Import OpenSSL 1.0.1m.vendor/openssl/1.0.1m

9 files changed, 1545 insertions, 1556 deletions

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 888b4eb8dd0b..5c13d57765b0 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -113,7 +113,7 @@
 
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
-#   define NDEBUG
+#  define NDEBUG
 # endif
 #endif
 
@@ -133,28 +133,29 @@
 # define PREDICT
 #endif
 
-/* #define PREDICT	1 */
+/* #define PREDICT      1 */
 
-#define STATE_SIZE	1023
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+#define STATE_SIZE      1023
+static int state_num = 0, state_index = 0;
+static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
+static long md_count[2] = { 0, 0 };
+
+static double entropy = 0;
+static int initialized = 0;
 
 static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
-                                           * holds CRYPTO_LOCK_RAND
-                                           * (to prevent double locking) */
+                                           * holds CRYPTO_LOCK_RAND (to
+                                           * prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
-
+/* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid;
 
 #ifdef PREDICT
-int rand_predictable=0;
+int rand_predictable = 0;
 #endif
 
-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
@@ -163,435 +164,429 @@ static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
 
-RAND_METHOD rand_ssleay_meth={
-	ssleay_rand_seed,
-	ssleay_rand_nopseudo_bytes,
-	ssleay_rand_cleanup,
-	ssleay_rand_add,
-	ssleay_rand_pseudo_bytes,
-	ssleay_rand_status
-	}; 
+RAND_METHOD rand_ssleay_meth = {
+    ssleay_rand_seed,
+    ssleay_rand_nopseudo_bytes,
+    ssleay_rand_cleanup,
+    ssleay_rand_add,
+    ssleay_rand_pseudo_bytes,
+    ssleay_rand_status
+};
 
 RAND_METHOD *RAND_SSLeay(void)
-	{
-	return(&rand_ssleay_meth);
-	}
+{
+    return (&rand_ssleay_meth);
+}
 
 static void ssleay_rand_cleanup(void)
-	{
-	OPENSSL_cleanse(state,sizeof(state));
-	state_num=0;
-	state_index=0;
-	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
-	md_count[0]=0;
-	md_count[1]=0;
-	entropy=0;
-	initialized=0;
-	}
+{
+    OPENSSL_cleanse(state, sizeof(state));
+    state_num = 0;
+    state_index = 0;
+    OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
+    md_count[0] = 0;
+    md_count[1] = 0;
+    entropy = 0;
+    initialized = 0;
+}
 
 static void ssleay_rand_add(const void *buf, int num, double add)
-	{
-	int i,j,k,st_idx;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
-	int do_not_lock;
-
-	if (!num)
-		return;
-
-	/*
-	 * (Based on the rand(3) manpage)
-	 *
-	 * The input is chopped up into units of 20 bytes (or less for
-	 * the last block).  Each of these blocks is run through the hash
-	 * function as follows:  The data passed to the hash function
-	 * is the current 'md', the same number of bytes from the 'state'
-	 * (the location determined by in incremented looping index) as
-	 * the current 'block', the new key data 'block', and 'count'
-	 * (which is incremented after each use).
-	 * The result of this is kept in 'md' and also xored into the
-	 * 'state' at the same locations that were used as input into the
-         * hash function.
-	 */
-
-	/* check if we already have the lock */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_THREADID cur;
-		CRYPTO_THREADID_current(&cur);
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	st_idx=state_index;
-
-	/* use our own copies of the counters so that even
-	 * if a concurrent thread seeds with exactly the
-	 * same data and uses the same subarray there's _some_
-	 * difference */
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-
-	memcpy(local_md, md, sizeof md);
-
-	/* state_index <= state_num <= STATE_SIZE */
-	state_index += num;
-	if (state_index >= STATE_SIZE)
-		{
-		state_index%=STATE_SIZE;
-		state_num=STATE_SIZE;
-		}
-	else if (state_num < STATE_SIZE)	
-		{
-		if (state_index > state_num)
-			state_num=state_index;
-		}
-	/* state_index <= state_num <= STATE_SIZE */
-
-	/* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
-	 * are what we will use now, but other threads may use them
-	 * as well */
-
-	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_init(&m);
-	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
-		{
-		j=(num-i);
-		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
-
-		MD_Init(&m);
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		k=(st_idx+j)-STATE_SIZE;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),j-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),j);
-
-		/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
-		MD_Update(&m,buf,j);
-		/* We know that line may cause programs such as
-		   purify and valgrind to complain about use of
-		   uninitialized data.  The problem is not, it's
-		   with the caller.  Removing that line will make
-		   sure you get really bad randomness and thereby
-		   other problems such as very insecure keys. */
-
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(&m,local_md);
-		md_c[1]++;
-
-		buf=(const char *)buf + j;
-
-		for (k=0; k<j; k++)
-			{
-			/* Parallel threads may interfere with this,
-			 * but always each byte of the new state is
-			 * the XOR of some previous value of its
-			 * and local_md (itermediate values may be lost).
-			 * Alway using locking could hurt performance more
-			 * than necessary given that conflicts occur only
-			 * when the total seeding is longer than the random
-			 * state. */
-			state[st_idx++]^=local_md[k];
-			if (st_idx >= STATE_SIZE)
-				st_idx=0;
-			}
-		}
-	EVP_MD_CTX_cleanup(&m);
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	/* Don't just copy back local_md into md -- this could mean that
-	 * other thread's seeding remains without effect (except for
-	 * the incremented counter).  By XORing it we keep at least as
-	 * much entropy as fits into md. */
-	for (k = 0; k < (int)sizeof(md); k++)
-		{
-		md[k] ^= local_md[k];
-		}
-	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-	    entropy += add;
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-	
+{
+    int i, j, k, st_idx;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX m;
+    int do_not_lock;
+
+    if (!num)
+        return;
+
+    /*
+     * (Based on the rand(3) manpage)
+     *
+     * The input is chopped up into units of 20 bytes (or less for
+     * the last block).  Each of these blocks is run through the hash
+     * function as follows:  The data passed to the hash function
+     * is the current 'md', the same number of bytes from the 'state'
+     * (the location determined by in incremented looping index) as
+     * the current 'block', the new key data 'block', and 'count'
+     * (which is incremented after each use).
+     * The result of this is kept in 'md' and also xored into the
+     * 'state' at the same locations that were used as input into the
+     * hash function.
+     */
+
+    /* check if we already have the lock */
+    if (crypto_lock_rand) {
+        CRYPTO_THREADID cur;
+        CRYPTO_THREADID_current(&cur);
+        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    st_idx = state_index;
+
+    /*
+     * use our own copies of the counters so that even if a concurrent thread
+     * seeds with exactly the same data and uses the same subarray there's
+     * _some_ difference
+     */
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+
+    memcpy(local_md, md, sizeof md);
+
+    /* state_index <= state_num <= STATE_SIZE */
+    state_index += num;
+    if (state_index >= STATE_SIZE) {
+        state_index %= STATE_SIZE;
+        state_num = STATE_SIZE;
+    } else if (state_num < STATE_SIZE) {
+        if (state_index > state_num)
+            state_num = state_index;
+    }
+    /* state_index <= state_num <= STATE_SIZE */
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
+     * will use now, but other threads may use them as well
+     */
+
+    md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+    if (!do_not_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    EVP_MD_CTX_init(&m);
+    for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
+        j = (num - i);
+        j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
+
+        MD_Init(&m);
+        MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+        k = (st_idx + j) - STATE_SIZE;
+        if (k > 0) {
+            MD_Update(&m, &(state[st_idx]), j - k);
+            MD_Update(&m, &(state[0]), k);
+        } else
+            MD_Update(&m, &(state[st_idx]), j);
+
+        /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+        MD_Update(&m, buf, j);
+        /*
+         * We know that line may cause programs such as purify and valgrind
+         * to complain about use of uninitialized data.  The problem is not,
+         * it's with the caller.  Removing that line will make sure you get
+         * really bad randomness and thereby other problems such as very
+         * insecure keys.
+         */
+
+        MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+        MD_Final(&m, local_md);
+        md_c[1]++;
+
+        buf = (const char *)buf + j;
+
+        for (k = 0; k < j; k++) {
+            /*
+             * Parallel threads may interfere with this, but always each byte
+             * of the new state is the XOR of some previous value of its and
+             * local_md (itermediate values may be lost). Alway using locking
+             * could hurt performance more than necessary given that
+             * conflicts occur only when the total seeding is longer than the
+             * random state.
+             */
+            state[st_idx++] ^= local_md[k];
+            if (st_idx >= STATE_SIZE)
+                st_idx = 0;
+        }
+    }
+    EVP_MD_CTX_cleanup(&m);
+
+    if (!do_not_lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    /*
+     * Don't just copy back local_md into md -- this could mean that other
+     * thread's seeding remains without effect (except for the incremented
+     * counter).  By XORing it we keep at least as much entropy as fits into
+     * md.
+     */
+    for (k = 0; k < (int)sizeof(md); k++) {
+        md[k] ^= local_md[k];
+    }
+    if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+        entropy += add;
+    if (!do_not_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
 #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
-	assert(md_c[1] == md_count[1]);
+    assert(md_c[1] == md_count[1]);
 #endif
-	}
+}
 
 static void ssleay_rand_seed(const void *buf, int num)
-	{
-	ssleay_rand_add(buf, num, (double)num);
-	}
+{
+    ssleay_rand_add(buf, num, (double)num);
+}
 
 int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
-	{
-	static volatile int stirred_pool = 0;
-	int i,j,k,st_num,st_idx;
-	int num_ceil;
-	int ok;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
+{
+    static volatile int stirred_pool = 0;
+    int i, j, k, st_num, st_idx;
+    int num_ceil;
+    int ok;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX m;
 #ifndef GETPID_IS_MEANINGLESS
-	pid_t curr_pid = getpid();
+    pid_t curr_pid = getpid();
 #endif
-	int do_stir_pool = 0;
+    int do_stir_pool = 0;
 
