIPHER_key_length(evp_cipher);
+		ivlen = EVP_CIPHER_iv_length(evp_cipher);
 		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
 		if (ivlen > 0)
-			if (RAND_pseudo_bytes(iv,ivlen) <= 0)
+			if (RAND_pseudo_bytes(iv, ivlen) <= 0)
 				goto err;
-		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
+		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
+		    NULL, 1) <= 0)
 			goto err;
 		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
 			goto err;
@@ -353,167 +343,162 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 				if (xalg->parameter == NULL)
 					goto err;
 			}
-			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+			if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
 				goto err;
 		}
 
 		/* Lets do the pub key stuff :-) */
-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-			{
-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+		for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+			ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
 			if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
 				goto err;
-			}
+		}
 		OPENSSL_cleanse(key, keylen);
 
 		if (out == NULL)
-			out=btmp;
+			out = btmp;
 		else
-			BIO_push(out,btmp);
-		btmp=NULL;
-		}
+			BIO_push(out, btmp);
+		btmp = NULL;
+	}
 
-	if (bio == NULL)
-		{
+	if (bio == NULL) {
 		if (PKCS7_is_detached(p7))
-			bio=BIO_new(BIO_s_null());
+			bio = BIO_new(BIO_s_null());
 		else if (os && os->length > 0)
 			bio = BIO_new_mem_buf(os->data, os->length);
-		if(bio == NULL)
-			{
-			bio=BIO_new(BIO_s_mem());
+		if (bio == NULL) {
+			bio = BIO_new(BIO_s_mem());
 			if (bio == NULL)
 				goto err;
-			BIO_set_mem_eof_return(bio,0);
-			}
+			BIO_set_mem_eof_return(bio, 0);
 		}
+	}
 	if (out)
-		BIO_push(out,bio);
+		BIO_push(out, bio);
 	else
 		out = bio;
-	bio=NULL;
-	if (0)
-		{
+	bio = NULL;
+	if (0) {
 err:
 		if (out != NULL)
 			BIO_free_all(out);
 		if (btmp != NULL)
 			BIO_free_all(btmp);
-		out=NULL;
-		}
-	return(out);
+		out = NULL;
 	}
+	return (out);
+}
 
-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
-	{
+static int
+pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
 	int ret;
+
 	ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-				pcert->cert_info->issuer);
+	    pcert->cert_info->issuer);
 	if (ret)
 		return ret;
 	return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-					ri->issuer_and_serial->serial);
-	}
+	    ri->issuer_and_serial->serial);
+}
 
 /* int */
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
-	{
-	int i,j;
-	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
+BIO *
+PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+	int i, j;
+	BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
 	X509_ALGOR *xa;
-	ASN1_OCTET_STRING *data_body=NULL;
+	ASN1_OCTET_STRING *data_body = NULL;
 	const EVP_MD *evp_md;
-	const EVP_CIPHER *evp_cipher=NULL;
-	EVP_CIPHER_CTX *evp_ctx=NULL;
-	X509_ALGOR *enc_alg=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-       unsigned char *ek = NULL, *tkey = NULL;
-       int eklen = 0, tkeylen = 0;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
+	const EVP_CIPHER *evp_cipher = NULL;
+	EVP_CIPHER_CTX *evp_ctx = NULL;
+	X509_ALGOR *enc_alg = NULL;
+	STACK_OF(X509_ALGOR) *md_sk = NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+	PKCS7_RECIP_INFO *ri = NULL;
+	unsigned char *ek = NULL, *tkey = NULL;
+	int eklen = 0, tkeylen = 0;
+
+	i = OBJ_obj2nid(p7->type);
+	p7->state = PKCS7_S_HEADER;
+
+	switch (i) {
 	case NID_pkcs7_signed:
-		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
-		md_sk=p7->d.sign->md_algs;
+		data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+		md_sk = p7->d.sign->md_algs;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
-		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+		rsk = p7->d.signed_and_enveloped->recipientinfo;
+		md_sk = p7->d.signed_and_enveloped->md_algs;
+		data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+		enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+		if (evp_cipher == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+			    PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
-			}
+		}
 		break;
 	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		enc_alg=p7->d.enveloped->enc_data->algorithm;
-		data_body=p7->d.enveloped->enc_data->enc_data;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+		rsk = p7->d.enveloped->recipientinfo;
+		enc_alg = p7->d.enveloped->enc_data->algorithm;
+		data_body = p7->d.enveloped->enc_data->enc_data;
+		evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+		if (evp_cipher == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+			    PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
-			}
+		}
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		goto err;
+	}
 
 	/* We will be checking the signature */
-	if (md_sk != NULL)
-		{
-		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-			{
-			xa=sk_X509_ALGOR_value(md_sk,i);
-			if ((btmp=BIO_new(BIO_f_md())) == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+	if (md_sk != NULL) {
+		for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+			xa = sk_X509_ALGOR_value(md_sk, i);
+			if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+				    ERR_R_BIO_LIB);
 				goto err;
-				}
+			}
 
-			j=OBJ_obj2nid(xa->algorithm);
-			evp_md=EVP_get_digestbynid(j);
-			if (evp_md == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+			j = OBJ_obj2nid(xa->algorithm);
+			evp_md = EVP_get_digestbynid(j);
+			if (evp_md == NULL) {
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+				    PKCS7_R_UNKNOWN_DIGEST_TYPE);
 				goto err;
-				}
+			}
 
-			BIO_set_md(btmp,evp_md);
+			BIO_set_md(btmp, evp_md);
 			if (out == NULL)
-				out=btmp;
+				out = btmp;
 			else
-				BIO_push(out,btmp);
-			btmp=NULL;
-			}
+				BIO_push(out, btmp);
+			btmp = NULL;
 		}
+	}
 
-	if (evp_cipher != NULL)
-		{
+	if (evp_cipher != NULL) {
 #if 0
 		unsigned char key[EVP_MAX_KEY_LENGTH];
 		unsigned char iv[EVP_MAX_IV_LENGTH];
 		unsigned char *p;
-		int keylen,ivlen;
+		int keylen, ivlen;
 		int max;
 		X509_OBJECT ret;
 #endif
 
-		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+		if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
 			goto err;
-			}
+		}
 
 		/* It was encrypted, we need to decrypt the secret key
 		 * with the private key */
@@ -521,54 +506,47 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 		/* Find the recipientInfo which matches the passed certificate
 		 * (if any)
 		 */
-
-		if (pcert)
-			{
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-				{
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+		if (pcert) {
+			for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+				ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
 				if (!pkcs7_cmp_ri(ri, pcert))
 					break;
-				ri=NULL;
-				}
-			if (ri == NULL)
-				{
+				ri = NULL;
+			}
+			if (ri == NULL) {
 				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-				      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+				    PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
 				goto err;
-				}
 			}
+		}
 
 		/* If we haven't got a certificate try each ri in turn */
-		if (pcert == NULL)
-			{
+		if (pcert == NULL) {
 			/* Always attempt to decrypt all rinfo even
 			 * after sucess as a defence against MMA timing
 			 * attacks.
 			 */
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-				{
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				
+			for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+				ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+
 				if (pkcs7_decrypt_rinfo(&ek, &eklen,
-							ri, pkey) < 0)
+				    ri, pkey) < 0)
 					goto err;
 				ERR_clear_error();
-				}
 			}
-		else
-			{
+		} else {
 			/* Only exit on fatal errors, not decrypt failure */
 			if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
 				goto err;
 			ERR_clear_error();
-			}
+		}
 
-		evp_ctx=NULL;
-		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
+		evp_ctx = NULL;
+		BIO_get_cipher_ctx(etmp, &evp_ctx);
+		if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL,
+		    NULL, 0) <= 0)
 			goto err;
-		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+		if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
 			goto err;
 		/* Generate random key as MMA defence */
 		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
@@ -577,257 +555,245 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 			goto err;
 		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
 			goto err;
-		if (ek == NULL)
-			{
+		if (ek == NULL) {
 			ek = tkey;
 			eklen = tkeylen;
 			tkey = NULL;
-			}
+		}
 
 		if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
 			/* Some S/MIME clients don't use the same key
 			 * and effective key length. The key length is
 			 * determined by the size of the decrypted RSA key.
 			 */
-			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
-				{
+			if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
 				/* Use random key as MMA defence */
 				OPENSSL_cleanse(ek, eklen);
 				free(ek);
 				ek = tkey;
 				eklen = tkeylen;
 				tkey = NULL;
-				}
-		} 
+			}
+		}
 		/* Clear errors so we don't leak information useful in MMA */
 		ERR_clear_error();
-		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
+		if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
 			goto err;
 
-		if (ek)
-			{
-			OPENSSL_cleanse(ek,eklen);
+		if (ek) {
+			OPENSSL_cleanse(ek, eklen);
 			free(ek);
-                       ek = NULL;
-			}
-		if (tkey)
-			{
-			OPENSSL_cleanse(tkey,tkeylen);
+			ek = NULL;
+		}
+		if (tkey) {
+			OPENSSL_cleanse(tkey, tkeylen);
 			free(tkey);
-                       tkey = NULL;
-			}
+			tkey = NULL;
+		}
 
 		if (out == NULL)
-			out=etmp;
+			out = etmp;
 		else
-			BIO_push(out,etmp);
-		etmp=NULL;
-		}
+			BIO_push(out, etmp);
+		etmp = NULL;
+	}
 
