svn rev #24248: branches/nss/src/lib/crypto/nss/ des/ enc_provider/ hash_provider/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Sat Aug 21 08:43:48 EDT 2010


http://src.mit.edu/fisheye/changelog/krb5/?cs=24248
Commit By: ghudson
Log Message:
Style pass over the NSS back end.



Changed Files:
U   branches/nss/src/lib/crypto/nss/des/des_int.h
U   branches/nss/src/lib/crypto/nss/des/des_oldapis.c
U   branches/nss/src/lib/crypto/nss/des/string2key.c
U   branches/nss/src/lib/crypto/nss/des/weak_key.c
U   branches/nss/src/lib/crypto/nss/enc_provider/aes.c
U   branches/nss/src/lib/crypto/nss/enc_provider/des.c
U   branches/nss/src/lib/crypto/nss/enc_provider/des3.c
U   branches/nss/src/lib/crypto/nss/enc_provider/enc_gen.c
U   branches/nss/src/lib/crypto/nss/enc_provider/enc_provider.h
U   branches/nss/src/lib/crypto/nss/enc_provider/rc4.c
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_crc32.c
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.c
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.h
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_md4.c
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_md5.c
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_provider.h
U   branches/nss/src/lib/crypto/nss/hash_provider/hash_sha1.c
U   branches/nss/src/lib/crypto/nss/hmac.c
U   branches/nss/src/lib/crypto/nss/md5/md5.c
U   branches/nss/src/lib/crypto/nss/md5/rsa-md5.h
U   branches/nss/src/lib/crypto/nss/nss_gen.h
U   branches/nss/src/lib/crypto/nss/pbkdf2.c
U   branches/nss/src/lib/crypto/nss/sha1/shs.c
U   branches/nss/src/lib/crypto/nss/sha1/shs.h
Modified: branches/nss/src/lib/crypto/nss/des/des_int.h
===================================================================
--- branches/nss/src/lib/crypto/nss/des/des_int.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/des/des_int.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_int.h
  *
@@ -53,7 +54,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* only do the whole thing once	 */
+/* only do the whole thing once  */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
 
@@ -91,7 +92,7 @@
 #define DES_UINT32 unsigned long
 #endif
 
-typedef unsigned char des_cblock[8] 	/* crypto-block size */
+typedef unsigned char des_cblock[8]     /* crypto-block size */
 KRB5INT_DES_DEPRECATED;
 
 /*
@@ -119,11 +120,11 @@
 typedef des_key_schedule mit_des_key_schedule;
 
 /* Triple-DES structures */
-typedef mit_des_cblock		mit_des3_cblock[3];
-typedef mit_des_key_schedule	mit_des3_key_schedule[3];
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
 
-#define MIT_DES_ENCRYPT	1
-#define MIT_DES_DECRYPT	0
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
 
 typedef struct mit_des_ran_key_seed {
     krb5_encrypt_block eblock;
@@ -132,22 +133,22 @@
 
 /* the first byte of the key is already in the keyblock */
 
-#define MIT_DES_BLOCK_LENGTH 		(8*sizeof(krb5_octet))
-#define	MIT_DES_CBC_CRC_PAD_MINIMUM	CRC32_CKSUM_LENGTH
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM     CRC32_CKSUM_LENGTH
 /* This used to be 8*sizeof(krb5_octet) */
-#define MIT_DES_KEYSIZE		 	8
+#define MIT_DES_KEYSIZE                 8
 
-#define MIT_DES_CBC_CKSUM_LENGTH	(4*sizeof(krb5_octet))
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
 
 /*
  * Check if k5-int.h has been included before us.  If so, then check to see
  * that our view of the DES key size is the same as k5-int.h's.
  */
-#ifdef	KRB5_MIT_DES_KEYSIZE
-#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef  KRB5_MIT_DES_KEYSIZE
+#if     MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif	/* KRB5_MIT_DES_KEYSIZE */
+#endif  /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif  /* KRB5_MIT_DES_KEYSIZE */
 #endif /* KRB5_MIT_DES__ */
 /*
  * End "mit-des.h"
@@ -163,9 +164,9 @@
 /* string2key.c */
 extern krb5_error_code mit_des_string_to_key
     ( const krb5_encrypt_block *,
-	       krb5_keyblock *, const krb5_data *, const krb5_data *);
+               krb5_keyblock *, const krb5_data *, const krb5_data *);
 extern krb5_error_code mit_des_string_to_key_int
-	(krb5_keyblock *, const krb5_data *, const krb5_data *);
+        (krb5_keyblock *, const krb5_data *, const krb5_data *);
 
 /* weak_key.c */
 extern int mit_des_is_weak_key (mit_des_cblock );
@@ -185,4 +186,4 @@
 /* XXX depends on FILE being a #define! */
 extern void test_set (FILE *, const char *, int, const char *, int);
 #endif
-#endif	/*DES_INTERNAL_DEFS*/
+#endif  /*DES_INTERNAL_DEFS*/

Modified: branches/nss/src/lib/crypto/nss/des/des_oldapis.c
===================================================================
--- branches/nss/src/lib/crypto/nss/des/des_oldapis.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/des/des_oldapis.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/des_oldapis.c
  *
@@ -33,8 +34,8 @@
 
 unsigned long
 mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
-		  unsigned long length, const mit_des_key_schedule schedule,
-		  const krb5_octet *ivec)
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
 {
     /* Unsupported operation */
     return KRB5_CRYPTO_INTERNAL;

Modified: branches/nss/src/lib/crypto/nss/des/string2key.c
===================================================================
--- branches/nss/src/lib/crypto/nss/des/string2key.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/des/string2key.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/string2key.c
  *
@@ -29,8 +30,8 @@
 #include "nss_gen.h"
 
 krb5_error_code
-mit_des_string_to_key_int (krb5_keyblock *key,
-			   const krb5_data *pw, const krb5_data *salt)
+mit_des_string_to_key_int(krb5_keyblock *key, const krb5_data *pw,
+                          const krb5_data *salt)
 {
     PK11SlotInfo *slot = NULL;
     PK11SymKey *symKey = NULL;
@@ -38,16 +39,17 @@
     SECItem paramsItem;
     CK_PBE_PARAMS pbe_params;
     CK_MECHANISM_TYPE pbeMech = CKM_NETSCAPE_PBE_SHA1_DES_CBC;
-    krb5_error_code ret = -1;
+    krb5_error_code ret;
     SECItem *keyData;
 
-    ret=k5_nss_init();
-    if (ret) return ret;
+    ret = k5_nss_init();
+    if (ret)
+        return ret;
 
     slot = PK11_GetBestSlot(pbeMech, NULL);
     if (slot == NULL) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
 
     pwItem.data = (unsigned char *)pw->data;
@@ -58,28 +60,26 @@
     paramsItem.data = (unsigned char *)&pbe_params;
     paramsItem.len = sizeof(pbe_params);
 
-    symKey = PK11_RawPBEKeyGen(slot, pbeMech, &paramsItem, &pwItem, 
-				PR_FALSE, NULL);
+    symKey = PK11_RawPBEKeyGen(slot, pbeMech, &paramsItem, &pwItem,
+                               PR_FALSE, NULL);
     if (symKey == NULL) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
     PK11_ExtractKeyValue(symKey);
     keyData = PK11_GetKeyData(symKey);
     if (!keyData) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
     key->length = keyData->len;
     memcpy(key->contents, keyData->data, key->length);
     ret = 0;
 
 loser:
-    if (symKey) {
-	PK11_FreeSymKey(symKey);
-    }
-    if (slot) {
-	PK11_FreeSlot(slot);
-    }
+    if (symKey)
+        PK11_FreeSymKey(symKey);
+    if (slot)
+        PK11_FreeSlot(slot);
     return ret;
 }

Modified: branches/nss/src/lib/crypto/nss/des/weak_key.c
===================================================================
--- branches/nss/src/lib/crypto/nss/des/weak_key.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/des/weak_key.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/weak_key.c
  *
@@ -76,8 +77,8 @@
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
-	    return 1;
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
     }
     return 0;
 }

Modified: branches/nss/src/lib/crypto/nss/enc_provider/aes.c
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/aes.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/aes.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/nss/enc_provider/aes.c
  *
@@ -33,46 +34,42 @@
 
 
 krb5_error_code
-krb5int_aes_encrypt(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-    int ret;
+    krb5_error_code ret;
+
     ret = k5_nss_gen_import(key, CKM_AES_CBC, CKA_ENCRYPT);
-    if (ret != 0) {
-	return ret;
-    }
-    return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_ENCRYPT, 
-				ivec, data, num_data);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_ENCRYPT,
+                              ivec, data, num_data);
 }
 
 krb5_error_code
-krb5int_aes_decrypt(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-    int ret;
+    krb5_error_code ret;
+
     ret = k5_nss_gen_import(key, CKM_AES_CBC, CKA_DECRYPT);
-    if (ret != 0) {
-	return ret;
-    }
-    return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_DECRYPT, 
-				ivec, data, num_data);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_cts_iov(key, CKM_AES_CBC, CKA_DECRYPT,
+                              ivec, data, num_data);
 }
 
