From 65577cf37ab5831e736dd5db8459c0927cd3e224 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 28 Nov 2009 00:43:34 +0000
Subject: Mark and reindent lib/crypto

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/builtin/aes/aes_s2k.c               |  45 +-
 src/lib/crypto/builtin/aes/aes_s2k.h               |  10 +-
 src/lib/crypto/builtin/des/afsstring2key.c         | 765 ++++++++--------
 src/lib/crypto/builtin/des/d3_aead.c               | 171 ++--
 src/lib/crypto/builtin/des/d3_cbc.c                | 227 ++---
 src/lib/crypto/builtin/des/d3_kysched.c            |  15 +-
 src/lib/crypto/builtin/des/des_int.h               | 282 +++---
 src/lib/crypto/builtin/des/destest.c               | 149 ++--
 src/lib/crypto/builtin/des/f_aead.c                | 151 ++--
 src/lib/crypto/builtin/des/f_cbc.c                 | 341 ++++----
 src/lib/crypto/builtin/des/f_cksum.c               | 157 ++--
 src/lib/crypto/builtin/des/f_parity.c              |  21 +-
 src/lib/crypto/builtin/des/f_sched.c               | 527 +++++------
 src/lib/crypto/builtin/des/f_tables.c              | 545 ++++++------
 src/lib/crypto/builtin/des/f_tables.h              | 207 ++---
 src/lib/crypto/builtin/des/key_sched.c             |   7 +-
 src/lib/crypto/builtin/des/string2key.c            | 195 ++---
 src/lib/crypto/builtin/des/t_afss2k.c              | 221 ++---
 src/lib/crypto/builtin/des/t_verify.c              | 333 +++----
 src/lib/crypto/builtin/des/weak_key.c              |   5 +-
 src/lib/crypto/builtin/enc_provider/aes.c          | 393 ++++-----
 src/lib/crypto/builtin/enc_provider/des.c          |  65 +-
 src/lib/crypto/builtin/enc_provider/des3.c         |  85 +-
 src/lib/crypto/builtin/enc_provider/enc_provider.h |   1 +
 src/lib/crypto/builtin/enc_provider/rc4.c          | 273 +++---
 src/lib/crypto/builtin/hash_provider/hash_crc32.c  |   9 +-
 src/lib/crypto/builtin/hash_provider/hash_md4.c    |   7 +-
 src/lib/crypto/builtin/hash_provider/hash_md5.c    |   7 +-
 .../crypto/builtin/hash_provider/hash_provider.h   |   1 +
 src/lib/crypto/builtin/hash_provider/hash_sha1.c   |   9 +-
 src/lib/crypto/builtin/hmac.c                      |  19 +-
 src/lib/crypto/builtin/md4/md4.c                   | 369 ++++----
 src/lib/crypto/builtin/md4/rsa-md4.h               |  83 +-
 src/lib/crypto/builtin/md5/md5.c                   | 517 +++++------
 src/lib/crypto/builtin/md5/rsa-md5.h               |  91 +-
 src/lib/crypto/builtin/pbkdf2.c                    | 139 +--
 src/lib/crypto/builtin/sha1/shs.c                  | 203 ++---
 src/lib/crypto/builtin/sha1/shs.h                  |  25 +-
 src/lib/crypto/builtin/sha1/t_shs.c                |  51 +-
 src/lib/crypto/builtin/sha1/t_shs3.c               | 969 +++++++++++----------
 src/lib/crypto/builtin/t_cf2.c                     |  79 +-
 src/lib/crypto/builtin/yhash.h                     |  18 +-
 src/lib/crypto/crypto_tests/aes-test.c             |  39 +-
 src/lib/crypto/crypto_tests/t_cksum.c              | 215 ++---
 src/lib/crypto/crypto_tests/t_crc.c                |  89 +-
 src/lib/crypto/crypto_tests/t_cts.c                |  91 +-
 src/lib/crypto/crypto_tests/t_encrypt.c            | 363 ++++----
 src/lib/crypto/crypto_tests/t_hmac.c               | 273 +++---
 src/lib/crypto/crypto_tests/t_kperf.c              |   2 +-
 src/lib/crypto/crypto_tests/t_mdcksum.c            | 289 +++---
 src/lib/crypto/crypto_tests/t_mddriver.c           | 309 +++----
 src/lib/crypto/crypto_tests/t_nfold.c              | 111 +--
 src/lib/crypto/crypto_tests/t_pkcs5.c              |  69 +-
 src/lib/crypto/crypto_tests/t_prf.c                |  89 +-
 src/lib/crypto/crypto_tests/t_prng.c               |  81 +-
 src/lib/crypto/crypto_tests/vectors.c              | 517 +++++------
 src/lib/crypto/crypto_tests/ytest.c                | 186 ++--
 src/lib/crypto/krb/aead.c                          | 385 ++++----
 src/lib/crypto/krb/aead.h                          | 111 +--
 src/lib/crypto/krb/arcfour/arcfour-int.h           |   9 +-
 src/lib/crypto/krb/arcfour/arcfour.c               | 601 ++++++-------
 src/lib/crypto/krb/arcfour/arcfour.h               |  41 +-
 src/lib/crypto/krb/arcfour/arcfour_aead.c          | 163 ++--
 src/lib/crypto/krb/arcfour/arcfour_s2k.c           |  73 +-
 src/lib/crypto/krb/block_size.c                    |   5 +-
 src/lib/crypto/krb/cf2.c                           |  55 +-
 src/lib/crypto/krb/checksum_length.c               |  15 +-
 src/lib/crypto/krb/cksumtype_to_string.c           |  13 +-
 src/lib/crypto/krb/cksumtypes.c                    |   1 +
 src/lib/crypto/krb/cksumtypes.h                    |   5 +-
 src/lib/crypto/krb/coll_proof_cksum.c              |   7 +-
 src/lib/crypto/krb/combine_keys.c                  |  95 +-
 src/lib/crypto/krb/crc32/crc-32.h                  |   7 +-
 src/lib/crypto/krb/crc32/crc32.c                   |  19 +-
 src/lib/crypto/krb/crypto_length.c                 |  99 +--
 src/lib/crypto/krb/crypto_libinit.c                |   3 +-
 src/lib/crypto/krb/decrypt.c                       |  25 +-
 src/lib/crypto/krb/decrypt_iov.c                   |  37 +-
 src/lib/crypto/krb/default_state.c                 |  37 +-
 src/lib/crypto/krb/dk/checksum.c                   |  23 +-
 src/lib/crypto/krb/dk/derive.c                     | 119 +--
 src/lib/crypto/krb/dk/dk.h                         |  87 +-
 src/lib/crypto/krb/dk/dk_aead.c                    | 165 ++--
 src/lib/crypto/krb/dk/dk_decrypt.c                 |  87 +-
 src/lib/crypto/krb/dk/dk_encrypt.c                 |  87 +-
 src/lib/crypto/krb/dk/stringtokey.c                |  19 +-
 src/lib/crypto/krb/encrypt.c                       |  23 +-
 src/lib/crypto/krb/encrypt_iov.c                   |  29 +-
 src/lib/crypto/krb/encrypt_length.c                |  13 +-
 src/lib/crypto/krb/enctype_compare.c               |   5 +-
 src/lib/crypto/krb/enctype_to_string.c             |   5 +-
 src/lib/crypto/krb/etypes.c                        |   1 +
 src/lib/crypto/krb/etypes.h                        |  41 +-
 src/lib/crypto/krb/key.c                           |  21 +-
 src/lib/crypto/krb/keyblocks.c                     |  31 +-
 src/lib/crypto/krb/keyed_checksum_types.c          |  21 +-
 src/lib/crypto/krb/keyed_cksum.c                   |  11 +-
 src/lib/crypto/krb/keyhash_provider/descbc.c       |  23 +-
 src/lib/crypto/krb/keyhash_provider/hmac_md5.c     | 219 ++---
 src/lib/crypto/krb/keyhash_provider/k5_md4des.c    |  59 +-
 src/lib/crypto/krb/keyhash_provider/k5_md5des.c    |  55 +-
 .../crypto/krb/keyhash_provider/keyhash_provider.h |   1 +
 src/lib/crypto/krb/keyhash_provider/md5_hmac.c     |  41 +-
 src/lib/crypto/krb/keylengths.c                    |  11 +-
 src/lib/crypto/krb/make_checksum.c                 | 101 +--
 src/lib/crypto/krb/make_checksum_iov.c             |  51 +-
 src/lib/crypto/krb/make_random_key.c               |  15 +-
 src/lib/crypto/krb/mandatory_sumtype.c             |   5 +-
 src/lib/crypto/krb/nfold.c                         |  99 +--
 src/lib/crypto/krb/old/des_stringtokey.c           |  23 +-
 src/lib/crypto/krb/old/old.h                       |  41 +-
 src/lib/crypto/krb/old/old_decrypt.c               |  79 +-
 src/lib/crypto/krb/old/old_encrypt.c               |  43 +-
 src/lib/crypto/krb/old_api_glue.c                  | 131 +--
 src/lib/crypto/krb/prf.c                           |  15 +-
 src/lib/crypto/krb/prf/des_prf.c                   |  31 +-
 src/lib/crypto/krb/prf/dk_prf.c                    |  41 +-
 src/lib/crypto/krb/prf/prf_int.h                   |   5 +-
 src/lib/crypto/krb/prf/rc4_prf.c                   |   1 +
 src/lib/crypto/krb/prng.c                          |  73 +-
 src/lib/crypto/krb/rand2key/aes_rand2key.c         |   1 +
 src/lib/crypto/krb/rand2key/des3_rand2key.c        |   1 +
 src/lib/crypto/krb/rand2key/des_rand2key.c         |  11 +-
 src/lib/crypto/krb/rand2key/rand2key.h             |   1 +
 src/lib/crypto/krb/rand2key/rc4_rand2key.c         |   1 +
 src/lib/crypto/krb/random_to_key.c                 |  13 +-
 src/lib/crypto/krb/raw/raw.h                       |  32 +-
 src/lib/crypto/krb/raw/raw_aead.c                  |  89 +-
 src/lib/crypto/krb/raw/raw_decrypt.c               |   9 +-
 src/lib/crypto/krb/raw/raw_encrypt.c               |  13 +-
 src/lib/crypto/krb/state.c                         |   9 +-
 src/lib/crypto/krb/string_to_cksumtype.c           |  29 +-
 src/lib/crypto/krb/string_to_enctype.c             |  29 +-
 src/lib/crypto/krb/string_to_key.c                 |  49 +-
 src/lib/crypto/krb/valid_cksumtype.c               |   5 +-
 src/lib/crypto/krb/valid_enctype.c                 |   1 +
 src/lib/crypto/krb/verify_checksum.c               |  51 +-
 src/lib/crypto/krb/verify_checksum_iov.c           |  63 +-
 src/lib/crypto/krb/yarrow/yarrow.c                 | 424 ++++-----
 src/lib/crypto/krb/yarrow/yarrow.h                 |  10 +-
 src/lib/crypto/krb/yarrow/ycipher.c                |  75 +-
 src/lib/crypto/krb/yarrow/ycipher.h                |   2 +-
 src/lib/crypto/krb/yarrow/yexcep.h                 |  18 +-
 src/lib/crypto/krb/yarrow/ylock.h                  |   4 +-
 src/lib/crypto/krb/yarrow/ystate.h                 |   2 +-
 src/lib/crypto/krb/yarrow/ytypes.h                 |   2 +-
 src/lib/crypto/openssl/aes/aes_s2k.c               |  45 +-
 src/lib/crypto/openssl/aes/aes_s2k.h               |   5 +-
 src/lib/crypto/openssl/des/des_int.h               |  37 +-
 src/lib/crypto/openssl/des/des_oldapis.c           |   5 +-
 src/lib/crypto/openssl/des/f_parity.c              |   5 +-
 src/lib/crypto/openssl/des/string2key.c            |   3 +-
 src/lib/crypto/openssl/des/weak_key.c              |   7 +-
 src/lib/crypto/openssl/enc_provider/aes.c          |  81 +-
 src/lib/crypto/openssl/enc_provider/des.c          |  21 +-
 src/lib/crypto/openssl/enc_provider/des3.c         |  49 +-
 src/lib/crypto/openssl/enc_provider/enc_provider.h |   1 +
 src/lib/crypto/openssl/enc_provider/rc4.c          |  21 +-
 src/lib/crypto/openssl/hash_provider/hash_crc32.c  |   9 +-
 src/lib/crypto/openssl/hash_provider/hash_md4.c    |   7 +-
 src/lib/crypto/openssl/hash_provider/hash_md5.c    |   7 +-
 .../crypto/openssl/hash_provider/hash_provider.h   |   1 +
 src/lib/crypto/openssl/hash_provider/hash_sha1.c   |   7 +-
 src/lib/crypto/openssl/hmac.c                      |  13 +-
 src/lib/crypto/openssl/md4/md4.c                   |   3 +-
 src/lib/crypto/openssl/md4/rsa-md4.h               |  67 +-
 src/lib/crypto/openssl/md5/md5.c                   |   7 +-
 src/lib/crypto/openssl/md5/rsa-md5.h               |  71 +-
 src/lib/crypto/openssl/pbkdf2.c                    |   5 +-
 src/lib/crypto/openssl/sha1/shs.c                  |   1 +
 src/lib/crypto/openssl/sha1/shs.h                  |  17 +-
 src/lib/crypto/openssl/yhash.h                     |  16 +-
 172 files changed, 7930 insertions(+), 7792 deletions(-)

(limited to 'src/lib/crypto')

diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c
index 0eccdd9..5ad6f9b 100644
--- a/src/lib/crypto/builtin/aes/aes_s2k.c
+++ b/src/lib/crypto/builtin/aes/aes_s2k.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aes/aes_s2k.c
  *
@@ -31,15 +32,15 @@
 #include "dk.h"
 #include "aes_s2k.h"
 
-#define DEFAULT_ITERATION_COUNT		4096 /* was 0xb000L in earlier drafts */
-#define MAX_ITERATION_COUNT		0x1000000L
+#define DEFAULT_ITERATION_COUNT         4096 /* was 0xb000L in earlier drafts */
+#define MAX_ITERATION_COUNT             0x1000000L
 
 krb5_error_code
 krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt,
-			  const krb5_data *params,
-			  krb5_keyblock *key)
+                          const krb5_data *string,
+                          const krb5_data *salt,
+                          const krb5_data *params,
+                          krb5_keyblock *key)
 {
     unsigned long iter_count;
     krb5_data out;
@@ -48,44 +49,44 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
     krb5_error_code err;
 
     if (params) {
-	unsigned char *p = (unsigned char *) params->data;
-	if (params->length != 4)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	/* The first two need casts in case 'int' is 16 bits.  */
-	iter_count = load_32_be(p);
-	if (iter_count == 0) {
-	    iter_count = (1UL << 16) << 16;
-	    if (((iter_count >> 16) >> 16) != 1)
-		return KRB5_ERR_BAD_S2K_PARAMS;
-	}
+        unsigned char *p = (unsigned char *) params->data;
+        if (params->length != 4)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        /* The first two need casts in case 'int' is 16 bits.  */
+        iter_count = load_32_be(p);
+        if (iter_count == 0) {
+            iter_count = (1UL << 16) << 16;
+            if (((iter_count >> 16) >> 16) != 1)
+                return KRB5_ERR_BAD_S2K_PARAMS;
+        }
     } else
-	iter_count = DEFAULT_ITERATION_COUNT;
+        iter_count = DEFAULT_ITERATION_COUNT;
 
     /* This is not a protocol specification constraint; this is an
        implementation limit, which should eventually be controlled by
        a config file.  */
     if (iter_count >= MAX_ITERATION_COUNT)
-	return KRB5_ERR_BAD_S2K_PARAMS;
+        return KRB5_ERR_BAD_S2K_PARAMS;
 
     /* Use the output keyblock contents for temporary space. */
     out.data = (char *) key->contents;
     out.length = key->length;
     if (out.length != 16 && out.length != 32)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     err = krb5_k_create_key (NULL, key, &tempkey);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
 
 cleanup:
     if (err)
-	memset (out.data, 0, out.length);
+        memset (out.data, 0, out.length);
     krb5_k_free_key (NULL, tempkey);
     return err;
 }
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.h b/src/lib/crypto/builtin/aes/aes_s2k.h
index b6804a9..f9bb1fe 100644
--- a/src/lib/crypto/builtin/aes/aes_s2k.h
+++ b/src/lib/crypto/builtin/aes/aes_s2k.h
@@ -1,4 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/openssl/aes/aes_s2k.h
+ */
+
+
 extern krb5_error_code
 krb5int_aes_string_to_key (const struct krb5_enc_provider *,
-			   const krb5_data *, const krb5_data *,
-			   const krb5_data *, krb5_keyblock *key);
+                           const krb5_data *, const krb5_data *,
+                           const krb5_data *, krb5_keyblock *key);
diff --git a/src/lib/crypto/builtin/des/afsstring2key.c b/src/lib/crypto/builtin/des/afsstring2key.c
index 4b61a2f..8c88046 100644
--- a/src/lib/crypto/builtin/des/afsstring2key.c
+++ b/src/lib/crypto/builtin/des/afsstring2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/string2key.c
  *
@@ -68,88 +69,88 @@ char *afs_crypt (const char *, const char *, char *);
 #define min(a,b) ((a)>(b)?(b):(a))
 
 krb5_error_code
-mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
-		       const krb5_data *salt)
+mit_afs_string_to_key(krb5_keyblock *keyblock, const krb5_data *data,
+                      const krb5_data *salt)
 {
-  /* totally different approach from MIT string2key. */
-  /* much of the work has already been done by the only caller
-     which is mit_des_string_to_key; in particular, *keyblock is already
-     set up. */
+    /* totally different approach from MIT string2key. */
+    /* much of the work has already been done by the only caller
+       which is mit_des_string_to_key; in particular, *keyblock is already
+       set up. */
 
     char *realm = salt->data;
     unsigned int i, j;
     krb5_octet *key = keyblock->contents;
 
     if (data->length <= 8) {
-      /* One block only.  Run afs_crypt and use the first eight
-	 returned bytes after the copy of the (fixed) salt.
-
-	 Since the returned bytes are alphanumeric, the output is
-	 limited to 2**48 possibilities; for each byte, only 64
-	 possible values can be used.  */
-      unsigned char password[9]; /* trailing nul for crypt() */
-      char afs_crypt_buf[16];
-
-      memset (password, 0, sizeof (password));
-      memcpy (password, realm, min (salt->length, 8));
-      for (i=0; i<8; i++)
-	if (isupper(password[i]))
-	  password[i] = tolower(password[i]);
-      for (i=0; i<data->length; i++)
-	password[i] ^= data->data[i];
-      for (i=0; i<8; i++)
-	if (password[i] == '\0')
-	  password[i] = 'X';
-      password[8] = '\0';
-      /* Out-of-bounds salt characters are equivalent to a salt string
-	 of "p1".  */
-      strncpy((char *) key,
-	      (char *) afs_crypt((char *) password, "#~", afs_crypt_buf) + 2,
-	      8);
-      for (i=0; i<8; i++)
-	key[i] <<= 1;
-      /* now fix up key parity again */
-      mit_des_fixup_key_parity(key);
-      /* clean & free the input string */
-      memset(password, 0, (size_t) sizeof(password));
+        /* One block only.  Run afs_crypt and use the first eight
+           returned bytes after the copy of the (fixed) salt.
+
+           Since the returned bytes are alphanumeric, the output is
+           limited to 2**48 possibilities; for each byte, only 64
+           possible values can be used.  */
+        unsigned char password[9]; /* trailing nul for crypt() */
+        char afs_crypt_buf[16];
+
+        memset (password, 0, sizeof (password));
+        memcpy (password, realm, min (salt->length, 8));
+        for (i=0; i<8; i++)
+            if (isupper(password[i]))
+                password[i] = tolower(password[i]);
+        for (i=0; i<data->length; i++)
+            password[i] ^= data->data[i];
+        for (i=0; i<8; i++)
+            if (password[i] == '\0')
+                password[i] = 'X';
+        password[8] = '\0';
+        /* Out-of-bounds salt characters are equivalent to a salt string
+           of "p1".  */
+        strncpy((char *) key,
+                (char *) afs_crypt((char *) password, "#~", afs_crypt_buf) + 2,
+                8);
+        for (i=0; i<8; i++)
+            key[i] <<= 1;
+        /* now fix up key parity again */
+        mit_des_fixup_key_parity(key);
+        /* clean & free the input string */
+        memset(password, 0, (size_t) sizeof(password));
     } else {
-      /* Multiple blocks.  Do a CBC checksum, twice, and use the
-	 result as the new key.  */
-      mit_des_cblock ikey, tkey;
-      mit_des_key_schedule key_sked;
-      unsigned int pw_len = salt->length+data->length;
-      unsigned char *password = malloc(pw_len+1);
-      if (!password) return ENOMEM;
-
-      /* Some bound checks from the original code are elided here as
-	 the malloc above makes sure we have enough storage. */
-      memcpy (password, data->data, data->length);
-      for (i=data->length, j = 0; j < salt->length; i++, j++) {
-	password[i] = realm[j];
-	if (isupper(password[i]))
-	  password[i] = tolower(password[i]);
-      }
-
-      memcpy (ikey, "kerberos", sizeof(ikey));
-      memcpy (tkey, ikey, sizeof(tkey));
-      mit_des_fixup_key_parity (tkey);
-      (void) mit_des_key_sched (tkey, key_sked);
-      (void) mit_des_cbc_cksum (password, tkey, i, key_sked, ikey);
-
-      memcpy (ikey, tkey, sizeof(ikey));
-      mit_des_fixup_key_parity (tkey);
-      (void) mit_des_key_sched (tkey, key_sked);
-      (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey);
-
-      /* erase key_sked */
-      memset(key_sked, 0,sizeof(key_sked));
-
-      /* now fix up key parity again */
-      mit_des_fixup_key_parity(key);
-
-      /* clean & free the input string */
-      memset(password, 0, (size_t) pw_len);
-      free(password);
+        /* Multiple blocks.  Do a CBC checksum, twice, and use the
+           result as the new key.  */
+        mit_des_cblock ikey, tkey;
+        mit_des_key_schedule key_sked;
+        unsigned int pw_len = salt->length+data->length;
+        unsigned char *password = malloc(pw_len+1);
+        if (!password) return ENOMEM;
+
+        /* Some bound checks from the original code are elided here as
+           the malloc above makes sure we have enough storage. */
+        memcpy (password, data->data, data->length);
+        for (i=data->length, j = 0; j < salt->length; i++, j++) {
+            password[i] = realm[j];
+            if (isupper(password[i]))
+                password[i] = tolower(password[i]);
+        }
+
+        memcpy (ikey, "kerberos", sizeof(ikey));
+        memcpy (tkey, ikey, sizeof(tkey));
+        mit_des_fixup_key_parity (tkey);
+        (void) mit_des_key_sched (tkey, key_sked);
+        (void) mit_des_cbc_cksum (password, tkey, i, key_sked, ikey);
+
+        memcpy (ikey, tkey, sizeof(ikey));
+        mit_des_fixup_key_parity (tkey);
+        (void) mit_des_key_sched (tkey, key_sked);
+        (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey);
+
+        /* erase key_sked */
+        memset(key_sked, 0,sizeof(key_sked));
+
+        /* now fix up key parity again */
+        mit_des_fixup_key_parity(key);
+
+        /* clean & free the input string */
+        memset(password, 0, (size_t) pw_len);
+        free(password);
     }
 #if 0
     /* must free here because it was copied for this special case */
@@ -161,7 +162,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
 
 /* Portions of this code:
    Copyright 1989 by the Massachusetts Institute of Technology
-   */
+*/
 
 /*
  * Copyright (c) 1990 Regents of The University of Michigan.
@@ -177,12 +178,12 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
  * specific, written prior permission. This software is supplied as
  * is without expressed or implied warranties of any kind.
  *
- *	ITD Research Systems
- *	University of Michigan
- *	535 W. William Street
- *	Ann Arbor, Michigan
- *	+1-313-936-2652
- *	netatalk@terminator.cc.umich.edu
+ *      ITD Research Systems
+ *      University of Michigan
+ *      535 W. William Street
+ *      Ann Arbor, Michigan
+ *      +1-313-936-2652
+ *      netatalk@terminator.cc.umich.edu
  */
 
 static void krb5_afs_crypt_setkey (char*, char*, char(*)[48]);
@@ -191,101 +192,101 @@ static void krb5_afs_encrypt (char*,char*,char (*)[48]);
 /*
  * Initial permutation,
  */
-static const char	IP[] = {
-	58,50,42,34,26,18,10, 2,
-	60,52,44,36,28,20,12, 4,
-	62,54,46,38,30,22,14, 6,
-	64,56,48,40,32,24,16, 8,
-	57,49,41,33,25,17, 9, 1,
-	59,51,43,35,27,19,11, 3,
-	61,53,45,37,29,21,13, 5,
-	63,55,47,39,31,23,15, 7,
+static const char       IP[] = {
+    58,50,42,34,26,18,10, 2,
+    60,52,44,36,28,20,12, 4,
+    62,54,46,38,30,22,14, 6,
+    64,56,48,40,32,24,16, 8,
+    57,49,41,33,25,17, 9, 1,
+    59,51,43,35,27,19,11, 3,
+    61,53,45,37,29,21,13, 5,
+    63,55,47,39,31,23,15, 7,
 };
 
 /*
  * Final permutation, FP = IP^(-1)
  */
-static const char	FP[] = {
-	40, 8,48,16,56,24,64,32,
-	39, 7,47,15,55,23,63,31,
-	38, 6,46,14,54,22,62,30,
-	37, 5,45,13,53,21,61,29,
-	36, 4,44,12,52,20,60,28,
-	35, 3,43,11,51,19,59,27,
-	34, 2,42,10,50,18,58,26,
-	33, 1,41, 9,49,17,57,25,
+static const char       FP[] = {
+    40, 8,48,16,56,24,64,32,
+    39, 7,47,15,55,23,63,31,
+    38, 6,46,14,54,22,62,30,
+    37, 5,45,13,53,21,61,29,
+    36, 4,44,12,52,20,60,28,
+    35, 3,43,11,51,19,59,27,
+    34, 2,42,10,50,18,58,26,
+    33, 1,41, 9,49,17,57,25,
 };
 
 /*
  * Permuted-choice 1 from the key bits to yield C and D.
  * Note that bits 8,16... are left out: They are intended for a parity check.
  */
-static const char	PC1_C[] = {
-	57,49,41,33,25,17, 9,
-	 1,58,50,42,34,26,18,
-	10, 2,59,51,43,35,27,
-	19,11, 3,60,52,44,36,
+static const char       PC1_C[] = {
+    57,49,41,33,25,17, 9,
+    1,58,50,42,34,26,18,
+    10, 2,59,51,43,35,27,
+    19,11, 3,60,52,44,36,
 };
 
-static const char	PC1_D[] = {
-	63,55,47,39,31,23,15,
-	 7,62,54,46,38,30,22,
-	14, 6,61,53,45,37,29,
-	21,13, 5,28,20,12, 4,
+static const char       PC1_D[] = {
+    63,55,47,39,31,23,15,
+    7,62,54,46,38,30,22,
+    14, 6,61,53,45,37,29,
+    21,13, 5,28,20,12, 4,
 };
 
 /*
  * Sequence of shifts used for the key schedule.
  */
-static const char	shifts[] = {
-	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
+static const char       shifts[] = {
+    1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
 };
 
 /*
  * Permuted-choice 2, to pick out the bits from
  * the CD array that generate the key schedule.
  */
-static const char	PC2_C[] = {
-	14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
+static const char       PC2_C[] = {
+    14,17,11,24, 1, 5,
+    3,28,15, 6,21,10,
+    23,19,12, 4,26, 8,
+    16, 7,27,20,13, 2,
 };
 
-static const char	PC2_D[] = {
-	41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
+static const char       PC2_D[] = {
+    41,52,31,37,47,55,
+    30,40,51,45,33,48,
+    44,49,39,56,34,53,
+    46,42,50,36,29,32,
 };
 
 /*
  * The E bit-selection table.
  */
-static const char	e[] = {
-	32, 1, 2, 3, 4, 5,
-	 4, 5, 6, 7, 8, 9,
-	 8, 9,10,11,12,13,
-	12,13,14,15,16,17,
-	16,17,18,19,20,21,
-	20,21,22,23,24,25,
-	24,25,26,27,28,29,
-	28,29,30,31,32, 1,
+static const char       e[] = {
+    32, 1, 2, 3, 4, 5,
+    4, 5, 6, 7, 8, 9,
+    8, 9,10,11,12,13,
+    12,13,14,15,16,17,
+    16,17,18,19,20,21,
+    20,21,22,23,24,25,
+    24,25,26,27,28,29,
+    28,29,30,31,32, 1,
 };
 
 /*
  * P is a permutation on the selected combination
  * of the current L and key.
  */
-static const char	P[] = {
-	16, 7,20,21,
-	29,12,28,17,
-	 1,15,23,26,
-	 5,18,31,10,
-	 2, 8,24,14,
-	32,27, 3, 9,
-	19,13,30, 6,
-	22,11, 4,25,
+static const char       P[] = {
+    16, 7,20,21,
+    29,12,28,17,
+    1,15,23,26,
+    5,18,31,10,
+    2, 8,24,14,
+    32,27, 3, 9,
+    19,13,30, 6,
+    22,11, 4,25,
 };
 
 /*
@@ -293,109 +294,109 @@ static const char	P[] = {
  * For some reason, they give a 0-origin
  * index, unlike everything else.
  */
-static const char	S[8][64] = {
-	{14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
-	  0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
-	  4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
-	 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
-
-	{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
-	  3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
-	  0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
-	 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
-
-	{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
-	 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
-	 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
-	  1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
-
-	{ 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
-	 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
-	 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
-	  3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
-
-	{ 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
-	 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
-	  4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
-	 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
-
-	{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
-	 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
-	  9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
-	  4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
-
-	{ 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
-	 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
-	  1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
-	  6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
-
-	{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
-	  1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
-	  7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
-	  2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
+static const char       S[8][64] = {
+    {14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
+     0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
+     4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
+     15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
+
+    {15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
+     3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
+     0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
+     13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
+
+    {10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
+     13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
+     13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
+     1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
+
+    { 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
+      13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
+      10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
+      3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
+
+    { 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
+      14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
+      4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
+      11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
+
+    {12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
+     10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
+     9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
+     4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
+
+    { 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
+      13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
+      1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
+      6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
+
+    {13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
+     1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
+     7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
+     2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
 };
 
 
 char *afs_crypt(const char *pw, const char *salt,
-		/* must be at least 16 bytes */
-		char *iobuf)
+                /* must be at least 16 bytes */
+                char *iobuf)
 {
-	int i, j, c;
-	int temp;
-	char block[66];
-	char E[48];
-	/*
-	 * The key schedule.
-	 * Generated from the key.
-	 */
-	char KS[16][48];
-
-	for(i=0; i<66; i++)
-		block[i] = 0;
-	for(i=0; (c= *pw) && i<64; pw++){
-		for(j=0; j<7; j++, i++)
-			block[i] = (c>>(6-j)) & 01;
-		i++;
-	}
-
-	krb5_afs_crypt_setkey(block, E, KS);
-
-	for(i=0; i<66; i++)
-		block[i] = 0;
-
-	for(i=0;i<2;i++){
-		c = *salt++;
-		iobuf[i] = c;
-		if(c>'Z') c -= 6;
-		if(c>'9') c -= 7;
-		c -= '.';
-		for(j=0;j<6;j++){
-			if((c>>j) & 01){
-				temp = E[6*i+j];
-				E[6*i+j] = E[6*i+j+24];
-				E[6*i+j+24] = temp;
-				}
-			}
-		}
-
-	for(i=0; i<25; i++)
-		krb5_afs_encrypt(block,E,KS);
-
-	for(i=0; i<11; i++){
-		c = 0;
-		for(j=0; j<6; j++){
-			c <<= 1;
-			c |= block[6*i+j];
-			}
-		c += '.';
-		if(c>'9') c += 7;
-		if(c>'Z') c += 6;
-		iobuf[i+2] = c;
-	}
-	iobuf[i+2] = 0;
-	if(iobuf[1]==0)
-		iobuf[1] = iobuf[0];
-	return(iobuf);
+    int i, j, c;
+    int temp;
+    char block[66];
+    char E[48];
+    /*
+     * The key schedule.
+     * Generated from the key.
+     */
+    char KS[16][48];
+
+    for(i=0; i<66; i++)
+        block[i] = 0;
+    for(i=0; (c= *pw) && i<64; pw++){
+        for(j=0; j<7; j++, i++)
+            block[i] = (c>>(6-j)) & 01;
+        i++;
+    }
+
+    krb5_afs_crypt_setkey(block, E, KS);
+
+    for(i=0; i<66; i++)
+        block[i] = 0;
+
+    for(i=0;i<2;i++){
+        c = *salt++;
+        iobuf[i] = c;
+        if(c>'Z') c -= 6;
+        if(c>'9') c -= 7;
+        c -= '.';
+        for(j=0;j<6;j++){
+            if((c>>j) & 01){
+                temp = E[6*i+j];
+                E[6*i+j] = E[6*i+j+24];
+                E[6*i+j+24] = temp;
+            }
+        }
+    }
+
+    for(i=0; i<25; i++)
+        krb5_afs_encrypt(block,E,KS);
+
+    for(i=0; i<11; i++){
+        c = 0;
+        for(j=0; j<6; j++){
+            c <<= 1;
+            c |= block[6*i+j];
+        }
+        c += '.';
+        if(c>'9') c += 7;
+        if(c>'Z') c += 6;
+        iobuf[i+2] = c;
+    }
+    iobuf[i+2] = 0;
+    if(iobuf[1]==0)
+        iobuf[1] = iobuf[0];
+    return(iobuf);
 }
 
 /*
@@ -404,57 +405,57 @@ char *afs_crypt(const char *pw, const char *salt,
 
 static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 {
-	register int i, j, k;
-	int t;
-	/*
-	 * The C and D arrays used to calculate the key schedule.
-	 */
-	char C[28], D[28];
-
-	/*
-	 * First, generate C and D by permuting
-	 * the key.  The low order bit of each
-	 * 8-bit char is not used, so C and D are only 28
-	 * bits apiece.
-	 */
-	for (i=0; i<28; i++) {
-		C[i] = key[PC1_C[i]-1];
-		D[i] = key[PC1_D[i]-1];
-	}
-	/*
-	 * To generate Ki, rotate C and D according
-	 * to schedule and pick up a permutation
-	 * using PC2.
-	 */
-	for (i=0; i<16; i++) {
-		/*
-		 * rotate.
-		 */
-		for (k=0; k<shifts[i]; k++) {
-			t = C[0];
-			for (j=0; j<28-1; j++)
-				C[j] = C[j+1];
-			C[27] = t;
-			t = D[0];
-			for (j=0; j<28-1; j++)
-				D[j] = D[j+1];
-			D[27] = t;
-		}
-		/*
-		 * get Ki. Note C and D are concatenated.
-		 */
-		for (j=0; j<24; j++) {
-			KS[i][j] = C[PC2_C[j]-1];
-			KS[i][j+24] = D[PC2_D[j]-28-1];
-		}
-	}
+    register int i, j, k;
+    int t;
+    /*
+     * The C and D arrays used to calculate the key schedule.
+     */
+    char C[28], D[28];
+
+    /*
+     * First, generate C and D by permuting
+     * the key.  The low order bit of each
+     * 8-bit char is not used, so C and D are only 28
+     * bits apiece.
+     */
+    for (i=0; i<28; i++) {
+        C[i] = key[PC1_C[i]-1];
+        D[i] = key[PC1_D[i]-1];
+    }
+    /*
+     * To generate Ki, rotate C and D according
+     * to schedule and pick up a permutation
+     * using PC2.
+     */
+    for (i=0; i<16; i++) {
+        /*
+         * rotate.
+         */
+        for (k=0; k<shifts[i]; k++) {
+            t = C[0];
+            for (j=0; j<28-1; j++)
+                C[j] = C[j+1];
+            C[27] = t;
+            t = D[0];
+            for (j=0; j<28-1; j++)
+                D[j] = D[j+1];
+            D[27] = t;
+        }
+        /*
+         * get Ki. Note C and D are concatenated.
+         */
+        for (j=0; j<24; j++) {
+            KS[i][j] = C[PC2_C[j]-1];
+            KS[i][j+24] = D[PC2_D[j]-28-1];
+        }
+    }
 
 #if 0
-	for(i=0;i<48;i++) {
-		E[i] = e[i];
-	}
+    for(i=0;i<48;i++) {
+        E[i] = e[i];
+    }
 #else
-	memcpy(E, e, 48);
+    memcpy(E, e, 48);
 #endif
 }
 
@@ -464,107 +465,107 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 
 static void krb5_afs_encrypt(char *block, char *E, char (*KS)[48])
 {
-	const long edflag = 0;
-	int i, ii;
-	int t, j, k;
-	char tempL[32];
-	char f[32];
-	/*
-	 * The current block, divided into 2 halves.
-	 */
-	char L[64];
-	char *const R = &L[32];
-	/*
-	 * The combination of the key and the input, before selection.
-	 */
-	char preS[48];
-
-	/*
-	 * First, permute the bits in the input
-	 */
-	for (j=0; j<64; j++)
-		L[j] = block[IP[j]-1];
-	/*
-	 * Perform an encryption operation 16 times.
-	 */
-	for (ii=0; ii<16; ii++) {
-		/*
-		 * Set direction
-		 */
-		if (edflag)
-			i = 15-ii;
-		else
-			i = ii;
-		/*
-		 * Save the R array,
-		 * which will be the new L.
-		 */
+    const long edflag = 0;
+    int i, ii;
+    int t, j, k;
+    char tempL[32];
+    char f[32];
+    /*
+     * The current block, divided into 2 halves.
+     */
+    char L[64];
+    char *const R = &L[32];
+    /*
+     * The combination of the key and the input, before selection.
+     */
+    char preS[48];
+
+    /*
+     * First, permute the bits in the input
+     */
+    for (j=0; j<64; j++)
+        L[j] = block[IP[j]-1];
+    /*
+     * Perform an encryption operation 16 times.
+     */
+    for (ii=0; ii<16; ii++) {
+        /*
+         * Set direction
+         */
+        if (edflag)
+            i = 15-ii;
+        else
+            i = ii;
+        /*
+         * Save the R array,
+         * which will be the new L.
+         */
 #if 0
-		for (j=0; j<32; j++)
-			tempL[j] = R[j];
+        for (j=0; j<32; j++)
+            tempL[j] = R[j];
 #else
-		memcpy(tempL, R, 32);
+        memcpy(tempL, R, 32);
 #endif
-		/*
-		 * Expand R to 48 bits using the E selector;
-		 * exclusive-or with the current key bits.
-		 */
-		for (j=0; j<48; j++)
-			preS[j] = R[E[j]-1] ^ KS[i][j];
-		/*
-		 * The pre-select bits are now considered
-		 * in 8 groups of 6 bits each.
-		 * The 8 selection functions map these
-		 * 6-bit quantities into 4-bit quantities
-		 * and the results permuted
-		 * to make an f(R, K).
-		 * The indexing into the selection functions
-		 * is peculiar; it could be simplified by
-		 * rewriting the tables.
-		 */
-		for (j=0; j<8; j++) {
-			t = 6*j;
-			k = S[j][(preS[t+0]<<5)+
-				(preS[t+1]<<3)+
-				(preS[t+2]<<2)+
-				(preS[t+3]<<1)+
-				(preS[t+4]<<0)+
-				(preS[t+5]<<4)];
-			t = 4*j;
-				f[t+0] = (k>>3)&01;
-				f[t+1] = (k>>2)&01;
-				f[t+2] = (k>>1)&01;
-				f[t+3] = (k>>0)&01;
-		}
-		/*
-		 * The new R is L ^ f(R, K).
-		 * The f here has to be permuted first, though.
-		 */
-		for (j=0; j<32; j++)
-			R[j] = L[j] ^ f[P[j]-1];
-		/*
-		 * Finally, the new L (the original R)
-		 * is copied back.
-		 */
+        /*
+         * Expand R to 48 bits using the E selector;
+         * exclusive-or with the current key bits.
+         */
+        for (j=0; j<48; j++)
+            preS[j] = R[E[j]-1] ^ KS[i][j];
+        /*
+         * The pre-select bits are now considered
+         * in 8 groups of 6 bits each.
+         * The 8 selection functions map these
+         * 6-bit quantities into 4-bit quantities
+         * and the results permuted
+         * to make an f(R, K).
+         * The indexing into the selection functions
+         * is peculiar; it could be simplified by
+         * rewriting the tables.
+         */
+        for (j=0; j<8; j++) {
+            t = 6*j;
+            k = S[j][(preS[t+0]<<5)+
+                     (preS[t+1]<<3)+
+                     (preS[t+2]<<2)+
+                     (preS[t+3]<<1)+
+                     (preS[t+4]<<0)+
+                     (preS[t+5]<<4)];
+            t = 4*j;
+            f[t+0] = (k>>3)&01;
+            f[t+1] = (k>>2)&01;
+            f[t+2] = (k>>1)&01;
+            f[t+3] = (k>>0)&01;
+        }
+        /*
+         * The new R is L ^ f(R, K).
+         * The f here has to be permuted first, though.
+         */
+        for (j=0; j<32; j++)
+            R[j] = L[j] ^ f[P[j]-1];
+        /*
+         * Finally, the new L (the original R)
+         * is copied back.
+         */
 #if 0
-		for (j=0; j<32; j++)
-			L[j] = tempL[j];
+        for (j=0; j<32; j++)
+            L[j] = tempL[j];
 #else
-		memcpy(L, tempL, 32);
+        memcpy(L, tempL, 32);
 #endif
-	}
-	/*
-	 * The output L and R are reversed.
-	 */
-	for (j=0; j<32; j++) {
-		t = L[j];
-		L[j] = R[j];
-		R[j] = t;
-	}
-	/*
-	 * The final output
-	 * gets the inverse permutation of the very original.
-	 */
-	for (j=0; j<64; j++)
-		block[j] = L[FP[j]-1];
+    }
+    /*
+     * The output L and R are reversed.
+     */
+    for (j=0; j<32; j++) {
+        t = L[j];
+        L[j] = R[j];
+        R[j] = t;
+    }
+    /*
+     * The final output
+     * gets the inverse permutation of the very original.
+     */
+    for (j=0; j<64; j++)
+        block[j] = L[FP[j]-1];
 }
diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c
index 3eb9422..e018895 100644
--- a/src/lib/crypto/builtin/des/d3_aead.c
+++ b/src/lib/crypto/builtin/des/d3_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology.
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
@@ -27,11 +28,11 @@
 
 void
 krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec)
+                             unsigned long num_data,
+                             const mit_des_key_schedule ks1,
+                             const mit_des_key_schedule ks2,
+                             const mit_des_key_schedule ks3,
+                             mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
@@ -56,9 +57,9 @@ krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
      * vector.
      */
     if (ivec != NULL)
-	ip = ivec;
+        ip = ivec;
     else
-	ip = mit_des_zeroblock;
+        ip = mit_des_zeroblock;
     GET_HALF_BLOCK(left, ip);
     GET_HALF_BLOCK(right, ip);
 
@@ -67,49 +68,49 @@ krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
      * at a time.
      */
     for (;;) {
-	unsigned DES_INT32 temp;
+        unsigned DES_INT32 temp;
 
-	ip = iblock;
-	op = oblock;
+        ip = iblock;
+        op = oblock;
 
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
+        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
+            break;
 
-	if (input_pos.iov_pos == num_data)
-	    break;
+        if (input_pos.iov_pos == num_data)
+            break;
 
-	GET_HALF_BLOCK(temp, ip);
-	left  ^= temp;
-	GET_HALF_BLOCK(temp, ip);
-	right ^= temp;
+        GET_HALF_BLOCK(temp, ip);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ip);
+        right ^= temp;
 
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp1);
-	DES_DO_DECRYPT(left, right, kp2);
-	DES_DO_ENCRYPT(left, right, kp3);
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp1);
+        DES_DO_DECRYPT(left, right, kp2);
+        DES_DO_ENCRYPT(left, right, kp3);
 
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
 
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
     if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+        memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
 }
 
 void
 krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec)
+                             unsigned long num_data,
+                             const mit_des_key_schedule ks1,
+                             const mit_des_key_schedule ks2,
+                             const mit_des_key_schedule ks3,
+                             mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
@@ -138,15 +139,15 @@ krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
      */
 
     if (num_data == 0)
-	return;
+        return;
 
     /*
      * Prime the old cipher with ivec.
      */
     if (ivec != NULL)
-	ip = ivec;
+        ip = ivec;
     else
-	ip = mit_des_zeroblock;
+        ip = mit_des_zeroblock;
     GET_HALF_BLOCK(ocipherl, ip);
     GET_HALF_BLOCK(ocipherr, ip);
 
@@ -154,54 +155,54 @@ krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
      * Now do this in earnest until we run out of length.
      */
     for (;;) {
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	ip = iblock;
-	op = oblock;
-
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp3);
-	DES_DO_ENCRYPT(left, right, kp2);
-	DES_DO_DECRYPT(left, right, kp1);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	/*
-	 * Save current cipher block here
-	 */
-	ocipherl = cipherl;
-	ocipherr = cipherr;
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+
+        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
+            break;
+
+        if (input_pos.iov_pos == num_data)
+            break;
+
+        ip = iblock;
+        op = oblock;
+
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
+
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp3);
+        DES_DO_ENCRYPT(left, right, kp2);
+        DES_DO_DECRYPT(left, right, kp1);
+
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
+
+        /*
+         * Save current cipher block here
+         */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
     if (ivec != NULL) {
-	op = ivec;
-	PUT_HALF_BLOCK(ocipherl,op);
-	PUT_HALF_BLOCK(ocipherr, op);
+        op = ivec;
+        PUT_HALF_BLOCK(ocipherl,op);
+        PUT_HALF_BLOCK(ocipherr, op);
     }
 }
diff --git a/src/lib/crypto/builtin/des/d3_cbc.c b/src/lib/crypto/builtin/des/d3_cbc.c
index f90d8e5..ea3cb43 100644
--- a/src/lib/crypto/builtin/des/d3_cbc.c
+++ b/src/lib/crypto/builtin/des/d3_cbc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
  * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
@@ -30,26 +31,26 @@
 #undef mit_des3_cbc_encrypt
 int
 mit_des3_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
-		     unsigned long length, const mit_des_key_schedule ks1,
-		     const mit_des_key_schedule ks2,
-		     const mit_des_key_schedule ks3,
-		     const mit_des_cblock ivec, int enc)
+                     unsigned long length, const mit_des_key_schedule ks1,
+                     const mit_des_key_schedule ks2,
+                     const mit_des_key_schedule ks3,
+                     const mit_des_cblock ivec, int enc)
 {
     if (enc)
-	krb5int_des3_cbc_encrypt(in, out, length, ks1, ks2, ks3, ivec);
+        krb5int_des3_cbc_encrypt(in, out, length, ks1, ks2, ks3, ivec);
     else
-	krb5int_des3_cbc_decrypt(in, out, length, ks1, ks2, ks3, ivec);
+        krb5int_des3_cbc_decrypt(in, out, length, ks1, ks2, ks3, ivec);
     return 0;
 }
 
 void
 krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec)
+                         mit_des_cblock *out,
+                         unsigned long length,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         const mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
@@ -78,61 +79,61 @@ krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
     ip = *in;
     op = *out;
     while (length > 0) {
-	/*
-	 * Get more input, xor it in.  If the length is
-	 * greater than or equal to 8 this is straight
-	 * forward.  Otherwise we have to fart around.
-	 */
-	if (length >= 8) {
-	    unsigned DES_INT32 temp;
-	    GET_HALF_BLOCK(temp, ip);
-	    left  ^= temp;
-	    GET_HALF_BLOCK(temp, ip);
-	    right ^= temp;
-	    length -= 8;
-	} else {
-	    /*
-	     * Oh, shoot.  We need to pad the
-	     * end with zeroes.  Work backwards
-	     * to do this.
-	     */
-	    ip += (int) length;
-	    switch(length) {
-	    case 7:	right ^= (*(--ip) & FF_UINT32) <<  8;
-	    case 6:	right ^= (*(--ip) & FF_UINT32) << 16;
-	    case 5:	right ^= (*(--ip) & FF_UINT32) << 24;
-	    case 4:	left  ^=  *(--ip) & FF_UINT32;
-	    case 3:	left  ^= (*(--ip) & FF_UINT32) <<  8;
-	    case 2:	left  ^= (*(--ip) & FF_UINT32) << 16;
-	    case 1:	left  ^= (*(--ip) & FF_UINT32) << 24;
-
-	    }
-	    length = 0;
-	}
-
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp1);
-	DES_DO_DECRYPT(left, right, kp2);
-	DES_DO_ENCRYPT(left, right, kp3);
-
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (length >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            length -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) length;
+            switch(length) {
+            case 7:     right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:     right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:     right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:     left  ^=  *(--ip) & FF_UINT32;
+            case 3:     left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:     left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:     left  ^= (*(--ip) & FF_UINT32) << 24;
+
+            }
+            length = 0;
+        }
+
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp1);
+        DES_DO_DECRYPT(left, right, kp2);
+        DES_DO_ENCRYPT(left, right, kp3);
+
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
     }
 }
 
 void
 krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec)
+                         mit_des_cblock *out,
+                         unsigned long length,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         const mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
@@ -155,7 +156,7 @@ krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
      */
 
     if (length <= 0)
-	return;
+        return;
 
     /*
      * Prime the old cipher with ivec.
@@ -169,55 +170,55 @@ krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
      */
     ip = *in;
     op = *out;
-    for (;;) {		/* check done inside loop */
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp3);
-	DES_DO_ENCRYPT(left, right, kp2);
-	DES_DO_DECRYPT(left, right, kp1);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-	if (length > 8) {
-	    length -= 8;
-	    PUT_HALF_BLOCK(left, op);
-	    PUT_HALF_BLOCK(right, op);
-	    /*
-	     * Save current cipher block here
-	     */
-	    ocipherl = cipherl;
-	    ocipherr = cipherr;
-	} else {
-	    /*
-	     * Trouble here.  Start at end of output,
-	     * work backwards.
-	     */
-	    op += (int) length;
-	    switch(length) {
-	    case 8: *(--op) = (unsigned char) (right & 0xff);
-	    case 7: *(--op) = (unsigned char) ((right >> 8) & 0xff);
-	    case 6: *(--op) = (unsigned char) ((right >> 16) & 0xff);
-	    case 5: *(--op) = (unsigned char) ((right >> 24) & 0xff);
-	    case 4: *(--op) = (unsigned char) (left & 0xff);
-	    case 3: *(--op) = (unsigned char) ((left >> 8) & 0xff);
-	    case 2: *(--op) = (unsigned char) ((left >> 16) & 0xff);
-	    case 1: *(--op) = (unsigned char) ((left >> 24) & 0xff);
-	    }
-	    break;		/* we're done */
-	}
+    for (;;) {          /* check done inside loop */
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
+
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp3);
+        DES_DO_ENCRYPT(left, right, kp2);
+        DES_DO_DECRYPT(left, right, kp1);
+
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+        if (length > 8) {
+            length -= 8;
+            PUT_HALF_BLOCK(left, op);
+            PUT_HALF_BLOCK(right, op);
+            /*
+             * Save current cipher block here
+             */
+            ocipherl = cipherl;
+            ocipherr = cipherr;
+        } else {
+            /*
+             * Trouble here.  Start at end of output,
+             * work backwards.
+             */
+            op += (int) length;
+            switch(length) {
+            case 8: *(--op) = (unsigned char) (right & 0xff);
+            case 7: *(--op) = (unsigned char) ((right >> 8) & 0xff);
+            case 6: *(--op) = (unsigned char) ((right >> 16) & 0xff);
+            case 5: *(--op) = (unsigned char) ((right >> 24) & 0xff);
+            case 4: *(--op) = (unsigned char) (left & 0xff);
+            case 3: *(--op) = (unsigned char) ((left >> 8) & 0xff);
+            case 2: *(--op) = (unsigned char) ((left >> 16) & 0xff);
+            case 1: *(--op) = (unsigned char) ((left >> 24) & 0xff);
+            }
+            break;              /* we're done */
+        }
     }
 }
diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c
index 2a9cc5a..ebd1050 100644
--- a/src/lib/crypto/builtin/des/d3_kysched.c
+++ b/src/lib/crypto/builtin/des/d3_kysched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
  * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
@@ -30,20 +31,20 @@ mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule)
     mit_des_make_key_sched(k[1],schedule[1]);
     mit_des_make_key_sched(k[2],schedule[2]);
 
-    if (!mit_des_check_key_parity(k[0]))	/* bad parity --> return -1 */
-	return(-1);
+    if (!mit_des_check_key_parity(k[0]))        /* bad parity --> return -1 */
+        return(-1);
     if (mit_des_is_weak_key(k[0]))
-	return(-2);
+        return(-2);
 
     if (!mit_des_check_key_parity(k[1]))
-	return(-1);
+        return(-1);
     if (mit_des_is_weak_key(k[1]))
-	return(-2);
+        return(-2);
 
     if (!mit_des_check_key_parity(k[2]))
-	return(-1);
+        return(-1);
     if (mit_des_is_weak_key(k[2]))
-	return(-2);
+        return(-2);
 
     /* if key was good, return 0 */
     return 0;
diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h
index d6fa04a..ffa7123 100644
--- a/src/lib/crypto/builtin/des/des_int.h
+++ b/src/lib/crypto/builtin/des/des_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_int.h
  *
@@ -53,7 +54,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* only do the whole thing once	 */
+/* only do the whole thing once  */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
 
@@ -91,7 +92,7 @@
 #define DES_UINT32 unsigned long
 #endif
 
-typedef unsigned char des_cblock[8] 	/* crypto-block size */
+typedef unsigned char des_cblock[8]     /* crypto-block size */
 KRB5INT_DES_DEPRECATED;
 
 /*
@@ -119,11 +120,11 @@ typedef des_cblock mit_des_cblock;
 typedef des_key_schedule mit_des_key_schedule;
 
 /* Triple-DES structures */
-typedef mit_des_cblock		mit_des3_cblock[3];
-typedef mit_des_key_schedule	mit_des3_key_schedule[3];
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
 
-#define MIT_DES_ENCRYPT	1
-#define MIT_DES_DECRYPT	0
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
 
 typedef struct mit_des_ran_key_seed {
     krb5_encrypt_block eblock;
@@ -132,246 +133,221 @@ typedef struct mit_des_ran_key_seed {
 
 /* the first byte of the key is already in the keyblock */
 
-#define MIT_DES_BLOCK_LENGTH 		(8*sizeof(krb5_octet))
-#define	MIT_DES_CBC_CRC_PAD_MINIMUM	CRC32_CKSUM_LENGTH
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM     CRC32_CKSUM_LENGTH
 /* This used to be 8*sizeof(krb5_octet) */
-#define MIT_DES_KEYSIZE		 	8
+#define MIT_DES_KEYSIZE                 8
 
-#define MIT_DES_CBC_CKSUM_LENGTH	(4*sizeof(krb5_octet))
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
 
 /*
  * Check if k5-int.h has been included before us.  If so, then check to see
  * that our view of the DES key size is the same as k5-int.h's.
  */
-#ifdef	KRB5_MIT_DES_KEYSIZE
-#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef  KRB5_MIT_DES_KEYSIZE
+#if     MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif	/* KRB5_MIT_DES_KEYSIZE */
+#endif  /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif  /* KRB5_MIT_DES_KEYSIZE */
 #endif /* KRB5_MIT_DES__ */
 /*
  * End "mit-des.h"
  */
 
 /* afsstring2key.c */
-extern krb5_error_code mit_afs_string_to_key
-	(krb5_keyblock *keyblock,
-		   const krb5_data *data,
-		   const krb5_data *salt);
-extern char *mit_afs_crypt
-    (const char *pw, const char *salt, char *iobuf);
+krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock,
+                                      const krb5_data *data,
+                                      const krb5_data *salt);
+char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf);
 
 /* f_cksum.c */
-extern unsigned long mit_des_cbc_cksum
-    (const krb5_octet *, krb5_octet *, unsigned long ,
-     const mit_des_key_schedule, const krb5_octet *);
+unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *,
+                                unsigned long, const mit_des_key_schedule,
+                                const krb5_octet *);
 
 /* f_ecb.c */
-extern int mit_des_ecb_encrypt
-    (const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int );
+int mit_des_ecb_encrypt(const mit_des_cblock *, mit_des_cblock *,
+                        mit_des_key_schedule, int );
 
 /* f_cbc.c */
-extern int mit_des_cbc_encrypt (const mit_des_cblock *in,
-				mit_des_cblock *out,
-				unsigned long length,
-				const mit_des_key_schedule schedule,
-				const mit_des_cblock ivec, int enc);
+int mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                        unsigned long length,
+                        const mit_des_key_schedule schedule,
+                        const mit_des_cblock ivec, int enc);
 
 #define mit_des_zeroblock krb5int_c_mit_des_zeroblock
 extern const mit_des_cblock mit_des_zeroblock;
 
 /* fin_rndkey.c */
-extern krb5_error_code mit_des_finish_random_key
-    ( const krb5_encrypt_block *,
-		krb5_pointer *);
+krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *,
+                                          krb5_pointer *);
 
 /* finish_key.c */
-extern krb5_error_code mit_des_finish_key
-    ( krb5_encrypt_block *);
+krb5_error_code mit_des_finish_key(krb5_encrypt_block *);
 
 /* init_rkey.c */
-extern krb5_error_code mit_des_init_random_key
-    ( const krb5_encrypt_block *,
-		const krb5_keyblock *,
-		krb5_pointer *);
+krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *,
+                                        const krb5_keyblock *,
+                                        krb5_pointer *);
 
 /* key_parity.c */
-extern void mit_des_fixup_key_parity (mit_des_cblock );
-extern int mit_des_check_key_parity (mit_des_cblock );
+void mit_des_fixup_key_parity(mit_des_cblock);
+int mit_des_check_key_parity(mit_des_cblock);
 
 /* key_sched.c */
-extern int mit_des_key_sched
-    (mit_des_cblock , mit_des_key_schedule );
+int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule);
 
 /* process_ky.c */
-extern krb5_error_code mit_des_process_key
-    ( krb5_encrypt_block *,  const krb5_keyblock *);
+krb5_error_code mit_des_process_key(krb5_encrypt_block *,
+                                    const krb5_keyblock *);
 
 /* random_key.c */
-extern krb5_error_code mit_des_random_key
-    ( const krb5_encrypt_block *, krb5_pointer ,
-                krb5_keyblock **);
+krb5_error_code mit_des_random_key(const krb5_encrypt_block *,
+                                   krb5_pointer, krb5_keyblock **);
 
 /* string2key.c */
-extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *,
-	       krb5_keyblock *, const krb5_data *, const krb5_data *);
-extern krb5_error_code mit_des_string_to_key_int
-	(krb5_keyblock *, const krb5_data *, const krb5_data *);
+krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *,
+                                      krb5_keyblock *, const krb5_data *,
+                                      const krb5_data *);
+krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *,
+                                          const krb5_data *);
 
 /* weak_key.c */
-extern int mit_des_is_weak_key (mit_des_cblock );
+int mit_des_is_weak_key(mit_des_cblock);
 
 /* cmb_keys.c */
-krb5_error_code mit_des_combine_subkeys
-    (const krb5_keyblock *, const krb5_keyblock *,
-	       krb5_keyblock **);
+krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *,
+                                        const krb5_keyblock *,
+                                        krb5_keyblock **);
 