 #if 1
-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
-		{
-		bio=in_bio;
-		}
-	else 
-		{
+	if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+		bio = in_bio;
+	} else {
 #if 0
-		bio=BIO_new(BIO_s_mem());
+		bio = BIO_new(BIO_s_mem());
 		/* We need to set this so that when we have read all
 		 * the data, the encrypt BIO, if present, will read
 		 * EOF and encode the last few bytes */
-		BIO_set_mem_eof_return(bio,0);
+		BIO_set_mem_eof_return(bio, 0);
 
 		if (data_body != NULL && data_body->length > 0)
-			BIO_write(bio,(char *)data_body->data,data_body->length);
+			BIO_write(bio, (char *)data_body->data, data_body->length);
 #else
 		if (data_body != NULL && data_body->length > 0)
-		      bio = BIO_new_mem_buf(data_body->data,data_body->length);
+			bio = BIO_new_mem_buf(data_body->data, data_body->length);
 		else {
-			bio=BIO_new(BIO_s_mem());
-			BIO_set_mem_eof_return(bio,0);
+			bio = BIO_new(BIO_s_mem());
+			BIO_set_mem_eof_return(bio, 0);
 		}
 		if (bio == NULL)
 			goto err;
 #endif
-		}
-	BIO_push(out,bio);
-	bio=NULL;
+	}
+	BIO_push(out, bio);
+	bio = NULL;
 #endif
-	if (0)
-		{
+	if (0) {
 err:
-               if (ek)
-                       {
-                       OPENSSL_cleanse(ek,eklen);
-                       free(ek);
-                       }
-               if (tkey)
-                       {
-                       OPENSSL_cleanse(tkey,tkeylen);
-                       free(tkey);
-                       }
-		if (out != NULL) BIO_free_all(out);
-		if (btmp != NULL) BIO_free_all(btmp);
-		if (etmp != NULL) BIO_free_all(etmp);
-		if (bio != NULL) BIO_free_all(bio);
-		out=NULL;
+		if (ek) {
+			OPENSSL_cleanse(ek, eklen);
+			free(ek);
+		}
+		if (tkey) {
+			OPENSSL_cleanse(tkey, tkeylen);
+			free(tkey);
 		}
-	return(out);
+		if (out != NULL)
+			BIO_free_all(out);
+		if (btmp != NULL)
+			BIO_free_all(btmp);
+		if (etmp != NULL)
+			BIO_free_all(etmp);
+		if (bio != NULL)
+			BIO_free_all(bio);
+		out = NULL;
 	}
+	return (out);
+}
 
-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-	{
-	for (;;)
-		{
-		bio=BIO_find_type(bio,BIO_TYPE_MD);
-		if (bio == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			return NULL;	
-			}
-		BIO_get_md_ctx(bio,pmd);
-		if (*pmd == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
+static BIO *
+PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+	for (;;) {
+		bio = BIO_find_type(bio, BIO_TYPE_MD);
+		if (bio == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			return NULL;
-			}	
+		}
+		BIO_get_md_ctx(bio, pmd);
+		if (*pmd == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+			    ERR_R_INTERNAL_ERROR);
+			return NULL;
+		}
 		if (EVP_MD_CTX_type(*pmd) == nid)
 			return bio;
-		bio=BIO_next(bio);
-		}
-	return NULL;
+		bio = BIO_next(bio);
 	}
+	return NULL;
+}
 
-static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
-	{
+static int
+do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+{
 	unsigned char md_data[EVP_MAX_MD_SIZE];
 	unsigned int md_len;
 
 	/* Add signing time if not already present */
-	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))
-		{
-		if (!PKCS7_add0_attrib_signing_time(si, NULL))
-			{
+	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+		if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
 			PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
-					ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
 		}
+	}
 
 	/* Add digest */
-	if (!EVP_DigestFinal_ex(mctx, md_data,&md_len))
-		{
+	if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
 		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
 		return 0;
-		}
-	if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
-		{
+	}
+	if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
 		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 
 	/* Now sign the attributes */
 	if (!PKCS7_SIGNER_INFO_sign(si))
-			return 0;
+		return 0;
 
 	return 1;
-	}
-	
-				
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-	{
-	int ret=0;
-	int i,j;
+}
+
+
+int
+PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+	int ret = 0;
+	int i, j;
 	BIO *btmp;
 	PKCS7_SIGNER_INFO *si;
-	EVP_MD_CTX *mdc,ctx_tmp;
+	EVP_MD_CTX *mdc, ctx_tmp;
 	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-	ASN1_OCTET_STRING *os=NULL;
+	STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+	ASN1_OCTET_STRING *os = NULL;
 
 	EVP_MD_CTX_init(&ctx_tmp);
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
+	i = OBJ_obj2nid(p7->type);
+	p7->state = PKCS7_S_HEADER;
 
-	switch (i)
-		{
+	switch (i) {
 	case NID_pkcs7_data:
 		os = p7->d.data;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
 		/* XXX */
-		si_sk=p7->d.signed_and_enveloped->signer_info;
+		si_sk = p7->d.signed_and_enveloped->signer_info;
 		os = p7->d.signed_and_enveloped->enc_data->enc_data;
-		if (!os)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			if (!os)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+		if (!os) {
+			os = M_ASN1_OCTET_STRING_new();
+			if (!os) {
+				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+				    ERR_R_MALLOC_FAILURE);
 				goto err;
-				}
-			p7->d.signed_and_enveloped->enc_data->enc_data=os;
 			}
+			p7->d.signed_and_enveloped->enc_data->enc_data = os;
+		}
 		break;
 	case NID_pkcs7_enveloped:
 		/* XXX */
 		os = p7->d.enveloped->enc_data->enc_data;
-		if (!os)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			if (!os)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+		if (!os) {
+			os = M_ASN1_OCTET_STRING_new();
+			if (!os) {
+				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+				    ERR_R_MALLOC_FAILURE);
 				goto err;
-				}
-			p7->d.enveloped->enc_data->enc_data=os;
 			}
+			p7->d.enveloped->enc_data->enc_data = os;
+		}
 		break;
 	case NID_pkcs7_signed:
-		si_sk=p7->d.sign->signer_info;
-		os=PKCS7_get_octet_string(p7->d.sign->contents);
+		si_sk = p7->d.sign->signer_info;
+		os = PKCS7_get_octet_string(p7->d.sign->contents);
 		if (os == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
-	        	goto err;
+			goto err;
 		}
 		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+		if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
 			M_ASN1_OCTET_STRING_free(os);
 			p7->d.sign->contents->d.data = NULL;
 		}
 		break;
 
 	case NID_pkcs7_digest:
-		os=PKCS7_get_octet_string(p7->d.digest->contents);
+		os = PKCS7_get_octet_string(p7->d.digest->contents);
 		if (os == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
-	        	goto err;
+			goto err;
 		}
 		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-			{
+		if (PKCS7_type_is_data(p7->d.digest->contents) &&
+		    p7->detached) {
 			M_ASN1_OCTET_STRING_free(os);
 			p7->d.digest->contents->d.data = NULL;
-			}
+		}
 		break;
 
 	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
+		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		goto err;
+	}
 
-	if (si_sk != NULL)
-		{
-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
-			{
-			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
+	if (si_sk != NULL) {
+		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+			si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
 			if (si->pkey == NULL)
 				continue;
 
 			j = OBJ_obj2nid(si->digest_alg->algorithm);
 
-			btmp=bio;
+			btmp = bio;
 
 			btmp = PKCS7_find_digest(&mdc, btmp, j);
 
@@ -836,20 +802,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
 			/* We now have the EVP_MD_CTX, lets do the
 			 * signing. */
-			if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc))
+			if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
 				goto err;
 
-			sk=si->auth_attr;
+			sk = si->auth_attr;
 
 			/* If there are attributes, we add the digest
 			 * attribute and only sign the attributes */
-			if (sk_X509_ATTRIBUTE_num(sk) > 0)
-				{
+			if (sk_X509_ATTRIBUTE_num(sk) > 0) {
 				if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
 					goto err;
-				}
-			else
-				{
+			} else {
 				unsigned char *abuf = NULL;
 				unsigned int abuflen;
 				abuflen = EVP_PKEY_size(si->pkey);
@@ -858,38 +821,34 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 					goto err;
 
 				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
-							si->pkey))
-					{
+				    si->pkey)) {
 					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-							ERR_R_EVP_LIB);
+					    ERR_R_EVP_LIB);
 					goto err;
-					}
-				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
 				}
+				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
 			}
 		}
-	else if (i == NID_pkcs7_digest)
-		{
+	} else if (i == NID_pkcs7_digest) {
 		unsigned char md_data[EVP_MAX_MD_SIZE];
 		unsigned int md_len;
 		if (!PKCS7_find_digest(&mdc, bio,
-				OBJ_obj2nid(p7->d.digest->md->algorithm)))
+		    OBJ_obj2nid(p7->d.digest->md->algorithm)))
 			goto err;
-		if (!EVP_DigestFinal_ex(mdc,md_data,&md_len))
+		if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
 			goto err;
 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-		}
+	}
 