 /*
  * perhaps we should store the NSS context in the krb5_data state here?
  */
 static krb5_error_code
-aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
-			krb5_data *state)
+aes_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+               krb5_data *state)
 {
     state->length = 16;
     state->data = (void *) malloc(16);
     if (state->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(state->data, 0, state->length);
     return 0;
 }

Modified: branches/nss/src/lib/crypto/nss/enc_provider/des.c
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/des.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/des.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/nss/enc_provider/des.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -58,18 +59,16 @@
 
 
 static krb5_error_code
-k5_des_encrypt_iov(krb5_key key,
-            const krb5_data *ivec,
-            krb5_crypto_iov *data,
-            size_t num_data)
+k5_des_encrypt_iov(krb5_key key, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
 {
-   int ret;
-   ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
-   if (ret != 0) {
-	return ret;
-   }
-   return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_ENCRYPT, 
-		ivec, data, num_data);
+    krb5_error_code ret;
+
+    ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_ENCRYPT,
+                                ivec, data, num_data);
 }
 
 static krb5_error_code
@@ -78,13 +77,13 @@
            krb5_crypto_iov *data,
            size_t num_data)
 {
-   int ret;
-   ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
-   if (ret != 0) {
-	return ret;
-   }
-   return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_DECRYPT, 
-		ivec, data, num_data);
+    krb5_error_code ret;
+
+    ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_DECRYPT,
+                                ivec, data, num_data);
 }
 
 const struct krb5_enc_provider krb5int_enc_des = {

Modified: branches/nss/src/lib/crypto/nss/enc_provider/des3.c
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/des3.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/des3.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/nss/enc_provider/des3.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -58,33 +59,29 @@
 
 
 static krb5_error_code
-k5_des3_encrypt_iov(krb5_key key,
-            const krb5_data *ivec,
-            krb5_crypto_iov *data,
-            size_t num_data)
+k5_des3_encrypt_iov(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-   int ret;
-   ret = k5_nss_gen_import(key, CKM_DES3_CBC, CKA_ENCRYPT);
-   if (ret != 0) {
-	return ret;
-   }
-   return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_ENCRYPT, 
-		ivec, data, num_data);
+    krb5_error_code ret;
+
+    ret = k5_nss_gen_import(key, CKM_DES3_CBC, CKA_ENCRYPT);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_ENCRYPT,
+                                ivec, data, num_data);
 }
 
 static krb5_error_code
-k5_des3_decrypt_iov(krb5_key key,
-           const krb5_data *ivec,
-           krb5_crypto_iov *data,
-           size_t num_data)
+k5_des3_decrypt_iov(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-   int ret;
+   krb5_error_code ret;
+
    ret = k5_nss_gen_import(key, CKM_DES3_CBC, CKA_ENCRYPT);
-   if (ret != 0) {
-	return ret;
-   }
-   return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_DECRYPT, 
-		ivec, data, num_data);
+   if (ret != 0)
+       return ret;
+   return k5_nss_gen_block_iov(key, CKM_DES3_CBC, CKA_DECRYPT,
+                               ivec, data, num_data);
 }
 
 const struct krb5_enc_provider krb5int_enc_des3 = {

Modified: branches/nss/src/lib/crypto/nss/enc_provider/enc_gen.c
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/enc_gen.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/enc_gen.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/nss/enc_provider/enc_gen.c
  *
@@ -26,7 +27,7 @@
  */
 
 /* compile options (should move to configure)... */
-#define USE_OPAQUE_KEYS 1 
+#define USE_OPAQUE_KEYS 1
 #define DO_FAST_XOR 1
 /*#define FAKE_FIPS 1  */
 
@@ -49,65 +50,61 @@
 #define MAX_BLOCK_SIZE 64
 
 
-krb5_error_code  
-k5_nss_map_error(int nss_error) 
-{ 
-     /* currently KRB5 does not define a full set CRYPTO failures.
-      * for now just use KRB5_CRYPTO_INTERNAL. We really should return
-      * errors for Not logged in, and maybe a few others */
-     return KRB5_CRYPTO_INTERNAL;
+krb5_error_code
+k5_nss_map_error(int nss_error)
+{
+    /* Currently KRB5 does not define a full set of CRYPTO failures.
+     * for now just use KRB5_CRYPTO_INTERNAL.  We really should return
+     * errors for Not logged in, and maybe a few others. */
+    return KRB5_CRYPTO_INTERNAL;
 }
 
-krb5_error_code  
-k5_nss_map_last_error() { 
-    return k5_nss_map_error(PORT_GetError()); 
+krb5_error_code
+k5_nss_map_last_error(void)
+{
+    return k5_nss_map_error(PORT_GetError());
 }
 
 static NSSInitContext *krb5_nss_init = NULL;
 
 /*
- * krb5 doesn't have a call into the crypto engine to initialize it, so 
- * we do it here. This code will try to piggyback on any application 
- * initialization done to NSS. Otherwise get get our one library init context.
+ * krb5 doesn't have a call into the crypto engine to initialize it, so we do
+ * it here.  This code will try to piggyback on any application initialization
+ * done to NSS.  Otherwise get our one library init context.
  */
 krb5_error_code
-k5_nss_init()
+k5_nss_init(void)
 {
 #ifdef LINUX
-   /* default to the system NSS */
+    /* Default to the system NSS. */
 #define NSS_KRB5_CONFIGDIR  "sql:/etc/pki/nssdb"
 #define NSS_KRB5_FLAGS   0
 #else
-   /* other platforms don't have a system NSS defined yet, do a nodb init */
+    /* Other platforms don't have a system NSS defined yet, do a nodb init. */
 #define NSS_KRB5_CONFIGDIR  NULL
 #define NSS_KRB5_FLAGS NSS_INIT_NOMODDB|NSS_INIT_NOCERTDB
 #endif
-   if (krb5_nss_init) {
-	/* we've already initialized NSS */
-	return 0;
-   }
-   if (NSS_IsInitialized()) {
-	/* someone else has initialized NSS */
-	return 0;
-   }
-   krb5_nss_init = NSS_InitContext(NSS_KRB5_CONFIGDIR, "", "", "", NULL,
-		    NSS_INIT_READONLY|NSS_INIT_NOROOTINIT|NSS_KRB5_FLAGS);
-   if (!krb5_nss_init) {
-	return k5_nss_map_last_error();
-   }
-   return 0;
+    if (krb5_nss_init)          /* We've already initialized NSS. */
+        return 0;
+    if (NSS_IsInitialized())    /* Someone else has initialized NSS. */
+        return 0;
+    krb5_nss_init = NSS_InitContext(NSS_KRB5_CONFIGDIR, "", "", "", NULL,
+                                    NSS_INIT_READONLY | NSS_INIT_NOROOTINIT |
+                                    NSS_KRB5_FLAGS);
+    if (!krb5_nss_init)
+        return k5_nss_map_last_error();
+    return 0;
 }
-  
 
 PK11Context *
 k5_nss_create_context(krb5_key krb_key, CK_MECHANISM_TYPE mechanism,
-		      CK_ATTRIBUTE_TYPE operation, SECItem * param)
+                      CK_ATTRIBUTE_TYPE operation, SECItem * param)
 {
 #ifdef USE_OPAQUE_KEYS
     PK11SymKey *key = (PK11SymKey *)krb_key->cache;
 