 /* f_pcbc.c */
-int mit_des_pcbc_encrypt ();
+int mit_des_pcbc_encrypt();
 
 /* f_sched.c */
 int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule);
 
 
 /* misc.c */
-extern void swap_bits (char *);
-extern unsigned long long_swap_bits (unsigned long );
-extern unsigned long swap_six_bits_to_ansi (unsigned long );
-extern unsigned long swap_four_bits_to_ansi (unsigned long );
-extern unsigned long swap_bit_pos_1 (unsigned long );
-extern unsigned long swap_bit_pos_0 (unsigned long );
-extern unsigned long swap_bit_pos_0_to_ansi (unsigned long );
-extern unsigned long rev_swap_bit_pos_0 (unsigned long );
-extern unsigned long swap_byte_bits (unsigned long );
-extern unsigned long swap_long_bytes_bit_number (unsigned long );
+extern void swap_bits(char *);
+extern unsigned long long_swap_bits(unsigned long);
+extern unsigned long swap_six_bits_to_ansi(unsigned long);
+extern unsigned long swap_four_bits_to_ansi(unsigned long);
+extern unsigned long swap_bit_pos_1(unsigned long);
+extern unsigned long swap_bit_pos_0(unsigned long);
+extern unsigned long swap_bit_pos_0_to_ansi(unsigned long);
+extern unsigned long rev_swap_bit_pos_0(unsigned long);
+extern unsigned long swap_byte_bits(unsigned long);
+extern unsigned long swap_long_bytes_bit_number(unsigned long);
 #ifdef FILE
 /* XXX depends on FILE being a #define! */
-extern void test_set (FILE *, const char *, int, const char *, int);
+extern void test_set(FILE *, const char *, int, const char *, int);
 #endif
 
 /* d3_ecb.c */
-extern int mit_des3_ecb_encrypt
-	(const mit_des_cblock *in,
-		   mit_des_cblock *out,
-		   mit_des_key_schedule sched1,
-		   mit_des_key_schedule sched2,
-		   mit_des_key_schedule sched3,
-		   int enc);
+extern int mit_des3_ecb_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                                mit_des_key_schedule sched1,
+                                mit_des_key_schedule sched2,
+                                mit_des_key_schedule sched3, int enc);
 
 /* d3_cbc.c */
-extern int mit_des3_cbc_encrypt
-	(const mit_des_cblock *in,
-	 mit_des_cblock *out,
-	 unsigned long length,
-	 const mit_des_key_schedule ks1,
-	 const mit_des_key_schedule ks2,
-	 const mit_des_key_schedule ks3,
-	 const mit_des_cblock ivec,
-	 int enc);
+extern int mit_des3_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                                unsigned long length,
+                                const mit_des_key_schedule ks1,
+                                const mit_des_key_schedule ks2,
+                                const mit_des_key_schedule ks3,
+                                const mit_des_cblock ivec, int enc);
 
 void
 krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec);
+                         mit_des_cblock *out,
+                         unsigned long length,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         const mit_des_cblock ivec);
 void
 krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec);
+                         mit_des_cblock *out,
+                         unsigned long length,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         const mit_des_cblock ivec);
 
 void
 krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec);
+                             unsigned long num_data,
+                             const mit_des_key_schedule ks1,
+                             const mit_des_key_schedule ks2,
+                             const mit_des_key_schedule ks3,
+                             mit_des_cblock ivec);
 
 void
 krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec);
-
-#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \
-    ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \
+                             unsigned long num_data,
+                             const mit_des_key_schedule ks1,
+                             const mit_des_key_schedule ks2,
+                             const mit_des_key_schedule ks3,
+                             mit_des_cblock ivec);
+
+#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc)        \
+    ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt)        \
      (in, out, length, ks1, ks2, ks3, ivec), 0)
 
 void
 krb5int_des_cbc_encrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec);
+                        mit_des_cblock *out,
+                        unsigned long length,
+                        const mit_des_key_schedule schedule,
+                        const mit_des_cblock ivec);
 void
 krb5int_des_cbc_decrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec);
+                        mit_des_cblock *out,
+                        unsigned long length,
+                        const mit_des_key_schedule schedule,
+                        const mit_des_cblock ivec);
 
-#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc) \
-    ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \
+#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc)    \
+    ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt)  \
      (in, out, length, schedule, ivec), 0)
 
 void
 krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec);
+                            unsigned long num_data,
+                            const mit_des_key_schedule schedule,
+                            mit_des_cblock ivec);
 
 void
 krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec);
+                            unsigned long num_data,
+                            const mit_des_key_schedule schedule,
+                            mit_des_cblock ivec);
 
 /* d3_procky.c */
-extern krb5_error_code mit_des3_process_key
-	(krb5_encrypt_block * eblock,
-		   const krb5_keyblock * keyblock);
+krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock,
+                                     const krb5_keyblock *keyblock);
 
 /* d3_kysched.c */
-extern int mit_des3_key_sched
-	(mit_des3_cblock key,
-		   mit_des3_key_schedule schedule);
+int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule);
 
 /* d3_str2ky.c */
-extern krb5_error_code mit_des3_string_to_key
-	(const krb5_encrypt_block * eblock,
-		   krb5_keyblock * keyblock,
-		   const krb5_data * data,
-		   const krb5_data * salt);
+krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock,
+                                       krb5_keyblock *keyblock,
+                                       const krb5_data *data,
+                                       const krb5_data *salt);
 
 /* u_nfold.c */
-extern krb5_error_code mit_des_n_fold
-	(const krb5_octet * input,
-		   const size_t in_len,
-		   krb5_octet * output,
-		   const size_t out_len);
+krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len,
+                               krb5_octet *output, const size_t out_len);
 
 /* u_rn_key.c */
-extern int mit_des_is_weak_keyblock
-	(krb5_keyblock *keyblock);
+int mit_des_is_weak_keyblock(krb5_keyblock *keyblock);
 
-extern void mit_des_fixup_keyblock_parity
-	(krb5_keyblock *keyblock);
+void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock);
 
-extern krb5_error_code mit_des_set_random_generator_seed
-	(const krb5_data * seed,
-		   krb5_pointer random_state);
+krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed,
+                                                  krb5_pointer random_state);
 
-extern krb5_error_code mit_des_set_random_sequence_number
-	(const krb5_data * sequence,
-		   krb5_pointer random_state);
-#endif	/*DES_INTERNAL_DEFS*/
+krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence,
+                                                   krb5_pointer random_state);
+#endif  /*DES_INTERNAL_DEFS*/
diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c
index 287a4e9..86c7477 100644
--- a/src/lib/crypto/builtin/des/destest.c
+++ b/src/lib/crypto/builtin/des/destest.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/destest.c
  *
@@ -87,71 +88,71 @@ main(argc, argv)
     int error = 0;
 
     while (scanf("%16s %16s %16s", block1, block2, block3) == 3) {
-	convert(block1, key);
-	convert(block2, input);
-	convert(block3, output);
-
-	retval = mit_des_key_sched(key, sched);
-	if (retval) {
-	    fprintf(stderr, "des test: can't process key: %d\n", retval);
-	    fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3);
+        convert(block1, key);
+        convert(block2, input);
+        convert(block3, output);
+
+        retval = mit_des_key_sched(key, sched);
+        if (retval) {
+            fprintf(stderr, "des test: can't process key: %d\n", retval);
+            fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3);
             exit(1);
         }
-	mit_des_cbc_encrypt((const mit_des_cblock *) input, output2, 8,
-			    sched, zeroblock, 1);
-
-	if (memcmp((char *)output2, (char *)output, 8)) {
-	    fprintf(stderr,
-		    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
-		    block1, block2, block3,
-		    output2[0],output2[1],output2[2],output2[3],
-		    output2[4],output2[5],output2[6],output2[7]);
-	    error++;
-	}
-
-	/*
-	 * Now try decrypting....
-	 */
-	mit_des_cbc_encrypt((const mit_des_cblock *) output, output2, 8,
-			    sched, zeroblock, 0);
-
-	if (memcmp((char *)output2, (char *)input, 8)) {
-	    fprintf(stderr,
-		    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
-		    block1, block2, block3,
-		    output2[0],output2[1],output2[2],output2[3],
-		    output2[4],output2[5],output2[6],output2[7]);
-	    error++;
-	}
-
-	num++;
+        mit_des_cbc_encrypt((const mit_des_cblock *) input, output2, 8,
+                            sched, zeroblock, 1);
+
+        if (memcmp((char *)output2, (char *)output, 8)) {
+            fprintf(stderr,
+                    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        /*
+         * Now try decrypting....
+         */
+        mit_des_cbc_encrypt((const mit_des_cblock *) output, output2, 8,
+                            sched, zeroblock, 0);
+
+        if (memcmp((char *)output2, (char *)input, 8)) {
+            fprintf(stderr,
+                    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        num++;
     }
 
     if (error)
-	printf("destest: failed to pass the test\n");
+        printf("destest: failed to pass the test\n");
     else
-	printf("destest: %d tests passed successfully\n", num);
+        printf("destest: %d tests passed successfully\n", num);
 
     exit( (error > 256 && error % 256) ? 1 : error);
 }
 
 int value[128] = {
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
-0, 1, 2, 3, 4, 5, 6, 7,
-8, 9, -1, -1, -1, -1, -1, -1,
--1, 10, 11, 12, 13, 14, 15, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    0, 1, 2, 3, 4, 5, 6, 7,
+    8, 9, -1, -1, -1, -1, -1, -1,
+    -1, 10, 11, 12, 13, 14, 15, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
 };
 
 void
@@ -161,13 +162,13 @@ convert(text, cblock)
 {
     register int i;
     for (i = 0; i < 8; i++) {
-	if (text[i*2] < 0 || text[i*2] >= 128)
-	    abort ();
-	if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) {
-	    printf("Bad value byte %d in %s\n", i, text);
-	    exit(1);
-	}
-	cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]];
+        if (text[i*2] < 0 || text[i*2] >= 128)
+            abort ();
+        if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) {
+            printf("Bad value byte %d in %s\n", i, text);
+            exit(1);
+        }
+        cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]];
     }
     return;
 }
@@ -182,7 +183,7 @@ int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
 {
-    return 0;				/* fake it out for testing */
+    return 0;                           /* fake it out for testing */
 }
 
 void
@@ -214,18 +215,18 @@ des_cblock_print_file(x, fp)
  */
 int
 mit_des_check_key_parity(key)
-     register mit_des_cblock key;
+    register mit_des_cblock key;
 {
     int i;
 
     for (i=0; i<sizeof(mit_des_cblock); i++) {
-	if ((key[i] & 1) == parity_char(0xfe&key[i])) {
-	    printf("warning: bad parity key:");
-	    des_cblock_print_file(key, stdout);
-	    putchar('\n');
+        if ((key[i] & 1) == parity_char(0xfe&key[i])) {
+            printf("warning: bad parity key:");
+            des_cblock_print_file(key, stdout);
+            putchar('\n');
 
-	    return 1;
-	}
+            return 1;
+        }
     }
 
     return(1);
@@ -233,14 +234,14 @@ mit_des_check_key_parity(key)
 
 void
 mit_des_fixup_key_parity(key)
-     register mit_des_cblock key;
+    register mit_des_cblock key;
 {
     int i;
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	key[i] &= 0xfe;
-	key[i] |= 1^parity_char(key[i]);
-      }
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
 
     return;
 }
diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c
index 328d20a..8e700cd 100644
--- a/src/lib/crypto/builtin/des/f_aead.c
+++ b/src/lib/crypto/builtin/des/f_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology.
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
@@ -27,9 +28,9 @@
 
 void
 krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec)
+                            unsigned long num_data,
+                            const mit_des_key_schedule schedule,
+                            mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp;
@@ -52,9 +53,9 @@ krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
      * vector.
      */
     if (ivec != NULL)
-	ip = ivec;
+        ip = ivec;
     else
-	ip = mit_des_zeroblock;
+        ip = mit_des_zeroblock;
     GET_HALF_BLOCK(left, ip);
     GET_HALF_BLOCK(right, ip);
 
@@ -63,45 +64,45 @@ krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
      * at a time.
      */
     for (;;) {
-	unsigned DES_INT32 temp;
+        unsigned DES_INT32 temp;
 
-	ip = iblock;
-	op = oblock;
+        ip = iblock;
+        op = oblock;
 
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
+        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
+            break;
 
-	if (input_pos.iov_pos == num_data)
-	    break;
+        if (input_pos.iov_pos == num_data)
+            break;
 
-	GET_HALF_BLOCK(temp, ip);
-	left  ^= temp;
-	GET_HALF_BLOCK(temp, ip);
-	right ^= temp;
+        GET_HALF_BLOCK(temp, ip);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ip);
+        right ^= temp;
 
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp);
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp);
 
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
 
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
     if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+        memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
 }
 
 void
 krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec)
+                            unsigned long num_data,
+                            const mit_des_key_schedule schedule,
+                            mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp;
@@ -128,15 +129,15 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
      */
 
     if (num_data == 0)
-	return;
+        return;
 
     /*
      * Prime the old cipher with ivec.
      */
     if (ivec != NULL)
-	ip = ivec;
+        ip = ivec;
     else
-	ip = mit_des_zeroblock;
+        ip = mit_des_zeroblock;
     GET_HALF_BLOCK(ocipherl, ip);
     GET_HALF_BLOCK(ocipherr, ip);
 
@@ -144,49 +145,49 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
      * Now do this in earnest until we run out of length.
      */
     for (;;) {
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	ip = iblock;
-	op = oblock;
-
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	/*
-	 * Save current cipher block here
-	 */
-	ocipherl = cipherl;
-	ocipherr = cipherr;
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+
+        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
+            break;
+
+        if (input_pos.iov_pos == num_data)
+            break;
+
+        ip = iblock;
+        op = oblock;
+
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
+
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp);
+
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
+
+        /*
+         * Save current cipher block here
+         */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
     if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+        memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
 }
diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c
index 0949ba1..c7e1f22 100644
--- a/src/lib/crypto/builtin/des/f_cbc.c
+++ b/src/lib/crypto/builtin/des/f_cbc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_cbc.c
  *
@@ -60,214 +61,214 @@ const mit_des_cblock mit_des_zeroblock /* = all zero */;
 #undef mit_des_cbc_encrypt
 int
 mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
-		    unsigned long length, const mit_des_key_schedule schedule,
-		    const mit_des_cblock ivec, int enc)
+                    unsigned long length, const mit_des_key_schedule schedule,
+                    const mit_des_cblock ivec, int enc)
 {
     /*
      * Deal with encryption and decryption separately.
      */
     if (enc)
-	krb5int_des_cbc_encrypt(in, out, length, schedule, ivec);
+        krb5int_des_cbc_encrypt(in, out, length, schedule, ivec);
     else
-	krb5int_des_cbc_decrypt(in, out, length, schedule, ivec);
+        krb5int_des_cbc_decrypt(in, out, length, schedule, ivec);
     return 0;
 }
 
 void
 krb5int_des_cbc_encrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec)
+                        mit_des_cblock *out,
+                        unsigned long length,
+                        const mit_des_key_schedule schedule,
+                        const mit_des_cblock ivec)
 {
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
 
-	/*
-	 * Get key pointer here.  This won't need to be reinitialized
-	 */
-	kp = (const unsigned DES_INT32 *)schedule;
+    /*
+     * Get key pointer here.  This won't need to be reinitialized
+     */
+    kp = (const unsigned DES_INT32 *)schedule;
 
-	/*
-	 * Initialize left and right with the contents of the initial
-	 * vector.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
 
-	/*
-	 * Suitably initialized, now work the length down 8 bytes
-	 * at a time.
-	 */
-	ip = *in;
-	op = *out;
-	while (length > 0) {
-		/*
-		 * Get more input, xor it in.  If the length is
-		 * greater than or equal to 8 this is straight
-		 * forward.  Otherwise we have to fart around.
-		 */
-		if (length >= 8) {
-			unsigned DES_INT32 temp;
-			GET_HALF_BLOCK(temp, ip);
-			left  ^= temp;
-			GET_HALF_BLOCK(temp, ip);
-			right ^= temp;
-			length -= 8;
-		} else {
-			/*
-			 * Oh, shoot.  We need to pad the
-			 * end with zeroes.  Work backwards
-			 * to do this.
-			 */
-			ip += (int) length;
-			switch(length) {
-			case 7:
-				right ^= (*(--ip) & FF_UINT32) <<  8;
-			case 6:
-				right ^= (*(--ip) & FF_UINT32) << 16;
-			case 5:
-				right ^= (*(--ip) & FF_UINT32) << 24;
-			case 4:
-				left  ^=  *(--ip) & FF_UINT32;
-			case 3:
-				left  ^= (*(--ip) & FF_UINT32) <<  8;
-			case 2:
-				left  ^= (*(--ip) & FF_UINT32) << 16;
-			case 1:
-				left  ^= (*(--ip) & FF_UINT32) << 24;
-				break;
-			}
-			length = 0;
-		}
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = *in;
+    op = *out;
+    while (length > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (length >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            length -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) length;
+            switch(length) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            length = 0;
+        }
 
-		/*
-		 * Encrypt what we have
-		 */
-		DES_DO_ENCRYPT(left, right, kp);
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp);
 
-		/*
-		 * Copy the results out
-		 */
-		PUT_HALF_BLOCK(left, op);
-		PUT_HALF_BLOCK(right, op);
-	}
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
+    }
 }
 
 void
 krb5int_des_cbc_decrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec)
+                        mit_des_cblock *out,
+                        unsigned long length,
+                        const mit_des_key_schedule schedule,
+                        const mit_des_cblock ivec)
 {
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
-	unsigned DES_INT32 ocipherl, ocipherr;
-	unsigned DES_INT32 cipherl, cipherr;
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    unsigned DES_INT32 ocipherl, ocipherr;
+    unsigned DES_INT32 cipherl, cipherr;
 
-	/*
-	 * Get key pointer here.  This won't need to be reinitialized
-	 */
-	kp = (const unsigned DES_INT32 *)schedule;
+    /*
+     * Get key pointer here.  This won't need to be reinitialized
+     */
+    kp = (const unsigned DES_INT32 *)schedule;
 
-	/*
-	 * Decrypting is harder than encrypting because of
-	 * the necessity of remembering a lot more things.
-	 * Should think about this a little more...
-	 */
+    /*
+     * Decrypting is harder than encrypting because of
+     * the necessity of remembering a lot more things.
+     * Should think about this a little more...
+     */
 
-	if (length <= 0)
-		return;
+    if (length <= 0)
+        return;
 
-	/*
-	 * Prime the old cipher with ivec.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(ocipherl, ip);
-	GET_HALF_BLOCK(ocipherr, ip);
+    /*
+     * Prime the old cipher with ivec.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(ocipherl, ip);
+    GET_HALF_BLOCK(ocipherr, ip);
 
-	/*
-	 * Now do this in earnest until we run out of length.
-	 */
-	ip = *in;
-	op = *out;
-	for (;;) {		/* check done inside loop */
-		/*
-		 * Read a block from the input into left and
-		 * right.  Save this cipher block for later.
-		 */
-		GET_HALF_BLOCK(left, ip);
-		GET_HALF_BLOCK(right, ip);
-		cipherl = left;
-		cipherr = right;
+    /*
+     * Now do this in earnest until we run out of length.
+     */
+    ip = *in;
+    op = *out;
+    for (;;) {              /* check done inside loop */
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
 
-		/*
-		 * Decrypt this.
-		 */
-		DES_DO_DECRYPT(left, right, kp);
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp);
 
-		/*
-		 * Xor with the old cipher to get plain
-		 * text.  Output 8 or less bytes of this.
-		 */
-		left ^= ocipherl;
-		right ^= ocipherr;
-		if (length > 8) {
-			length -= 8;
-			PUT_HALF_BLOCK(left, op);
-			PUT_HALF_BLOCK(right, op);
-			/*
-			 * Save current cipher block here
-			 */
-			ocipherl = cipherl;
-			ocipherr = cipherr;
-		} else {
-			/*
-			 * Trouble here.  Start at end of output,
-			 * work backwards.
-			 */
-			op += (int) length;
-			switch(length) {
-			case 8:
-				*(--op) = (unsigned char) (right & 0xff);
-			case 7:
-				*(--op) = (unsigned char) ((right >> 8) & 0xff);
-			case 6:
-				*(--op) = (unsigned char) ((right >> 16) & 0xff);
-			case 5:
-				*(--op) = (unsigned char) ((right >> 24) & 0xff);
-			case 4:
-				*(--op) = (unsigned char) (left & 0xff);
-			case 3:
-				*(--op) = (unsigned char) ((left >> 8) & 0xff);
-			case 2:
-				*(--op) = (unsigned char) ((left >> 16) & 0xff);
-			case 1:
-				*(--op) = (unsigned char) ((left >> 24) & 0xff);
-				break;
-			}
-			break;		/* we're done */
-		}
-	}
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+        if (length > 8) {
+            length -= 8;
+            PUT_HALF_BLOCK(left, op);
+            PUT_HALF_BLOCK(right, op);
+            /*
+             * Save current cipher block here
+             */
+            ocipherl = cipherl;
+            ocipherr = cipherr;
+        } else {
+            /*
+             * Trouble here.  Start at end of output,
+             * work backwards.
+             */
+            op += (int) length;
+            switch(length) {
+            case 8:
+                *(--op) = (unsigned char) (right & 0xff);
+            case 7:
+                *(--op) = (unsigned char) ((right >> 8) & 0xff);
+            case 6:
+                *(--op) = (unsigned char) ((right >> 16) & 0xff);
+            case 5:
+                *(--op) = (unsigned char) ((right >> 24) & 0xff);
+            case 4:
+                *(--op) = (unsigned char) (left & 0xff);
+            case 3:
+                *(--op) = (unsigned char) ((left >> 8) & 0xff);
+            case 2:
+                *(--op) = (unsigned char) ((left >> 16) & 0xff);
+            case 1:
+                *(--op) = (unsigned char) ((left >> 24) & 0xff);
+                break;
+            }
+            break;          /* we're done */
+        }
+    }
 }
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
-			       unsigned DES_INT32 *right,
-			       const unsigned DES_INT32 *kp)
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
 {
     DES_DO_ENCRYPT_1 (*left, *right, kp);
 }
 
 void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left,
-			       unsigned DES_INT32 *right,
-			       const unsigned DES_INT32 *kp)
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
 {
     DES_DO_DECRYPT_1 (*left, *right, kp);
 }
diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c
index 1c03da4..09ac4a0 100644
--- a/src/lib/crypto/builtin/des/f_cksum.c
+++ b/src/lib/crypto/builtin/des/f_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_cksum.c
  *
@@ -49,88 +50,88 @@
 
 unsigned long
 mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
-		  unsigned long length, const mit_des_key_schedule schedule,
-		  const krb5_octet *ivec)
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
 {
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
-	register DES_INT32 len;
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    register DES_INT32 len;
 
-	/*
-	 * Initialize left and right with the contents of the initial
-	 * vector.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
 
-	/*
-	 * Suitably initialized, now work the length down 8 bytes
-	 * at a time.
-	 */
-	ip = in;
-	len = length;
-	while (len > 0) {
-		/*
-		 * Get more input, xor it in.  If the length is
-		 * greater than or equal to 8 this is straight
-		 * forward.  Otherwise we have to fart around.
-		 */
-		if (len >= 8) {
-			unsigned DES_INT32 temp;
-			GET_HALF_BLOCK(temp, ip);
-			left  ^= temp;
-			GET_HALF_BLOCK(temp, ip);
-			right ^= temp;
-			len -= 8;
-		} else {
-			/*
-			 * Oh, shoot.  We need to pad the
-			 * end with zeroes.  Work backwards
-			 * to do this.
-			 */
-			ip += (int) len;
-			switch(len) {
-			case 7:
-				right ^= (*(--ip) & FF_UINT32) <<  8;
-			case 6:
-				right ^= (*(--ip) & FF_UINT32) << 16;
-			case 5:
-				right ^= (*(--ip) & FF_UINT32) << 24;
-			case 4:
-				left  ^=  *(--ip) & FF_UINT32;
-			case 3:
-				left  ^= (*(--ip) & FF_UINT32) <<  8;
-			case 2:
-				left  ^= (*(--ip) & FF_UINT32) << 16;
-			case 1:
-				left  ^= (*(--ip) & FF_UINT32) << 24;
-				break;
-			}
-			len = 0;
-		}
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = in;
+    len = length;
+    while (len > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (len >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            len -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) len;
+            switch(len) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            len = 0;
+        }
 
-		/*
-		 * Encrypt what we have
-		 */
-		kp = (const unsigned DES_INT32 *)schedule;
-		DES_DO_ENCRYPT(left, right, kp);
-	}
+        /*
+         * Encrypt what we have
+         */
+        kp = (const unsigned DES_INT32 *)schedule;
+        DES_DO_ENCRYPT(left, right, kp);
+    }
 
-	/*
-	 * Done.  Left and right have the checksum.  Put it into
-	 * the output.
-	 */
-	op = out;
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
+    /*
+     * Done.  Left and right have the checksum.  Put it into
+     * the output.
+     */
+    op = out;
+    PUT_HALF_BLOCK(left, op);
+    PUT_HALF_BLOCK(right, op);
 
-	/*
-	 * Return right.  I'll bet the MIT code returns this
-	 * inconsistantly (with the low order byte of the checksum
-	 * not always in the low order byte of the DES_INT32).  We won't.
-	 */
-	return right & 0xFFFFFFFFUL;
+    /*
+     * Return right.  I'll bet the MIT code returns this
+     * inconsistantly (with the low order byte of the checksum
+     * not always in the low order byte of the DES_INT32).  We won't.
+     */
+    return right & 0xFFFFFFFFUL;
 }
diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c
index 846c821..460b506 100644
--- a/src/lib/crypto/builtin/des/f_parity.c
+++ b/src/lib/crypto/builtin/des/f_parity.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * These routines check and fix parity of encryption keys for the DES
  * algorithm.
@@ -25,10 +26,10 @@ mit_des_fixup_key_parity(mit_des_cblock key)
 {
     unsigned int i;
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	key[i] &= 0xfe;
-	key[i] |= 1^parity_char(key[i]);
-      }
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
 
     return;
 }
@@ -44,12 +45,12 @@ mit_des_check_key_parity(mit_des_cblock key)
     unsigned int i;
 
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	if((key[i] & 1) == parity_char(0xfe&key[i]))
-	  {
-	    return 0;
-	  }
-      }
+    {
+        if((key[i] & 1) == parity_char(0xfe&key[i]))
+        {
+            return 0;
+        }
+    }
 
     return(1);
 }
diff --git a/src/lib/crypto/builtin/des/f_sched.c b/src/lib/crypto/builtin/des/f_sched.c
index cb0a6bb..af9d66b 100644
--- a/src/lib/crypto/builtin/des/f_sched.c
+++ b/src/lib/crypto/builtin/des/f_sched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_sched.c
  *
@@ -39,27 +40,27 @@
  * part of each key are used to form Ci and Di.
  */
 static const unsigned DES_INT32 PC1_CL[8] = {
-	0x00000000, 0x00000010, 0x00001000, 0x00001010,
-	0x00100000, 0x00100010, 0x00101000, 0x00101010
+    0x00000000, 0x00000010, 0x00001000, 0x00001010,
+    0x00100000, 0x00100010, 0x00101000, 0x00101010
 };
 
 static const unsigned DES_INT32 PC1_DL[16] = {
-	0x00000000, 0x00100000, 0x00001000, 0x00101000,
-	0x00000010, 0x00100010, 0x00001010, 0x00101010,
-	0x00000001, 0x00100001, 0x00001001, 0x00101001,
-	0x00000011, 0x00100011, 0x00001011, 0x00101011
+    0x00000000, 0x00100000, 0x00001000, 0x00101000,
+    0x00000010, 0x00100010, 0x00001010, 0x00101010,
+    0x00000001, 0x00100001, 0x00001001, 0x00101001,
+    0x00000011, 0x00100011, 0x00001011, 0x00101011
 };
 
 static const unsigned DES_INT32 PC1_CR[16] = {
-	0x00000000, 0x00000001, 0x00000100, 0x00000101,
-	0x00010000, 0x00010001, 0x00010100, 0x00010101,
-	0x01000000, 0x01000001, 0x01000100, 0x01000101,
-	0x01010000, 0x01010001, 0x01010100, 0x01010101
+    0x00000000, 0x00000001, 0x00000100, 0x00000101,
+    0x00010000, 0x00010001, 0x00010100, 0x00010101,
+    0x01000000, 0x01000001, 0x01000100, 0x01000101,
+    0x01010000, 0x01010001, 0x01010100, 0x01010101
 };
 
 static const unsigned DES_INT32 PC1_DR[8] = {
-	0x00000000, 0x01000000, 0x00010000, 0x01010000,
-	0x00000100, 0x01000100, 0x00010100, 0x01010100
+    0x00000000, 0x01000000, 0x00010000, 0x01010000,
+    0x00000100, 0x01000100, 0x00010100, 0x01010100
 };
 
 
@@ -69,7 +70,7 @@ static const unsigned DES_INT32 PC1_DR[8] = {
  * two places.  This has bits set for the iterations where we do 2 bit
  * shifts, starting at the low order bit.
  */
-#define	TWO_BIT_SHIFTS	0x7efc
+#define TWO_BIT_SHIFTS  0x7efc
 
 /*
  * Permuted choice 2 tables.  The first actually produces the low order
@@ -84,153 +85,153 @@ static const unsigned DES_INT32 PC1_DR[8] = {
  * in in the des code.
  */
 static const unsigned DES_INT32 PC2_C[4][64] = {
-  {
-	0x00000000, 0x00000004, 0x00010000, 0x00010004,
-	0x00000400, 0x00000404, 0x00010400, 0x00010404,
-	0x00000020, 0x00000024, 0x00010020, 0x00010024,
-	0x00000420, 0x00000424, 0x00010420, 0x00010424,
-	0x01000000, 0x01000004, 0x01010000, 0x01010004,
-	0x01000400, 0x01000404, 0x01010400, 0x01010404,
-	0x01000020, 0x01000024, 0x01010020, 0x01010024,
-	0x01000420, 0x01000424, 0x01010420, 0x01010424,
-	0x00020000, 0x00020004, 0x00030000, 0x00030004,
-	0x00020400, 0x00020404, 0x00030400, 0x00030404,
-	0x00020020, 0x00020024, 0x00030020, 0x00030024,
-	0x00020420, 0x00020424, 0x00030420, 0x00030424,
-	0x01020000, 0x01020004, 0x01030000, 0x01030004,
-	0x01020400, 0x01020404, 0x01030400, 0x01030404,
-	0x01020020, 0x01020024, 0x01030020, 0x01030024,
-	0x01020420, 0x01020424, 0x01030420, 0x01030424,
-  },
-  {
-	0x00000000, 0x02000000, 0x00000800, 0x02000800,
-	0x00080000, 0x02080000, 0x00080800, 0x02080800,
-	0x00000001, 0x02000001, 0x00000801, 0x02000801,
-	0x00080001, 0x02080001, 0x00080801, 0x02080801,
-	0x00000100, 0x02000100, 0x00000900, 0x02000900,
-	0x00080100, 0x02080100, 0x00080900, 0x02080900,
-	0x00000101, 0x02000101, 0x00000901, 0x02000901,
-	0x00080101, 0x02080101, 0x00080901, 0x02080901,
-	0x10000000, 0x12000000, 0x10000800, 0x12000800,
-	0x10080000, 0x12080000, 0x10080800, 0x12080800,
-	0x10000001, 0x12000001, 0x10000801, 0x12000801,
-	0x10080001, 0x12080001, 0x10080801, 0x12080801,
-	0x10000100, 0x12000100, 0x10000900, 0x12000900,
-	0x10080100, 0x12080100, 0x10080900, 0x12080900,
-	0x10000101, 0x12000101, 0x10000901, 0x12000901,
-	0x10080101, 0x12080101, 0x10080901, 0x12080901,
-  },
-  {
-	0x00000000, 0x00040000, 0x00002000, 0x00042000,
-	0x00100000, 0x00140000, 0x00102000, 0x00142000,
-	0x20000000, 0x20040000, 0x20002000, 0x20042000,
-	0x20100000, 0x20140000, 0x20102000, 0x20142000,
-	0x00000008, 0x00040008, 0x00002008, 0x00042008,
-	0x00100008, 0x00140008, 0x00102008, 0x00142008,
-	0x20000008, 0x20040008, 0x20002008, 0x20042008,
-	0x20100008, 0x20140008, 0x20102008, 0x20142008,
-	0x00200000, 0x00240000, 0x00202000, 0x00242000,
-	0x00300000, 0x00340000, 0x00302000, 0x00342000,
-	0x20200000, 0x20240000, 0x20202000, 0x20242000,
-	0x20300000, 0x20340000, 0x20302000, 0x20342000,
-	0x00200008, 0x00240008, 0x00202008, 0x00242008,
-	0x00300008, 0x00340008, 0x00302008, 0x00342008,
-	0x20200008, 0x20240008, 0x20202008, 0x20242008,
-	0x20300008, 0x20340008, 0x20302008, 0x20342008,
-  },
-  {
-	0x00000000, 0x00000010, 0x08000000, 0x08000010,
-	0x00000200, 0x00000210, 0x08000200, 0x08000210,
-	0x00000002, 0x00000012, 0x08000002, 0x08000012,
-	0x00000202, 0x00000212, 0x08000202, 0x08000212,
-	0x04000000, 0x04000010, 0x0c000000, 0x0c000010,
-	0x04000200, 0x04000210, 0x0c000200, 0x0c000210,
-	0x04000002, 0x04000012, 0x0c000002, 0x0c000012,
-	0x04000202, 0x04000212, 0x0c000202, 0x0c000212,
-	0x00001000, 0x00001010, 0x08001000, 0x08001010,
-	0x00001200, 0x00001210, 0x08001200, 0x08001210,
-	0x00001002, 0x00001012, 0x08001002, 0x08001012,
-	0x00001202, 0x00001212, 0x08001202, 0x08001212,
-	0x04001000, 0x04001010, 0x0c001000, 0x0c001010,
-	0x04001200, 0x04001210, 0x0c001200, 0x0c001210,
-	0x04001002, 0x04001012, 0x0c001002, 0x0c001012,
-	0x04001202, 0x04001212, 0x0c001202, 0x0c001212
-  },
+    {
+        0x00000000, 0x00000004, 0x00010000, 0x00010004,
+        0x00000400, 0x00000404, 0x00010400, 0x00010404,
+        0x00000020, 0x00000024, 0x00010020, 0x00010024,
+        0x00000420, 0x00000424, 0x00010420, 0x00010424,
+        0x01000000, 0x01000004, 0x01010000, 0x01010004,
+        0x01000400, 0x01000404, 0x01010400, 0x01010404,
+        0x01000020, 0x01000024, 0x01010020, 0x01010024,
+        0x01000420, 0x01000424, 0x01010420, 0x01010424,
+        0x00020000, 0x00020004, 0x00030000, 0x00030004,
+        0x00020400, 0x00020404, 0x00030400, 0x00030404,
+        0x00020020, 0x00020024, 0x00030020, 0x00030024,
+        0x00020420, 0x00020424, 0x00030420, 0x00030424,
+        0x01020000, 0x01020004, 0x01030000, 0x01030004,
+        0x01020400, 0x01020404, 0x01030400, 0x01030404,
+        0x01020020, 0x01020024, 0x01030020, 0x01030024,
+        0x01020420, 0x01020424, 0x01030420, 0x01030424,
+    },
+    {
+        0x00000000, 0x02000000, 0x00000800, 0x02000800,
+        0x00080000, 0x02080000, 0x00080800, 0x02080800,
+        0x00000001, 0x02000001, 0x00000801, 0x02000801,
+        0x00080001, 0x02080001, 0x00080801, 0x02080801,
+        0x00000100, 0x02000100, 0x00000900, 0x02000900,
+        0x00080100, 0x02080100, 0x00080900, 0x02080900,
+        0x00000101, 0x02000101, 0x00000901, 0x02000901,
+        0x00080101, 0x02080101, 0x00080901, 0x02080901,
+        0x10000000, 0x12000000, 0x10000800, 0x12000800,
+        0x10080000, 0x12080000, 0x10080800, 0x12080800,
+        0x10000001, 0x12000001, 0x10000801, 0x12000801,
+        0x10080001, 0x12080001, 0x10080801, 0x12080801,
+        0x10000100, 0x12000100, 0x10000900, 0x12000900,
+        0x10080100, 0x12080100, 0x10080900, 0x12080900,
+        0x10000101, 0x12000101, 0x10000901, 0x12000901,
+        0x10080101, 0x12080101, 0x10080901, 0x12080901,
+    },
+    {
+        0x00000000, 0x00040000, 0x00002000, 0x00042000,
+        0x00100000, 0x00140000, 0x00102000, 0x00142000,
+        0x20000000, 0x20040000, 0x20002000, 0x20042000,
+        0x20100000, 0x20140000, 0x20102000, 0x20142000,
+        0x00000008, 0x00040008, 0x00002008, 0x00042008,
+        0x00100008, 0x00140008, 0x00102008, 0x00142008,
+        0x20000008, 0x20040008, 0x20002008, 0x20042008,
+        0x20100008, 0x20140008, 0x20102008, 0x20142008,
+        0x00200000, 0x00240000, 0x00202000, 0x00242000,
+        0x00300000, 0x00340000, 0x00302000, 0x00342000,
+        0x20200000, 0x20240000, 0x20202000, 0x20242000,
+        0x20300000, 0x20340000, 0x20302000, 0x20342000,
+        0x00200008, 0x00240008, 0x00202008, 0x00242008,
+        0x00300008, 0x00340008, 0x00302008, 0x00342008,
+        0x20200008, 0x20240008, 0x20202008, 0x20242008,
+        0x20300008, 0x20340008, 0x20302008, 0x20342008,
+    },
+    {
+        0x00000000, 0x00000010, 0x08000000, 0x08000010,
+        0x00000200, 0x00000210, 0x08000200, 0x08000210,
+        0x00000002, 0x00000012, 0x08000002, 0x08000012,
+        0x00000202, 0x00000212, 0x08000202, 0x08000212,
+        0x04000000, 0x04000010, 0x0c000000, 0x0c000010,
+        0x04000200, 0x04000210, 0x0c000200, 0x0c000210,
+        0x04000002, 0x04000012, 0x0c000002, 0x0c000012,
+        0x04000202, 0x04000212, 0x0c000202, 0x0c000212,
+        0x00001000, 0x00001010, 0x08001000, 0x08001010,
+        0x00001200, 0x00001210, 0x08001200, 0x08001210,
+        0x00001002, 0x00001012, 0x08001002, 0x08001012,
+        0x00001202, 0x00001212, 0x08001202, 0x08001212,
+        0x04001000, 0x04001010, 0x0c001000, 0x0c001010,
+        0x04001200, 0x04001210, 0x0c001200, 0x0c001210,
+        0x04001002, 0x04001012, 0x0c001002, 0x0c001012,
+        0x04001202, 0x04001212, 0x0c001202, 0x0c001212
+    },
 };
 
 static const unsigned DES_INT32 PC2_D[4][64] = {
-  {
-	0x00000000, 0x02000000, 0x00020000, 0x02020000,
-	0x00000100, 0x02000100, 0x00020100, 0x02020100,
-	0x00000008, 0x02000008, 0x00020008, 0x02020008,
-	0x00000108, 0x02000108, 0x00020108, 0x02020108,
-	0x00200000, 0x02200000, 0x00220000, 0x02220000,
-	0x00200100, 0x02200100, 0x00220100, 0x02220100,
-	0x00200008, 0x02200008, 0x00220008, 0x02220008,
-	0x00200108, 0x02200108, 0x00220108, 0x02220108,
-	0x00000200, 0x02000200, 0x00020200, 0x02020200,
-	0x00000300, 0x02000300, 0x00020300, 0x02020300,
-	0x00000208, 0x02000208, 0x00020208, 0x02020208,
-	0x00000308, 0x02000308, 0x00020308, 0x02020308,
-	0x00200200, 0x02200200, 0x00220200, 0x02220200,
-	0x00200300, 0x02200300, 0x00220300, 0x02220300,
-	0x00200208, 0x02200208, 0x00220208, 0x02220208,
-	0x00200308, 0x02200308, 0x00220308, 0x02220308,
-  },
-  {
-	0x00000000, 0x00001000, 0x00000020, 0x00001020,
-	0x00100000, 0x00101000, 0x00100020, 0x00101020,
-	0x08000000, 0x08001000, 0x08000020, 0x08001020,
-	0x08100000, 0x08101000, 0x08100020, 0x08101020,
-	0x00000004, 0x00001004, 0x00000024, 0x00001024,
-	0x00100004, 0x00101004, 0x00100024, 0x00101024,
-	0x08000004, 0x08001004, 0x08000024, 0x08001024,
-	0x08100004, 0x08101004, 0x08100024, 0x08101024,
-	0x00000400, 0x00001400, 0x00000420, 0x00001420,
-	0x00100400, 0x00101400, 0x00100420, 0x00101420,
-	0x08000400, 0x08001400, 0x08000420, 0x08001420,
-	0x08100400, 0x08101400, 0x08100420, 0x08101420,
-	0x00000404, 0x00001404, 0x00000424, 0x00001424,
-	0x00100404, 0x00101404, 0x00100424, 0x00101424,
-	0x08000404, 0x08001404, 0x08000424, 0x08001424,
-	0x08100404, 0x08101404, 0x08100424, 0x08101424,
-  },
-  {
-	0x00000000, 0x10000000, 0x00010000, 0x10010000,
-	0x00000002, 0x10000002, 0x00010002, 0x10010002,
-	0x00002000, 0x10002000, 0x00012000, 0x10012000,
-	0x00002002, 0x10002002, 0x00012002, 0x10012002,
-	0x00040000, 0x10040000, 0x00050000, 0x10050000,
-	0x00040002, 0x10040002, 0x00050002, 0x10050002,
-	0x00042000, 0x10042000, 0x00052000, 0x10052000,
-	0x00042002, 0x10042002, 0x00052002, 0x10052002,
-	0x20000000, 0x30000000, 0x20010000, 0x30010000,
-	0x20000002, 0x30000002, 0x20010002, 0x30010002,
-	0x20002000, 0x30002000, 0x20012000, 0x30012000,
-	0x20002002, 0x30002002, 0x20012002, 0x30012002,
-	0x20040000, 0x30040000, 0x20050000, 0x30050000,
-	0x20040002, 0x30040002, 0x20050002, 0x30050002,
-	0x20042000, 0x30042000, 0x20052000, 0x30052000,
-	0x20042002, 0x30042002, 0x20052002, 0x30052002,
-  },
-  {
-	0x00000000, 0x04000000, 0x00000001, 0x04000001,
-	0x01000000, 0x05000000, 0x01000001, 0x05000001,
-	0x00000010, 0x04000010, 0x00000011, 0x04000011,
-	0x01000010, 0x05000010, 0x01000011, 0x05000011,
-	0x00080000, 0x04080000, 0x00080001, 0x04080001,
-	0x01080000, 0x05080000, 0x01080001, 0x05080001,
-	0x00080010, 0x04080010, 0x00080011, 0x04080011,
-	0x01080010, 0x05080010, 0x01080011, 0x05080011,
-	0x00000800, 0x04000800, 0x00000801, 0x04000801,
-	0x01000800, 0x05000800, 0x01000801, 0x05000801,
-	0x00000810, 0x04000810, 0x00000811, 0x04000811,
-	0x01000810, 0x05000810, 0x01000811, 0x05000811,
-	0x00080800, 0x04080800, 0x00080801, 0x04080801,
-	0x01080800, 0x05080800, 0x01080801, 0x05080801,
-	0x00080810, 0x04080810, 0x00080811, 0x04080811,
-	0x01080810, 0x05080810, 0x01080811, 0x05080811
-  },
+    {
+        0x00000000, 0x02000000, 0x00020000, 0x02020000,
+        0x00000100, 0x02000100, 0x00020100, 0x02020100,
+        0x00000008, 0x02000008, 0x00020008, 0x02020008,
+        0x00000108, 0x02000108, 0x00020108, 0x02020108,
+        0x00200000, 0x02200000, 0x00220000, 0x02220000,
+        0x00200100, 0x02200100, 0x00220100, 0x02220100,
+        0x00200008, 0x02200008, 0x00220008, 0x02220008,
+        0x00200108, 0x02200108, 0x00220108, 0x02220108,
+        0x00000200, 0x02000200, 0x00020200, 0x02020200,
+        0x00000300, 0x02000300, 0x00020300, 0x02020300,
+        0x00000208, 0x02000208, 0x00020208, 0x02020208,
+        0x00000308, 0x02000308, 0x00020308, 0x02020308,
+        0x00200200, 0x02200200, 0x00220200, 0x02220200,
+        0x00200300, 0x02200300, 0x00220300, 0x02220300,
+        0x00200208, 0x02200208, 0x00220208, 0x02220208,
+        0x00200308, 0x02200308, 0x00220308, 0x02220308,
+    },
+    {
+        0x00000000, 0x00001000, 0x00000020, 0x00001020,
+        0x00100000, 0x00101000, 0x00100020, 0x00101020,
+        0x08000000, 0x08001000, 0x08000020, 0x08001020,
+        0x08100000, 0x08101000, 0x08100020, 0x08101020,
+        0x00000004, 0x00001004, 0x00000024, 0x00001024,
+        0x00100004, 0x00101004, 0x00100024, 0x00101024,
+        0x08000004, 0x08001004, 0x08000024, 0x08001024,
+        0x08100004, 0x08101004, 0x08100024, 0x08101024,
+        0x00000400, 0x00001400, 0x00000420, 0x00001420,
+        0x00100400, 0x00101400, 0x00100420, 0x00101420,
+        0x08000400, 0x08001400, 0x08000420, 0x08001420,
+        0x08100400, 0x08101400, 0x08100420, 0x08101420,
+        0x00000404, 0x00001404, 0x00000424, 0x00001424,
+        0x00100404, 0x00101404, 0x00100424, 0x00101424,
+        0x08000404, 0x08001404, 0x08000424, 0x08001424,
+        0x08100404, 0x08101404, 0x08100424, 0x08101424,
+    },
+    {
+        0x00000000, 0x10000000, 0x00010000, 0x10010000,
+        0x00000002, 0x10000002, 0x00010002, 0x10010002,
+        0x00002000, 0x10002000, 0x00012000, 0x10012000,
+        0x00002002, 0x10002002, 0x00012002, 0x10012002,
+        0x00040000, 0x10040000, 0x00050000, 0x10050000,
+        0x00040002, 0x10040002, 0x00050002, 0x10050002,
+        0x00042000, 0x10042000, 0x00052000, 0x10052000,
+        0x00042002, 0x10042002, 0x00052002, 0x10052002,
+        0x20000000, 0x30000000, 0x20010000, 0x30010000,
+        0x20000002, 0x30000002, 0x20010002, 0x30010002,
+        0x20002000, 0x30002000, 0x20012000, 0x30012000,
+        0x20002002, 0x30002002, 0x20012002, 0x30012002,
+        0x20040000, 0x30040000, 0x20050000, 0x30050000,
+        0x20040002, 0x30040002, 0x20050002, 0x30050002,
+        0x20042000, 0x30042000, 0x20052000, 0x30052000,
+        0x20042002, 0x30042002, 0x20052002, 0x30052002,
+    },
+    {
+        0x00000000, 0x04000000, 0x00000001, 0x04000001,
+        0x01000000, 0x05000000, 0x01000001, 0x05000001,
+        0x00000010, 0x04000010, 0x00000011, 0x04000011,
+        0x01000010, 0x05000010, 0x01000011, 0x05000011,
+        0x00080000, 0x04080000, 0x00080001, 0x04080001,
+        0x01080000, 0x05080000, 0x01080001, 0x05080001,
+        0x00080010, 0x04080010, 0x00080011, 0x04080011,
+        0x01080010, 0x05080010, 0x01080011, 0x05080011,
+        0x00000800, 0x04000800, 0x00000801, 0x04000801,
+        0x01000800, 0x05000800, 0x01000801, 0x05000801,
+        0x00000810, 0x04000810, 0x00000811, 0x04000811,
+        0x01000810, 0x05000810, 0x01000811, 0x05000811,
+        0x00080800, 0x04080800, 0x00080801, 0x04080801,
+        0x01080800, 0x05080800, 0x01080801, 0x05080801,
+        0x00080810, 0x04080810, 0x00080811, 0x04080811,
+        0x01080810, 0x05080810, 0x01080811, 0x05080811
+    },
 };
 
 
@@ -241,119 +242,119 @@ static const unsigned DES_INT32 PC2_D[4][64] = {
 int
 mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule)
 {
-	register unsigned DES_INT32 c, d;
+    register unsigned DES_INT32 c, d;
 
-	{
-		/*
-		 * Need a pointer for the keys and a temporary DES_INT32
-		 */
-		const unsigned char *k;
-		register unsigned DES_INT32 tmp;
+    {
+        /*
+         * Need a pointer for the keys and a temporary DES_INT32
+         */
+        const unsigned char *k;
+        register unsigned DES_INT32 tmp;
 
-		/*
-		 * Fetch the key into something we can work with
-		 */
-		k = key;
+        /*
+         * Fetch the key into something we can work with
+         */
+        k = key;
 
-		/*
-		 * The first permutted choice gives us the 28 bits for C0 and
-		 * 28 for D0.  C0 gets 12 bits from the left key and 16 from
-		 * the right, while D0 gets 16 from the left and 12 from the
-		 * right.  The code knows which bits go where.
-		 */
-		tmp = load_32_be(k), k += 4;
+        /*
+         * The first permutted choice gives us the 28 bits for C0 and
+         * 28 for D0.  C0 gets 12 bits from the left key and 16 from
+         * the right, while D0 gets 16 from the left and 12 from the
+         * right.  The code knows which bits go where.
+         */
+        tmp = load_32_be(k), k += 4;
 
-		c =  PC1_CL[(tmp >> 29) & 0x7]
-		  | (PC1_CL[(tmp >> 21) & 0x7] << 1)
-		  | (PC1_CL[(tmp >> 13) & 0x7] << 2)
-		  | (PC1_CL[(tmp >>  5) & 0x7] << 3);
-		d =  PC1_DL[(tmp >> 25) & 0xf]
-		  | (PC1_DL[(tmp >> 17) & 0xf] << 1)
-		  | (PC1_DL[(tmp >>  9) & 0xf] << 2)
-		  | (PC1_DL[(tmp >>  1) & 0xf] << 3);
+        c =  PC1_CL[(tmp >> 29) & 0x7]
+            | (PC1_CL[(tmp >> 21) & 0x7] << 1)
+            | (PC1_CL[(tmp >> 13) & 0x7] << 2)
+            | (PC1_CL[(tmp >>  5) & 0x7] << 3);
+        d =  PC1_DL[(tmp >> 25) & 0xf]
+            | (PC1_DL[(tmp >> 17) & 0xf] << 1)
+            | (PC1_DL[(tmp >>  9) & 0xf] << 2)
+            | (PC1_DL[(tmp >>  1) & 0xf] << 3);
 
-		tmp = load_32_be(k), k += 4;
+        tmp = load_32_be(k), k += 4;
 
-		c |= PC1_CR[(tmp >> 28) & 0xf]
-		  | (PC1_CR[(tmp >> 20) & 0xf] << 1)
-		  | (PC1_CR[(tmp >> 12) & 0xf] << 2)
-		  | (PC1_CR[(tmp >>  4) & 0xf] << 3);
-		d |= PC1_DR[(tmp >> 25) & 0x7]
-		  | (PC1_DR[(tmp >> 17) & 0x7] << 1)
-		  | (PC1_DR[(tmp >>  9) & 0x7] << 2)
-		  | (PC1_DR[(tmp >>  1) & 0x7] << 3);
-	}
+        c |= PC1_CR[(tmp >> 28) & 0xf]
+            | (PC1_CR[(tmp >> 20) & 0xf] << 1)
+            | (PC1_CR[(tmp >> 12) & 0xf] << 2)
+            | (PC1_CR[(tmp >>  4) & 0xf] << 3);
+        d |= PC1_DR[(tmp >> 25) & 0x7]
+            | (PC1_DR[(tmp >> 17) & 0x7] << 1)
+            | (PC1_DR[(tmp >>  9) & 0x7] << 2)
+            | (PC1_DR[(tmp >>  1) & 0x7] << 3);
+    }
 
-	{
-		/*
-		 * Need several temporaries in here
-		 */
-		register unsigned DES_INT32 ltmp, rtmp;
-		register unsigned DES_INT32 *k;
-		register int two_bit_shifts;
-		register int i;
-		/*
-		 * Now iterate to compute the key schedule.  Note that we
-		 * record the entire set of subkeys in 6 bit chunks since
-		 * they are used that way.  At 6 bits/char, we need
-		 * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
-		 * The schedule must be this big.
-		 */
-		k = (unsigned DES_INT32 *)schedule;
-		two_bit_shifts = TWO_BIT_SHIFTS;
-		for (i = 16; i > 0; i--) {
-			/*
-			 * Do the rotation.  One bit and two bit rotations
-			 * are done separately.  Note C and D are 28 bits.
-			 */
-			if (two_bit_shifts & 0x1) {
-				c = ((c << 2) & 0xffffffc) | (c >> 26);
-				d = ((d << 2) & 0xffffffc) | (d >> 26);
-			} else {
-				c = ((c << 1) & 0xffffffe) | (c >> 27);
-				d = ((d << 1) & 0xffffffe) | (d >> 27);
-			}
-			two_bit_shifts >>= 1;
+    {
+        /*
+         * Need several temporaries in here
+         */
+        register unsigned DES_INT32 ltmp, rtmp;
+        register unsigned DES_INT32 *k;
+        register int two_bit_shifts;
+        register int i;
+        /*
+         * Now iterate to compute the key schedule.  Note that we
+         * record the entire set of subkeys in 6 bit chunks since
+         * they are used that way.  At 6 bits/char, we need
+         * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
+         * The schedule must be this big.
+         */
+        k = (unsigned DES_INT32 *)schedule;
+        two_bit_shifts = TWO_BIT_SHIFTS;
+        for (i = 16; i > 0; i--) {
+            /*
+             * Do the rotation.  One bit and two bit rotations
+             * are done separately.  Note C and D are 28 bits.
+             */
+            if (two_bit_shifts & 0x1) {
+                c = ((c << 2) & 0xffffffc) | (c >> 26);
+                d = ((d << 2) & 0xffffffc) | (d >> 26);
+            } else {
+                c = ((c << 1) & 0xffffffe) | (c >> 27);
+                d = ((d << 1) & 0xffffffe) | (d >> 27);
+            }
+            two_bit_shifts >>= 1;
 
-			/*
-			 * Apply permutted choice 2 to C to get the first
-			 * 24 bits worth of keys.  Note that bits 9, 18, 22
-			 * and 25 (using DES numbering) in C are unused.  The
-			 * shift-mask stuff is done to delete these bits from
-			 * the indices, since this cuts the table size in half.
-			 *
-			 * The table is torqued, by the way.  If the standard
-			 * byte order for this (high to low order) is 1234,
-			 * the table actually gives us 4132.
-			 */
-			ltmp = PC2_C[0][((c >> 22) & 0x3f)]
-			     | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
-			     | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
-			     | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
-			/*
-			 * Apply permutted choice 2 to D to get the other half.
-			 * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
-			 * actually turns out to be cheaper here.
-			 *
-			 * This table is similarly torqued.  If the standard
-			 * byte order is 5678, the table has the bytes permuted
-			 * to give us 7685.
-			 */
-			rtmp = PC2_D[0][((d >> 22) & 0x3f)]
-			     | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
-			     | PC2_D[2][((d >>  7) & 0x3f)]
-			     | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
+            /*
+             * Apply permutted choice 2 to C to get the first
+             * 24 bits worth of keys.  Note that bits 9, 18, 22
+             * and 25 (using DES numbering) in C are unused.  The
+             * shift-mask stuff is done to delete these bits from
+             * the indices, since this cuts the table size in half.
+             *
+             * The table is torqued, by the way.  If the standard
+             * byte order for this (high to low order) is 1234,
+             * the table actually gives us 4132.
+             */
+            ltmp = PC2_C[0][((c >> 22) & 0x3f)]
+                | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
+                | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
+                | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
+            /*
+             * Apply permutted choice 2 to D to get the other half.
+             * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
+             * actually turns out to be cheaper here.
+             *
+             * This table is similarly torqued.  If the standard
+             * byte order is 5678, the table has the bytes permuted
+             * to give us 7685.
+             */
+            rtmp = PC2_D[0][((d >> 22) & 0x3f)]
+                | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
+                | PC2_D[2][((d >>  7) & 0x3f)]
+                | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
 