 #ifdef PREDICT
-	if (rand_predictable)
-		{
-		static unsigned char val=0;
-
-		for (i=0; i<num; i++)
-			buf[i]=val++;
-		return(1);
-		}
+    if (rand_predictable) {
+        static unsigned char val = 0;
+
+        for (i = 0; i < num; i++)
+            buf[i] = val++;
+        return (1);
+    }
 #endif
 
-	if (num <= 0)
-		return 1;
-
-	EVP_MD_CTX_init(&m);
-	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
-	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
-
-	/*
-	 * (Based on the rand(3) manpage:)
-	 *
-	 * For each group of 10 bytes (or less), we do the following:
-	 *
-	 * Input into the hash function the local 'md' (which is initialized from
-	 * the global 'md' before any bytes are generated), the bytes that are to
-	 * be overwritten by the random bytes, and bytes from the 'state'
-	 * (incrementing looping index). From this digest output (which is kept
-	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
-	 * bottom 10 bytes are xored into the 'state'.
-	 * 
-	 * Finally, after we have finished 'num' random bytes for the
-	 * caller, 'count' (which is incremented) and the local and global 'md'
-	 * are fed into the hash function and the results are kept in the
-	 * global 'md'.
-	 */
-	if (lock)
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-	CRYPTO_THREADID_current(&locking_threadid);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-	crypto_lock_rand = 1;
-
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-	
-	if (!stirred_pool)
-		do_stir_pool = 1;
-	
-	ok = (entropy >= ENTROPY_NEEDED);
-	if (!ok)
-		{
-		/* If the PRNG state is not yet unpredictable, then seeing
-		 * the PRNG output may help attackers to determine the new
-		 * state; thus we have to decrease the entropy estimate.
-		 * Once we've had enough initial seeding we don't bother to
-		 * adjust the entropy count, though, because we're not ambitious
-		 * to provide *information-theoretic* randomness.
-		 *
-		 * NOTE: This approach fails if the program forks before
-		 * we have enough entropy. Entropy should be collected
-		 * in a separate input pool and be transferred to the
-		 * output pool only when the entropy limit has been reached.
-		 */
-		entropy -= num;
-		if (entropy < 0)
-			entropy = 0;
-		}
-
-	if (do_stir_pool)
-		{
-		/* In the output function only half of 'md' remains secret,
-		 * so we better make sure that the required entropy gets
-		 * 'evenly distributed' through 'state', our randomness pool.
-		 * The input function (ssleay_rand_add) chains all of 'md',
-		 * which makes it more suitable for this purpose.
-		 */
-
-		int n = STATE_SIZE; /* so that the complete pool gets accessed */
-		while (n > 0)
-			{
+    if (num <= 0)
+        return 1;
+
+    EVP_MD_CTX_init(&m);
+    /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+    num_ceil =
+        (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
+
+    /*
+     * (Based on the rand(3) manpage:)
+     *
+     * For each group of 10 bytes (or less), we do the following:
+     *
+     * Input into the hash function the local 'md' (which is initialized from
+     * the global 'md' before any bytes are generated), the bytes that are to
+     * be overwritten by the random bytes, and bytes from the 'state'
+     * (incrementing looping index). From this digest output (which is kept
+     * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+     * bottom 10 bytes are xored into the 'state'.
+     *
+     * Finally, after we have finished 'num' random bytes for the
+     * caller, 'count' (which is incremented) and the local and global 'md'
+     * are fed into the hash function and the results are kept in the
+     * global 'md'.
+     */
+    if (lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+    /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+    CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+    CRYPTO_THREADID_current(&locking_threadid);
+    CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+    crypto_lock_rand = 1;
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    if (!stirred_pool)
+        do_stir_pool = 1;
+
+    ok = (entropy >= ENTROPY_NEEDED);
+    if (!ok) {
+        /*
+         * If the PRNG state is not yet unpredictable, then seeing the PRNG
+         * output may help attackers to determine the new state; thus we have
+         * to decrease the entropy estimate. Once we've had enough initial
+         * seeding we don't bother to adjust the entropy count, though,
+         * because we're not ambitious to provide *information-theoretic*
+         * randomness. NOTE: This approach fails if the program forks before
+         * we have enough entropy. Entropy should be collected in a separate
+         * input pool and be transferred to the output pool only when the
+         * entropy limit has been reached.
+         */
+        entropy -= num;
+        if (entropy < 0)
+            entropy = 0;
+    }
+
+    if (do_stir_pool) {
+        /*
+         * In the output function only half of 'md' remains secret, so we
+         * better make sure that the required entropy gets 'evenly
+         * distributed' through 'state', our randomness pool. The input
+         * function (ssleay_rand_add) chains all of 'md', which makes it more
+         * suitable for this purpose.
+         */
+
+        int n = STATE_SIZE;     /* so that the complete pool gets accessed */
+        while (n > 0) {
 #if MD_DIGEST_LENGTH > 20
 # error "Please adjust DUMMY_SEED."
 #endif
 #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
-			/* Note that the seed does not matter, it's just that
-			 * ssleay_rand_add expects to have something to hash. */
-			ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
-			n -= MD_DIGEST_LENGTH;
-			}
-		if (ok)
-			stirred_pool = 1;
-		}
-
-	st_idx=state_index;
-	st_num=state_num;
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-	memcpy(local_md, md, sizeof md);
-
-	state_index+=num_ceil;
-	if (state_index > state_num)
-		state_index %= state_num;
-
-	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
-	 * are now ours (but other threads may use them too) */
-
-	md_count[0] += 1;
-
-	/* before unlocking, we must clear 'crypto_lock_rand' */
-	crypto_lock_rand = 0;
-	if (lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	while (num > 0)
-		{
-		/* num_ceil -= MD_DIGEST_LENGTH/2 */
-		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
-		num-=j;
-		MD_Init(&m);
+            /*
+             * Note that the seed does not matter, it's just that
+             * ssleay_rand_add expects to have something to hash.
+             */
+            ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+            n -= MD_DIGEST_LENGTH;
+        }
+        if (ok)
+            stirred_pool = 1;
+    }
+
+    st_idx = state_index;
+    st_num = state_num;
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+    memcpy(local_md, md, sizeof md);
+
+    state_index += num_ceil;
+    if (state_index > state_num)
+        state_index %= state_num;
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
+     * ours (but other threads may use them too)
+     */
+
+    md_count[0] += 1;
+
+    /* before unlocking, we must clear 'crypto_lock_rand' */
+    crypto_lock_rand = 0;
+    if (lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    while (num > 0) {
+        /* num_ceil -= MD_DIGEST_LENGTH/2 */
+        j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
+        num -= j;
+        MD_Init(&m);
 #ifndef GETPID_IS_MEANINGLESS
-		if (curr_pid) /* just in the first iteration to save time */
-			{
-			MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
-			curr_pid = 0;
-			}
+        if (curr_pid) {         /* just in the first iteration to save time */
+            MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid);
+            curr_pid = 0;
+        }
 #endif
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-
-#ifndef PURIFY /* purify complains */
-		/* The following line uses the supplied buffer as a small
-		 * source of entropy: since this buffer is often uninitialised
-		 * it may cause programs such as purify or valgrind to
-		 * complain. So for those builds it is not used: the removal
-		 * of such a small source of entropy has negligible impact on
-		 * security.
-		 */
-		MD_Update(&m,buf,j);
+        MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+        MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+
+#ifndef PURIFY                  /* purify complains */
+        /*
+         * The following line uses the supplied buffer as a small source of
+         * entropy: since this buffer is often uninitialised it may cause
+         * programs such as purify or valgrind to complain. So for those
+         * builds it is not used: the removal of such a small source of
+         * entropy has negligible impact on security.
+         */
+        MD_Update(&m, buf, j);
 #endif
 
-		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
-		MD_Final(&m,local_md);
-
-		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
-			{
-			state[st_idx++]^=local_md[i]; /* may compete with other threads */
-			if (st_idx >= st_num)
-				st_idx=0;
-			if (i < j)
-				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
-			}
-		}
-
-	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-	if (lock)
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(&m,md);
-	if (lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_cleanup(&m);
-	if (ok)
-		return(1);
-	else if (pseudo)
-		return 0;
-	else 
-		{
-		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
-		ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
-			"http://www.openssl.org/support/faq.html");
-		return(0);
-		}
-	}
+        k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
+        if (k > 0) {
+            MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k);
+            MD_Update(&m, &(state[0]), k);
+        } else
+            MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2);
+        MD_Final(&m, local_md);
+
+        for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
+            /* may compete with other threads */
+            state[st_idx++] ^= local_md[i];
+            if (st_idx >= st_num)
+                st_idx = 0;
+            if (i < j)
+                *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
+        }
+    }
+
+    MD_Init(&m);
+    MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+    MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+    if (lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    MD_Update(&m, md, MD_DIGEST_LENGTH);
+    MD_Final(&m, md);
+    if (lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    EVP_MD_CTX_cleanup(&m);
+    if (ok)
+        return (1);
+    else if (pseudo)
+        return 0;
+    else {
+        RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
+        ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                           "http://www.openssl.org/support/faq.html");
+        return (0);
+    }
+}
 
 static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
-	{
-	return ssleay_rand_bytes(buf, num, 0, 1);
-	}
+{
+    return ssleay_rand_bytes(buf, num, 0, 1);
+}
 