-    return  PK11_CreateContextBySymKey(mechanism, operation, key, param);
-#else 
+    return PK11_CreateContextBySymKey(mechanism, operation, key, param);
+#else
     PK11Context *ctx = NULL;
     PK11SlotInfo *slot;
     SECItem key;
@@ -115,45 +112,43 @@
     key.data = krb_key->keyblock.contents;
     key.len = krb_key->keyblock.length;
     slot = PK11_GetBestSlot(mechanism, NULL);
-    if (slot == NULL) {
-	return NULL;
-    }
-    ctx = PK11_CreateContextByRawKey(slot,mechanism, PK11_OriginGenerated, 
-		operation, &key, param, NULL);
+    if (slot == NULL)
+        return NULL;
+    ctx = PK11_CreateContextByRawKey(slot,mechanism, PK11_OriginGenerated,
+                operation, &key, param, NULL);
     PK11_FreeSlot(slot);
     return ctx;
 #endif
 }
 
 static void inline
-xor(unsigned char *x,  unsigned char *y, int size)
+xor(unsigned char *x, unsigned char *y, int size)
 {
     int i;
+
 #ifdef DO_FAST_XOR
 #define ALIGNED(x,type) (!(((size_t)(x))&(sizeof(type)-1)))
-    if (ALIGNED(x,unsigned long) && ALIGNED(y, unsigned long) 
-	&& ALIGNED(size, unsigned long)) {
-	unsigned long *ux = (unsigned long *)x;
-	unsigned long *uy = (unsigned long *)y;
-	for (i=0; i < (int)(size/sizeof(unsigned long)); i++) {
-	    *ux++ ^= *uy++;
-	}
-	return;
+    if (ALIGNED(x,unsigned long) && ALIGNED(y, unsigned long)
+        && ALIGNED(size, unsigned long)) {
+        unsigned long *ux = (unsigned long *)x;
+        unsigned long *uy = (unsigned long *)y;
+        for (i=0; i < (int)(size/sizeof(unsigned long)); i++) {
+            *ux++ ^= *uy++;
+        }
+        return;
     }
 #endif
     for (i=0; i < size; i++) {
-	*x++ ^= *y++;
+        *x++ ^= *y++;
     }
 }
 
 krb5_error_code
-k5_nss_gen_block_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+k5_nss_gen_block_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+                     CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
+                     krb5_crypto_iov *data, size_t num_data)
 {
-    int             ret = 0;
+    krb5_error_code ret = 0;
     PK11Context *ctx = NULL;
     SECStatus rv;
     SECItem *param = NULL;
@@ -167,7 +162,6 @@
     int lastblock = -1;
     int currentblock;
 
-
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
@@ -175,97 +169,88 @@
     assert(blocksize <= sizeof(storage));
 
     if (ivec && ivec->data) {
-	iv.data = (unsigned char *)ivec->data;
-	iv.len = ivec->length;
-	if (operation == CKA_DECRYPT) {
-	    int i, inputlength;
+        iv.data = (unsigned char *)ivec->data;
+        iv.len = ivec->length;
+        if (operation == CKA_DECRYPT) {
+            int i, inputlength;
 
-	    /* count the blocks so we know which block is last */
-	    for (i=0, inputlength=0; i < (int)num_data; i++) {
-		krb5_crypto_iov *iov=&data[i];
+            /* Count the blocks so we know which block is last. */
+            for (i = 0, inputlength = 0; i < (int)num_data; i++) {
+                krb5_crypto_iov *iov = &data[i];
 
-		if (ENCRYPT_IOV(iov)) {
-		    inputlength += iov->data.length;
-		}
-	    }
-	    lastblock = (inputlength/blocksize) -1;
-	}
+                if (ENCRYPT_IOV(iov))
+                    inputlength += iov->data.length;
+            }
+            lastblock = (inputlength/blocksize) -1;
+        }
     } else {
-	memset(iv0, 0, sizeof(iv0));
-	iv.data = iv0;
-	iv.len = blocksize;
+        memset(iv0, 0, sizeof(iv0));
+        iv.data = iv0;
+        iv.len = blocksize;
     }
     param = PK11_ParamFromIV(mech, &iv);
 
     ctx = k5_nss_create_context(krb_key, mech, operation, param);
     if (ctx == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
 
     for (currentblock = 0;;currentblock++) {
-        ptr = iov_next_block(storage, blocksize, data, num_data,
-                             &input_pos);
+        ptr = iov_next_block(storage, blocksize, data, num_data, &input_pos);
         if (ptr == NULL)
             break;
 
-	lastptr = NULL;
+        lastptr = NULL;
 
-	/* only set if we are decrypting */
-	if (lastblock == currentblock) {
-	    memcpy(ivec->data, ptr, blocksize);
-	}
+        /* only set if we are decrypting */
+        if (lastblock == currentblock)
+            memcpy(ivec->data, ptr, blocksize);
 
-	rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
-	if (rv != SECSuccess) {
-	    ret = k5_nss_map_last_error();
-	    break;
-	}
+        rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
+        if (rv != SECSuccess) {
+            ret = k5_nss_map_last_error();
+            break;
+        }
 
-	lastptr = ptr;
+        lastptr = ptr;
         iov_store_block(data, num_data, ptr, storage, blocksize,
                         &output_pos);
     }
-    
+
     if (lastptr && ivec && ivec->data && operation == CKA_ENCRYPT) {
-	memcpy(ivec->data, lastptr, blocksize);
+        memcpy(ivec->data, lastptr, blocksize);
     }
 done:
-    if (ctx) {
+    if (ctx)
          PK11_Finalize(ctx);
-    }
-
-    if (param) {
-	SECITEM_FreeItem(param, PR_TRUE);
-    }
+    if (param)
+        SECITEM_FreeItem(param, PR_TRUE);
     return ret;
 }
 
 krb5_error_code
 k5_nss_stream_init_state(krb5_data *new_state)
 {
-   new_state->data = NULL;
-   new_state->length = 0;
-   return 0;
+    new_state->data = NULL;
+    new_state->length = 0;
+    return 0;
 }
 
 krb5_error_code
 k5_nss_stream_free_state(krb5_data *state)
 {
-   if (state->length == (unsigned)-1 && state->data) {
-	PK11_Finalize((PK11Context *)state->data);
-   }
-   return 0;
+    if (state->length == (unsigned)-1 && state->data)
+        PK11_Finalize((PK11Context *)state->data);
+    return 0;
 }
 
 krb5_error_code
 k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
-			CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                      CK_MECHANISM_TYPE mech, CK_ATTRIBUTE_TYPE operation,
+                      krb5_crypto_iov *data, size_t num_data)
 {
-    int             ret = 0;
+    int ret = 0;
     PK11Context *ctx = NULL;
     SECStatus rv;
     SECItem  param;
@@ -276,51 +261,50 @@
     param.len = 0;
 
     if (state && state->data) {
-	ctx = (PK11Context *)state->data;
+        ctx = (PK11Context *)state->data;
     } else {
         ctx = k5_nss_create_context(krb_key, mech, operation, &param);
-	if (state && ctx) {
-	    state->data = (char *)ctx;
-	    state->length = -1; /* you don't get to copy this, */
-			        /* blow up if you try */
-	}
+        if (state && ctx) {
+            state->data = (char *)ctx;
+            state->length = -1; /* you don't get to copy this, */
+                                /* blow up if you try */
+        }
     }
     if (ctx == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
 
     for (i=0; i < (int)num_data; i++) {
-	int return_length;
-	iov = &data[i];
-	if (iov->data.length <= 0) break;
+        int return_length;
+        iov = &data[i];
+        if (iov->data.length <= 0)
+            break;
 
-	if (ENCRYPT_IOV(iov)) {
-	    rv = PK11_CipherOp(ctx, (unsigned char *)iov->data.data, 
-		&return_length, iov->data.length, 
-		(unsigned char *)iov->data.data, iov->data.length);
-	    if (rv != SECSuccess) {
-		ret = k5_nss_map_last_error();
-		goto done;
-	    }
-	    iov->data.length = return_length;
-	}
+        if (ENCRYPT_IOV(iov)) {
+            rv = PK11_CipherOp(ctx, (unsigned char *)iov->data.data,
+                               &return_length, iov->data.length,
+                               (unsigned char *)iov->data.data,
+                               iov->data.length);
+            if (rv != SECSuccess) {
+                ret = k5_nss_map_last_error();
+                goto done;
+            }
+            iov->data.length = return_length;
+        }
     }
 done:
-    if (!state && ctx) {
+    if (!state && ctx)
          PK11_Finalize(ctx);
-    }
     return ret;
 }
 
 krb5_error_code
-k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+                   CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
 {
-    int             ret = 0;
+    krb5_error_code ret = 0;
     PK11Context *ctx = NULL;
     SECStatus rv;
     SECItem *param = NULL;
@@ -346,167 +330,163 @@
     assert(blocksize <= sizeof(storage));
 
     if (ivec) {
-	iv.data = (unsigned char *)ivec->data;
-	iv.len = ivec->length;
+        iv.data = (unsigned char *)ivec->data;
+        iv.len = ivec->length;
     } else {
-	memset(iv0, 0, sizeof(iv0));
-	iv.data = iv0;
-	iv.len = blocksize;
+        memset(iv0, 0, sizeof(iv0));
+        iv.data = iv0;
+        iv.len = blocksize;
     }
     param = PK11_ParamFromIV(mech, &iv);
 
-    for (i=0, input_length=0; i < (int)num_data; i++) {
-	krb5_crypto_iov *iov=&data[i];
+    for (i = 0, input_length = 0; i < (int)num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov)) {
-	    input_length += iov->data.length;
-	}
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
-    /* must be at least a block or we fail */
+    /* Must be at least a block or we fail. */
     if (input_length < blocksize) {
-	ret = -1;
-	goto done;
+        ret = EINVAL;
+        goto done;
     }
 
     bulk_length = (input_length / blocksize)*blocksize;
     remainder = input_length - bulk_length;
-    /* do the block swap even if the input data is aligned, only
-     * drop it if we are encrypting exactly one block */
+    /* Do the block swap even if the input data is aligned, only
+     * drop it if we are encrypting exactly one block. */
     if (remainder == 0 && bulk_length != blocksize) {
-	remainder = blocksize;
-	bulk_length -= blocksize;
+        remainder = blocksize;
+        bulk_length -= blocksize;
     }
 
     ctx = k5_nss_create_context(krb_key, mech, operation, param);
     if (ctx == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
 