-			/*
-			 * Make up two words of the key schedule, with a
-			 * byte order which is convenient for the DES
-			 * inner loop.  The high order (first) word will
-			 * hold bytes 7135 (high to low order) while the
-			 * second holds bytes 4682.
-			 */
-			*k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff);
-			*k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
-		}
-	}
-	return (0);
+            /*
+             * Make up two words of the key schedule, with a
+             * byte order which is convenient for the DES
+             * inner loop.  The high order (first) word will
+             * hold bytes 7135 (high to low order) while the
+             * second holds bytes 4682.
+             */
+            *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff);
+            *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
+        }
+    }
+    return (0);
 }
diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c
index 42426bc..9470b2b 100644
--- a/src/lib/crypto/builtin/des/f_tables.c
+++ b/src/lib/crypto/builtin/des/f_tables.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_tables.c
  *
@@ -70,70 +71,70 @@
  */
 
 const unsigned DES_INT32 des_IP_table[256] = {
-	0x00000000, 0x00000010, 0x00000001, 0x00000011,
-	0x00001000, 0x00001010, 0x00001001, 0x00001011,
-	0x00000100, 0x00000110, 0x00000101, 0x00000111,
-	0x00001100, 0x00001110, 0x00001101, 0x00001111,
-	0x00100000, 0x00100010, 0x00100001, 0x00100011,
-	0x00101000, 0x00101010, 0x00101001, 0x00101011,
-	0x00100100, 0x00100110, 0x00100101, 0x00100111,
-	0x00101100, 0x00101110, 0x00101101, 0x00101111,
-	0x00010000, 0x00010010, 0x00010001, 0x00010011,
-	0x00011000, 0x00011010, 0x00011001, 0x00011011,
-	0x00010100, 0x00010110, 0x00010101, 0x00010111,
-	0x00011100, 0x00011110, 0x00011101, 0x00011111,
-	0x00110000, 0x00110010, 0x00110001, 0x00110011,
-	0x00111000, 0x00111010, 0x00111001, 0x00111011,
-	0x00110100, 0x00110110, 0x00110101, 0x00110111,
-	0x00111100, 0x00111110, 0x00111101, 0x00111111,
-	0x10000000, 0x10000010, 0x10000001, 0x10000011,
-	0x10001000, 0x10001010, 0x10001001, 0x10001011,
-	0x10000100, 0x10000110, 0x10000101, 0x10000111,
-	0x10001100, 0x10001110, 0x10001101, 0x10001111,
-	0x10100000, 0x10100010, 0x10100001, 0x10100011,
-	0x10101000, 0x10101010, 0x10101001, 0x10101011,
-	0x10100100, 0x10100110, 0x10100101, 0x10100111,
-	0x10101100, 0x10101110, 0x10101101, 0x10101111,
-	0x10010000, 0x10010010, 0x10010001, 0x10010011,
-	0x10011000, 0x10011010, 0x10011001, 0x10011011,
-	0x10010100, 0x10010110, 0x10010101, 0x10010111,
-	0x10011100, 0x10011110, 0x10011101, 0x10011111,
-	0x10110000, 0x10110010, 0x10110001, 0x10110011,
-	0x10111000, 0x10111010, 0x10111001, 0x10111011,
-	0x10110100, 0x10110110, 0x10110101, 0x10110111,
-	0x10111100, 0x10111110, 0x10111101, 0x10111111,
-	0x01000000, 0x01000010, 0x01000001, 0x01000011,
-	0x01001000, 0x01001010, 0x01001001, 0x01001011,
-	0x01000100, 0x01000110, 0x01000101, 0x01000111,
-	0x01001100, 0x01001110, 0x01001101, 0x01001111,
-	0x01100000, 0x01100010, 0x01100001, 0x01100011,
-	0x01101000, 0x01101010, 0x01101001, 0x01101011,
-	0x01100100, 0x01100110, 0x01100101, 0x01100111,
-	0x01101100, 0x01101110, 0x01101101, 0x01101111,
-	0x01010000, 0x01010010, 0x01010001, 0x01010011,
-	0x01011000, 0x01011010, 0x01011001, 0x01011011,
-	0x01010100, 0x01010110, 0x01010101, 0x01010111,
-	0x01011100, 0x01011110, 0x01011101, 0x01011111,
-	0x01110000, 0x01110010, 0x01110001, 0x01110011,
-	0x01111000, 0x01111010, 0x01111001, 0x01111011,
-	0x01110100, 0x01110110, 0x01110101, 0x01110111,
-	0x01111100, 0x01111110, 0x01111101, 0x01111111,
-	0x11000000, 0x11000010, 0x11000001, 0x11000011,
-	0x11001000, 0x11001010, 0x11001001, 0x11001011,
-	0x11000100, 0x11000110, 0x11000101, 0x11000111,
-	0x11001100, 0x11001110, 0x11001101, 0x11001111,
-	0x11100000, 0x11100010, 0x11100001, 0x11100011,
-	0x11101000, 0x11101010, 0x11101001, 0x11101011,
-	0x11100100, 0x11100110, 0x11100101, 0x11100111,
-	0x11101100, 0x11101110, 0x11101101, 0x11101111,
-	0x11010000, 0x11010010, 0x11010001, 0x11010011,
-	0x11011000, 0x11011010, 0x11011001, 0x11011011,
-	0x11010100, 0x11010110, 0x11010101, 0x11010111,
-	0x11011100, 0x11011110, 0x11011101, 0x11011111,
-	0x11110000, 0x11110010, 0x11110001, 0x11110011,
-	0x11111000, 0x11111010, 0x11111001, 0x11111011,
-	0x11110100, 0x11110110, 0x11110101, 0x11110111,
-	0x11111100, 0x11111110, 0x11111101, 0x11111111
+    0x00000000, 0x00000010, 0x00000001, 0x00000011,
+    0x00001000, 0x00001010, 0x00001001, 0x00001011,
+    0x00000100, 0x00000110, 0x00000101, 0x00000111,
+    0x00001100, 0x00001110, 0x00001101, 0x00001111,
+    0x00100000, 0x00100010, 0x00100001, 0x00100011,
+    0x00101000, 0x00101010, 0x00101001, 0x00101011,
+    0x00100100, 0x00100110, 0x00100101, 0x00100111,
+    0x00101100, 0x00101110, 0x00101101, 0x00101111,
+    0x00010000, 0x00010010, 0x00010001, 0x00010011,
+    0x00011000, 0x00011010, 0x00011001, 0x00011011,
+    0x00010100, 0x00010110, 0x00010101, 0x00010111,
+    0x00011100, 0x00011110, 0x00011101, 0x00011111,
+    0x00110000, 0x00110010, 0x00110001, 0x00110011,
+    0x00111000, 0x00111010, 0x00111001, 0x00111011,
+    0x00110100, 0x00110110, 0x00110101, 0x00110111,
+    0x00111100, 0x00111110, 0x00111101, 0x00111111,
+    0x10000000, 0x10000010, 0x10000001, 0x10000011,
+    0x10001000, 0x10001010, 0x10001001, 0x10001011,
+    0x10000100, 0x10000110, 0x10000101, 0x10000111,
+    0x10001100, 0x10001110, 0x10001101, 0x10001111,
+    0x10100000, 0x10100010, 0x10100001, 0x10100011,
+    0x10101000, 0x10101010, 0x10101001, 0x10101011,
+    0x10100100, 0x10100110, 0x10100101, 0x10100111,
+    0x10101100, 0x10101110, 0x10101101, 0x10101111,
+    0x10010000, 0x10010010, 0x10010001, 0x10010011,
+    0x10011000, 0x10011010, 0x10011001, 0x10011011,
+    0x10010100, 0x10010110, 0x10010101, 0x10010111,
+    0x10011100, 0x10011110, 0x10011101, 0x10011111,
+    0x10110000, 0x10110010, 0x10110001, 0x10110011,
+    0x10111000, 0x10111010, 0x10111001, 0x10111011,
+    0x10110100, 0x10110110, 0x10110101, 0x10110111,
+    0x10111100, 0x10111110, 0x10111101, 0x10111111,
+    0x01000000, 0x01000010, 0x01000001, 0x01000011,
+    0x01001000, 0x01001010, 0x01001001, 0x01001011,
+    0x01000100, 0x01000110, 0x01000101, 0x01000111,
+    0x01001100, 0x01001110, 0x01001101, 0x01001111,
+    0x01100000, 0x01100010, 0x01100001, 0x01100011,
+    0x01101000, 0x01101010, 0x01101001, 0x01101011,
+    0x01100100, 0x01100110, 0x01100101, 0x01100111,
+    0x01101100, 0x01101110, 0x01101101, 0x01101111,
+    0x01010000, 0x01010010, 0x01010001, 0x01010011,
+    0x01011000, 0x01011010, 0x01011001, 0x01011011,
+    0x01010100, 0x01010110, 0x01010101, 0x01010111,
+    0x01011100, 0x01011110, 0x01011101, 0x01011111,
+    0x01110000, 0x01110010, 0x01110001, 0x01110011,
+    0x01111000, 0x01111010, 0x01111001, 0x01111011,
+    0x01110100, 0x01110110, 0x01110101, 0x01110111,
+    0x01111100, 0x01111110, 0x01111101, 0x01111111,
+    0x11000000, 0x11000010, 0x11000001, 0x11000011,
+    0x11001000, 0x11001010, 0x11001001, 0x11001011,
+    0x11000100, 0x11000110, 0x11000101, 0x11000111,
+    0x11001100, 0x11001110, 0x11001101, 0x11001111,
+    0x11100000, 0x11100010, 0x11100001, 0x11100011,
+    0x11101000, 0x11101010, 0x11101001, 0x11101011,
+    0x11100100, 0x11100110, 0x11100101, 0x11100111,
+    0x11101100, 0x11101110, 0x11101101, 0x11101111,
+    0x11010000, 0x11010010, 0x11010001, 0x11010011,
+    0x11011000, 0x11011010, 0x11011001, 0x11011011,
+    0x11010100, 0x11010110, 0x11010101, 0x11010111,
+    0x11011100, 0x11011110, 0x11011101, 0x11011111,
+    0x11110000, 0x11110010, 0x11110001, 0x11110011,
+    0x11111000, 0x11111010, 0x11111001, 0x11111011,
+    0x11110100, 0x11110110, 0x11110101, 0x11110111,
+    0x11111100, 0x11111110, 0x11111101, 0x11111111
 };
 
 /*
@@ -150,70 +151,70 @@ const unsigned DES_INT32 des_IP_table[256] = {
  * which is or'd with the result from the low byte.
  */
 const unsigned DES_INT32 des_FP_table[256] = {
-	0x00000000, 0x02000000, 0x00020000, 0x02020000,
-	0x00000200, 0x02000200, 0x00020200, 0x02020200,
-	0x00000002, 0x02000002, 0x00020002, 0x02020002,
-	0x00000202, 0x02000202, 0x00020202, 0x02020202,
-	0x01000000, 0x03000000, 0x01020000, 0x03020000,
-	0x01000200, 0x03000200, 0x01020200, 0x03020200,
-	0x01000002, 0x03000002, 0x01020002, 0x03020002,
-	0x01000202, 0x03000202, 0x01020202, 0x03020202,
-	0x00010000, 0x02010000, 0x00030000, 0x02030000,
-	0x00010200, 0x02010200, 0x00030200, 0x02030200,
-	0x00010002, 0x02010002, 0x00030002, 0x02030002,
-	0x00010202, 0x02010202, 0x00030202, 0x02030202,
-	0x01010000, 0x03010000, 0x01030000, 0x03030000,
-	0x01010200, 0x03010200, 0x01030200, 0x03030200,
-	0x01010002, 0x03010002, 0x01030002, 0x03030002,
-	0x01010202, 0x03010202, 0x01030202, 0x03030202,
-	0x00000100, 0x02000100, 0x00020100, 0x02020100,
-	0x00000300, 0x02000300, 0x00020300, 0x02020300,
-	0x00000102, 0x02000102, 0x00020102, 0x02020102,
-	0x00000302, 0x02000302, 0x00020302, 0x02020302,
-	0x01000100, 0x03000100, 0x01020100, 0x03020100,
-	0x01000300, 0x03000300, 0x01020300, 0x03020300,
-	0x01000102, 0x03000102, 0x01020102, 0x03020102,
-	0x01000302, 0x03000302, 0x01020302, 0x03020302,
-	0x00010100, 0x02010100, 0x00030100, 0x02030100,
-	0x00010300, 0x02010300, 0x00030300, 0x02030300,
-	0x00010102, 0x02010102, 0x00030102, 0x02030102,
-	0x00010302, 0x02010302, 0x00030302, 0x02030302,
-	0x01010100, 0x03010100, 0x01030100, 0x03030100,
-	0x01010300, 0x03010300, 0x01030300, 0x03030300,
-	0x01010102, 0x03010102, 0x01030102, 0x03030102,
-	0x01010302, 0x03010302, 0x01030302, 0x03030302,
-	0x00000001, 0x02000001, 0x00020001, 0x02020001,
-	0x00000201, 0x02000201, 0x00020201, 0x02020201,
-	0x00000003, 0x02000003, 0x00020003, 0x02020003,
-	0x00000203, 0x02000203, 0x00020203, 0x02020203,
-	0x01000001, 0x03000001, 0x01020001, 0x03020001,
-	0x01000201, 0x03000201, 0x01020201, 0x03020201,
-	0x01000003, 0x03000003, 0x01020003, 0x03020003,
-	0x01000203, 0x03000203, 0x01020203, 0x03020203,
-	0x00010001, 0x02010001, 0x00030001, 0x02030001,
-	0x00010201, 0x02010201, 0x00030201, 0x02030201,
-	0x00010003, 0x02010003, 0x00030003, 0x02030003,
-	0x00010203, 0x02010203, 0x00030203, 0x02030203,
-	0x01010001, 0x03010001, 0x01030001, 0x03030001,
-	0x01010201, 0x03010201, 0x01030201, 0x03030201,
-	0x01010003, 0x03010003, 0x01030003, 0x03030003,
-	0x01010203, 0x03010203, 0x01030203, 0x03030203,
-	0x00000101, 0x02000101, 0x00020101, 0x02020101,
-	0x00000301, 0x02000301, 0x00020301, 0x02020301,
-	0x00000103, 0x02000103, 0x00020103, 0x02020103,
-	0x00000303, 0x02000303, 0x00020303, 0x02020303,
-	0x01000101, 0x03000101, 0x01020101, 0x03020101,
-	0x01000301, 0x03000301, 0x01020301, 0x03020301,
-	0x01000103, 0x03000103, 0x01020103, 0x03020103,
-	0x01000303, 0x03000303, 0x01020303, 0x03020303,
-	0x00010101, 0x02010101, 0x00030101, 0x02030101,
-	0x00010301, 0x02010301, 0x00030301, 0x02030301,
-	0x00010103, 0x02010103, 0x00030103, 0x02030103,
-	0x00010303, 0x02010303, 0x00030303, 0x02030303,
-	0x01010101, 0x03010101, 0x01030101, 0x03030101,
-	0x01010301, 0x03010301, 0x01030301, 0x03030301,
-	0x01010103, 0x03010103, 0x01030103, 0x03030103,
-	0x01010303, 0x03010303, 0x01030303, 0x03030303
+    0x00000000, 0x02000000, 0x00020000, 0x02020000,
+    0x00000200, 0x02000200, 0x00020200, 0x02020200,
+    0x00000002, 0x02000002, 0x00020002, 0x02020002,
+    0x00000202, 0x02000202, 0x00020202, 0x02020202,
+    0x01000000, 0x03000000, 0x01020000, 0x03020000,
+    0x01000200, 0x03000200, 0x01020200, 0x03020200,
+    0x01000002, 0x03000002, 0x01020002, 0x03020002,
+    0x01000202, 0x03000202, 0x01020202, 0x03020202,
+    0x00010000, 0x02010000, 0x00030000, 0x02030000,
+    0x00010200, 0x02010200, 0x00030200, 0x02030200,
+    0x00010002, 0x02010002, 0x00030002, 0x02030002,
+    0x00010202, 0x02010202, 0x00030202, 0x02030202,
+    0x01010000, 0x03010000, 0x01030000, 0x03030000,
+    0x01010200, 0x03010200, 0x01030200, 0x03030200,
+    0x01010002, 0x03010002, 0x01030002, 0x03030002,
+    0x01010202, 0x03010202, 0x01030202, 0x03030202,
+    0x00000100, 0x02000100, 0x00020100, 0x02020100,
+    0x00000300, 0x02000300, 0x00020300, 0x02020300,
+    0x00000102, 0x02000102, 0x00020102, 0x02020102,
+    0x00000302, 0x02000302, 0x00020302, 0x02020302,
+    0x01000100, 0x03000100, 0x01020100, 0x03020100,
+    0x01000300, 0x03000300, 0x01020300, 0x03020300,
+    0x01000102, 0x03000102, 0x01020102, 0x03020102,
+    0x01000302, 0x03000302, 0x01020302, 0x03020302,
+    0x00010100, 0x02010100, 0x00030100, 0x02030100,
+    0x00010300, 0x02010300, 0x00030300, 0x02030300,
+    0x00010102, 0x02010102, 0x00030102, 0x02030102,
+    0x00010302, 0x02010302, 0x00030302, 0x02030302,
+    0x01010100, 0x03010100, 0x01030100, 0x03030100,
+    0x01010300, 0x03010300, 0x01030300, 0x03030300,
+    0x01010102, 0x03010102, 0x01030102, 0x03030102,
+    0x01010302, 0x03010302, 0x01030302, 0x03030302,
+    0x00000001, 0x02000001, 0x00020001, 0x02020001,
+    0x00000201, 0x02000201, 0x00020201, 0x02020201,
+    0x00000003, 0x02000003, 0x00020003, 0x02020003,
+    0x00000203, 0x02000203, 0x00020203, 0x02020203,
+    0x01000001, 0x03000001, 0x01020001, 0x03020001,
+    0x01000201, 0x03000201, 0x01020201, 0x03020201,
+    0x01000003, 0x03000003, 0x01020003, 0x03020003,
+    0x01000203, 0x03000203, 0x01020203, 0x03020203,
+    0x00010001, 0x02010001, 0x00030001, 0x02030001,
+    0x00010201, 0x02010201, 0x00030201, 0x02030201,
+    0x00010003, 0x02010003, 0x00030003, 0x02030003,
+    0x00010203, 0x02010203, 0x00030203, 0x02030203,
+    0x01010001, 0x03010001, 0x01030001, 0x03030001,
+    0x01010201, 0x03010201, 0x01030201, 0x03030201,
+    0x01010003, 0x03010003, 0x01030003, 0x03030003,
+    0x01010203, 0x03010203, 0x01030203, 0x03030203,
+    0x00000101, 0x02000101, 0x00020101, 0x02020101,
+    0x00000301, 0x02000301, 0x00020301, 0x02020301,
+    0x00000103, 0x02000103, 0x00020103, 0x02020103,
+    0x00000303, 0x02000303, 0x00020303, 0x02020303,
+    0x01000101, 0x03000101, 0x01020101, 0x03020101,
+    0x01000301, 0x03000301, 0x01020301, 0x03020301,
+    0x01000103, 0x03000103, 0x01020103, 0x03020103,
+    0x01000303, 0x03000303, 0x01020303, 0x03020303,
+    0x00010101, 0x02010101, 0x00030101, 0x02030101,
+    0x00010301, 0x02010301, 0x00030301, 0x02030301,
+    0x00010103, 0x02010103, 0x00030103, 0x02030103,
+    0x00010303, 0x02010303, 0x00030303, 0x02030303,
+    0x01010101, 0x03010101, 0x01030101, 0x03030101,
+    0x01010301, 0x03010301, 0x01030301, 0x03030301,
+    0x01010103, 0x03010103, 0x01030103, 0x03030103,
+    0x01010303, 0x03010303, 0x01030303, 0x03030303
 };
 
 
@@ -223,148 +224,148 @@ const unsigned DES_INT32 des_FP_table[256] = {
  * spec, to match the order of key application we follow.
  */
 const unsigned DES_INT32 des_SP_table[8][64] = {
-  {
-	0x00100000, 0x02100001, 0x02000401, 0x00000000,	/* 7 */
-	0x00000400, 0x02000401, 0x00100401, 0x02100400,
-	0x02100401, 0x00100000, 0x00000000, 0x02000001,
-	0x00000001, 0x02000000, 0x02100001, 0x00000401,
-	0x02000400, 0x00100401, 0x00100001, 0x02000400,
-	0x02000001, 0x02100000, 0x02100400, 0x00100001,
-	0x02100000, 0x00000400, 0x00000401, 0x02100401,
-	0x00100400, 0x00000001, 0x02000000, 0x00100400,
-	0x02000000, 0x00100400, 0x00100000, 0x02000401,
-	0x02000401, 0x02100001, 0x02100001, 0x00000001,
-	0x00100001, 0x02000000, 0x02000400, 0x00100000,
-	0x02100400, 0x00000401, 0x00100401, 0x02100400,
-	0x00000401, 0x02000001, 0x02100401, 0x02100000,
-	0x00100400, 0x00000000, 0x00000001, 0x02100401,
-	0x00000000, 0x00100401, 0x02100000, 0x00000400,
-	0x02000001, 0x02000400, 0x00000400, 0x00100001,
-  },
-  {
-	0x00808200, 0x00000000, 0x00008000, 0x00808202,	/* 1 */
-	0x00808002, 0x00008202, 0x00000002, 0x00008000,
-	0x00000200, 0x00808200, 0x00808202, 0x00000200,
-	0x00800202, 0x00808002, 0x00800000, 0x00000002,
-	0x00000202, 0x00800200, 0x00800200, 0x00008200,
-	0x00008200, 0x00808000, 0x00808000, 0x00800202,
-	0x00008002, 0x00800002, 0x00800002, 0x00008002,
-	0x00000000, 0x00000202, 0x00008202, 0x00800000,
-	0x00008000, 0x00808202, 0x00000002, 0x00808000,
-	0x00808200, 0x00800000, 0x00800000, 0x00000200,
-	0x00808002, 0x00008000, 0x00008200, 0x00800002,
-	0x00000200, 0x00000002, 0x00800202, 0x00008202,
-	0x00808202, 0x00008002, 0x00808000, 0x00800202,
-	0x00800002, 0x00000202, 0x00008202, 0x00808200,
-	0x00000202, 0x00800200, 0x00800200, 0x00000000,
-	0x00008002, 0x00008200, 0x00000000, 0x00808002,
-  },
-  {
-	0x00000104, 0x04010100, 0x00000000, 0x04010004,	/* 3 */
-	0x04000100, 0x00000000, 0x00010104, 0x04000100,
-	0x00010004, 0x04000004, 0x04000004, 0x00010000,
-	0x04010104, 0x00010004, 0x04010000, 0x00000104,
-	0x04000000, 0x00000004, 0x04010100, 0x00000100,
-	0x00010100, 0x04010000, 0x04010004, 0x00010104,
-	0x04000104, 0x00010100, 0x00010000, 0x04000104,
-	0x00000004, 0x04010104, 0x00000100, 0x04000000,
-	0x04010100, 0x04000000, 0x00010004, 0x00000104,
-	0x00010000, 0x04010100, 0x04000100, 0x00000000,
-	0x00000100, 0x00010004, 0x04010104, 0x04000100,
-	0x04000004, 0x00000100, 0x00000000, 0x04010004,
-	0x04000104, 0x00010000, 0x04000000, 0x04010104,
-	0x00000004, 0x00010104, 0x00010100, 0x04000004,
-	0x04010000, 0x04000104, 0x00000104, 0x04010000,
-	0x00010104, 0x00000004, 0x04010004, 0x00010100,
-  },
-  {
-	0x00000080, 0x01040080, 0x01040000, 0x21000080,	/* 5 */
-	0x00040000, 0x00000080, 0x20000000, 0x01040000,
-	0x20040080, 0x00040000, 0x01000080, 0x20040080,
-	0x21000080, 0x21040000, 0x00040080, 0x20000000,
-	0x01000000, 0x20040000, 0x20040000, 0x00000000,
-	0x20000080, 0x21040080, 0x21040080, 0x01000080,
-	0x21040000, 0x20000080, 0x00000000, 0x21000000,
-	0x01040080, 0x01000000, 0x21000000, 0x00040080,
-	0x00040000, 0x21000080, 0x00000080, 0x01000000,
-	0x20000000, 0x01040000, 0x21000080, 0x20040080,
-	0x01000080, 0x20000000, 0x21040000, 0x01040080,
-	0x20040080, 0x00000080, 0x01000000, 0x21040000,
-	0x21040080, 0x00040080, 0x21000000, 0x21040080,
-	0x01040000, 0x00000000, 0x20040000, 0x21000000,
-	0x00040080, 0x01000080, 0x20000080, 0x00040000,
-	0x00000000, 0x20040000, 0x01040080, 0x20000080,
-  },
-  {
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,	/* 4 */
-	0x00401040, 0x80400040, 0x80400000, 0x80001000,
-	0x00000000, 0x00401000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00400040, 0x80400000,
-	0x80000000, 0x00001000, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x80001000, 0x00001040,
-	0x80400040, 0x80000000, 0x00001040, 0x00400040,
-	0x00001000, 0x00401040, 0x80401040, 0x80000040,
-	0x00400040, 0x80400000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00000000, 0x00401000,
-	0x00001040, 0x00400040, 0x80400040, 0x80000000,
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,
-	0x80401040, 0x80000040, 0x80000000, 0x00001000,
-	0x80400000, 0x80001000, 0x00401040, 0x80400040,
-	0x80001000, 0x00001040, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x00001000, 0x00401040,
-  },
-  {
-	0x10000008, 0x10200000, 0x00002000, 0x10202008,	/* 6 */
-	0x10200000, 0x00000008, 0x10202008, 0x00200000,
-	0x10002000, 0x00202008, 0x00200000, 0x10000008,
-	0x00200008, 0x10002000, 0x10000000, 0x00002008,
-	0x00000000, 0x00200008, 0x10002008, 0x00002000,
-	0x00202000, 0x10002008, 0x00000008, 0x10200008,
-	0x10200008, 0x00000000, 0x00202008, 0x10202000,
-	0x00002008, 0x00202000, 0x10202000, 0x10000000,
-	0x10002000, 0x00000008, 0x10200008, 0x00202000,
-	0x10202008, 0x00200000, 0x00002008, 0x10000008,
-	0x00200000, 0x10002000, 0x10000000, 0x00002008,
-	0x10000008, 0x10202008, 0x00202000, 0x10200000,
-	0x00202008, 0x10202000, 0x00000000, 0x10200008,
-	0x00000008, 0x00002000, 0x10200000, 0x00202008,
-	0x00002000, 0x00200008, 0x10002008, 0x00000000,
-	0x10202000, 0x10000000, 0x00200008, 0x10002008,
-  },
-  {
-	0x08000820, 0x00000800, 0x00020000, 0x08020820,	/* 8 */
-	0x08000000, 0x08000820, 0x00000020, 0x08000000,
-	0x00020020, 0x08020000, 0x08020820, 0x00020800,
-	0x08020800, 0x00020820, 0x00000800, 0x00000020,
-	0x08020000, 0x08000020, 0x08000800, 0x00000820,
-	0x00020800, 0x00020020, 0x08020020, 0x08020800,
-	0x00000820, 0x00000000, 0x00000000, 0x08020020,
-	0x08000020, 0x08000800, 0x00020820, 0x00020000,
-	0x00020820, 0x00020000, 0x08020800, 0x00000800,
-	0x00000020, 0x08020020, 0x00000800, 0x00020820,
-	0x08000800, 0x00000020, 0x08000020, 0x08020000,
-	0x08020020, 0x08000000, 0x00020000, 0x08000820,
-	0x00000000, 0x08020820, 0x00020020, 0x08000020,
-	0x08020000, 0x08000800, 0x08000820, 0x00000000,
-	0x08020820, 0x00020800, 0x00020800, 0x00000820,
-	0x00000820, 0x00020020, 0x08000000, 0x08020800,
-  },
-  {
-	0x40084010, 0x40004000, 0x00004000, 0x00084010,	/* 2 */
-	0x00080000, 0x00000010, 0x40080010, 0x40004010,
-	0x40000010, 0x40084010, 0x40084000, 0x40000000,
-	0x40004000, 0x00080000, 0x00000010, 0x40080010,
-	0x00084000, 0x00080010, 0x40004010, 0x00000000,
-	0x40000000, 0x00004000, 0x00084010, 0x40080000,
-	0x00080010, 0x40000010, 0x00000000, 0x00084000,
-	0x00004010, 0x40084000, 0x40080000, 0x00004010,
-	0x00000000, 0x00084010, 0x40080010, 0x00080000,
-	0x40004010, 0x40080000, 0x40084000, 0x00004000,
-	0x40080000, 0x40004000, 0x00000010, 0x40084010,
-	0x00084010, 0x00000010, 0x00004000, 0x40000000,
-	0x00004010, 0x40084000, 0x00080000, 0x40000010,
-	0x00080010, 0x40004010, 0x40000010, 0x00080010,
-	0x00084000, 0x00000000, 0x40004000, 0x00004010,
-	0x40000000, 0x40080010, 0x40084010, 0x00084000
-  },
+    {
+        0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */
+        0x00000400, 0x02000401, 0x00100401, 0x02100400,
+        0x02100401, 0x00100000, 0x00000000, 0x02000001,
+        0x00000001, 0x02000000, 0x02100001, 0x00000401,
+        0x02000400, 0x00100401, 0x00100001, 0x02000400,
+        0x02000001, 0x02100000, 0x02100400, 0x00100001,
+        0x02100000, 0x00000400, 0x00000401, 0x02100401,
+        0x00100400, 0x00000001, 0x02000000, 0x00100400,
+        0x02000000, 0x00100400, 0x00100000, 0x02000401,
+        0x02000401, 0x02100001, 0x02100001, 0x00000001,
+        0x00100001, 0x02000000, 0x02000400, 0x00100000,
+        0x02100400, 0x00000401, 0x00100401, 0x02100400,
+        0x00000401, 0x02000001, 0x02100401, 0x02100000,
+        0x00100400, 0x00000000, 0x00000001, 0x02100401,
+        0x00000000, 0x00100401, 0x02100000, 0x00000400,
+        0x02000001, 0x02000400, 0x00000400, 0x00100001,
+    },
+    {
+        0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */
+        0x00808002, 0x00008202, 0x00000002, 0x00008000,
+        0x00000200, 0x00808200, 0x00808202, 0x00000200,
+        0x00800202, 0x00808002, 0x00800000, 0x00000002,
+        0x00000202, 0x00800200, 0x00800200, 0x00008200,
+        0x00008200, 0x00808000, 0x00808000, 0x00800202,
+        0x00008002, 0x00800002, 0x00800002, 0x00008002,
+        0x00000000, 0x00000202, 0x00008202, 0x00800000,
+        0x00008000, 0x00808202, 0x00000002, 0x00808000,
+        0x00808200, 0x00800000, 0x00800000, 0x00000200,
+        0x00808002, 0x00008000, 0x00008200, 0x00800002,
+        0x00000200, 0x00000002, 0x00800202, 0x00008202,
+        0x00808202, 0x00008002, 0x00808000, 0x00800202,
+        0x00800002, 0x00000202, 0x00008202, 0x00808200,
+        0x00000202, 0x00800200, 0x00800200, 0x00000000,
+        0x00008002, 0x00008200, 0x00000000, 0x00808002,
+    },
+    {
+        0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */
+        0x04000100, 0x00000000, 0x00010104, 0x04000100,
+        0x00010004, 0x04000004, 0x04000004, 0x00010000,
+        0x04010104, 0x00010004, 0x04010000, 0x00000104,
+        0x04000000, 0x00000004, 0x04010100, 0x00000100,
+        0x00010100, 0x04010000, 0x04010004, 0x00010104,
+        0x04000104, 0x00010100, 0x00010000, 0x04000104,
+        0x00000004, 0x04010104, 0x00000100, 0x04000000,
+        0x04010100, 0x04000000, 0x00010004, 0x00000104,
+        0x00010000, 0x04010100, 0x04000100, 0x00000000,
+        0x00000100, 0x00010004, 0x04010104, 0x04000100,
+        0x04000004, 0x00000100, 0x00000000, 0x04010004,
+        0x04000104, 0x00010000, 0x04000000, 0x04010104,
+        0x00000004, 0x00010104, 0x00010100, 0x04000004,
+        0x04010000, 0x04000104, 0x00000104, 0x04010000,
+        0x00010104, 0x00000004, 0x04010004, 0x00010100,
+    },
+    {
+        0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */
+        0x00040000, 0x00000080, 0x20000000, 0x01040000,
+        0x20040080, 0x00040000, 0x01000080, 0x20040080,
+        0x21000080, 0x21040000, 0x00040080, 0x20000000,
+        0x01000000, 0x20040000, 0x20040000, 0x00000000,
+        0x20000080, 0x21040080, 0x21040080, 0x01000080,
+        0x21040000, 0x20000080, 0x00000000, 0x21000000,
+        0x01040080, 0x01000000, 0x21000000, 0x00040080,
+        0x00040000, 0x21000080, 0x00000080, 0x01000000,
+        0x20000000, 0x01040000, 0x21000080, 0x20040080,
+        0x01000080, 0x20000000, 0x21040000, 0x01040080,
+        0x20040080, 0x00000080, 0x01000000, 0x21040000,
+        0x21040080, 0x00040080, 0x21000000, 0x21040080,
+        0x01040000, 0x00000000, 0x20040000, 0x21000000,
+        0x00040080, 0x01000080, 0x20000080, 0x00040000,
+        0x00000000, 0x20040000, 0x01040080, 0x20000080,
+    },
+    {
+        0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */
+        0x00401040, 0x80400040, 0x80400000, 0x80001000,
+        0x00000000, 0x00401000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00400040, 0x80400000,
+        0x80000000, 0x00001000, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x80001000, 0x00001040,
+        0x80400040, 0x80000000, 0x00001040, 0x00400040,
+        0x00001000, 0x00401040, 0x80401040, 0x80000040,
+        0x00400040, 0x80400000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00000000, 0x00401000,
+        0x00001040, 0x00400040, 0x80400040, 0x80000000,
+        0x80401000, 0x80001040, 0x80001040, 0x00000040,
+        0x80401040, 0x80000040, 0x80000000, 0x00001000,
+        0x80400000, 0x80001000, 0x00401040, 0x80400040,
+        0x80001000, 0x00001040, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x00001000, 0x00401040,
+    },
+    {
+        0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */
+        0x10200000, 0x00000008, 0x10202008, 0x00200000,
+        0x10002000, 0x00202008, 0x00200000, 0x10000008,
+        0x00200008, 0x10002000, 0x10000000, 0x00002008,
+        0x00000000, 0x00200008, 0x10002008, 0x00002000,
+        0x00202000, 0x10002008, 0x00000008, 0x10200008,
+        0x10200008, 0x00000000, 0x00202008, 0x10202000,
+        0x00002008, 0x00202000, 0x10202000, 0x10000000,
+        0x10002000, 0x00000008, 0x10200008, 0x00202000,
+        0x10202008, 0x00200000, 0x00002008, 0x10000008,
+        0x00200000, 0x10002000, 0x10000000, 0x00002008,
+        0x10000008, 0x10202008, 0x00202000, 0x10200000,
+        0x00202008, 0x10202000, 0x00000000, 0x10200008,
+        0x00000008, 0x00002000, 0x10200000, 0x00202008,
+        0x00002000, 0x00200008, 0x10002008, 0x00000000,
+        0x10202000, 0x10000000, 0x00200008, 0x10002008,
+    },
+    {
+        0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */
+        0x08000000, 0x08000820, 0x00000020, 0x08000000,
+        0x00020020, 0x08020000, 0x08020820, 0x00020800,
+        0x08020800, 0x00020820, 0x00000800, 0x00000020,
+        0x08020000, 0x08000020, 0x08000800, 0x00000820,
+        0x00020800, 0x00020020, 0x08020020, 0x08020800,
+        0x00000820, 0x00000000, 0x00000000, 0x08020020,
+        0x08000020, 0x08000800, 0x00020820, 0x00020000,
+        0x00020820, 0x00020000, 0x08020800, 0x00000800,
+        0x00000020, 0x08020020, 0x00000800, 0x00020820,
+        0x08000800, 0x00000020, 0x08000020, 0x08020000,
+        0x08020020, 0x08000000, 0x00020000, 0x08000820,
+        0x00000000, 0x08020820, 0x00020020, 0x08000020,
+        0x08020000, 0x08000800, 0x08000820, 0x00000000,
+        0x08020820, 0x00020800, 0x00020800, 0x00000820,
+        0x00000820, 0x00020020, 0x08000000, 0x08020800,
+    },
+    {
+        0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */
+        0x00080000, 0x00000010, 0x40080010, 0x40004010,
+        0x40000010, 0x40084010, 0x40084000, 0x40000000,
+        0x40004000, 0x00080000, 0x00000010, 0x40080010,
+        0x00084000, 0x00080010, 0x40004010, 0x00000000,
+        0x40000000, 0x00004000, 0x00084010, 0x40080000,
+        0x00080010, 0x40000010, 0x00000000, 0x00084000,
+        0x00004010, 0x40084000, 0x40080000, 0x00004010,
+        0x00000000, 0x00084010, 0x40080010, 0x00080000,
+        0x40004010, 0x40080000, 0x40084000, 0x00004000,
+        0x40080000, 0x40004000, 0x00000010, 0x40084010,
+        0x00084010, 0x00000010, 0x00004000, 0x40000000,
+        0x00004010, 0x40084000, 0x00080000, 0x40000010,
+        0x00080010, 0x40004010, 0x40000010, 0x00080010,
+        0x00084000, 0x00000000, 0x40004000, 0x00004010,
+        0x40000000, 0x40080010, 0x40084010, 0x00084000
+    },
 };
diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h
index 45a6322..af140f0 100644
--- a/src/lib/crypto/builtin/des/f_tables.h
+++ b/src/lib/crypto/builtin/des/f_tables.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_tables.h
  *
@@ -28,10 +29,10 @@
 
 /*
  * des_tables.h - declarations to import the DES tables, used internally
- *		  by some of the library routines.
+ *                by some of the library routines.
  */
-#ifndef	__DES_TABLES_H__
-#define	__DES_TABLES_H__	/* nothing */
+#ifndef __DES_TABLES_H__
+#define __DES_TABLES_H__        /* nothing */
 
 #include "k5-platform.h"
 /*
@@ -45,14 +46,14 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
 /*
  * Use standard shortforms to reference these to save typing
  */
-#define	IP	des_IP_table
-#define	FP	des_FP_table
-#define	SP	des_SP_table
+#define IP      des_IP_table
+#define FP      des_FP_table
+#define SP      des_SP_table
 
 #ifdef DEBUG
-#define	DEB(foofraw)	printf foofraw
+#define DEB(foofraw)    printf foofraw
 #else
-#define	DEB(foofraw)	/* nothing */
+#define DEB(foofraw)    /* nothing */
 #endif
 
 /*
@@ -89,39 +90,39 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  *
  * When using this, the inner loop of the DES function might look like:
  *
- *	for (i = 0; i < 8; i++) {
- *		DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp);
- *		DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp);
- *	}
+ *      for (i = 0; i < 8; i++) {
+ *              DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp);
+ *              DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp);
+ *      }
  *
  * Note the trick above.  You are supposed to do 16 rounds, swapping
  * left and right at the end of each round.  By doing two rounds at
  * a time and swapping left and right in the code we can avoid the
  * swaps altogether.
  */
-#define	DES_SP_ENCRYPT_ROUND(left, right, temp, kp) \
-	(temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \
-	(left) ^= SP[0][((temp) >> 24) & 0x3f] \
-		| SP[1][((temp) >> 16) & 0x3f] \
-		| SP[2][((temp) >>  8) & 0x3f] \
-		| SP[3][((temp)      ) & 0x3f]; \
-	(temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \
-	(left) ^= SP[4][((temp) >> 24) & 0x3f] \
-		| SP[5][((temp) >> 16) & 0x3f] \
-		| SP[6][((temp) >>  8) & 0x3f] \
-		| SP[7][((temp)      ) & 0x3f]
+#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp)                     \
+    (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++;             \
+           (left) ^= SP[0][((temp) >> 24) & 0x3f]                       \
+        | SP[1][((temp) >> 16) & 0x3f]                                  \
+        | SP[2][((temp) >>  8) & 0x3f]                                  \
+        | SP[3][((temp)      ) & 0x3f];                                 \
+           (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++;       \
+           (left) ^= SP[4][((temp) >> 24) & 0x3f]                       \
+        | SP[5][((temp) >> 16) & 0x3f]                                  \
+        | SP[6][((temp) >>  8) & 0x3f]                                  \
+        | SP[7][((temp)      ) & 0x3f]
 
-#define	DES_SP_DECRYPT_ROUND(left, right, temp, kp) \
-	(temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \
-	(left) ^= SP[7][((temp)      ) & 0x3f] \
-		| SP[6][((temp) >>  8) & 0x3f] \
-		| SP[5][((temp) >> 16) & 0x3f] \
-		| SP[4][((temp) >> 24) & 0x3f]; \
-	(temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \
-	(left) ^= SP[3][((temp)      ) & 0x3f] \
-		| SP[2][((temp) >>  8) & 0x3f] \
-		| SP[1][((temp) >> 16) & 0x3f] \
-		| SP[0][((temp) >> 24) & 0x3f]
+#define DES_SP_DECRYPT_ROUND(left, right, temp, kp)                     \
+    (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp));            \
+           (left) ^= SP[7][((temp)      ) & 0x3f]                       \
+        | SP[6][((temp) >>  8) & 0x3f]                                  \
+        | SP[5][((temp) >> 16) & 0x3f]                                  \
+        | SP[4][((temp) >> 24) & 0x3f];                                 \
+           (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp));    \
+           (left) ^= SP[3][((temp)      ) & 0x3f]                       \
+        | SP[2][((temp) >>  8) & 0x3f]                                  \
+        | SP[1][((temp) >> 16) & 0x3f]                                  \
+        | SP[0][((temp) >> 24) & 0x3f]
 
 /*
  * Macros to help deal with the initial permutation table.  Note
@@ -140,11 +141,11 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
  * propagates the high-order bit in the shift.
  */
-#define	DES_IP_LEFT_BITS(left, right) \
-	((((left) & 0x55555555) << 1) | ((right) & 0x55555555))
-#define	DES_IP_RIGHT_BITS(left, right) \
-	(((left) & 0xaaaaaaaa) | \
-		( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1))
+#define DES_IP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x55555555) << 1) | ((right) & 0x55555555))
+#define DES_IP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xaaaaaaaa) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1))
 
 /*
  * The following macro does an in-place initial permutation given
@@ -154,17 +155,17 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * are dealing with.  If you use this, though, try to make left,
  * right and temp register unsigned DES_INT32s.
  */
-#define	DES_INITIAL_PERM(left, right, temp) \
-	(temp) = DES_IP_RIGHT_BITS((left), (right)); \
-	(right) = DES_IP_LEFT_BITS((left), (right)); \
-	(left) = IP[((right) >> 24) & 0xff] \
-	       | (IP[((right) >> 16) & 0xff] << 1) \
-	       | (IP[((right) >>  8) & 0xff] << 2) \
-	       | (IP[(right) & 0xff] << 3); \
-	(right) = IP[((temp) >> 24) & 0xff] \
-		| (IP[((temp) >> 16) & 0xff] << 1) \
-		| (IP[((temp) >>  8) & 0xff] << 2) \
-		| (IP[(temp) & 0xff] << 3)
+#define DES_INITIAL_PERM(left, right, temp)             \
+    (temp) = DES_IP_RIGHT_BITS((left), (right));        \
+           (right) = DES_IP_LEFT_BITS((left), (right)); \
+           (left) = IP[((right) >> 24) & 0xff]          \
+        | (IP[((right) >> 16) & 0xff] << 1)             \
+        | (IP[((right) >>  8) & 0xff] << 2)             \
+        | (IP[(right) & 0xff] << 3);                    \
+           (right) = IP[((temp) >> 24) & 0xff]          \
+        | (IP[((temp) >> 16) & 0xff] << 1)              \
+        | (IP[((temp) >>  8) & 0xff] << 2)              \
+        | (IP[(temp) & 0xff] << 3)
 
 /*
  * Now the final permutation stuff.  The same comments apply to
@@ -175,11 +176,11 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
  * propagates the high-order bit in the shift.
  */
-#define DES_FP_LEFT_BITS(left, right) \
-	((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f))
-#define	DES_FP_RIGHT_BITS(left, right) \
-	(((left) & 0xf0f0f0f0) | \
-		( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4))
+#define DES_FP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f))
+#define DES_FP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xf0f0f0f0) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4))
 
 
 /*
@@ -189,17 +190,17 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * swapping internally, which is why left and right are confused
  * at the beginning.
  */
-#define DES_FINAL_PERM(left, right, temp) \
-	(temp) = DES_FP_RIGHT_BITS((right), (left)); \
-	(right) = DES_FP_LEFT_BITS((right), (left)); \
-	(left) = (FP[((right) >> 24) & 0xff] << 6) \
-	       | (FP[((right) >> 16) & 0xff] << 4) \
-	       | (FP[((right) >>  8) & 0xff] << 2) \
-	       |  FP[(right) & 0xff]; \
-	(right) = (FP[((temp) >> 24) & 0xff] << 6) \
-		| (FP[((temp) >> 16) & 0xff] << 4) \
-		| (FP[((temp) >>  8) & 0xff] << 2) \
-		|  FP[temp & 0xff]
+#define DES_FINAL_PERM(left, right, temp)               \
+    (temp) = DES_FP_RIGHT_BITS((right), (left));        \
+           (right) = DES_FP_LEFT_BITS((right), (left)); \
+           (left) = (FP[((right) >> 24) & 0xff] << 6)   \
+        | (FP[((right) >> 16) & 0xff] << 4)             \
+        | (FP[((right) >>  8) & 0xff] << 2)             \
+        |  FP[(right) & 0xff];                          \
+           (right) = (FP[((temp) >> 24) & 0xff] << 6)   \
+        | (FP[((temp) >> 16) & 0xff] << 4)              \
+        | (FP[((temp) >>  8) & 0xff] << 2)              \
+        |  FP[temp & 0xff]
 
 
 /*
@@ -220,44 +221,44 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * at each stage of the encryption, so that by comparing the output to
  * a known good machine, the location of the first error can be found.
  */
-#define	DES_DO_ENCRYPT_1(left, right, kp) \
-	do { \
-		register int i; \
-		register unsigned DES_INT32 temp1; \
-		DEB (("do_encrypt %8lX %8lX \n", left, right)); \
-		DES_INITIAL_PERM((left), (right), (temp1)); \
-		DEB (("  after IP %8lX %8lX\n", left, right)); \
-		for (i = 0; i < 8; i++) { \
-			DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \
-			DEB (("  round %2d %8lX %8lX \n", i*2, left, right)); \
-			DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \
-			DEB (("  round %2d %8lX %8lX \n", 1+i*2, left, right)); \
-		} \
-		DES_FINAL_PERM((left), (right), (temp1)); \
-		(kp) -= (2 * 16); \
-		DEB (("  after FP %8lX %8lX \n", left, right)); \
-	} while (0)
+#define DES_DO_ENCRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        register int i;                                                 \
+        register unsigned DES_INT32 temp1;                              \
+        DEB (("do_encrypt %8lX %8lX \n", left, right));                 \
+        DES_INITIAL_PERM((left), (right), (temp1));                     \
+        DEB (("  after IP %8lX %8lX\n", left, right));                  \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", i*2, left, right));       \
+            DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", 1+i*2, left, right));     \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp1));                       \
+        (kp) -= (2 * 16);                                               \
+        DEB (("  after FP %8lX %8lX \n", left, right));                 \
+    } while (0)
 
-#define	DES_DO_DECRYPT_1(left, right, kp) \
-	do { \
-		register int i; \
-		register unsigned DES_INT32 temp2; \
-		DES_INITIAL_PERM((left), (right), (temp2)); \
-		(kp) += (2 * 16); \
-		for (i = 0; i < 8; i++) { \
-			DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \
-			DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \
-		} \
-		DES_FINAL_PERM((left), (right), (temp2)); \
-	} while (0)
+#define DES_DO_DECRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        register int i;                                                 \
+        register unsigned DES_INT32 temp2;                              \
+        DES_INITIAL_PERM((left), (right), (temp2));                     \
+        (kp) += (2 * 16);                                               \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp));       \
+            DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp));       \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp2));                       \
+    } while (0)
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l,
-				     unsigned DES_INT32 *r,
-				     const unsigned DES_INT32 *k);
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
 extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l,
-				     unsigned DES_INT32 *r,
-				     const unsigned DES_INT32 *k);
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
 #define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K))
 #define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K))
 #else
@@ -269,11 +270,11 @@ extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l,
  * These are handy dandy utility thingies for straightening out bytes.
  * Included here because they're used a couple of places.
  */
-#define	GET_HALF_BLOCK(lr, ip)	((lr) = load_32_be(ip), (ip) += 4)
-#define PUT_HALF_BLOCK(lr, op)	(store_32_be(lr, op), (op) += 4)
+#define GET_HALF_BLOCK(lr, ip)  ((lr) = load_32_be(ip), (ip) += 4)
+#define PUT_HALF_BLOCK(lr, op)  (store_32_be(lr, op), (op) += 4)
 
 /* Shorthand that we'll need in several places, for creating values that
    really can hold 32 bits regardless of the prevailing int size.  */
-#define FF_UINT32	((unsigned DES_INT32) 0xFF)
+#define FF_UINT32       ((unsigned DES_INT32) 0xFF)
 
-#endif	/* __DES_TABLES_H__ */
+#endif  /* __DES_TABLES_H__ */
diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c
index dc6f349..2be5586 100644
--- a/src/lib/crypto/builtin/des/key_sched.c
+++ b/src/lib/crypto/builtin/des/key_sched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/key_sched.c
  *
@@ -50,11 +51,11 @@ mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule)
 {
     mit_des_make_key_sched(k,schedule);
 
-    if (!mit_des_check_key_parity(k))	/* bad parity --> return -1 */
-	return(-1);
+    if (!mit_des_check_key_parity(k))   /* bad parity --> return -1 */
+        return(-1);
 
     if (mit_des_is_weak_key(k))
-	return(-2);
+        return(-2);
 
     /* if key was good, return 0 */
     return 0;
diff --git a/src/lib/crypto/builtin/des/string2key.c b/src/lib/crypto/builtin/des/string2key.c
index c817806..7ddee27 100644
--- a/src/lib/crypto/builtin/des/string2key.c
+++ b/src/lib/crypto/builtin/des/string2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_s2k.c
  *
@@ -32,13 +33,13 @@
 
 krb5_error_code
 mit_des_string_to_key_int (krb5_keyblock *key,
-			   const krb5_data *pw, const krb5_data *salt)
+                           const krb5_data *pw, const krb5_data *salt)
 {
     union {
-	/* 8 "forward" bytes, 8 "reverse" bytes */
-	unsigned char uc[16];
-	krb5_ui_4 ui[4];
-	mit_des_cblock cb;
+        /* 8 "forward" bytes, 8 "reverse" bytes */
+        unsigned char uc[16];
+        krb5_ui_4 ui[4];
+        mit_des_cblock cb;
     } temp;
     unsigned int i;
     krb5_ui_4 x, y, z;
@@ -53,30 +54,30 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        current algorithm is dependent on having four 8-bit char values
        exactly overlay a 32-bit integral type.  */
     if (sizeof(temp.uc) != sizeof(temp.ui)
-	|| (unsigned char)~0 != 0xFF
-	|| (krb5_ui_4)~(krb5_ui_4)0 != 0xFFFFFFFF
-	|| (temp.uc[0] = 1, temp.uc[1] = 2, temp.uc[2] = 3, temp.uc[3] = 4,
-	    !(temp.ui[0] == 0x01020304
-	      || temp.ui[0] == 0x04030201)))
-	abort();
-#define FETCH4(VAR, IDX)	VAR = temp.ui[IDX/4]
-#define PUT4(VAR, IDX)		temp.ui[IDX/4] = VAR
+        || (unsigned char)~0 != 0xFF
+        || (krb5_ui_4)~(krb5_ui_4)0 != 0xFFFFFFFF
+        || (temp.uc[0] = 1, temp.uc[1] = 2, temp.uc[2] = 3, temp.uc[3] = 4,
+            !(temp.ui[0] == 0x01020304
+              || temp.ui[0] == 0x04030201)))
+        abort();
+#define FETCH4(VAR, IDX)        VAR = temp.ui[IDX/4]
+#define PUT4(VAR, IDX)          temp.ui[IDX/4] = VAR
 
     if (salt
-	&& (salt->length == SALT_TYPE_AFS_LENGTH
-	    /* XXX  Yuck!  Aren't we done with this yet?  */
-	    || salt->length == (unsigned) -1)) {
-	krb5_data afssalt;
-	char *at;
+        && (salt->length == SALT_TYPE_AFS_LENGTH
+            /* XXX  Yuck!  Aren't we done with this yet?  */
+            || salt->length == (unsigned) -1)) {
+        krb5_data afssalt;
+        char *at;
 
-	afssalt.data = salt->data;
-	at = strchr(afssalt.data, '@');
-	if (at) {
-	    *at = 0;
-	    afssalt.length = at - afssalt.data;
-	} else
-	    afssalt.length = strlen(afssalt.data);
-	return mit_afs_string_to_key(key, pw, &afssalt);
+        afssalt.data = salt->data;
+        at = strchr(afssalt.data, '@');
+        if (at) {
+            *at = 0;
+            afssalt.length = at - afssalt.data;
+        } else
+            afssalt.length = strlen(afssalt.data);
+        return mit_afs_string_to_key(key, pw, &afssalt);
     }
 
     copylen = pw->length + (salt ? salt->length : 0);
@@ -84,10 +85,10 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        a byte array, not a string.  */
     copy = malloc(copylen);
     if (copy == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memcpy(copy, pw->data, pw->length);
     if (salt)
-	memcpy(copy + pw->length, salt->data, salt->length);
+        memcpy(copy + pw->length, salt->data, salt->length);
 
     memset(&temp, 0, sizeof(temp));
     p = temp.uc;
@@ -95,34 +96,34 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        forward and reverse sections, and combine them later, rather
        than having to do the reversal over and over again.  */
     for (i = 0; i < copylen; i++) {
-	*p++ ^= copy[i];
-	if (p == temp.uc+16) {
-	    p = temp.uc;
+        *p++ ^= copy[i];
+        if (p == temp.uc+16) {
+            p = temp.uc;
 #ifdef PRINT_TEST_VECTORS
-	    {
-		int j;
-		printf("after %d input bytes:\nforward block:\t", i+1);
-		for (j = 0; j < 8; j++)
-		    printf(" %02x", temp.uc[j] & 0xff);
-		printf("\nreverse block:\t");
-		for (j = 8; j < 16; j++)
-		    printf(" %02x", temp.uc[j] & 0xff);
-		printf("\n");
-	    }
+            {
+                int j;
+                printf("after %d input bytes:\nforward block:\t", i+1);
+                for (j = 0; j < 8; j++)
+                    printf(" %02x", temp.uc[j] & 0xff);
+                printf("\nreverse block:\t");
+                for (j = 8; j < 16; j++)
+                    printf(" %02x", temp.uc[j] & 0xff);
+                printf("\n");
+            }
 #endif
-	}
+        }
     }
 
 #ifdef PRINT_TEST_VECTORS
     if (p != temp.uc) {
-	int j;
-	printf("at end, after %d input bytes:\nforward block:\t", i);
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\nreverse block:\t");
-	for (j = 8; j < 16; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("at end, after %d input bytes:\nforward block:\t", i);
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\nreverse block:\t");
+        for (j = 8; j < 16; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 #if 0
@@ -137,24 +138,24 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
        If we could rely on 64-bit math, another 7 ops would save us
        from having to do double the work.  */
-#define REVERSE_STEP(VAR, SHIFT, MASK)			\
+#define REVERSE_STEP(VAR, SHIFT, MASK)                                  \
     VAR = ((VAR >> SHIFT) & MASK) | ((VAR << SHIFT) & (0xFFFFFFFFUL & ~MASK))
-#define REVERSE(VAR)						\
-    REVERSE_STEP (VAR, 1, 0x55555555UL); /* swap odd/even bits */	\
-    REVERSE_STEP (VAR, 2, 0x33333333UL); /* swap bitpairs */		\
-    REVERSE_STEP (VAR, 4, 0x0F0F0F0FUL); /* swap nibbles, etc */	\
-    REVERSE_STEP (VAR, 8, 0x00FF00FFUL);				\
+#define REVERSE(VAR)                                                    \
+    REVERSE_STEP (VAR, 1, 0x55555555UL); /* swap odd/even bits */       \
+    REVERSE_STEP (VAR, 2, 0x33333333UL); /* swap bitpairs */            \
+    REVERSE_STEP (VAR, 4, 0x0F0F0F0FUL); /* swap nibbles, etc */        \
+    REVERSE_STEP (VAR, 8, 0x00FF00FFUL);                                \
     REVERSE_STEP (VAR, 16, 0x0000FFFFUL);
 #else /* shorter */
-#define REVERSE(VAR)				\
-    {						\
-	krb5_ui_4 old = VAR, temp1 = 0;		\
-	int j;					\
-	for (j = 0; j < 32; j++) {		\
-	    temp1 = (temp1 << 1) | (old & 1);	\
-	    old >>= 1;				\
-	}					\
-	VAR = temp1;				\
+#define REVERSE(VAR)                            \
+    {                                           \
+        krb5_ui_4 old = VAR, temp1 = 0;         \
+        int j;                                  \
+        for (j = 0; j < 32; j++) {              \
+            temp1 = (temp1 << 1) | (old & 1);   \
+            old >>= 1;                          \
+        }                                       \
+        VAR = temp1;                            \
     }
 #endif
 
@@ -168,16 +169,16 @@ mit_des_string_to_key_int (krb5_keyblock *key,
     REVERSE (y);
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	union { unsigned char uc[4]; krb5_ui_4 ui; } t2;
-	printf("after reversal, reversed block:\n\t\t");
-	t2.ui = y;
-	for (j = 0; j < 4; j++)
-	    printf(" %02x", t2.uc[j] & 0xff);
-	t2.ui = x;
-	for (j = 0; j < 4; j++)
-	    printf(" %02x", t2.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        union { unsigned char uc[4]; krb5_ui_4 ui; } t2;
+        printf("after reversal, reversed block:\n\t\t");
+        t2.ui = y;
+        for (j = 0; j < 4; j++)
+            printf(" %02x", t2.uc[j] & 0xff);
+        t2.ui = x;
+        for (j = 0; j < 4; j++)
+            printf(" %02x", t2.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
     /* Ignored bits are now at the bottom of each byte, where we'll
@@ -200,16 +201,16 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after reversal, combined block:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after reversal, combined block:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
-#define FIXUP(K)					\
-    (mit_des_fixup_key_parity(K),			\
+#define FIXUP(K)                                        \
+    (mit_des_fixup_key_parity(K),                       \
      mit_des_is_weak_key(K) ? (K[7] ^= 0xF0) : 0)
 
     /* Now temp.cb is the temporary key, with invalid parity.  */
@@ -217,11 +218,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after fixing parity and weak keys:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after fixing parity and weak keys:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
@@ -233,11 +234,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("cbc checksum:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("cbc checksum:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
@@ -246,11 +247,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after fixing parity and weak keys:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after fixing parity and weak keys:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
diff --git a/src/lib/crypto/builtin/des/t_afss2k.c b/src/lib/crypto/builtin/des/t_afss2k.c
index a6d0aa5..5a0f960 100644
--- a/src/lib/crypto/builtin/des/t_afss2k.c
+++ b/src/lib/crypto/builtin/des/t_afss2k.c
@@ -1,70 +1,71 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "des_int.h"
 
 static const char *me;
 
 struct test_case {
-	char *saltstr;
-	int saltlen;
-	unsigned char keys[12][8];
+    char *saltstr;
+    int saltlen;
+    unsigned char keys[12][8];
 };
 
 struct test_case test_cases[] = {
-	{
-		"Sodium Chloride", -1,
-		{
-			{ 0xa4, 0xd0, 0xd0, 0x9b, 0x86, 0x92, 0xb0, 0xc2, },
-			{ 0xf1, 0xf2, 0x9e, 0xab, 0xd0, 0xef, 0xdf, 0x73, },
-			{ 0xd6, 0x85, 0x61, 0xc4, 0xf2, 0x94, 0xf4, 0xa1, },
-			{ 0xd0, 0xe3, 0xa7, 0x83, 0x94, 0x61, 0xe0, 0xd0, },
-			{ 0xd5, 0x62, 0xcd, 0x94, 0x61, 0xcb, 0x97, 0xdf, },
-			{ 0x9e, 0xa2, 0xa2, 0xec, 0xa8, 0x8c, 0x6b, 0x8f, },
-			{ 0xe3, 0x91, 0x6d, 0xd3, 0x85, 0xf1, 0x67, 0xc4, },
-			{ 0xf4, 0xc4, 0x73, 0xc8, 0x8a, 0xe9, 0x94, 0x6d, },
-			{ 0xa1, 0x9e, 0xb3, 0xad, 0x6b, 0xe3, 0xab, 0xd9, },
-			{ 0xad, 0xa1, 0xce, 0x10, 0x37, 0x83, 0xa7, 0x8c, },
-			{ 0xd3, 0x01, 0xd0, 0xf7, 0x3e, 0x7a, 0x49, 0x0b, },
-			{ 0xb6, 0x2a, 0x4a, 0xec, 0x9d, 0x4c, 0x68, 0xdf, },
-		}
-	},
-	{
-		"NaCl", 4,
-		{
-			{ 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
-			{ 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
-			{ 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
-			{ 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
-			{ 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
-			{ 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
-			{ 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
-			{ 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
-			{ 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
-			{ 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
-			{ 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
-			{ 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
-		}
-	},
-	{
-		/* This one intentionally supplies a length shorter
-		   than the string.  The point of this is to ensure
-		   that s[len] is not zero, so that anything actually
-		   relying on that value (i.e., reading out of bounds)
-		   should generate incorrect results.  */
-		"NaCl2", 4,
-		{
-			{ 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
-			{ 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
-			{ 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
-			{ 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
-			{ 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
-			{ 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
-			{ 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
-			{ 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
-			{ 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
-			{ 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
-			{ 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
-			{ 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
-		}
-	},
+    {
+        "Sodium Chloride", -1,
+        {
+            { 0xa4, 0xd0, 0xd0, 0x9b, 0x86, 0x92, 0xb0, 0xc2, },
+            { 0xf1, 0xf2, 0x9e, 0xab, 0xd0, 0xef, 0xdf, 0x73, },
+            { 0xd6, 0x85, 0x61, 0xc4, 0xf2, 0x94, 0xf4, 0xa1, },
+            { 0xd0, 0xe3, 0xa7, 0x83, 0x94, 0x61, 0xe0, 0xd0, },
+            { 0xd5, 0x62, 0xcd, 0x94, 0x61, 0xcb, 0x97, 0xdf, },
+            { 0x9e, 0xa2, 0xa2, 0xec, 0xa8, 0x8c, 0x6b, 0x8f, },
+            { 0xe3, 0x91, 0x6d, 0xd3, 0x85, 0xf1, 0x67, 0xc4, },
+            { 0xf4, 0xc4, 0x73, 0xc8, 0x8a, 0xe9, 0x94, 0x6d, },
+            { 0xa1, 0x9e, 0xb3, 0xad, 0x6b, 0xe3, 0xab, 0xd9, },
+            { 0xad, 0xa1, 0xce, 0x10, 0x37, 0x83, 0xa7, 0x8c, },
+            { 0xd3, 0x01, 0xd0, 0xf7, 0x3e, 0x7a, 0x49, 0x0b, },
+            { 0xb6, 0x2a, 0x4a, 0xec, 0x9d, 0x4c, 0x68, 0xdf, },
+        }
+    },
+    {
+        "NaCl", 4,
+        {
+            { 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
+            { 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
+            { 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
+            { 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
+            { 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
+            { 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
+            { 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
+            { 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
+            { 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
+            { 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
+            { 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
+            { 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
+        }
+    },
+    {
+        /* This one intentionally supplies a length shorter
+           than the string.  The point of this is to ensure
+           that s[len] is not zero, so that anything actually
+           relying on that value (i.e., reading out of bounds)
+           should generate incorrect results.  */
+        "NaCl2", 4,
+        {
+            { 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
+            { 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
+            { 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
+            { 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
+            { 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
+            { 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
+            { 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
+            { 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
+            { 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
+            { 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
+            { 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
+            { 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
+        }
+    },
 };
 
 static void do_it (struct test_case *tcase);
@@ -72,65 +73,65 @@ static void do_it (struct test_case *tcase);
 int
 main (int argc, char *argv[])
 {
-	int i;
+    int i;
 