-/* pseudo-random bytes that are guaranteed to be unique but not
-   unpredictable */
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
-	{
-	return ssleay_rand_bytes(buf, num, 1, 1);
-	}
+/*
+ * pseudo-random bytes that are guaranteed to be unique but not unpredictable
+ */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
+{
+    return ssleay_rand_bytes(buf, num, 1, 1);
+}
 
 static int ssleay_rand_status(void)
-	{
-	CRYPTO_THREADID cur;
-	int ret;
-	int do_not_lock;
-
-	CRYPTO_THREADID_current(&cur);
-	/* check if we already have the lock
-	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-	
-	if (!do_not_lock)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-		
-		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-		CRYPTO_THREADID_cpy(&locking_threadid, &cur);
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-		crypto_lock_rand = 1;
-		}
-	
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-
-	ret = entropy >= ENTROPY_NEEDED;
-
-	if (!do_not_lock)
-		{
-		/* before unlocking, we must clear 'crypto_lock_rand' */
-		crypto_lock_rand = 0;
-		
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-		}
-	
-	return ret;
-	}
+{
+    CRYPTO_THREADID cur;
+    int ret;
+    int do_not_lock;
+
+    CRYPTO_THREADID_current(&cur);
+    /*
+     * check if we already have the lock (could happen if a RAND_poll()
+     * implementation calls RAND_status())
+     */
+    if (crypto_lock_rand) {
+        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+        do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock) {
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+        /*
+         * prevent ssleay_rand_bytes() from trying to obtain the lock again
+         */
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+        CRYPTO_THREADID_cpy(&locking_threadid, &cur);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+        crypto_lock_rand = 1;
+    }
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    ret = entropy >= ENTROPY_NEEDED;
+
+    if (!do_not_lock) {
+        /* before unlocking, we must clear 'crypto_lock_rand' */
+        crypto_lock_rand = 0;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+    }
+
+    return ret;
+}
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index bb5520e80ac1..2553afda2001 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,75 +57,75 @@
  */
 
 #ifndef HEADER_RAND_H
-#define HEADER_RAND_H
+# define HEADER_RAND_H
 
-#include <stdlib.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/e_os2.h>
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
 
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
+# if defined(OPENSSL_SYS_WINDOWS)
+#  include <windows.h>
+# endif
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
-#endif
+# if defined(OPENSSL_FIPS)
+#  define FIPS_RAND_SIZE_T size_t
+# endif
 
 /* Already defined in ossl_typ.h */
 /* typedef struct rand_meth_st RAND_METHOD; */
 
-struct rand_meth_st
-	{
-	void (*seed)(const void *buf, int num);
-	int (*bytes)(unsigned char *buf, int num);
-	void (*cleanup)(void);
-	void (*add)(const void *buf, int num, double entropy);
-	int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
-	};
-
-#ifdef BN_DEBUG
+struct rand_meth_st {
+    void (*seed) (const void *buf, int num);
+    int (*bytes) (unsigned char *buf, int num);
+    void (*cleanup) (void);
+    void (*add) (const void *buf, int num, double entropy);
+    int (*pseudorand) (unsigned char *buf, int num);
+    int (*status) (void);
+};
+
+# ifdef BN_DEBUG
 extern int rand_predictable;
-#endif
+# endif
 
 int RAND_set_rand_method(const RAND_METHOD *meth);
 const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine);
-#endif
+# endif
 RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void );
-int  RAND_bytes(unsigned char *buf,int num);
-int  RAND_pseudo_bytes(unsigned char *buf,int num);
-void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,double entropy);
-int  RAND_load_file(const char *file,long max_bytes);
-int  RAND_write_file(const char *file);
-const char *RAND_file_name(char *file,size_t num);
+void RAND_cleanup(void);
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+void RAND_seed(const void *buf, int num);
+void RAND_add(const void *buf, int num, double entropy);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
 int RAND_status(void);
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path,int bytes);
+int RAND_egd_bytes(const char *path, int bytes);
 int RAND_poll(void);
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 
 void RAND_screen(void);
 int RAND_event(UINT, WPARAM, LPARAM);
 
-#endif
+# endif
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
 void RAND_set_fips_drbg_type(int type, int flags);
 int RAND_init_fips(void);
-#endif
+# endif
 
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
 void ERR_load_RAND_strings(void);
@@ -133,16 +133,16 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 
 /* Function codes. */
-#define RAND_F_RAND_GET_RAND_METHOD			 101
-#define RAND_F_RAND_INIT_FIPS				 102
-#define RAND_F_SSLEAY_RAND_BYTES			 100
+# define RAND_F_RAND_GET_RAND_METHOD                      101
+# define RAND_F_RAND_INIT_FIPS                            102
+# define RAND_F_SSLEAY_RAND_BYTES                         100
 
 /* Reason codes. */
-#define RAND_R_DUAL_EC_DRBG_DISABLED			 104
-#define RAND_R_ERROR_INITIALISING_DRBG			 102
-#define RAND_R_ERROR_INSTANTIATING_DRBG			 103
-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101
-#define RAND_R_PRNG_NOT_SEEDED				 100
+# define RAND_R_DUAL_EC_DRBG_DISABLED                     104
+# define RAND_R_ERROR_INITIALISING_DRBG                   102
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  103
+# define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
+# define RAND_R_PRNG_NOT_SEEDED                           100
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index d53b916ebee8..737aebfa22fe 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -8,7 +8,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,7 @@
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
 
-/*
+/*-
  * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
  *
  * This module supplies three routines:
@@ -97,207 +97,196 @@
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	return(-1);
-	}
+{
+    return (-1);
+}
+
 int RAND_egd(const char *path)
-	{
-	return(-1);
-	}
+{
+    return (-1);
+}
 
-int RAND_egd_bytes(const char *path,int bytes)
-	{
-	return(-1);
-	}
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    return (-1);
+}
 #else
-#include <openssl/opensslconf.h>
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VXWORKS
+# include <openssl/opensslconf.h>
+# include OPENSSL_UNISTD
+# include <stddef.h>
+# include <sys/types.h>
+# include <sys/socket.h>
+# ifndef NO_SYS_UN_H
+#  ifdef OPENSSL_SYS_VXWORKS
 #   include <streams/un.h>
-# else
+#  else
 #   include <sys/un.h>
-# endif
-#else
-struct	sockaddr_un {
-	short	sun_family;		/* AF_UNIX */
-	char	sun_path[108];		/* path name (gag) */
+#  endif
+# else
+struct sockaddr_un {
+    short sun_family;           /* AF_UNIX */
+    char sun_path[108];         /* path name (gag) */
 };
-#endif /* NO_SYS_UN_H */
-#include <string.h>
-#include <errno.h>
+# endif                         /* NO_SYS_UN_H */
+# include <string.h>
+# include <errno.h>
 
-#ifndef offsetof
+# ifndef offsetof
 #  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
-#endif
+# endif
 
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	int ret = 0;
-	struct sockaddr_un addr;
-	int len, num, numbytes;
-	int fd = -1;
-	int success;
-	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+{
+    int ret = 0;
+    struct sockaddr_un addr;
+    int len, num, numbytes;
+    int fd = -1;
+    int success;
+    unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
 
-	memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	if (strlen(path) >= sizeof(addr.sun_path))
-		return (-1);
-	BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
-	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
-	fd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (fd == -1) return (-1);
-	success = 0;
-	while (!success)
-	    {
-	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)
-	       success = 1;
-	    else
-		{
-		switch (errno)
-		    {
-#ifdef EINTR
-		    case EINTR:
-#endif
-#ifdef EAGAIN
-		    case EAGAIN:
-#endif
-#ifdef EINPROGRESS
-		    case EINPROGRESS:
-#endif
-#ifdef EALREADY
-		    case EALREADY:
-#endif
-			/* No error, try again */
-			break;
-#ifdef EISCONN
-		    case EISCONN:
-			success = 1;
-			break;
-#endif
-		    default:
-			goto err;	/* failure */
-		    }
-		}
-	    }
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    if (strlen(path) >= sizeof(addr.sun_path))
+        return (-1);
+    BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path);
+    len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == -1)
+        return (-1);
+    success = 0;
+    while (!success) {
+        if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+            success = 1;
+        else {
+            switch (errno) {
+# ifdef EINTR
+            case EINTR:
+# endif
+# ifdef EAGAIN
+            case EAGAIN:
+# endif
+# ifdef EINPROGRESS
+            case EINPROGRESS:
+# endif
+# ifdef EALREADY
+            case EALREADY:
+# endif
+                /* No error, try again */
+                break;
+# ifdef EISCONN
+            case EISCONN:
+                success = 1;
+                break;
+# endif
+            default:
+                goto err;       /* failure */
+            }
+        }
+    }
 
-	while(bytes > 0)
-	    {
-	    egdbuf[0] = 1;
-	    egdbuf[1] = bytes < 255 ? bytes : 255;
-	    numbytes = 0;
-	    while (numbytes != 2)
-		{
-	        num = write(fd, egdbuf + numbytes, 2 - numbytes);
-	        if (num >= 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    numbytes = 0;
-	    while (numbytes != 1)
-		{
-	        num = read(fd, egdbuf, 1);
-	        if (num == 0)
-			goto err;	/* descriptor closed */
-		else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    if(egdbuf[0] == 0)
-		goto err;
-	    if (buf)
-		retrievebuf = buf + ret;
-	    else
-		retrievebuf = tempbuf;
-	    numbytes = 0;
-	    while (numbytes != egdbuf[0])
-		{
-	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-		if (num == 0)
-			goto err;	/* descriptor closed */
-	        else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    ret += egdbuf[0];
-	    bytes -= egdbuf[0];
-	    if (!buf)
-		RAND_seed(tempbuf, egdbuf[0]);
-	    }
+    while (bytes > 0) {
+        egdbuf[0] = 1;
+        egdbuf[1] = bytes < 255 ? bytes : 255;
+        numbytes = 0;
+        while (numbytes != 2) {
+            num = write(fd, egdbuf + numbytes, 2 - numbytes);
+            if (num >= 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        numbytes = 0;
+        while (numbytes != 1) {
+            num = read(fd, egdbuf, 1);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        if (egdbuf[0] == 0)
+            goto err;
+        if (buf)
+            retrievebuf = buf + ret;
+        else
+            retrievebuf = tempbuf;
+        numbytes = 0;
+        while (numbytes != egdbuf[0]) {
+            num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        ret += egdbuf[0];
+        bytes -= egdbuf[0];
+        if (!buf)
+            RAND_seed(tempbuf, egdbuf[0]);
+    }
  err:
-	if (fd != -1) close(fd);
-	return(ret);
-	}
-
+    if (fd != -1)
+        close(fd);
+    return (ret);
+}
 
 int RAND_egd_bytes(const char *path, int bytes)
-	{
-	int num, ret = 0;
+{
+    int num, ret = 0;
 