-    /* now we bulk encrypt each block in the loop. We need to know where
-     * to stop to do special processing. For single block operations
-     * we stop at the end. For all others we stop and the last second to last
-     * block (counting partial blocks). For decrypt operations we need to save
-     * cn-2 so we stop at the third to last block if it exists, Otherwise
-     * cn-2 = the iv */
+    /* Now we bulk encrypt each block in the loop.  We need to know where to
+     * stop to do special processing.  For single block operations we stop at
+     * the end.  For all others we stop and the last second to last block
+     * (counting partial blocks).  For decrypt operations we need to save cn-2
+     * so we stop at the third to last block if it exists, otherwise cn-2 = the
+     * iv. */
     lastblock = bulk_length;
     if (remainder) {
-	/* we need to process the last full block and last partitial block
-	 * differently */
-    	lastblock = bulk_length - blocksize;
-	if (operation == CKA_DECRYPT) {
-	    if (bulk_length > blocksize) {
-		/* stop at cn-2 so we can save it before going on */
-		lastblock = bulk_length - 2*blocksize;
-	    } else {
-		/* iv is cn-2, save it now, cn - 2 */
-		memcpy(recover1, iv.data, blocksize);
-		memcpy(recover2, iv.data, blocksize);
-	    }
-	}
-    } 
+        /* We need to process the last full block and last partitial block
+         * differently. */
+        lastblock = bulk_length - blocksize;
+        if (operation == CKA_DECRYPT) {
+            if (bulk_length > blocksize) {
+                /* Stop at cn-2 so we can save it before going on. */
+                lastblock = bulk_length - 2*blocksize;
+            } else {
+                /* iv is cn-2, save it now, cn - 2. */
+                memcpy(recover1, iv.data, blocksize);
+                memcpy(recover2, iv.data, blocksize);
+            }
+        }
+    }
     for (length = 0; length < lastblock; length += blocksize) {
         ptr = iov_next_block(storage, blocksize, data, num_data,
                              &input_pos);
         if (ptr == NULL)
             break;
 
-	rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
-	if (rv != SECSuccess) {
-	    ret = k5_nss_map_last_error();
-	    break;
-	}
+        rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
+        if (rv != SECSuccess) {
+            ret = k5_nss_map_last_error();
+            break;
+        }
 
         iov_store_block(data, num_data, ptr, storage, blocksize,
                         &output_pos);
     }
     if (remainder) {
-	if (operation == CKA_DECRYPT) {
-	    if (bulk_length > blocksize) {
-		/* we need to save cn-2 */
-        	ptr = iov_next_block(storage, blocksize, data, num_data,
-                             &input_pos);
-		if (ptr == NULL)
-		    goto done; /* shouldn't happen */
+        if (operation == CKA_DECRYPT) {
+            if (bulk_length > blocksize) {
+                /* we need to save cn-2 */
+                ptr = iov_next_block(storage, blocksize, data, num_data,
+                                     &input_pos);
+                if (ptr == NULL)
+                    goto done; /* shouldn't happen */
 
-		/* save cn-2 */
-		memcpy(recover1, ptr, blocksize);
-		memcpy(recover2, ptr, blocksize);
+                /* save cn-2 */
+                memcpy(recover1, ptr, blocksize);
+                memcpy(recover2, ptr, blocksize);
 
-		/* now process it as normal */
-		rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
-		if (rv != SECSuccess) {
-		    ret = k5_nss_map_last_error();
-		    goto done;
-		}
+                /* now process it as normal */
+                rv = PK11_CipherOp(ctx, ptr, &len, blocksize, ptr, blocksize);
+                if (rv != SECSuccess) {
+                    ret = k5_nss_map_last_error();
+                    goto done;
+                }
 
-		iov_store_block(data, num_data, ptr, storage, blocksize,
-                        &output_pos);
-	    }
-	}
-	/* fetch the last 2 blocks */
-	memset(block1, 0, blocksize); /* last block, could be partial */
-	krb5int_c_iov_get_block(block2, blocksize, data, num_data, &input_pos);
-	krb5int_c_iov_get_block(block1, remainder, data, num_data, &input_pos);
-	if (operation == CKA_DECRYPT) {
-	    /* recover1 and recover2 are xor values to recover the true
-	     * underlying data of the last 2 decrypts. This keeps us from having
-	     * to try to reset our IV to do the final decryption. */
-	    /* currently: block1 is cn || 0, block2 is cn-1. 
-	     * recover1 & recover2 is set to cn-2 */
-	    /* recover2 recovers pn || c' from p'n-1. The raw decrypted block 
-	     * will be p'n-1 xor with cn-2 while pn || c' = p'n-1 xor cn || 0.
-	     * recover2 is cn-2 xor cn || 0, so we can simple xor recover1 
-	     * with the raw decrypted block */
-	    /* recover1 recovers pn-1 from the raw decryption of cn || c'. 
-	     * the raw decrypt of cn || c' = p'n xor cn-1 while 
-	     * pn-1 = p'n xor cn-2
- 	     * recover1 is cn-2 xor cn-1, so we can simple xor recover 2 with 
-	     * the raw decrypt of cn||c' to get pn-1 */
-	    xor(recover1, block2, blocksize);
-	    xor(recover2, block1, blocksize);
-	    if (ivec && ivec->data) {
-		memcpy(ivec->data, block2, blocksize);
-	    }
-	}
-	rv = PK11_CipherOp(ctx, block2, &len, blocksize, block2, blocksize);
-	if (rv != SECSuccess) {
-	    ret = k5_nss_map_last_error();
-	    goto done;
-	}
-	if (operation == CKA_DECRYPT) {
-	    /* block2 now has p'n-1 xor cn-2 */
-	    xor(block2, recover2, blocksize);
-	    /* block 2 now has pn || c' */
-	    /* copy c' into cn || c' */
-	    memcpy(block1+remainder, block2+remainder, blocksize-remainder);
-	}
-	rv = PK11_CipherOp(ctx, block1, &len, blocksize, block1, blocksize);
-	if (rv != SECSuccess) {
-	    ret = k5_nss_map_last_error();
-	    goto done;
-	}
-	if (operation == CKA_DECRYPT) {
-	    /* block1 now has p'n xor cn-1 */
-	    xor(block1, recover1, blocksize);
-	   /* block 1 now has pn-1 */
-	} else {
-	    if (ivec && ivec->data) {
-		memcpy(ivec->data, block1, blocksize);
-	    }
-	}
-	krb5int_c_iov_put_block(data,num_data, block1, blocksize, &output_pos);
-	krb5int_c_iov_put_block(data,num_data, block2, remainder, &output_pos);
+                iov_store_block(data, num_data, ptr, storage, blocksize,
+                                &output_pos);
+            }
+        }
+        /* fetch the last 2 blocks */
+        memset(block1, 0, blocksize); /* last block, could be partial */
+        krb5int_c_iov_get_block(block2, blocksize, data, num_data, &input_pos);
+        krb5int_c_iov_get_block(block1, remainder, data, num_data, &input_pos);
+        if (operation == CKA_DECRYPT) {
+            /* recover1 and recover2 are xor values to recover the true
+             * underlying data of the last 2 decrypts. This keeps us from
+             * having to try to reset our IV to do the final decryption. */
+            /* Currently: block1 is cn || 0, block2 is cn-1.
+             * recover1 & recover2 is set to cn-2. */
+            /* recover2 recovers pn || c' from p'n-1. The raw decrypted block
+             * will be p'n-1 xor with cn-2 while pn || c' = p'n-1 xor cn || 0.
+             * recover2 is cn-2 xor cn || 0, so we can simple xor recover1
+             * with the raw decrypted block. */
+            /* recover1 recovers pn-1 from the raw decryption of cn || c'.
+             * the raw decrypt of cn || c' = p'n xor cn-1 while
+             * pn-1 = p'n xor cn-2
+             * recover1 is cn-2 xor cn-1, so we can simple xor recover 2 with
+             * the raw decrypt of cn||c' to get pn-1. */
+            xor(recover1, block2, blocksize);
+            xor(recover2, block1, blocksize);
+            if (ivec && ivec->data)
+                memcpy(ivec->data, block2, blocksize);
+        }
+        rv = PK11_CipherOp(ctx, block2, &len, blocksize, block2, blocksize);
+        if (rv != SECSuccess) {
+            ret = k5_nss_map_last_error();
+            goto done;
+        }
+        if (operation == CKA_DECRYPT) {
+            /* block2 now has p'n-1 xor cn-2. */
+            xor(block2, recover2, blocksize);
+            /* block 2 now has pn || c'. */
+            /* copy c' into cn || c'. */
+            memcpy(block1 + remainder, block2 + remainder,
+                   blocksize - remainder);
+        }
+        rv = PK11_CipherOp(ctx, block1, &len, blocksize, block1, blocksize);
+        if (rv != SECSuccess) {
+            ret = k5_nss_map_last_error();
+            goto done;
+        }
+        if (operation == CKA_DECRYPT) {
+            /* block1 now has p'n xor cn-1 */
+            xor(block1, recover1, blocksize);
+           /* block 1 now has pn-1 */
+        } else {
+            if (ivec && ivec->data) {
+                memcpy(ivec->data, block1, blocksize);
+            }
+        }
+        krb5int_c_iov_put_block(data,num_data, block1, blocksize, &output_pos);
+        krb5int_c_iov_put_block(data,num_data, block2, remainder, &output_pos);
     }
 