-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
-		{
+	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
 		char *cont;
 		long contlen;
-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-		if (btmp == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+		btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+		if (btmp == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+			    PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
 			goto err;
-			}
+		}
 		contlen = BIO_get_mem_data(btmp, &cont);
 		/* Mark the BIO read only then we can use its copy of the data
 		 * instead of making an extra copy.
@@ -897,15 +856,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
 		BIO_set_mem_eof_return(btmp, 0);
 		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-		}
-	ret=1;
+	}
+	ret = 1;
 err:
 	EVP_MD_CTX_cleanup(&ctx_tmp);
-	return(ret);
-	}
+	return (ret);
+}
 
-int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
-	{
+int
+PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+{
 	EVP_MD_CTX mctx;
 	EVP_PKEY_CTX *pctx;
 	unsigned char *abuf = NULL;
@@ -918,38 +878,36 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 		return 0;
 
 	EVP_MD_CTX_init(&mctx);
-	if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0)
+	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
-		{
+	    EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,
-				ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-	if(!abuf)
+	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+	    ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+	if (!abuf)
 		goto err;
-	if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
+	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
 		goto err;
 	free(abuf);
 	abuf = NULL;
 	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
 		goto err;
 	abuf = malloc(siglen);
-	if(!abuf)
+	if (!abuf)
 		goto err;
 	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
-		{
+	    EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	EVP_MD_CTX_cleanup(&mctx);
 
@@ -957,73 +915,66 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 
 	return 1;
 
-	err:
+err:
 	free(abuf);
 	EVP_MD_CTX_cleanup(&mctx);
 	return 0;
+}
 
-	}
-
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
+int
+PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+    PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
 	PKCS7_ISSUER_AND_SERIAL *ias;
-	int ret=0,i;
+	int ret = 0, i;
 	STACK_OF(X509) *cert;
 	X509 *x509;
 
-	if (PKCS7_type_is_signed(p7))
-		{
-		cert=p7->d.sign->cert;
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		cert=p7->d.signed_and_enveloped->cert;
-		}
-	else
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
+	if (PKCS7_type_is_signed(p7)) {
+		cert = p7->d.sign->cert;
+	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+		cert = p7->d.signed_and_enveloped->cert;
+	} else {
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
 		goto err;
-		}
+	}
 	/* XXXX */
-	ias=si->issuer_and_serial;
+	ias = si->issuer_and_serial;
 
-	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
+	x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
 
 	/* were we able to find the cert in passed to us */
-	if (x509 == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+	if (x509 == NULL) {
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+		    PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
 		goto err;
-		}
+	}
 
 	/* Lets verify */
-	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+	if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
 		goto err;
-		}
+	}
 	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
-	i=X509_verify_cert(ctx);
-	if (i <= 0) 
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+	i = X509_verify_cert(ctx);
+	if (i <= 0) {
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
 		X509_STORE_CTX_cleanup(ctx);
 		goto err;
-		}
+	}
 	X509_STORE_CTX_cleanup(ctx);
 
 	return PKCS7_signatureVerify(bio, p7, si, x509);
-	err:
+err:
 	return ret;
-	}
+}
 
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-								X509 *x509)
-	{
+int
+PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
+{
 	ASN1_OCTET_STRING *os;
-	EVP_MD_CTX mdc_tmp,*mdc;
-	int ret=0,i;
+	EVP_MD_CTX mdc_tmp, *mdc;
+	int ret = 0, i;
 	int md_type;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	BIO *btmp;
@@ -1031,32 +982,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 
 	EVP_MD_CTX_init(&mdc_tmp);
 
-	if (!PKCS7_type_is_signed(p7) && 
-				!PKCS7_type_is_signedAndEnveloped(p7)) {
+	if (!PKCS7_type_is_signed(p7) &&
+	    !PKCS7_type_is_signedAndEnveloped(p7)) {
 		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_WRONG_PKCS7_TYPE);
+		    PKCS7_R_WRONG_PKCS7_TYPE);
 		goto err;
 	}
 
-	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
+	md_type = OBJ_obj2nid(si->digest_alg->algorithm);
 
-	btmp=bio;
-	for (;;)
-		{
+	btmp = bio;
+	for (;;) {
 		if ((btmp == NULL) ||
-			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
-			{
+		    ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			goto err;
-			}
-		BIO_get_md_ctx(btmp,&mdc);
-		if (mdc == NULL)
-			{
+		}
+		BIO_get_md_ctx(btmp, &mdc);
+		if (mdc == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							ERR_R_INTERNAL_ERROR);
+			    ERR_R_INTERNAL_ERROR);
 			goto err;
-			}
+		}
 		if (EVP_MD_CTX_type(mdc) == md_type)
 			break;
 		/* Workaround for some broken clients that put the signature
@@ -1064,243 +1012,239 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 		 */
 		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
 			break;
-		btmp=BIO_next(btmp);
-		}
+		btmp = BIO_next(btmp);
+	}
 
 	/* mdc is the digest ctx that we want, unless there are attributes,
 	 * in which case the digest is the signed attributes */
-	if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc))
+	if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
 		goto err;
 
-	sk=si->auth_attr;
-	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-		{
+	sk = si->auth_attr;
+	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
 		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len;
+		unsigned int md_len;
 		int alen;
 		ASN1_OCTET_STRING *message_digest;
 
-		if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len))
+		if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
 			goto err;
-		message_digest=PKCS7_digest_from_attributes(sk);
-		if (!message_digest)
-			{
+		message_digest = PKCS7_digest_from_attributes(sk);
+		if (!message_digest) {
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			    PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			goto err;
-			}
+		}
 		if ((message_digest->length != (int)md_len) ||
-			(memcmp(message_digest->data,md_dat,md_len)))
-			{
+		    (memcmp(message_digest->data, md_dat, md_len))) {
 #if 0
-{
-int ii;
-for (ii=0; ii<message_digest->length; ii++)
-	printf("%02X",message_digest->data[ii]); printf(" sent\n");
-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
-}
+			{
+				int ii;
+				for (ii = 0; ii < message_digest->length; ii++)
+					printf("%02X",message_digest->data[ii]); printf(" sent\n");
+				for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
+			}
 #endif
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							PKCS7_R_DIGEST_FAILURE);
-			ret= -1;
+			    PKCS7_R_DIGEST_FAILURE);
+			ret = -1;
 			goto err;
-			}
+		}
 
-		if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL))
+		if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
+		    NULL))
 			goto err;
 
 		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
-		if (alen <= 0) 
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
+		    ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+		if (alen <= 0) {
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
 			ret = -1;
 			goto err;
-			}
+		}
 		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
 			goto err;
 
 		free(abuf);
-		}
+	}
 
-	os=si->enc_digest;
+	os = si->enc_digest;
 	pkey = X509_get_pubkey(x509);
-	if (!pkey)
-		{
+	if (!pkey) {
 		ret = -1;
 		goto err;
-		}
+	}
 
-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+	i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
 	EVP_PKEY_free(pkey);
-	if (i <= 0)
-		{
+	if (i <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_SIGNATURE_FAILURE);
-		ret= -1;
+		    PKCS7_R_SIGNATURE_FAILURE);
+		ret = -1;
 		goto err;
-		}
-	else
-		ret=1;
+	} else
+		ret = 1;
 err:
 	EVP_MD_CTX_cleanup(&mdc_tmp);
-	return(ret);
-	}
+	return (ret);
+}
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
-	{
+PKCS7_ISSUER_AND_SERIAL *
+PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
 	STACK_OF(PKCS7_RECIP_INFO) *rsk;
 	PKCS7_RECIP_INFO *ri;
 	int i;
 
-	i=OBJ_obj2nid(p7->type);
+	i = OBJ_obj2nid(p7->type);
 	if (i != NID_pkcs7_signedAndEnveloped)
 		return NULL;
 	if (p7->d.signed_and_enveloped == NULL)
 		return NULL;
-	rsk=p7->d.signed_and_enveloped->recipientinfo;
+	rsk = p7->d.signed_and_enveloped->recipientinfo;
 	if (rsk == NULL)
 		return NULL;
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
-	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
-	return(ri->issuer_and_serial);
-	}
+	ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
+	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+		return (NULL);
+	ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+	return (ri->issuer_and_serial);
+}
 
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->auth_attr,nid));
-	}
+ASN1_TYPE *
+PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+	return (get_attribute(si->auth_attr, nid));
+}
 
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->unauth_attr,nid));
-	}
+ASN1_TYPE *
+PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+	return (get_attribute(si->unauth_attr, nid));
+}
 
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
-	{
+static ASN1_TYPE *
+get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
 	int i;
 	X509_ATTRIBUTE *xa;
 	ASN1_OBJECT *o;
 
-	o=OBJ_nid2obj(nid);
-	if (!o || !sk) return(NULL);
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		xa=sk_X509_ATTRIBUTE_value(sk,i);
-		if (OBJ_cmp(xa->object,o) == 0)
-			{
+	o = OBJ_nid2obj(nid);
+	if (!o || !sk)
+		return (NULL);
+	for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+		xa = sk_X509_ATTRIBUTE_value(sk, i);
+		if (OBJ_cmp(xa->object, o) == 0) {
 			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-				return(sk_ASN1_TYPE_value(xa->value.set,0));
+				return (sk_ASN1_TYPE_value(xa->value.set, 0));
 			else
-				return(NULL);
-			}
+				return (NULL);
 		}
-	return(NULL);
 	}
+	return (NULL);
+}
 