-	num = RAND_query_egd_bytes(path, NULL, bytes);
-	if (num < 1) goto err;
-	if (RAND_status() == 1)
-	    ret = num;
+    num = RAND_query_egd_bytes(path, NULL, bytes);
+    if (num < 1)
+        goto err;
+    if (RAND_status() == 1)
+        ret = num;
  err:
-	return(ret);
-	}
-
+    return (ret);
+}
 
 int RAND_egd(const char *path)
-	{
-	return (RAND_egd_bytes(path, 255));
-	}
-
+{
+    return (RAND_egd_bytes(path, 255));
+}
 
 #endif
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index c4c80fc8ccad..55d86ea8a385 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,37 +66,35 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
 
-static ERR_STRING_DATA RAND_str_functs[]=
-	{
-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
-{ERR_FUNC(RAND_F_RAND_INIT_FIPS),	"RAND_init_fips"},
-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+    {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"},
+    {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA RAND_str_reasons[]=
-	{
-{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
-{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
-{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
-{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"},
+    {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
+    {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
+    {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),
+     "no fips random method set"},
+    {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_RAND_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,RAND_str_functs);
-		ERR_load_strings(0,RAND_str_reasons);
-		}
+    if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, RAND_str_functs);
+        ERR_load_strings(0, RAND_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 0fabf8dc5d90..f9fda3eb89c9 100755
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -110,49 +110,48 @@
  */
 
 #ifndef HEADER_RAND_LCL_H
-#define HEADER_RAND_LCL_H
+# define HEADER_RAND_LCL_H
 
-#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
+# define ENTROPY_NEEDED 32      /* require 256 bits = 32 bytes of randomness */
 
+# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#  if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#   define USE_SHA1_RAND
+#  elif !defined(OPENSSL_NO_MD5)
+#   define USE_MD5_RAND
+#  elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+#   define USE_MDC2_RAND
+#  elif !defined(OPENSSL_NO_MD2)
+#   define USE_MD2_RAND
+#  else
+#   error No message digest algorithm available
+#  endif
+# endif
 
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(OPENSSL_NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(OPENSSL_NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
-#endif
-#endif
-
-#include <openssl/evp.h>
-#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
-#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
-#endif
+# include <openssl/evp.h>
+# define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
+# define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
+# if defined(USE_MD5_RAND)
+#  include <openssl/md5.h>
+#  define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+# elif defined(USE_SHA1_RAND)
+#  include <openssl/sha.h>
+#  define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+# elif defined(USE_MDC2_RAND)
+#  include <openssl/mdc2.h>
+#  define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+# elif defined(USE_MD2_RAND)
+#  include <openssl/md2.h>
+#  define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#  define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#  define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+# endif
 
 int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
 
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 239a1cde8189..88a78d350656 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,246 +62,239 @@
 #include <openssl/rand.h>
 
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "rand_lcl.h"
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+# include "rand_lcl.h"
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
+static ENGINE *funct_ref = NULL;
 #endif
 static const RAND_METHOD *default_RAND_meth = NULL;
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
-	{
+{
 #ifndef OPENSSL_NO_ENGINE
-	if(funct_ref)
-		{
-		ENGINE_finish(funct_ref);
-		funct_ref = NULL;
-		}
+    if (funct_ref) {
+        ENGINE_finish(funct_ref);
+        funct_ref = NULL;
+    }
 #endif
-	default_RAND_meth = meth;
-	return 1;
-	}
+    default_RAND_meth = meth;
+    return 1;
+}
 
 const RAND_METHOD *RAND_get_rand_method(void)
-	{
-	if (!default_RAND_meth)
-		{
+{
+    if (!default_RAND_meth) {
 #ifndef OPENSSL_NO_ENGINE
-		ENGINE *e = ENGINE_get_default_RAND();
-		if(e)
-			{
-			default_RAND_meth = ENGINE_get_RAND(e);
-			if(!default_RAND_meth)
-				{
-				ENGINE_finish(e);
-				e = NULL;
-				}
-			}
-		if(e)
-			funct_ref = e;
-		else
+        ENGINE *e = ENGINE_get_default_RAND();
+        if (e) {
+            default_RAND_meth = ENGINE_get_RAND(e);
+            if (!default_RAND_meth) {
+                ENGINE_finish(e);
+                e = NULL;
+            }
+        }
+        if (e)
+            funct_ref = e;
+        else
 #endif
-			default_RAND_meth = RAND_SSLeay();
-		}
-	return default_RAND_meth;
-	}
+            default_RAND_meth = RAND_SSLeay();
+    }
+    return default_RAND_meth;
+}
 
 #ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine)
-	{
-	const RAND_METHOD *tmp_meth = NULL;
-	if(engine)
-		{
-		if(!ENGINE_init(engine))
-			return 0;
-		tmp_meth = ENGINE_get_RAND(engine);
-		if(!tmp_meth)
-			{
-			ENGINE_finish(engine);
-			return 0;
-			}
-		}
-	/* This function releases any prior ENGINE so call it first */
-	RAND_set_rand_method(tmp_meth);
-	funct_ref = engine;
-	return 1;
-	}
+{
+    const RAND_METHOD *tmp_meth = NULL;
+    if (engine) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (!tmp_meth) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    return 1;
+}
 #endif
 
 void RAND_cleanup(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->cleanup)
-		meth->cleanup();
-	RAND_set_rand_method(NULL);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->cleanup)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+}
 
 void RAND_seed(const void *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->seed)
-		meth->seed(buf,num);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->seed)
+        meth->seed(buf, num);
+}
 
 void RAND_add(const void *buf, int num, double entropy)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->add)
-		meth->add(buf,num,entropy);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->add)
+        meth->add(buf, num, entropy);
+}
 
 int RAND_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->bytes)
-		return meth->bytes(buf,num);
-	return(-1);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->bytes)
+        return meth->bytes(buf, num);
+    return (-1);
+}
 
 int RAND_pseudo_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->pseudorand)
-		return meth->pseudorand(buf,num);
-	return(-1);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->pseudorand)
+        return meth->pseudorand(buf, num);
+    return (-1);
+}
 
 int RAND_status(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->status)
-		return meth->status();
-	return 0;
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->status)
+        return meth->status();
+    return 0;
+}
 
 #ifdef OPENSSL_FIPS
 
-/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
- * rest of OpenSSL. 
+/*
+ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest
+ * of OpenSSL.
  */
 
-/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
+/*
+ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
  * entropy internally through RAND_poll().
  */
 
 static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
-                                int entropy, size_t min_len, size_t max_len)
-        {
-	/* Round up request to multiple of block size */
-	min_len = ((min_len + 19) / 20) * 20;
-	*pout = OPENSSL_malloc(min_len);
-	if (!*pout)
-		return 0;
-	if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0)
-		{
-		OPENSSL_free(*pout);
-		*pout = NULL;
-		return 0;
-		}
-        return min_len;
-        }
+                               int entropy, size_t min_len, size_t max_len)
+{
+    /* Round up request to multiple of block size */
+    min_len = ((min_len + 19) / 20) * 20;
+    *pout = OPENSSL_malloc(min_len);
+    if (!*pout)
+        return 0;
+    if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) {
+        OPENSSL_free(*pout);
+        *pout = NULL;
+        return 0;
+    }
+    return min_len;
+}
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
-	{
-	if (out)
-		{
-		OPENSSL_cleanse(out, olen);
-		OPENSSL_free(out);
-		}
-	}
+{
+    if (out) {
+        OPENSSL_cleanse(out, olen);
+        OPENSSL_free(out);
+    }
+}
 
-/* Set "additional input" when generating random data. This uses the
- * current PID, a time value and a counter.
+/*
+ * Set "additional input" when generating random data. This uses the current
+ * PID, a time value and a counter.
  */
 
 static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
-    	{
-	/* Use of static variables is OK as this happens under a lock */
-	static unsigned char buf[16];
-	static unsigned long counter;
-	FIPS_get_timevec(buf, &counter);
-	*pout = buf;
-	return sizeof(buf);
-	}
+{
+    /* Use of static variables is OK as this happens under a lock */
+    static unsigned char buf[16];
+    static unsigned long counter;
+    FIPS_get_timevec(buf, &counter);
+    *pout = buf;
+    return sizeof(buf);
+}
 
-/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is 
+/*
+ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
  * correctly seeded by RAND_poll().
  */
 
 static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
-				double entropy)
-	{
-	RAND_SSLeay()->add(in, inlen, entropy);
-	return 1;
-	}
+                         double entropy)
+{
+    RAND_SSLeay()->add(in, inlen, entropy);
+    return 1;
+}
 
 static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
-	{
-	RAND_SSLeay()->seed(in, inlen);
-	return 1;
-	}
+{
+    RAND_SSLeay()->seed(in, inlen);
+    return 1;
+}
 