-	me = argv[0];
-	for (i = 0; i < sizeof (test_cases) / sizeof (struct test_case); i++)
-		do_it (&test_cases[i]);
-	return 0;
+    me = argv[0];
+    for (i = 0; i < sizeof (test_cases) / sizeof (struct test_case); i++)
+        do_it (&test_cases[i]);
+    return 0;
 }
 
 static void
 do_it (struct test_case *tcase)
 {
-	unsigned char keydata[8];
-	krb5_data salt, passwd;
-	krb5_keyblock key;
-	krb5_error_code err;
-	int i;
-	unsigned char longpass[2048];
+    unsigned char keydata[8];
+    krb5_data salt, passwd;
+    krb5_keyblock key;
+    krb5_error_code err;
+    int i;
+    unsigned char longpass[2048];
 
-	key.contents = keydata;
-	key.length = sizeof (keydata);
+    key.contents = keydata;
+    key.length = sizeof (keydata);
 
-	salt.data = tcase->saltstr;
-	if (tcase->saltlen == -1)
-		salt.length = strlen (tcase->saltstr);
-	else
-		salt.length = tcase->saltlen;
+    salt.data = tcase->saltstr;
+    if (tcase->saltlen == -1)
+        salt.length = strlen (tcase->saltstr);
+    else
+        salt.length = tcase->saltlen;
 
-	/*
-	 * Try passwords with lengths equal to, greater than, and less
-	 * than 8 characters, since the AFS s2k algorithm does
-	 * interesting stuff depending on the length.
-	 */
-	passwd.data = "My Password";
-	for (i = 0; i < 12; i++) {
-		passwd.length = i;
-		err = mit_afs_string_to_key (&key, &passwd, &salt);
-		if (err != 0) {
-			com_err (me, err, "");
-			exit (1);
-		}
-		if (memcmp (tcase->keys[i], keydata, 8) != 0)
-			abort ();
-	}
+    /*
+     * Try passwords with lengths equal to, greater than, and less
+     * than 8 characters, since the AFS s2k algorithm does
+     * interesting stuff depending on the length.
+     */
+    passwd.data = "My Password";
+    for (i = 0; i < 12; i++) {
+        passwd.length = i;
+        err = mit_afs_string_to_key (&key, &passwd, &salt);
+        if (err != 0) {
+            com_err (me, err, "");
+            exit (1);
+        }
+        if (memcmp (tcase->keys[i], keydata, 8) != 0)
+            abort ();
+    }
 
-	/* Run another pass to make sure the characters after the
-	   password in the buffer aren't influencing the output.  The
-	   password is *not* required to be null-terminated.  */
-	memset (longpass, '!', sizeof (longpass));
-	longpass[sizeof (longpass)-1] = '\0';
-	memcpy (longpass, "My Password", strlen ("My Password"));
-	passwd.data = (char *) longpass;
-	for (i = 0; i < 12; i++) {
-		passwd.length = i;
-		err = mit_afs_string_to_key (&key, &passwd, &salt);
-		if (err != 0) {
-			com_err (me, err, "");
-			exit (1);
-		}
-		if (memcmp (tcase->keys[i], keydata, 8) != 0)
-			abort ();
-	}
+    /* Run another pass to make sure the characters after the
+       password in the buffer aren't influencing the output.  The
+       password is *not* required to be null-terminated.  */
+    memset (longpass, '!', sizeof (longpass));
+    longpass[sizeof (longpass)-1] = '\0';
+    memcpy (longpass, "My Password", strlen ("My Password"));
+    passwd.data = (char *) longpass;
+    for (i = 0; i < 12; i++) {
+        passwd.length = i;
+        err = mit_afs_string_to_key (&key, &passwd, &salt);
+        if (err != 0) {
+            com_err (me, err, "");
+            exit (1);
+        }
+        if (memcmp (tcase->keys[i], keydata, 8) != 0)
+            abort ();
+    }
 }
diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c
index 6c1f17b..ae31207 100644
--- a/src/lib/crypto/builtin/des/t_verify.c
+++ b/src/lib/crypto/builtin/des/t_verify.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/verify.c
  *
@@ -27,8 +28,8 @@
  * Program to test the correctness of the DES library
  * implementation.
  *
- * exit returns	 0 ==> success
- * 		-1 ==> error
+ * exit returns  0 ==> success
+ *              -1 ==> error
  */
 
 /*
@@ -140,35 +141,35 @@ main(argc,argv)
     /* Set screen window buffer to infinite size -- MS default is tiny.  */
     _wsetscreenbuf (fileno (stdout), _WINBUFINF);
 #endif
-    progname=argv[0];		/* salt away invoking program */
+    progname=argv[0];           /* salt away invoking program */
 
     while (--argc > 0 && (*++argv)[0] == '-')
-	for (i=1; argv[0][i] != '\0'; i++) {
-	    switch (argv[0][i]) {
+        for (i=1; argv[0][i] != '\0'; i++) {
+            switch (argv[0][i]) {
 
-		/* debug flag */
-	    case 'd':
-		mit_des_debug=3;
-		continue;
+                /* debug flag */
+            case 'd':
+                mit_des_debug=3;
+                continue;
 
-	    case 'z':
-		zflag = 1;
-		continue;
+            case 'z':
+                zflag = 1;
+                continue;
 
-	    case 'm':
-		mflag = 1;
-		continue;
+            case 'm':
+                mflag = 1;
+                continue;
 
-	    default:
-		printf("%s: illegal flag \"%c\" ",
-		       progname,argv[0][i]);
-		exit(1);
-	    }
-	};
+            default:
+                printf("%s: illegal flag \"%c\" ",
+                       progname,argv[0][i]);
+                exit(1);
+            }
+        };
 
     if (argc) {
-	fprintf(stderr, "Usage: %s [-dmz]\n", progname);
-	exit(1);
+        fprintf(stderr, "Usage: %s [-dmz]\n", progname);
+        exit(1);
     }
 
     /* do some initialisation */
@@ -177,92 +178,92 @@ main(argc,argv)
 
     /* ECB zero text zero key */
     if (zflag) {
-	input = zero_text;
-	mit_des_key_sched(zero_key, sched);
-	printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++)
-	    printf("%02x ",cipher_text[j]);
-	printf("\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
-	    printf("verify: error in zero key test\n");
-	    exit(-1);
-	}
-
-	exit(0);
+        input = zero_text;
+        mit_des_key_sched(zero_key, sched);
+        printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
+            printf("verify: error in zero key test\n");
+            exit(-1);
+        }
+
+        exit(0);
     }
 
     if (mflag) {
-	input = msb_text;
-	mit_des_key_sched(key3, sched);
-	printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
-	printf("key = 0x80 01 01 01 01 01 01 01\n");
-	printf("	cipher = 0xa380e02a6be54696\n");
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++) {
-	    printf("%02x ",cipher_text[j]);
-	}
-	printf("\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
-	    printf("verify: error in msb test\n");
-	    exit(-1);
-	}
-	exit(0);
+        input = msb_text;
+        mit_des_key_sched(key3, sched);
+        printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
+        printf("key = 0x80 01 01 01 01 01 01 01\n");
+        printf("        cipher = 0xa380e02a6be54696\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
+            printf("verify: error in msb test\n");
+            exit(-1);
+        }
+        exit(0);
     }
 
     /* ECB mode Davies and Price */
     {
-	input = zero_text;
-	mit_des_key_sched(key2, sched);
-	printf("Examples per FIPS publication 81, keys ivs and cipher\n");
-	printf("in hex.  These are the correct answers, see below for\n");
-	printf("the actual answers.\n\n");
-	printf("Examples per Davies and Price.\n\n");
-	printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
-	printf("\tclear = 0\n");
-	printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
-	printf("ACTUAL ECB\n");
-	printf("\tclear \"%s\"\n", input);
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++)
-	    printf("%02x ",cipher_text[j]);
-	printf("\n\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
-	    printf("verify: error in ECB encryption\n");
-	    exit(-1);
-	}
-	else
-	    printf("verify: ECB encryption is correct\n\n");
+        input = zero_text;
+        mit_des_key_sched(key2, sched);
+        printf("Examples per FIPS publication 81, keys ivs and cipher\n");
+        printf("in hex.  These are the correct answers, see below for\n");
+        printf("the actual answers.\n\n");
+        printf("Examples per Davies and Price.\n\n");
+        printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
+        printf("\tclear = 0\n");
+        printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
+        printf("ACTUAL ECB\n");
+        printf("\tclear \"%s\"\n", input);
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
     }
 
     /* ECB mode */
     {
-	mit_des_key_sched(default_key, sched);
-	input = clear_text;
-	ivec = default_ivec;
-	printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
-	printf("\tclear = \"Now is the time for all \"\n");
-	printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
-	printf("ACTUAL ECB\n\tclear \"%s\"",input);
-	do_encrypt(input,cipher_text);
-	printf("\n\tcipher	= (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++) {
-	    printf("%02x ",cipher_text[j]);
-	}
-	printf("\n\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
-	    printf("verify: error in ECB encryption\n");
-	    exit(-1);
-	}
-	else
-	    printf("verify: ECB encryption is correct\n\n");
+        mit_des_key_sched(default_key, sched);
+        input = clear_text;
+        ivec = default_ivec;
+        printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
+        printf("\tclear = \"Now is the time for all \"\n");
+        printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
+        printf("ACTUAL ECB\n\tclear \"%s\"",input);
+        do_encrypt(input,cipher_text);
+        printf("\n\tcipher      = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
     }
 
     /* CBC mode */
@@ -276,39 +277,39 @@ main(argc,argv)
     printf("ACTUAL CBC\n\tclear \"%s\"\n",input);
     in_length =  strlen((char *)input);
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input,
-				      (mit_des_cblock *) cipher_text,
-				      (size_t) in_length,
-				      sched,
-				      ivec,
-				      MIT_DES_ENCRYPT))) {
-	com_err("des verify", retval, "can't encrypt");
-	exit(-1);
+                                      (mit_des_cblock *) cipher_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_ENCRYPT))) {
+        com_err("des verify", retval, "can't encrypt");
+        exit(-1);
     }
     printf("\tciphertext = (low to high bytes)\n");
     for (i = 0; i <= 2; i++) {
-	printf("\t\t");
-	for (j = 0; j <= 7; j++) {
-	    printf("%02x ",cipher_text[i*8+j]);
-	}
-	printf("\n");
+        printf("\t\t");
+        for (j = 0; j <= 7; j++) {
+            printf("%02x ",cipher_text[i*8+j]);
+        }
+        printf("\n");
     }
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text,
-				      (mit_des_cblock *) clear_text,
-				      (size_t) in_length,
-				      sched,
-				      ivec,
-				      MIT_DES_DECRYPT))) {
-	com_err("des verify", retval, "can't decrypt");
-	exit(-1);
+                                      (mit_des_cblock *) clear_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_DECRYPT))) {
+        com_err("des verify", retval, "can't decrypt");
+        exit(-1);
     }
     printf("\tdecrypted clear_text = \"%s\"\n",clear_text);
 
     if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) {
-	printf("verify: error in CBC encryption\n");
-	exit(-1);
+        printf("verify: error in CBC encryption\n");
+        exit(-1);
     }
     else
-	printf("verify: CBC encryption is correct\n\n");
+        printf("verify: CBC encryption is correct\n\n");
 
     printf("EXAMPLE CBC checksum");
     printf("\tkey =  0123456789abcdef\tiv =  1234567890abcdef\n");
@@ -317,18 +318,18 @@ main(argc,argv)
     printf("or some part thereof\n");
     input = clear_text2;
     mit_des_cbc_cksum(input,cipher_text, strlen((char *)input),
-		      sched,ivec);
+                      sched,ivec);
     printf("ACTUAL CBC checksum\n");
     printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
     for (j = 0; j<=7; j++)
-	printf("%02x ",cipher_text[j]);
+        printf("%02x ",cipher_text[j]);
     printf("\n\n");
     if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
-	printf("verify: error in CBC cheksum\n");
-	exit(-1);
+        printf("verify: error in CBC cheksum\n");
+        exit(-1);
     }
     else
-	printf("verify: CBC checksum is correct\n\n");
+        printf("verify: CBC checksum is correct\n\n");
 
     exit(0);
 }
@@ -341,18 +342,18 @@ flip(array)
     register int old,new,i,j;
     /* flips the bit order within each byte from 0 lsb to 0 msb */
     for (i = 0; i<=7; i++) {
-	old = *array;
-	new = 0;
-	for (j = 0; j<=7; j++) {
-	    if (old & 01)
-		new = new | 01;
-	    if (j < 7) {
-		old = old >> 1;
-		new = new << 1;
-	    }
-	}
-	*array = new;
-	array++;
+        old = *array;
+        new = 0;
+        for (j = 0; j<=7; j++) {
+            if (old & 01)
+                new = new | 01;
+            if (j < 7) {
+                old = old >> 1;
+                new = new << 1;
+            }
+        }
+        *array = new;
+        array++;
     }
 }
 #endif
@@ -364,20 +365,20 @@ do_encrypt(in,out)
 {
     int i, j;
     for (i =1; i<=nflag; i++) {
-	mit_des_cbc_encrypt((const mit_des_cblock *)in,
-			    (mit_des_cblock *)out,
-			    8,
-			    sched,
-			    zero_text,
-			    MIT_DES_ENCRYPT);
-	if (mit_des_debug) {
-	    printf("\nclear %s\n",in);
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",in[j] & 0xff);
-	    printf("\tcipher ");
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",out[j] & 0xff);
-	}
+        mit_des_cbc_encrypt((const mit_des_cblock *)in,
+                            (mit_des_cblock *)out,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_ENCRYPT);
+        if (mit_des_debug) {
+            printf("\nclear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
     }
 }
 
@@ -389,20 +390,20 @@ do_decrypt(in,out)
 {
     int i, j;
     for (i =1; i<=nflag; i++) {
-	mit_des_cbc_encrypt((const mit_des_cblock *)out,
-			    (mit_des_cblock *)in,
-			    8,
-			    sched,
-			    zero_text,
-			    MIT_DES_DECRYPT);
-	if (mit_des_debug) {
-	    printf("clear %s\n",in);
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",in[j] & 0xff);
-	    printf("\tcipher ");
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",out[j] & 0xff);
-	}
+        mit_des_cbc_encrypt((const mit_des_cblock *)out,
+                            (mit_des_cblock *)in,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_DECRYPT);
+        if (mit_des_debug) {
+            printf("clear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
     }
 }
 
@@ -414,5 +415,5 @@ int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
 {
-    return 0;				/* fake it out for testing */
+    return 0;                           /* fake it out for testing */
 }
diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c
index 7086789..921ce10 100644
--- a/src/lib/crypto/builtin/des/weak_key.c
+++ b/src/lib/crypto/builtin/des/weak_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/weak_key.c
  *
@@ -77,8 +78,8 @@ mit_des_is_weak_key(mit_des_cblock key)
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
-	    return 1;
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
     }
 
     return 0;
diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c
index b735cc9..cde5bb5 100644
--- a/src/lib/crypto/builtin/enc_provider/aes.c
+++ b/src/lib/crypto/builtin/enc_provider/aes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/enc_provider/aes.c
  *
@@ -48,17 +49,17 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
 #ifdef SHOW_TEXT
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
 #endif
     }
     printf("\n");
@@ -68,26 +69,26 @@ static void printd (const char *descr, krb5_data *d) {
 static inline void enc(char *out, const char *in, aes_ctx *ctx)
 {
     if (aes_enc_blk((const unsigned char *)in, (unsigned char *)out, ctx)
-	!= aes_good)
-	abort();
+        != aes_good)
+        abort();
 }
 static inline void dec(char *out, const char *in, aes_ctx *ctx)
 {
     if (aes_dec_blk((const unsigned char *)in, (unsigned char *)out, ctx)
-	!= aes_good)
-	abort();
+        != aes_good)
+        abort();
 }
 
 static void xorblock(char *out, const char *in)
 {
     int z;
     for (z = 0; z < BLOCK_SIZE; z++)
-	out[z] ^= in[z];
+        out[z] ^= in[z];
 }
 
 krb5_error_code
 krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+                    const krb5_data *input, krb5_data *output)
 {
     aes_ctx ctx;
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
@@ -96,45 +97,45 @@ krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
 /*    CHECK_SIZES; */
 
     if (aes_enc_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
+                    &ctx) != aes_good)
+        abort();
 
     if (ivec)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
 
     if (nblocks == 1) {
-	/* XXX Used for DK function.  */
-	enc(output->data, input->data, &ctx);
+        /* XXX Used for DK function.  */
+        enc(output->data, input->data, &ctx);
     } else {
-	unsigned int nleft;
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    xorblock(tmp, input->data + blockno * BLOCK_SIZE);
-	    enc(tmp2, tmp, &ctx);
-	    memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-
-	    /* Set up for next block.  */
-	    memcpy(tmp, tmp2, BLOCK_SIZE);
-	}
-	/* Do final CTS step for last two blocks (the second of which
-	   may or may not be incomplete).  */
-	xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
-	enc(tmp2, tmp, &ctx);
-	nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
-	memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
-	memcpy(tmp, tmp2, BLOCK_SIZE);
-
-	memset(tmp3, 0, sizeof(tmp3));
-	memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, nleft);
-	xorblock(tmp, tmp3);
-	enc(tmp2, tmp, &ctx);
-	memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-	if (ivec)
-	    memcpy(ivec->data, tmp2, BLOCK_SIZE);
+        unsigned int nleft;
+
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            xorblock(tmp, input->data + blockno * BLOCK_SIZE);
+            enc(tmp2, tmp, &ctx);
+            memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+
+            /* Set up for next block.  */
+            memcpy(tmp, tmp2, BLOCK_SIZE);
+        }
+        /* Do final CTS step for last two blocks (the second of which
+           may or may not be incomplete).  */
+        xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
+        enc(tmp2, tmp, &ctx);
+        nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
+        memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
+        memcpy(tmp, tmp2, BLOCK_SIZE);
+
+        memset(tmp3, 0, sizeof(tmp3));
+        memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, nleft);
+        xorblock(tmp, tmp3);
+        enc(tmp2, tmp, &ctx);
+        memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+        if (ivec)
+            memcpy(ivec->data, tmp2, BLOCK_SIZE);
     }
 
     return 0;
@@ -142,7 +143,7 @@ krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
 
 krb5_error_code
 krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+                    const krb5_data *input, krb5_data *output)
 {
     aes_ctx ctx;
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
@@ -151,51 +152,51 @@ krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
     CHECK_SIZES;
 
     if (aes_dec_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
+                    &ctx) != aes_good)
+        abort();
 
     if (ivec)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
 
     if (nblocks == 1) {
-	if (input->length < BLOCK_SIZE)
-	    abort();
-	dec(output->data, input->data, &ctx);
+        if (input->length < BLOCK_SIZE)
+            abort();
+        dec(output->data, input->data, &ctx);
     } else {
 
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
-	    xorblock(tmp2, tmp);
-	    memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-	    memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
-	}
-	/* Do last two blocks, the second of which (next-to-last block
-	   of plaintext) may be incomplete.  */
-	dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
-	/* Set tmp3 to last ciphertext block, padded.  */
-	memset(tmp3, 0, sizeof(tmp3));
-	memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,
-	       input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Set tmp2 to last (possibly partial) plaintext block, and
-	   save it.  */
-	xorblock(tmp2, tmp3);
-	memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2,
-	       input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Maybe keep the trailing part, and copy in the last
-	   ciphertext block.  */
-	memcpy(tmp2, tmp3, input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Decrypt, to get next to last plaintext block xor previous
-	   ciphertext.  */
-	dec(tmp3, tmp2, &ctx);
-	xorblock(tmp3, tmp);
-	memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp3, BLOCK_SIZE);
-	if (ivec)
-	    memcpy(ivec->data, input->data + (nblocks - 2) * BLOCK_SIZE,
-		   BLOCK_SIZE);
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
+            xorblock(tmp2, tmp);
+            memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+            memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
+        }
+        /* Do last two blocks, the second of which (next-to-last block
+           of plaintext) may be incomplete.  */
+        dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
+        /* Set tmp3 to last ciphertext block, padded.  */
+        memset(tmp3, 0, sizeof(tmp3));
+        memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,
+               input->length - (nblocks - 1) * BLOCK_SIZE);
+        /* Set tmp2 to last (possibly partial) plaintext block, and
+           save it.  */
+        xorblock(tmp2, tmp3);
+        memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2,
+               input->length - (nblocks - 1) * BLOCK_SIZE);
+        /* Maybe keep the trailing part, and copy in the last
+           ciphertext block.  */
+        memcpy(tmp2, tmp3, input->length - (nblocks - 1) * BLOCK_SIZE);
+        /* Decrypt, to get next to last plaintext block xor previous
+           ciphertext.  */
+        dec(tmp3, tmp2, &ctx);
+        xorblock(tmp3, tmp);
+        memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp3, BLOCK_SIZE);
+        if (ivec)
+            memcpy(ivec->data, input->data + (nblocks - 2) * BLOCK_SIZE,
+                   BLOCK_SIZE);
     }
 
     return 0;
@@ -203,9 +204,9 @@ krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 krb5int_aes_encrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     aes_ctx ctx;
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
@@ -213,19 +214,19 @@ krb5int_aes_encrypt_iov(krb5_key key,
     size_t input_length, i;
 
     if (aes_enc_key(key->keyblock.contents, key->keyblock.length, &ctx)
-	!= aes_good)
-	abort();
+        != aes_good)
+        abort();
 
     if (ivec != NULL)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
@@ -233,50 +234,50 @@ krb5int_aes_encrypt_iov(krb5_key key,
     assert(nblocks > 1);
 
     {
-	char blockN2[BLOCK_SIZE];   /* second last */
-	char blockN1[BLOCK_SIZE];   /* last block */
-	struct iov_block_state input_pos, output_pos;
-
-	IOV_BLOCK_STATE_INIT(&input_pos);
-	IOV_BLOCK_STATE_INIT(&output_pos);
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    char blockN[BLOCK_SIZE];
-
-	    krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
-	    xorblock(tmp, blockN);
-	    enc(tmp2, tmp, &ctx);
-	    krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
-
-	    /* Set up for next block.  */
-	    memcpy(tmp, tmp2, BLOCK_SIZE);
-	}
-
-	/* Do final CTS step for last two blocks (the second of which
-	   may or may not be incomplete).  */
-
-	/* First, get the last two blocks */
-	memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
-	krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
-	krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
-
-	/* Encrypt second last block */
-	xorblock(tmp, blockN2);
-	enc(tmp2, tmp, &ctx);
-	memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */
-	memcpy(tmp, tmp2, BLOCK_SIZE);
-
-	/* Encrypt last block */
-	xorblock(tmp, blockN1);
-	enc(tmp2, tmp, &ctx);
-	memcpy(blockN1, tmp2, BLOCK_SIZE);
-
-	/* Put the last two blocks back into the iovec (reverse order) */
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
-
-	if (ivec != NULL)
-	    memcpy(ivec->data, blockN1, BLOCK_SIZE);
+        char blockN2[BLOCK_SIZE];   /* second last */
+        char blockN1[BLOCK_SIZE];   /* last block */
+        struct iov_block_state input_pos, output_pos;
+
+        IOV_BLOCK_STATE_INIT(&input_pos);
+        IOV_BLOCK_STATE_INIT(&output_pos);
+
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            char blockN[BLOCK_SIZE];
+
+            krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
+            xorblock(tmp, blockN);
+            enc(tmp2, tmp, &ctx);
+            krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
+
+            /* Set up for next block.  */
+            memcpy(tmp, tmp2, BLOCK_SIZE);
+        }
+
+        /* Do final CTS step for last two blocks (the second of which
+           may or may not be incomplete).  */
+
+        /* First, get the last two blocks */
+        memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+        krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
+        krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
+
+        /* Encrypt second last block */
+        xorblock(tmp, blockN2);
+        enc(tmp2, tmp, &ctx);
+        memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */
+        memcpy(tmp, tmp2, BLOCK_SIZE);
+
+        /* Encrypt last block */
+        xorblock(tmp, blockN1);
+        enc(tmp2, tmp, &ctx);
+        memcpy(blockN1, tmp2, BLOCK_SIZE);
+
+        /* Put the last two blocks back into the iovec (reverse order) */
+        krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
+
+        if (ivec != NULL)
+            memcpy(ivec->data, blockN1, BLOCK_SIZE);
     }
 
     return 0;
@@ -284,9 +285,9 @@ krb5int_aes_encrypt_iov(krb5_key key,
 
 static krb5_error_code
 krb5int_aes_decrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     aes_ctx ctx;
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
@@ -297,19 +298,19 @@ krb5int_aes_decrypt_iov(krb5_key key,
     CHECK_SIZES;
 
     if (aes_dec_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
+                    &ctx) != aes_good)
+        abort();
 
     if (ivec != NULL)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
@@ -317,52 +318,52 @@ krb5int_aes_decrypt_iov(krb5_key key,
     assert(nblocks > 1);
 
     {
-	char blockN2[BLOCK_SIZE];   /* second last */
-	char blockN1[BLOCK_SIZE];   /* last block */
-	struct iov_block_state input_pos, output_pos;
-
-	IOV_BLOCK_STATE_INIT(&input_pos);
-	IOV_BLOCK_STATE_INIT(&output_pos);
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    char blockN[BLOCK_SIZE];
-
-	    krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
-	    dec(tmp2, blockN, &ctx);
-	    xorblock(tmp2, tmp);
-	    krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
-	    memcpy(tmp, blockN, BLOCK_SIZE);
-	}
-
-	/* Do last two blocks, the second of which (next-to-last block
-	   of plaintext) may be incomplete.  */
-
-	/* First, get the last two encrypted blocks */
-	memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
-	krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
-	krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
-
-	if (ivec != NULL)
-	    memcpy(ivec->data, blockN2, BLOCK_SIZE);
-
-	/* Decrypt second last block */
-	dec(tmp2, blockN2, &ctx);
-	/* Set tmp2 to last (possibly partial) plaintext block, and
-	   save it.  */
-	xorblock(tmp2, blockN1);
-	memcpy(blockN2, tmp2, BLOCK_SIZE);
-
-	/* Maybe keep the trailing part, and copy in the last
-	   ciphertext block.  */
-	input_length %= BLOCK_SIZE;
-	memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE);
-	dec(tmp3, tmp2, &ctx);
-	xorblock(tmp3, tmp);
-	memcpy(blockN1, tmp3, BLOCK_SIZE);
-
-	/* Put the last two blocks back into the iovec */
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
+        char blockN2[BLOCK_SIZE];   /* second last */
+        char blockN1[BLOCK_SIZE];   /* last block */
+        struct iov_block_state input_pos, output_pos;
+
+        IOV_BLOCK_STATE_INIT(&input_pos);
+        IOV_BLOCK_STATE_INIT(&output_pos);
+
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            char blockN[BLOCK_SIZE];
+
+            krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
+            dec(tmp2, blockN, &ctx);
+            xorblock(tmp2, tmp);
+            krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
+            memcpy(tmp, blockN, BLOCK_SIZE);
+        }
+
+        /* Do last two blocks, the second of which (next-to-last block
+           of plaintext) may be incomplete.  */
+
+        /* First, get the last two encrypted blocks */
+        memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+        krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
+        krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
+
+        if (ivec != NULL)
+            memcpy(ivec->data, blockN2, BLOCK_SIZE);
+
+        /* Decrypt second last block */
+        dec(tmp2, blockN2, &ctx);
+        /* Set tmp2 to last (possibly partial) plaintext block, and
+           save it.  */
+        xorblock(tmp2, blockN1);
+        memcpy(blockN2, tmp2, BLOCK_SIZE);
+
+        /* Maybe keep the trailing part, and copy in the last
+           ciphertext block.  */
+        input_length %= BLOCK_SIZE;
+        memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE);
+        dec(tmp3, tmp2, &ctx);
+        xorblock(tmp3, tmp);
+        memcpy(blockN1, tmp3, BLOCK_SIZE);
+
+        /* Put the last two blocks back into the iovec */
+        krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
     }
 
     return 0;
@@ -370,12 +371,12 @@ krb5int_aes_decrypt_iov(krb5_key key,
 
 static krb5_error_code
 krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
-			krb5_data *state)
+                        krb5_data *state)
 {
     state->length = 16;
     state->data = (void *) malloc(16);
     if (state->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(state->data, 0, state->length);
     return 0;
 }
diff --git a/src/lib/crypto/builtin/enc_provider/des.c b/src/lib/crypto/builtin/enc_provider/des.c
index f531c06..6a1ca8d 100644
--- a/src/lib/crypto/builtin/enc_provider/des.c
+++ b/src/lib/crypto/builtin/enc_provider/des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,37 +34,37 @@
 
 static krb5_error_code
 k5_des_docrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output, int enc)
+               const krb5_data *input, krb5_data *output, int enc)
 {
     mit_des_key_schedule schedule;
 
     /* key->keyblock.enctype was checked by the caller */
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input->length%8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
 
     /* this has a return value, but the code always returns zero */
 
     mit_des_cbc_encrypt((krb5_pointer) input->data,
-			(krb5_pointer) output->data, input->length,
-			schedule,
-			(ivec
-			 ? (const unsigned char *) ivec->data
-			 : (const unsigned char *) mit_des_zeroblock),
-			enc);
+                        (krb5_pointer) output->data, input->length,
+                        schedule,
+                        (ivec
+                         ? (const unsigned char *) ivec->data
+                         : (const unsigned char *) mit_des_zeroblock),
+                        enc);
 
     memset(schedule, 0, sizeof(schedule));
 
@@ -72,21 +73,21 @@ k5_des_docrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des_encrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     return(k5_des_docrypt(key, ivec, input, output, 1));
 }
 
 static krb5_error_code
 k5_des_decrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     return(k5_des_docrypt(key, ivec, input, output, 0));
 }
 
 static krb5_error_code
 k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec,
-		   krb5_crypto_iov *data, size_t num_data, int enc)
+                   krb5_crypto_iov *data, size_t num_data, int enc)
 {
     mit_des_key_schedule schedule;
     size_t input_length = 0;
@@ -95,32 +96,32 @@ k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec,
     /* key->keyblock.enctype was checked by the caller */
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
 
     for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_DATA_IOV(iov))
+            input_length += iov->data.length;
     }
 
     if ((input_length % 8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
 
     /* this has a return value, but the code always returns zero */
     if (enc)
-	krb5int_des_cbc_encrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
+        krb5int_des_cbc_encrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
     else
-	krb5int_des_cbc_decrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
+        krb5int_des_cbc_decrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
 
     memset(schedule, 0, sizeof(schedule));
 
@@ -129,18 +130,18 @@ k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+                   const krb5_data *ivec,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     return k5_des_docrypt_iov(key, ivec, data, num_data, 1);
 }
 
 static krb5_error_code
 k5_des_decrypt_iov(krb5_key key,
-		   const krb5_data *ivec,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+                   const krb5_data *ivec,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     return k5_des_docrypt_iov(key, ivec, data, num_data, 0);
 }
diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c
index c731639..c4ea3b2 100644
--- a/src/lib/crypto/builtin/enc_provider/des3.c
+++ b/src/lib/crypto/builtin/enc_provider/des3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,77 +32,77 @@
 
 static krb5_error_code
 validate_and_schedule(krb5_key key, const krb5_data *ivec,
-		      const krb5_data *input, const krb5_data *output,
-		      mit_des3_key_schedule *schedule)
+                      const krb5_data *input, const krb5_data *output,
+                      mit_des3_key_schedule *schedule)
 {
     /* key->keyblock.enctype was checked by the caller */
 
     if (key->keyblock.length != 24)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input->length%8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents,
-			       *schedule)) {
+                               *schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
     return 0;
 }
 
 static krb5_error_code
 validate_and_schedule_iov(krb5_key key, const krb5_data *ivec,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  mit_des3_key_schedule *schedule)
+                          const krb5_crypto_iov *data, size_t num_data,
+                          mit_des3_key_schedule *schedule)
 {
     size_t i, input_length;
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     if (key->keyblock.length != 24)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input_length%8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents,
-			       *schedule)) {
+                               *schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
     return 0;
 }
 
 static krb5_error_code
 k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+                const krb5_data *input, krb5_data *output)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
     err = validate_and_schedule(key, ivec, input, output, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
     krb5int_des3_cbc_encrypt((krb5_pointer) input->data,
-			     (krb5_pointer) output->data, input->length,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
+                             (krb5_pointer) output->data, input->length,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
 
     zap(schedule, sizeof(schedule));
 
@@ -110,20 +111,20 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+                const krb5_data *input, krb5_data *output)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
     err = validate_and_schedule(key, ivec, input, output, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
     krb5int_des3_cbc_decrypt((krb5_pointer) input->data,
-			     (krb5_pointer) output->data, input->length,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
+                             (krb5_pointer) output->data, input->length,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
 
     zap(schedule, sizeof(schedule));
 
@@ -132,21 +133,21 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des3_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+                    const krb5_data *ivec,
+                    krb5_crypto_iov *data,
+                    size_t num_data)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
     err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
     krb5int_des3_cbc_encrypt_iov(data, num_data,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec != NULL ? (unsigned char *) ivec->data : NULL);
+                                 schedule[0], schedule[1], schedule[2],
+                                 ivec != NULL ? (unsigned char *) ivec->data : NULL);
 
     zap(schedule, sizeof(schedule));
 
@@ -155,21 +156,21 @@ k5_des3_encrypt_iov(krb5_key key,
 
 static krb5_error_code
 k5_des3_decrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+                    const krb5_data *ivec,
+                    krb5_crypto_iov *data,
+                    size_t num_data)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
     err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
     krb5int_des3_cbc_decrypt_iov(data, num_data,
-				 schedule[0], schedule[1], schedule[2],
-				 ivec != NULL ? (unsigned char *) ivec->data : NULL);
+                                 schedule[0], schedule[1], schedule[2],
+                                 ivec != NULL ? (unsigned char *) ivec->data : NULL);
 
     zap(schedule, sizeof(schedule));
 
diff --git a/src/lib/crypto/builtin/enc_provider/enc_provider.h b/src/lib/crypto/builtin/enc_provider/enc_provider.h
index 49ffaaf..8144b65 100644
--- a/src/lib/crypto/builtin/enc_provider/enc_provider.h
+++ b/src/lib/crypto/builtin/enc_provider/enc_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c
index 0a1f618..ae4a004 100644
--- a/src/lib/crypto/builtin/enc_provider/rc4.c
+++ b/src/lib/crypto/builtin/enc_provider/rc4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* arcfour.c
  *
  * Copyright (c) 2000 by Computer Science Laboratory,
@@ -13,14 +14,14 @@
 
 typedef struct
 {
-   unsigned int x;
-   unsigned int y;
-   unsigned char state[256];
+    unsigned int x;
+    unsigned int y;
+    unsigned char state[256];
 } ArcfourContext;
 
 typedef struct {
-  int initialized;
-  ArcfourContext ctx;
+    int initialized;
+    ArcfourContext ctx;
 } ArcFourCipherState;
 
 /* gets the next byte from the PRNG */
@@ -32,16 +33,16 @@ static unsigned int k5_arcfour_byte(ArcfourContext *);
 
 /* Initializes the context and sets the key. */
 static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
-		  unsigned int keylen);
+                                       unsigned int keylen);
 
 /* Encrypts/decrypts data. */
 static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
-		     const unsigned char *src, unsigned int len);
+                             const unsigned char *src, unsigned int len);
 
 /* Interface layer to kerb5 crypto layer */
 static krb5_error_code
 k5_arcfour_docrypt(krb5_key, const krb5_data *,
-		   const krb5_data *, krb5_data *);
+                   const krb5_data *, krb5_data *);
 
 static const unsigned char arcfour_weakkey1[] = {0x00, 0x00, 0xfd};
 static const unsigned char arcfour_weakkey2[] = {0x03, 0xfd, 0xfc};
@@ -55,125 +56,125 @@ static const struct {
 
 static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
 {
-  unsigned int x;
-  unsigned int y;
-  unsigned int sx, sy;
-  unsigned char *state;
+    unsigned int x;
+    unsigned int y;
+    unsigned int sx, sy;
+    unsigned char *state;
 
-  state = ctx->state;
-  x = (ctx->x + 1) & 0xff;
-  sx = state[x];
-  y = (sx + ctx->y) & 0xff;
-  sy = state[y];
-  ctx->x = x;
-  ctx->y = y;
-  state[y] = sx;
-  state[x] = sy;
-  return state[(sx + sy) & 0xff];
+    state = ctx->state;
+    x = (ctx->x + 1) & 0xff;
+    sx = state[x];
+    y = (sx + ctx->y) & 0xff;
+    sy = state[y];
+    ctx->x = x;
+    ctx->y = y;
+    state[y] = sx;
+    state[x] = sy;
+    return state[(sx + sy) & 0xff];
 }
 
 static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
-		     const unsigned char *src, unsigned int len)
+                             const unsigned char *src, unsigned int len)
 {
-  unsigned int i;
-  for (i = 0; i < len; i++)
-    dest[i] = src[i] ^ k5_arcfour_byte(ctx);
+    unsigned int i;
+    for (i = 0; i < len; i++)
+        dest[i] = src[i] ^ k5_arcfour_byte(ctx);
 }
 
 
 static krb5_error_code
 k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
-		  unsigned int key_len)
+                unsigned int key_len)
 {
-  unsigned int t, u;
-  unsigned int keyindex;
-  unsigned int stateindex;
-  unsigned char* state;
-  unsigned int counter;
+    unsigned int t, u;
+    unsigned int keyindex;
+    unsigned int stateindex;
+    unsigned char* state;
+    unsigned int counter;
 
-  if (key_len != 16)
-    return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
-				 to return */
-  for (counter=0;
-       counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]);
-       counter++)
-      if (!memcmp(key, arcfour_weakkeys[counter].data,
-		  arcfour_weakkeys[counter].length))
-	  return KRB5DES_WEAK_KEY; /* most certainly not the correct error */
+    if (key_len != 16)
+        return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
+                                     to return */
+    for (counter=0;
+         counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]);
+         counter++)
+        if (!memcmp(key, arcfour_weakkeys[counter].data,
+                    arcfour_weakkeys[counter].length))
+            return KRB5DES_WEAK_KEY; /* most certainly not the correct error */
 
-  state = &ctx->state[0];
-  ctx->x = 0;
-  ctx->y = 0;
-  for (counter = 0; counter < 256; counter++)
-    state[counter] = counter;
-  keyindex = 0;
-  stateindex = 0;
-  for (counter = 0; counter < 256; counter++)
+    state = &ctx->state[0];
+    ctx->x = 0;
+    ctx->y = 0;
+    for (counter = 0; counter < 256; counter++)
+        state[counter] = counter;
+    keyindex = 0;
+    stateindex = 0;
+    for (counter = 0; counter < 256; counter++)
     {
-      t = state[counter];
-      stateindex = (stateindex + key[keyindex] + t) & 0xff;
-      u = state[stateindex];
-      state[stateindex] = t;
-      state[counter] = u;
-      if (++keyindex >= key_len)
-	keyindex = 0;
+        t = state[counter];
+        stateindex = (stateindex + key[keyindex] + t) & 0xff;
+        u = state[stateindex];
+        state[stateindex] = t;
+        state[counter] = u;
+        if (++keyindex >= key_len)
+            keyindex = 0;
     }
-  return 0;
+    return 0;
 }
 
 
 /* The workhorse of the arcfour system, this impliments the cipher */
 static krb5_error_code
 k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
-	       const krb5_data *input, krb5_data *output)
+                   const krb5_data *input, krb5_data *output)
 {
-  ArcfourContext *arcfour_ctx;
-  ArcFourCipherState *cipher_state;
-  int ret;
+    ArcfourContext *arcfour_ctx;
+    ArcFourCipherState *cipher_state;
+    int ret;
 
-  if (key->keyblock.length != 16)
-    return(KRB5_BAD_KEYSIZE);
-  if (state && (state->length != sizeof (ArcFourCipherState)))
-    return(KRB5_BAD_MSIZE);
-  if (input->length != output->length)
-    return(KRB5_BAD_MSIZE);
+    if (key->keyblock.length != 16)
+        return(KRB5_BAD_KEYSIZE);
+    if (state && (state->length != sizeof (ArcFourCipherState)))
+        return(KRB5_BAD_MSIZE);
+    if (input->length != output->length)
+        return(KRB5_BAD_MSIZE);
 
-  if (state) {
-    cipher_state = (ArcFourCipherState *) state->data;
-    arcfour_ctx=&cipher_state->ctx;
-    if (cipher_state->initialized == 0) {
-      if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			       key->keyblock.length))) {
-	return ret;
-      }
-      cipher_state->initialized = 1;
+    if (state) {
+        cipher_state = (ArcFourCipherState *) state->data;
+        arcfour_ctx=&cipher_state->ctx;
+        if (cipher_state->initialized == 0) {
+            if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                                     key->keyblock.length))) {
+                return ret;
+            }
+            cipher_state->initialized = 1;
+        }
+        k5_arcfour_crypt(arcfour_ctx, (unsigned char *) output->data, (const unsigned char *) input->data, input->length);
     }
-    k5_arcfour_crypt(arcfour_ctx, (unsigned char *) output->data, (const unsigned char *) input->data, input->length);
-  }
-  else {
-    arcfour_ctx=malloc(sizeof (ArcfourContext));
-    if (arcfour_ctx == NULL)
-      return ENOMEM;
-    if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			     key->keyblock.length))) {
-      free(arcfour_ctx);
-      return (ret);
+    else {
+        arcfour_ctx=malloc(sizeof (ArcfourContext));
+        if (arcfour_ctx == NULL)
+            return ENOMEM;
+        if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                                 key->keyblock.length))) {
+            free(arcfour_ctx);
+            return (ret);
+        }
+        k5_arcfour_crypt(arcfour_ctx, (unsigned char * ) output->data,
+                         (const unsigned char * ) input->data, input->length);
+        memset(arcfour_ctx, 0, sizeof (ArcfourContext));
+        free(arcfour_ctx);
     }
-    k5_arcfour_crypt(arcfour_ctx, (unsigned char * ) output->data,
-		     (const unsigned char * ) input->data, input->length);
-    memset(arcfour_ctx, 0, sizeof (ArcfourContext));
-    free(arcfour_ctx);
-  }
 
-  return 0;
+    return 0;
 }
 
 /* In-place encryption */
 static krb5_error_code
 k5_arcfour_docrypt_iov(krb5_key key,
-		       const krb5_data *state,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+                       const krb5_data *state,
+                       krb5_crypto_iov *data,
+                       size_t num_data)
 {
     ArcfourContext *arcfour_ctx = NULL;
     ArcFourCipherState *cipher_state = NULL;
@@ -181,45 +182,45 @@ k5_arcfour_docrypt_iov(krb5_key key,
     size_t i;
 
     if (key->keyblock.length != 16)
-	return KRB5_BAD_KEYSIZE;
+        return KRB5_BAD_KEYSIZE;
     if (state != NULL && (state->length != sizeof(ArcFourCipherState)))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (state != NULL) {
-	cipher_state = (ArcFourCipherState *)state->data;
-	arcfour_ctx = &cipher_state->ctx;
-	if (cipher_state->initialized == 0) {
-	    ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-				  key->keyblock.length);
-	    if (ret != 0)
-		return ret;
+        cipher_state = (ArcFourCipherState *)state->data;
+        arcfour_ctx = &cipher_state->ctx;
+        if (cipher_state->initialized == 0) {
+            ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                                  key->keyblock.length);
+            if (ret != 0)
+                return ret;
 
-	    cipher_state->initialized = 1;
-	}
+            cipher_state->initialized = 1;
+        }
     } else {
-	arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
-	if (arcfour_ctx == NULL)
-	    return ENOMEM;
+        arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
+        if (arcfour_ctx == NULL)
+            return ENOMEM;
 
-	ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			      key->keyblock.length);
-	if (ret != 0) {
-	    free(arcfour_ctx);
-	    return ret;
-	}
+        ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                              key->keyblock.length);
+        if (ret != 0) {
+            free(arcfour_ctx);
+            return ret;
+        }
     }
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
-			     (const unsigned char *)iov->data.data, iov->data.length);
+        if (ENCRYPT_IOV(iov))
+            k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
+                             (const unsigned char *)iov->data.data, iov->data.length);
     }
 
     if (state == NULL) {
-	memset(arcfour_ctx, 0, sizeof(ArcfourContext));
-	free(arcfour_ctx);
+        memset(arcfour_ctx, 0, sizeof(ArcfourContext));
+        free(arcfour_ctx);
     }
 
     return 0;
@@ -227,22 +228,22 @@ k5_arcfour_docrypt_iov(krb5_key key,
 
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
-		       krb5_keyusage keyusage, krb5_data *new_state)
+                       krb5_keyusage keyusage, krb5_data *new_state)
 {
-  /* Note that we can't actually set up the state here  because the key
-   * will change  between now and when encrypt is called
-   * because  it is data dependent.  Yeah, this has strange
-   * properties. --SDH
-   */
-  new_state->length = sizeof (ArcFourCipherState);
-  new_state->data = malloc (new_state->length);
-  if (new_state->data) {
-    memset (new_state->data, 0 , new_state->length);
-    /* That will set initialized to zero*/
-  }else {
-    return (ENOMEM);
-  }
-  return 0;
+    /* Note that we can't actually set up the state here  because the key
+     * will change  between now and when encrypt is called
+     * because  it is data dependent.  Yeah, this has strange
+     * properties. --SDH
+     */
+    new_state->length = sizeof (ArcFourCipherState);
+    new_state->data = malloc (new_state->length);
+    if (new_state->data) {
+        memset (new_state->data, 0 , new_state->length);
+        /* That will set initialized to zero*/
+    }else {
+        return (ENOMEM);
+    }
+    return 0;
 }
 
 /* Since the arcfour cipher is identical going forwards and backwards,
diff --git a/src/lib/crypto/builtin/hash_provider/hash_crc32.c b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
index 771a7d6..e748c98 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,18 +31,18 @@
 
 static krb5_error_code
 k5_crc32_hash(unsigned int icount, const krb5_data *input,
-	      krb5_data *output)
+              krb5_data *output)
 {
     unsigned long c, cn;
     unsigned int i;
 
     if (output->length != CRC32_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     c = 0;
     for (i=0; i<icount; i++) {
-	mit_crc32(input[i].data, input[i].length, &cn);
-	c ^= cn;
+        mit_crc32(input[i].data, input[i].length, &cn);
+        c ^= cn;
     }
 
     store_32_le(c, output->data);
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md4.c b/src/lib/crypto/builtin/hash_provider/hash_md4.c
index 916da0f..3a7d0d4 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md4.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,17 +31,17 @@
 
 static krb5_error_code
 k5_md4_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+            krb5_data *output)
 {
     krb5_MD4_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD4_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD4Init(&ctx);
     for (i=0; i<icount; i++)
-	krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+        krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
     krb5int_MD4Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md5.c b/src/lib/crypto/builtin/hash_provider/hash_md5.c
index e1e29f0..610e414 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md5.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,17 +31,17 @@
 
 static krb5_error_code
 k5_md5_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+            krb5_data *output)
 {
     krb5_MD5_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD5_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD5Init(&ctx);
     for (i=0; i<icount; i++)
-	krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+        krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
     krb5int_MD5Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
diff --git a/src/lib/crypto/builtin/hash_provider/hash_provider.h b/src/lib/crypto/builtin/hash_provider/hash_provider.h
index 1023d1a..eebe845 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_provider.h
+++ b/src/lib/crypto/builtin/hash_provider/hash_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha1.c b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
index 1f1fc62..a861d4c 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,21 +31,21 @@
 
 static krb5_error_code
 k5_sha1_hash(unsigned int icount, const krb5_data *input,
-	     krb5_data *output)
+             krb5_data *output)
 {
     SHS_INFO ctx;
     unsigned int i;
 
     if (output->length != SHS_DIGESTSIZE)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     shsInit(&ctx);
     for (i=0; i<icount; i++)
-	shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
+        shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
     shsFinal(&ctx);
 
     for (i=0; i<(sizeof(ctx.digest)/sizeof(ctx.digest[0])); i++) {
-	store_32_be(ctx.digest[i], &output->data[i*4]);
+        store_32_be(ctx.digest[i], &output->data[i*4]);
     }
 
     return(0);
diff --git a/src/lib/crypto/builtin/hmac.c b/src/lib/crypto/builtin/hmac.c
index 3e58a59..7d1f244 100644
--- a/src/lib/crypto/builtin/hmac.c
+++ b/src/lib/crypto/builtin/hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -52,8 +53,8 @@
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-		      const krb5_keyblock *key, unsigned int icount,
-		      const krb5_data *input, krb5_data *output)
+                      const krb5_keyblock *key, unsigned int icount,
+                      const krb5_data *input, krb5_data *output)
 {
     size_t hashsize, blocksize;
     unsigned char *xorkey, *ihash;
@@ -140,9 +141,9 @@ cleanup:
 
 krb5_error_code
 krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
-			  const krb5_keyblock *key,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  krb5_data *output)
+                          const krb5_keyblock *key,
+                          const krb5_crypto_iov *data, size_t num_data,
+                          krb5_data *output)
 {
     krb5_data *sign_data;
     size_t num_sign_data;
@@ -179,16 +180,16 @@ krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
 
 krb5_error_code
 krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
-	  unsigned int icount, const krb5_data *input, krb5_data *output)
+             unsigned int icount, const krb5_data *input, krb5_data *output)
 {
     return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
 }
 
 krb5_error_code
 krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key,
-		 const krb5_crypto_iov *data, size_t num_data,
-		 krb5_data *output)
+                 const krb5_crypto_iov *data, size_t num_data,
+                 krb5_data *output)
 {
     return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data,
-				     output);
+                                     output);
 }
diff --git a/src/lib/crypto/builtin/md4/md4.c b/src/lib/crypto/builtin/md4/md4.c
index b36a476..6850e13 100644
--- a/src/lib/crypto/builtin/md4/md4.c
+++ b/src/lib/crypto/builtin/md4/md4.c
@@ -1,39 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- *	lib/crypto/md4/md4.c
+ *      lib/crypto/md4/md4.c
  */
 
 /*
- **********************************************************************
- ** md4.c                                                            **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version                  **
- **********************************************************************
- */
+**********************************************************************
+** md4.c                                                            **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version                  **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 #include "k5-int.h"
 #include "rsa-md4.h"
@@ -42,14 +43,14 @@
 static void Transform (krb5_ui_4 *, krb5_ui_4 *);
 
 static const unsigned char PADDING[64] = {
-  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
 /* F, G and H are basic MD4 functions: selection, majority, parity */
@@ -62,185 +63,185 @@ static const unsigned char PADDING[64] = {
 
 /* FF, GG and HH are MD4 transformations for rounds 1, 2 and 3 */
 /* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s) \
-  {(a) += F ((b), (c), (d)) + (x); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
-#define GG(a, b, c, d, x, s) \
-  {(a) += G ((b), (c), (d)) + (x) + 013240474631UL; \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
-#define HH(a, b, c, d, x, s) \
-  {(a) += H ((b), (c), (d)) + (x) + 015666365641UL; \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
+#define FF(a, b, c, d, x, s)                    \
+    {(a) += F ((b), (c), (d)) + (x);            \
+        (a) &= 0xffffffff;                      \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define GG(a, b, c, d, x, s)                            \
+    {(a) += G ((b), (c), (d)) + (x) + 013240474631UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define HH(a, b, c, d, x, s)                            \
+    {(a) += H ((b), (c), (d)) + (x) + 015666365641UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
 
 void
 krb5int_MD4Init (krb5_MD4_CTX *mdContext)
 {
-  mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
-
-  /* Load magic initialization constants.
-   */
-  mdContext->buf[0] = 0x67452301UL;
-  mdContext->buf[1] = 0xefcdab89UL;
-  mdContext->buf[2] = 0x98badcfeUL;
-  mdContext->buf[3] = 0x10325476UL;
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
 }
 
 void
 krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* update number of bits */
-  if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
-    mdContext->i[1]++;
-  mdContext->i[0] += ((krb5_ui_4)inLen << 3);
-  mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
-
-  while (inLen--) {
-    /* add new character to buffer, increment mdi */
-    mdContext->in[mdi++] = *inBuf++;
-
-    /* transform if necessary */
-    if (mdi == 0x40) {
-      for (i = 0, ii = 0; i < 16; i++, ii += 4) {
-	  in[i] = load_32_le(mdContext->in+ii);
-      }
-      Transform (mdContext->buf, in);
-      mdi = 0;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4) {
+                in[i] = load_32_le(mdContext->in+ii);
+            }
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
     }
-  }
 }
 
 void
 krb5int_MD4Final (krb5_MD4_CTX *mdContext)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-  unsigned int padLen;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
 
-  /* save number of bits */
-  in[14] = mdContext->i[0];
-  in[15] = mdContext->i[1];
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
 
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
 
-  /* pad out to 56 mod 64 */
-  padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
-  krb5int_MD4Update (mdContext, PADDING, padLen);
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD4Update (mdContext, PADDING, padLen);
 
-  /* append length in bits and transform */
-  for (i = 0, ii = 0; i < 14; i++, ii += 4)
-      in[i] = load_32_le(mdContext->in+ii);
-  Transform (mdContext->buf, in);
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
 
 
-  /* store buffer in digest */
-  for (i = 0, ii = 0; i < 4; i++, ii += 4) {
-      store_32_le(mdContext->buf[i], mdContext->digest+ii);
-  }
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
 }
 
 /* Basic MD4 step. Transform buf based on in.
  */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
 {
-  register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+    register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
-  int i;
+    int i;
 #define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round1consts[] = { 3, 7, 11, 19, };
-      FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round2indices[] = {
-	  0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
-      };
-      static const unsigned char round2consts[] = { 3, 5, 9, 13 };
-      GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round3indices[] = {
-	  0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
-      };
-      static const unsigned char round3consts[] = { 3, 9, 11, 15 };
-      HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
-  }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round1consts[] = { 3, 7, 11, 19, };
+        FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round2indices[] = {
+            0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
+        };
+        static const unsigned char round2consts[] = { 3, 5, 9, 13 };
+        GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3indices[] = {
+            0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
+        };
+        static const unsigned char round3consts[] = { 3, 9, 11, 15 };
+        HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
+    }
 #else
-  /* Round 1 */
-  FF (a, b, c, d, in[ 0],  3);
-  FF (d, a, b, c, in[ 1],  7);
-  FF (c, d, a, b, in[ 2], 11);
-  FF (b, c, d, a, in[ 3], 19);
-  FF (a, b, c, d, in[ 4],  3);
-  FF (d, a, b, c, in[ 5],  7);
-  FF (c, d, a, b, in[ 6], 11);
-  FF (b, c, d, a, in[ 7], 19);
-  FF (a, b, c, d, in[ 8],  3);
-  FF (d, a, b, c, in[ 9],  7);
-  FF (c, d, a, b, in[10], 11);
-  FF (b, c, d, a, in[11], 19);
-  FF (a, b, c, d, in[12],  3);
-  FF (d, a, b, c, in[13],  7);
-  FF (c, d, a, b, in[14], 11);
-  FF (b, c, d, a, in[15], 19);
-
-  /* Round 2 */
-  GG (a, b, c, d, in[ 0],  3);
-  GG (d, a, b, c, in[ 4],  5);
-  GG (c, d, a, b, in[ 8],  9);
-  GG (b, c, d, a, in[12], 13);
-  GG (a, b, c, d, in[ 1],  3);
-  GG (d, a, b, c, in[ 5],  5);
-  GG (c, d, a, b, in[ 9],  9);
-  GG (b, c, d, a, in[13], 13);
-  GG (a, b, c, d, in[ 2],  3);
-  GG (d, a, b, c, in[ 6],  5);
-  GG (c, d, a, b, in[10],  9);
-  GG (b, c, d, a, in[14], 13);
-  GG (a, b, c, d, in[ 3],  3);
-  GG (d, a, b, c, in[ 7],  5);
-  GG (c, d, a, b, in[11],  9);
-  GG (b, c, d, a, in[15], 13);
-
-  /* Round 3 */
-  HH (a, b, c, d, in[ 0],  3);
-  HH (d, a, b, c, in[ 8],  9);
-  HH (c, d, a, b, in[ 4], 11);
-  HH (b, c, d, a, in[12], 15);
-  HH (a, b, c, d, in[ 2],  3);
-  HH (d, a, b, c, in[10],  9);
-  HH (c, d, a, b, in[ 6], 11);
-  HH (b, c, d, a, in[14], 15);
-  HH (a, b, c, d, in[ 1],  3);
-  HH (d, a, b, c, in[ 9],  9);
-  HH (c, d, a, b, in[ 5], 11);
-  HH (b, c, d, a, in[13], 15);
-  HH (a, b, c, d, in[ 3],  3);
-  HH (d, a, b, c, in[11],  9);
-  HH (c, d, a, b, in[ 7], 11);
-  HH (b, c, d, a, in[15], 15);
+    /* Round 1 */
+    FF (a, b, c, d, in[ 0],  3);
+    FF (d, a, b, c, in[ 1],  7);
+    FF (c, d, a, b, in[ 2], 11);
+    FF (b, c, d, a, in[ 3], 19);
+    FF (a, b, c, d, in[ 4],  3);
+    FF (d, a, b, c, in[ 5],  7);
+    FF (c, d, a, b, in[ 6], 11);
+    FF (b, c, d, a, in[ 7], 19);
+    FF (a, b, c, d, in[ 8],  3);
+    FF (d, a, b, c, in[ 9],  7);
+    FF (c, d, a, b, in[10], 11);
+    FF (b, c, d, a, in[11], 19);
+    FF (a, b, c, d, in[12],  3);
+    FF (d, a, b, c, in[13],  7);
+    FF (c, d, a, b, in[14], 11);
+    FF (b, c, d, a, in[15], 19);
+
+    /* Round 2 */
+    GG (a, b, c, d, in[ 0],  3);
+    GG (d, a, b, c, in[ 4],  5);
+    GG (c, d, a, b, in[ 8],  9);
+    GG (b, c, d, a, in[12], 13);
+    GG (a, b, c, d, in[ 1],  3);
+    GG (d, a, b, c, in[ 5],  5);
+    GG (c, d, a, b, in[ 9],  9);
+    GG (b, c, d, a, in[13], 13);
+    GG (a, b, c, d, in[ 2],  3);
+    GG (d, a, b, c, in[ 6],  5);
+    GG (c, d, a, b, in[10],  9);
+    GG (b, c, d, a, in[14], 13);
+    GG (a, b, c, d, in[ 3],  3);
+    GG (d, a, b, c, in[ 7],  5);
+    GG (c, d, a, b, in[11],  9);
+    GG (b, c, d, a, in[15], 13);
+
+    /* Round 3 */
+    HH (a, b, c, d, in[ 0],  3);
+    HH (d, a, b, c, in[ 8],  9);
+    HH (c, d, a, b, in[ 4], 11);
+    HH (b, c, d, a, in[12], 15);
+    HH (a, b, c, d, in[ 2],  3);
+    HH (d, a, b, c, in[10],  9);
+    HH (c, d, a, b, in[ 6], 11);
+    HH (b, c, d, a, in[14], 15);
+    HH (a, b, c, d, in[ 1],  3);
+    HH (d, a, b, c, in[ 9],  9);
+    HH (c, d, a, b, in[ 5], 11);
+    HH (b, c, d, a, in[13], 15);
+    HH (a, b, c, d, in[ 3],  3);
+    HH (d, a, b, c, in[11],  9);
+    HH (c, d, a, b, in[ 7], 11);
+    HH (b, c, d, a, in[15], 15);
 #endif
 