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+ASN1_OCTET_STRING *
+PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
 {
 	ASN1_TYPE *astype;
-	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+
+	if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
+		return NULL;
 	return astype->value.octet_string;
 }
 
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-				STACK_OF(X509_ATTRIBUTE) *sk)
-	{
+int
+PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+    STACK_OF(X509_ATTRIBUTE) *sk)
+{
 	int i;
 
 	if (p7si->auth_attr != NULL)
-		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
-	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,
+		    X509_ATTRIBUTE_free);
+	p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
 	if (p7si->auth_attr == NULL)
 		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
-			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+	for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+		    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
 		    == NULL)
-			return(0);
-		}
-	return(1);
+			return (0);
 	}
+	return (1);
+}
 
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
-	{
+int
+PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
+{
 	int i;
 
 	if (p7si->unauth_attr != NULL)
 		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
-					   X509_ATTRIBUTE_free);
-	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+		    X509_ATTRIBUTE_free);
+	p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
 	if (p7si->unauth_attr == NULL)
 		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+	for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+		    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
 		    == NULL)
-			return(0);
-		}
-	return(1);
+			return (0);
 	}
+	return (1);
+}
 
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
-	}
+int
+PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+    void *value)
+{
+	return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+}
 
-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
-	}
+int
+PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
+{
+	return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+}
 
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value)
-	{
-	X509_ATTRIBUTE *attr=NULL;
+static int
+add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
+{
+	X509_ATTRIBUTE *attr = NULL;
 
-	if (*sk == NULL)
-		{
+	if (*sk == NULL) {
 		*sk = sk_X509_ATTRIBUTE_new_null();
 		if (*sk == NULL)
-			return 0;	
+			return 0;
 new_attrib:
-		if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
+		if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
 			return 0;
-		if (!sk_X509_ATTRIBUTE_push(*sk,attr))
-			{
+		if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
 			X509_ATTRIBUTE_free(attr);
 			return 0;
-			}
 		}
-	else
-		{
+	} else {
 		int i;
 
-		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
-			{
-			attr=sk_X509_ATTRIBUTE_value(*sk,i);
-			if (OBJ_obj2nid(attr->object) == nid)
-				{
+		for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+			attr = sk_X509_ATTRIBUTE_value(*sk, i);
+			if (OBJ_obj2nid(attr->object) == nid) {
 				X509_ATTRIBUTE_free(attr);
-				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+				attr = X509_ATTRIBUTE_create(nid, atrtype,
+				    value);
 				if (attr == NULL)
 					return 0;
-				if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
-					{
+				if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
 					X509_ATTRIBUTE_free(attr);
 					return 0;
-					}
-				goto end;
 				}
+				goto end;
 			}
-		goto new_attrib;
 		}
-end:
-	return(1);
+		goto new_attrib;
 	}
-
+end:
+	return (1);
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_enc.c b/lib/libssl/src/crypto/pkcs7/pk7_enc.c
index cc63ef75f7e..fac9e5c8b1b 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_enc.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_enc.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: pk7_enc.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_enc.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,13 +64,12 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 
-PKCS7_in_bio(PKCS7 *p7,BIO *in);
-PKCS7_out_bio(PKCS7 *p7,BIO *out);
+PKCS7_in_bio(PKCS7 *p7, BIO *in);
+PKCS7_out_bio(PKCS7 *p7, BIO *out);
 
-PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
-PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
 
 PKCS7_Init(PKCS7 *p7);
 PKCS7_Update(PKCS7 *p7);
 PKCS7_Finish(PKCS7 *p7);
-
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index 5d7d0b18a01..9eed9fc74a8 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: pk7_lib.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_lib.c,v 1.11 2014/06/29 17:05:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,599 +62,597 @@
 #include <openssl/x509.h>
 #include "asn1_locl.h"
 
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
-	{
+long
+PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+{
 	int nid;
 	long ret;
 
-	nid=OBJ_obj2nid(p7->type);
+	nid = OBJ_obj2nid(p7->type);
 
-	switch (cmd)
-		{
+	switch (cmd) {
 	case PKCS7_OP_SET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			ret=p7->detached=(int)larg;
-			if (ret && PKCS7_type_is_data(p7->d.sign->contents))
-					{
-					ASN1_OCTET_STRING *os;
-					os=p7->d.sign->contents->d.data;
-					ASN1_OCTET_STRING_free(os);
-					p7->d.sign->contents->d.data = NULL;
-					}
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
+		if (nid == NID_pkcs7_signed) {
+			ret = p7->detached = (int)larg;
+			if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+				ASN1_OCTET_STRING *os;
+				os = p7->d.sign->contents->d.data;
+				ASN1_OCTET_STRING_free(os);
+				p7->d.sign->contents->d.data = NULL;
 			}
+		} else {
+			PKCS7err(PKCS7_F_PKCS7_CTRL,
+			    PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+			ret = 0;
+		}
 		break;
 	case PKCS7_OP_GET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+		if (nid == NID_pkcs7_signed) {
+			if (!p7->d.sign  || !p7->d.sign->contents->d.ptr)
 				ret = 1;
-			else ret = 0;
-				
+			else
+				ret = 0;
+
 			p7->detached = ret;
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
-			}
-			
+		} else {
+			PKCS7err(PKCS7_F_PKCS7_CTRL,
+			    PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+			ret = 0;
+		}
+
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
-		ret=0;
-		}
-	return(ret);
+		PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+		ret = 0;
 	}
+	return (ret);
+}
 
-int PKCS7_content_new(PKCS7 *p7, int type)
-	{
-	PKCS7 *ret=NULL;
+int
+PKCS7_content_new(PKCS7 *p7, int type)
+{
+	PKCS7 *ret = NULL;
 
-	if ((ret=PKCS7_new()) == NULL) goto err;
-	if (!PKCS7_set_type(ret,type)) goto err;
-	if (!PKCS7_set_content(p7,ret)) goto err;
+	if ((ret = PKCS7_new()) == NULL)
+		goto err;
+	if (!PKCS7_set_type(ret, type))
+		goto err;
+	if (!PKCS7_set_content(p7, ret))
+		goto err;
 
-	return(1);
+	return (1);
 err:
-	if (ret != NULL) PKCS7_free(ret);
-	return(0);
-	}
-
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
-	{
+	if (ret != NULL)
+		PKCS7_free(ret);
+	return (0);
+}
+
+int
+PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+{
 	int i;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signed:
 		if (p7->d.sign->contents != NULL)
 			PKCS7_free(p7->d.sign->contents);
-		p7->d.sign->contents=p7_data;
+		p7->d.sign->contents = p7_data;
 		break;
 	case NID_pkcs7_digest:
 		if (p7->d.digest->contents != NULL)
 			PKCS7_free(p7->d.digest->contents);
-		p7->d.digest->contents=p7_data;
+		p7->d.digest->contents = p7_data;
 		break;
 	case NID_pkcs7_data:
 	case NID_pkcs7_enveloped:
 	case NID_pkcs7_signedAndEnveloped:
 	case NID_pkcs7_encrypted:
 	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,
+		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;
-		}
-	return(1);
-err:
-	return(0);
 	}
+	return (1);
+err:
+	return (0);
+}
 
-int PKCS7_set_type(PKCS7 *p7, int type)
-	{
+int
+PKCS7_set_type(PKCS7 *p7, int type)
+{
 	ASN1_OBJECT *obj;
 
 	/*PKCS7_content_free(p7);*/
 	obj=OBJ_nid2obj(type); /* will not fail */
 
-	switch (type)
-		{
+	switch (type) {
 	case NID_pkcs7_signed:
-		p7->type=obj;
-		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
+		p7->type = obj;
+		if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
 			goto err;
-		if (!ASN1_INTEGER_set(p7->d.sign->version,1))
-			{
+		if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
 			PKCS7_SIGNED_free(p7->d.sign);
-			p7->d.sign=NULL;
+			p7->d.sign = NULL;
 			goto err;
-			}
+		}
 		break;
 	case NID_pkcs7_data:
-		p7->type=obj;
-		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
+		p7->type = obj;
+		if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
 			goto err;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		p7->type=obj;
-		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+		p7->type = obj;
+		if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
-		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-		if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
+		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
+		if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
 			goto err;
 		p7->d.signed_and_enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
+		= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_enveloped:
-		p7->type=obj;
-		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+		p7->type = obj;
+		if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
 			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
+		if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
 			goto err;
 		p7->d.enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
+		= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_encrypted:
-		p7->type=obj;
-		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+		p7->type = obj;
+		if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
 			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
+		if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
 			goto err;
 		p7->d.encrypted->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
+		= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 
 	case NID_pkcs7_digest:
-		p7->type=obj;
-		if ((p7->d.digest=PKCS7_DIGEST_new())
+		p7->type = obj;
+		if ((p7->d.digest = PKCS7_DIGEST_new())
 			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.digest->version,0))
+		if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
 			goto err;
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,
+		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;
-		}
-	return(1);
-err:
-	return(0);
 	}
+	return (1);
+err:
+	return (0);
+}
 