-#ifndef OPENSSL_DRBG_DEFAULT_TYPE
-#define OPENSSL_DRBG_DEFAULT_TYPE	NID_aes_256_ctr
-#endif
-#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
-#define OPENSSL_DRBG_DEFAULT_FLAGS	DRBG_FLAG_CTR_USE_DF
-#endif 
+# ifndef OPENSSL_DRBG_DEFAULT_TYPE
+#  define OPENSSL_DRBG_DEFAULT_TYPE       NID_aes_256_ctr
+# endif
+# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
+#  define OPENSSL_DRBG_DEFAULT_FLAGS      DRBG_FLAG_CTR_USE_DF
+# endif
 
 static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
 static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
 
 void RAND_set_fips_drbg_type(int type, int flags)
-	{
-	fips_drbg_type = type;
-	fips_drbg_flags = flags;
-	}
+{
+    fips_drbg_type = type;
+    fips_drbg_flags = flags;
+}
 
 int RAND_init_fips(void)
-	{
-	DRBG_CTX *dctx;
-	size_t plen;
-	unsigned char pers[32], *p;
-#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
-	if (fips_drbg_type >> 16)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
-		return 0;
-		}
-#endif
-		
-	dctx = FIPS_get_default_drbg();
-        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
-		return 0;
-		}
-		
-        FIPS_drbg_set_callbacks(dctx,
-				drbg_get_entropy, drbg_free_entropy, 20,
-				drbg_get_entropy, drbg_free_entropy);
-	FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
-					drbg_rand_seed, drbg_rand_add);
-	/* Personalisation string: a string followed by date time vector */
-	strcpy((char *)pers, "OpenSSL DRBG2.0");
-	plen = drbg_get_adin(dctx, &p);
-	memcpy(pers + 16, p, plen);
+{
+    DRBG_CTX *dctx;
+    size_t plen;
+    unsigned char pers[32], *p;
+# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+    if (fips_drbg_type >> 16) {
+        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+        return 0;
+    }
+# endif
+
+    dctx = FIPS_get_default_drbg();
+    if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) {
+        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
+        return 0;
+    }
+
+    FIPS_drbg_set_callbacks(dctx,
+                            drbg_get_entropy, drbg_free_entropy, 20,
+                            drbg_get_entropy, drbg_free_entropy);
+    FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
+                                 drbg_rand_seed, drbg_rand_add);
+    /* Personalisation string: a string followed by date time vector */
+    strcpy((char *)pers, "OpenSSL DRBG2.0");
+    plen = drbg_get_adin(dctx, &p);
+    memcpy(pers + 16, p, plen);
 
-        if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
-		return 0;
-		}
-        FIPS_rand_set_method(FIPS_drbg_method());
-	return 1;
-	}
+    if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) {
+        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
+        return 0;
+    }
+    FIPS_rand_set_method(FIPS_drbg_method());
+    return 1;
+}
 
 #endif
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index e3a65571c8df..266111edda8c 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -118,314 +118,330 @@
 
 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
 
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/times.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <time.h>
-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
-# include <poll.h>
-#endif
-#include <limits.h>
-#ifndef FD_SETSIZE
-# define FD_SETSIZE (8*sizeof(fd_set))
-#endif
-
-#if defined(OPENSSL_SYS_VOS)
-
-/* The following algorithm repeatedly samples the real-time clock
-   (RTC) to generate a sequence of unpredictable data.  The algorithm
-   relies upon the uneven execution speed of the code (due to factors
-   such as cache misses, interrupts, bus activity, and scheduling) and
-   upon the rather large relative difference between the speed of the
-   clock and the rate at which it can be read.
-
-   If this code is ported to an environment where execution speed is
-   more constant or where the RTC ticks at a much slower rate, or the
-   clock can be read with fewer instructions, it is likely that the
-   results would be far more predictable.
-
-   As a precaution, we generate 4 times the minimum required amount of
-   seed data.  */
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/times.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <time.h>
+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+                                 * everywhere */
+#  include <poll.h>
+# endif
+# include <limits.h>
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE (8*sizeof(fd_set))
+# endif
+
+# if defined(OPENSSL_SYS_VOS)
+
+/*
+ * The following algorithm repeatedly samples the real-time clock (RTC) to
+ * generate a sequence of unpredictable data.  The algorithm relies upon the
+ * uneven execution speed of the code (due to factors such as cache misses,
+ * interrupts, bus activity, and scheduling) and upon the rather large
+ * relative difference between the speed of the clock and the rate at which
+ * it can be read.
+ *
+ * If this code is ported to an environment where execution speed is more
+ * constant or where the RTC ticks at a much slower rate, or the clock can be
+ * read with fewer instructions, it is likely that the results would be far
+ * more predictable.
+ *
+ * As a precaution, we generate 4 times the minimum required amount of seed
+ * data.
+ */
 