-  buf[0] += a;
-  buf[1] += b;
-  buf[2] += c;
-  buf[3] += d;
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
 }
 
 /*
- **********************************************************************
- ** End of md4.c                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.c                                                     **
+******************************* (cut) ********************************
+*/
diff --git a/src/lib/crypto/builtin/md4/rsa-md4.h b/src/lib/crypto/builtin/md4/rsa-md4.h
index 2f59220..408f2ef 100644
--- a/src/lib/crypto/builtin/md4/rsa-md4.h
+++ b/src/lib/crypto/builtin/md4/rsa-md4.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md4/rsa-md4.h
  *
@@ -35,51 +36,51 @@
 #endif /* unicos61 */
 
 /* 16 u_char's in the digest */
-#define RSA_MD4_CKSUM_LENGTH	16
+#define RSA_MD4_CKSUM_LENGTH    16
 /* des blocksize is 8, so this works nicely... */
-#define OLD_RSA_MD4_DES_CKSUM_LENGTH	16
-#define NEW_RSA_MD4_DES_CKSUM_LENGTH	24
-#define	RSA_MD4_DES_CONFOUND_LENGTH	8
+#define OLD_RSA_MD4_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD4_DES_CKSUM_LENGTH    24
+#define RSA_MD4_DES_CONFOUND_LENGTH     8
 
 /*
- **********************************************************************
- ** md4.h -- Header file for implementation of MD4                   **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
- **********************************************************************
- */
+**********************************************************************
+** md4.h -- Header file for implementation of MD4                   **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 /* Data structure for MD4 (Message Digest) computation */
 typedef struct {
-  krb5_ui_4 i[2];			/* number of _bits_ handled mod 2^64 */
-  krb5_ui_4 buf[4];			/* scratch buffer */
-  unsigned char in[64];			/* input buffer */
-  unsigned char digest[16];		/* actual digest after MD4Final call */
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD4Final call */
 } krb5_MD4_CTX;
 
 extern void krb5int_MD4Init(krb5_MD4_CTX *);
@@ -87,8 +88,8 @@ extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned in
 extern void krb5int_MD4Final(krb5_MD4_CTX *);
 
 /*
- **********************************************************************
- ** End of md4.h                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.h                                                     **
+******************************* (cut) ********************************
+*/
 #endif /* __KRB5_RSA_MD4_H__ */
diff --git a/src/lib/crypto/builtin/md5/md5.c b/src/lib/crypto/builtin/md5/md5.c
index 76f8fa2..7e06aa6 100644
--- a/src/lib/crypto/builtin/md5/md5.c
+++ b/src/lib/crypto/builtin/md5/md5.c
@@ -1,66 +1,67 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- ***********************************************************************
- ** md5.c -- the source code for MD5 routines                         **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
- ***********************************************************************
- */
+***********************************************************************
+** md5.c -- the source code for MD5 routines                         **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+***********************************************************************
+*/
 
 /*
  * Modified by John Carr, MIT, to use Kerberos 5 typedefs.
  */
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
 #include "k5-int.h"
 #include "rsa-md5.h"
 
 /*
- ***********************************************************************
- **  Message-digest routines:                                         **
- **  To form the message digest for a message M                       **
- **    (1) Initialize a context buffer mdContext using krb5int_MD5Init   **
- **    (2) Call krb5int_MD5Update on mdContext and M                     **
- **    (3) Call krb5int_MD5Final on mdContext                            **
- **  The message digest is now in mdContext->digest[0...15]           **
- ***********************************************************************
- */
+***********************************************************************
+**  Message-digest routines:                                         **
+**  To form the message digest for a message M                       **
+**    (1) Initialize a context buffer mdContext using krb5int_MD5Init   **
+**    (2) Call krb5int_MD5Update on mdContext and M                     **
+**    (3) Call krb5int_MD5Final on mdContext                            **
+**  The message digest is now in mdContext->digest[0...15]           **
+***********************************************************************
+*/
 
 /* forward declaration */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in);
 
 static const unsigned char PADDING[64] = {
-  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
 /* F, G, H and I are basic MD5 functions */
@@ -74,270 +75,270 @@ static const unsigned char PADDING[64] = {
 
 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
 /* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s, ac) \
-  {(a) += F ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define GG(a, b, c, d, x, s, ac) \
-  {(a) += G ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define HH(a, b, c, d, x, s, ac) \
-  {(a) += H ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define II(a, b, c, d, x, s, ac) \
-  {(a) += I ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
+#define FF(a, b, c, d, x, s, ac)                        \
+    {(a) += F ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define GG(a, b, c, d, x, s, ac)                        \
+    {(a) += G ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define HH(a, b, c, d, x, s, ac)                        \
+    {(a) += H ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define II(a, b, c, d, x, s, ac)                        \
+    {(a) += I ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
 
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
- */
+*/
 void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
-  mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
-
-  /* Load magic initialization constants.
-   */
-  mdContext->buf[0] = 0x67452301UL;
-  mdContext->buf[1] = 0xefcdab89UL;
-  mdContext->buf[2] = 0x98badcfeUL;
-  mdContext->buf[3] = 0x10325476UL;
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
 }
 
 /* The routine krb5int_MD5Update updates the message-digest context to
    account for the presence of each of the characters inBuf[0..inLen-1]
    in the message whose digest is being computed.
- */
+*/
 void
 krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* update number of bits */
-  if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
-    mdContext->i[1]++;
-  mdContext->i[0] += ((krb5_ui_4)inLen << 3);
-  mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
-
-  while (inLen--) {
-    /* add new character to buffer, increment mdi */
-    mdContext->in[mdi++] = *inBuf++;
-
-    /* transform if necessary */
-    if (mdi == 0x40) {
-      for (i = 0, ii = 0; i < 16; i++, ii += 4)
-	  in[i] = load_32_le(mdContext->in+ii);
-      Transform (mdContext->buf, in);
-      mdi = 0;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4)
+                in[i] = load_32_le(mdContext->in+ii);
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
     }
-  }
 }
 
 /* The routine krb5int_MD5Final terminates the message-digest computation and
    ends with the desired message digest in mdContext->digest[0...15].
- */
+*/
 void
 krb5int_MD5Final (krb5_MD5_CTX *mdContext)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-  unsigned int padLen;
-
-  /* save number of bits */
-  in[14] = mdContext->i[0];
-  in[15] = mdContext->i[1];
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* pad out to 56 mod 64 */
-  padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
-  krb5int_MD5Update (mdContext, PADDING, padLen);
-
-  /* append length in bits and transform */
-  for (i = 0, ii = 0; i < 14; i++, ii += 4)
-      in[i] = load_32_le(mdContext->in+ii);
-  Transform (mdContext->buf, in);
-
-  /* store buffer in digest */
-  for (i = 0, ii = 0; i < 4; i++, ii += 4) {
-    store_32_le(mdContext->buf[i], mdContext->digest+ii);
-  }
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
+
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD5Update (mdContext, PADDING, padLen);
+
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
+
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
 }
 
 /* Basic MD5 step. Transforms buf based on in.
  */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
 {
-  register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+    register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 
-  int i;
+    int i;
 #define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
-  for (i = 0; i < 16; i++) {
-      const unsigned char round1s[] = { 7, 12, 17, 22 };
-      const krb5_ui_4 round1consts[] = {
-	  3614090360UL,	  3905402710UL,	   606105819UL,	  3250441966UL,
-	  4118548399UL,	  1200080426UL,	  2821735955UL,	  4249261313UL,
-	  1770035416UL,	  2336552879UL,	  4294925233UL,	  2304563134UL,
-	  1804603682UL,	  4254626195UL,	  2792965006UL,	  1236535329UL,
-      };
-      FF (a, b, c, d, in[i], round1s[i%4], round1consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      const unsigned char round2s[] = { 5, 9, 14, 20 };
-      const krb5_ui_4 round2consts[] = {
-	  4129170786UL,	  3225465664UL,	   643717713UL,	  3921069994UL,
-	  3593408605UL,	    38016083UL,	  3634488961UL,	  3889429448UL,
-	   568446438UL,	  3275163606UL,	  4107603335UL,	  1163531501UL,
-	  2850285829UL,	  4243563512UL,	  1735328473UL,	  2368359562UL,
-      };
-      int r2index = (1 + i * 5) % 16;
-      GG (a, b, c, d, in[r2index], round2s[i%4], round2consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round3s[] = { 4, 11, 16, 23 };
-      static const krb5_ui_4 round3consts[] = {
-	  4294588738UL,	  2272392833UL,	  1839030562UL,	  4259657740UL,
-	  2763975236UL,	  1272893353UL,	  4139469664UL,	  3200236656UL,
-	   681279174UL,	  3936430074UL,	  3572445317UL,	    76029189UL,
-	  3654602809UL,	  3873151461UL,	   530742520UL,	  3299628645UL,
-      };
-      int r3index = (5 + i * 3) % 16;
-      HH (a, b, c, d, in[r3index], round3s[i%4], round3consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round4s[] = { 6, 10, 15, 21 };
-      static const krb5_ui_4 round4consts[] = {
-	  4096336452UL,	  1126891415UL,	  2878612391UL,	  4237533241UL,
-	  1700485571UL,	  2399980690UL,	  4293915773UL,	  2240044497UL,
-	  1873313359UL,	  4264355552UL,	  2734768916UL,	  1309151649UL,
-	  4149444226UL,	  3174756917UL,	   718787259UL,	  3951481745UL,
-      };
-      int r4index = (7 * i) % 16;
-      II (a, b, c, d, in[r4index], round4s[i%4], round4consts[i]);
-      ROTATE;
-  }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round1s[] = { 7, 12, 17, 22 };
+        const krb5_ui_4 round1consts[] = {
+            3614090360UL,   3905402710UL,    606105819UL,   3250441966UL,
+            4118548399UL,   1200080426UL,   2821735955UL,   4249261313UL,
+            1770035416UL,   2336552879UL,   4294925233UL,   2304563134UL,
+            1804603682UL,   4254626195UL,   2792965006UL,   1236535329UL,
+        };
+        FF (a, b, c, d, in[i], round1s[i%4], round1consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round2s[] = { 5, 9, 14, 20 };
+        const krb5_ui_4 round2consts[] = {
+            4129170786UL,   3225465664UL,    643717713UL,   3921069994UL,
+            3593408605UL,     38016083UL,   3634488961UL,   3889429448UL,
+            568446438UL,   3275163606UL,   4107603335UL,   1163531501UL,
+            2850285829UL,   4243563512UL,   1735328473UL,   2368359562UL,
+        };
+        int r2index = (1 + i * 5) % 16;
+        GG (a, b, c, d, in[r2index], round2s[i%4], round2consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3s[] = { 4, 11, 16, 23 };
+        static const krb5_ui_4 round3consts[] = {
+            4294588738UL,   2272392833UL,   1839030562UL,   4259657740UL,
+            2763975236UL,   1272893353UL,   4139469664UL,   3200236656UL,
+            681279174UL,   3936430074UL,   3572445317UL,     76029189UL,
+            3654602809UL,   3873151461UL,    530742520UL,   3299628645UL,
+        };
+        int r3index = (5 + i * 3) % 16;
+        HH (a, b, c, d, in[r3index], round3s[i%4], round3consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round4s[] = { 6, 10, 15, 21 };
+        static const krb5_ui_4 round4consts[] = {
+            4096336452UL,   1126891415UL,   2878612391UL,   4237533241UL,
+            1700485571UL,   2399980690UL,   4293915773UL,   2240044497UL,
+            1873313359UL,   4264355552UL,   2734768916UL,   1309151649UL,
+            4149444226UL,   3174756917UL,    718787259UL,   3951481745UL,
+        };
+        int r4index = (7 * i) % 16;
+        II (a, b, c, d, in[r4index], round4s[i%4], round4consts[i]);
+        ROTATE;
+    }
 
 #else
 
-  /* Round 1 */
+    /* Round 1 */
 #define S11 7
 #define S12 12
 #define S13 17
 #define S14 22
-  FF ( a, b, c, d, in[ 0], S11, 3614090360UL); /* 1 */
-  FF ( d, a, b, c, in[ 1], S12, 3905402710UL); /* 2 */
-  FF ( c, d, a, b, in[ 2], S13,  606105819UL); /* 3 */
-  FF ( b, c, d, a, in[ 3], S14, 3250441966UL); /* 4 */
-  FF ( a, b, c, d, in[ 4], S11, 4118548399UL); /* 5 */
-  FF ( d, a, b, c, in[ 5], S12, 1200080426UL); /* 6 */
-  FF ( c, d, a, b, in[ 6], S13, 2821735955UL); /* 7 */
-  FF ( b, c, d, a, in[ 7], S14, 4249261313UL); /* 8 */
-  FF ( a, b, c, d, in[ 8], S11, 1770035416UL); /* 9 */
-  FF ( d, a, b, c, in[ 9], S12, 2336552879UL); /* 10 */
-  FF ( c, d, a, b, in[10], S13, 4294925233UL); /* 11 */
-  FF ( b, c, d, a, in[11], S14, 2304563134UL); /* 12 */
-  FF ( a, b, c, d, in[12], S11, 1804603682UL); /* 13 */
-  FF ( d, a, b, c, in[13], S12, 4254626195UL); /* 14 */
-  FF ( c, d, a, b, in[14], S13, 2792965006UL); /* 15 */
-  FF ( b, c, d, a, in[15], S14, 1236535329UL); /* 16 */
-
-  /* Round 2 */
+    FF ( a, b, c, d, in[ 0], S11, 3614090360UL); /* 1 */
+    FF ( d, a, b, c, in[ 1], S12, 3905402710UL); /* 2 */
+    FF ( c, d, a, b, in[ 2], S13,  606105819UL); /* 3 */
+    FF ( b, c, d, a, in[ 3], S14, 3250441966UL); /* 4 */
+    FF ( a, b, c, d, in[ 4], S11, 4118548399UL); /* 5 */
+    FF ( d, a, b, c, in[ 5], S12, 1200080426UL); /* 6 */
+    FF ( c, d, a, b, in[ 6], S13, 2821735955UL); /* 7 */
+    FF ( b, c, d, a, in[ 7], S14, 4249261313UL); /* 8 */
+    FF ( a, b, c, d, in[ 8], S11, 1770035416UL); /* 9 */
+    FF ( d, a, b, c, in[ 9], S12, 2336552879UL); /* 10 */
+    FF ( c, d, a, b, in[10], S13, 4294925233UL); /* 11 */
+    FF ( b, c, d, a, in[11], S14, 2304563134UL); /* 12 */
+    FF ( a, b, c, d, in[12], S11, 1804603682UL); /* 13 */
+    FF ( d, a, b, c, in[13], S12, 4254626195UL); /* 14 */
+    FF ( c, d, a, b, in[14], S13, 2792965006UL); /* 15 */
+    FF ( b, c, d, a, in[15], S14, 1236535329UL); /* 16 */
+
+    /* Round 2 */
 #define S21 5
 #define S22 9
 #define S23 14
 #define S24 20
-  GG ( a, b, c, d, in[ 1], S21, 4129170786UL); /* 17 */
-  GG ( d, a, b, c, in[ 6], S22, 3225465664UL); /* 18 */
-  GG ( c, d, a, b, in[11], S23,  643717713UL); /* 19 */
-  GG ( b, c, d, a, in[ 0], S24, 3921069994UL); /* 20 */
-  GG ( a, b, c, d, in[ 5], S21, 3593408605UL); /* 21 */
-  GG ( d, a, b, c, in[10], S22,   38016083UL); /* 22 */
-  GG ( c, d, a, b, in[15], S23, 3634488961UL); /* 23 */
-  GG ( b, c, d, a, in[ 4], S24, 3889429448UL); /* 24 */
-  GG ( a, b, c, d, in[ 9], S21,  568446438UL); /* 25 */
-  GG ( d, a, b, c, in[14], S22, 3275163606UL); /* 26 */
-  GG ( c, d, a, b, in[ 3], S23, 4107603335UL); /* 27 */
-  GG ( b, c, d, a, in[ 8], S24, 1163531501UL); /* 28 */
-  GG ( a, b, c, d, in[13], S21, 2850285829UL); /* 29 */
-  GG ( d, a, b, c, in[ 2], S22, 4243563512UL); /* 30 */
-  GG ( c, d, a, b, in[ 7], S23, 1735328473UL); /* 31 */
-  GG ( b, c, d, a, in[12], S24, 2368359562UL); /* 32 */
-
-  /* Round 3 */
+    GG ( a, b, c, d, in[ 1], S21, 4129170786UL); /* 17 */
+    GG ( d, a, b, c, in[ 6], S22, 3225465664UL); /* 18 */
+    GG ( c, d, a, b, in[11], S23,  643717713UL); /* 19 */
+    GG ( b, c, d, a, in[ 0], S24, 3921069994UL); /* 20 */
+    GG ( a, b, c, d, in[ 5], S21, 3593408605UL); /* 21 */
+    GG ( d, a, b, c, in[10], S22,   38016083UL); /* 22 */
+    GG ( c, d, a, b, in[15], S23, 3634488961UL); /* 23 */
+    GG ( b, c, d, a, in[ 4], S24, 3889429448UL); /* 24 */
+    GG ( a, b, c, d, in[ 9], S21,  568446438UL); /* 25 */
+    GG ( d, a, b, c, in[14], S22, 3275163606UL); /* 26 */
+    GG ( c, d, a, b, in[ 3], S23, 4107603335UL); /* 27 */
+    GG ( b, c, d, a, in[ 8], S24, 1163531501UL); /* 28 */
+    GG ( a, b, c, d, in[13], S21, 2850285829UL); /* 29 */
+    GG ( d, a, b, c, in[ 2], S22, 4243563512UL); /* 30 */
+    GG ( c, d, a, b, in[ 7], S23, 1735328473UL); /* 31 */
+    GG ( b, c, d, a, in[12], S24, 2368359562UL); /* 32 */
+
+    /* Round 3 */
 #define S31 4
 #define S32 11
 #define S33 16
 #define S34 23
-  HH ( a, b, c, d, in[ 5], S31, 4294588738UL); /* 33 */
-  HH ( d, a, b, c, in[ 8], S32, 2272392833UL); /* 34 */
-  HH ( c, d, a, b, in[11], S33, 1839030562UL); /* 35 */
-  HH ( b, c, d, a, in[14], S34, 4259657740UL); /* 36 */
-  HH ( a, b, c, d, in[ 1], S31, 2763975236UL); /* 37 */
-  HH ( d, a, b, c, in[ 4], S32, 1272893353UL); /* 38 */
-  HH ( c, d, a, b, in[ 7], S33, 4139469664UL); /* 39 */
-  HH ( b, c, d, a, in[10], S34, 3200236656UL); /* 40 */
-  HH ( a, b, c, d, in[13], S31,  681279174UL); /* 41 */
-  HH ( d, a, b, c, in[ 0], S32, 3936430074UL); /* 42 */
-  HH ( c, d, a, b, in[ 3], S33, 3572445317UL); /* 43 */
-  HH ( b, c, d, a, in[ 6], S34,   76029189UL); /* 44 */
-  HH ( a, b, c, d, in[ 9], S31, 3654602809UL); /* 45 */
-  HH ( d, a, b, c, in[12], S32, 3873151461UL); /* 46 */
-  HH ( c, d, a, b, in[15], S33,  530742520UL); /* 47 */
-  HH ( b, c, d, a, in[ 2], S34, 3299628645UL); /* 48 */
-
-  /* Round 4 */
+    HH ( a, b, c, d, in[ 5], S31, 4294588738UL); /* 33 */
+    HH ( d, a, b, c, in[ 8], S32, 2272392833UL); /* 34 */
+    HH ( c, d, a, b, in[11], S33, 1839030562UL); /* 35 */
+    HH ( b, c, d, a, in[14], S34, 4259657740UL); /* 36 */
+    HH ( a, b, c, d, in[ 1], S31, 2763975236UL); /* 37 */
+    HH ( d, a, b, c, in[ 4], S32, 1272893353UL); /* 38 */
+    HH ( c, d, a, b, in[ 7], S33, 4139469664UL); /* 39 */
+    HH ( b, c, d, a, in[10], S34, 3200236656UL); /* 40 */
+    HH ( a, b, c, d, in[13], S31,  681279174UL); /* 41 */
+    HH ( d, a, b, c, in[ 0], S32, 3936430074UL); /* 42 */
+    HH ( c, d, a, b, in[ 3], S33, 3572445317UL); /* 43 */
+    HH ( b, c, d, a, in[ 6], S34,   76029189UL); /* 44 */
+    HH ( a, b, c, d, in[ 9], S31, 3654602809UL); /* 45 */
+    HH ( d, a, b, c, in[12], S32, 3873151461UL); /* 46 */
+    HH ( c, d, a, b, in[15], S33,  530742520UL); /* 47 */
+    HH ( b, c, d, a, in[ 2], S34, 3299628645UL); /* 48 */
+
+    /* Round 4 */
 #define S41 6
 #define S42 10
 #define S43 15
 #define S44 21
-  II ( a, b, c, d, in[ 0], S41, 4096336452UL); /* 49 */
-  II ( d, a, b, c, in[ 7], S42, 1126891415UL); /* 50 */
-  II ( c, d, a, b, in[14], S43, 2878612391UL); /* 51 */
-  II ( b, c, d, a, in[ 5], S44, 4237533241UL); /* 52 */
-  II ( a, b, c, d, in[12], S41, 1700485571UL); /* 53 */
-  II ( d, a, b, c, in[ 3], S42, 2399980690UL); /* 54 */
-  II ( c, d, a, b, in[10], S43, 4293915773UL); /* 55 */
-  II ( b, c, d, a, in[ 1], S44, 2240044497UL); /* 56 */
-  II ( a, b, c, d, in[ 8], S41, 1873313359UL); /* 57 */
-  II ( d, a, b, c, in[15], S42, 4264355552UL); /* 58 */
-  II ( c, d, a, b, in[ 6], S43, 2734768916UL); /* 59 */
-  II ( b, c, d, a, in[13], S44, 1309151649UL); /* 60 */
-  II ( a, b, c, d, in[ 4], S41, 4149444226UL); /* 61 */
-  II ( d, a, b, c, in[11], S42, 3174756917UL); /* 62 */
-  II ( c, d, a, b, in[ 2], S43,  718787259UL); /* 63 */
-  II ( b, c, d, a, in[ 9], S44, 3951481745UL); /* 64 */
+    II ( a, b, c, d, in[ 0], S41, 4096336452UL); /* 49 */
+    II ( d, a, b, c, in[ 7], S42, 1126891415UL); /* 50 */
+    II ( c, d, a, b, in[14], S43, 2878612391UL); /* 51 */
+    II ( b, c, d, a, in[ 5], S44, 4237533241UL); /* 52 */
+    II ( a, b, c, d, in[12], S41, 1700485571UL); /* 53 */
+    II ( d, a, b, c, in[ 3], S42, 2399980690UL); /* 54 */
+    II ( c, d, a, b, in[10], S43, 4293915773UL); /* 55 */
+    II ( b, c, d, a, in[ 1], S44, 2240044497UL); /* 56 */
+    II ( a, b, c, d, in[ 8], S41, 1873313359UL); /* 57 */
+    II ( d, a, b, c, in[15], S42, 4264355552UL); /* 58 */
+    II ( c, d, a, b, in[ 6], S43, 2734768916UL); /* 59 */
+    II ( b, c, d, a, in[13], S44, 1309151649UL); /* 60 */
+    II ( a, b, c, d, in[ 4], S41, 4149444226UL); /* 61 */
+    II ( d, a, b, c, in[11], S42, 3174756917UL); /* 62 */
+    II ( c, d, a, b, in[ 2], S43,  718787259UL); /* 63 */
+    II ( b, c, d, a, in[ 9], S44, 3951481745UL); /* 64 */
 
 #endif /* small? */
 
-  buf[0] += a;
-  buf[1] += b;
-  buf[2] += c;
-  buf[3] += d;
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
 }
diff --git a/src/lib/crypto/builtin/md5/rsa-md5.h b/src/lib/crypto/builtin/md5/rsa-md5.h
index 938b22d..11a4fc3 100644
--- a/src/lib/crypto/builtin/md5/rsa-md5.h
+++ b/src/lib/crypto/builtin/md5/rsa-md5.h
@@ -1,60 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5                    **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
- ** Revised (for MD5): RLR 4/27/91                                    **
- **   -- G modified to have y&~z instead of y&z                       **
- **   -- FF, GG, HH modified to add in last register done             **
- **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
- **   -- distinct additive constant for each step                     **
- **   -- round 4 added, working mod 7                                 **
- ***********************************************************************
- */
+***********************************************************************
+** md5.h -- header file for implementation of MD5                    **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+** Revised (for MD5): RLR 4/27/91                                    **
+**   -- G modified to have y&~z instead of y&z                       **
+**   -- FF, GG, HH modified to add in last register done             **
+**   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+**   -- distinct additive constant for each step                     **
+**   -- round 4 added, working mod 7                                 **
+***********************************************************************
+*/
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
-#ifndef	KRB5_RSA_MD5__
-#define	KRB5_RSA_MD5__
+#ifndef KRB5_RSA_MD5__
+#define KRB5_RSA_MD5__
 
 /* Data structure for MD5 (Message-Digest) computation */
 typedef struct {
-  krb5_ui_4 i[2];			/* number of _bits_ handled mod 2^64 */
-  krb5_ui_4 buf[4];			/* scratch buffer */
-  unsigned char in[64];			/* input buffer */
-  unsigned char digest[16];		/* actual digest after MD5Final call */
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD5Final call */
 } krb5_MD5_CTX;
 
 extern void krb5int_MD5Init(krb5_MD5_CTX *);
 extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
 extern void krb5int_MD5Final(krb5_MD5_CTX *);
 
-#define	RSA_MD5_CKSUM_LENGTH		16
-#define	OLD_RSA_MD5_DES_CKSUM_LENGTH	16
-#define	NEW_RSA_MD5_DES_CKSUM_LENGTH	24
-#define	RSA_MD5_DES_CONFOUND_LENGTH	8
+#define RSA_MD5_CKSUM_LENGTH            16
+#define OLD_RSA_MD5_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD5_DES_CKSUM_LENGTH    24
+#define RSA_MD5_DES_CONFOUND_LENGTH     8
 
 #endif /* KRB5_RSA_MD5__ */
diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 7b45fe8..6c954d3 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/pbkdf2.c
  *
@@ -48,13 +49,13 @@
  */
 
 typedef krb5_error_code (*prf_func)(krb5_key pass, krb5_data *salt,
-				    krb5_data *out);
+                                    krb5_data *out);
 
 /* Not exported, for now.  */
 static krb5_error_code
 krb5int_pbkdf2 (prf_func prf, size_t hlen, krb5_key pass,
-		const krb5_data *salt, unsigned long count,
-		const krb5_data *output);
+                const krb5_data *salt, unsigned long count,
+                const krb5_data *output);
 
 static int debug_hmac = 0;
 
@@ -65,16 +66,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -92,7 +93,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 
 #if 0
     printf("F(i=%d, count=%lu, pass=%d:%s)\n", i, count,
-	   pass->length, pass->data);
+           pass->length, pass->data);
 #endif
 
     /* Compute U_1.  */
@@ -117,7 +118,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 #endif
     err = (*prf)(pass, &sdata, &out);
     if (err)
-	return err;
+        return err;
 #if 0
     printd("F: prf return value", &out);
 #endif
@@ -127,23 +128,23 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
     sdata.length = hlen;
     for (j = 2; j <= count; j++) {
 #if 0
-	printf("F: computing hmac #%d (U_%d)\n", j, j);
+        printf("F: computing hmac #%d (U_%d)\n", j, j);
 #endif
-	memcpy(u_tmp2, u_tmp1, hlen);
-	err = (*prf)(pass, &sdata, &out);
-	if (err)
-	    return err;
+        memcpy(u_tmp2, u_tmp1, hlen);
+        err = (*prf)(pass, &sdata, &out);
+        if (err)
+            return err;
 #if 0
-	printd("F: prf return value", &out);
+        printd("F: prf return value", &out);
 #endif
-	/* And xor them together.  */
-	for (k = 0; k < hlen; k++)
-	    output[k] ^= u_tmp1[k];
+        /* And xor them together.  */
+        for (k = 0; k < hlen; k++)
+            output[k] ^= u_tmp1[k];
 #if 0
-	printf("F: xor result:\n");
-	for (k = 0; k < hlen; k++)
-	    printf(" %02x", 0xff & output[k]);
-	printf("\n");
+        printf("F: xor result:\n");
+        for (k = 0; k < hlen; k++)
+            printf(" %02x", 0xff & output[k]);
+        printf("\n");
 #endif
     }
     return 0;
@@ -151,58 +152,58 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 
 static krb5_error_code
 krb5int_pbkdf2 (prf_func prf, size_t hlen, krb5_key pass,
-		const krb5_data *salt, unsigned long count,
-		const krb5_data *output)
+                const krb5_data *salt, unsigned long count,
+                const krb5_data *output)
 {
     int l, r, i;
     char *utmp1, *utmp2;
-    char utmp3[20];		/* XXX length shouldn't be hardcoded! */
+    char utmp3[20];             /* XXX length shouldn't be hardcoded! */
 
     if (output->length == 0 || hlen == 0)
-	abort();
+        abort();
     /* Step 1 & 2.  */
     if (output->length / hlen > 0xffffffff)
-	abort();
+        abort();
     /* Step 2.  */
     l = (output->length + hlen - 1) / hlen;
     r = output->length - (l - 1) * hlen;
 
     utmp1 = /*output + dklen; */ malloc(hlen);
     if (utmp1 == NULL)
-	return ENOMEM;
+        return ENOMEM;
     utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen);
     if (utmp2 == NULL) {
-	free(utmp1);
-	return ENOMEM;
+        free(utmp1);
+        return ENOMEM;
     }
 
     /* Step 3.  */
     for (i = 1; i <= l; i++) {
 #if 0
-	int j;
+        int j;
 #endif
-	krb5_error_code err;
-	char *out;
+        krb5_error_code err;
+        char *out;
 
-	if (i == l)
-	    out = utmp3;
-	else
-	    out = output->data + (i-1) * hlen;
-	err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
-	if (err) {
-	    free(utmp1);
-	    free(utmp2);
-	    return err;
-	}
-	if (i == l)
-	    memcpy(output->data + (i-1) * hlen, utmp3,
-		   output->length - (i-1) * hlen);
+        if (i == l)
+            out = utmp3;
+        else
+            out = output->data + (i-1) * hlen;
+        err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
+        if (err) {
+            free(utmp1);
+            free(utmp2);
+            return err;
+        }
+        if (i == l)
+            memcpy(output->data + (i-1) * hlen, utmp3,
+                   output->length - (i-1) * hlen);
 
 #if 0
-	printf("after F(%d), @%p:\n", i, output->data);
-	for (j = (i-1) * hlen; j < i * hlen; j++)
-	    printf(" %02x", 0xff & output->data[j]);
-	printf ("\n");
+        printf("after F(%d), @%p:\n", i, output->data);
+        for (j = (i-1) * hlen; j < i * hlen; j++)
+            printf(" %02x", 0xff & output->data[j]);
+        printf ("\n");
 #endif
     }
     free(utmp1);
@@ -222,16 +223,16 @@ hmac_sha1(krb5_key pass, krb5_data *salt, krb5_data *out)
     krb5_error_code err;
 
     if (debug_hmac)
-	printd(" hmac input", salt);
+        printd(" hmac input", salt);
     err = krb5int_hmac(h, pass, 1, salt, out);
     if (err == 0 && debug_hmac)
-	printd(" hmac output", out);
+        printd(" hmac output", out);
     return err;
 }
 
 krb5_error_code
 krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt)
+                          const krb5_data *pass, const krb5_data *salt)
 {
     const struct krb5_hash_provider *h = &krb5int_hash_sha1;
     krb5_keyblock keyblock;
@@ -242,21 +243,21 @@ krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
 
     assert(h->hashsize <= sizeof(tmp));
     if (pass->length > h->blocksize) {
-	d.data = tmp;
-	d.length = h->hashsize;
-	err = h->hash (1, pass, &d);
-	if (err)
-	    return err;
-	keyblock.length = d.length;
-	keyblock.contents = (krb5_octet *) d.data;
+        d.data = tmp;
+        d.length = h->hashsize;
+        err = h->hash (1, pass, &d);
+        if (err)
+            return err;
+        keyblock.length = d.length;
+        keyblock.contents = (krb5_octet *) d.data;
     } else {
-	keyblock.length = pass->length;
-	keyblock.contents = (krb5_octet *) pass->data;
+        keyblock.length = pass->length;
+        keyblock.contents = (krb5_octet *) pass->data;
     }
 
     err = krb5_k_create_key(NULL, &keyblock, &key);
     if (err)
-	return err;
+        return err;
 
     err = krb5int_pbkdf2(hmac_sha1, 20, key, salt, count, out);
     krb5_k_free_key(NULL, key);
diff --git a/src/lib/crypto/builtin/sha1/shs.c b/src/lib/crypto/builtin/sha1/shs.c
index d9372df..f28a4fc 100644
--- a/src/lib/crypto/builtin/sha1/shs.c
+++ b/src/lib/crypto/builtin/sha1/shs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "shs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -39,7 +40,7 @@
    80-word expanded input array W, where the first 16 are copies of the input
    data, and the remaining 64 are defined by
 
-        W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
+   W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
 
    This implementation generates these values on the fly in a circular
    buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
@@ -51,27 +52,27 @@
 
 #ifdef NEW_SHS
 #define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
-                                                 W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
+                                               W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
 #else
-#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^ \
-		      W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
+#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^       \
+                      W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
 #endif /* NEW_SHS */
 
 /* The prototype SHS sub-round.  The fundamental sub-round is:
 
-        a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
-        b' = a;
-        c' = ROTL( 30, b );
-        d' = c;
-        e' = d;
+   a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
+   b' = a;
+   c' = ROTL( 30, b );
+   d' = c;
+   e' = d;
 
    but this is implemented by unrolling the loop 5 times and renaming the
    variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
    This code is then replicated 20 times for each of the 4 functions, using
    the next 20 values from the W[] array each time */
 
-#define subRound(a, b, c, d, e, f, k, data) \
-    ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, \
+#define subRound(a, b, c, d, e, f, k, data)             \
+    ( e += ROTL( 5, a ) + f( b, c, d ) + k + data,      \
       e &= 0xffffffff, b = ROTL( 30, b ) )
 
 /* Initialize the SHS values */
@@ -115,25 +116,25 @@ void SHSTransform(SHS_LONG *digest, const SHS_LONG *data)
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 
     {
-	int i;
-	SHS_LONG temp;
-	for (i = 0; i < 20; i++) {
-	    SHS_LONG x = (i < 16) ? eData[i] : expand(eData, i);
-	    subRound(A, B, C, D, E, f1, K1, x);
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 20; i < 40; i++) {
-	    subRound(A, B, C, D, E, f2, K2, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 40; i < 60; i++) {
-	    subRound(A, B, C, D, E, f3, K3, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 60; i < 80; i++) {
-	    subRound(A, B, C, D, E, f4, K4, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
+        int i;
+        SHS_LONG temp;
+        for (i = 0; i < 20; i++) {
+            SHS_LONG x = (i < 16) ? eData[i] : expand(eData, i);
+            subRound(A, B, C, D, E, f1, K1, x);
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 20; i < 40; i++) {
+            subRound(A, B, C, D, E, f2, K2, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 40; i < 60; i++) {
+            subRound(A, B, C, D, E, f3, K3, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 60; i < 80; i++) {
+            subRound(A, B, C, D, E, f4, K4, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
     }
 
 #else
@@ -251,7 +252,7 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
     tmp = shsInfo->countLo;
     shsInfo->countLo = tmp + (((SHS_LONG) count) << 3 );
     if ((shsInfo->countLo &= 0xffffffff) < tmp)
-        shsInfo->countHi++;	/* Carry from low to high */
+        shsInfo->countHi++;     /* Carry from low to high */
     shsInfo->countHi += count >> 29;
 
     /* Get count of bytes already in data */
@@ -259,72 +260,72 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
 
     /* Handle any leading odd-sized chunks */
     if (dataCount) {
-	lp = shsInfo->data + dataCount / 4;
-	dataCount = SHS_DATASIZE - dataCount;
-	canfill = (count >= dataCount);
-
-	if (dataCount % 4) {
-	    /* Fill out a full 32 bit word first if needed -- this
-	       is not very efficient (computed shift amount),
-	       but it shouldn't happen often. */
-	    while (dataCount % 4 && count > 0) {
-		*lp |= (SHS_LONG) *buffer++ << ((--dataCount % 4) * 8);
-		count--;
-	    }
-	    lp++;
-	}
-	while (lp < shsInfo->data + 16) {
-	    if (count < 4) {
-		*lp = 0;
-		switch (count % 4) {
-		case 3:
-		    *lp |= (SHS_LONG) buffer[2] << 8;
-		case 2:
-		    *lp |= (SHS_LONG) buffer[1] << 16;
-		case 1:
-		    *lp |= (SHS_LONG) buffer[0] << 24;
-		}
-		count = 0;
-		break;		/* out of while loop */
-	    }
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	    count -= 4;
-	}
-	if (canfill) {
-	    SHSTransform(shsInfo->digest, shsInfo->data);
-	}
+        lp = shsInfo->data + dataCount / 4;
+        dataCount = SHS_DATASIZE - dataCount;
+        canfill = (count >= dataCount);
+
+        if (dataCount % 4) {
+            /* Fill out a full 32 bit word first if needed -- this
+               is not very efficient (computed shift amount),
+               but it shouldn't happen often. */
+            while (dataCount % 4 && count > 0) {
+                *lp |= (SHS_LONG) *buffer++ << ((--dataCount % 4) * 8);
+                count--;
+            }
+            lp++;
+        }
+        while (lp < shsInfo->data + 16) {
+            if (count < 4) {
+                *lp = 0;
+                switch (count % 4) {
+                case 3:
+                    *lp |= (SHS_LONG) buffer[2] << 8;
+                case 2:
+                    *lp |= (SHS_LONG) buffer[1] << 16;
+                case 1:
+                    *lp |= (SHS_LONG) buffer[0] << 24;
+                }
+                count = 0;
+                break;          /* out of while loop */
+            }
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        if (canfill) {
+            SHSTransform(shsInfo->digest, shsInfo->data);
+        }
     }
 
     /* Process data in SHS_DATASIZE chunks */
     while (count >= SHS_DATASIZE) {
-	lp = shsInfo->data;
-	while (lp < shsInfo->data + 16) {
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	}
-	SHSTransform(shsInfo->digest, shsInfo->data);
-	count -= SHS_DATASIZE;
+        lp = shsInfo->data;
+        while (lp < shsInfo->data + 16) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+        }
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        count -= SHS_DATASIZE;
     }
 
     if (count > 0) {
-	lp = shsInfo->data;
-	while (count > 4) {
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	    count -= 4;
-	}
-	*lp = 0;
-	switch (count % 4) {
-	case 0:
-	    *lp |= ((SHS_LONG) buffer[3]);
-	case 3:
-	    *lp |= ((SHS_LONG) buffer[2]) << 8;
-	case 2:
-	    *lp |= ((SHS_LONG) buffer[1]) << 16;
-	case 1:
-	    *lp |= ((SHS_LONG) buffer[0]) << 24;
-	}
+        lp = shsInfo->data;
+        while (count > 4) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        *lp = 0;
+        switch (count % 4) {
+        case 0:
+            *lp |= ((SHS_LONG) buffer[3]);
+        case 3:
+            *lp |= ((SHS_LONG) buffer[2]) << 8;
+        case 2:
+            *lp |= ((SHS_LONG) buffer[1]) << 16;
+        case 1:
+            *lp |= ((SHS_LONG) buffer[0]) << 24;
+        }
     }
 }
 
@@ -345,16 +346,16 @@ void shsFinal(SHS_INFO *shsInfo)
     lp = shsInfo->data + count / 4;
     switch (count % 4) {
     case 3:
-	*lp++ |= (SHS_LONG) 0x80;
-	break;
+        *lp++ |= (SHS_LONG) 0x80;
+        break;
     case 2:
-	*lp++ |= (SHS_LONG) 0x80 << 8;
-	break;
+        *lp++ |= (SHS_LONG) 0x80 << 8;
+        break;
     case 1:
-	*lp++ |= (SHS_LONG) 0x80 << 16;
-	break;
+        *lp++ |= (SHS_LONG) 0x80 << 16;
+        break;
     case 0:
-	*lp++ = (SHS_LONG) 0x80 << 24;
+        *lp++ = (SHS_LONG) 0x80 << 24;
     }
 
     /* at this point, lp can point *past* shsInfo->data.  If it points
@@ -363,16 +364,16 @@ void shsFinal(SHS_INFO *shsInfo)
        enough room for length words */
 
     if (lp == shsInfo->data + 15)
-	*lp++ = 0;
+        *lp++ = 0;
 
     if (lp == shsInfo->data + 16) {
-	SHSTransform(shsInfo->digest, shsInfo->data);
-	lp = shsInfo->data;
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        lp = shsInfo->data;
     }
 
     /* Pad out to 56 bytes */
     while (lp < shsInfo->data + 14)
-	*lp++ = 0;
+        *lp++ = 0;
 
     /* Append length in bits and transform */
     *lp++ = shsInfo->countHi;
diff --git a/src/lib/crypto/builtin/sha1/shs.h b/src/lib/crypto/builtin/sha1/shs.h
index 6dcb41b..e1872f2 100644
--- a/src/lib/crypto/builtin/sha1/shs.h
+++ b/src/lib/crypto/builtin/sha1/shs.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _SHS_DEFINED
 
 #include "k5-int.h"
@@ -6,8 +7,8 @@
 
 /* Some useful types */
 
-typedef krb5_octet	SHS_BYTE;
-typedef krb5_ui_4	SHS_LONG;
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
 
 /* Define the following to use the updated SHS implementation */
 #define NEW_SHS         /**/
@@ -20,10 +21,10 @@ typedef krb5_ui_4	SHS_LONG;
 /* The structure for storing SHS info */
 
 typedef struct {
-               SHS_LONG digest[ 5 ];            /* Message digest */
-               SHS_LONG countLo, countHi;       /* 64-bit bit count */
-               SHS_LONG data[ 16 ];             /* SHS data buffer */
-               } SHS_INFO;
+    SHS_LONG digest[ 5 ];            /* Message digest */
+    SHS_LONG countLo, countHi;       /* 64-bit bit count */
+    SHS_LONG data[ 16 ];             /* SHS data buffer */
+} SHS_INFO;
 
 /* Message digest functions (shs.c) */
 void shsInit(SHS_INFO *shsInfo);
@@ -33,13 +34,13 @@ void shsFinal(SHS_INFO *shsInfo);
 
 /* Keyed Message digest functions (hmac_sha.c) */
 krb5_error_code hmac_sha(krb5_octet *text,
-			int text_len,
-			krb5_octet *key,
-			int key_len,
-			krb5_octet *digest);
+                         int text_len,
+                         krb5_octet *key,
+                         int key_len,
+                         krb5_octet *digest);
 
 
-#define NIST_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
 
 #endif /* _SHS_DEFINED */
diff --git a/src/lib/crypto/builtin/sha1/t_shs.c b/src/lib/crypto/builtin/sha1/t_shs.c
index adcb092..08157b6 100644
--- a/src/lib/crypto/builtin/sha1/t_shs.c
+++ b/src/lib/crypto/builtin/sha1/t_shs.c
@@ -1,8 +1,9 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /****************************************************************************
-*                                                                           *
-*                               SHS Test Code                               *
-*                                                                           *
-****************************************************************************/
+ *                                                                           *
+ *                               SHS Test Code                               *
+ *                                                                           *
+ ****************************************************************************/
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -17,7 +18,7 @@ static SHS_LONG shsTestResults[][ 5 ] = {
     { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, },
     { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, },
     { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, }
-    };
+};
 
 #else
 
@@ -25,30 +26,30 @@ static SHS_LONG shsTestResults[][ 5 ] = {
     { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L },
     { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L },
     { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L }
-    };
+};
 #endif /* NEW_SHS */
 
 static int compareSHSresults(shsInfo, shsTestLevel)
-SHS_INFO *shsInfo;
-int shsTestLevel;
+    SHS_INFO *shsInfo;
+    int shsTestLevel;
 {
     int i, fail = 0;
 
     /* Compare the returned digest and required values */
     for( i = 0; i < 5; i++ )
         if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] )
-	    fail = 1;
+            fail = 1;
     if (fail) {
-	printf("\nExpected: ");
-	for (i = 0; i < 5; i++) {
-	    printf("%8.8lx ", (unsigned long) shsTestResults[shsTestLevel][i]);
-	}
-	printf("\nGot:      ");
-	for (i = 0; i < 5; i++) {
-	    printf("%8.8lx ", (unsigned long) shsInfo->digest[i]);
-	}
-	printf("\n");
-	return( -1 );
+        printf("\nExpected: ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsTestResults[shsTestLevel][i]);
+        }
+        printf("\nGot:      ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsInfo->digest[i]);
+        }
+        printf("\n");
+        return( -1 );
     }
     return( 0 );
 }
@@ -75,11 +76,11 @@ main()
     shsUpdate( &shsInfo, ( SHS_BYTE * ) "abc", 3 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 0 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 1 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" );
 #else
@@ -91,11 +92,11 @@ main()
     shsUpdate( &shsInfo, ( SHS_BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 1 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 2 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" );
 #else
@@ -108,11 +109,11 @@ main()
         shsUpdate( &shsInfo, ( SHS_BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 2 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 3 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" );
 #else
diff --git a/src/lib/crypto/builtin/sha1/t_shs3.c b/src/lib/crypto/builtin/sha1/t_shs3.c
index cf9787e..d05ac6d 100644
--- a/src/lib/crypto/builtin/sha1/t_shs3.c
+++ b/src/lib/crypto/builtin/sha1/t_shs3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* test shs code */
 
 #include <stdio.h>
@@ -28,23 +29,23 @@ static void longReverse( SHS_LONG *buffer, int byteCount )
 
     switch (init) {
     case 0:
-	init=1;
-	cp = (char *) &init;
-	if (*cp == 1) {
-	    init=2;
-	    break;
-	}
-	init=1;
-	/* fall through - MSB */
+        init=1;
+        cp = (char *) &init;
+        if (*cp == 1) {
+            init=2;
+            break;
+        }
+        init=1;
+        /* fall through - MSB */
     case 1:
-	return;
+        return;
     }
 
     byteCount /= sizeof( SHS_LONG );
     while( byteCount-- ) {
         value = *buffer;
         value = ( ( value & 0xFF00FF00L ) >> 8  ) |
-                ( ( value & 0x00FF00FFL ) << 8 );
+            ( ( value & 0x00FF00FFL ) << 8 );
         *buffer++ = ( value << 16 ) | ( value >> 16 );
     }
 }
@@ -55,538 +56,538 @@ int Dflag;
 
 int
 main(argc,argv)
-	char **argv;
+    char **argv;
 {
-	char *argp;
-
-	while (--argc > 0) if (*(argp = *++argv)=='-')
-	while (*++argp) switch(*argp)
-	{
-	case '1':
-	case '2':
-	case '3':
-	case '4':
-	case '5':
-	case '6':
-	case '7':
-		if (mode) goto Usage;
-		mode = *argp;
-		break;
-	case 'D':
-		if (argc <= 1) goto Usage;
-		--argc;
-		Dflag = atoi(*++argv);
-		break;
-	case '-':
-		break;
-	default:
-		fprintf (stderr,"Bad switch char <%c>\n", *argp);
-	Usage:
-		fprintf(stderr, "Usage: t_shs [-1234567] [-D #]\n");
-		exit(1);
-	}
-	else goto Usage;
-
-	process();
-	exit(rc);
+    char *argp;
+
+    while (--argc > 0) if (*(argp = *++argv)=='-')
+                           while (*++argp) switch(*argp)
+                                           {
+                                           case '1':
+                                           case '2':
+                                           case '3':
+                                           case '4':
+                                           case '5':
+                                           case '6':
+                                           case '7':
+                                               if (mode) goto Usage;
+                                               mode = *argp;
+                                               break;
+                                           case 'D':
+                                               if (argc <= 1) goto Usage;
+                                               --argc;
+                                               Dflag = atoi(*++argv);
+                                               break;
+                                           case '-':
+                                               break;
+                                           default:
+                                               fprintf (stderr,"Bad switch char <%c>\n", *argp);
+                                           Usage:
+                                               fprintf(stderr, "Usage: t_shs [-1234567] [-D #]\n");
+                                               exit(1);
+                                           }
+        else goto Usage;
+
+    process();
+    exit(rc);
 }
 
 static void process(void)
 {
-	switch(mode)
-	{
-	case '1':
-		test1();
-		break;
-	case '2':
-		test2();
-		break;
-	case '3':
-		test3();
-		break;
-	case '4':
-		test4();
-		break;
-	case '5':
-		test5();
-		break;
-	case '6':
-		test6();
-		break;
-	case '7':
-		test7();
-		break;
-	default:
-		test1();
-		test2();
-		test3();
-		test4();
-		test5();
-		test6();
-		test7();
-	}
+    switch(mode)
+    {
+    case '1':
+        test1();
+        break;
+    case '2':
+        test2();
+        break;
+    case '3':
+        test3();
+        break;
+    case '4':
+        test4();
+        break;
+    case '5':
+        test5();
+        break;
+    case '6':
+        test6();
+        break;
+    case '7':
+        test7();
+        break;
+    default:
+        test1();
+        test2();
+        test3();
+        test4();
+        test5();
+        test6();
+        test7();
+    }
 }
 