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
-	{
+int
+PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
+{
 	p7->type = OBJ_nid2obj(type);
 	p7->d.other = other;
 	return 1;
-	}
+}
 
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
-	{
-	int i,j,nid;
+int
+PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+{
+	int i, j, nid;
 	X509_ALGOR *alg;
 	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
 	STACK_OF(X509_ALGOR) *md_sk;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signed:
-		signer_sk=	p7->d.sign->signer_info;
-		md_sk=		p7->d.sign->md_algs;
+		signer_sk = p7->d.sign->signer_info;
+		md_sk = p7->d.sign->md_algs;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		signer_sk=	p7->d.signed_and_enveloped->signer_info;
-		md_sk=		p7->d.signed_and_enveloped->md_algs;
+		signer_sk = p7->d.signed_and_enveloped->signer_info;
+		md_sk = p7->d.signed_and_enveloped->md_algs;
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
+		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+		return (0);
+	}
 
-	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
+	nid = OBJ_obj2nid(psi->digest_alg->algorithm);
 
 	/* If the digest is not currently listed, add it */
-	j=0;
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-		{
-		alg=sk_X509_ALGOR_value(md_sk,i);
-		if (OBJ_obj2nid(alg->algorithm) == nid)
-			{
-			j=1;
+	j = 0;
+	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+		alg = sk_X509_ALGOR_value(md_sk, i);
+		if (OBJ_obj2nid(alg->algorithm) == nid) {
+			j = 1;
 			break;
-			}
 		}
+	}
 	if (!j) /* we need to add another algorithm */
-		{
-		if(!(alg=X509_ALGOR_new())
-			|| !(alg->parameter = ASN1_TYPE_new()))
-			{
+	{
+		if (!(alg = X509_ALGOR_new()) ||
+		    !(alg->parameter = ASN1_TYPE_new())) {
 			X509_ALGOR_free(alg);
-			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		alg->algorithm=OBJ_nid2obj(nid);
+			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,
+			    ERR_R_MALLOC_FAILURE);
+			return (0);
+		}
+		alg->algorithm = OBJ_nid2obj(nid);
 		alg->parameter->type = V_ASN1_NULL;
-		if (!sk_X509_ALGOR_push(md_sk,alg))
-			{
+		if (!sk_X509_ALGOR_push(md_sk, alg)) {
 			X509_ALGOR_free(alg);
 			return 0;
-			}
 		}
+	}
 
-	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
+	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
 		return 0;
-	return(1);
-	}
+	return (1);
+}
 
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
-	{
+int
+PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+{
 	int i;
 	STACK_OF(X509) **sk;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->cert);
+		sk = &(p7->d.sign->cert);
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->cert);
+		sk = &(p7->d.signed_and_enveloped->cert);
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
+		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,
+		    PKCS7_R_WRONG_CONTENT_TYPE);
+		return (0);
+	}
 
 	if (*sk == NULL)
-		*sk=sk_X509_new_null();
-	if (*sk == NULL)
-		{
+		*sk = sk_X509_new_null();
+	if (*sk == NULL) {
 		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	if (!sk_X509_push(*sk,x509))
-		{
+	}
+	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+	if (!sk_X509_push(*sk, x509)) {
 		X509_free(x509);
 		return 0;
-		}
-	return(1);
 	}
+	return (1);
+}
 
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
-	{
+int
+PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+{
 	int i;
 	STACK_OF(X509_CRL) **sk;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->crl);
+		sk = &(p7->d.sign->crl);
 		break;
 	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->crl);
+		sk = &(p7->d.signed_and_enveloped->crl);
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
+		PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+		return (0);
+	}
 
 	if (*sk == NULL)
-		*sk=sk_X509_CRL_new_null();
-	if (*sk == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
+		*sk = sk_X509_CRL_new_null();
+	if (*sk == NULL) {
+		PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 
-	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	if (!sk_X509_CRL_push(*sk,crl))
-		{
+	CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+	if (!sk_X509_CRL_push(*sk, crl)) {
 		X509_CRL_free(crl);
 		return 0;
-		}
-	return(1);
 	}
+	return (1);
+}
 
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
+int
+PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+    const EVP_MD *dgst)
+{
 	int ret;
 
 	/* We now need to add another PKCS7_SIGNER_INFO entry */
-	if (!ASN1_INTEGER_set(p7i->version,1))
+	if (!ASN1_INTEGER_set(p7i->version, 1))
 		goto err;
 	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-			X509_get_issuer_name(x509)))
+	    X509_get_issuer_name(x509)))
 		goto err;
 
 	/* because ASN1_INTEGER_set is used to set a 'long' we will do
 	 * things the ugly way. */
 	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+	if (!(p7i->issuer_and_serial->serial =
+	    M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
 		goto err;
 
 	/* lets keep the pkey around for a while */
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	p7i->pkey=pkey;
+	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+	p7i->pkey = pkey;
 
 	/* Set the algorithms */
 
 	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
-				V_ASN1_NULL, NULL);
+	    V_ASN1_NULL, NULL);
 
-	if (pkey->ameth && pkey->ameth->pkey_ctrl)
-		{
+	if (pkey->ameth && pkey->ameth->pkey_ctrl) {
 		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
-						0, p7i);
+		    0, p7i);
 		if (ret > 0)
 			return 1;
-		if (ret != -2)
-			{
+		if (ret != -2) {
 			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-					PKCS7_R_SIGNING_CTRL_FAILURE);
+			    PKCS7_R_SIGNING_CTRL_FAILURE);
 			return 0;
-			}
 		}
+	}
 	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-			PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+	    PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 err:
 	return 0;
-	}
+}
 
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
+PKCS7_SIGNER_INFO *
+PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
+{
 	PKCS7_SIGNER_INFO *si = NULL;
 
-	if (dgst == NULL)
-		{
+	if (dgst == NULL) {
 		int def_nid;
 		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
 			goto err;
 		dgst = EVP_get_digestbynid(def_nid);
-		if (dgst == NULL)
-			{
+		if (dgst == NULL) {
 			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
-						PKCS7_R_NO_DEFAULT_DIGEST);
+			    PKCS7_R_NO_DEFAULT_DIGEST);
 			goto err;
-			}
 		}
+	}
 
-	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
-	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
-	if (!PKCS7_add_signer(p7,si)) goto err;
-	return(si);
+	if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+		goto err;
+	if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+		goto err;
+	if (!PKCS7_add_signer(p7, si))
+		goto err;
+	return (si);
 err:
 	if (si)
 		PKCS7_SIGNER_INFO_free(si);
-	return(NULL);
-	}
-
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
-	{
-	if (PKCS7_type_is_digest(p7))
-		{
-		if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
+	return (NULL);
+}
+
+int
+PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
+{
+	if (PKCS7_type_is_digest(p7)) {
+		if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
+			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
+		}
 		p7->d.digest->md->parameter->type = V_ASN1_NULL;
 		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
 		return 1;
-		}
-		
-	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
-	return 1;
 	}
 
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-	{
-	if (PKCS7_type_is_signed(p7))
-		{
-		return(p7->d.sign->signer_info);
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		return(p7->d.signed_and_enveloped->signer_info);
-		}
-	else
-		return(NULL);
-	}
+	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+	return 1;
+}
 
-void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
-					X509_ALGOR **pdig, X509_ALGOR **psig)
-	{
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+{
+	if (PKCS7_type_is_signed(p7)) {
+		return (p7->d.sign->signer_info);
+	} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+		return (p7->d.signed_and_enveloped->signer_info);
+	} else
+		return (NULL);
+}
+
+void
+PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+    X509_ALGOR **pdig, X509_ALGOR **psig)
+{
 	if (pk)
 		*pk = si->pkey;
 	if (pdig)
 		*pdig = si->digest_alg;
 	if (psig)
 		*psig = si->digest_enc_alg;
-	}
+}
 
-void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
-	{
+void
+PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+{
 	if (penc)
 		*penc = ri->key_enc_algor;
-	}
+}
 
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
-	{
+PKCS7_RECIP_INFO *
+PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+{
 	PKCS7_RECIP_INFO *ri;
 
-	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
-	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
-	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+	if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+		goto err;
+	if (!PKCS7_RECIP_INFO_set(ri, x509))
+		goto err;
+	if (!PKCS7_add_recipient_info(p7, ri))
+		goto err;
 	return ri;
 err:
 	if (ri)
 		PKCS7_RECIP_INFO_free(ri);
 	return NULL;
-	}
+}
 
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
-	{
+int
+PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+{
 	int i;
 	STACK_OF(PKCS7_RECIP_INFO) *sk;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signedAndEnveloped:
-		sk=	p7->d.signed_and_enveloped->recipientinfo;
+		sk = p7->d.signed_and_enveloped->recipientinfo;
 		break;
 	case NID_pkcs7_enveloped:
-		sk=	p7->d.enveloped->recipientinfo;
+		sk = p7->d.enveloped->recipientinfo;
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
+		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+		    PKCS7_R_WRONG_CONTENT_TYPE);
+		return (0);
+	}
 
-	if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
+	if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
 		return 0;
-	return(1);
-	}
+	return (1);
+}
 
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
-	{
+int
+PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+{
 	int ret;
 	EVP_PKEY *pkey = NULL;
-	if (!ASN1_INTEGER_set(p7i->version,0))
+	if (!ASN1_INTEGER_set(p7i->version, 0))
 		return 0;
 	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-		X509_get_issuer_name(x509)))
+	    X509_get_issuer_name(x509)))
 		return 0;
 