 done:
-    if (ctx) {
+    if (ctx)
          PK11_Finalize(ctx);
-    }
-
-    if (param) {
-	SECITEM_FreeItem(param, PR_TRUE);
-    }
+    if (param)
+        SECITEM_FreeItem(param, PR_TRUE);
     return ret;
 }
 
@@ -517,17 +497,17 @@
     PK11SymKey *key = (PK11SymKey *)krb_key->cache;
 
     if (key) {
-	PK11_FreeSymKey(key);
+        PK11_FreeSymKey(key);
         krb_key->cache = NULL;
-    } 
+    }
 #endif
 }
 
 krb5_error_code
-k5_nss_gen_import(krb5_key krb_key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation)
+k5_nss_gen_import(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+                  CK_ATTRIBUTE_TYPE operation)
 {
-    int             ret = 0;
+    krb5_error_code ret = 0;
 #ifdef USE_OPAQUE_KEYS
     PK11SymKey *key = (PK11SymKey *)krb_key->cache;
     PK11SlotInfo   *slot = NULL;
@@ -545,48 +525,51 @@
     SECStatus rv;
 #endif
 
-    if (key) { return 0; }
+    if (key)
+        return 0;
 
     ret = k5_nss_init();
-    if (ret) return ret;
+    if (ret)
+        return ret;
 
     slot = PK11_GetBestSlot(mech, NULL);
     if (slot == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
     raw_key.data = krb_key->keyblock.contents;
     raw_key.len = krb_key->keyblock.length;
 
 #ifdef FAKE_FIPS
-    /* first, fetch a wrapping key */
+    /* First, fetch a wrapping key. */
     wrapping_index = PK11_GetCurrentWrapIndex(slot);
     series = PK11_GetSlotSeries(slot);
-    wrapping_key =PK11_GetWrapKey(slot, wrapping_index, 
-		CKM_INVALID_MECHANISM, series, NULL);
+    wrapping_key = PK11_GetWrapKey(slot, wrapping_index,
+                                   CKM_INVALID_MECHANISM, series, NULL);
     if (wrapping_key == NULL) {
-	/* one doesn't exist, create one */
-	mechanism = PK11_GetBestWrapMechanism(slot);
-	keyLength = PK11_GetBestKeyLength(slot, mechanism);
-	wrapping_key = PK11_TokenKeyGenWithFlags(slot, mechanism, NULL, 
-				keyLength, NULL, CKF_UNWRAP|CKF_ENCRYPT, 0,
-				NULL);
-	if (!wrapping_key) {
-	    ret = k5_nss_map_last_error();
-	    goto done;
-	}
-	PK11_SetWrapKey(slot, wrapping_index, wrapping_key);
+        /* One doesn't exist, create one. */
+        mechanism = PK11_GetBestWrapMechanism(slot);
+        keyLength = PK11_GetBestKeyLength(slot, mechanism);
+        wrapping_key = PK11_TokenKeyGenWithFlags(slot, mechanism, NULL,
+                                                 keyLength, NULL,
+                                                 CKF_UNWRAP | CKF_ENCRYPT, 0,
+                                                 NULL);
+        if (!wrapping_key) {
+            ret = k5_nss_map_last_error();
+            goto done;
+        }
+        PK11_SetWrapKey(slot, wrapping_index, wrapping_key);
     }
 
-    /* now encrypt the data with the wrapping key */
+    /* Now encrypt the data with the wrapping key. */
     mechanism = PK11_GetMechanism(wrapping_key);
     params.data = NULL;
     params.len = 0;
-    ctx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT, 
-				     wrapping_key, &params);
+    ctx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT,
+                                     wrapping_key, &params);
     if (ctx == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
 
     wrapped_key.data = wrapped_key_data;
@@ -600,55 +583,52 @@
      * will use the length parameter to appropriately set the key.
      */
     if ((raw_key.len % blocksize) != 0) {
-	int keyblocks = (raw_key.len +(blocksize-1))/blocksize;
-	keyLength = keyblocks * blocksize;
-	assert(keyLength <= sizeof(padded_key_data));
-	memset(padded_key_data, 0, keyLength);
-	memcpy(padded_key_data,raw_key.data, raw_key.len);
-	raw_key.data = padded_key_data;
+        int keyblocks = (raw_key.len + (blocksize - 1)) / blocksize;
+        keyLength = keyblocks * blocksize;
+        assert(keyLength <= sizeof(padded_key_data));
+        memset(padded_key_data, 0, keyLength);
+        memcpy(padded_key_data, raw_key.data, raw_key.len);
+        raw_key.data = padded_key_data;
     }
-    rv = PK11_CipherOp(ctx, wrapped_key.data, (int *)&wrapped_key.len, 
-		sizeof(wrapped_key_data), raw_key.data, keyLength);
+    rv = PK11_CipherOp(ctx, wrapped_key.data, (int *)&wrapped_key.len,
+                       sizeof(wrapped_key_data), raw_key.data, keyLength);
     if (keyLength != raw_key.len) {
-	/* clear our copy of the key bits */
-	memset(padded_key_data, 0, keyLength);
+        /* Clear our copy of the key bits. */
+        memset(padded_key_data, 0, keyLength);
     }
     if (rv != SECSuccess) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
     PK11_Finalize(ctx);
     ctx = NULL;
 
-    /* now now we have a 'wrapped' version of the, we can import it into
+    /* Now now we have a 'wrapped' version of the, we can import it into
      * the token without running afoul with FIPS. */
-    key = PK11_UnwrapSymKey(wrapping_key, mechanism, &params, &wrapped_key, 
-			mech, operation, raw_key.len);
+    key = PK11_UnwrapSymKey(wrapping_key, mechanism, &params, &wrapped_key,
+                        mech, operation, raw_key.len);
 #else
-    key = PK11_ImportSymKey(slot, mech, PK11_OriginGenerated, operation, 
-			    &raw_key, NULL);
+    key = PK11_ImportSymKey(slot, mech, PK11_OriginGenerated, operation,
+                            &raw_key, NULL);
 #endif
     if (key == NULL) {
-	ret = k5_nss_map_last_error();
-	goto done;
+        ret = k5_nss_map_last_error();
+        goto done;
     }
     krb_key->cache = (void *) key;
 
 done:
-    if (slot) {
-	PK11_FreeSlot(slot);
-    }
+    if (slot)
+        PK11_FreeSlot(slot);
 #ifdef FAKE_FIPS
-    if (ctx) {
-	PK11_Finalize(ctx);
-    }
-    if (wrapping_key) {
-	PK11_FreeSymKey(wrapping_key);
-    }
+    if (ctx)
+        PK11_Finalize(ctx);
+    if (wrapping_key)
+        PK11_FreeSymKey(wrapping_key);
 #endif
 
 #else
     ret = k5_nss_init();
-#endif    
+#endif
     return ret;
 }

Modified: branches/nss/src/lib/crypto/nss/enc_provider/enc_provider.h
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/enc_provider.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/enc_provider.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *

Modified: branches/nss/src/lib/crypto/nss/enc_provider/rc4.c
===================================================================
--- branches/nss/src/lib/crypto/nss/enc_provider/rc4.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/enc_provider/rc4.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*  lib/crypto/nss/enc_provider/rc4.c
  *
  * #include STD_DISCLAIMER
@@ -45,54 +46,49 @@
 
 /* In-place IOV crypto */
 static krb5_error_code
-k5_arcfour_encrypt_iov(krb5_key key,
-               const krb5_data *state,
-               krb5_crypto_iov *data,
-               size_t num_data)
+k5_arcfour_encrypt_iov(krb5_key key, const krb5_data *state,
+                       krb5_crypto_iov *data, size_t num_data)
 {
-    int ret;
+    krb5_error_code ret;
+
     ret = k5_nss_gen_import(key, CKM_RC4, CKA_ENCRYPT);
-    if (ret != 0) {
-	return ret;
-    }
-    return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_ENCRYPT, 
-				 data, num_data);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_ENCRYPT,
+                                 data, num_data);
 }
 