 #ifndef shsDigest
 static unsigned char *
 shsDigest(si)
-	SHS_INFO *si;
+    SHS_INFO *si;
 {
-	longReverse(si->digest, SHS_DIGESTSIZE);
-	return (unsigned char*) si->digest;
+    longReverse(si->digest, SHS_DIGESTSIZE);
+    return (unsigned char*) si->digest;
 }
 #endif
 
 unsigned char results1[SHS_DIGESTSIZE] = {
-0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
-0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d};
+    0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+    0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d};
 
 static void test1(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 1 ...\n");
-	shsInit(si);
-	shsUpdate(si, (SHS_BYTE *) "abc", 3);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results1, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 1 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results1[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 1 ...\n");
+    shsInit(si);
+    shsUpdate(si, (SHS_BYTE *) "abc", 3);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results1, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 1 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results1[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results2[SHS_DIGESTSIZE] = {
-0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
-0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1};
+    0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+    0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1};
 
 static void test2(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 2 ...\n");
-	shsInit(si);
-	shsUpdate(si,
-	(SHS_BYTE *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-		56);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results2, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 2 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results2[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 2 ...\n");
+    shsInit(si);
+    shsUpdate(si,
+              (SHS_BYTE *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+              56);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results2, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 2 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results2[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results3[SHS_DIGESTSIZE] = {
-0x34,0xaa,0x97,0x3c,0xd4,0xc4,0xda,0xa4,0xf6,0x1e,
-0xeb,0x2b,0xdb,0xad,0x27,0x31,0x65,0x34,0x01,0x6f};
+    0x34,0xaa,0x97,0x3c,0xd4,0xc4,0xda,0xa4,0xf6,0x1e,
+    0xeb,0x2b,0xdb,0xad,0x27,0x31,0x65,0x34,0x01,0x6f};
 
 static void test3(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 3 ...\n");
-	shsInit(si);
-	for (i = 0; i < 15625; ++i)
-		shsUpdate(si,
-(SHS_BYTE *) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-			64);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results3, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 3 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results3[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 3 ...\n");
+    shsInit(si);
+    for (i = 0; i < 15625; ++i)
+        shsUpdate(si,
+                  (SHS_BYTE *) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                  64);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results3, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 3 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results3[i]);
+    }
+    printf("\n");
 }
 
 unsigned char randdata[] = {
-0xfe,0x28,0x79,0x25,0xf5,0x03,0xf9,0x1c,0xcd,0x70,0x7b,0xb0,0x42,0x02,0xb8,0x2f,
-0xf3,0x63,0xa2,0x79,0x8e,0x9b,0x33,0xd7,0x2b,0xc4,0xb4,0xd2,0xcb,0x61,0xec,0xbb,
-0x94,0xe1,0x8f,0x53,0x80,0x55,0xd9,0x90,0xb2,0x03,0x58,0xfa,0xa6,0xe5,0x18,0x57,
-0x68,0x04,0x24,0x98,0x41,0x7e,0x84,0xeb,0xc1,0x39,0xbc,0x1d,0xf7,0x4e,0x92,0x72,
-0x1a,0x5b,0xb6,0x99,0x43,0xa5,0x0a,0x45,0x73,0x55,0xfd,0x57,0x83,0x45,0x36,0x5c,
-0xfd,0x39,0x08,0x6e,0xe2,0x01,0x9a,0x8c,0x4e,0x39,0xd2,0x0d,0x5f,0x0e,0x35,0x15,
-0xb9,0xac,0x5f,0xa1,0x8a,0xe6,0xdd,0x6e,0x68,0x9d,0xf6,0x29,0x95,0xf6,0x7d,0x7b,
-0xd9,0x5e,0xf4,0x67,0x25,0xbd,0xee,0xed,0x53,0x60,0xb0,0x47,0xdf,0xef,0xf4,0x41,
-0xbd,0x45,0xcf,0x5c,0x93,0x41,0x87,0x97,0x82,0x39,0x20,0x66,0xb4,0xda,0xcb,0x66,
-0x93,0x02,0x2e,0x7f,0x94,0x4c,0xc7,0x3b,0x2c,0xcf,0xf6,0x99,0x6f,0x13,0xf1,0xc5,
-0x28,0x2b,0xa6,0x6c,0x39,0x26,0x7f,0x76,0x24,0x4a,0x6e,0x01,0x40,0x63,0xf8,0x00,
-0x06,0x23,0x5a,0xaa,0xa6,0x2f,0xd1,0x37,0xc7,0xcc,0x76,0xe9,0x54,0x1e,0x57,0x73,
-0xf5,0x33,0xaa,0x96,0xbe,0x35,0xcd,0x1d,0xd5,0x7d,0xac,0x50,0xd5,0xf8,0x47,0x2d,
-0xd6,0x93,0x5f,0x6e,0x38,0xd3,0xac,0xd0,0x7e,0xad,0x9e,0xf8,0x87,0x95,0x63,0x15,
-0x65,0xa3,0xd4,0xb3,0x9a,0x6c,0xac,0xcd,0x2a,0x54,0x83,0x13,0xc4,0xb4,0x94,0xfa,
-0x76,0x87,0xc5,0x8b,0x4a,0x10,0x92,0x05,0xd1,0x0e,0x97,0xfd,0xc8,0xfb,0xc5,0xdc,
-0x21,0x4c,0xc8,0x77,0x5c,0xed,0x32,0x22,0x77,0xc1,0x38,0x30,0xd7,0x8e,0x2a,0x70,
-0x72,0x67,0x13,0xe4,0xb7,0x18,0xd4,0x76,0xdd,0x32,0x12,0xf4,0x5d,0xc9,0xec,0xc1,
-0x2c,0x8a,0xfe,0x08,0x6c,0xea,0xf6,0xab,0x5a,0x0e,0x8e,0x81,0x1d,0xc8,0x5a,0x4b,
-0xed,0xb9,0x7f,0x4b,0x67,0xe3,0x65,0x46,0xc9,0xf2,0xab,0x37,0x0a,0x98,0x67,0x5b,
-0xb1,0x3b,0x02,0x91,0x38,0x71,0xea,0x62,0x88,0xae,0xb6,0xdb,0xfc,0x55,0x79,0x33,
-0x69,0x95,0x51,0xb6,0xe1,0x3b,0xab,0x22,0x68,0x54,0xf9,0x89,0x9c,0x94,0xe0,0xe3,
-0xd3,0x48,0x5c,0xe9,0x78,0x5b,0xb3,0x4b,0xba,0xd8,0x48,0xd8,0xaf,0x91,0x4e,0x23,
-0x38,0x23,0x23,0x6c,0xdf,0x2e,0xf0,0xff,0xac,0x1d,0x2d,0x27,0x10,0x45,0xa3,0x2d,
-0x8b,0x00,0xcd,0xe2,0xfc,0xb7,0xdb,0x52,0x13,0xb7,0x66,0x79,0xd9,0xd8,0x29,0x0e,
-0x32,0xbd,0x52,0x6b,0x75,0x71,0x08,0x83,0x1b,0x67,0x28,0x93,0x97,0x97,0x32,0xff,
-0x8b,0xd3,0x98,0xa3,0xce,0x2b,0x88,0x37,0x1c,0xcc,0xa0,0xd1,0x19,0x9b,0xe6,0x11,
-0xfc,0xc0,0x3c,0x4e,0xe1,0x35,0x49,0x29,0x19,0xcf,0x1d,0xe1,0x60,0x74,0xc0,0xe9,
-0xf7,0xb4,0x99,0xa0,0x23,0x50,0x51,0x78,0xcf,0xc0,0xe5,0xc2,0x1c,0x16,0xd2,0x24,
-0x5a,0x63,0x54,0x83,0xaa,0x74,0x3d,0x41,0x0d,0x52,0xee,0xfe,0x0f,0x4d,0x13,0xe1,
-0x27,0x00,0xc4,0xf3,0x2b,0x55,0xe0,0x9c,0x81,0xe0,0xfc,0xc2,0x13,0xd4,0x39,0x09
+    0xfe,0x28,0x79,0x25,0xf5,0x03,0xf9,0x1c,0xcd,0x70,0x7b,0xb0,0x42,0x02,0xb8,0x2f,
+    0xf3,0x63,0xa2,0x79,0x8e,0x9b,0x33,0xd7,0x2b,0xc4,0xb4,0xd2,0xcb,0x61,0xec,0xbb,
+    0x94,0xe1,0x8f,0x53,0x80,0x55,0xd9,0x90,0xb2,0x03,0x58,0xfa,0xa6,0xe5,0x18,0x57,
+    0x68,0x04,0x24,0x98,0x41,0x7e,0x84,0xeb,0xc1,0x39,0xbc,0x1d,0xf7,0x4e,0x92,0x72,
+    0x1a,0x5b,0xb6,0x99,0x43,0xa5,0x0a,0x45,0x73,0x55,0xfd,0x57,0x83,0x45,0x36,0x5c,
+    0xfd,0x39,0x08,0x6e,0xe2,0x01,0x9a,0x8c,0x4e,0x39,0xd2,0x0d,0x5f,0x0e,0x35,0x15,
+    0xb9,0xac,0x5f,0xa1,0x8a,0xe6,0xdd,0x6e,0x68,0x9d,0xf6,0x29,0x95,0xf6,0x7d,0x7b,
+    0xd9,0x5e,0xf4,0x67,0x25,0xbd,0xee,0xed,0x53,0x60,0xb0,0x47,0xdf,0xef,0xf4,0x41,
+    0xbd,0x45,0xcf,0x5c,0x93,0x41,0x87,0x97,0x82,0x39,0x20,0x66,0xb4,0xda,0xcb,0x66,
+    0x93,0x02,0x2e,0x7f,0x94,0x4c,0xc7,0x3b,0x2c,0xcf,0xf6,0x99,0x6f,0x13,0xf1,0xc5,
+    0x28,0x2b,0xa6,0x6c,0x39,0x26,0x7f,0x76,0x24,0x4a,0x6e,0x01,0x40,0x63,0xf8,0x00,
+    0x06,0x23,0x5a,0xaa,0xa6,0x2f,0xd1,0x37,0xc7,0xcc,0x76,0xe9,0x54,0x1e,0x57,0x73,
+    0xf5,0x33,0xaa,0x96,0xbe,0x35,0xcd,0x1d,0xd5,0x7d,0xac,0x50,0xd5,0xf8,0x47,0x2d,
+    0xd6,0x93,0x5f,0x6e,0x38,0xd3,0xac,0xd0,0x7e,0xad,0x9e,0xf8,0x87,0x95,0x63,0x15,
+    0x65,0xa3,0xd4,0xb3,0x9a,0x6c,0xac,0xcd,0x2a,0x54,0x83,0x13,0xc4,0xb4,0x94,0xfa,
+    0x76,0x87,0xc5,0x8b,0x4a,0x10,0x92,0x05,0xd1,0x0e,0x97,0xfd,0xc8,0xfb,0xc5,0xdc,
+    0x21,0x4c,0xc8,0x77,0x5c,0xed,0x32,0x22,0x77,0xc1,0x38,0x30,0xd7,0x8e,0x2a,0x70,
+    0x72,0x67,0x13,0xe4,0xb7,0x18,0xd4,0x76,0xdd,0x32,0x12,0xf4,0x5d,0xc9,0xec,0xc1,
+    0x2c,0x8a,0xfe,0x08,0x6c,0xea,0xf6,0xab,0x5a,0x0e,0x8e,0x81,0x1d,0xc8,0x5a,0x4b,
+    0xed,0xb9,0x7f,0x4b,0x67,0xe3,0x65,0x46,0xc9,0xf2,0xab,0x37,0x0a,0x98,0x67,0x5b,
+    0xb1,0x3b,0x02,0x91,0x38,0x71,0xea,0x62,0x88,0xae,0xb6,0xdb,0xfc,0x55,0x79,0x33,
+    0x69,0x95,0x51,0xb6,0xe1,0x3b,0xab,0x22,0x68,0x54,0xf9,0x89,0x9c,0x94,0xe0,0xe3,
+    0xd3,0x48,0x5c,0xe9,0x78,0x5b,0xb3,0x4b,0xba,0xd8,0x48,0xd8,0xaf,0x91,0x4e,0x23,
+    0x38,0x23,0x23,0x6c,0xdf,0x2e,0xf0,0xff,0xac,0x1d,0x2d,0x27,0x10,0x45,0xa3,0x2d,
+    0x8b,0x00,0xcd,0xe2,0xfc,0xb7,0xdb,0x52,0x13,0xb7,0x66,0x79,0xd9,0xd8,0x29,0x0e,
+    0x32,0xbd,0x52,0x6b,0x75,0x71,0x08,0x83,0x1b,0x67,0x28,0x93,0x97,0x97,0x32,0xff,
+    0x8b,0xd3,0x98,0xa3,0xce,0x2b,0x88,0x37,0x1c,0xcc,0xa0,0xd1,0x19,0x9b,0xe6,0x11,
+    0xfc,0xc0,0x3c,0x4e,0xe1,0x35,0x49,0x29,0x19,0xcf,0x1d,0xe1,0x60,0x74,0xc0,0xe9,
+    0xf7,0xb4,0x99,0xa0,0x23,0x50,0x51,0x78,0xcf,0xc0,0xe5,0xc2,0x1c,0x16,0xd2,0x24,
+    0x5a,0x63,0x54,0x83,0xaa,0x74,0x3d,0x41,0x0d,0x52,0xee,0xfe,0x0f,0x4d,0x13,0xe1,
+    0x27,0x00,0xc4,0xf3,0x2b,0x55,0xe0,0x9c,0x81,0xe0,0xfc,0xc2,0x13,0xd4,0x39,0x09
 };
 
 unsigned char results4[SHS_DIGESTSIZE] = {
-0x13,0x62,0xfc,0x87,0x68,0x33,0xd5,0x1d,0x2f,0x0c,
-0x73,0xe3,0xfb,0x87,0x6a,0x6b,0xc3,0x25,0x54,0xfc};
+    0x13,0x62,0xfc,0x87,0x68,0x33,0xd5,0x1d,0x2f,0x0c,
+    0x73,0xe3,0xfb,0x87,0x6a,0x6b,0xc3,0x25,0x54,0xfc};
 
 static void test4(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 4 ...\n");
-	shsInit(si);
-	shsUpdate(si, randdata, 19);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results4, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 4 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results4[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 4 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results4, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 4 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results4[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results5[SHS_DIGESTSIZE] = {
-0x19,0x4d,0xf6,0xeb,0x8e,0x02,0x6d,0x37,0x58,0x64,
-0xe5,0x95,0x19,0x2a,0xdd,0x1c,0xc4,0x3c,0x24,0x86};
+    0x19,0x4d,0xf6,0xeb,0x8e,0x02,0x6d,0x37,0x58,0x64,
+    0xe5,0x95,0x19,0x2a,0xdd,0x1c,0xc4,0x3c,0x24,0x86};
 
 static void test5(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 5 ...\n");
-	shsInit(si);
-	shsUpdate(si, randdata, 19);
-	shsUpdate(si, randdata+32, 15);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results5, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 5 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results5[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 5 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsUpdate(si, randdata+32, 15);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results5, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 5 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results5[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results6[SHS_DIGESTSIZE] = {
-0x4e,0x16,0x57,0x9d,0x4b,0x48,0xa9,0x1c,0x88,0x72,
-0x83,0xdb,0x88,0xd1,0xea,0x3a,0x45,0xdf,0xa1,0x10};
+    0x4e,0x16,0x57,0x9d,0x4b,0x48,0xa9,0x1c,0x88,0x72,
+    0x83,0xdb,0x88,0xd1,0xea,0x3a,0x45,0xdf,0xa1,0x10};
 
 static void test6(void)
 {
-	struct {
-		long pad1;
-		SHS_INFO si1;
-		long pad2;
-		SHS_INFO si2;
-		long pad3;
-	} sdata;
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	unsigned int i, j;
-
-	printf("Running SHS test 6 ...\n");
-	sdata.pad1 = 0x12345678;
-	sdata.pad2 = 0x87654321;
-	sdata.pad3 = 0x78563412;
-	shsInit((&sdata.si2));
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #20 %#lx\n",
-sdata.pad2);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #21 %#lx\n",
-sdata.pad3);
-sdata.pad3 = 0x78563412;
-}
-	for (i = 0; i < 400; ++i)
-	{
-		shsInit(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #22 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #23 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		shsUpdate(&sdata.si1, (randdata+sizeof(randdata))-i, i);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #24 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #25 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		shsFinal(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #26 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #27 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
-		if (Dflag & 1)
-		{
-			printf ("%d: ", i);
-			for (j = 0; j < SHS_DIGESTSIZE; ++j)
-				printf("%02x",digest[j]);
-			printf("\n");
-		}
-		shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #28 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #29 %#lx at %d\n",
-sdata.pad3, i);
-sdata.pad3 = 0x78563412;
-}
-		if (Dflag & 2)
-			printf ("%d: %08lx%08lx%08lx%08lx%08lx\n",
-				i,
-				(unsigned long) sdata.si2.digest[0],
-				(unsigned long) sdata.si2.digest[1],
-				(unsigned long) sdata.si2.digest[2],
-				(unsigned long) sdata.si2.digest[3],
-				(unsigned long) sdata.si2.digest[4]);
-	}
-	shsFinal((&sdata.si2));
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #30 %#lx\n",
-sdata.pad2);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #31 %#lx\n",
-sdata.pad3);
-sdata.pad3 = 0x78563412;
-}
-	memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results6, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 6 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results6[i]);
-	}
-	printf("\n");
+    struct {
+        long pad1;
+        SHS_INFO si1;
+        long pad2;
+        SHS_INFO si2;
+        long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j;
+
+    printf("Running SHS test 6 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #20 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #21 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    for (i = 0; i < 400; ++i)
+    {
+        shsInit(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #22 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #23 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsUpdate(&sdata.si1, (randdata+sizeof(randdata))-i, i);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #24 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #25 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsFinal(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #26 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #27 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+        if (Dflag & 1)
+        {
+            printf ("%d: ", i);
+            for (j = 0; j < SHS_DIGESTSIZE; ++j)
+                printf("%02x",digest[j]);
+            printf("\n");
+        }
+        shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #28 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        if (sdata.pad3 != 0x78563412) {
+            printf ("Overrun #29 %#lx at %d\n",
+                    sdata.pad3, i);
+            sdata.pad3 = 0x78563412;
+        }
+        if (Dflag & 2)
+            printf ("%d: %08lx%08lx%08lx%08lx%08lx\n",
+                    i,
+                    (unsigned long) sdata.si2.digest[0],
+                    (unsigned long) sdata.si2.digest[1],
+                    (unsigned long) sdata.si2.digest[2],
+                    (unsigned long) sdata.si2.digest[3],
+                    (unsigned long) sdata.si2.digest[4]);
+    }
+    shsFinal((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #30 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #31 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results6, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 6 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results6[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results7[SHS_DIGESTSIZE] = {
-0x89,0x41,0x65,0xce,0x76,0xc1,0xd1,0xd1,0xc3,0x6f,
-0xab,0x92,0x79,0x30,0x01,0x71,0x63,0x1f,0x74,0xfe};
+    0x89,0x41,0x65,0xce,0x76,0xc1,0xd1,0xd1,0xc3,0x6f,
+    0xab,0x92,0x79,0x30,0x01,0x71,0x63,0x1f,0x74,0xfe};
 
 unsigned int jfsize[] = {0,1,31,32,
-	33,55,56,63,
-	64,65,71,72,
-	73,95,96,97,
-	119,120,123,127};
+                         33,55,56,63,
+                         64,65,71,72,
+                         73,95,96,97,
+                         119,120,123,127};
 unsigned int kfsize[] = {0,1,31,32,33,55,56,63};
 
 static void test7(void)
 {
-	struct {
-		long pad1;
-		SHS_INFO si1;
-		long pad2;
-		SHS_INFO si2;
-		long pad3;
-	} sdata;
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	unsigned int i, j, k, l;
-
-	printf("Running SHS test 7 ...\n");
-	sdata.pad1 = 0x12345678;
-	sdata.pad2 = 0x87654321;
-	sdata.pad3 = 0x78563412;
-	shsInit((&sdata.si2));
-	for (i = 1; i <= 128; ++i)
-	for (j = 0; j < 20; ++j)
-	for (k = 0; k < 8; ++k)
-	{
-		shsInit(&sdata.si1);
-		shsUpdate(&sdata.si1, (randdata+80+j), i);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #1 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #2 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		shsUpdate(&sdata.si1, randdata+i, jfsize[j]);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #3 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #4 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		if (k) shsUpdate(&sdata.si1, randdata+(i^j), kfsize[k]);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #5 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #6 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		shsFinal(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #7 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #8 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
-		if (Dflag & 1)
-		{
-			printf ("%d,%d,%d: ", i, j, k);
-			for (l = 0; l < SHS_DIGESTSIZE; ++l)
-				printf("%02x",digest[l]);
-			printf("\n");
-		}
-		shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #9 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #10 %#lx at %d,%d,%d\n",
-sdata.pad3, i,j,k);
-sdata.pad3 = 0x78563412;
-}
-		if (Dflag & 2)
-			printf ("%d,%d,%d: %08lx%08lx%08lx%08lx%08lx\n",
-				i,j,k,
-				(unsigned long) sdata.si2.digest[0],
-				(unsigned long) sdata.si2.digest[1],
-				(unsigned long) sdata.si2.digest[2],
-				(unsigned long) sdata.si2.digest[3],
-				(unsigned long) sdata.si2.digest[4]);
-	}
-	shsFinal((&sdata.si2));
-	memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results7, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 7 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results7[i]);
-	}
-	printf("\n");
+    struct {
+        long pad1;
+        SHS_INFO si1;
+        long pad2;
+        SHS_INFO si2;
+        long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j, k, l;
+
+    printf("Running SHS test 7 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    for (i = 1; i <= 128; ++i)
+        for (j = 0; j < 20; ++j)
+            for (k = 0; k < 8; ++k)
+            {
+                shsInit(&sdata.si1);
+                shsUpdate(&sdata.si1, (randdata+80+j), i);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #1 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #2 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsUpdate(&sdata.si1, randdata+i, jfsize[j]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #3 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #4 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (k) shsUpdate(&sdata.si1, randdata+(i^j), kfsize[k]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #5 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #6 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsFinal(&sdata.si1);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #7 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #8 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+                if (Dflag & 1)
+                {
+                    printf ("%d,%d,%d: ", i, j, k);
+                    for (l = 0; l < SHS_DIGESTSIZE; ++l)
+                        printf("%02x",digest[l]);
+                    printf("\n");
+                }
+                shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #9 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (sdata.pad3 != 0x78563412) {
+                    printf ("Overrun #10 %#lx at %d,%d,%d\n",
+                            sdata.pad3, i,j,k);
+                    sdata.pad3 = 0x78563412;
+                }
+                if (Dflag & 2)
+                    printf ("%d,%d,%d: %08lx%08lx%08lx%08lx%08lx\n",
+                            i,j,k,
+                            (unsigned long) sdata.si2.digest[0],
+                            (unsigned long) sdata.si2.digest[1],
+                            (unsigned long) sdata.si2.digest[2],
+                            (unsigned long) sdata.si2.digest[3],
+                            (unsigned long) sdata.si2.digest[4]);
+            }
+    shsFinal((&sdata.si2));
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results7, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 7 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results7[i]);
+    }
+    printf("\n");
 }
diff --git a/src/lib/crypto/builtin/t_cf2.c b/src/lib/crypto/builtin/t_cf2.c
index 0c968ea..550192c 100644
--- a/src/lib/crypto/builtin/t_cf2.c
+++ b/src/lib/crypto/builtin/t_cf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_cf2.c
  *
@@ -42,47 +43,47 @@
 #include <string.h>
 
 int main () {
-  char pepper1[1024], pepper2[1024];
-  krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL;
-  krb5_data s2k;
-  unsigned int i;
-  while (1) {
-    krb5_enctype enctype;
-    char s[1025];
+    char pepper1[1024], pepper2[1024];
+    krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL;
+    krb5_data s2k;
+    unsigned int i;
+    while (1) {
+        krb5_enctype enctype;
+        char s[1025];
 
-    if (scanf( "%d", &enctype) == EOF)
-      break;
-    if (scanf("%1024s", &s[0]) == EOF)
-      break;
-    assert (krb5_init_keyblock(0, enctype, 0, &k1) == 0);
-    s2k.data = &s[0];
-    s2k.length = strlen(s);
-    assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1) == 0);
-    if (scanf("%1024s", &s[0]) == EOF)
-      break;
-    assert (krb5_init_keyblock(0, enctype, 0, &k2) == 0);
-    s2k.data = &s[0];
-    s2k.length = strlen(s);
-    assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2) == 0);
-    if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
-      break;
-    assert(krb5_c_fx_cf2_simple(0, k1, pepper1,
-				k2, pepper2, &out) ==0);
-    i = out->length;
-    for (; i > 0; i--) {
-      printf ("%02x",
-	      (unsigned int) ((unsigned char) out->contents[out->length-i]));
-    }
-    printf ("\n");
+        if (scanf( "%d", &enctype) == EOF)
+            break;
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &k1) == 0);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1) == 0);
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &k2) == 0);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2) == 0);
+        if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
+            break;
+        assert(krb5_c_fx_cf2_simple(0, k1, pepper1,
+                                    k2, pepper2, &out) ==0);
+        i = out->length;
+        for (; i > 0; i--) {
+            printf ("%02x",
+                    (unsigned int) ((unsigned char) out->contents[out->length-i]));
+        }
+        printf ("\n");
 
-    krb5_free_keyblock(0,out);
-    out = NULL;
+        krb5_free_keyblock(0,out);
+        out = NULL;
 
-    krb5_free_keyblock(0, k1);
-    k1 = NULL;
-    krb5_free_keyblock(0, k2);
-    k2 =  NULL;
-  }
+        krb5_free_keyblock(0, k1);
+        k1 = NULL;
+        krb5_free_keyblock(0, k2);
+        k2 =  NULL;
+    }
 
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/builtin/yhash.h b/src/lib/crypto/builtin/yhash.h
index ce78c56..dcb8769 100644
--- a/src/lib/crypto/builtin/yhash.h
+++ b/src/lib/crypto/builtin/yhash.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YHASH_H
 #define YHASH_H
@@ -14,14 +14,14 @@
 #define HASH_CTX SHS_INFO
 #define HASH_Init(x) shsInit(x)
 #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
-#define HASH_Final(x, tdigest)  do { \
-  size_t loopvar; \
-  unsigned char *out2 = (void *)(tdigest); \
-  HASH_CTX  *ctx = (x); \
-  shsFinal(ctx); \
-  for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \
-    store_32_be(ctx->digest[loopvar], &out2[loopvar*4]); \
-  } while(0)
+#define HASH_Final(x, tdigest)  do {                                    \
+        size_t loopvar;                                                 \
+        unsigned char *out2 = (void *)(tdigest);                        \
+        HASH_CTX  *ctx = (x);                                           \
+        shsFinal(ctx);                                                  \
+        for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \
+            store_32_be(ctx->digest[loopvar], &out2[loopvar*4]);        \
+    } while(0)
 
 
 #define HASH_DIGEST_SIZE SHS_DIGESTSIZE
diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c
index 3ccacd8..e8f7cfb 100644
--- a/src/lib/crypto/crypto_tests/aes-test.c
+++ b/src/lib/crypto/crypto_tests/aes-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aes/aes-test.c
  *
@@ -83,12 +84,12 @@ static void vk_test_1(int len)
     memset(plain, 0, sizeof(plain));
     hexdump("PT", plain, 16);
     for (i = 0; i < len * 8; i++) {
-	memset(key, 0, len);
-	set_bit(key, i);
-	printf("\nI=%d\n", i+1);
-	hexdump("KEY", key, len);
-	enc();
-	hexdump("CT", cipher, 16);
+        memset(key, 0, len);
+        set_bit(key, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("KEY", key, len);
+        enc();
+        hexdump("CT", cipher, 16);
     }
     printf("\n==========\n");
 }
@@ -108,12 +109,12 @@ static void vt_test_1(int len)
     memset(key, 0, len);
     hexdump("KEY", key, len);
     for (i = 0; i < 16 * 8; i++) {
-	memset(plain, 0, sizeof(plain));
-	set_bit(plain, i);
-	printf("\nI=%d\n", i+1);
-	hexdump("PT", plain, 16);
-	enc();
-	hexdump("CT", cipher, 16);
+        memset(plain, 0, sizeof(plain));
+        set_bit(plain, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("PT", plain, 16);
+        enc();
+        hexdump("CT", cipher, 16);
     }
     printf("\n==========\n");
 }
@@ -127,16 +128,16 @@ static void vt_test()
 int main (int argc, char *argv[])
 {
     if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
-	fprintf(stderr,
-		"usage:\t%s -k\tfor variable-key tests\n"
-		"   or:\t%s   \tfor variable-plaintext tests\n",
-		argv[0], argv[0]);
-	return 1;
+        fprintf(stderr,
+                "usage:\t%s -k\tfor variable-key tests\n"
+                "   or:\t%s   \tfor variable-plaintext tests\n",
+                argv[0], argv[0]);
+        return 1;
     }
     init();
     if (argc == 2)
-	vk_test();
+        vk_test();
     else
-	vt_test();
+        vt_test();
     return 0;
 }
diff --git a/src/lib/crypto/crypto_tests/t_cksum.c b/src/lib/crypto/crypto_tests/t_cksum.c
index 5fab869..5aca50f 100644
--- a/src/lib/crypto/crypto_tests/t_cksum.c
+++ b/src/lib/crypto/crypto_tests/t_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md5/t_cksum.c
  *
@@ -34,50 +35,50 @@
 #define MD5_K5BETA_COMPAT
 #define MD4_K5BETA_COMPAT
 
-#if	MD == 4
+#if     MD == 4
 extern struct krb5_keyhash_provider krb5int_keyhash_md4des;
 #define khp krb5int_keyhash_md4des
 #endif
 
-#if	MD == 5
+#if     MD == 5
 extern struct krb5_keyhash_provider krb5int_keyhash_md5des;
 #define khp krb5int_keyhash_md5des
 #endif
 
 static void
 print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_data	*checksum;
+    char       *text;
+    int        number;
+    char       *message;
+    krb5_data  *checksum;
 {
-  int i;
+    int i;
 
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", (unsigned char) checksum->data[i]);
-  printf("\n");
+    printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+    for (i=0; i<checksum->length; i++)
+        printf("%02x", (unsigned char) checksum->data[i]);
+    printf("\n");
 }
 
 static void
 parse_hexstring(const char *s, krb5_data *dat)
 {
-  size_t i, len;
-  unsigned int byte;
-  unsigned char *cp;
-
-  len = strlen(s);
-  cp = malloc(len / 2);
-  dat->data = (char *)cp;
-  if (cp == NULL) {
-    dat->length = 0;
-    return;
-  }
-  dat->length = len / 2;
-  for (i = 0; i + 1 < len; i += 2) {
-    sscanf(&s[i], "%2x", &byte);
-    *cp++ = byte;
-  }
+    size_t i, len;
+    unsigned int byte;
+    unsigned char *cp;
+
+    len = strlen(s);
+    cp = malloc(len / 2);
+    dat->data = (char *)cp;
+    if (cp == NULL) {
+        dat->length = 0;
+        return;
+    }
+    dat->length = len / 2;
+    for (i = 0; i + 1 < len; i += 2) {
+        sscanf(&s[i], "%2x", &byte);
+        *cp++ = byte;
+    }
 }
 
 /*
@@ -89,97 +90,97 @@ krb5_octet testkey[8] = { 0x45, 0x01, 0x49, 0x61, 0x58, 0x19, 0x1a, 0x3d };
 
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-  int 			msgindex;
-  krb5_boolean		valid;
-  size_t		length;
-  krb5_keyblock		keyblock;
-  krb5_key		key;
-  krb5_error_code	kret=0;
-  krb5_data		plaintext, newstyle_checksum, knowncksum_dat;
-
-  /* this is a terrible seed, but that's ok for the test. */
+    int                   msgindex;
+    krb5_boolean          valid;
+    size_t                length;
+    krb5_keyblock         keyblock;
+    krb5_key              key;
+    krb5_error_code       kret=0;
+    krb5_data             plaintext, newstyle_checksum, knowncksum_dat;
 
-  plaintext.length = 8;
-  plaintext.data = (char *) testkey;
+    /* this is a terrible seed, but that's ok for the test. */
 
-  krb5_c_random_seed(/* XXX */ 0, &plaintext);
+    plaintext.length = 8;
+    plaintext.data = (char *) testkey;
 
-  keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-  keyblock.length = sizeof(testkey);
-  keyblock.contents = testkey;
+    krb5_c_random_seed(/* XXX */ 0, &plaintext);
 
-  krb5_k_create_key(NULL, &keyblock, &key);
+    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    keyblock.length = sizeof(testkey);
+    keyblock.contents = testkey;
 
-  length = khp.hashsize;
+    krb5_k_create_key(NULL, &keyblock, &key);
 
-  newstyle_checksum.length = length;
+    length = khp.hashsize;
 
-  if (!(newstyle_checksum.data = (char *)
-	malloc((unsigned) newstyle_checksum.length))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
-    plaintext.length = strlen(argv[msgindex]);
-    plaintext.data = argv[msgindex];
+    newstyle_checksum.length = length;
 
-    if ((kret = (*(khp.hash))(key, 0, 0, &plaintext, &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-
-    if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
-				&valid))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    if (!valid) {
-      printf("verify on new checksum failed\n");
-      kret = 1;
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-
-    newstyle_checksum.data[0]++;
-    if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
-				&valid))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    if (valid) {
-      printf("verify on new checksum succeeded, but shouldn't have\n");
-      kret = 1;
-      break;
-    }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-    parse_hexstring(argv[msgindex+1], &knowncksum_dat);
-    if (knowncksum_dat.data == NULL) {
-      printf("parse_hexstring failed\n");
-      kret = 1;
-      break;
-    }
-    if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &knowncksum_dat,
-				&valid))) {
-      printf("verify on known checksum choked with %d\n", kret);
-      break;
+    if (!(newstyle_checksum.data = (char *)
+          malloc((unsigned) newstyle_checksum.length))) {
+        printf("cannot get memory for new style checksum\n");
+        return(ENOMEM);
     }
-    if (!valid) {
-      printf("verify on known checksum failed\n");
-      kret = 1;
-      break;
+    for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
+        plaintext.length = strlen(argv[msgindex]);
+        plaintext.data = argv[msgindex];
+
+        if ((kret = (*(khp.hash))(key, 0, 0, &plaintext, &newstyle_checksum))) {
+            printf("krb5_calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
+
+        if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
+                                    &valid))) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        if (!valid) {
+            printf("verify on new checksum failed\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+
+        newstyle_checksum.data[0]++;
+        if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
+                                    &valid))) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        if (valid) {
+            printf("verify on new checksum succeeded, but shouldn't have\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+        parse_hexstring(argv[msgindex+1], &knowncksum_dat);
+        if (knowncksum_dat.data == NULL) {
+            printf("parse_hexstring failed\n");
+            kret = 1;
+            break;
+        }
+        if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &knowncksum_dat,
+                                    &valid))) {
+            printf("verify on known checksum choked with %d\n", kret);
+            break;
+        }
+        if (!valid) {
+            printf("verify on known checksum failed\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify on known checksum succeeded\n");
+        kret = 0;
     }
-    printf("Verify on known checksum succeeded\n");
-    kret = 0;
-  }
-  free(newstyle_checksum.data);
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
+    free(newstyle_checksum.data);
+    if (!kret)
+        printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
 
-  krb5_k_free_key(NULL, key);
+    krb5_k_free_key(NULL, key);
 
-  return(kret);
+    return(kret);
 }
diff --git a/src/lib/crypto/crypto_tests/t_crc.c b/src/lib/crypto/crypto_tests/t_crc.c
index cf837f8..6d06334 100644
--- a/src/lib/crypto/crypto_tests/t_crc.c
+++ b/src/lib/crypto/crypto_tests/t_crc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crc32/t_crc.c
  *
@@ -36,9 +37,9 @@
 #define HEX 1
 #define STR 2
 struct crc_trial {
-    int		type;
-    char	*data;
-    unsigned long	sum;
+    int         type;
+    char        *data;
+    unsigned long       sum;
 };
 
 struct crc_trial trials[] = {
@@ -115,42 +116,42 @@ timetest(unsigned int nblk, unsigned int blksiz)
 
     block = malloc(blksiz * nblk);
     if (block == NULL)
-	exit(1);
+        exit(1);
     for (i = 0; i < blksiz * nblk; i++)
-	block[i] = i % 256;
+        block[i] = i % 256;
     times(&before);
     for (i = 0; i < nblk; i++) {
-	mit_crc32(block + i * blksiz, blksiz, &cksum);
+        mit_crc32(block + i * blksiz, blksiz, &cksum);
     }
 
     times(&after);
     printf("shift-8 implementation, %d blocks of %d bytes:\n",
-	   nblk, blksiz);
+           nblk, blksiz);
     printf("\tu=%ld s=%ld cu=%ld cs=%ld\n",
-	   (long)(after.tms_utime - before.tms_utime),
-	   (long)(after.tms_stime - before.tms_stime),
-	   (long)(after.tms_cutime - before.tms_cutime),
-	   (long)(after.tms_cstime - before.tms_cstime));
+           (long)(after.tms_utime - before.tms_utime),
+           (long)(after.tms_stime - before.tms_stime),
+           (long)(after.tms_cutime - before.tms_cutime),
+           (long)(after.tms_cstime - before.tms_cstime));
 
 #ifdef CRC32_SHIFT4
     times(&before);
     for (i = 0; i < nblk; i++) {
-	mit_crc32_shift4(block + i * blksiz, blksiz, &cksum);
+        mit_crc32_shift4(block + i * blksiz, blksiz, &cksum);
     }
     times(&after);
     printf("shift-4 implementation, %d blocks of %d bytes:\n",
-	   nblk, blksiz);
+           nblk, blksiz);
     printf("\tu=%ld s=%ld cu=%ld cs=%ld\n",
-	   (long)(after.tms_utime - before.tms_utime),
-	   (long)(after.tms_stime - before.tms_stime),
-	   (long)(after.tms_cutime - before.tms_cutime),
-	   (long)(after.tms_cstime - before.tms_cstime));
+           (long)(after.tms_utime - before.tms_utime),
+           (long)(after.tms_stime - before.tms_stime),
+           (long)(after.tms_cutime - before.tms_cutime),
+           (long)(after.tms_cstime - before.tms_cstime));
 #endif
     free(block);
 }
 
 static void gethexstr(char *data, size_t *outlen, unsigned char *outbuf,
-		      size_t buflen)
+                      size_t buflen)
 {
     size_t inlen;
     char *cp, buf[3];
@@ -159,12 +160,12 @@ static void gethexstr(char *data, size_t *outlen, unsigned char *outbuf,
     inlen = strlen(data);
     *outlen = 0;
     for (cp = data; cp - data < inlen; cp += 2) {
-	strncpy(buf, cp, 2);
-	buf[2] = '\0';
-	n = strtol(buf, NULL, 16);
-	outbuf[(*outlen)++] = n;
-	if (*outlen > buflen)
-	    break;
+        strncpy(buf, cp, 2);
+        buf[2] = '\0';
+        n = strtol(buf, NULL, 16);
+        outbuf[(*outlen)++] = n;
+        if (*outlen > buflen)
+            break;
     }
 }
 
@@ -179,26 +180,26 @@ verify(void)
     char *typestr;
 
     for (i = 0; i < NTRIALS; i++) {
-	trial = trials[i];
-	switch (trial.type) {
-	case STR:
-	    len = strlen(trial.data);
-	    typestr = "STR";
-	    mit_crc32(trial.data, len, &cksum);
-	    break;
-	case HEX:
-	    typestr = "HEX";
-	    gethexstr(trial.data, &len, buf, 4);
-	    mit_crc32(buf, len, &cksum);
-	    break;
-	default:
-	    typestr = "BOGUS";
-	    fprintf(stderr, "bad trial type %d\n", trial.type);
-	    exit(1);
-	}
-	printf("%s: %s \"%s\" = 0x%08lx\n",
-	       (trial.sum == cksum) ? "OK" : "***BAD***",
-	       typestr, trial.data, cksum);
+        trial = trials[i];
+        switch (trial.type) {
+        case STR:
+            len = strlen(trial.data);
+            typestr = "STR";
+            mit_crc32(trial.data, len, &cksum);
+            break;
+        case HEX:
+            typestr = "HEX";
+            gethexstr(trial.data, &len, buf, 4);
+            mit_crc32(buf, len, &cksum);
+            break;
+        default:
+            typestr = "BOGUS";
+            fprintf(stderr, "bad trial type %d\n", trial.type);
+            exit(1);
+        }
+        printf("%s: %s \"%s\" = 0x%08lx\n",
+               (trial.sum == cksum) ? "OK" : "***BAD***",
+               typestr, trial.data, cksum);
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c
index d948532..4a908cc 100644
--- a/src/lib/crypto/crypto_tests/t_cts.c
+++ b/src/lib/crypto/crypto_tests/t_cts.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/vectors.c
  *
@@ -45,7 +46,7 @@ const char *whoami;
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const char *p) { printhex (strlen (p), p); }
@@ -68,9 +69,9 @@ keyToData (krb5_keyblock *k, krb5_data *d)
 
 void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -86,17 +87,17 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
 #ifdef SHOW_TEXT
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
 #endif
     }
     printf("\n");
@@ -111,7 +112,7 @@ static void printk(const char *descr, krb5_keyblock *k) {
 static void test_cts()
 {
     static const char input[4*16] =
-	"I would like the General Gau's Chicken, please, and wonton soup.";
+        "I would like the General Gau's Chicken, please, and wonton soup.";
     static const unsigned char aeskey[16] = "chicken teriyaki";
     static const int lengths[] = { 17, 31, 32, 47, 48, 64 };
 
@@ -133,41 +134,41 @@ static void test_cts()
 
     err = krb5_k_create_key(NULL, &keyblock, &key);
     if (err) {
-	printf("error %ld from krb5_k_create_key\n", (long)err);
-	exit(1);
+        printf("error %ld from krb5_k_create_key\n", (long)err);
+        exit(1);
     }
 
     memset(enciv.data, 0, 16);
     printk("AES 128-bit key", &keyblock);
     for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
-    memset(enciv.data, 0, 16);
-    memset(deciv.data, 0, 16);
-
-	printf("\n");
-	in.length = out.length = lengths[i];
-	printd("IV", &enciv);
-	err = krb5int_aes_encrypt(key, &enciv, &in, &out);
-	if (err) {
-	    printf("error %ld from krb5int_aes_encrypt\n", (long)err);
-	    exit(1);
-	}
-	printd("Input", &in);
-	printd("Output", &out);
-	printd("Next IV", &enciv);
-	out2.length = out.length;
-	err = krb5int_aes_decrypt(key, &deciv, &out, &out2);
-	if (err) {
-	    printf("error %ld from krb5int_aes_decrypt\n", (long)err);
-	    exit(1);
-	}
-	if (!data_eq(out2, in)) {
-	    printd("Decryption result DOESN'T MATCH", &out2);
-	    exit(1);
-	}
-	if (memcmp(enciv.data, deciv.data, 16)) {
-	    printd("Decryption IV result DOESN'T MATCH", &deciv);
-	    exit(1);
-	}
+        memset(enciv.data, 0, 16);
+        memset(deciv.data, 0, 16);
+
+        printf("\n");
+        in.length = out.length = lengths[i];
+        printd("IV", &enciv);
+        err = krb5int_aes_encrypt(key, &enciv, &in, &out);
+        if (err) {
+            printf("error %ld from krb5int_aes_encrypt\n", (long)err);
+            exit(1);
+        }
+        printd("Input", &in);
+        printd("Output", &out);
+        printd("Next IV", &enciv);
+        out2.length = out.length;
+        err = krb5int_aes_decrypt(key, &deciv, &out, &out2);
+        if (err) {
+            printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+            exit(1);
+        }
+        if (!data_eq(out2, in)) {
+            printd("Decryption result DOESN'T MATCH", &out2);
+            exit(1);
+        }
+        if (memcmp(enciv.data, deciv.data, 16)) {
+            printd("Decryption IV result DOESN'T MATCH", &deciv);
+            exit(1);
+        }
     }
     krb5_k_free_key(NULL, key);
 }
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index 5615bc8..60e86f4 100644
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_encrypt.c
  *
@@ -36,15 +37,15 @@
 
 /* What enctypes should we test?*/
 krb5_enctype interesting_enctypes[] = {
-  ENCTYPE_DES_CBC_CRC,
-  ENCTYPE_DES_CBC_MD4,
-  ENCTYPE_DES_CBC_MD5,
-  ENCTYPE_DES3_CBC_SHA1,
-  ENCTYPE_ARCFOUR_HMAC,
-  ENCTYPE_ARCFOUR_HMAC_EXP,
-  ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-  ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-  0
+    ENCTYPE_DES_CBC_CRC,
+    ENCTYPE_DES_CBC_MD4,
+    ENCTYPE_DES_CBC_MD5,
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_ARCFOUR_HMAC_EXP,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    0
 };
 
 static void
@@ -52,24 +53,24 @@ test(const char *msg, krb5_error_code retval)
 {
     printf("%s: . . . ", msg);
     if (retval) {
-	printf("Failed: %s\n", error_message(retval));
-	abort();
+        printf("Failed: %s\n", error_message(retval));
+        abort();
     } else
-	printf("OK\n");
+        printf("OK\n");
 }
 
 static int compare_results(krb5_data *d1, krb5_data *d2)
 {
     if (d1->length != d2->length) {
-	/* Decryption can leave a little trailing cruft.
-	   For the current cryptosystems, this can be up to 7 bytes.  */
-	if (d1->length + 8 <= d2->length)
-	    return EINVAL;
-	if (d1->length > d2->length)
-	    return EINVAL;
+        /* Decryption can leave a little trailing cruft.
+           For the current cryptosystems, this can be up to 7 bytes.  */
+        if (d1->length + 8 <= d2->length)
+            return EINVAL;
+        if (d1->length > d2->length)
+            return EINVAL;
     }
     if (memcmp(d1->data, d2->data, d1->length)) {
-	return EINVAL;
+        return EINVAL;
     }
     return 0;
 }
@@ -77,187 +78,187 @@ static int compare_results(krb5_data *d1, krb5_data *d2)
 int
 main ()
 {
-  krb5_context context = 0;
-  krb5_data  in, in2, out, out2, check, check2, state, signdata;
-  krb5_crypto_iov iov[5];
-  int i, j, pos;
-  unsigned int dummy;
-  size_t len;
-  krb5_enc_data enc_out, enc_out2;
-  krb5_keyblock *keyblock;
-  krb5_key key;
+    krb5_context context = 0;
+    krb5_data  in, in2, out, out2, check, check2, state, signdata;
+    krb5_crypto_iov iov[5];
+    int i, j, pos;
+    unsigned int dummy;
+    size_t len;
+    krb5_enc_data enc_out, enc_out2;
+    krb5_keyblock *keyblock;
+    krb5_key key;
 
-  memset(iov, 0, sizeof(iov));
+    memset(iov, 0, sizeof(iov));
 
-  in.data = "This is a test.\n";
-  in.length = strlen (in.data);
-  in2.data = "This is another test.\n";
-  in2.length = strlen (in2.data);
+    in.data = "This is a test.\n";
+    in.length = strlen (in.data);
+    in2.data = "This is another test.\n";
+    in2.length = strlen (in2.data);
 
-  test ("Seeding random number generator",
-	krb5_c_random_seed (context, &in));
+    test ("Seeding random number generator",
+          krb5_c_random_seed (context, &in));
 
-  /* Set up output buffers. */
-  out.data = malloc(2048);
-  out2.data = malloc(2048);
-  check.data = malloc(2048);
-  check2.data = malloc(2048);
-  if (out.data == NULL || out2.data == NULL
-      || check.data == NULL || check2.data == NULL)
-      abort();
-  out.magic = KV5M_DATA;
-  out.length = 2048;
-  out2.magic = KV5M_DATA;
-  out2.length = 2048;
-  check.length = 2048;
-  check2.length = 2048;
+    /* Set up output buffers. */
+    out.data = malloc(2048);
+    out2.data = malloc(2048);
+    check.data = malloc(2048);
+    check2.data = malloc(2048);
+    if (out.data == NULL || out2.data == NULL
+        || check.data == NULL || check2.data == NULL)
+        abort();
+    out.magic = KV5M_DATA;
+    out.length = 2048;
+    out2.magic = KV5M_DATA;
+    out2.length = 2048;
+    check.length = 2048;
+    check2.length = 2048;
 
-  for (i = 0; interesting_enctypes[i]; i++) {
-    krb5_enctype enctype = interesting_enctypes [i];
+    for (i = 0; interesting_enctypes[i]; i++) {
+        krb5_enctype enctype = interesting_enctypes [i];
 
-    printf ("Testing enctype %d\n", enctype);
-    test ("Initializing a keyblock",
-	  krb5_init_keyblock (context, enctype, 0, &keyblock));
-    test ("Generating random keyblock",
-	  krb5_c_make_random_key (context, enctype, keyblock));
-    test ("Creating opaque key from keyblock",
-	  krb5_k_create_key (context, keyblock, &key));
+        printf ("Testing enctype %d\n", enctype);
+        test ("Initializing a keyblock",
+              krb5_init_keyblock (context, enctype, 0, &keyblock));
+        test ("Generating random keyblock",
+              krb5_c_make_random_key (context, enctype, keyblock));
+        test ("Creating opaque key from keyblock",
+              krb5_k_create_key (context, keyblock, &key));
 
-    enc_out.ciphertext = out;
-    enc_out2.ciphertext = out2;
-    /* We use an intermediate `len' because size_t may be different size
-       than `int' */
-    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
-    enc_out.ciphertext.length = len;
+        enc_out.ciphertext = out;
+        enc_out2.ciphertext = out2;
+        /* We use an intermediate `len' because size_t may be different size
+           than `int' */
+        krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+        enc_out.ciphertext.length = len;
 
-    /* Encrypt, decrypt, and see if we got the plaintext back again. */
-    test ("Encrypting (c)",
-	  krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
-    test ("Decrypting",
-	  krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
-    test ("Comparing", compare_results (&in, &check));
+        /* Encrypt, decrypt, and see if we got the plaintext back again. */
+        test ("Encrypting (c)",
+              krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
+        test ("Decrypting",
+              krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
 
-    /* Try again with the opaque-key-using variants. */
-    memset(out.data, 0, out.length);
-    test ("Encrypting (k)",
-	  krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
-    test ("Decrypting",
-	  krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
-    test ("Comparing", compare_results (&in, &check));
+        /* Try again with the opaque-key-using variants. */
+        memset(out.data, 0, out.length);
+        test ("Encrypting (k)",
+              krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+        test ("Decrypting",
+              krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
 
-    /* Check if this enctype supports IOV encryption. */
-    if ( krb5_c_crypto_length(context, keyblock->enctype,
-			      KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
-	/* Set up iovecs for stream decryption. */
-	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
-	iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
-	iov[0].data.data = out2.data;
-	iov[0].data.length = enc_out.ciphertext.length;
-	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+        /* Check if this enctype supports IOV encryption. */
+        if ( krb5_c_crypto_length(context, keyblock->enctype,
+                                  KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
+            /* Set up iovecs for stream decryption. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
+            iov[0].data.data = out2.data;
+            iov[0].data.length = enc_out.ciphertext.length;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
 
-	/* Decrypt the encrypted data from above and check it. */
-	test("IOV stream decrypting (c)",
-	     krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Decrypt the encrypted data from above and check it. */
+            test("IOV stream decrypting (c)",
+                 krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Try again with the opaque-key-using variant. */
-	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
-	test("IOV stream decrypting (k)",
-	     krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Try again with the opaque-key-using variant. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            test("IOV stream decrypting (k)",
+                 krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Set up iovecs for AEAD encryption. */
-	signdata.magic = KV5M_DATA;
-	signdata.data = (char *) "This should be signed";
-	signdata.length = strlen(signdata.data);
-	iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
-	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-	iov[1].data = in; /*We'll need to copy memory before encrypt*/
-	iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
-	iov[2].data = signdata;
-	iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
-	iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
+            /* Set up iovecs for AEAD encryption. */
+            signdata.magic = KV5M_DATA;
+            signdata.data = (char *) "This should be signed";
+            signdata.length = strlen(signdata.data);
+            iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[1].data = in; /*We'll need to copy memory before encrypt*/
+            iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+            iov[2].data = signdata;
+            iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
+            iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
 
-	/* "Allocate" data for the iovec buffers from the "out" buffer. */
-	test("Setting up iov lengths",
-	     krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
-	for (j=0,pos=0; j <= 4; j++ ){
-	    if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
-		continue;
-	    iov[j].data.data = &out.data[pos];
-	    pos += iov[j].data.length;
-	}
-	assert (iov[1].data.length == in.length);
-	memcpy(iov[1].data.data, in.data, in.length);
+            /* "Allocate" data for the iovec buffers from the "out" buffer. */
+            test("Setting up iov lengths",
+                 krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
+            for (j=0,pos=0; j <= 4; j++ ){
+                if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
+                    continue;
+                iov[j].data.data = &out.data[pos];
+                pos += iov[j].data.length;
+            }
+            assert (iov[1].data.length == in.length);
+            memcpy(iov[1].data.data, in.data, in.length);
 
-	/* Encrypt and decrypt in place, and check the result. */
-	test("iov encrypting (c)",
-	     krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
-	assert(iov[1].data.length == in.length);
-	test("iov decrypting",
-	     krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Encrypt and decrypt in place, and check the result. */
+            test("iov encrypting (c)",
+                 krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            test("iov decrypting",
+                 krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Try again with opaque-key-using variants. */
-	test("iov encrypting (k)",
-	     krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
-	assert(iov[1].data.length == in.length);
-	test("iov decrypting",
-	     krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
-    }
+            /* Try again with opaque-key-using variants. */
+            test("iov encrypting (k)",
+                 krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            test("iov decrypting",
+                 krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+        }
 
-    enc_out.ciphertext.length = out.length;
-    check.length = 2048;
+        enc_out.ciphertext.length = out.length;
+        check.length = 2048;
 
-    test ("init_state",
-	  krb5_c_init_state (context, keyblock, 7, &state));
-    test ("Encrypting with state",
-	  krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
-    test ("Encrypting again with state",
-	  krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
-    test ("free_state",
-	  krb5_c_free_state (context, keyblock, &state));
-    test ("init_state",
-	  krb5_c_init_state (context, keyblock, 7, &state));
-    test ("Decrypting with state",
-	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
-    test ("Decrypting again with state",
-	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
-    test ("free_state",
-	  krb5_c_free_state (context, keyblock, &state));
-    test ("Comparing",
-	  compare_results (&in, &check));
-    test ("Comparing",
-	  compare_results (&in2, &check2));
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Encrypting with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
+        test ("Encrypting again with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Decrypting with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
+        test ("Decrypting again with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("Comparing",
+              compare_results (&in, &check));
+        test ("Comparing",
+              compare_results (&in2, &check2));
 
-    krb5_free_keyblock (context, keyblock);
-    krb5_k_free_key (context, key);
-  }
+        krb5_free_keyblock (context, keyblock);
+        krb5_k_free_key (context, key);
+    }
 
-  /* Test the RC4 decrypt fallback from key usage 9 to 8. */
-  test ("Initializing an RC4 keyblock",
-	krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
-  test ("Generating random RC4 key",
-	krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
-  enc_out.ciphertext = out;
-  krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
-  enc_out.ciphertext.length = len;
-  check.length = 2048;
-  test ("Encrypting with RC4 key usage 8",
-	krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
-  test ("Decrypting with RC4 key usage 9",
-	krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
-  test ("Comparing", compare_results (&in, &check));
+    /* Test the RC4 decrypt fallback from key usage 9 to 8. */
+    test ("Initializing an RC4 keyblock",
+          krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
+    test ("Generating random RC4 key",
+          krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
+    enc_out.ciphertext = out;
+    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+    enc_out.ciphertext.length = len;
+    check.length = 2048;
+    test ("Encrypting with RC4 key usage 8",
+          krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
+    test ("Decrypting with RC4 key usage 9",
+          krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
 
-  krb5_free_keyblock (context, keyblock);
-  free(out.data);
-  free(out2.data);
-  free(check.data);
-  free(check2.data);
-  return 0;
+    krb5_free_keyblock (context, keyblock);
+    free(out.data);
+    free(out2.data);
+    free(check.data);
+    free(check2.data);
+    return 0;
 }
diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c
index 55b47b8..2bb5ff3 100644
--- a/src/lib/crypto/crypto_tests/t_hmac.c
+++ b/src/lib/crypto/crypto_tests/t_hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_hmac.c
  *
@@ -47,9 +48,9 @@ static void keyToData (krb5_keyblock *k, krb5_data *d) {
 #if 0
 static void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -62,16 +63,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s (%d bytes):", descr, d->length);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -92,8 +93,8 @@ struct hmac_test {
 };
 
 static krb5_error_code hmac1(const struct krb5_hash_provider *h,
-			     krb5_keyblock *key,
-			     krb5_data *in, krb5_data *out)
+                             krb5_keyblock *key,
+                             krb5_data *in, krb5_data *out)
 {
     char tmp[40];
     size_t blocksize, hashsize;
@@ -104,28 +105,28 @@ static krb5_error_code hmac1(const struct krb5_hash_provider *h,
     blocksize = h->blocksize;
     hashsize = h->hashsize;
     if (hashsize > sizeof(tmp))
-	abort();
+        abort();
     if (key->length > blocksize) {
-	krb5_data d, d2;
-	d.data = (char *) key->contents;
-	d.length = key->length;
-	d2.data = tmp;
-	d2.length = hashsize;
-	err = h->hash (1, &d, &d2);
-	if (err) {
-	    com_err(whoami, err, "hashing key before calling hmac");
-	    exit(1);
-	}
-	key->length = d2.length;
-	key->contents = (krb5_octet *) d2.data;
-	printk(" pre-hashed key", key);
+        krb5_data d, d2;
+        d.data = (char *) key->contents;
+        d.length = key->length;
+        d2.data = tmp;
+        d2.length = hashsize;
+        err = h->hash (1, &d, &d2);
+        if (err) {
+            com_err(whoami, err, "hashing key before calling hmac");
+            exit(1);
+        }
+        key->length = d2.length;
+        key->contents = (krb5_octet *) d2.data;
+        printk(" pre-hashed key", key);
     }
     printd(" hmac input", in);
     krb5_k_create_key(NULL, key, &k);
     err = krb5int_hmac(h, k, 1, in, out);
     krb5_k_free_key(NULL, k);
     if (err == 0)
-	printd(" hmac output", out);
+        printd(" hmac output", out);
     return err;
 }
 
@@ -142,128 +143,128 @@ static void test_hmac()
 
     /* RFC 2202 test vector.  */
     static const struct hmac_test md5tests[] = {
-	{
-	    16, {
-		0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
-		0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
-	    },
-	    8, "Hi There",
-	    "0x9294727a3638bb1c13f48ef8158bfc9d"
-	},
+        {
+            16, {
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+            },
+            8, "Hi There",
+            "0x9294727a3638bb1c13f48ef8158bfc9d"
+        },
 
-	{
-	    4, "Jefe",
-	    28, "what do ya want for nothing?",
-	    "0x750c783e6ab0b503eaa86e310a5db738"
-	},
+        {
+            4, "Jefe",
+            28, "what do ya want for nothing?",
+            "0x750c783e6ab0b503eaa86e310a5db738"
+        },
 
-	{
-	    16, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
-	    },
-	    50, {
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-	    },
-	    "0x56be34521d144c88dbb8c733f0e8b3f6"
-	},
+        {
+            16, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+            },
+            50, {
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            },
+            "0x56be34521d144c88dbb8c733f0e8b3f6"
+        },
 
-	{
-	    25, {
-		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
-		0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
-		0x15, 0x16, 0x17, 0x18, 0x19
-	    },
-	    50, {
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-	    },
-	    "0x697eaf0aca3a3aea3a75164746ffaa79"
-	},
+        {
+            25, {
+                0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                0x15, 0x16, 0x17, 0x18, 0x19
+            },
+            50, {
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+            },
+            "0x697eaf0aca3a3aea3a75164746ffaa79"
+        },
 
-	{
-	    16, {
-		0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
-		0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
-	    },
-	    20, "Test With Truncation",
-	    "0x56461ef2342edc00f9bab995690efd4c"
-	},
+        {
+            16, {
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+            },
+            20, "Test With Truncation",
+            "0x56461ef2342edc00f9bab995690efd4c"
+        },
 
-	{
-	    80, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-	    },
-	    54, "Test Using Larger Than Block-Size Key - Hash Key First",
-	    "0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
-	},
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            54, "Test Using Larger Than Block-Size Key - Hash Key First",
+            "0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
+        },
 
-	{
-	    80, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-	    },
-	    73,
-	    "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
-	    "0x6f630fad67cda0ee1fb1f562db3aa53e"
-	},
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            73,
+            "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
+            "0x6f630fad67cda0ee1fb1f562db3aa53e"
+        },
     };
 
     for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
-	key.contents = md5tests[i].key;
-	key.length = md5tests[i].key_len;
-	in.data = md5tests[i].data;
-	in.length = md5tests[i].data_len;
+        key.contents = md5tests[i].key;
+        key.length = md5tests[i].key_len;
+        in.data = md5tests[i].data;
+        in.length = md5tests[i].data_len;
 
-	out.data = outbuf;
-	out.length = 20;
-	printf("\nTest #%d:\n", i+1);
-	err = hmac1(&krb5int_hash_md5, &key, &in, &out);
-	if (err) {
-	    com_err(whoami, err, "computing hmac");
-	    exit(1);
-	}
+        out.data = outbuf;
+        out.length = 20;
+        printf("\nTest #%d:\n", i+1);
+        err = hmac1(&krb5int_hash_md5, &key, &in, &out);
+        if (err) {
+            com_err(whoami, err, "computing hmac");
+            exit(1);
+        }
 
-	krb5int_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf));
-	krb5int_buf_add(&buf, "0x");
-	for (j = 0; j < out.length; j++)
-	    krb5int_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]);
-	if (krb5int_buf_data(&buf) == NULL)
-	    abort();
-	if (strcmp(stroutbuf, md5tests[i].hexdigest)) {
-	    printf("*** CHECK FAILED!\n"
-		   "\tReturned: %s.\n"
-		   "\tExpected: %s.\n", stroutbuf, md5tests[i].hexdigest);
-	    lose++;
-	} else
-	    printf("Matches expected result.\n");
+        krb5int_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf));
+        krb5int_buf_add(&buf, "0x");
+        for (j = 0; j < out.length; j++)
+            krb5int_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]);
+        if (krb5int_buf_data(&buf) == NULL)
+            abort();
+        if (strcmp(stroutbuf, md5tests[i].hexdigest)) {
+            printf("*** CHECK FAILED!\n"
+                   "\tReturned: %s.\n"
+                   "\tExpected: %s.\n", stroutbuf, md5tests[i].hexdigest);
+            lose++;
+        } else
+            printf("Matches expected result.\n");
     }
 
     /* Do again with SHA-1 tests....  */
 
     if (lose) {
-	printf("%d failures; exiting.\n", lose);
-	exit(1);
+        printf("%d failures; exiting.\n", lose);
+        exit(1);
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_kperf.c b/src/lib/crypto/crypto_tests/t_kperf.c
index 4c99d72..e653996 100644
--- a/src/lib/crypto/crypto_tests/t_kperf.c
+++ b/src/lib/crypto/crypto_tests/t_kperf.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crypto_tests/t_kperf.c
  *
diff --git a/src/lib/crypto/crypto_tests/t_mdcksum.c b/src/lib/crypto/crypto_tests/t_mdcksum.c
index 17ecd51..0b8a4fe 100644
--- a/src/lib/crypto/crypto_tests/t_mdcksum.c
+++ b/src/lib/crypto/crypto_tests/t_mdcksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md5/t_cksum.c
  *
@@ -29,65 +30,65 @@
  * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des
  */
 
-#ifndef	MD
-#define	MD	5
-#endif	/* MD */
+#ifndef MD
+#define MD      5
+#endif  /* MD */
 
 #include "k5-int.h"
-#if	MD == 4
+#if     MD == 4
 #include "rsa-md4.h"
-#endif	/* MD == 4 */
-#if	MD == 5
+#endif  /* MD == 4 */
+#if     MD == 5
 #include "rsa-md5.h"
-#endif	/* MD == 5 */
+#endif  /* MD == 5 */
 #include "des_int.h"
 
 #define MD5_K5BETA_COMPAT
 #define MD4_K5BETA_COMPAT
 
-#if	MD == 4
-#define	CONFOUNDER_LENGTH	RSA_MD4_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD4_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD4_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD4_DES
-#ifdef	MD4_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD4_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD4_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md4_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md4_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md4_crypto_verify_func
-#endif	/* MD == 4 */
+#if     MD == 4
+#define CONFOUNDER_LENGTH       RSA_MD4_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD4_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD4_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD4_DES
+#ifdef  MD4_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD4_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD4_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md4_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md4_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md4_crypto_verify_func
+#endif  /* MD == 4 */
 
-#if	MD == 5
-#define	CONFOUNDER_LENGTH	RSA_MD5_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD5_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD5_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD5_DES
-#ifdef	MD5_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD5_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD5_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md5_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md5_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md5_crypto_verify_func
-#endif	/* MD == 5 */
+#if     MD == 5
+#define CONFOUNDER_LENGTH       RSA_MD5_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD5_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD5_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD5_DES
+#ifdef  MD5_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD5_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD5_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md5_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md5_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md5_crypto_verify_func
+#endif  /* MD == 5 */
 
 static void
 print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_checksum	*checksum;
+    char       *text;
+    int        number;
+    char       *message;
+    krb5_checksum      *checksum;
 {
-  int i;
+    int i;
 
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", checksum->contents[i]);
-  printf("\n");
+    printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+    for (i=0; i<checksum->length; i++)
+        printf("%02x", checksum->contents[i]);
+    printf("\n");
 }
 
 /*
@@ -96,111 +97,111 @@ print_checksum(text, number, message, checksum)
  */
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-  int 			msgindex;
-  krb5_context		kcontext;
-  krb5_encrypt_block	encblock;
-  krb5_keyblock		keyblock;
-  krb5_error_code	kret;
-  krb5_checksum		oldstyle_checksum;
-  krb5_checksum		newstyle_checksum;
-  krb5_data		pwdata;
-  char			*pwd;
+    int                   msgindex;
+    krb5_context          kcontext;
+    krb5_encrypt_block    encblock;
+    krb5_keyblock         keyblock;
+    krb5_error_code       kret;
+    krb5_checksum         oldstyle_checksum;
+    krb5_checksum         newstyle_checksum;
+    krb5_data             pwdata;
+    char                  *pwd;
 
-  pwd = "test password";
-  pwdata.length = strlen(pwd);
-  pwdata.data = pwd;
-  krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
-  if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
-    printf("mit_des_string_to_key choked with %d\n", kret);
-    return(kret);
-  }
-  if ((kret = mit_des_process_key(&encblock, &keyblock))) {
-    printf("mit_des_process_key choked with %d\n", kret);
-    return(kret);
-  }
-
-  oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
-  if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for old style checksum\n");
-    return(ENOMEM);
-  }
-  newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
-  if (!(newstyle_checksum.contents = (krb5_octet *)
-	malloc(NEW_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
-    if ((kret = CKSUM_FUNCTION(argv[msgindex],
-			       strlen(argv[msgindex]),
-			       (krb5_pointer) keyblock.contents,
-			       keyblock.length,
-			       &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
+    pwd = "test password";
+    pwdata.length = strlen(pwd);
+    pwdata.data = pwd;
+    krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
+    if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
+        printf("mit_des_string_to_key choked with %d\n", kret);
+        return(kret);
     }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-#ifdef	K5BETA_COMPAT
-    if ((kret = COMPAT_FUNCTION(argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length,
-				&oldstyle_checksum))) {
-      printf("old style calculate_checksum choked with %d\n", kret);
-      break;
+    if ((kret = mit_des_process_key(&encblock, &keyblock))) {
+        printf("mit_des_process_key choked with %d\n", kret);
+        return(kret);
     }
-    print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
-#endif	/* K5BETA_COMPAT */
-    if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on old checksum choked with %d\n", kret);
-      break;
+
+    oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
+    if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for old style checksum\n");
+        return(ENOMEM);
     }
-    printf("Compatible checksum verify succeeded for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    newstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on new checksum should have choked\n");
-      break;
+    newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
+    if (!(newstyle_checksum.contents = (krb5_octet *)
+          malloc(NEW_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for new style checksum\n");
+        return(ENOMEM);
     }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    oldstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on old checksum should have choked\n");
-      break;
+    for (msgindex = 1; msgindex < argc; msgindex++) {
+        if ((kret = CKSUM_FUNCTION(argv[msgindex],
+                                   strlen(argv[msgindex]),
+                                   (krb5_pointer) keyblock.contents,
+                                   keyblock.length,
+                                   &newstyle_checksum))) {
+            printf("krb5_calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
+#ifdef  K5BETA_COMPAT
+        if ((kret = COMPAT_FUNCTION(argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length,
+                                    &oldstyle_checksum))) {
+            printf("old style calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
+#endif  /* K5BETA_COMPAT */
+        if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on old checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Compatible checksum verify succeeded for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        newstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on new checksum should have choked\n");
+            break;
+        }
+        printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        oldstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on old checksum should have choked\n");
+            break;
+        }
+        printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        kret = 0;
     }
-    printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    kret = 0;
-  }
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
-  return(kret);
+    if (!kret)
+        printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    return(kret);
 }
diff --git a/src/lib/crypto/crypto_tests/t_mddriver.c b/src/lib/crypto/crypto_tests/t_mddriver.c
index 3fab847..b3af381 100644
--- a/src/lib/crypto/crypto_tests/t_mddriver.c
+++ b/src/lib/crypto/crypto_tests/t_mddriver.c
@@ -1,21 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* MDDRIVER.C - test driver for MD2, MD4 and MD5
  */
 
 /* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
-rights reserved.
+   rights reserved.
 