 	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+	if (!(p7i->issuer_and_serial->serial =
+	    M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
 		return 0;
 
 	pkey = X509_get_pubkey(x509);
 
-	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
-		{
+	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
 		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 		goto err;
-		}
+	}
 
 	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
-						0, p7i);
-	if (ret == -2)
-		{
+	    0, p7i);
+	if (ret == -2) {
 		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+		    PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 		goto err;
-		}
-	if (ret <= 0)
-		{
+	}
+	if (ret <= 0) {
 		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-				PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+		    PKCS7_R_ENCRYPTION_CTRL_FAILURE);
 		goto err;
-		}
+	}
 
 	EVP_PKEY_free(pkey);
 
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	p7i->cert=x509;
+	CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+	p7i->cert = x509;
 
 	return 1;
 
-	err:
+err:
 	if (pkey)
 		EVP_PKEY_free(pkey);
 	return 0;
-	}
+}
 
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
+X509 *
+PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
 	if (PKCS7_type_is_signed(p7))
 		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
-			si->issuer_and_serial->issuer,
-			si->issuer_and_serial->serial));
+		    si->issuer_and_serial->issuer,
+		    si->issuer_and_serial->serial));
 	else
-		return(NULL);
-	}
+		return (NULL);
+}
 
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
-	{
+int
+PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+{
 	int i;
 	PKCS7_ENC_CONTENT *ec;
 
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
+	i = OBJ_obj2nid(p7->type);
+	switch (i) {
 	case NID_pkcs7_signedAndEnveloped:
-		ec=p7->d.signed_and_enveloped->enc_data;
+		ec = p7->d.signed_and_enveloped->enc_data;
 		break;
 	case NID_pkcs7_enveloped:
-		ec=p7->d.enveloped->enc_data;
+		ec = p7->d.enveloped->enc_data;
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+		return (0);
+	}
 
 	/* Check cipher OID exists and has data in it*/
 	i = EVP_CIPHER_type(cipher);
-	if(i == NID_undef) {
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-		return(0);
+	if (i == NID_undef) {
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+		    PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		return (0);
 	}
 
 	ec->cipher = cipher;
 	return 1;
-	}
+}
 
-int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
-	{
+int
+PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+{
 	ASN1_OCTET_STRING *os = NULL;
 
-	switch (OBJ_obj2nid(p7->type))
-		{
-		case NID_pkcs7_data:
+	switch (OBJ_obj2nid(p7->type)) {
+	case NID_pkcs7_data:
 		os = p7->d.data;
 		break;
 
-		case NID_pkcs7_signedAndEnveloped:
+	case NID_pkcs7_signedAndEnveloped:
 		os = p7->d.signed_and_enveloped->enc_data->enc_data;
-		if (os == NULL)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			p7->d.signed_and_enveloped->enc_data->enc_data=os;
-			}
+		if (os == NULL) {
+			os = M_ASN1_OCTET_STRING_new();
+			p7->d.signed_and_enveloped->enc_data->enc_data = os;
+		}
 		break;
 
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		os = p7->d.enveloped->enc_data->enc_data;
-		if (os == NULL)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			p7->d.enveloped->enc_data->enc_data=os;
-			}
+		if (os == NULL) {
+			os = M_ASN1_OCTET_STRING_new();
+			p7->d.enveloped->enc_data->enc_data = os;
+		}
 		break;
 
-		case NID_pkcs7_signed:
-		os=p7->d.sign->contents->d.data;
+	case NID_pkcs7_signed:
+		os = p7->d.sign->contents->d.data;
 		break;
 
-		default:
+	default:
 		os = NULL;
 		break;
-		}
-	
+	}
+
 	if (os == NULL)
 		return 0;
 
@@ -662,4 +660,4 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
 	*boundary = &os->data;
 
 	return 1;
-	}
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 46d3dfd513a..8f32125f0bd 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_mime.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_mime.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,21 +61,23 @@
 
 /* PKCS#7 wrappers round generalised stream and MIME routines */
 
-int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-	{
+int
+i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
 	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
-					ASN1_ITEM_rptr(PKCS7));
-	}
+	    ASN1_ITEM_rptr(PKCS7));
+}
 
-int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-	{
+int
+PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
 	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
-						"PKCS7",
-						ASN1_ITEM_rptr(PKCS7));
-	}
+	    "PKCS7", ASN1_ITEM_rptr(PKCS7));
+}
 
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-	{
+int
+SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
 	STACK_OF(X509_ALGOR) *mdalgs;
 	int ctype_nid = OBJ_obj2nid(p7->type);
 	if (ctype_nid == NID_pkcs7_signed)
@@ -87,11 +89,11 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 
 
 	return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
-					ctype_nid, NID_undef, mdalgs,
-					ASN1_ITEM_rptr(PKCS7));	
-	}
+	    ctype_nid, NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7));
+}
 
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-	{
+PKCS7 *
+SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
 	return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
-	}
+}
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index 692967e72e0..5d174f76444 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.14 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,17 +65,17 @@
 
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-		  BIO *data, int flags)
+PKCS7 *
+PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
+    int flags)
 {
 	PKCS7 *p7;
 	int i;
 
-	if(!(p7 = PKCS7_new()))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+	if (!(p7 = PKCS7_new())) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
 		return NULL;
-		}
+	}
 
 	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
 		goto err;
@@ -83,22 +83,19 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 	if (!PKCS7_content_new(p7, NID_pkcs7_data))
 		goto err;
 
-    	if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
+	if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
 		goto err;
-		}
+	}
 
-	if(!(flags & PKCS7_NOCERTS))
-		{
-		for(i = 0; i < sk_X509_num(certs); i++)
-			{
+	if (!(flags & PKCS7_NOCERTS)) {
+		for (i = 0; i < sk_X509_num(certs); i++) {
 			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
 				goto err;
-			}
 		}
+	}
 
-	if(flags & PKCS7_DETACHED)
+	if (flags & PKCS7_DETACHED)
 		PKCS7_set_detached(p7, 1);
 
 	if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
@@ -107,164 +104,160 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 	if (PKCS7_final(p7, data, flags))
 		return p7;
 
-	err:
+err:
 	PKCS7_free(p7);
 	return NULL;
 }
 
-int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
-	{
+int
+PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+{
 	BIO *p7bio;
 	int ret = 0;
-	if (!(p7bio = PKCS7_dataInit(p7, NULL)))
-		{
-		PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE);
+
+	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+		PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 
 	SMIME_crlf_copy(data, p7bio, flags);
 
 	(void)BIO_flush(p7bio);
 
-
-        if (!PKCS7_dataFinal(p7,p7bio))
-		{
-		PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
+	if (!PKCS7_dataFinal(p7, p7bio)) {
+		PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
 		goto err;
-		}
+	}
 
 	ret = 1;
 
-	err:
+err:
 	BIO_free_all(p7bio);
 
 	return ret;
-
-	}
+}
 
 /* Check to see if a cipher exists and if so add S/MIME capabilities */
 
-static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-	{
+static int
+add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
 	if (EVP_get_cipherbynid(nid))
 		return PKCS7_simple_smimecap(sk, nid, arg);
 	return 1;
-	}
+}
 
-static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-	{
+static int
+add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
 	if (EVP_get_digestbynid(nid))
 		return PKCS7_simple_smimecap(sk, nid, arg);
 	return 1;
-	}
+}
 
-PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
-					EVP_PKEY *pkey, const EVP_MD *md,
-					int flags)
-	{
+PKCS7_SIGNER_INFO *
+PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
+    const EVP_MD *md, int flags)
+{
 	PKCS7_SIGNER_INFO *si = NULL;
 	STACK_OF(X509_ALGOR) *smcap = NULL;
-	if(!X509_check_private_key(signcert, pkey))
-		{
+
+	if (!X509_check_private_key(signcert, pkey)) {
 		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-			PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-		}
+		    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		return NULL;
+	}
 
-    	if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))
-		{
+	if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
 		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-				PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+		    PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
 		return NULL;
-		}
+	}
 
-	if(!(flags & PKCS7_NOCERTS))
-		{
+	if (!(flags & PKCS7_NOCERTS)) {
 		if (!PKCS7_add_certificate(p7, signcert))
 			goto err;
-		}
+	}
 