 /* In-place IOV crypto */
 static krb5_error_code
-k5_arcfour_decrypt_iov(krb5_key key,
-               const krb5_data *state,
-               krb5_crypto_iov *data,
-               size_t num_data)
+k5_arcfour_decrypt_iov(krb5_key key, const krb5_data *state,
+                       krb5_crypto_iov *data, size_t num_data)
 {
-    int ret;
+    krb5_error_code ret;
+
     ret = k5_nss_gen_import(key, CKM_RC4, CKA_DECRYPT);
-    if (ret != 0) {
-	return ret;
-    }
-    return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_DECRYPT, 
-				 data, num_data);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_stream_iov(key, state, CKM_RC4, CKA_DECRYPT,
+                                 data, num_data);
 }
 
 static krb5_error_code
-k5_arcfour_free_state ( krb5_data *state)
+k5_arcfour_free_state(krb5_data *state)
 {
-   return k5_nss_stream_free_state(state);
+    return k5_nss_stream_free_state(state);
 }
 
 static krb5_error_code
-k5_arcfour_init_state (const krb5_keyblock *key,
-                       krb5_keyusage keyusage, krb5_data *new_state)
+k5_arcfour_init_state(const krb5_keyblock *key,
+                      krb5_keyusage keyusage, krb5_data *new_state)
 {
-   /* key can't quite be used here. see comment in k5_arcfour_init_state */
-   return k5_nss_stream_init_state(new_state);
-
+    /* key can't quite be used here.  See comment in k5_arcfour_init_state. */
+    return k5_nss_stream_init_state(new_state);
 }
 
 const struct krb5_enc_provider krb5int_enc_arcfour = {
     /* This seems to work... although I am not sure what the
-       implications are in other places in the kerberos library */
+       implications are in other places in the kerberos library. */
     RC4_BLOCK_SIZE,
     /* Keysize is arbitrary in arcfour, but the constraints of the
        system, and to attempt to work with the MSFT system forces us
@@ -103,7 +99,7 @@
     k5_arcfour_decrypt_iov,
     NULL,
     krb5int_arcfour_make_key,
-    k5_arcfour_init_state, 
+    k5_arcfour_init_state,
     k5_arcfour_free_state,
     k5_nss_gen_cleanup
 };

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_crc32.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_crc32.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_crc32.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -36,18 +37,18 @@
     unsigned int i;
 
     if (output->length != CRC32_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     c = 0;
     for (i=0; i < num_data; i++) {
-	const krb5_crypto_iov *iov=&data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (SIGN_IOV(iov))
-		mit_crc32(iov->data.data, iov->data.length, &c);
+        if (SIGN_IOV(iov))
+            mit_crc32(iov->data.data, iov->data.length, &c);
     }
 
     store_32_le(c, output->data);
-    return(0);
+    return 0;
 }
 
 const struct krb5_hash_provider krb5int_hash_crc32 = {

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2010 Red Hat, Inc.
  *
@@ -31,34 +32,36 @@
 
 krb5_error_code
 k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
-	    size_t num_data, krb5_data *output)
+                size_t num_data, krb5_data *output)
 {
     unsigned int i;
     HASHContext *ctx;
     krb5_error_code ret;
 
     ret = k5_nss_init();
-    if (ret) return ret;
+    if (ret)
+        return ret;
 
     if (output->length != HASH_ResultLen(hashType))
-	return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     ctx = HASH_Create(hashType);
-    if (!ctx) 
-	return(ENOMEM);
+    if (!ctx)
+        return ENOMEM;
 
     HASH_Begin(ctx);
     for (i=0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (iov->data.length && SIGN_IOV(iov))
-	    HASH_Update(ctx, (unsigned char *) iov->data.data, 
-			iov->data.length);
+        if (iov->data.length && SIGN_IOV(iov)) {
+            HASH_Update(ctx, (unsigned char *) iov->data.data,
+                        iov->data.length);
+        }
     }
 
-    HASH_End(ctx, (unsigned char *)output->data, 
-		&output->length, output->length);
+    HASH_End(ctx, (unsigned char *)output->data,
+             &output->length, output->length);
 
-    return(0);
+    return 0;
 }
 

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.h
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_gen.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2010 Red Hat, Inc.
  *
@@ -27,7 +28,5 @@
 #include "sechash.h"
 #include "k5-int.h"
 
-krb5_error_code k5_nss_gen_hash(HASH_HashType hashType, unsigned int icount, 
-	    const krb5_data *input,
-	    krb5_data *output);
-
+krb5_error_code k5_nss_gen_hash(HASH_HashType hashType, unsigned int icount,
+                                const krb5_data *input, krb5_data *output);

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_md4.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_md4.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_md4.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2010 Red Hat, Inc.
  *
@@ -32,21 +33,20 @@
 static krb5_error_code
 k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
-   krb5_MD4_CTX ctx;
-   unsigned long i;
+    krb5_MD4_CTX ctx;
+    unsigned long i;
 
-   if (output->length != RSA_MD4_CKSUM_LENGTH) {
-	return KRB5_CRYPTO_INTERNAL;
-   }
+    if (output->length != RSA_MD4_CKSUM_LENGTH)
+        return KRB5_CRYPTO_INTERNAL;
 
-   krb5int_MD4Init(&ctx);
-   for (i=0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+    krb5int_MD4Init(&ctx);
+    for (i=0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (SIGN_IOV(iov)) {
-	    krb5int_MD4Update(&ctx, (unsigned char *)iov->data.data,
-				iov->data.length);
-	}
+        if (SIGN_IOV(iov)) {
+            krb5int_MD4Update(&ctx, (unsigned char *)iov->data.data,
+                              iov->data.length);
+        }
     }
     krb5int_MD4Final(&ctx);
 

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_md5.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_md5.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_md5.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2010 Red Hat, Inc.
  *
@@ -31,7 +32,6 @@
 static krb5_error_code
 k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
-    
     return k5_nss_gen_hash(HASH_AlgMD5, data, num_data, output);
 }
 

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_provider.h
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_provider.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_provider.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *

Modified: branches/nss/src/lib/crypto/nss/hash_provider/hash_sha1.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hash_provider/hash_sha1.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hash_provider/hash_sha1.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2010 Red Hat, Inc.
  *
@@ -31,7 +32,6 @@
 static krb5_error_code
 k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
-    
     return k5_nss_gen_hash(HASH_AlgSHA1, data, num_data, output);
 }
 

Modified: branches/nss/src/lib/crypto/nss/hmac.c
===================================================================
--- branches/nss/src/lib/crypto/nss/hmac.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/hmac.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hmac.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -77,34 +78,29 @@
 
     /* use strcmp so we don't confuse SHA1 with SHA128 */
     /* handle the obvious cases first */
-    if (!strcmp(hash->hash_name, "SHA1")) {
-	return CKM_SHA_1_HMAC;
-    }
-    if (!strcmp(hash->hash_name, "MD5")) {
-	return CKM_MD5_HMAC;
-    } 
+    if (!strcmp(hash->hash_name, "SHA1"))
+        return CKM_SHA_1_HMAC;
+    if (!strcmp(hash->hash_name, "MD5"))
+        return CKM_MD5_HMAC;
     /* the following coudes needs HASH_GetHMACOidTagByHashOidTag() to be
      * exported before it will work */
 #ifdef NSS_LOOKUP_STRING
     /* See if the currently loaded version of NSS recognizes this hash */
     hmacTag = SEC_OID_UNKNOWN;
     for (hashTag=1; (oid=SECOID_FindOIDByTag(hashTag)) != NULL; hashTag++) {
-	if (oid->mechanism == CKM_INVALID_MECHANISM) {
-	    continue;
-	}
-	if (!strcasecmp(oid->desc, hash->hash_name)) {
-	    continue;
-	}
-	/* now map the hash oid to an hmac oid */
-    	hmacTag = HASH_GetHMACOidTagByHashOidTag(hashTag);
+        if (oid->mechanism == CKM_INVALID_MECHANISM)
+            continue;
+        if (!strcasecmp(oid->desc, hash->hash_name))
+            continue;
+        /* now map the hash oid to an hmac oid */
+        hmacTag = HASH_GetHMACOidTagByHashOidTag(hashTag);
                   HASH_GetHMACOidTagByHashOidTag
-	if (hmacTag != SEC_OID_UNKNOWN) {
-	    break;
-	}
+        if (hmacTag != SEC_OID_UNKNOWN)
+            break;
     }
     oid = SECOID_FindOIDByTag(hmacTag);
     if (oid) {
-	return oid->mechanism;
+        return oid->mechanism;
     }
 #endif
     return CKM_INVALID_MECHANISM;
@@ -112,8 +108,7 @@
 
 krb5_error_code
 krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
-                          const krb5_crypto_iov *data, size_t num_data,
-                          krb5_data *output)
+             const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     unsigned int i = 0;
     CK_MECHANISM_TYPE mech;
@@ -123,71 +118,69 @@
     SECItem param;
 
     if (output->length < hash->hashsize)
-        return(KRB5_BAD_MSIZE);
+        return KRB5_BAD_MSIZE;
 
     mech = digest_to_hmac(hash);
     if (mech == CKM_INVALID_MECHANISM)
-        return(KRB5_CRYPTO_INTERNAL); // unsupported alg
+        return KRB5_CRYPTO_INTERNAL; /* unsupported alg */
 