 int RAND_poll(void)
 {
-	short int code;
-	gid_t curr_gid;
-	pid_t curr_pid;
-	uid_t curr_uid;
-	int i, k;
-	struct timespec ts;
-	unsigned char v;
-
-#ifdef OPENSSL_SYS_VOS_HPPA
-	long duration;
-	extern void s$sleep (long *_duration, short int *_code);
-#else
-#ifdef OPENSSL_SYS_VOS_IA32
-	long long duration;
-	extern void s$sleep2 (long long *_duration, short int *_code);
-#else
-#error "Unsupported Platform."
-#endif /* OPENSSL_SYS_VOS_IA32 */
-#endif /* OPENSSL_SYS_VOS_HPPA */
-
-	/* Seed with the gid, pid, and uid, to ensure *some*
-	   variation between different processes.  */
-
-	curr_gid = getgid();
-	RAND_add (&curr_gid, sizeof curr_gid, 1);
-	curr_gid = 0;
-
-	curr_pid = getpid();
-	RAND_add (&curr_pid, sizeof curr_pid, 1);
-	curr_pid = 0;
-
-	curr_uid = getuid();
-	RAND_add (&curr_uid, sizeof curr_uid, 1);
-	curr_uid = 0;
-
-	for (i=0; i<(ENTROPY_NEEDED*4); i++)
-	{
-		/* burn some cpu; hope for interrupts, cache
-		   collisions, bus interference, etc.  */
-		for (k=0; k<99; k++)
-			ts.tv_nsec = random ();
-
-#ifdef OPENSSL_SYS_VOS_HPPA
-		/* sleep for 1/1024 of a second (976 us).  */
-		duration = 1;
-		s$sleep (&duration, &code);
-#else
-#ifdef OPENSSL_SYS_VOS_IA32
-		/* sleep for 1/65536 of a second (15 us).  */
-		duration = 1;
-		s$sleep2 (&duration, &code);
-#endif /* OPENSSL_SYS_VOS_IA32 */
-#endif /* OPENSSL_SYS_VOS_HPPA */
-
-		/* get wall clock time.  */
-		clock_gettime (CLOCK_REALTIME, &ts);
-
-		/* take 8 bits */
-		v = (unsigned char) (ts.tv_nsec % 256);
-		RAND_add (&v, sizeof v, 1);
-		v = 0;
-	}
-	return 1;
+    short int code;
+    gid_t curr_gid;
+    pid_t curr_pid;
+    uid_t curr_uid;
+    int i, k;
+    struct timespec ts;
+    unsigned char v;
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+    long duration;
+    extern void s$sleep(long *_duration, short int *_code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+    long long duration;
+    extern void s$sleep2(long long *_duration, short int *_code);
+#   else
+#    error "Unsupported Platform."
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+    /*
+     * Seed with the gid, pid, and uid, to ensure *some* variation between
+     * different processes.
+     */
+
+    curr_gid = getgid();
+    RAND_add(&curr_gid, sizeof curr_gid, 1);
+    curr_gid = 0;
+
+    curr_pid = getpid();
+    RAND_add(&curr_pid, sizeof curr_pid, 1);
+    curr_pid = 0;
+
+    curr_uid = getuid();
+    RAND_add(&curr_uid, sizeof curr_uid, 1);
+    curr_uid = 0;
+
+    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
+        /*
+         * burn some cpu; hope for interrupts, cache collisions, bus
+         * interference, etc.
+         */
+        for (k = 0; k < 99; k++)
+            ts.tv_nsec = random();
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+        /* sleep for 1/1024 of a second (976 us).  */
+        duration = 1;
+        s$sleep(&duration, &code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+        /* sleep for 1/65536 of a second (15 us).  */
+        duration = 1;
+        s$sleep2(&duration, &code);
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+        /* get wall clock time.  */
+        clock_gettime(CLOCK_REALTIME, &ts);
+
+        /* take 8 bits */
+        v = (unsigned char)(ts.tv_nsec % 256);
+        RAND_add(&v, sizeof v, 1);
+        v = 0;
+    }
+    return 1;
 }
-#elif defined __OpenBSD__
+# elif defined __OpenBSD__
 int RAND_poll(void)
 {
-	u_int32_t rnd = 0, i;
-	unsigned char buf[ENTROPY_NEEDED];
-
-	for (i = 0; i < sizeof(buf); i++) {
-		if (i % 4 == 0)
-			rnd = arc4random();
-		buf[i] = rnd;
-		rnd >>= 8;
-	}
-	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-	memset(buf, 0, sizeof(buf));
-
-	return 1;
+    u_int32_t rnd = 0, i;
+    unsigned char buf[ENTROPY_NEEDED];
+
+    for (i = 0; i < sizeof(buf); i++) {
+        if (i % 4 == 0)
+            rnd = arc4random();
+        buf[i] = rnd;
+        rnd >>= 8;
+    }
+    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+    memset(buf, 0, sizeof(buf));
+
+    return 1;
 }
-#else /* !defined(__OpenBSD__) */
+# else                          /* !defined(__OpenBSD__) */
 int RAND_poll(void)
 {
-	unsigned long l;
-	pid_t curr_pid = getpid();
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	unsigned char tmpbuf[ENTROPY_NEEDED];
-	int n = 0;
-#endif
-#ifdef DEVRANDOM
-	static const char *randomfiles[] = { DEVRANDOM };
-	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
-	int fd;
-	unsigned int i;
-#endif
-#ifdef DEVRANDOM_EGD
-	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-	const char **egdsocket = NULL;
-#endif
-
-#ifdef DEVRANDOM
-	memset(randomstats,0,sizeof(randomstats));
-	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-	 * have this. Use /dev/urandom if you can as /dev/random may block
-	 * if it runs out of random entries.  */
-
-	for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
-			(n < ENTROPY_NEEDED); i++)
-		{
-		if ((fd = open(randomfiles[i], O_RDONLY
-#ifdef O_NONBLOCK
-			|O_NONBLOCK
-#endif
-#ifdef O_BINARY
-			|O_BINARY
-#endif
-#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
-		   our controlling tty */
-			|O_NOCTTY
-#endif
-			)) >= 0)
-			{
-			int usec = 10*1000; /* spend 10ms on each file */
-			int r;
-			unsigned int j;
-			struct stat *st=&randomstats[i];
-
-			/* Avoid using same input... Used to be O_NOFOLLOW
-			 * above, but it's not universally appropriate... */
-			if (fstat(fd,st) != 0)	{ close(fd); continue; }
-			for (j=0;j<i;j++)
-				{
-				if (randomstats[j].st_ino==st->st_ino &&
-				    randomstats[j].st_dev==st->st_dev)
-					break;
-				}
-			if (j<i)		{ close(fd); continue; }
-
-			do
-				{
-				int try_read = 0;
-
-#if defined(OPENSSL_SYS_BEOS_R5)
-				/* select() is broken in BeOS R5, so we simply
-				 *  try to read something and snooze if we couldn't */
-				try_read = 1;
-
-#elif defined(OPENSSL_SYS_LINUX)
-				/* use poll() */
-				struct pollfd pset;
-				
-				pset.fd = fd;
-				pset.events = POLLIN;
-				pset.revents = 0;
-
-				if (poll(&pset, 1, usec / 1000) < 0)
-					usec = 0;
-				else
-					try_read = (pset.revents & POLLIN) != 0;
-
-#else
-				/* use select() */
-				fd_set fset;
-				struct timeval t;
-				
-				t.tv_sec = 0;
-				t.tv_usec = usec;
-
-				if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
-					{
-					/* can't use select, so just try to read once anyway */
-					try_read = 1;
-					}
-				else
-					{
-					FD_ZERO(&fset);
-					FD_SET(fd, &fset);
-					
-					if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
-						{
-						usec = t.tv_usec;
-						if (FD_ISSET(fd, &fset))
-							try_read = 1;
-						}
-					else
-						usec = 0;
-					}
-#endif
-				
-				if (try_read)
-					{
-					r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
-					if (r > 0)
-						n += r;
-#if defined(OPENSSL_SYS_BEOS_R5)
-					if (r == 0)
-						snooze(t.tv_usec);
-#endif
-					}
-				else
-					r = -1;
-				
-				/* Some Unixen will update t in select(), some
-				   won't.  For those who won't, or if we
-				   didn't use select() in the first place,
-				   give up here, otherwise, we will do
-				   this once again for the remaining
-				   time. */
-				if (usec == 10*1000)
-					usec = 0;
-				}
-			while ((r > 0 ||
-			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-
-			close(fd);
-			}
-		}
-#endif /* defined(DEVRANDOM) */
-
-#ifdef DEVRANDOM_EGD
-	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
-	 * collecting daemon. */
-
-	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
-		{
-		int r;
-
-		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
-					 ENTROPY_NEEDED-n);
-		if (r > 0)
-			n += r;
-		}
-#endif /* defined(DEVRANDOM_EGD) */
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	if (n > 0)
-		{
-		RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
-		OPENSSL_cleanse(tmpbuf,n);
-		}
-#endif
-
-	/* put in some default random data, we need more than just this */
-	l=curr_pid;
-	RAND_add(&l,sizeof(l),0.0);
-	l=getuid();
-	RAND_add(&l,sizeof(l),0.0);
-
-	l=time(NULL);
-	RAND_add(&l,sizeof(l),0.0);
-
-#if defined(OPENSSL_SYS_BEOS)
-	{
-	system_info sysInfo;
-	get_system_info(&sysInfo);
-	RAND_add(&sysInfo,sizeof(sysInfo),0);
-	}
-#endif
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	return 1;
-#else
-	return 0;
-#endif
+    unsigned long l;
+    pid_t curr_pid = getpid();
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    unsigned char tmpbuf[ENTROPY_NEEDED];
+    int n = 0;
+#  endif
+#  ifdef DEVRANDOM
+    static const char *randomfiles[] = { DEVRANDOM };
+    struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
+    int fd;
+    unsigned int i;
+#  endif
+#  ifdef DEVRANDOM_EGD
+    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+    const char **egdsocket = NULL;
+#  endif
+
+#  ifdef DEVRANDOM
+    memset(randomstats, 0, sizeof(randomstats));
+    /*
+     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
+     * this. Use /dev/urandom if you can as /dev/random may block if it runs
+     * out of random entries.
+     */
+
+    for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
+         (n < ENTROPY_NEEDED); i++) {
+        if ((fd = open(randomfiles[i], O_RDONLY
+#   ifdef O_NONBLOCK
+                       | O_NONBLOCK
+#   endif
+#   ifdef O_BINARY
+                       | O_BINARY
+#   endif
+#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
+                                 * not make it our controlling tty */
+                       | O_NOCTTY
+#   endif
+             )) >= 0) {
+            int usec = 10 * 1000; /* spend 10ms on each file */
+            int r;
+            unsigned int j;
+            struct stat *st = &randomstats[i];
+
+            /*
+             * Avoid using same input... Used to be O_NOFOLLOW above, but
+             * it's not universally appropriate...
+             */
+            if (fstat(fd, st) != 0) {
+                close(fd);
+                continue;
+            }
+            for (j = 0; j < i; j++) {
+                if (randomstats[j].st_ino == st->st_ino &&
+                    randomstats[j].st_dev == st->st_dev)
+                    break;
+            }
+            if (j < i) {
+                close(fd);
+                continue;
+            }
+
+            do {
+                int try_read = 0;
+
+#   if defined(OPENSSL_SYS_BEOS_R5)
+                /*
+                 * select() is broken in BeOS R5, so we simply try to read
+                 * something and snooze if we couldn't
+                 */
+                try_read = 1;
+
+#   elif defined(OPENSSL_SYS_LINUX)
+                /* use poll() */
+                struct pollfd pset;
+
+                pset.fd = fd;
+                pset.events = POLLIN;
+                pset.revents = 0;
+
+                if (poll(&pset, 1, usec / 1000) < 0)
+                    usec = 0;
+                else
+                    try_read = (pset.revents & POLLIN) != 0;
+
+#   else
+                /* use select() */
+                fd_set fset;
+                struct timeval t;
+
+                t.tv_sec = 0;
+                t.tv_usec = usec;
+
+                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
+                    /*
+                     * can't use select, so just try to read once anyway
+                     */
+                    try_read = 1;
+                } else {
+                    FD_ZERO(&fset);
+                    FD_SET(fd, &fset);
+
+                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
+                        usec = t.tv_usec;
+                        if (FD_ISSET(fd, &fset))
+                            try_read = 1;
+                    } else
+                        usec = 0;
+                }
+#   endif
+
+                if (try_read) {
+                    r = read(fd, (unsigned char *)tmpbuf + n,
+                             ENTROPY_NEEDED - n);
+                    if (r > 0)
+                        n += r;
+#   if defined(OPENSSL_SYS_BEOS_R5)
+                    if (r == 0)
+                        snooze(t.tv_usec);
+#   endif
+                } else
+                    r = -1;
+
+                /*
+                 * Some Unixen will update t in select(), some won't.  For
+                 * those who won't, or if we didn't use select() in the first
+                 * place, give up here, otherwise, we will do this once again
+                 * for the remaining time.
+                 */
+                if (usec == 10 * 1000)
+                    usec = 0;
+            }
+            while ((r > 0 ||
+                    (errno == EINTR || errno == EAGAIN)) && usec != 0
+                   && n < ENTROPY_NEEDED);
+
+            close(fd);
+        }
+    }
+#  endif                        /* defined(DEVRANDOM) */
+
+#  ifdef DEVRANDOM_EGD
+    /*
+     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+     * collecting daemon.
+     */
+
+    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+         egdsocket++) {
+        int r;
+
+        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
+                                 ENTROPY_NEEDED - n);
+        if (r > 0)
+            n += r;
+    }
+#  endif                        /* defined(DEVRANDOM_EGD) */
+
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    if (n > 0) {
+        RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
+        OPENSSL_cleanse(tmpbuf, n);
+    }
+#  endif
+
+    /* put in some default random data, we need more than just this */
+    l = curr_pid;
+    RAND_add(&l, sizeof(l), 0.0);
+    l = getuid();
+    RAND_add(&l, sizeof(l), 0.0);
+
+    l = time(NULL);
+    RAND_add(&l, sizeof(l), 0.0);
+
+#  if defined(OPENSSL_SYS_BEOS)
+    {
+        system_info sysInfo;
+        get_system_info(&sysInfo);
+        RAND_add(&sysInfo, sizeof(sysInfo), 0);
+    }
+#  endif
+
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    return 1;
+#  else
+    return 0;
+#  endif
 }
 
-#endif /* defined(__OpenBSD__) */
-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
+# endif                         /* defined(__OpenBSD__) */
+#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
+                                 * defined(OPENSSL_SYS_WIN32) ||
+                                 * defined(OPENSSL_SYS_VMS) ||
+                                 * defined(OPENSSL_SYS_OS2) ||
+                                 * defined(OPENSSL_SYS_VXWORKS) ||
+                                 * defined(OPENSSL_SYS_NETWARE)) */
 