-	if(!(flags & PKCS7_NOATTR))
-		{
+	if (!(flags & PKCS7_NOATTR)) {
 		if (!PKCS7_add_attrib_content_type(si, NULL))
 			goto err;
 		/* Add SMIMECapabilities */
-		if(!(flags & PKCS7_NOSMIMECAP))
-			{
-			if(!(smcap = sk_X509_ALGOR_new_null()))
-				{
+		if (!(flags & PKCS7_NOSMIMECAP)) {
+			if (!(smcap = sk_X509_ALGOR_new_null())) {
 				PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-					ERR_R_MALLOC_FAILURE);
+				    ERR_R_MALLOC_FAILURE);
 				goto err;
-				}
-			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
-			|| !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
-			|| !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
-				|| !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
-			|| !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
-				|| !add_cipher_smcap(smcap, NID_des_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
-				|| !PKCS7_add_attrib_smimecap (si, smcap))
+			}
+			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
+			    !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+			    !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
+			    !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
+			    !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
+			    !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
+			    !add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
+			    !add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
+			    !add_cipher_smcap(smcap, NID_des_cbc, -1) ||
+			    !add_cipher_smcap(smcap, NID_rc2_cbc, 40) ||
+			    !PKCS7_add_attrib_smimecap (si, smcap))
 				goto err;
 			sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
 			smcap = NULL;
-			}
-		if (flags & PKCS7_REUSE_DIGEST)
-			{
+		}
+		if (flags & PKCS7_REUSE_DIGEST) {
 			if (!pkcs7_copy_existing_digest(p7, si))
 				goto err;
 			if (!(flags & PKCS7_PARTIAL) &&
-					!PKCS7_SIGNER_INFO_sign(si))
+			    !PKCS7_SIGNER_INFO_sign(si))
 				goto err;
-			}
 		}
+	}
 	return si;
-	err:
+
+err:
 	if (smcap)
 		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
 	return NULL;
-	}
+}
 
 /* Search for a digest matching SignerInfo digest type and if found
  * copy across.
  */
 
-static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
+static int
+pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
 	int i;
 	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
 	PKCS7_SIGNER_INFO *sitmp;
 	ASN1_OCTET_STRING *osdig = NULL;
+
 	sinfos = PKCS7_get_signer_info(p7);
-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-		{
+	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
 		sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
 		if (si == sitmp)
 			break;
 		if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
 			continue;
 		if (!OBJ_cmp(si->digest_alg->algorithm,
-				sitmp->digest_alg->algorithm))
-			{
+		    sitmp->digest_alg->algorithm)) {
 			osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
 			break;
-			}
-
 		}
 
+	}
+
 	if (osdig)
 		return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
 
 	PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
-			PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+	    PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
 	return 0;
-	}
+}
 
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-					BIO *indata, BIO *out, int flags)
+int
+PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
+    BIO *out, int flags)
 {
 	STACK_OF(X509) *signers;
 	X509 *signer;
@@ -272,23 +265,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	PKCS7_SIGNER_INFO *si;
 	X509_STORE_CTX cert_ctx;
 	char buf[4096];
-	int i, j=0, k, ret = 0;
+	int i, j = 0, k, ret = 0;
 	BIO *p7bio;
 	BIO *tmpin, *tmpout;
 
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
+	if (!p7) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
 		return 0;
 	}
 
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+	if (!PKCS7_type_is_signed(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
 		return 0;
 	}
 
 	/* Check for no data and no content: no data to verify signature */
-	if(PKCS7_get_detached(p7) && !indata) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+	if (PKCS7_get_detached(p7) && !indata) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
 		return 0;
 	}
 #if 0
@@ -297,56 +290,58 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	 */
 
 	/* Check for data and content: two sets of data */
-	if(!PKCS7_get_detached(p7) && indata) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+	if (!PKCS7_get_detached(p7) && indata) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
 		return 0;
 	}
 #endif
 
 	sinfos = PKCS7_get_signer_info(p7);
 
-	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+	if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
 		return 0;
 	}
 
 
 	signers = PKCS7_get0_signers(p7, certs, flags);
 
-	if(!signers) return 0;
+	if (!signers)
+		return 0;
 
 	/* Now verify the certificates */
 
-	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-		signer = sk_X509_value (signers, k);
-		if (!(flags & PKCS7_NOCHAIN)) {
-			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-							p7->d.sign->cert))
-				{
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+	if (!(flags & PKCS7_NOVERIFY))
+		for (k = 0; k < sk_X509_num(signers); k++) {
+			signer = sk_X509_value (signers, k);
+			if (!(flags & PKCS7_NOCHAIN)) {
+				if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
+				    p7->d.sign->cert)) {
+					PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+					sk_X509_free(signers);
+					return 0;
+				}
+				X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
+			} else if (!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+				PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
 				sk_X509_free(signers);
 				return 0;
-				}
-			X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
-		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-			sk_X509_free(signers);
-			return 0;
-		}
-		if (!(flags & PKCS7_NOCRL))
-			X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
-		i = X509_verify_cert(&cert_ctx);
-		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
-		X509_STORE_CTX_cleanup(&cert_ctx);
-		if (i <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_asprintf_error_data("Verify error:%s",
-					 X509_verify_cert_error_string(j));
-			sk_X509_free(signers);
-			return 0;
+			}
+			if (!(flags & PKCS7_NOCRL))
+				X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
+			i = X509_verify_cert(&cert_ctx);
+			if (i <= 0)
+				j = X509_STORE_CTX_get_error(&cert_ctx);
+			X509_STORE_CTX_cleanup(&cert_ctx);
+			if (i <= 0) {
+				PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+				ERR_asprintf_error_data("Verify error:%s",
+				    X509_verify_cert_error_string(j));
+				sk_X509_free(signers);
+				return 0;
+			}
+			/* Check for revocation status here */
 		}
-		/* Check for revocation status here */
-	}
 
 	/* Performance optimization: if the content is a memory BIO then
 	 * store its contents in a temporary read only memory BIO. This
@@ -354,45 +349,43 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	 * occur when reading from a read write memory BIO when signatures
 	 * are calculated.
 	 */
-
-	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-		{
+	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
 		char *ptr;
 		long len;
 		len = BIO_get_mem_data(indata, &ptr);
 		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+		if (tmpin == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
 		}
-	else
+	} else
 		tmpin = indata;
-		
 
-	if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
+
+	if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
 		goto err;
 
-	if(flags & PKCS7_TEXT) {
-		if(!(tmpout = BIO_new(BIO_s_mem()))) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+	if (flags & PKCS7_TEXT) {
+		if (!(tmpout = BIO_new(BIO_s_mem()))) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
 		BIO_set_mem_eof_return(tmpout, 0);
 	} else tmpout = out;
 
 	/* We now have to 'read' from p7bio to calculate digests etc. */
-	for (;;)
-	{
-		i=BIO_read(p7bio,buf,sizeof(buf));
-		if (i <= 0) break;
-		if (tmpout) BIO_write(tmpout, buf, i);
+	for (;;) {
+		i = BIO_read(p7bio, buf, sizeof(buf));
+		if (i <= 0)
+			break;
+		if (tmpout)
+			BIO_write(tmpout, buf, i);
 	}
 
-	if(flags & PKCS7_TEXT) {
-		if(!SMIME_text(tmpout, out)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+	if (flags & PKCS7_TEXT) {
+		if (!SMIME_text(tmpout, out)) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,
+			    PKCS7_R_SMIME_TEXT_ERROR);
 			BIO_free(tmpout);
 			goto err;
 		}
@@ -401,25 +394,24 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 
 	/* Now Verify All Signatures */
 	if (!(flags & PKCS7_NOSIGS))
-	    for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-		{
-		si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+		for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+		si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
 		signer = sk_X509_value (signers, i);
-		j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+		j = PKCS7_signatureVerify(p7bio, p7, si, signer);
 		if (j <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,
+			    PKCS7_R_SIGNATURE_FAILURE);
 			goto err;
 		}
 	}
 
 	ret = 1;
 
-	err:
-	
-	if (tmpin == indata)
-		{
-		if (indata) BIO_pop(p7bio);
-		}
+err:
+	if (tmpin == indata) {
+		if (indata)
+			BIO_pop(p7bio);
+	}
 	BIO_free_all(p7bio);
 
 	sk_X509_free(signers);
@@ -436,83 +428,84 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 	X509 *signer;
 	int i;
 
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
+	if (!p7) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+		    PKCS7_R_INVALID_NULL_POINTER);
 		return NULL;
 	}
 
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
+	if (!PKCS7_type_is_signed(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+		    PKCS7_R_WRONG_CONTENT_TYPE);
 		return NULL;
 	}
 
 	/* Collect all the signers together */
-
 	sinfos = PKCS7_get_signer_info(p7);
-
-	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
+	if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
 		return 0;
 	}
 
-	if(!(signers = sk_X509_new_null())) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+	if (!(signers = sk_X509_new_null())) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 
-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-	{
-	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-	    ias = si->issuer_and_serial;
-	    signer = NULL;
+	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+		si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+		ias = si->issuer_and_serial;
+		signer = NULL;
 		/* If any certificates passed they take priority */
-	    if (certs) signer = X509_find_by_issuer_and_serial (certs,
-					 	ias->issuer, ias->serial);
-	    if (!signer && !(flags & PKCS7_NOINTERN)
-			&& p7->d.sign->cert) signer =
-		              X509_find_by_issuer_and_serial (p7->d.sign->cert,
-					      	ias->issuer, ias->serial);
-	    if (!signer) {
-			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+		if (certs) signer = X509_find_by_issuer_and_serial (certs,
+		    ias->issuer, ias->serial);
+		if (!signer && !(flags & PKCS7_NOINTERN) &&
+		    p7->d.sign->cert) signer =
+			    X509_find_by_issuer_and_serial (p7->d.sign->cert,
+			    ias->issuer, ias->serial);
+		if (!signer) {
+			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+			    PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
 			sk_X509_free(signers);
 			return 0;
-	    }
+		}
 