-   ret = k5_nss_gen_import(key, mech, CKA_SIGN);
-   if (ret != 0) {
-	return ret;
-   }
+    ret = k5_nss_gen_import(key, mech, CKA_SIGN);
+    if (ret != 0)
+        return ret;
 
     param.data = NULL;
     param.len = 0;
     ctx = k5_nss_create_context(key, mech, CKA_SIGN, &param);
-    if (ctx == NULL) {
-	goto fail;
-    }
+    if (ctx == NULL)
+        goto fail;
 
     rv = PK11_DigestBegin(ctx);
-    if (rv != SECSuccess) goto fail;
+    if (rv != SECSuccess)
+        goto fail;
 
     for (i=0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (iov->data.length && SIGN_IOV(iov)) {
-            rv = PK11_DigestOp(ctx,(const unsigned char*)iov->data.data, 
-				iov->data.length);
-	    if (rv != SECSuccess) goto fail;
-	}
+        if (iov->data.length && SIGN_IOV(iov)) {
+            rv = PK11_DigestOp(ctx,(const unsigned char*)iov->data.data,
+                               iov->data.length);
+            if (rv != SECSuccess)
+                goto fail;
+        }
 
     }
     rv = PK11_DigestFinal(ctx, (unsigned char *) output->data, &output->length,
-		output->length);
+                          output->length);
     ctx = NULL;
-    if (rv != SECSuccess) goto fail;
+    if (rv != SECSuccess)
+        goto fail;
 
     return 0;
 fail:
     ret = k5_nss_map_last_error();
-    if (ctx) {
-	PK11_Finalize(ctx);
-    }
+    if (ctx)
+        PK11_Finalize(ctx);
     return ret;
 }
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-                          const krb5_keyblock *keyblock,
-                          const krb5_crypto_iov *data, size_t num_data,
-                          krb5_data *output)
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
 {
     krb5_key key;
     krb5_error_code code;
 
     if (keyblock->length > hash->blocksize)
-        return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     memset(&key, 0, sizeof(key));
 
     code = krb5_k_create_key(NULL, keyblock, &key);
-    if (code) {
-	return code;
-    }
+    if (code)
+        return code;
     code = krb5int_hmac(hash, key, data, num_data, output);
     krb5_k_free_key(NULL, key);
     return code;
 }
-

Modified: branches/nss/src/lib/crypto/nss/md5/md5.c
===================================================================
--- branches/nss/src/lib/crypto/nss/md5/md5.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/md5/md5.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/md5.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -29,50 +30,45 @@
 #include "nss_gen.h"
 
 
-/* The routine krb5int_MD5Init initializes the message-digest context
-   mdContext.
- */
+/* Initialize the message-digest context mdContext. */
 void
-krb5int_MD5Init (krb5_MD5_CTX *mdContext)
+krb5int_MD5Init(krb5_MD5_CTX *mdContext)
 {
     if (k5_nss_init()) {
-	mdContext->nss_ctxt = NULL;
-	return;
+        mdContext->nss_ctxt = NULL;
+        return;
     }
     mdContext->nss_ctxt = PK11_CreateDigestContext(SEC_OID_MD5);
-    if (mdContext->nss_ctxt == NULL) {
-	return;
-    }
+    if (mdContext->nss_ctxt == NULL)
+        return;
     PK11_DigestBegin((PK11Context *)mdContext->nss_ctxt);
 }
 
-/* The routine krb5int_MD5Update updates the message-digest context to
-   account for the presence of each of the characters inBuf[0..inLen-1]
-   in the message whose digest is being computed.
+/*
+ * Update the message-digest context to account for the presence of each of the
+ * characters inBuf[0..inLen-1] in the message whose digest is being computed.
  */
 void
-krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+krb5int_MD5Update(krb5_MD5_CTX *mdContext, const unsigned char *inBuf,
+                  unsigned int inLen)
 {
-   if (mdContext->nss_ctxt == NULL) {
-	return;
-   }
+   if (mdContext->nss_ctxt == NULL)
+        return;
    PK11_DigestOp((PK11Context *)mdContext->nss_ctxt, inBuf, inLen);
 }
 
-/* The routine krb5int_MD5Final terminates the message-digest computation and
-   ends with the desired message digest in mdContext->digest[0...15].
- */
+/* Terminate the message-digest computation and end with the desired message
+ * digest in mdContext->digest[0...15]. */
 void
-krb5int_MD5Final (krb5_MD5_CTX *mdContext)
+krb5int_MD5Final(krb5_MD5_CTX *mdContext)
 {
    unsigned int digestLength;
 
-   if (mdContext->nss_ctxt == NULL) {
-	return;
-   }
-   PK11_DigestFinal((PK11Context *)mdContext->nss_ctxt, mdContext->digest, 
-		&digestLength, sizeof (mdContext->digest));
-   /* since there is not separate cleanup step, free the context now. 
+   if (mdContext->nss_ctxt == NULL)
+        return;
+   PK11_DigestFinal((PK11Context *)mdContext->nss_ctxt, mdContext->digest,
+                    &digestLength, sizeof (mdContext->digest));
+   /* since there is not separate cleanup step, free the context now.
     * (otherwise we could have reused the context for another MD5 operation
     * in the future).
     */

Modified: branches/nss/src/lib/crypto/nss/md5/rsa-md5.h
===================================================================
--- branches/nss/src/lib/crypto/nss/md5/rsa-md5.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/md5/rsa-md5.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/rsa-md5.h
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -77,7 +78,8 @@
 } krb5_MD5_CTX;
 
 extern void krb5int_MD5Init(krb5_MD5_CTX *);
-extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
+extern void krb5int_MD5Update(krb5_MD5_CTX *, const unsigned char *,
+                              unsigned int);
 extern void krb5int_MD5Final(krb5_MD5_CTX *);
 
 #define    RSA_MD5_CKSUM_LENGTH            16

Modified: branches/nss/src/lib/crypto/nss/nss_gen.h
===================================================================
--- branches/nss/src/lib/crypto/nss/nss_gen.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/nss_gen.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  *
  * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
@@ -34,64 +35,62 @@
 #define MAX_BLOCK_SIZE 64
 
 /*
- * common nss utils
+ * Common nss utils
  */
-/* Make sure NSS is properly initialized */
+
+/* Make sure NSS is properly initialized. */
 krb5_error_code k5_nss_init(void);
 
-/* import a key into NSS and store the handle in krb5_key */
+/* Import a key into NSS and store the handle in krb5_key. */
 krb5_error_code
-k5_nss_gen_import(krb5_key key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation);
-/* clean up an imported key */
+k5_nss_gen_import(krb5_key key, CK_MECHANISM_TYPE mech,
+                  CK_ATTRIBUTE_TYPE operation);
+
+/* Clean up an imported key. */
 void
 k5_nss_gen_cleanup(krb5_key key);
 
-/* create a new crypto/hash/sign context from a krb5_key */
+/* Create a new crypto/hash/sign context from a krb5_key. */
 PK11Context *
 k5_nss_create_context(krb5_key krb_key, CK_MECHANISM_TYPE mechanism,
-			CK_ATTRIBUTE_TYPE operation, SECItem * param);
+                      CK_ATTRIBUTE_TYPE operation, SECItem * param);
 
-/* mapp and NSS error into a krb5_error_code */
-krb5_error_code k5_nss_map_error (int nss_error);
-krb5_error_code k5_nss_map_last_error (void);
+/* Map an NSS error into a krb5_error_code. */
+krb5_error_code k5_nss_map_error(int nss_error);
+krb5_error_code k5_nss_map_last_error(void);
 