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
 
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+*/
 
 /* The following makes MD default to MD5 if it has not already been
-  defined with C compiler flags.
- */
+   defined with C compiler flags.
+*/
 #ifndef MD
 #define MD 5
 #endif
@@ -67,26 +68,26 @@ struct md_test_entry {
 
 struct md_test_entry md_test_suite[] = {
     { "",
-	  {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
-	   0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }},
+      {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+       0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }},
     { "a",
-	  {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
-	   0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }},
+      {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+       0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }},
     { "abc",
-	  {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
-	   0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }},
+      {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+       0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }},
     { "message digest",
-	  {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
-	   0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }},
+      {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+       0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }},
     { "abcdefghijklmnopqrstuvwxyz",
-	  {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
-	   0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }},
+      {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+       0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }},
     { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	  {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
-	  0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }},
+      {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+       0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }},
     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	  {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
-	   0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }},
+      {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+       0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }},
     {0, {0}}
 };
 
@@ -103,26 +104,26 @@ struct md_test_entry md_test_suite[] = {
 
 struct md_test_entry md_test_suite[] = {
     { "",
-	  {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-	   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }},
+      {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+       0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }},
     { "a",
-	  {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
-	   0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 }},
+      {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
+       0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 }},
     { "abc",
-	  {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
-	   0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 }},
+      {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
+       0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 }},
     { "message digest",
-	  {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
-	   0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 }},
+      {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
+       0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 }},
     { "abcdefghijklmnopqrstuvwxyz",
-	  {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
-	   0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
+      {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
+       0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
     { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	  {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
-	   0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
+      {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
+       0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	  {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
-	   0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
+      {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
+       0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
     { 0, {0} }
 };
 
@@ -130,88 +131,88 @@ struct md_test_entry md_test_suite[] = {
 
 /* Main driver.
 
-Arguments (may be any combination):
-  -sstring - digests string
-  -t       - runs time trial
-  -x       - runs test script
-  filename - digests file
-  (none)   - digests standard input
- */
+   Arguments (may be any combination):
+   -sstring - digests string
+   -t       - runs time trial
+   -x       - runs test script
+   filename - digests file
+   (none)   - digests standard input
+*/
 int main (argc, argv)
-int argc;
-char *argv[];
+    int argc;
+    char *argv[];
 {
-  int i;
-
-  if (argc > 1)
- for (i = 1; i < argc; i++)
-   if (argv[i][0] == '-' && argv[i][1] == 's')
-     MDString (argv[i] + 2);
-   else if (strcmp (argv[i], "-t") == 0)
-     MDTimeTrial ();
-   else if (strcmp (argv[i], "-x") == 0)
-     MDTestSuite ();
-   else
-     MDFile (argv[i]);
-  else
- MDFilter ();
-
-  return (0);
+    int i;
+
+    if (argc > 1)
+        for (i = 1; i < argc; i++)
+            if (argv[i][0] == '-' && argv[i][1] == 's')
+                MDString (argv[i] + 2);
+            else if (strcmp (argv[i], "-t") == 0)
+                MDTimeTrial ();
+            else if (strcmp (argv[i], "-x") == 0)
+                MDTestSuite ();
+            else
+                MDFile (argv[i]);
+    else
+        MDFilter ();
+
+    return (0);
 }
 
 /* Digests a string and prints the result.
  */
 static void MDString (string)
-char *string;
+    char *string;
 {
-  MD_CTX context;
-  unsigned int len = strlen (string);
+    MD_CTX context;
+    unsigned int len = strlen (string);
 
-  MDInit (&context);
-  MDUpdate (&context, (unsigned char *) string, len);
-  MDFinal (&context);
+    MDInit (&context);
+    MDUpdate (&context, (unsigned char *) string, len);
+    MDFinal (&context);
 
-  printf ("MD%d (\"%s\") = ", MD, string);
-  MDPrint (context.digest);
-  printf ("\n");
+    printf ("MD%d (\"%s\") = ", MD, string);
+    MDPrint (context.digest);
+    printf ("\n");
 }
 
 /* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
-  blocks.
- */
+   blocks.
+*/
 static void MDTimeTrial ()
 {
-  MD_CTX context;
-  time_t endTime, startTime;
-  unsigned char block[TEST_BLOCK_LEN];
-  unsigned int i;
-
-  printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
-  TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
-
-  /* Initialize block */
-  for (i = 0; i < TEST_BLOCK_LEN; i++)
- block[i] = (unsigned char)(i & 0xff);
-
-  /* Start timer */
-  time (&startTime);
-
-  /* Digest blocks */
-  MDInit (&context);
-  for (i = 0; i < TEST_BLOCK_COUNT; i++)
-      MDUpdate (&context, block, TEST_BLOCK_LEN);
-  MDFinal (&context);
-
-  /* Stop timer */
-  time (&endTime);
-
-  printf (" done\n");
-  printf ("Digest = ");
-  MDPrint (context.digest);
-  printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
-  printf
- ("Speed = %ld bytes/second\n",
-  (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
+    MD_CTX context;
+    time_t endTime, startTime;
+    unsigned char block[TEST_BLOCK_LEN];
+    unsigned int i;
+
+    printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
+           TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
+
+    /* Initialize block */
+    for (i = 0; i < TEST_BLOCK_LEN; i++)
+        block[i] = (unsigned char)(i & 0xff);
+
+    /* Start timer */
+    time (&startTime);
+
+    /* Digest blocks */
+    MDInit (&context);
+    for (i = 0; i < TEST_BLOCK_COUNT; i++)
+        MDUpdate (&context, block, TEST_BLOCK_LEN);
+    MDFinal (&context);
+
+    /* Stop timer */
+    time (&endTime);
+
+    printf (" done\n");
+    printf ("Digest = ");
+    MDPrint (context.digest);
+    printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
+    printf
+        ("Speed = %ld bytes/second\n",
+         (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
 }
 
 /* Digests a reference suite of strings and prints the results.
@@ -221,37 +222,37 @@ static void MDTestSuite ()
 #ifdef HAVE_TEST_SUITE
     MD_CTX context;
     struct md_test_entry *entry;
-    int	i, num_tests = 0, num_failed = 0;
+    int i, num_tests = 0, num_failed = 0;
 
     printf ("MD%d test suite:\n\n", MD);
     for (entry = md_test_suite; entry->string; entry++) {
-	unsigned int len = strlen (entry->string);
-
-	MDInit (&context);
-	MDUpdate (&context, (unsigned char *) entry->string, len);
-	MDFinal (&context);
-
-	printf ("MD%d (\"%s\") = ", MD, entry->string);
-	MDPrint (context.digest);
-	printf ("\n");
-	for (i=0; i < 16; i++) {
-	    if (context.digest[i] != entry->digest[i]) {
-		printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ",
-		       MD);
-		MDPrint(entry->digest);
-		printf("\n");
-		num_failed++;
-	    }
-	}
-	num_tests++;
+        unsigned int len = strlen (entry->string);
+
+        MDInit (&context);
+        MDUpdate (&context, (unsigned char *) entry->string, len);
+        MDFinal (&context);
+
+        printf ("MD%d (\"%s\") = ", MD, entry->string);
+        MDPrint (context.digest);
+        printf ("\n");
+        for (i=0; i < 16; i++) {
+            if (context.digest[i] != entry->digest[i]) {
+                printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ",
+                       MD);
+                MDPrint(entry->digest);
+                printf("\n");
+                num_failed++;
+            }
+        }
+        num_tests++;
     }
     if (num_failed) {
-	printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
-	       num_tests, MD);
-	exit(1);
+        printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
+               num_tests, MD);
+        exit(1);
     } else {
-	printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
-	exit(0);
+        printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
+        exit(0);
     }
 #else
 
@@ -262,9 +263,9 @@ static void MDTestSuite ()
     MDString ("message digest");
     MDString ("abcdefghijklmnopqrstuvwxyz");
     MDString
-	("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+        ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
     MDString
-	("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+        ("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
 #endif
 }
 
@@ -279,18 +280,18 @@ static void MDFile (filename)
     unsigned char buffer[1024];
 
     if ((file = fopen (filename, "rb")) == NULL)
-	printf ("%s can't be opened\n", filename);
+        printf ("%s can't be opened\n", filename);
     else {
-	MDInit (&context);
-	while ((len = fread (buffer, 1, 1024, file)) != 0)
-	    MDUpdate (&context, buffer, len);
-	MDFinal (&context);
+        MDInit (&context);
+        while ((len = fread (buffer, 1, 1024, file)) != 0)
+            MDUpdate (&context, buffer, len);
+        MDFinal (&context);
 
-	fclose (file);
+        fclose (file);
 
-	printf ("MD%d (%s) = ", MD, filename);
-	MDPrint (context.digest);
-	printf ("\n");
+        printf ("MD%d (%s) = ", MD, filename);
+        MDPrint (context.digest);
+        printf ("\n");
     }
 }
 
@@ -298,26 +299,26 @@ static void MDFile (filename)
  */
 static void MDFilter ()
 {
-  MD_CTX context;
-  int len;
-  unsigned char buffer[16];
+    MD_CTX context;
+    int len;
+    unsigned char buffer[16];
 
-  MDInit (&context);
-  while ((len = fread (buffer, 1, 16, stdin)) != 0)
-    MDUpdate (&context, buffer, len);
-  MDFinal (&context);
+    MDInit (&context);
+    while ((len = fread (buffer, 1, 16, stdin)) != 0)
+        MDUpdate (&context, buffer, len);
+    MDFinal (&context);
 
-  MDPrint (context.digest);
-  printf ("\n");
+    MDPrint (context.digest);
+    printf ("\n");
 }
 
 /* Prints a message digest in hexadecimal.
  */
 static void MDPrint (digest)
-unsigned char digest[16];
+    unsigned char digest[16];
 {
-  unsigned int i;
+    unsigned int i;
 
-  for (i = 0; i < 16; i++)
- printf ("%02x", digest[i]);
+    for (i = 0; i < 16; i++)
+        printf ("%02x", digest[i]);
 }
diff --git a/src/lib/crypto/crypto_tests/t_nfold.c b/src/lib/crypto/crypto_tests/t_nfold.c
index 27a5760..2536133 100644
--- a/src/lib/crypto/crypto_tests/t_nfold.c
+++ b/src/lib/crypto/crypto_tests/t_nfold.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_nfold.c
  *
@@ -26,8 +27,8 @@
  *
  * Program to test the correctness of nfold implementation.
  *
- * exit returns	 0 ==> success
- * 		-1 ==> error
+ * exit returns  0 ==> success
+ *              -1 ==> error
  */
 
 #include <stdio.h>
@@ -41,7 +42,7 @@
 static void printhex (size_t len, const unsigned char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const unsigned char *p) {
@@ -52,48 +53,48 @@ static void rfc_tests ()
 {
     int i;
     struct {
-	char *input;
-	unsigned int n;
-	unsigned char exp[192/8];
+        char *input;
+        unsigned int n;
+        unsigned char exp[192/8];
     } tests[] = {
-	{ "012345", 64,
-	  { 0xbe,0x07,0x26,0x31,0x27,0x6b,0x19,0x55, }
-	},
-	{ "password", 56,
-	  { 0x78,0xa0,0x7b,0x6c,0xaf,0x85,0xfa, }
-	},
-	{ "Rough Consensus, and Running Code", 64,
-	  { 0xbb,0x6e,0xd3,0x08,0x70,0xb7,0xf0,0xe0, }
-	},
-	{ "password", 168,
-	  { 0x59,0xe4,0xa8,0xca,0x7c,0x03,0x85,0xc3,
-	    0xc3,0x7b,0x3f,0x6d,0x20,0x00,0x24,0x7c,
-	    0xb6,0xe6,0xbd,0x5b,0x3e, }
-	},
-	{ "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192,
-	  { 0xdb,0x3b,0x0d,0x8f,0x0b,0x06,0x1e,0x60,
-	    0x32,0x82,0xb3,0x08,0xa5,0x08,0x41,0x22,
-	    0x9a,0xd7,0x98,0xfa,0xb9,0x54,0x0c,0x1b, }
-	},
+        { "012345", 64,
+          { 0xbe,0x07,0x26,0x31,0x27,0x6b,0x19,0x55, }
+        },
+        { "password", 56,
+          { 0x78,0xa0,0x7b,0x6c,0xaf,0x85,0xfa, }
+        },
+        { "Rough Consensus, and Running Code", 64,
+          { 0xbb,0x6e,0xd3,0x08,0x70,0xb7,0xf0,0xe0, }
+        },
+        { "password", 168,
+          { 0x59,0xe4,0xa8,0xca,0x7c,0x03,0x85,0xc3,
+            0xc3,0x7b,0x3f,0x6d,0x20,0x00,0x24,0x7c,
+            0xb6,0xe6,0xbd,0x5b,0x3e, }
+        },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192,
+          { 0xdb,0x3b,0x0d,0x8f,0x0b,0x06,0x1e,0x60,
+            0x32,0x82,0xb3,0x08,0xa5,0x08,0x41,0x22,
+            0x9a,0xd7,0x98,0xfa,0xb9,0x54,0x0c,0x1b, }
+        },
     };
     unsigned char outbuf[192/8];
 
     printf ("RFC tests:\n");
     for (i = 0; i < ASIZE (tests); i++) {
-	unsigned char *p = (unsigned char *) tests[i].input;
-	assert (tests[i].n / 8 <= sizeof (outbuf));
-	krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
-	printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
-	printf ("%d-fold(", tests[i].n);
-	printstringhex (p);
-	printf (") =\n\t");
-	printhex (tests[i].n / 8, outbuf);
-	printf ("\n\n");
-	if (memcmp (outbuf, tests[i].exp, tests[i].n/8) != 0) {
-	    printf ("wrong value! expected:\n\t");
-	    printhex (tests[i].n / 8, tests[i].exp);
-	    exit (1);
-	}
+        unsigned char *p = (unsigned char *) tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        printhex (tests[i].n / 8, outbuf);
+        printf ("\n\n");
+        if (memcmp (outbuf, tests[i].exp, tests[i].n/8) != 0) {
+            printf ("wrong value! expected:\n\t");
+            printhex (tests[i].n / 8, tests[i].exp);
+            exit (1);
+        }
     }
 }
 
@@ -103,12 +104,12 @@ static void fold_kerberos(unsigned int nbytes)
     int j;
 
     if (nbytes > 300)
-	abort();
+        abort();
 
     printf("%d-fold(\"kerberos\") =\n\t", nbytes*8);
     krb5int_nfold(64, (unsigned char *) "kerberos", 8*nbytes, cipher_text);
     for (j=0; j<nbytes; j++)
-	printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+        printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
     printf("\n");
 }
 
@@ -131,26 +132,26 @@ unsigned char nfold_192[4][24] = {
 
 int
 main(argc, argv)
-     int argc;
-     char *argv[];
+    int argc;
+    char *argv[];
 {
     unsigned char cipher_text[64];
     int i, j;
 
     printf("N-fold\n");
     for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
-	printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
-	       nfold_in[i]);
-	printf("\t192-Fold:\t");
-	krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
-		   cipher_text);
-	for (j=0; j<24; j++)
-	    printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
-	printf("\n");
-	if (memcmp(cipher_text, nfold_192[i], 24)) {
-	    printf("verify: error in n-fold\n");
-	    exit(-1);
-	};
+        printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
+               nfold_in[i]);
+        printf("\t192-Fold:\t");
+        krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
+                      cipher_text);
+        for (j=0; j<24; j++)
+            printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+        printf("\n");
+        if (memcmp(cipher_text, nfold_192[i], 24)) {
+            printf("verify: error in n-fold\n");
+            exit(-1);
+        };
     }
     rfc_tests ();
 
diff --git a/src/lib/crypto/crypto_tests/t_pkcs5.c b/src/lib/crypto/crypto_tests/t_pkcs5.c
index 2d58b50..34d884f 100644
--- a/src/lib/crypto/crypto_tests/t_pkcs5.c
+++ b/src/lib/crypto/crypto_tests/t_pkcs5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_pkcs5.c
  *
@@ -37,7 +38,7 @@
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf (" %02X", 0xff & *p++);
+        printf (" %02X", 0xff & *p++);
 }
 
 static void printdata (krb5_data *d) {
@@ -53,20 +54,20 @@ static void test_pbkdf2_rfc3211()
 
     /* RFC 3211 test cases.  */
     static const struct {
-	const char *pass;
-	const char *salt;
-	unsigned int count;
-	size_t len;
-	const unsigned char expected[24];
+        const char *pass;
+        const char *salt;
+        unsigned int count;
+        size_t len;
+        const unsigned char expected[24];
     } t[] = {
-	{ "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 5, 8,
-	  { 0xD1, 0xDA, 0xA7, 0x86, 0x15, 0xF2, 0x87, 0xE6 } },
-	{ "All n-entities must communicate with other "
-	  "n-entities via n-1 entiteeheehees",
-	  "\x12\x34\x56\x78\x78\x56\x34\x12", 500, 24,
-	  { 0x6A, 0x89, 0x70, 0xBF, 0x68, 0xC9, 0x2C, 0xAE,
-	    0xA8, 0x4A, 0x8D, 0xF2, 0x85, 0x10, 0x85, 0x86,
-	    0x07, 0x12, 0x63, 0x80, 0xCC, 0x47, 0xAB, 0x2D } },
+        { "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 5, 8,
+          { 0xD1, 0xDA, 0xA7, 0x86, 0x15, 0xF2, 0x87, 0xE6 } },
+        { "All n-entities must communicate with other "
+          "n-entities via n-1 entiteeheehees",
+          "\x12\x34\x56\x78\x78\x56\x34\x12", 500, 24,
+          { 0x6A, 0x89, 0x70, 0xBF, 0x68, 0xC9, 0x2C, 0xAE,
+            0xA8, 0x4A, 0x8D, 0xF2, 0x85, 0x10, 0x85, 0x86,
+            0x07, 0x12, 0x63, 0x80, 0xCC, 0x47, 0xAB, 0x2D } },
     };
 
     d.data = x;
@@ -74,27 +75,27 @@ static void test_pbkdf2_rfc3211()
 
     for (i = 0; i < sizeof(t)/sizeof(t[0]); i++) {
 
-	printf("pkbdf2(iter_count=%d, dklen=%d (%d bytes), salt=12 34 56 78 78 56 34 12,\n"
-	       "       pass=%s):\n  ->",
-	       t[i].count, t[i].len * 8, t[i].len, t[i].pass);
+        printf("pkbdf2(iter_count=%d, dklen=%d (%d bytes), salt=12 34 56 78 78 56 34 12,\n"
+               "       pass=%s):\n  ->",
+               t[i].count, t[i].len * 8, t[i].len, t[i].pass);
 
-	d.length = t[i].len;
-	pass.data = t[i].pass;
-	pass.length = strlen(pass.data);
-	salt.data = t[i].salt;
-	salt.length = strlen(salt.data);
-	err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
-	if (err) {
-	    printf("error in computing pbkdf2: %s\n", error_message(err));
-	    exit(1);
-	}
-	printdata(&d);
-	if (!memcmp(x, t[i].expected, t[i].len))
-	    printf("\nTest passed.\n\n");
-	else {
-	    printf("\n*** CHECK FAILED!\n");
-	    exit(1);
-	}
+        d.length = t[i].len;
+        pass.data = t[i].pass;
+        pass.length = strlen(pass.data);
+        salt.data = t[i].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
+        if (err) {
+            printf("error in computing pbkdf2: %s\n", error_message(err));
+            exit(1);
+        }
+        printdata(&d);
+        if (!memcmp(x, t[i].expected, t[i].len))
+            printf("\nTest passed.\n\n");
+        else {
+            printf("\n*** CHECK FAILED!\n");
+            exit(1);
+        }
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c
index c8825d0..6336d86 100644
--- a/src/lib/crypto/crypto_tests/t_prf.c
+++ b/src/lib/crypto/crypto_tests/t_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_prf.c
  *
@@ -37,55 +38,55 @@
 #include <assert.h>
 
 int main () {
-  krb5_data input, output;
-  krb5_keyblock *key = NULL;
-  unsigned int in_length;
-  unsigned int i;
-  size_t prfsz;
+    krb5_data input, output;
+    krb5_keyblock *key = NULL;
+    unsigned int in_length;
+    unsigned int i;
+    size_t prfsz;
 
-  while (1) {
-      krb5_enctype enctype;
-      char s[1025];
+    while (1) {
+        krb5_enctype enctype;
+        char s[1025];
 
-      if (scanf( "%d", &enctype) == EOF)
-	  break;
-      if (scanf("%1024s", &s[0]) == EOF)
-	  break;
-      assert (krb5_init_keyblock(0, enctype, 0, &key) == 0);
-      input.data = &s[0];
-      input.length = strlen(s);
-      assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
+        if (scanf( "%d", &enctype) == EOF)
+            break;
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &key) == 0);
+        input.data = &s[0];
+        input.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
 
-      if (scanf("%u", &in_length) == EOF)
-	  break;
+        if (scanf("%u", &in_length) == EOF)
+            break;
 
-      if (in_length ) {
-	  unsigned int lc;
-	  assert ((input.data = malloc(in_length)) != NULL);
-	  for (lc = in_length; lc > 0; lc--) {
-	      scanf ("%2x",  &i);
-	      input.data[in_length-lc] = (unsigned) (i&0xff);
-	  }
-	  input.length = in_length;
-	  assert (krb5_c_prf_length(0, enctype, &prfsz) == 0);
-	  assert (output.data = malloc(prfsz));
-	  output.length = prfsz;
-	  assert (krb5_c_prf(0, key, &input, &output) == 0);
+        if (in_length ) {
+            unsigned int lc;
+            assert ((input.data = malloc(in_length)) != NULL);
+            for (lc = in_length; lc > 0; lc--) {
+                scanf ("%2x",  &i);
+                input.data[in_length-lc] = (unsigned) (i&0xff);
+            }
+            input.length = in_length;
+            assert (krb5_c_prf_length(0, enctype, &prfsz) == 0);
+            assert (output.data = malloc(prfsz));
+            output.length = prfsz;
+            assert (krb5_c_prf(0, key, &input, &output) == 0);
 
-	  free (input.data);
-	  input.data = NULL;
-      }
-      for (; prfsz > 0; prfsz--) {
-	  printf ("%02x",
-		  (unsigned int) ((unsigned char ) output.data[output.length-prfsz]));
-      }
-      printf ("\n");
+            free (input.data);
+            input.data = NULL;
+        }
+        for (; prfsz > 0; prfsz--) {
+            printf ("%02x",
+                    (unsigned int) ((unsigned char ) output.data[output.length-prfsz]));
+        }
+        printf ("\n");
 
-      free (output.data);
-      output.data = NULL;
-      krb5_free_keyblock(0, key);
-      key = NULL;
-  }
+        free (output.data);
+        output.data = NULL;
+        krb5_free_keyblock(0, key);
+        key = NULL;
+    }
 
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c
index 2555e89..634667a 100644
--- a/src/lib/crypto/crypto_tests/t_prng.c
+++ b/src/lib/crypto/crypto_tests/t_prng.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_prng.c
  *
@@ -41,47 +42,47 @@
 #include <assert.h>
 
 int main () {
-  krb5_error_code ret;
-  krb5_data input, output;
-  unsigned int source_id, seed_length;
-  unsigned int i;
-  while (1) {
+    krb5_error_code ret;
+    krb5_data input, output;
+    unsigned int source_id, seed_length;
+    unsigned int i;
+    while (1) {
         /* Read source*/
-    if (scanf ("%u", &source_id ) == EOF )
-      break;
+        if (scanf ("%u", &source_id ) == EOF )
+            break;
         /* Read seed length*/
-    if (scanf ("%u", &seed_length) == EOF)
-      break;
-    if (seed_length ) {
-      unsigned int lc;
-      assert ((input.data = malloc(seed_length)) != NULL);
-      for (lc = seed_length; lc > 0; lc--) {
-	scanf ("%2x",  &i);
-	input.data[seed_length-lc] = (unsigned) (i&0xff);
-      }
-      input.length = seed_length;
-      assert (krb5_c_random_add_entropy (0, source_id, &input) == 0);
-      free (input.data);
-      input.data = NULL;
+        if (scanf ("%u", &seed_length) == EOF)
+            break;
+        if (seed_length ) {
+            unsigned int lc;
+            assert ((input.data = malloc(seed_length)) != NULL);
+            for (lc = seed_length; lc > 0; lc--) {
+                scanf ("%2x",  &i);
+                input.data[seed_length-lc] = (unsigned) (i&0xff);
+            }
+            input.length = seed_length;
+            assert (krb5_c_random_add_entropy (0, source_id, &input) == 0);
+            free (input.data);
+            input.data = NULL;
+        }
+        if (scanf ("%u", &i) == EOF)
+            break;
+        if (i) {
+            assert ((output.data = malloc (i)) != NULL);
+            output.length = i;
+            ret = krb5_c_random_make_octets (0, &output);
+            if (ret)
+                printf ("failed\n");
+            else {
+                for (; i > 0; i--) {
+                    printf ("%02x",
+                            (unsigned int) ((unsigned char ) output.data[output.length-i]));
+                }
+                printf ("\n");
+            }
+            free (output.data);
+            output.data = NULL;
+        }
     }
-    if (scanf ("%u", &i) == EOF)
-      break;
-    if (i) {
-      assert ((output.data = malloc (i)) != NULL);
-      output.length = i;
-      ret = krb5_c_random_make_octets (0, &output);
-      if (ret)
-	printf ("failed\n");
-      else {
-	for (; i > 0; i--) {
-	  printf ("%02x",
-		  (unsigned int) ((unsigned char ) output.data[output.length-i]));
-	}
-	printf ("\n");
-      }
-      free (output.data);
-      output.data = NULL;
-    }
-  }
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/crypto_tests/vectors.c b/src/lib/crypto/crypto_tests/vectors.c
index a6301ed..a6f1bbe 100644
--- a/src/lib/crypto/crypto_tests/vectors.c
+++ b/src/lib/crypto/crypto_tests/vectors.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/vectors.c
  *
@@ -45,7 +46,7 @@ const char *whoami;
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const char *p) { printhex (strlen (p), p); }
@@ -58,29 +59,29 @@ static void test_nfold ()
 {
     int i;
     static const struct {
-	char *input;
-	int n;
+        char *input;
+        int n;
     } tests[] = {
-	{ "012345", 64, },
-	{ "password", 56, },
-	{ "Rough Consensus, and Running Code", 64, },
-	{ "password", 168, },
-	{ "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 },
-	{ "Q", 168 },
-	{ "ba", 168 },
+        { "012345", 64, },
+        { "password", 56, },
+        { "Rough Consensus, and Running Code", 64, },
+        { "password", 168, },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 },
+        { "Q", 168 },
+        { "ba", 168 },
     };
     unsigned char outbuf[192/8];
 
     for (i = 0; i < ASIZE (tests); i++) {
-	char *p = tests[i].input;
-	assert (tests[i].n / 8 <= sizeof (outbuf));
-	printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
-	printf ("%d-fold(", tests[i].n);
-	printstringhex (p);
-	printf (") =\n\t");
-	krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
-	printhex (tests[i].n / 8U, outbuf);
-	printf ("\n\n");
+        char *p = tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
+        printhex (tests[i].n / 8U, outbuf);
+        printf ("\n\n");
     }
 }
 
@@ -89,57 +90,57 @@ static void test_nfold ()
 #define GCLEF  "\360\235\204\236" /* outside BMP, woo hoo!  */
 
 /* Some weak keys:
-    {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
-    {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+   {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+   {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
    so try to generate them. */
 
 static void
 test_mit_des_s2k ()
 {
     static const struct {
-	const char *pass;
-	const char *salt;
+        const char *pass;
+        const char *salt;
     } pairs[] = {
-	{ "password", "ATHENA.MIT.EDUraeburn" },
-	{ "potatoe", "WHITEHOUSE.GOVdanny" },
-	{ "penny", "EXAMPLE.COMbuckaroo", },
-	{ GCLEF, "EXAMPLE.COMpianist" },
-	{ ESZETT, "ATHENA.MIT.EDU" JURISIC },
-	/* These two trigger weak-key fixups.  */
-	{ "11119999", "AAAAAAAA" },
-	{ "NNNN6666", "FFFFAAAA" },
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { GCLEF, "EXAMPLE.COMpianist" },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        /* These two trigger weak-key fixups.  */
+        { "11119999", "AAAAAAAA" },
+        { "NNNN6666", "FFFFAAAA" },
     };
     int i;
 
     for (i = 0; i < ASIZE (pairs); i++) {
-	const char *p = pairs[i].pass;
-	const char *s = pairs[i].salt;
-	krb5_data pd;
-	krb5_data sd;
-	unsigned char key_contents[60];
-	krb5_keyblock key;
-	krb5_error_code r;
-	char buf[80];
-
-	key.contents = key_contents;
-
-	pd.length = strlen (p);
-	pd.data = (char *) p;
-	sd.length = strlen (s);
-	sd.data = (char *) s;
-
-	assert (strlen (s) + 4 < sizeof (buf));
-	snprintf (buf, sizeof (buf), "\"%s\"", s);
-	printf (  "salt:     %-25s", buf);
-	printhex (strlen(s), s);
-	snprintf (buf, sizeof (buf), "\"%s\"", p);
-	printf ("\npassword: %-25s", buf);
-	printhex (strlen(p), p);
-	printf ("\n");
-	r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
-	printf (  "DES key:  %-25s", "");
-	printhex (key.length, key.contents);
-	printf ("\n\n");
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd;
+        krb5_data sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        key.contents = key_contents;
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof (buf), "\"%s\"", s);
+        printf (  "salt:     %-25s", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof (buf), "\"%s\"", p);
+        printf ("\npassword: %-25s", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
+        printf (  "DES key:  %-25s", "");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
     }
 }
 
@@ -147,44 +148,44 @@ static void
 test_s2k (krb5_enctype enctype)
 {
     static const struct {
-	const char *pass;
-	const char *salt;
+        const char *pass;
+        const char *salt;
     } pairs[] = {
-	{ "password", "ATHENA.MIT.EDUraeburn" },
-	{ "potatoe", "WHITEHOUSE.GOVdanny" },
-	{ "penny", "EXAMPLE.COMbuckaroo", },
-	{ ESZETT, "ATHENA.MIT.EDU" JURISIC },
-	{ GCLEF, "EXAMPLE.COMpianist" },
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        { GCLEF, "EXAMPLE.COMpianist" },
     };
     int i;
 
     for (i = 0; i < ASIZE (pairs); i++) {
-	const char *p = pairs[i].pass;
-	const char *s = pairs[i].salt;
-	krb5_data pd, sd;
-	unsigned char key_contents[60];
-	krb5_keyblock key;
-	krb5_error_code r;
-	char buf[80];
-
-	pd.length = strlen (p);
-	pd.data = (char *) p;
-	sd.length = strlen (s);
-	sd.data = (char *) s;
-	key.contents = key_contents;
-
-	assert (strlen (s) + 4 < sizeof (buf));
-	snprintf (buf, sizeof(buf), "\"%s\"", s);
-	printf (  "salt:\t%s\n\t", buf);
-	printhex (strlen(s), s);
-	snprintf (buf, sizeof(buf), "\"%s\"", p);
-	printf ("\npasswd:\t%s\n\t", buf);
-	printhex (strlen(p), p);
-	printf ("\n");
-	r = krb5_c_string_to_key (0, enctype, &pd, &sd, &key);
-	printf (  "key:\t");
-	printhex (key.length, key.contents);
-	printf ("\n\n");
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd, sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+        key.contents = key_contents;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof(buf), "\"%s\"", s);
+        printf (  "salt:\t%s\n\t", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof(buf), "\"%s\"", p);
+        printf ("\npasswd:\t%s\n\t", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5_c_string_to_key (0, enctype, &pd, &sd, &key);
+        printf (  "key:\t");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
     }
 }
 
@@ -199,9 +200,9 @@ keyToData (krb5_keyblock *k, krb5_data *d)
 
 void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -228,114 +229,114 @@ void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) {
 void test_dr_dk ()
 {
     static const struct {
-	unsigned char keydata[KEYLENGTH];
-	int usage_len;
-	unsigned char usage[8];
+        unsigned char keydata[KEYLENGTH];
+        int usage_len;
+        unsigned char usage[8];
     } derive_tests[] = {
-	{
-	    {
-		0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1,
-		0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c,
-		0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57,
-		0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b,
-		0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85,
-		0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52,
-		0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad,
-		0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02,
-		0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38,
-		0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92,
-		0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb,
-	     },
-	    8, { 'k', 'e', 'r', 'b', 'e', 'r', 'o', 's' },
-	},
-	{
-	    {
-		0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3,
-		0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76,
-		0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e,
-	    },
-	    7, { 'c', 'o', 'm', 'b', 'i', 'n', 'e', },
-	},
-	{
-	    {
-		0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62,
-		0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d,
-		0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13,
-		0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79,
-		0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57,
-		0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1,
-		0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f,
-		0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4,
-		0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
+        {
+            {
+                0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1,
+                0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c,
+                0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57,
+                0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b,
+                0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85,
+                0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52,
+                0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad,
+                0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02,
+                0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38,
+                0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92,
+                0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb,
+            },
+            8, { 'k', 'e', 'r', 'b', 'e', 'r', 'o', 's' },
+        },
+        {
+            {
+                0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3,
+                0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76,
+                0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e,
+            },
+            7, { 'c', 'o', 'm', 'b', 'i', 'n', 'e', },
+        },
+        {
+            {
+                0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62,
+                0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d,
+                0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13,
+                0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79,
+                0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57,
+                0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1,
+                0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f,
+                0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4,
+                0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
     };
     int i;
 
     for (i = 0; i < ASIZE(derive_tests); i++) {
 #define D (derive_tests[i])
-	krb5_keyblock key;
-	krb5_data usage;
-
-	unsigned char drData[KEYBYTES];
-	krb5_data dr;
-	unsigned char dkData[KEYLENGTH];
-	krb5_keyblock dk;
-
-	key.length = KEYLENGTH, key.contents = D.keydata;
-	usage.length = D.usage_len, usage.data = D.usage;
-	dr.length = KEYBYTES, dr.data = drData;
-	dk.length = KEYLENGTH, dk.contents = dkData;
-
-	printf ("key:\t"); printkey (&key); printf ("\n");
-	printf ("usage:\t"); printdata (&usage); printf ("\n");
-	DR (&dr, &key, &usage);
-	printf ("DR:\t"); printdata (&dr); printf ("\n");
-	DK (&dk, &key, &usage);
-	printf ("DK:\t"); printkey (&dk); printf ("\n\n");
+        krb5_keyblock key;
+        krb5_data usage;
+
+        unsigned char drData[KEYBYTES];
+        krb5_data dr;
+        unsigned char dkData[KEYLENGTH];
+        krb5_keyblock dk;
+
+        key.length = KEYLENGTH, key.contents = D.keydata;
+        usage.length = D.usage_len, usage.data = D.usage;
+        dr.length = KEYBYTES, dr.data = drData;
+        dk.length = KEYLENGTH, dk.contents = dkData;
+
+        printf ("key:\t"); printkey (&key); printf ("\n");
+        printf ("usage:\t"); printdata (&usage); printf ("\n");
+        DR (&dr, &key, &usage);
+        printf ("DR:\t"); printdata (&dr); printf ("\n");
+        DK (&dk, &key, &usage);
+        printf ("DK:\t"); printkey (&dk); printf ("\n\n");
     }
 }
 
@@ -347,16 +348,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -372,21 +373,21 @@ static void
 test_pbkdf2()
 {
     static struct {
-	int count;
-	char *pass;
-	char *salt;
+        int count;
+        char *pass;
+        char *salt;
     } test[] = {
-	{ 1, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 2, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 1200, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" },
-	{ 1200,
-	  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	  "pass phrase equals block size" },
-	{ 1200,
-	  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	  "pass phrase exceeds block size" },
-	{ 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" },
+        { 1, "password", "ATHENA.MIT.EDUraeburn" },
+        { 2, "password", "ATHENA.MIT.EDUraeburn" },
+        { 1200, "password", "ATHENA.MIT.EDUraeburn" },
+        { 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase equals block size" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase exceeds block size" },
+        { 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" },
     };
     unsigned char x[100];
     unsigned char x2[100];
@@ -403,43 +404,43 @@ test_pbkdf2()
     usage.length = 8;
 
     for (j = 0; j < sizeof(test)/sizeof(test[0]); j++) {
-	printf("pkbdf2(count=%d, pass=\"%s\", salt=",
-	       test[j].count, test[j].pass);
-	if (isprint(test[j].salt[0]))
-	    printf("\"%s\")\n", test[j].salt);
-	else {
-	    char *s = test[j].salt;
-	    printf("0x");
-	    while (*s)
-		printf("%02X", 0xff & *s++);
-	    printf(")\n");
-	}
-
-	d.length = 16;
-	pass.data = test[j].pass;
-	pass.length = strlen(pass.data);
-	salt.data = test[j].salt;
-	salt.length = strlen(salt.data);
-	err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
-	printd("128-bit PBKDF2 output", &d);
-	enc = &krb5int_enc_aes128;
-	k.contents = d.data;
-	k.length = d.length;
-	dk.length = d.length;
-	DK (&dk, &k, &usage);
-	printk("128-bit AES key",&dk);
-
-	d.length = 32;
-	err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
-	printd("256-bit PBKDF2 output", &d);
-	enc = &krb5int_enc_aes256;
-	k.contents = d.data;
-	k.length = d.length;
-	dk.length = d.length;
-	DK (&dk, &k, &usage);
-	printk("256-bit AES key", &dk);
-
-	printf("\n");
+        printf("pkbdf2(count=%d, pass=\"%s\", salt=",
+               test[j].count, test[j].pass);
+        if (isprint(test[j].salt[0]))
+            printf("\"%s\")\n", test[j].salt);
+        else {
+            char *s = test[j].salt;
+            printf("0x");
+            while (*s)
+                printf("%02X", 0xff & *s++);
+            printf(")\n");
+        }
+
+        d.length = 16;
+        pass.data = test[j].pass;
+        pass.length = strlen(pass.data);
+        salt.data = test[j].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("128-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes128;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("128-bit AES key",&dk);
+
+        d.length = 32;
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("256-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes256;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("256-bit AES key", &dk);
+
+        printf("\n");
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c
index 82e2eba..5b9ffaf 100644
--- a/src/lib/crypto/crypto_tests/ytest.c
+++ b/src/lib/crypto/crypto_tests/ytest.c
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Yarrow - Cryptographic Pseudo-Random Number Generator
  * Copyright (c) 2000 Zero-Knowledge Systems, Inc.
@@ -24,14 +24,14 @@ static void print_yarrow_status( Yarrow_CTX *y )
 
     for ( pool = 0; pool < 2; pool++ )
     {
-	printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
-	for ( sid = 0; sid < y->num_sources; sid++ )
-	{
-	    source = &y->source[ sid ];
-	    printf( "#%d=%d/%d, ", sid, source->entropy[pool],
-		    pool == YARROW_SLOW_POOL ?
-		    y->slow_thresh : y->fast_thresh );
-	}
+        printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
+        for ( sid = 0; sid < y->num_sources; sid++ )
+        {
+            source = &y->source[ sid ];
+            printf( "#%d=%d/%d, ", sid, source->entropy[pool],
+                    pool == YARROW_SLOW_POOL ?
+                    y->slow_thresh : y->fast_thresh );
+        }
     }
     printf( "\n" );
 }
@@ -40,13 +40,13 @@ int yarrow_verbose = 0;
 #define VERBOSE( x ) if ( yarrow_verbose ) { x }
 
 int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample,
-			       size_t size, int entropy )
+                                       size_t size, int entropy )
 {
     int ret;
 
     VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy,
-		     y->source[sid].pool ==
-		     YARROW_SLOW_POOL ? "slow" : "fast" ); );
+                     y->source[sid].pool ==
+                     YARROW_SLOW_POOL ? "slow" : "fast" ); );
     ret = krb5int_yarrow_input( y, sid, sample, size, entropy );
 
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
@@ -79,7 +79,7 @@ int do_test( int t )
     printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout );
     THROW( ret );
 
- CATCH:
+CATCH:
     THROW( EXCEP_BOOL );
     EXCEP_RET;
 }
@@ -98,48 +98,48 @@ int main( int argc, char* argv[] )
 
     for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ )
     {
-	arg = *argvp;
-	if ( arg[0] == '-' )
-	{
-	    switch ( arg[1] )
-	    {
-	    case 'v': yarrow_verbose = 1; continue;
-	    default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-		THROW( YARROW_FAIL );
-	    }
-	}
-	conv_ok = NULL;
-	test = strtoul( arg, &conv_ok, 10 );
-	if ( !conv_ok || test < 1 || test > num_tests )
-	{
-	    fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-	    THROW( YARROW_FAIL );
-	}
-	else
-	{
-	    ret = do_test( test );
-	    if ( ok ) { ok = ret; }
-	    done_some_tests = 1;
-	}
+        arg = *argvp;
+        if ( arg[0] == '-' )
+        {
+            switch ( arg[1] )
+            {
+            case 'v': yarrow_verbose = 1; continue;
+            default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
+                THROW( YARROW_FAIL );
+            }
+        }
+        conv_ok = NULL;
+        test = strtoul( arg, &conv_ok, 10 );
+        if ( !conv_ok || test < 1 || test > num_tests )
+        {
+            fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
+            THROW( YARROW_FAIL );
+        }
+        else
+        {
+            ret = do_test( test );
+            if ( ok ) { ok = ret; }
+            done_some_tests = 1;
+        }
     }
 
     if ( !done_some_tests )
     {
-	for ( i = 1; i <= num_tests; i++ )
-	{
-	    ret = do_test( i );
-	    if ( ok ) { ok = ret; }
-	}
+        for ( i = 1; i <= num_tests; i++ )
+        {
+            ret = do_test( i );
+            if ( ok ) { ok = ret; }
+        }
     }
     THROW( ok );
 
- CATCH:
+CATCH:
     switch (EXCEPTION)
     {
     case YARROW_OK:
-	exit (EXIT_SUCCESS);
+        exit (EXIT_SUCCESS);
     default:
-	exit (EXIT_FAILURE);
+        exit (EXIT_FAILURE);
     }
 }
 
@@ -157,7 +157,7 @@ int test_1( void )
     VERBOSE( printf( "\nunknown hash function\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -178,7 +178,7 @@ int test_2( void )
     VERBOSE( printf( "\nunknown encryption function\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -194,7 +194,7 @@ int test_3( void )
     VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -217,7 +217,7 @@ int test_4( void )
 
     VERBOSE( printf( "\nGeneral workout test\n\n" ); )
 
-    VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
+        VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
     ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE );
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
 
@@ -230,7 +230,7 @@ int test_4( void )
 
     ret = krb5int_yarrow_new_source( &yarrow, &user );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
     VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); );
@@ -239,12 +239,12 @@ int test_4( void )
 
     ret = krb5int_yarrow_new_source( &yarrow, &mouse );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
     ret = krb5int_yarrow_new_source( &yarrow, &keyboard );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
 /*  prematurely try to draw output, to check failure when no
@@ -261,14 +261,14 @@ int test_4( void )
 
     for ( i = 0; i < 2; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-					sizeof( mouse_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
+                                                sizeof( mouse_sample ), 2 ) );
 
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
-					sizeof( keyboard_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
+                                                sizeof( keyboard_sample ), 2 ) );
 
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-					sizeof( user_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
+                                                sizeof( user_sample ), 2 ) );
     }
 
 #if defined( YARROW_DEBUG )
@@ -276,38 +276,38 @@ int test_4( void )
 #endif
 
     VERBOSE( printf( "\nInduce user source (#%d) to reach "
-		     "slow threshold\n\n", user ); );
+                     "slow threshold\n\n", user ); );
 
     /* induce fast reseed */
 
     for ( i = 0; i < 7; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-					sizeof( user_sample ),
-					sizeof( user_sample ) * 3 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
+                                                sizeof( user_sample ),
+                                                sizeof( user_sample ) * 3 ) );
     }
 
     VERBOSE( printf( "\nInduce mouse source (#%d) to reach "
-		     "slow threshold reseed\n\n", mouse ); );
+                     "slow threshold reseed\n\n", mouse ); );
 
     /* induce slow reseed, by triggering a second source to reach it's
        threshold */
 
     for ( i = 0; i < 40; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-					sizeof( mouse_sample ),
-					sizeof( mouse_sample )*2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
+                                                sizeof( mouse_sample ),
+                                                sizeof( mouse_sample )*2 ) );
     }
 
     VERBOSE( printf( "\nProduce some output\n\n" ); );
 
     for ( i = 0; i < 30; i++ )
     {
-	VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
-	ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
-	VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-	if ( ret != YARROW_OK ) { THROW( ret );	}
+        VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
+        ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
+        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
+        if ( ret != YARROW_OK ) { THROW( ret ); }
     }
 
     memset( junk, 0, sizeof( junk ) );
@@ -316,20 +316,20 @@ int test_4( void )
 
     for ( i = 0; i < 30; i++ )
     {
-	/* odd input to a different source so there are some slow reseeds */
-
-	if ( i % 16 == 0 )
-	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
-					    sizeof( junk ),
-					    sizeof( junk ) * 3 ) );
-	}
-	else
-	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
-					    sizeof( junk ),
-					    sizeof( junk ) * 3 ) );
-	}
+        /* odd input to a different source so there are some slow reseeds */
+
+        if ( i % 16 == 0 )
+        {
+            TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
+                                                    sizeof( junk ),
+                                                    sizeof( junk ) * 3 ) );
+        }
+        else
+        {
+            TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
+                                                    sizeof( junk ),
+                                                    sizeof( junk ) * 3 ) );
+        }
     }
 
     VERBOSE( printf( "\nPrint some random output\n\n" ); );
@@ -339,22 +339,22 @@ int test_4( void )
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK )
     {
-	THROW( ret );
+        THROW( ret );
     }
     else
     {
-	VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
+        VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
     }
 
     VERBOSE( printf( "\nClose down Yarrow\n\n" ); );
 
- CATCH:
+CATCH:
     if ( initialized )
     {
-	VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
-	ret = krb5int_yarrow_final( &yarrow );
-	VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-	THROW( ret );
+        VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
+        ret = krb5int_yarrow_final( &yarrow );
+        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
+        THROW( ret );
     }
     EXCEP_RET;
 }
@@ -370,9 +370,9 @@ void hex_print( FILE* f, const char* var, void* data, size_t size )
     fprintf( f, " = " );
     for ( i = 0; i < size; i++ )
     {
-	c = conv[ (p[ i ] >> 4) & 0xf ];
-	d = conv[ p[ i ] & 0xf ];
-	fprintf( f, "%c%c", c, d );
+        c = conv[ (p[ i ] >> 4) & 0xf ];
+        d = conv[ p[ i ] & 0xf ];
+        fprintf( f, "%c%c", c, d );
     }
     fprintf( f, "\n" );
 }
diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c
index f3ca11b..d6c5bbf 100644
--- a/src/lib/crypto/krb/aead.c
+++ b/src/lib/crypto/krb/aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aead.c
  *
@@ -32,22 +33,22 @@
 
 krb5_crypto_iov *
 krb5int_c_locate_iov(krb5_crypto_iov *data,
-		     size_t num_data,
-		     krb5_cryptotype type)
+                     size_t num_data,
+                     krb5_cryptotype type)
 {
     size_t i;
     krb5_crypto_iov *iov = NULL;
 
     if (data == NULL)
-	return NULL;
+        return NULL;
 
     for (i = 0; i < num_data; i++) {
-	if (data[i].flags == type) {
-	    if (iov == NULL)
-		iov = &data[i];
-	    else
-		return NULL; /* can't appear twice */
-	}
+        if (data[i].flags == type) {
+            if (iov == NULL)
+                iov = &data[i];
+            else
+                return NULL; /* can't appear twice */
+        }
     }
 
     return iov;
@@ -55,9 +56,9 @@ krb5int_c_locate_iov(krb5_crypto_iov *data,
 
 static krb5_error_code
 make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
-			  const krb5_crypto_iov *data,
-			  size_t num_data,
-			  krb5_data *output)
+                          const krb5_crypto_iov *data,
+                          size_t num_data,
+                          krb5_data *output)
 {
     krb5_data *sign_data;
     size_t num_sign_data;
@@ -66,22 +67,22 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
 
     /* Create a checksum over all the data to be signed */
     for (i = 0, num_sign_data = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (SIGN_IOV(iov))
-	    num_sign_data++;
+        if (SIGN_IOV(iov))
+            num_sign_data++;
     }
 
     /* XXX cleanup to avoid alloc. */
     sign_data = calloc(num_sign_data, sizeof(krb5_data));
     if (sign_data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     for (i = 0, j = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (SIGN_IOV(iov))
-	    sign_data[j++] = iov->data;
+        if (SIGN_IOV(iov))
+            sign_data[j++] = iov->data;
     }
 
     ret = (*hash_provider->hash)(num_sign_data, sign_data, output);
@@ -93,50 +94,50 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
 
 krb5_error_code
 krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_crypto_iov *data,
-			    size_t num_data,
-			    krb5_data *cksum_data)
+                            krb5_key key,
+                            krb5_keyusage usage,
+                            const krb5_crypto_iov *data,
+                            size_t num_data,
+                            krb5_data *cksum_data)
 {
     const struct krb5_keytypes *e1, *e2;
     krb5_error_code ret;
 
     if (cksum_type->keyhash != NULL) {
-	/* Check if key is compatible. */
-
-	if (cksum_type->keyed_etype) {
-	    e1 = find_enctype(cksum_type->keyed_etype);
-	    e2 = find_enctype(key->keyblock.enctype);
-	    if (e1 == NULL || e2 == NULL || e1->enc != e2->enc) {
-		ret = KRB5_BAD_ENCTYPE;
-		goto cleanup;
-	    }
-	}
-
-	if (cksum_type->keyhash->hash_iov == NULL)
-	    return KRB5_BAD_ENCTYPE;
-
-	ret = (*cksum_type->keyhash->hash_iov)(key, usage, 0, data, num_data,
-					       cksum_data);
+        /* Check if key is compatible. */
+
+        if (cksum_type->keyed_etype) {
+            e1 = find_enctype(cksum_type->keyed_etype);
+            e2 = find_enctype(key->keyblock.enctype);
+            if (e1 == NULL || e2 == NULL || e1->enc != e2->enc) {
+                ret = KRB5_BAD_ENCTYPE;
+                goto cleanup;
+            }
+        }
+
+        if (cksum_type->keyhash->hash_iov == NULL)
+            return KRB5_BAD_ENCTYPE;
+
+        ret = (*cksum_type->keyhash->hash_iov)(key, usage, 0, data, num_data,
+                                               cksum_data);
     } else if (cksum_type->flags & KRB5_CKSUMFLAG_DERIVE) {
-	ret = krb5int_dk_make_checksum_iov(cksum_type->hash,
-					   key, usage, data, num_data,
-					   cksum_data);
+        ret = krb5int_dk_make_checksum_iov(cksum_type->hash,
+                                           key, usage, data, num_data,
+                                           cksum_data);
     } else {
-	ret = make_unkeyed_checksum_iov(cksum_type->hash, data, num_data,
-					cksum_data);
+        ret = make_unkeyed_checksum_iov(cksum_type->hash, data, num_data,
+                                        cksum_data);
     }
 
     if (ret == 0) {
-	if (cksum_type->trunc_size) {
-	    cksum_data->length = cksum_type->trunc_size;
-	}
+        if (cksum_type->trunc_size) {
+            cksum_data->length = cksum_type->trunc_size;
+        }
     }
 
 cleanup:
     if (ret != 0) {
-	memset(cksum_data->data, 0, cksum_data->length);
+        memset(cksum_data->data, 0, cksum_data->length);
     }
 
     return ret;
@@ -148,12 +149,12 @@ krb5int_c_find_checksum_type(krb5_cksumtype cksumtype)
     size_t i;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == cksumtype)
+            break;
     }
 
     if (i == krb5int_cksumtypes_length)
-	return NULL;
+        return NULL;
 
     return &krb5int_cksumtypes_list[i];
 }
@@ -161,17 +162,17 @@ krb5int_c_find_checksum_type(krb5_cksumtype cksumtype)
 #ifdef DEBUG_IOV
 static void
 dump_block(const char *tag,
-	   size_t i,
-	   size_t j,
-	   unsigned char *block,
-	   size_t block_size)
+           size_t i,
+           size_t j,
+           unsigned char *block,
+           size_t block_size)
 {
     size_t k;
 
     printf("[%s: %d.%d] ", tag, i, j);
 
     for (k = 0; k < block_size; k++)
-	printf("%02x ", block[k] & 0xFF);
+        printf("%02x ", block[k] & 0xFF);
 
     printf("\n");
 }
@@ -179,29 +180,29 @@ dump_block(const char *tag,
 
 static int
 process_block_p(const krb5_crypto_iov *data,
-		size_t num_data,
-		struct iov_block_state *iov_state,
-		size_t i)
+                size_t num_data,
+                struct iov_block_state *iov_state,
+                size_t i)
 {
     const krb5_crypto_iov *iov = &data[i];
     int process_block;
 
     switch (iov->flags) {
     case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	process_block = iov_state->include_sign_only;
-	break;
+        process_block = iov_state->include_sign_only;
+        break;
     case KRB5_CRYPTO_TYPE_PADDING:
-	process_block = (iov_state->pad_to_boundary == 0);
-	break;
+        process_block = (iov_state->pad_to_boundary == 0);
+        break;
     case KRB5_CRYPTO_TYPE_HEADER:
-	process_block = (iov_state->ignore_header == 0);
-	break;
+        process_block = (iov_state->ignore_header == 0);
+        break;
     case KRB5_CRYPTO_TYPE_DATA:
-	process_block = 1;
-	break;
+        process_block = 1;
+        break;
     default:
-	process_block = 0;
-	break;
+        process_block = 0;
+        break;
     }
 
     return process_block;
@@ -213,70 +214,70 @@ process_block_p(const krb5_crypto_iov *data,
  */
 static int
 pad_to_boundary_p(const krb5_crypto_iov *data,
-		  size_t num_data,
-		  struct iov_block_state *iov_state,
-		  size_t i,
-		  size_t j)
+                  size_t num_data,
+                  struct iov_block_state *iov_state,
+                  size_t i,
+                  size_t j)
 {
     /* If the pad_to_boundary flag is unset, return FALSE */
     if (iov_state->pad_to_boundary == 0)
-	return 0;
+        return 0;
 
     /* If we haven't got any data, we need to get some */
     if (j == 0)
-	return 0;
+        return 0;
 
     /* No boundary between adjacent buffers marked for processing */
     if (data[iov_state->iov_pos].flags == data[i].flags)
-	return 0;
+        return 0;
 
     return 1;
 }
 
 krb5_boolean
 krb5int_c_iov_get_block(unsigned char *block,
-			size_t block_size,
-			const krb5_crypto_iov *data,
-			size_t num_data,
-			struct iov_block_state *iov_state)
+                        size_t block_size,
+                        const krb5_crypto_iov *data,
+                        size_t num_data,
+                        struct iov_block_state *iov_state)
 {
     size_t i, j = 0;
 
     for (i = iov_state->iov_pos; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	size_t nbytes;
+        const krb5_crypto_iov *iov = &data[i];
+        size_t nbytes;
 
-	if (!process_block_p(data, num_data, iov_state, i))
-	    continue;
+        if (!process_block_p(data, num_data, iov_state, i))
+            continue;
 
-	if (pad_to_boundary_p(data, num_data, iov_state, i, j))
-	    break;
+        if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+            break;
 
-	iov_state->iov_pos = i;
+        iov_state->iov_pos = i;
 
-	nbytes = iov->data.length - iov_state->data_pos;
-	if (nbytes > block_size - j)
-	    nbytes = block_size - j;
+        nbytes = iov->data.length - iov_state->data_pos;
+        if (nbytes > block_size - j)
+            nbytes = block_size - j;
 
-	memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes);
+        memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes);
 
-	iov_state->data_pos += nbytes;
-	j += nbytes;
+        iov_state->data_pos += nbytes;
+        j += nbytes;
 
-	assert(j <= block_size);
+        assert(j <= block_size);
 
-	if (j == block_size)
-	    break;
+        if (j == block_size)
+            break;
 
-	assert(iov_state->data_pos == iov->data.length);
+        assert(iov_state->data_pos == iov->data.length);
 
-	iov_state->data_pos = 0;
+        iov_state->data_pos = 0;
     }
 
     iov_state->iov_pos = i;
 
     if (j != block_size)
-	memset(block + j, 0, block_size - j);
+        memset(block + j, 0, block_size - j);
 