-	    if (!sk_X509_push(signers, signer)) {
-		sk_X509_free(signers);
-		return NULL;
-	    }
+		if (!sk_X509_push(signers, signer)) {
+			sk_X509_free(signers);
+			return NULL;
+		}
 	}
 	return signers;
 }
 
-
 /* Build a complete PKCS#7 enveloped data */
 
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-								int flags)
+PKCS7 *
+PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+    int flags)
 {
 	PKCS7 *p7;
 	BIO *p7bio = NULL;
 	int i;
 	X509 *x509;
-	if(!(p7 = PKCS7_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+
+	if (!(p7 = PKCS7_new())) {
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 
 	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
 		goto err;
 	if (!PKCS7_set_cipher(p7, cipher)) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
 		goto err;
 	}
 
-	for(i = 0; i < sk_X509_num(certs); i++) {
+	for (i = 0; i < sk_X509_num(certs); i++) {
 		x509 = sk_X509_value(certs, i);
-		if(!PKCS7_add_recipient(p7, x509)) {
+		if (!PKCS7_add_recipient(p7, x509)) {
 			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-					PKCS7_R_ERROR_ADDING_RECIPIENT);
+			    PKCS7_R_ERROR_ADDING_RECIPIENT);
 			goto err;
 		}
 	}
@@ -523,37 +516,36 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 	if (PKCS7_final(p7, in, flags))
 		return p7;
 
-	err:
-
+err:
 	BIO_free_all(p7bio);
 	PKCS7_free(p7);
 	return NULL;
-
 }
 
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+int
+PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
 	BIO *tmpmem;
 	int ret, i;
 	char buf[4096];
 
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
+	if (!p7) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
 		return 0;
 	}
 
-	if(!PKCS7_type_is_enveloped(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+	if (!PKCS7_type_is_enveloped(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
 		return 0;
 	}
 
-	if(cert && !X509_check_private_key(cert, pkey)) {
+	if (cert && !X509_check_private_key(cert, pkey)) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		    PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
 		return 0;
 	}
 
-	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+	if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
 		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
 		return 0;
 	}
@@ -561,44 +553,40 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 	if (flags & PKCS7_TEXT) {
 		BIO *tmpbuf, *bread;
 		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-		if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+		if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
 			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
 			BIO_free_all(tmpmem);
 			return 0;
 		}
-		if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+		if (!(bread = BIO_push(tmpbuf, tmpmem))) {
 			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
 			BIO_free_all(tmpbuf);
 			BIO_free_all(tmpmem);
 			return 0;
 		}
 		ret = SMIME_text(bread, data);
-		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-			{
+		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
 			if (!BIO_get_cipher_status(tmpmem))
 				ret = 0;
-			}
+		}
 		BIO_free_all(bread);
 		return ret;
 	} else {
-		for(;;) {
+		for (;;) {
 			i = BIO_read(tmpmem, buf, sizeof(buf));
-			if(i <= 0)
-				{
+			if (i <= 0) {
 				ret = 1;
-				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-					{
+				if (BIO_method_type(tmpmem) ==
+				    BIO_TYPE_CIPHER) {
 					if (!BIO_get_cipher_status(tmpmem))
 						ret = 0;
-					}
-					
-				break;
 				}
-			if (BIO_write(data, buf, i) != i)
-				{
+				break;
+			}
+			if (BIO_write(data, buf, i) != i) {
 				ret = 0;
 				break;
-				}
+			}
 		}
 		BIO_free_all(tmpmem);
 		return ret;
diff --git a/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index 0f7c66c9750..a194e2dadc5 100644
--- a/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs7err.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: pkcs7err.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,120 +68,117 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
 
-static ERR_STRING_DATA PKCS7_str_functs[]=
-	{
-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},
-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},
-{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),	"DO_PKCS7_SIGNED_ATTRIB"},
-{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM),	"i2d_PKCS7_bio_stream"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),	"PKCS7_add0_attrib_signing_time"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),	"PKCS7_add_recipient_info"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE),	"PKCS7_add_signature"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),	"PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),	"PKCS7_BIO_ADD_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),	"PKCS7_COPY_EXISTING_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_CTRL),	"PKCS7_ctrl"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),	"PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),	"PKCS7_dataFinal"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),	"PKCS7_dataInit"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),	"PKCS7_DATASIGN"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),	"PKCS7_dataVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),	"PKCS7_decrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO),	"PKCS7_DECRYPT_RINFO"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO),	"PKCS7_ENCODE_RINFO"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),	"PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_FINAL),	"PKCS7_final"},
-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),	"PKCS7_FIND_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),	"PKCS7_get0_signers"},
-{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET),	"PKCS7_RECIP_INFO_set"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),	"PKCS7_set_cipher"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),	"PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),	"PKCS7_set_digest"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),	"PKCS7_set_type"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),	"PKCS7_SIGNER_INFO_set"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN),	"PKCS7_SIGNER_INFO_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),	"PKCS7_sign_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},
-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},
-{ERR_FUNC(PKCS7_F_SMIME_TEXT),	"SMIME_text"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS7_str_functs[]= {
+	{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},
+	{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},
+	{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),	"DO_PKCS7_SIGNED_ATTRIB"},
+	{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM),	"i2d_PKCS7_bio_stream"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),	"PKCS7_add0_attrib_signing_time"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),	"PKCS7_add_recipient_info"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE),	"PKCS7_add_signature"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),	"PKCS7_add_signer"},
+	{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),	"PKCS7_BIO_ADD_DIGEST"},
+	{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),	"PKCS7_COPY_EXISTING_DIGEST"},
+	{ERR_FUNC(PKCS7_F_PKCS7_CTRL),	"PKCS7_ctrl"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),	"PKCS7_dataDecode"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),	"PKCS7_dataFinal"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),	"PKCS7_dataInit"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),	"PKCS7_DATASIGN"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),	"PKCS7_dataVerify"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),	"PKCS7_decrypt"},
+	{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO),	"PKCS7_DECRYPT_RINFO"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO),	"PKCS7_ENCODE_RINFO"},
+	{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),	"PKCS7_encrypt"},
+	{ERR_FUNC(PKCS7_F_PKCS7_FINAL),	"PKCS7_final"},
+	{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),	"PKCS7_FIND_DIGEST"},
+	{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),	"PKCS7_get0_signers"},
+	{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET),	"PKCS7_RECIP_INFO_set"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),	"PKCS7_set_cipher"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),	"PKCS7_set_content"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),	"PKCS7_set_digest"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),	"PKCS7_set_type"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),	"PKCS7_SIGNER_INFO_set"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN),	"PKCS7_SIGNER_INFO_sign"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),	"PKCS7_sign_add_signer"},
+	{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},
+	{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},
+	{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},
+	{ERR_FUNC(PKCS7_F_SMIME_TEXT),	"SMIME_text"},
+	{0, NULL}
+};
 
-static ERR_STRING_DATA PKCS7_str_reasons[]=
-	{
-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
-{ERR_REASON(PKCS7_R_CTRL_ERROR)          ,"ctrl error"},
-{ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
-{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
-{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
-{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"},
-{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"},
-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
-{ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
-{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST)   ,"no default digest"},
-{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
-{ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},
-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"},
-{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"},
-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   ,"unknown operation"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  ,"wrong content type"},
-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    ,"wrong pkcs7 type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS7_str_reasons[]= {
+	{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+	{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"},
+	{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
+	{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"},
+	{ERR_REASON(PKCS7_R_CTRL_ERROR)          , "ctrl error"},
+	{ERR_REASON(PKCS7_R_DECODE_ERROR)        , "decode error"},
+	{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), "decrypted key is wrong length"},
+	{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       , "decrypt error"},
+	{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      , "digest failure"},
+	{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
+	{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "encryption not supported for this key type"},
+	{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
+	{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
+	{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   , "invalid mime type"},
+	{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
+	{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+	{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    , "mime parse error"},
+	{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+	{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
+	{ERR_REASON(PKCS7_R_NO_CONTENT)          , "no content"},
+	{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     , "no content type"},
+	{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST)   , "no default digest"},
+	{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), "no matching digest type found"},
+	{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"},
+	{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+	{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"},
+	{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"},
+	{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
+	{ERR_REASON(PKCS7_R_NO_SIGNERS)          , "no signers"},
+	{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) , "no sig content type"},
+	{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), "operation not supported on this type"},
+	{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
+	{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
+	{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     , "pkcs7 datafinal"},
+	{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
+	{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      , "pkcs7 datasign"},
+	{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   , "pkcs7 parse error"},
+	{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
+	{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
+	{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   , "signature failure"},
+	{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
+	{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
+	{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "signing not supported for this key type"},
+	{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+	{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    , "smime text error"},
+	{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), "unable to find certificate"},
+	{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
+	{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), "unable to find message digest"},
+	{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) , "unknown digest type"},
+	{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   , "unknown operation"},
+	{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
+	{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
+	{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  , "wrong content type"},
+	{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    , "wrong pkcs7 type"},
+	{0, NULL}
+};
 
 #endif
 
-void ERR_load_PKCS7_strings(void)
-	{
+void
+ERR_load_PKCS7_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PKCS7_str_functs);
-		ERR_load_strings(0,PKCS7_str_reasons);
-		}
-#endif
+	if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, PKCS7_str_functs);
+		ERR_load_strings(0, PKCS7_str_reasons);
 	}
+#endif
+}