 #if defined(OPENSSL_SYS_VXWORKS)
 int RAND_poll(void)
-	{
-	return 0;
-	}
+{
+    return 0;
+}
 #endif
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 14ba69d4c694..9537c56a7895 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,7 +58,7 @@
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
 #if !defined(OPENSSL_SYS_VXWORKS)
-#define _XOPEN_SOURCE 500
+# define _XOPEN_SOURCE 500
 #endif
 
 #include <errno.h>
@@ -72,7 +72,7 @@
 #include <openssl/buffer.h>
 
 #ifdef OPENSSL_SYS_VMS
-#include <unixio.h>
+# include <unixio.h>
 #endif
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -83,247 +83,255 @@
 #endif
 
 #ifdef _WIN32
-#define stat	_stat
-#define chmod	_chmod
-#define open	_open
-#define fdopen	_fdopen
+# define stat    _stat
+# define chmod   _chmod
+# define open    _open
+# define fdopen  _fdopen
 #endif
 
 #undef BUFSIZE
-#define BUFSIZE	1024
+#define BUFSIZE 1024
 #define RAND_DATA 1024
 
 #ifdef OPENSSL_SYS_VMS
-/* This declaration is a nasty hack to get around vms' extension to fopen
- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
+/*
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by our /STANDARD=ANSI89
+ */
 static FILE *(*const vms_fopen)(const char *, const char *, ...) =
     (FILE *(*)(const char *, const char *, ...))fopen;
-#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
 #endif
 
 /* #define RFILE ".rnd" - defined in ../../e_os.h */
 
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c
+ */
 
 int RAND_load_file(const char *file, long bytes)
-	{
-	/* If bytes >= 0, read up to 'bytes' bytes.
-	 * if bytes == -1, read complete file. */
+{
+    /*-
+     * If bytes >= 0, read up to 'bytes' bytes.
+     * if bytes == -1, read complete file.
+     */
 
-	MS_STATIC unsigned char buf[BUFSIZE];
+    MS_STATIC unsigned char buf[BUFSIZE];
 #ifndef OPENSSL_NO_POSIX_IO
-	struct stat sb;
+    struct stat sb;
 #endif
-	int i,ret=0,n;
-	FILE *in;
+    int i, ret = 0, n;
+    FILE *in;
 
-	if (file == NULL) return(0);
+    if (file == NULL)
+        return (0);
 
 #ifndef OPENSSL_NO_POSIX_IO
-#ifdef PURIFY
-	/* struct stat can have padding and unused fields that may not be
-	 * initialized in the call to stat(). We need to clear the entire
-	 * structure before calling RAND_add() to avoid complaints from
-	 * applications such as Valgrind.
-	 */
-	memset(&sb, 0, sizeof(sb));
-#endif
-	if (stat(file,&sb) < 0) return(0);
-	RAND_add(&sb,sizeof(sb),0.0);
+# ifdef PURIFY
+    /*
+     * struct stat can have padding and unused fields that may not be
+     * initialized in the call to stat(). We need to clear the entire
+     * structure before calling RAND_add() to avoid complaints from
+     * applications such as Valgrind.
+     */
+    memset(&sb, 0, sizeof(sb));
+# endif
+    if (stat(file, &sb) < 0)
+        return (0);
+    RAND_add(&sb, sizeof(sb), 0.0);
 #endif
-	if (bytes == 0) return(ret);
+    if (bytes == 0)
+        return (ret);
 
 #ifdef OPENSSL_SYS_VMS
-	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+    in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
 #else
-	in=fopen(file,"rb");
+    in = fopen(file, "rb");
 #endif
-	if (in == NULL) goto err;
+    if (in == NULL)
+        goto err;
 #if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
-	if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
-	  /* this file is a device. we don't want read an infinite number
-	   * of bytes from a random device, nor do we want to use buffered
-	   * I/O because we will waste system entropy. 
-	   */
-	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-	}
+    if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+        /*
+         * this file is a device. we don't want read an infinite number of
+         * bytes from a random device, nor do we want to use buffered I/O
+         * because we will waste system entropy.
+         */
+        bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+# ifndef OPENSSL_NO_SETVBUF_IONBF
+        setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
+    }
 #endif
-	for (;;)
-		{
-		if (bytes > 0)
-			n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
-		else
-			n = BUFSIZE;
-		i=fread(buf,1,n,in);
-		if (i <= 0) break;
+    for (;;) {
+        if (bytes > 0)
+            n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+        else
+            n = BUFSIZE;
+        i = fread(buf, 1, n, in);
+        if (i <= 0)
+            break;
 #ifdef PURIFY
-		RAND_add(buf,i,(double)i);
+        RAND_add(buf, i, (double)i);
 #else
-		/* even if n != i, use the full array */
-		RAND_add(buf,n,(double)i);
+        /* even if n != i, use the full array */
+        RAND_add(buf, n, (double)i);
 #endif
-		ret+=i;
-		if (bytes > 0)
-			{
-			bytes-=n;
-			if (bytes <= 0) break;
-			}
-		}
-	fclose(in);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return(ret);
-	}
+        ret += i;
+        if (bytes > 0) {
+            bytes -= n;
+            if (bytes <= 0)
+                break;
+        }
+    }
+    fclose(in);
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    return (ret);
+}
 
 int RAND_write_file(const char *file)
-	{
-	unsigned char buf[BUFSIZE];
-	int i,ret=0,rand_err=0;
-	FILE *out = NULL;
-	int n;
+{
+    unsigned char buf[BUFSIZE];
+    int i, ret = 0, rand_err = 0;
+    FILE *out = NULL;
+    int n;
 #ifndef OPENSSL_NO_POSIX_IO
-	struct stat sb;
-	
-	i=stat(file,&sb);
-	if (i != -1) { 
-#if defined(S_ISBLK) && defined(S_ISCHR)
-	  if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-	    /* this file is a device. we don't write back to it. 
-	     * we "succeed" on the assumption this is some sort 
-	     * of random device. Otherwise attempting to write to 
-	     * and chmod the device causes problems.
-	     */
-	    return(1); 
-	  }
-#endif
-	}
+    struct stat sb;
+
+    i = stat(file, &sb);
+    if (i != -1) {
+# if defined(S_ISBLK) && defined(S_ISCHR)
+        if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+            /*
+             * this file is a device. we don't write back to it. we
+             * "succeed" on the assumption this is some sort of random
+             * device. Otherwise attempting to write to and chmod the device
+             * causes problems.
+             */
+            return (1);
+        }
+# endif
+    }
 #endif
 
 #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
-	{
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-	/* chmod(..., 0600) is too late to protect the file,
-	 * permissions should be restrictive from the start */
-	int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
-	if (fd != -1)
-		out = fdopen(fd, "wb");
-	}
+    {
+# ifndef O_BINARY
+#  define O_BINARY 0
+# endif
+        /*
+         * chmod(..., 0600) is too late to protect the file, permissions
+         * should be restrictive from the start
+         */
+        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
+        if (fd != -1)
+            out = fdopen(fd, "wb");
+    }
 #endif
 
 #ifdef OPENSSL_SYS_VMS
-	/* VMS NOTE: Prior versions of this routine created a _new_
-	 * version of the rand file for each call into this routine, then
-	 * deleted all existing versions named ;-1, and finally renamed
-	 * the current version as ';1'. Under concurrent usage, this
-	 * resulted in an RMS race condition in rename() which could
-	 * orphan files (see vms message help for RMS$_REENT). With the
-	 * fopen() calls below, openssl/VMS now shares the top-level
-	 * version of the rand file. Note that there may still be
-	 * conditions where the top-level rand file is locked. If so, this
-	 * code will then create a new version of the rand file. Without
-	 * the delete and rename code, this can result in ascending file
-	 * versions that stop at version 32767, and this routine will then
-	 * return an error. The remedy for this is to recode the calling
-	 * application to avoid concurrent use of the rand file, or
-	 * synchronize usage at the application level. Also consider
-	 * whether or not you NEED a persistent rand file in a concurrent
-	 * use situation. 
-	 */
+    /*
+     * VMS NOTE: Prior versions of this routine created a _new_ version of
+     * the rand file for each call into this routine, then deleted all
+     * existing versions named ;-1, and finally renamed the current version
+     * as ';1'. Under concurrent usage, this resulted in an RMS race
+     * condition in rename() which could orphan files (see vms message help
+     * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+     * the top-level version of the rand file. Note that there may still be
+     * conditions where the top-level rand file is locked. If so, this code
+     * will then create a new version of the rand file. Without the delete
+     * and rename code, this can result in ascending file versions that stop
+     * at version 32767, and this routine will then return an error. The
+     * remedy for this is to recode the calling application to avoid
+     * concurrent use of the rand file, or synchronize usage at the
+     * application level. Also consider whether or not you NEED a persistent
+     * rand file in a concurrent use situation.
+     */
 
-	out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
-	if (out == NULL)
-		out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+    out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
+    if (out == NULL)
+        out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
 #else
-	if (out == NULL)
-		out = fopen(file,"wb");
+    if (out == NULL)
+        out = fopen(file, "wb");
 #endif
-	if (out == NULL) goto err;
+    if (out == NULL)
+        goto err;
 
 #ifndef NO_CHMOD
-	chmod(file,0600);
+    chmod(file, 0600);
 #endif
-	n=RAND_DATA;
-	for (;;)
-		{
-		i=(n > BUFSIZE)?BUFSIZE:n;
-		n-=BUFSIZE;
-		if (RAND_bytes(buf,i) <= 0)
-			rand_err=1;
-		i=fwrite(buf,1,i,out);
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		ret+=i;
-		if (n <= 0) break;
-                }
+    n = RAND_DATA;
+    for (;;) {
+        i = (n > BUFSIZE) ? BUFSIZE : n;
+        n -= BUFSIZE;
+        if (RAND_bytes(buf, i) <= 0)
+            rand_err = 1;
+        i = fwrite(buf, 1, i, out);
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        ret += i;
+        if (n <= 0)
+            break;
+    }
 