 
 /*
- * common encryption functions
+ * Common encryption functions
  */
-/* encrypt/decrypt block modes except cts using iov */
+
+/* Encrypt/decrypt block modes except cts using iov. */
 krb5_error_code
-k5_nss_gen_block_iov(krb5_key key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data);
-/* encrypt/decrypt stream modes using iov */
+k5_nss_gen_block_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+                     CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
+                     krb5_crypto_iov *data, size_t num_data);
+
+/* Encrypt/decrypt stream modes using iov. */
 krb5_error_code
-k5_nss_gen_stream_iov(krb5_key key, krb5_data *state,
-			CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        krb5_crypto_iov *data,
-		        size_t num_data);
-/* encrypt/decrypt block modes using cts */
-krb5_error_code
-k5_nss_gen_cts_iov(krb5_key key, CK_MECHANISM_TYPE mech, 
-		        CK_ATTRIBUTE_TYPE operation,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data);
+k5_nss_gen_stream_iov(krb5_key key, krb5_data *state, CK_MECHANISM_TYPE mech,
+                      CK_ATTRIBUTE_TYPE operation, krb5_crypto_iov *data,
+                      size_t num_data);
 
-/* stream state management calls */
+/* Encrypt/decrypt block modes using cts. */
 krb5_error_code
-k5_nss_stream_init_state(krb5_data *new_state);
-krb5_error_code
-k5_nss_stream_free_state(krb5_data *state);
+k5_nss_gen_cts_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+                   CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data);
 
+/* Stream state management calls. */
+krb5_error_code k5_nss_stream_init_state(krb5_data *new_state);
+krb5_error_code k5_nss_stream_free_state(krb5_data *state);
+
 /*
- * common hash functions
+ * Common hash functions
  */
-/* all hash modes */
-krb5_error_code 
+
+/* All hash modes. */
+krb5_error_code
 k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
-			size_t num_data, krb5_data *output);
+                size_t num_data, krb5_data *output);

Modified: branches/nss/src/lib/crypto/nss/pbkdf2.c
===================================================================
--- branches/nss/src/lib/crypto/nss/pbkdf2.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/pbkdf2.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/nss/pbkdf2.c
  *
@@ -24,8 +25,7 @@
  * or implied warranty.
  *
  *
- * Implementation of PBKDF2 from RFC 2898.
- * Not currently used; likely to be used when we get around to AES support.
+ * Implementation of PBKDF2 using NSS.
  */
 
 #include <ctype.h>
@@ -36,8 +36,8 @@
 
 
 krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt)
+krb5int_pbkdf2_hmac_sha1(const krb5_data *out, unsigned long count,
+                         const krb5_data *pass, const krb5_data *salt)
 {
 
     PK11SlotInfo *slot = NULL;
@@ -45,18 +45,18 @@
     PK11SymKey *symKey = NULL;
     SECItem saltItem, pwItem;
     const SECItem *keydata = NULL;
-    SECOidTag  pbeAlg = SEC_OID_PKCS5_PBKDF2;
-    SECOidTag  cipherAlg = SEC_OID_AES_256_CBC; 
-    SECOidTag  prfAlg = SEC_OID_HMAC_SHA1;
+    SECOidTag pbeAlg = SEC_OID_PKCS5_PBKDF2;
+    SECOidTag cipherAlg = SEC_OID_AES_256_CBC;
+    SECOidTag prfAlg = SEC_OID_HMAC_SHA1;
     krb5_error_code ret;
 
     ret = k5_nss_init();
-    if (ret) return ret;
+    if (ret)
+        return ret;
 
     slot = PK11_GetBestSlot(PK11_AlgtagToMechanism(pbeAlg), NULL);
-    if (slot == NULL) {
-	return k5_nss_map_last_error();
-    }
+    if (slot == NULL)
+        return k5_nss_map_last_error();
 
     saltItem.type = siBuffer;
     saltItem.data = (unsigned char *)salt->data;
@@ -68,10 +68,10 @@
      * Kerberos already had to solve it's crypto agility issues, so the
      * algid is just and extra step we need that we will throw away */
     algid = PK11_CreatePBEV2AlgorithmID(pbeAlg, cipherAlg, prfAlg,
-					out->length, count, &saltItem);
+                                        out->length, count, &saltItem);
     if (algid == NULL) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
 
     pwItem.type = siBuffer;
@@ -80,38 +80,36 @@
 
     symKey = PK11_PBEKeyGen(slot, algid, &pwItem, PR_FALSE, NULL);
     if (symKey == NULL) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
-    /* at this point we should return symKey as a key, but kerberos is
-     * still passing bits around instead of key handles */
+
+    /* At this point we should return symKey as a key, but kerberos is
+     * still passing bits around instead of key handles. */
     PK11_ExtractKeyValue(symKey);
 
     /* keydata here is a const * and is valid as long as the key has not been
      * destroyed. */
     keydata = PK11_GetKeyData(symKey);
     if (keydata == NULL) {
-	ret = k5_nss_map_last_error();
-	goto loser;
+        ret = k5_nss_map_last_error();
+        goto loser;
     }
 
     if (out->length != keydata->len) {
-	ret = -1; /* XXXXX */
-	goto loser;
+        ret = -1; /* XXXXX */
+        goto loser;
     }
     memcpy(out->data, keydata->data, keydata->len);
     ret = 0;
 
 loser:
-    if (symKey) {
-	PK11_FreeSymKey(symKey);
-    }
-    if (algid) {
-	SECOID_DestroyAlgorithmID(algid, PR_TRUE);
-    }
-    if (slot) {
-	PK11_FreeSlot(slot);
-    }
-    
+    if (symKey)
+        PK11_FreeSymKey(symKey);
+    if (algid)
+        SECOID_DestroyAlgorithmID(algid, PR_TRUE);
+    if (slot)
+        PK11_FreeSlot(slot);
+
     return ret;
 }

Modified: branches/nss/src/lib/crypto/nss/sha1/shs.c
===================================================================
--- branches/nss/src/lib/crypto/nss/sha1/shs.c	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/sha1/shs.c	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/sha1/shs.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -32,40 +33,36 @@
 void shsInit(SHS_INFO *shsInfo)
 {
     if (k5_nss_init()) {
-	shsInfo->nss_ctxt = NULL;
-	return;
+        shsInfo->nss_ctxt = NULL;
+        return;
     }
     shsInfo->nss_ctxt = PK11_CreateDigestContext(SEC_OID_SHA1);
-    if (shsInfo->nss_ctxt == NULL) {
-	return;
-    }
+    if (shsInfo->nss_ctxt == NULL)
+        return;
     PK11_DigestBegin((PK11Context *)shsInfo->nss_ctxt);
 }
 
 /* Update SHS for a block of data */
 void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
 {
-   if (shsInfo->nss_ctxt == NULL) {
-	return;
-   }
-   PK11_DigestOp((PK11Context *)shsInfo->nss_ctxt, buffer, count);
+    if (shsInfo->nss_ctxt == NULL)
+        return;
+    PK11_DigestOp((PK11Context *)shsInfo->nss_ctxt, buffer, count);
 }
 
 
 /* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
-   1 0* (64-bit count of bits processed, MSB-first) */
+ * 1 0* (64-bit count of bits processed, MSB-first) */
 void shsFinal(SHS_INFO *shsInfo)
 {
-   if (shsInfo->nss_ctxt == NULL) {
-	return;
-   }
-   PK11_DigestFinal((PK11Context *)shsInfo->nss_ctxt, shsInfo->digestBuf, 
-		&shsInfo->digestLen, sizeof (shsInfo->digestBuf));
-   /* since there is not separate cleanup step, free the context now. 
+   if (shsInfo->nss_ctxt == NULL)
+        return;
+   PK11_DigestFinal((PK11Context *)shsInfo->nss_ctxt, shsInfo->digestBuf,
+                    &shsInfo->digestLen, sizeof (shsInfo->digestBuf));
+   /* Since there is not separate cleanup step, free the context now.
     * (otherwise we could have reused the context for another MD5 operation
     * in the future).
     */
    PK11_DestroyContext((PK11Context *)shsInfo->nss_ctxt, PR_TRUE);
    shsInfo->nss_ctxt = NULL;
 }
-

Modified: branches/nss/src/lib/crypto/nss/sha1/shs.h
===================================================================
--- branches/nss/src/lib/crypto/nss/sha1/shs.h	2010-08-19 20:23:56 UTC (rev 24247)
+++ branches/nss/src/lib/crypto/nss/sha1/shs.h	2010-08-21 12:43:48 UTC (rev 24248)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _SHS_DEFINED
 
 #include "k5-int.h"
@@ -6,8 +7,8 @@
 
 /* Some useful types */
 
-typedef krb5_octet	SHS_BYTE;
-typedef krb5_ui_4	SHS_LONG;
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
 
 /* Define the following to use the updated SHS implementation */
 #define NEW_SHS         /**/
@@ -33,13 +34,13 @@
 
 /* Keyed Message digest functions (hmac_sha.c) */
 krb5_error_code hmac_sha(krb5_octet *text,
-			int text_len,
-			krb5_octet *key,
-			int key_len,
-			krb5_octet *digest);
+                        int text_len,
+                        krb5_octet *key,
+                        int key_len,
+                        krb5_octet *digest);
 
 
-#define NIST_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
 
 #endif /* _SHS_DEFINED */




More information about the cvs-krb5 mailing list