-	fclose(out);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return (rand_err ? -1 : ret);
-	}
+    fclose(out);
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    return (rand_err ? -1 : ret);
+}
 
 const char *RAND_file_name(char *buf, size_t size)
-	{
-	char *s=NULL;
+{
+    char *s = NULL;
 #ifdef __OpenBSD__
-	struct stat sb;
+    struct stat sb;
 #endif
 
-	if (OPENSSL_issetugid() == 0)
-		s=getenv("RANDFILE");
-	if (s != NULL && *s && strlen(s) + 1 < size)
-		{
-		if (BUF_strlcpy(buf,s,size) >= size)
-			return NULL;
-		}
-	else
-		{
-		if (OPENSSL_issetugid() == 0)
-			s=getenv("HOME");
+    if (OPENSSL_issetugid() == 0)
+        s = getenv("RANDFILE");
+    if (s != NULL && *s && strlen(s) + 1 < size) {
+        if (BUF_strlcpy(buf, s, size) >= size)
+            return NULL;
+    } else {
+        if (OPENSSL_issetugid() == 0)
+            s = getenv("HOME");
 #ifdef DEFAULT_HOME
-		if (s == NULL)
-			{
-			s = DEFAULT_HOME;
-			}
+        if (s == NULL) {
+            s = DEFAULT_HOME;
+        }
 #endif
-		if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
-			{
-			BUF_strlcpy(buf,s,size);
+        if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
+            BUF_strlcpy(buf, s, size);
 #ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf,"/",size);
+            BUF_strlcat(buf, "/", size);
 #endif
-			BUF_strlcat(buf,RFILE,size);
-			}
-		else
-		  	buf[0] = '\0'; /* no file name */
-		}
+            BUF_strlcat(buf, RFILE, size);
+        } else
+            buf[0] = '\0';      /* no file name */
+    }
 
 #ifdef __OpenBSD__
-	/* given that all random loads just fail if the file can't be 
-	 * seen on a stat, we stat the file we're returning, if it
-	 * fails, use /dev/arandom instead. this allows the user to 
-	 * use their own source for good random data, but defaults
-	 * to something hopefully decent if that isn't available. 
-	 */
-
-	if (!buf[0])
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
-	if (stat(buf,&sb) == -1)
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
+    /*
+     * given that all random loads just fail if the file can't be seen on a
+     * stat, we stat the file we're returning, if it fails, use /dev/arandom
+     * instead. this allows the user to use their own source for good random
+     * data, but defaults to something hopefully decent if that isn't
+     * available.
+     */
 
+    if (!buf[0])
+        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+            return (NULL);
+        }
+    if (stat(buf, &sb) == -1)
+        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+            return (NULL);
+        }
 #endif
-	return(buf);
-	}
+    return (buf);
+}
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index 9e92a70b033c..91bcac9906b2 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,155 +65,145 @@
 /* some FIPS 140-1 random number test */
 /* some simple tests */
 
-int main(int argc,char **argv)
-	{
-	unsigned char buf[2500];
-	int i,j,k,s,sign,nsign,err=0;
-	unsigned long n1;
-	unsigned long n2[16];
-	unsigned long runs[2][34];
-	/*double d; */
-	long d;
+int main(int argc, char **argv)
+{
+    unsigned char buf[2500];
+    int i, j, k, s, sign, nsign, err = 0;
+    unsigned long n1;
+    unsigned long n2[16];
+    unsigned long runs[2][34];
+    /*
+     * double d;
+     */
+    long d;
 
-	i = RAND_pseudo_bytes(buf,2500);
-	if (i < 0)
-		{
-		printf ("init failed, the rand method is not properly installed\n");
-		err++;
-		goto err;
-		}
+    i = RAND_pseudo_bytes(buf, 2500);
+    if (i < 0) {
+        printf("init failed, the rand method is not properly installed\n");
+        err++;
+        goto err;
+    }
 
-	n1=0;
-	for (i=0; i<16; i++) n2[i]=0;
-	for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+    n1 = 0;
+    for (i = 0; i < 16; i++)
+        n2[i] = 0;
+    for (i = 0; i < 34; i++)
+        runs[0][i] = runs[1][i] = 0;
 
-	/* test 1 and 2 */
-	sign=0;
-	nsign=0;
-	for (i=0; i<2500; i++)
-		{
-		j=buf[i];
+    /* test 1 and 2 */
+    sign = 0;
+    nsign = 0;
+    for (i = 0; i < 2500; i++) {
+        j = buf[i];
 
-		n2[j&0x0f]++;
-		n2[(j>>4)&0x0f]++;
+        n2[j & 0x0f]++;
+        n2[(j >> 4) & 0x0f]++;
 
-		for (k=0; k<8; k++)
-			{
-			s=(j&0x01);
-			if (s == sign)
-				nsign++;
-			else
-				{
-				if (nsign > 34) nsign=34;
-				if (nsign != 0)
-					{
-					runs[sign][nsign-1]++;
-					if (nsign > 6)
-						runs[sign][5]++;
-					}
-				sign=s;
-				nsign=1;
-				}
+        for (k = 0; k < 8; k++) {
+            s = (j & 0x01);
+            if (s == sign)
+                nsign++;
+            else {
+                if (nsign > 34)
+                    nsign = 34;
+                if (nsign != 0) {
+                    runs[sign][nsign - 1]++;
+                    if (nsign > 6)
+                        runs[sign][5]++;
+                }
+                sign = s;
+                nsign = 1;
+            }
 
-			if (s) n1++;
-			j>>=1;
-			}
-		}
-		if (nsign > 34) nsign=34;
-		if (nsign != 0) runs[sign][nsign-1]++;
+            if (s)
+                n1++;
+            j >>= 1;
+        }
+    }
+    if (nsign > 34)
+        nsign = 34;
+    if (nsign != 0)
+        runs[sign][nsign - 1]++;
 
-	/* test 1 */
-	if (!((9654 < n1) && (n1 < 10346)))
-		{
-		printf("test 1 failed, X=%lu\n",n1);
-		err++;
-		}
-	printf("test 1 done\n");
+    /* test 1 */
+    if (!((9654 < n1) && (n1 < 10346))) {
+        printf("test 1 failed, X=%lu\n", n1);
+        err++;
+    }
+    printf("test 1 done\n");
 
-	/* test 2 */
+    /* test 2 */
 #ifdef undef
-	d=0;
-	for (i=0; i<16; i++)
-		d+=n2[i]*n2[i];
-	d=d*16.0/5000.0-5000.0;
-	if (!((1.03 < d) && (d < 57.4)))
-		{
-		printf("test 2 failed, X=%.2f\n",d);
-		err++;
-		}
+    d = 0;
+    for (i = 0; i < 16; i++)
+        d += n2[i] * n2[i];
+    d = d * 16.0 / 5000.0 - 5000.0;
+    if (!((1.03 < d) && (d < 57.4))) {
+        printf("test 2 failed, X=%.2f\n", d);
+        err++;
+    }
 #endif
-	d=0;
-	for (i=0; i<16; i++)
-		d+=n2[i]*n2[i];
-	d=(d*8)/25-500000;
-	if (!((103 < d) && (d < 5740)))
-		{
-		printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
-		err++;
-		}
-	printf("test 2 done\n");
+    d = 0;
+    for (i = 0; i < 16; i++)
+        d += n2[i] * n2[i];
+    d = (d * 8) / 25 - 500000;
+    if (!((103 < d) && (d < 5740))) {
+        printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L);
+        err++;
+    }
+    printf("test 2 done\n");
+
+    /* test 3 */
+    for (i = 0; i < 2; i++) {
+        if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 1, runs[i][0]);
+            err++;
+        }
+        if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 2, runs[i][1]);
+            err++;
+        }
+        if (!((502 < runs[i][2]) && (runs[i][2] < 748))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 3, runs[i][2]);
+            err++;
+        }
+        if (!((223 < runs[i][3]) && (runs[i][3] < 402))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 4, runs[i][3]);
+            err++;
+        }
+        if (!((90 < runs[i][4]) && (runs[i][4] < 223))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 5, runs[i][4]);
+            err++;
+        }
+        if (!((90 < runs[i][5]) && (runs[i][5] < 223))) {
+            printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                   i, 6, runs[i][5]);
+            err++;
+        }
+    }
+    printf("test 3 done\n");
 
-	/* test 3 */
-	for (i=0; i<2; i++)
-		{
-		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,1,runs[i][0]);
-			err++;
-			}
-		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,2,runs[i][1]);
-			err++;
-			}
-		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,3,runs[i][2]);
-			err++;
-			}
-		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,4,runs[i][3]);
-			err++;
-			}
-		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,5,runs[i][4]);
-			err++;
-			}
-		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,6,runs[i][5]);
-			err++;
-			}
-		}
-	printf("test 3 done\n");
-	
-	/* test 4 */
-	if (runs[0][33] != 0)
-		{
-		printf("test 4 failed, bit=%d run=%d num=%lu\n",
-			0,34,runs[0][33]);
-		err++;
-		}
-	if (runs[1][33] != 0)
-		{
-		printf("test 4 failed, bit=%d run=%d num=%lu\n",
-			1,34,runs[1][33]);
-		err++;
-		}
-	printf("test 4 done\n");
+    /* test 4 */
+    if (runs[0][33] != 0) {
+        printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]);
+        err++;
+    }
+    if (runs[1][33] != 0) {
+        printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]);
+        err++;
+    }
+    printf("test 4 done\n");
  err:
-	err=((err)?1:0);
+    err = ((err) ? 1 : 0);
 #ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
+    if (err)
+        printf("ERROR: %d\n", err);
 #endif
-	EXIT(err);
-	return(err);
-	}
+    EXIT(err);
+    return (err);
+}