 #ifdef DEBUG_IOV
     dump_block("get_block", i, j, block, block_size);
@@ -287,42 +288,42 @@ krb5int_c_iov_get_block(unsigned char *block,
 
 krb5_boolean
 krb5int_c_iov_put_block(const krb5_crypto_iov *data,
-			size_t num_data,
-			unsigned char *block,
-			size_t block_size,
-			struct iov_block_state *iov_state)
+                        size_t num_data,
+                        unsigned char *block,
+                        size_t block_size,
+                        struct iov_block_state *iov_state)
 {
     size_t i, j = 0;
 
     for (i = iov_state->iov_pos; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	size_t nbytes;
+        const krb5_crypto_iov *iov = &data[i];
+        size_t nbytes;
 
-	if (!process_block_p(data, num_data, iov_state, i))
-	    continue;
+        if (!process_block_p(data, num_data, iov_state, i))
+            continue;
 
-	if (pad_to_boundary_p(data, num_data, iov_state, i, j))
-	    break;
+        if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+            break;
 
-	iov_state->iov_pos = i;
+        iov_state->iov_pos = i;
 
-	nbytes = iov->data.length - iov_state->data_pos;
-	if (nbytes > block_size - j)
-	    nbytes = block_size - j;
+        nbytes = iov->data.length - iov_state->data_pos;
+        if (nbytes > block_size - j)
+            nbytes = block_size - j;
 
-	memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes);
+        memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes);
 
-	iov_state->data_pos += nbytes;
-	j += nbytes;
+        iov_state->data_pos += nbytes;
+        j += nbytes;
 
-	assert(j <= block_size);
+        assert(j <= block_size);
 
-	if (j == block_size)
-	    break;
+        if (j == block_size)
+            break;
 
-	assert(iov_state->data_pos == iov->data.length);
+        assert(iov_state->data_pos == iov->data.length);
 
-	iov_state->data_pos = 0;
+        iov_state->data_pos = 0;
     }
 
     iov_state->iov_pos = i;
@@ -336,13 +337,13 @@ krb5int_c_iov_put_block(const krb5_crypto_iov *data,
 
 krb5_error_code
 krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
-			     const struct krb5_enc_provider *enc,
-			     const struct krb5_hash_provider *hash,
-			     krb5_key key,
-			     krb5_keyusage keyusage,
-			     const krb5_data *ivec,
-			     krb5_crypto_iov *data,
-			     size_t num_data)
+                             const struct krb5_enc_provider *enc,
+                             const struct krb5_hash_provider *hash,
+                             krb5_key key,
+                             krb5_keyusage keyusage,
+                             const krb5_data *ivec,
+                             krb5_crypto_iov *data,
+                             size_t num_data)
 {
     krb5_error_code ret;
     unsigned int header_len, trailer_len, padding_len;
@@ -355,26 +356,26 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
     assert(stream != NULL);
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-				 &header_len);
+                                 &header_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-				 &trailer_len);
+                                 &trailer_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-				 &padding_len);
+                                 &padding_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (stream->data.length < header_len + trailer_len)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     iov = calloc(num_data + 2, sizeof(krb5_crypto_iov));
     if (iov == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     i = 0;
 
@@ -384,21 +385,21 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
     i++;
 
     for (j = 0; j < num_data; j++) {
-	if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
-	    if (got_data) {
-		free(iov);
-		return KRB5_BAD_MSIZE;
-	    }
-
-	    got_data++;
-
-	    data[j].data.data = stream->data.data + header_len;
-	    data[j].data.length = stream->data.length - header_len
-		- trailer_len;
-	}
-	if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
-	    data[j].flags == KRB5_CRYPTO_TYPE_DATA)
-	    iov[i++] = data[j];
+        if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
+            if (got_data) {
+                free(iov);
+                return KRB5_BAD_MSIZE;
+            }
+
+            got_data++;
+
+            data[j].data.data = stream->data.data + header_len;
+            data[j].data.length = stream->data.length - header_len
+                - trailer_len;
+        }
+        if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
+            data[j].flags == KRB5_CRYPTO_TYPE_DATA)
+            iov[i++] = data[j];
     }
 
     /*
@@ -426,34 +427,34 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
 
 krb5_error_code
 krb5int_c_padding_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 size_t data_length,
-			 unsigned int *pad_length)
+                         const struct krb5_enc_provider *enc,
+                         const struct krb5_hash_provider *hash,
+                         size_t data_length,
+                         unsigned int *pad_length)
 {
     unsigned int padding;
     krb5_error_code ret;
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-				 &padding);
+                                 &padding);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (padding == 0 || (data_length % padding) == 0)
-	*pad_length = 0;
+        *pad_length = 0;
     else
-	*pad_length = padding - (data_length % padding);
+        *pad_length = padding - (data_length % padding);
 
     return 0;
 }
 
 krb5_error_code
 krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output)
+                              const struct krb5_enc_provider *enc,
+                              const struct krb5_hash_provider *hash,
+                              krb5_key key, krb5_keyusage usage,
+                              const krb5_data *ivec, const krb5_data *input,
+                              krb5_data *output)
 {
     krb5_crypto_iov iov[4];
     krb5_error_code ret;
@@ -462,23 +463,23 @@ krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
     unsigned int trailer_len = 0;
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-				 &header_len);
+                                 &header_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = krb5int_c_padding_length(aead, enc, hash, input->length,
-				   &padding_len);
+                                   &padding_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-				 &trailer_len);
+                                 &trailer_len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (output->length <
-	header_len + input->length + padding_len + trailer_len)
-	return KRB5_BAD_MSIZE;
+        header_len + input->length + padding_len + trailer_len)
+        return KRB5_BAD_MSIZE;
 
     iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
     iov[0].data.data = output->data;
@@ -498,24 +499,24 @@ krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
     iov[3].data.length = trailer_len;
 
     ret = (*aead->encrypt_iov)(aead, enc, hash, key, usage, ivec,
-			       iov, sizeof(iov) / sizeof(iov[0]));
+                               iov, sizeof(iov) / sizeof(iov[0]));
 
     if (ret != 0)
-	zap(iov[1].data.data, iov[1].data.length);
+        zap(iov[1].data.data, iov[1].data.length);
 
     output->length = iov[0].data.length + iov[1].data.length +
-		     iov[2].data.length + iov[3].data.length;
+        iov[2].data.length + iov[3].data.length;
 
     return ret;
 }
 
 krb5_error_code
 krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output)
+                              const struct krb5_enc_provider *enc,
+                              const struct krb5_hash_provider *hash,
+                              krb5_key key, krb5_keyusage usage,
+                              const krb5_data *ivec, const krb5_data *input,
+                              krb5_data *output)
 {
     krb5_crypto_iov iov[2];
     krb5_error_code ret;
@@ -523,7 +524,7 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
     iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
     iov[0].data.data = malloc(input->length);
     if (iov[0].data.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     memcpy(iov[0].data.data, input->data, input->length);
     iov[0].data.length = input->length;
@@ -533,14 +534,14 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
     iov[1].data.length = 0;
 
     ret = krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-				       usage, ivec,
-				       iov, sizeof(iov)/sizeof(iov[0]));
+                                       usage, ivec,
+                                       iov, sizeof(iov)/sizeof(iov[0]));
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (output->length < iov[1].data.length) {
-	ret = KRB5_BAD_MSIZE;
-	goto cleanup;
+        ret = KRB5_BAD_MSIZE;
+        goto cleanup;
     }
 
     memcpy(output->data, iov[1].data.data, iov[1].data.length);
@@ -554,19 +555,19 @@ cleanup:
 
 void
 krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
-				     const struct krb5_enc_provider *enc,
-				     const struct krb5_hash_provider *hash,
-				     size_t inputlen, size_t *length)
+                                     const struct krb5_enc_provider *enc,
+                                     const struct krb5_hash_provider *hash,
+                                     size_t inputlen, size_t *length)
 {
     unsigned int header_len = 0;
     unsigned int padding_len = 0;
     unsigned int trailer_len = 0;
 
     (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-			   &header_len);
+                           &header_len);
     krb5int_c_padding_length(aead, enc, hash, inputlen, &padding_len);
     (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			   &trailer_len);
+                           &trailer_len);
 
     *length = header_len + inputlen + padding_len + trailer_len;
 }
diff --git a/src/lib/crypto/krb/aead.h b/src/lib/crypto/krb/aead.h
index f9e92bd..fd06500 100644
--- a/src/lib/crypto/krb/aead.h
+++ b/src/lib/crypto/krb/aead.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aead.h
  *
@@ -31,93 +32,93 @@
 
 krb5_crypto_iov *
 krb5int_c_locate_iov(krb5_crypto_iov *data,
-		     size_t num_data,
-		     krb5_cryptotype type);
+                     size_t num_data,
+                     krb5_cryptotype type);
 
 krb5_error_code
 krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_crypto_iov *data,
-			    size_t num_data,
-			    krb5_data *cksum_data);
+                            krb5_key key,
+                            krb5_keyusage usage,
+                            const krb5_crypto_iov *data,
+                            size_t num_data,
+                            krb5_data *cksum_data);
 
 const struct krb5_cksumtypes *
 krb5int_c_find_checksum_type(krb5_cksumtype cksumtype);
 
-#define ENCRYPT_CONF_IOV(_iov)	((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER)
+#define ENCRYPT_CONF_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER)
 
-#define ENCRYPT_DATA_IOV(_iov)	((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \
-				 (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING)
+#define ENCRYPT_DATA_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING)
 
-#define ENCRYPT_IOV(_iov)	(ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov))
+#define ENCRYPT_IOV(_iov)       (ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov))
 
-#define SIGN_IOV(_iov)		(ENCRYPT_IOV(_iov) || \
-				 (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY )
+#define SIGN_IOV(_iov)          (ENCRYPT_IOV(_iov) ||                   \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY )
 
 struct iov_block_state {
-    size_t iov_pos;			/* index into iov array */
-    size_t data_pos;			/* index into iov contents */
-    unsigned int ignore_header : 1;	/* have/should we process HEADER */
-    unsigned int include_sign_only : 1;	/* should we process SIGN_ONLY blocks */
-    unsigned int pad_to_boundary : 1;	/* should we zero fill blocks until next buffer */
+    size_t iov_pos;                     /* index into iov array */
+    size_t data_pos;                    /* index into iov contents */
+    unsigned int ignore_header : 1;     /* have/should we process HEADER */
+    unsigned int include_sign_only : 1; /* should we process SIGN_ONLY blocks */
+    unsigned int pad_to_boundary : 1;   /* should we zero fill blocks until next buffer */
 };
 
-#define IOV_BLOCK_STATE_INIT(_state)	((_state)->iov_pos = \
-					 (_state)->data_pos = \
-					 (_state)->ignore_header = \
-					 (_state)->include_sign_only = \
-					 (_state)->pad_to_boundary = 0)
+#define IOV_BLOCK_STATE_INIT(_state)    ((_state)->iov_pos =            \
+                                         (_state)->data_pos =           \
+                                         (_state)->ignore_header =      \
+                                         (_state)->include_sign_only =  \
+                                         (_state)->pad_to_boundary = 0)
 
 krb5_boolean
 krb5int_c_iov_get_block(unsigned char *block,
-			size_t block_size,
-			const krb5_crypto_iov *data,
-			size_t num_data,
-			struct iov_block_state *iov_state);
+                        size_t block_size,
+                        const krb5_crypto_iov *data,
+                        size_t num_data,
+                        struct iov_block_state *iov_state);
 
 krb5_boolean
 krb5int_c_iov_put_block(const krb5_crypto_iov *data,
-			size_t num_data,
-			unsigned char *block,
-			size_t block_size,
-			struct iov_block_state *iov_state);
+                        size_t num_data,
+                        unsigned char *block,
+                        size_t block_size,
+                        struct iov_block_state *iov_state);
 
 krb5_error_code
 krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
-			     const struct krb5_enc_provider *enc,
-			     const struct krb5_hash_provider *hash,
-			     krb5_key key,
-			     krb5_keyusage keyusage,
-			     const krb5_data *ivec,
-			     krb5_crypto_iov *data,
-			     size_t num_data);
+                             const struct krb5_enc_provider *enc,
+                             const struct krb5_hash_provider *hash,
+                             krb5_key key,
+                             krb5_keyusage keyusage,
+                             const krb5_data *ivec,
+                             krb5_crypto_iov *data,
+                             size_t num_data);
 
 krb5_error_code
 krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output);
+                              const struct krb5_enc_provider *enc,
+                              const struct krb5_hash_provider *hash,
+                              krb5_key key, krb5_keyusage usage,
+                              const krb5_data *ivec, const krb5_data *input,
+                              krb5_data *output);
 
 krb5_error_code
 krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output);
+                              const struct krb5_enc_provider *enc,
+                              const struct krb5_hash_provider *hash,
+                              krb5_key key, krb5_keyusage usage,
+                              const krb5_data *ivec, const krb5_data *input,
+                              krb5_data *output);
 
 void
 krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
-				     const struct krb5_enc_provider *enc,
-				     const struct krb5_hash_provider *hash,
-				     size_t inputlen, size_t *length);
+                                     const struct krb5_enc_provider *enc,
+                                     const struct krb5_hash_provider *hash,
+                                     size_t inputlen, size_t *length);
 
 krb5_error_code
 krb5int_c_padding_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 size_t data_length,
-			 unsigned int *pad_length);
+                         const struct krb5_enc_provider *enc,
+                         const struct krb5_hash_provider *hash,
+                         size_t data_length,
+                         unsigned int *pad_length);
diff --git a/src/lib/crypto/krb/arcfour/arcfour-int.h b/src/lib/crypto/krb/arcfour/arcfour-int.h
index 6881dc4..ff811f6 100644
--- a/src/lib/crypto/krb/arcfour/arcfour-int.h
+++ b/src/lib/crypto/krb/arcfour/arcfour-int.h
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
+  ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
+  This cipher is widely believed and has been tested to be equivalent
+  with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
+  of RSA Data Security)
 
 */
 #ifndef ARCFOUR_INT_H
diff --git a/src/lib/crypto/krb/arcfour/arcfour.c b/src/lib/crypto/krb/arcfour/arcfour.c
index 1f49812..8939c30 100644
--- a/src/lib/crypto/krb/arcfour/arcfour.c
+++ b/src/lib/crypto/krb/arcfour/arcfour.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
+  ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
+  This cipher is widely believed and has been tested to be equivalent
+  with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
+  of RSA Data Security)
 
 */
 #include "k5-int.h"
@@ -14,326 +15,326 @@ const char *const krb5int_arcfour_l40 = "fortybits";
 
 void
 krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    size_t inputlen, size_t *length)
+                               const struct krb5_hash_provider *hash,
+                               size_t inputlen, size_t *length)
 {
-  size_t blocksize, hashsize;
+    size_t blocksize, hashsize;
 
-  blocksize = enc->block_size;
-  hashsize = hash->hashsize;
+    blocksize = enc->block_size;
+    hashsize = hash->hashsize;
 
-  /* checksum + (confounder + inputlen, in even blocksize) */
-  *length = hashsize + krb5_roundup(8 + inputlen, blocksize);
+    /* checksum + (confounder + inputlen, in even blocksize) */
+    *length = hashsize + krb5_roundup(8 + inputlen, blocksize);
 }
 
- krb5_keyusage
- krb5int_arcfour_translate_usage(krb5_keyusage usage)
+krb5_keyusage
+krb5int_arcfour_translate_usage(krb5_keyusage usage)
 {
-  switch (usage) {
-  case 1:			/* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
-    return 1;
-  case 2:			/* ticket from kdc */
-    return 2;
-  case 3:			/* as-rep encrypted part */
-    return 8;
-  case 4:			/* tgs-req authz data */
-    return 4;
-  case 5:			/* tgs-req authz data in subkey */
-    return 5;
-  case 6:			/* tgs-req authenticator cksum */
-    return 6;
-case 7:				/* tgs-req authenticator */
-  return 7;
+    switch (usage) {
+    case 1:                       /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+        return 1;
+    case 2:                       /* ticket from kdc */
+        return 2;
+    case 3:                       /* as-rep encrypted part */
+        return 8;
+    case 4:                       /* tgs-req authz data */
+        return 4;
+    case 5:                       /* tgs-req authz data in subkey */
+        return 5;
+    case 6:                       /* tgs-req authenticator cksum */
+        return 6;
+    case 7:                         /* tgs-req authenticator */
+        return 7;
     case 8:
-    return 8;
-  case 9:			/* tgs-rep encrypted with subkey */
-    return 9;
-  case 10:			/* ap-rep authentication cksum */
-    return 10;			/* xxx  Microsoft never uses this*/
-  case 11:			/* app-req authenticator */
-    return 11;
-  case 12:			/* app-rep encrypted part */
-    return 12;
-  case 23: /* sign wrap token*/
-    return 13;
-  default:
-      return usage;
-}
+        return 8;
+    case 9:                       /* tgs-rep encrypted with subkey */
+        return 9;
+    case 10:                      /* ap-rep authentication cksum */
+        return 10;                  /* xxx  Microsoft never uses this*/
+    case 11:                      /* app-req authenticator */
+        return 11;
+    case 12:                      /* app-rep encrypted part */
+        return 12;
+    case 23: /* sign wrap token*/
+        return 13;
+    default:
+        return usage;
+    }
 }
 
 krb5_error_code
 krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
+                        const struct krb5_hash_provider *hash,
+                        krb5_key key, krb5_keyusage usage,
+                        const krb5_data *ivec, const krb5_data *input,
+                        krb5_data *output)
 {
-  krb5_keyblock k1, k2, k3;
-  krb5_key k3key = NULL;
-  krb5_data d1, d2, d3, salt, plaintext, checksum, ciphertext, confounder;
-  krb5_keyusage ms_usage;
-  size_t keylength, keybytes, blocksize, hashsize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = key->keyblock;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = key->keyblock;
-  k2.length=d2.length;
-  k2.contents=(void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = key->keyblock;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if (salt.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  /* is "input" already blocksize aligned?  if it is, then we need this
-     step, otherwise we do not */
-  plaintext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
+    krb5_keyblock k1, k2, k3;
+    krb5_key k3key = NULL;
+    krb5_data d1, d2, d3, salt, plaintext, checksum, ciphertext, confounder;
+    krb5_keyusage ms_usage;
+    size_t keylength, keybytes, blocksize, hashsize;
+    krb5_error_code ret;
+
+    blocksize = enc->block_size;
+    keybytes = enc->keybytes;
+    keylength = enc->keylength;
+    hashsize = hash->hashsize;
+
+    d1.length=keybytes;
+    d1.data=malloc(d1.length);
+    if (d1.data == NULL)
+        return (ENOMEM);
+    k1 = key->keyblock;
+    k1.length=d1.length;
+    k1.contents= (void *) d1.data;
+
+    d2.length=keybytes;
+    d2.data=malloc(d2.length);
+    if (d2.data == NULL) {
+        free(d1.data);
+        return (ENOMEM);
+    }
+    k2 = key->keyblock;
+    k2.length=d2.length;
+    k2.contents=(void *) d2.data;
+
+    d3.length=keybytes;
+    d3.data=malloc(d3.length);
+    if (d3.data == NULL) {
+        free(d1.data);
+        free(d2.data);
+        return (ENOMEM);
+    }
+    k3 = key->keyblock;
+    k3.length=d3.length;
+    k3.contents= (void *) d3.data;
+
+    salt.length=14;
+    salt.data=malloc(salt.length);
+    if (salt.data == NULL) {
+        free(d1.data);
+        free(d2.data);
+        free(d3.data);
+        return (ENOMEM);
+    }
+
+    /* is "input" already blocksize aligned?  if it is, then we need this
+       step, otherwise we do not */
+    plaintext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
+    plaintext.data=malloc(plaintext.length);
+    if (plaintext.data == NULL) {
+        free(d1.data);
+        free(d2.data);
+        free(d3.data);
+        free(salt.data);
+        return(ENOMEM);
+    }
+
+    /* setup convienient pointers into the allocated data */
+    checksum.length=hashsize;
+    checksum.data=output->data;
+    ciphertext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
+    ciphertext.data=output->data+hashsize;
+    confounder.length=CONFOUNDERLENGTH;
+    confounder.data=plaintext.data;
+    output->length = plaintext.length+hashsize;
+
+    /* begin the encryption, computer K1 */
+    ms_usage=krb5int_arcfour_translate_usage(usage);
+    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        strncpy(salt.data, krb5int_arcfour_l40, salt.length);
+        store_32_le(ms_usage, salt.data+10);
+    } else {
+        salt.length=4;
+        store_32_le(ms_usage, salt.data);
+    }
+    krb5int_hmac(hash, key, 1, &salt, &d1);
+
+    memcpy(k2.contents, k1.contents, k2.length);
+
+    if (key->keyblock.enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
+        memset(k1.contents+7, 0xab, 9);
+
+    ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
+    memcpy(plaintext.data+confounder.length, input->data, input->length);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &checksum);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_k_create_key(NULL, &k3, &k3key);
+    if (ret)
+        goto cleanup;
+
+    ret=(*(enc->encrypt))(k3key, ivec, &plaintext, &ciphertext);
+
+cleanup:
+    memset(d1.data, 0, d1.length);
+    memset(d2.data, 0, d2.length);
+    memset(d3.data, 0, d3.length);
+    memset(salt.data, 0, salt.length);
+    memset(plaintext.data, 0, plaintext.length);
+
     free(d1.data);
     free(d2.data);
     free(d3.data);
     free(salt.data);
-    return(ENOMEM);
-  }
-
-  /* setup convienient pointers into the allocated data */
-  checksum.length=hashsize;
-  checksum.data=output->data;
-  ciphertext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  ciphertext.data=output->data+hashsize;
-  confounder.length=CONFOUNDERLENGTH;
-  confounder.data=plaintext.data;
-  output->length = plaintext.length+hashsize;
-
-  /* begin the encryption, computer K1 */
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-  if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-    strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-    store_32_le(ms_usage, salt.data+10);
-  } else {
-    salt.length=4;
-    store_32_le(ms_usage, salt.data);
-  }
-  krb5int_hmac(hash, key, 1, &salt, &d1);
-
-  memcpy(k2.contents, k1.contents, k2.length);
-
-  if (key->keyblock.enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
-    memset(k1.contents+7, 0xab, 9);
-
-  ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
-  memcpy(plaintext.data+confounder.length, input->data, input->length);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &checksum);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5_k_create_key(NULL, &k3, &k3key);
-  if (ret)
-    goto cleanup;
-
-  ret=(*(enc->encrypt))(k3key, ivec, &plaintext, &ciphertext);
-
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d3.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  krb5_k_free_key(NULL, k3key);
-  return (ret);
+    free(plaintext.data);
+    krb5_k_free_key(NULL, k3key);
+    return (ret);
 }
 
 /* This is the arcfour-hmac decryption routine */
 krb5_error_code
 krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
+                        const struct krb5_hash_provider *hash,
+                        krb5_key key, krb5_keyusage usage,
+                        const krb5_data *ivec, const krb5_data *input,
+                        krb5_data *output)
 {
-  krb5_keyblock k1,k2,k3;
-  krb5_key k3key;
-  krb5_data d1,d2,d3,salt,ciphertext,plaintext,checksum;
-  krb5_keyusage ms_usage;
-  size_t keybytes, keylength, hashsize, blocksize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = key->keyblock;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = key->keyblock;
-  k2.length=d2.length;
-  k2.contents= (void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if  (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = key->keyblock;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if(salt.data==NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  ciphertext.length=input->length-hashsize;
-  ciphertext.data=input->data+hashsize;
-  plaintext.length=ciphertext.length;
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
+    krb5_keyblock k1,k2,k3;
+    krb5_key k3key;
+    krb5_data d1,d2,d3,salt,ciphertext,plaintext,checksum;
+    krb5_keyusage ms_usage;
+    size_t keybytes, keylength, hashsize, blocksize;
+    krb5_error_code ret;
+
+    blocksize = enc->block_size;
+    keybytes = enc->keybytes;
+    keylength = enc->keylength;
+    hashsize = hash->hashsize;
+
+    d1.length=keybytes;
+    d1.data=malloc(d1.length);
+    if (d1.data == NULL)
+        return (ENOMEM);
+    k1 = key->keyblock;
+    k1.length=d1.length;
+    k1.contents= (void *) d1.data;
+
+    d2.length=keybytes;
+    d2.data=malloc(d2.length);
+    if (d2.data == NULL) {
+        free(d1.data);
+        return (ENOMEM);
+    }
+    k2 = key->keyblock;
+    k2.length=d2.length;
+    k2.contents= (void *) d2.data;
+
+    d3.length=keybytes;
+    d3.data=malloc(d3.length);
+    if  (d3.data == NULL) {
+        free(d1.data);
+        free(d2.data);
+        return (ENOMEM);
+    }
+    k3 = key->keyblock;
+    k3.length=d3.length;
+    k3.contents= (void *) d3.data;
+
+    salt.length=14;
+    salt.data=malloc(salt.length);
+    if(salt.data==NULL) {
+        free(d1.data);
+        free(d2.data);
+        free(d3.data);
+        return (ENOMEM);
+    }
+
+    ciphertext.length=input->length-hashsize;
+    ciphertext.data=input->data+hashsize;
+    plaintext.length=ciphertext.length;
+    plaintext.data=malloc(plaintext.length);
+    if (plaintext.data == NULL) {
+        free(d1.data);
+        free(d2.data);
+        free(d3.data);
+        free(salt.data);
+        return (ENOMEM);
+    }
+
+    checksum.length=hashsize;
+    checksum.data=input->data;
+
+    ms_usage=krb5int_arcfour_translate_usage(usage);
+
+    /* We may have to try two ms_usage values; see below. */
+    do {
+        /* compute the salt */
+        if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+            strncpy(salt.data, krb5int_arcfour_l40, salt.length);
+            store_32_le(ms_usage, salt.data + 10);
+        } else {
+            salt.length = 4;
+            store_32_le(ms_usage, salt.data);
+        }
+        ret = krb5int_hmac(hash, key, 1, &salt, &d1);
+        if (ret)
+            goto cleanup;
+
+        memcpy(k2.contents, k1.contents, k2.length);
+
+        if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+            memset(k1.contents + 7, 0xab, 9);
+
+        ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_k_create_key(NULL, &k3, &k3key);
+        if (ret)
+            goto cleanup;
+        ret = (*(enc->decrypt))(k3key, ivec, &ciphertext, &plaintext);
+        krb5_k_free_key(NULL, k3key);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &d1);
+        if (ret)
+            goto cleanup;
+
+        if (memcmp(checksum.data, d1.data, hashsize) != 0) {
+            if (ms_usage == 9) {
+                /*
+                 * RFC 4757 specifies usage 8 for TGS-REP encrypted
+                 * parts encrypted in a subkey, but the value used by MS
+                 * is actually 9.  We now use 9 to start with, but fall
+                 * back to 8 on failure in case we are communicating
+                 * with a KDC using the value from the RFC.
+                 */
+                ms_usage = 8;
+                continue;
+            }
+            ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+            goto cleanup;
+        }
+
+        break;
+    } while (1);
+
+    memcpy(output->data, plaintext.data+CONFOUNDERLENGTH,
+           (plaintext.length-CONFOUNDERLENGTH));
+    output->length=plaintext.length-CONFOUNDERLENGTH;
+
+cleanup:
+    memset(d1.data, 0, d1.length);
+    memset(d2.data, 0, d2.length);
+    memset(d3.data, 0, d2.length);
+    memset(salt.data, 0, salt.length);
+    memset(plaintext.data, 0, plaintext.length);
+
     free(d1.data);
     free(d2.data);
     free(d3.data);
     free(salt.data);
-    return (ENOMEM);
-  }
-
-  checksum.length=hashsize;
-  checksum.data=input->data;
-
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-
-  /* We may have to try two ms_usage values; see below. */
-  do {
-      /* compute the salt */
-      if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	  strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	  store_32_le(ms_usage, salt.data + 10);
-      } else {
-	  salt.length = 4;
-	  store_32_le(ms_usage, salt.data);
-      }
-      ret = krb5int_hmac(hash, key, 1, &salt, &d1);
-      if (ret)
-	  goto cleanup;
-
-      memcpy(k2.contents, k1.contents, k2.length);
-
-      if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	  memset(k1.contents + 7, 0xab, 9);
-
-      ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-      if (ret)
-	  goto cleanup;
-
-      ret = krb5_k_create_key(NULL, &k3, &k3key);
-      if (ret)
-	goto cleanup;
-      ret = (*(enc->decrypt))(k3key, ivec, &ciphertext, &plaintext);
-      krb5_k_free_key(NULL, k3key);
-      if (ret)
-	  goto cleanup;
-
-      ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &d1);
-      if (ret)
-	  goto cleanup;
-
-      if (memcmp(checksum.data, d1.data, hashsize) != 0) {
-	  if (ms_usage == 9) {
-	      /*
-	       * RFC 4757 specifies usage 8 for TGS-REP encrypted
-	       * parts encrypted in a subkey, but the value used by MS
-	       * is actually 9.  We now use 9 to start with, but fall
-	       * back to 8 on failure in case we are communicating
-	       * with a KDC using the value from the RFC.
-	       */
-	      ms_usage = 8;
-	      continue;
-	  }
-	  ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	  goto cleanup;
-      }
-
-      break;
-  } while (1);
-
-  memcpy(output->data, plaintext.data+CONFOUNDERLENGTH,
-	 (plaintext.length-CONFOUNDERLENGTH));
-  output->length=plaintext.length-CONFOUNDERLENGTH;
-
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d2.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  return (ret);
+    free(plaintext.data);
+    return (ret);
 }
diff --git a/src/lib/crypto/krb/arcfour/arcfour.h b/src/lib/crypto/krb/arcfour/arcfour.h
index e00708a..6419338 100644
--- a/src/lib/crypto/krb/arcfour/arcfour.h
+++ b/src/lib/crypto/krb/arcfour/arcfour.h
@@ -1,37 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef ARCFOUR_H
 #define ARCFOUR_H
 
 extern void
 krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			size_t,
-			size_t *);
+                               const struct krb5_hash_provider *,
+                               size_t,
+                               size_t *);
 
 extern krb5_error_code
 krb5int_arcfour_encrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			krb5_key,
-			krb5_keyusage,
-			const krb5_data *,
-     			const krb5_data *,
-			krb5_data *);
+                        const struct krb5_hash_provider *,
+                        krb5_key,
+                        krb5_keyusage,
+                        const krb5_data *,
+                        const krb5_data *,
+                        krb5_data *);
 
 extern krb5_error_code
 krb5int_arcfour_decrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			krb5_key,
-			krb5_keyusage,
-			const krb5_data *,
-			const krb5_data *,
-			krb5_data *);
+                        const struct krb5_hash_provider *,
+                        krb5_key,
+                        krb5_keyusage,
+                        const krb5_data *,
+                        const krb5_data *,
+                        krb5_data *);
 
 extern krb5_error_code
 krb5int_arcfour_string_to_key(
-     const struct krb5_enc_provider *,
-     const krb5_data *,
-     const krb5_data *,
-     const krb5_data *,
-     krb5_keyblock *);
+    const struct krb5_enc_provider *,
+    const krb5_data *,
+    const krb5_data *,
+    const krb5_data *,
+    krb5_keyblock *);
 
 extern const struct krb5_enc_provider krb5int_enc_arcfour;
 extern const struct krb5_aead_provider krb5int_aead_arcfour;
diff --git a/src/lib/crypto/krb/arcfour/arcfour_aead.c b/src/lib/crypto/krb/arcfour/arcfour_aead.c
index 7ede21d..3350759 100644
--- a/src/lib/crypto/krb/arcfour/arcfour_aead.c
+++ b/src/lib/crypto/krb/arcfour/arcfour_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/arcfour/arcfour_aead.c
  *
@@ -34,27 +35,27 @@
 
 static krb5_error_code
 krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_cryptotype type,
-			      unsigned int *length)
+                              const struct krb5_enc_provider *enc,
+                              const struct krb5_hash_provider *hash,
+                              krb5_cryptotype type,
+                              unsigned int *length)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_HEADER:
-	*length = hash->hashsize + CONFOUNDERLENGTH;
-	break;
+        *length = hash->hashsize + CONFOUNDERLENGTH;
+        break;
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = 0;
-	break;
+        *length = 0;
+        break;
     case KRB5_CRYPTO_TYPE_TRAILER:
-	*length = 0;
-	break;
+        *length = 0;
+        break;
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = hash->hashsize;
-	break;
+        *length = hash->hashsize;
+        break;
     default:
-	assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length");
-	break;
+        assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length");
+        break;
     }
 
     return 0;
@@ -62,14 +63,14 @@ krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead,
 
 static krb5_error_code
 alloc_derived_key(const struct krb5_enc_provider *enc,
-		  krb5_keyblock *dst,
-		  krb5_data *data,
-		  const krb5_keyblock *src)
+                  krb5_keyblock *dst,
+                  krb5_data *data,
+                  const krb5_keyblock *src)
 {
     data->length = enc->keybytes;
     data->data = malloc(data->length);
     if (data->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *dst = *src;
     dst->length = data->length;
@@ -80,13 +81,13 @@ alloc_derived_key(const struct krb5_enc_provider *enc,
 
 static krb5_error_code
 krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
+                            const struct krb5_enc_provider *enc,
+                            const struct krb5_hash_provider *hash,
+                            krb5_key key,
+                            krb5_keyusage usage,
+                            const krb5_data *ivec,
+                            krb5_crypto_iov *data,
+                            size_t num_data)
 {
     krb5_error_code ret;
     krb5_crypto_iov *header, *trailer;
@@ -106,38 +107,38 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
      * Caller must have provided space for the header, padding
      * and trailer; per RFC 4757 we will arrange it as:
      *
-     *	    Checksum | E(Confounder | Plaintext)
+     *      Checksum | E(Confounder | Plaintext)
      */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL ||
-	header->data.length < hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
+        header->data.length < hash->hashsize + CONFOUNDERLENGTH)
+        return KRB5_BAD_MSIZE;
 
     header_data = header->data;
 
     /* Trailer may be absent */
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer != NULL)
-	trailer->data.length = 0;
+        trailer->data.length = 0;
 
     /* Ensure that there is no padding */
     for (i = 0; i < num_data; i++) {
-	if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
-	    data[i].data.length = 0;
+        if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
+            data[i].data.length = 0;
     }
 
     ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Begin the encryption, compute K1 */
     salt.data = salt_data;
@@ -146,20 +147,20 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
     ms_usage = krb5int_arcfour_translate_usage(usage);
 
     if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, salt.data + 10);
+        strncpy(salt.data, krb5int_arcfour_l40, salt.length);
+        store_32_le(ms_usage, salt.data + 10);
     } else {
-	salt.length = 4;
-	store_32_le(ms_usage, salt.data);
+        salt.length = 4;
+        store_32_le(ms_usage, salt.data);
     }
     ret = krb5int_hmac(hash, key, 1, &salt, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     memcpy(k2.contents, k1.contents, k2.length);
 
     if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
+        memset(k1.contents + 7, 0xAB, 9);
 
     header->data.length = hash->hashsize + CONFOUNDERLENGTH;
 
@@ -168,7 +169,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5_c_random_make_octets(0, &confounder);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     checksum.data = header->data.data;
     checksum.length = hash->hashsize;
@@ -179,34 +180,34 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &checksum);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &k3, &k3key);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = enc->encrypt_iov(k3key, ivec, data, num_data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     header->data = header_data; /* restore header pointers */
 
     if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
+        memset(d1.data, 0, d1.length);
+        free(d1.data);
     }
     if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
+        memset(d2.data, 0, d2.length);
+        free(d2.data);
     }
     if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
+        memset(d3.data, 0, d3.length);
+        free(d3.data);
     }
 
     krb5_k_free_key(NULL, k3key);
@@ -215,13 +216,13 @@ cleanup:
 
 static krb5_error_code
 krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
+                            const struct krb5_enc_provider *enc,
+                            const struct krb5_hash_provider *hash,
+                            krb5_key key,
+                            krb5_keyusage usage,
+                            const krb5_data *ivec,
+                            krb5_crypto_iov *data,
+                            size_t num_data)
 {
     krb5_error_code ret;
     krb5_crypto_iov *header, *trailer;
@@ -239,25 +240,25 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL ||
         header->data.length != hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     header_data = header->data;
 
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer != NULL && trailer->data.length != 0)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Begin the decryption, compute K1 */
     salt.data = salt_data;
@@ -266,20 +267,20 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
     ms_usage = krb5int_arcfour_translate_usage(usage);
 
     if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, (unsigned char *)salt.data + 10);
+        strncpy(salt.data, krb5int_arcfour_l40, salt.length);
+        store_32_le(ms_usage, (unsigned char *)salt.data + 10);
     } else {
-	salt.length = 4;
-	store_32_le(ms_usage, (unsigned char *)salt.data);
+        salt.length = 4;
+        store_32_le(ms_usage, (unsigned char *)salt.data);
     }
     ret = krb5int_hmac(hash, key, 1, &salt, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     memcpy(k2.contents, k1.contents, k2.length);
 
     if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
+        memset(k1.contents + 7, 0xAB, 9);
 
     checksum.data = header->data.data;
     checksum.length = hash->hashsize;
@@ -290,39 +291,39 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &k3, &k3key);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = enc->decrypt_iov(k3key, ivec, data, num_data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (memcmp(checksum.data, d1.data, hash->hashsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
 
 cleanup:
     header->data = header_data; /* restore header pointers */
 
     if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
+        memset(d1.data, 0, d1.length);
+        free(d1.data);
     }
     if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
+        memset(d2.data, 0, d2.length);
+        free(d2.data);
     }
     if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
+        memset(d3.data, 0, d3.length);
+        free(d3.data);
     }
 
     krb5_k_free_key(NULL, k3key);
diff --git a/src/lib/crypto/krb/arcfour/arcfour_s2k.c b/src/lib/crypto/krb/arcfour/arcfour_s2k.c
index 1aaaa1c..dbb7f45 100644
--- a/src/lib/crypto/krb/arcfour/arcfour_s2k.c
+++ b/src/lib/crypto/krb/arcfour/arcfour_s2k.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "k5-utf8.h"
 #include "rsa-md4.h"
@@ -9,51 +10,51 @@
 
 krb5_error_code
 krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
-			      const krb5_data *string, const krb5_data *salt,
-			      const krb5_data *params, krb5_keyblock *key)
+                              const krb5_data *string, const krb5_data *salt,
+                              const krb5_data *params, krb5_keyblock *key)
 {
-  krb5_error_code err = 0;
-  krb5_MD4_CTX md4_context;
-  unsigned char *copystr;
-  size_t copystrlen;
+    krb5_error_code err = 0;
+    krb5_MD4_CTX md4_context;
+    unsigned char *copystr;
+    size_t copystrlen;
 
-  if (params != NULL)
-      return KRB5_ERR_BAD_S2K_PARAMS;
+    if (params != NULL)
+        return KRB5_ERR_BAD_S2K_PARAMS;
 
-  if (key->length != 16)
-    return (KRB5_BAD_MSIZE);
+    if (key->length != 16)
+        return (KRB5_BAD_MSIZE);
 
-  /* We ignore salt per the Microsoft spec*/
+    /* We ignore salt per the Microsoft spec*/
 
-  /* compute the space needed for the new string.
-     Since the password must be stored in unicode, we need to increase
-     that number by 2x.
-  */
+    /* compute the space needed for the new string.
+       Since the password must be stored in unicode, we need to increase
+       that number by 2x.
+    */
 
-  err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr, &copystrlen);
-  if (err)
-    return err;
+    err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr, &copystrlen);
+    if (err)
+        return err;
 
-  /* the actual MD4 hash of the data */
-  krb5int_MD4Init(&md4_context);
-  krb5int_MD4Update(&md4_context, copystr, copystrlen);
-  krb5int_MD4Final(&md4_context);
-  memcpy(key->contents, md4_context.digest, 16);
+    /* the actual MD4 hash of the data */
+    krb5int_MD4Init(&md4_context);
+    krb5int_MD4Update(&md4_context, copystr, copystrlen);
+    krb5int_MD4Final(&md4_context);
+    memcpy(key->contents, md4_context.digest, 16);
 
 #if 0
-  /* test the string_to_key function */
-  printf("Hash=");
-  {
-    int counter;
-    for(counter=0;counter<16;counter++)
-      printf("%02x", md4_context.digest[counter]);
-    printf("\n");
-  }
+    /* test the string_to_key function */
+    printf("Hash=");
+    {
+        int counter;
+        for(counter=0;counter<16;counter++)
+            printf("%02x", md4_context.digest[counter]);
+        printf("\n");
+    }
 #endif /* 0 */
 
-  /* Zero out the data behind us */
-  memset(copystr, 0, copystrlen);
-  memset(&md4_context, 0, sizeof(md4_context));
-  free(copystr);
-  return err;
+    /* Zero out the data behind us */
+    memset(copystr, 0, copystrlen);
+    memset(&md4_context, 0, sizeof(md4_context));
+    free(copystr);
+    return err;
 }
diff --git a/src/lib/crypto/krb/block_size.c b/src/lib/crypto/krb/block_size.c
index 6f88945..7d65a5a 100644
--- a/src/lib/crypto/krb/block_size.c
+++ b/src/lib/crypto/krb/block_size.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,13 +30,13 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_block_size(krb5_context context, krb5_enctype enctype,
-		  size_t *blocksize)
+                  size_t *blocksize)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *blocksize = ktp->enc->block_size;
 
     return 0;
diff --git a/src/lib/crypto/krb/cf2.c b/src/lib/crypto/krb/cf2.c
index b5724a3..ab0a134 100644
--- a/src/lib/crypto/krb/cf2.c
+++ b/src/lib/crypto/krb/cf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/cf2.c
  *
@@ -41,7 +42,7 @@
  */
 static krb5_error_code
 prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
-	 size_t keybytes, char **out)
+         size_t keybytes, char **out)
 {
     krb5_error_code retval = 0;
     size_t prflen, iterations;
@@ -55,17 +56,17 @@ prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
     krb5int_buf_add(&prf_inbuf, pepper);
     retval = krb5_c_prf_length( context, k->enctype, &prflen);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     iterations = keybytes / prflen;
     if (keybytes % prflen != 0)
-	iterations++;
+        iterations++;
     assert(iterations <= 254);
     buffer = k5alloc(iterations * prflen, &retval);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     if (krb5int_buf_len(&prf_inbuf) == -1) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     in_data.length = (krb5_int32) krb5int_buf_len(&prf_inbuf);
     in_data.data = krb5int_buf_data(&prf_inbuf);
@@ -73,12 +74,12 @@ prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
     out_data.data = buffer;
 
     while (iterations > 0) {
-	retval = krb5_c_prf(context, k, &in_data, &out_data);
-	if (retval)
-	    goto cleanup;
-	out_data.data += prflen;
-	in_data.data[0]++;
-	iterations--;
+        retval = krb5_c_prf(context, k, &in_data, &out_data);
+        if (retval)
+            goto cleanup;
+        out_data.data += prflen;
+        in_data.data[0]++;
+        iterations--;
     }
 
     *out = buffer;
@@ -93,9 +94,9 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_fx_cf2_simple(krb5_context context,
-		     krb5_keyblock *k1, const char *pepper1,
-		     krb5_keyblock *k2, const char *pepper2,
-		     krb5_keyblock **out)
+                     krb5_keyblock *k1, const char *pepper1,
+                     krb5_keyblock *k2, const char *pepper2,
+                     krb5_keyblock **out)
 {
     const struct krb5_keytypes *out_enctype;
     size_t keybytes, keylength, i;
@@ -106,38 +107,38 @@ krb5_c_fx_cf2_simple(krb5_context context,
     krb5_keyblock *out_key = NULL;
 
     if (k1 == NULL || !krb5_c_valid_enctype(k1->enctype))
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype))
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     out_enctype_num = k1->enctype;
     assert(out != NULL);
     assert((out_enctype = find_enctype(out_enctype_num)) != NULL);
     if (out_enctype->prf == NULL) {
-	if (context)
-	    krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
-			      "Enctype %d has no PRF", out_enctype_num);
-	return KRB5_CRYPTO_INTERNAL;
+        if (context)
+            krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
+                              "Enctype %d has no PRF", out_enctype_num);
+        return KRB5_CRYPTO_INTERNAL;
     }
     keybytes = out_enctype->enc->keybytes;
     keylength = out_enctype->enc->keylength;
 
     retval = prf_plus(context, k1, pepper1, keybytes, &prf1);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     retval = prf_plus(context, k2, pepper2, keybytes, &prf2);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     for (i = 0; i < keybytes; i++)
-	prf1[i] ^= prf2[i];
+        prf1[i] ^= prf2[i];
     retval = krb5int_c_init_keyblock(context, out_enctype_num, keylength,
-				     &out_key);
+                                     &out_key);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     keydata.data = prf1;
     keydata.length = keybytes;
     retval = (*out_enctype->enc->make_key)(&keydata, out_key);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     *out = out_key;
     out_key = NULL;
diff --git a/src/lib/crypto/krb/checksum_length.c b/src/lib/crypto/krb/checksum_length.c
index bc1c9d3..50e562c 100644
--- a/src/lib/crypto/krb/checksum_length.c
+++ b/src/lib/crypto/krb/checksum_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,24 +30,24 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
-		       size_t *length)
+                       size_t *length)
 {
     unsigned int i;
 
     for (i=0; i<krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == cksumtype)
+            break;
     }
 
     if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (krb5int_cksumtypes_list[i].keyhash)
-	*length = krb5int_cksumtypes_list[i].keyhash->hashsize;
+        *length = krb5int_cksumtypes_list[i].keyhash->hashsize;
     else if (krb5int_cksumtypes_list[i].trunc_size)
-	*length = krb5int_cksumtypes_list[i].trunc_size;
+        *length = krb5int_cksumtypes_list[i].trunc_size;
     else
-	*length = krb5int_cksumtypes_list[i].hash->hashsize;
+        *length = krb5int_cksumtypes_list[i].hash->hashsize;
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/cksumtype_to_string.c b/src/lib/crypto/krb/cksumtype_to_string.c
index d5bb702..206c2e1 100644
--- a/src/lib/crypto/krb/cksumtype_to_string.c
+++ b/src/lib/crypto/krb/cksumtype_to_string.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,12 +34,12 @@ krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
     unsigned int i;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype) {
-	    if (strlcpy(buffer, krb5int_cksumtypes_list[i].out_string,
-			buflen) >= buflen)
-		return ENOMEM;
-	    return 0;
-	}
+        if (krb5int_cksumtypes_list[i].ctype == cksumtype) {
+            if (strlcpy(buffer, krb5int_cksumtypes_list[i].out_string,
+                        buflen) >= buflen)
+                return ENOMEM;
+            return 0;
+        }
     }
 
     return EINVAL;
diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c
index 2c1924d..801b453 100644
--- a/src/lib/crypto/krb/cksumtypes.c
+++ b/src/lib/crypto/krb/cksumtypes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/krb/cksumtypes.h b/src/lib/crypto/krb/cksumtypes.h
index f3e1f57..53f58fd 100644
--- a/src/lib/crypto/krb/cksumtypes.h
+++ b/src/lib/crypto/krb/cksumtypes.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -60,8 +61,8 @@ struct krb5_cksumtypes {
     unsigned int trunc_size;
 };
 
-#define KRB5_CKSUMFLAG_DERIVE		0x0001
-#define KRB5_CKSUMFLAG_NOT_COLL_PROOF	0x0002
+#define KRB5_CKSUMFLAG_DERIVE           0x0001
+#define KRB5_CKSUMFLAG_NOT_COLL_PROOF   0x0002
 
 extern const struct krb5_cksumtypes krb5int_cksumtypes_list[];
 extern const unsigned int krb5int_cksumtypes_length;
diff --git a/src/lib/crypto/krb/coll_proof_cksum.c b/src/lib/crypto/krb/coll_proof_cksum.c
index a6226ba..a2cfdb7 100644
--- a/src/lib/crypto/krb/coll_proof_cksum.c
+++ b/src/lib/crypto/krb/coll_proof_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,9 +34,9 @@ krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
     unsigned int i;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == ctype)
-	    return((krb5int_cksumtypes_list[i].flags &
-		    KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
+        if (krb5int_cksumtypes_list[i].ctype == ctype)
+            return((krb5int_cksumtypes_list[i].flags &
+                    KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
     }
 
     /* ick, but it's better than coredumping, which is what the
diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c
index 3aa24da..73247d4 100644
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2002 Naval Research Laboratory (NRL/CCS)
  *
@@ -32,7 +33,7 @@
  * R2 = DR(Key2, n-fold(Key1)) [ Output is length of Key2 ]
  *
  * rnd = n-fold(R1 | R2) [ Note: output size of nfold must be appropriately
- *			   sized for random-to-key function ]
+ *                         sized for random-to-key function ]
  * tkey = random-to-key(rnd)
  * Combine-Key(Key1, Key2) = DK(tkey, CombineConstant)
  *
@@ -47,8 +48,8 @@
 #include "dk.h"
 
 static krb5_error_code dr(const struct krb5_enc_provider *enc,
-			  const krb5_keyblock *inkey, unsigned char *outdata,
-			  const krb5_data *in_constant);
+                          const krb5_keyblock *inkey, unsigned char *outdata,
+                          const krb5_data *in_constant);
 
 /*
  * We only support this combine_keys algorithm for des and 3des keys.
@@ -64,15 +65,15 @@ enctype_ok(krb5_enctype e)
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES3_CBC_SHA1:
-	return TRUE;
+        return TRUE;
     default:
-	return FALSE;
+        return FALSE;
     }
 }
 
 krb5_error_code
 krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
-		       krb5_keyblock *key2, krb5_keyblock *outkey)
+                       krb5_keyblock *key2, krb5_keyblock *outkey)
 {
     unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL;
     unsigned char *output = NULL;
@@ -86,15 +87,15 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     krb5_boolean myalloc = FALSE;
 
     if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype))
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     if (key1->length != key2->length || key1->enctype != key2->enctype)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     /* Find our encryption algorithm. */
     ktp = find_enctype(key1->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     keybytes = enc->keybytes;
@@ -103,19 +104,19 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     /* Allocate and set up buffers. */
     r1 = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     r2 = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     rnd = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     combined = k5alloc(keybytes * 2, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     output = k5alloc(keylength, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Get R1 and R2 (by running the input keys through the DR algorithm.
@@ -126,13 +127,13 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     input.data = (char *) key2->contents;
     ret = dr(enc, key1, r1, &input);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     input.length = key1->length;
     input.data = (char *) key1->contents;
     ret = dr(enc, key2, r2, &input);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Concatenate the two keys together, and then run them through
@@ -158,11 +159,11 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
 
     ret = (*enc->make_key)(&randbits, &tkeyblock);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &tkeyblock, &tkey);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Run through derive-key one more time to produce the final key.
@@ -182,21 +183,21 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
      */
 
     if (outkey->length == 0 || outkey->contents == NULL) {
-	outkey->contents = k5alloc(keylength, &ret);
-	if (ret)
-	    goto cleanup;
-	outkey->length = keylength;
-	outkey->enctype = key1->enctype;
-	myalloc = TRUE;
+        outkey->contents = k5alloc(keylength, &ret);
+        if (ret)
+            goto cleanup;
+        outkey->length = keylength;
+        outkey->enctype = key1->enctype;
+        myalloc = TRUE;
     }
 
     ret = krb5int_derive_keyblock(enc, tkey, outkey, &input);
     if (ret) {
-	if (myalloc) {
-	    free(outkey->contents);
-	    outkey->contents = NULL;
-	}
-	goto cleanup;
+        if (myalloc) {
+            free(outkey->contents);
+            outkey->contents = NULL;
+        }
+        goto cleanup;
     }
 
 cleanup:
@@ -229,13 +230,13 @@ dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
     /* Allocate and set up buffers. */
     inblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     outblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     ret = krb5_k_create_key(NULL, inkey, &key);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     inblock.data = (char *) inblockdata;
     inblock.length = blocksize;
@@ -246,28 +247,28 @@ dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
     /* initialize the input block */
 
     if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
+        memcpy(inblock.data, in_constant->data, inblock.length);
     } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
+        krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+                      inblock.length*8, (unsigned char *) inblock.data);
     }
 
     /* loop encrypting the blocks until enough key bytes are generated */
 
     n = 0;
     while (n < keybytes) {
-	ret = (*enc->encrypt)(key, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
-
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(out + n, outblock.data, (keybytes - n));
-	    break;
-	}
-
-	memcpy(out + n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
+        ret = (*enc->encrypt)(key, 0, &inblock, &outblock);
+        if (ret)
+            goto cleanup;
+
+        if ((keybytes - n) <= outblock.length) {
+            memcpy(out + n, outblock.data, (keybytes - n));
+            break;
+        }
+
+        memcpy(out + n, outblock.data, outblock.length);
+        memcpy(inblock.data, outblock.data, outblock.length);
+        n += outblock.length;
     }
 
 cleanup:
diff --git a/src/lib/crypto/krb/crc32/crc-32.h b/src/lib/crypto/krb/crc32/crc-32.h
index 5c8c5bc..95001f5 100644
--- a/src/lib/crypto/krb/crc32/crc-32.h
+++ b/src/lib/crypto/krb/crc32/crc-32.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * include/krb5/crc-32.h
  *
@@ -57,15 +58,15 @@
 #ifndef KRB5_CRC32__
 #define KRB5_CRC32__
 
-#define CRC32_CKSUM_LENGTH	4
+#define CRC32_CKSUM_LENGTH      4
 
 void
 mit_crc32 (krb5_pointer in, size_t in_length, unsigned long *c);
 
 #ifdef CRC32_SHIFT4
 void mit_crc32_shift4(krb5_pointer /* in */,
-		      size_t /* in_length */,
-		      unsigned long * /* cksum */);
+                      size_t /* in_length */,
+                      unsigned long * /* cksum */);
 #endif
 
 #endif /* KRB5_CRC32__ */
diff --git a/src/lib/crypto/krb/crc32/crc32.c b/src/lib/crypto/krb/crc32/crc32.c
index ee7e53f..4909798 100644
--- a/src/lib/crypto/krb/crc32/crc32.c
+++ b/src/lib/crypto/krb/crc32/crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crc32/crc.c
  *
@@ -144,7 +145,7 @@ static u_long const crc_table[256] = {
     0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
     0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
     0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-    };
+};
 
 void
 mit_crc32(krb5_pointer in, size_t in_length, unsigned long *cksum)
@@ -156,10 +157,10 @@ mit_crc32(krb5_pointer in, size_t in_length, unsigned long *cksum)
 
     data = (u_char *)in;
     for (i = 0; i < in_length; i++) {
-	idx = (int) (data[i] ^ c);
-	idx &= 0xff;
-	c >>= 8;
-	c ^= crc_table[idx];
+        idx = (int) (data[i] ^ c);
+        idx &= 0xff;
+        c >>= 8;
+        c ^= crc_table[idx];
     }
 
     *cksum = c;
@@ -182,10 +183,10 @@ mit_crc32_shift4(krb5_pointer in, size_t in_length, unsigned long *cksum)
 
     data = (u_char *)in;
     for (i = 0; i < in_length; i++) {
-	b = data[i];
-	c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
-	b >>= 4;
-	c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
+        b = data[i];
+        c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
+        b >>= 4;
+        c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
     }
     *cksum = c;
 }
diff --git a/src/lib/crypto/krb/crypto_length.c b/src/lib/crypto/krb/crypto_length.c
index 00de30c..3f5ef38 100644
--- a/src/lib/crypto/krb/crypto_length.c
+++ b/src/lib/crypto/krb/crypto_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crypto_length.c
  *
@@ -30,35 +31,35 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
-		     krb5_cryptotype type, unsigned int *size)
+                     krb5_cryptotype type, unsigned int *size)
 {
     const struct krb5_keytypes *ktp;
     krb5_error_code ret;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     switch (type) {
     case KRB5_CRYPTO_TYPE_EMPTY:
     case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	*size = 0;
-	ret = 0;
-	break;
+        *size = 0;
+        ret = 0;
+        break;
     case KRB5_CRYPTO_TYPE_DATA:
-	*size = (size_t)~0; /* match Heimdal */
-	ret = 0;
-	break;
+        *size = (size_t)~0; /* match Heimdal */
+        ret = 0;
+        break;
     case KRB5_CRYPTO_TYPE_HEADER:
     case KRB5_CRYPTO_TYPE_PADDING:
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
-					  type, size);
-	break;
+        ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+                                          type, size);
+        break;
     default:
-	ret = EINVAL;
-	break;
+        ret = EINVAL;
+        break;
     }
 
     return ret;
@@ -66,21 +67,21 @@ krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
-		      size_t data_length, unsigned int *pad_length)
+                      size_t data_length, unsigned int *pad_length)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
-				    data_length, pad_length);
+                                    data_length, pad_length);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
-			 krb5_crypto_iov *data, size_t num_data)
+                         krb5_crypto_iov *data, size_t num_data)
 {
     krb5_error_code ret = 0;
     size_t i;
@@ -95,50 +96,50 @@ krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
 
     ktp = find_enctype(enctype);
     if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
-
-	switch (iov->flags) {
-	case KRB5_CRYPTO_TYPE_DATA:
-	    data_length += iov->data.length;
-	    break;
-	case KRB5_CRYPTO_TYPE_PADDING:
-	    if (padding != NULL)
-		return EINVAL;
-
-	    padding = iov;
-	    break;
-	case KRB5_CRYPTO_TYPE_HEADER:
-	case KRB5_CRYPTO_TYPE_TRAILER:
-	case KRB5_CRYPTO_TYPE_CHECKSUM:
-	    ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
-					      iov->flags, &iov->data.length);
-	    break;
-	case KRB5_CRYPTO_TYPE_EMPTY:
-	case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	default:
-	    break;
-	}
-
-	if (ret != 0)
-	    break;
+        krb5_crypto_iov *iov = &data[i];
+
+        switch (iov->flags) {
+        case KRB5_CRYPTO_TYPE_DATA:
+            data_length += iov->data.length;
+            break;
+        case KRB5_CRYPTO_TYPE_PADDING:
+            if (padding != NULL)
+                return EINVAL;
+
+            padding = iov;
+            break;
+        case KRB5_CRYPTO_TYPE_HEADER:
+        case KRB5_CRYPTO_TYPE_TRAILER:
+        case KRB5_CRYPTO_TYPE_CHECKSUM:
+            ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
+                                              iov->flags, &iov->data.length);
+            break;
+        case KRB5_CRYPTO_TYPE_EMPTY:
+        case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+        default:
+            break;
+        }
+
+        if (ret != 0)
+            break;
     }
 
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
-				   data_length, &pad_length);
+                                   data_length, &pad_length);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (pad_length != 0 && padding == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if (padding != NULL)
-	padding->data.length = pad_length;
+        padding->data.length = pad_length;
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c
index 91bf8ac..a69db38 100644
--- a/src/lib/crypto/krb/crypto_libinit.c
+++ b/src/lib/crypto/krb/crypto_libinit.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <assert.h>
 #include "k5-int.h"
 
@@ -28,6 +29,6 @@ int krb5int_crypto_init(void)
 void cryptoint_cleanup_library (void)
 {
     if (!INITIALIZER_RAN(cryptoint_initialize_library))
-	return;
+        return;
     krb5int_prng_cleanup ();
 }
diff --git a/src/lib/crypto/krb/decrypt.c b/src/lib/crypto/krb/decrypt.c
index 9ad68ad..7821518 100644
--- a/src/lib/crypto/krb/decrypt.c
+++ b/src/lib/crypto/krb/decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,41 +31,41 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_decrypt(krb5_context context, krb5_key key,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_enc_data *input, krb5_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_enc_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (ktp->decrypt == NULL) {
-	assert(ktp->aead != NULL);
+        assert(ktp->aead != NULL);
 
-	return krb5int_c_decrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     key, usage, ivec,
-					     &input->ciphertext, output);
+        return krb5int_c_decrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
+                                             key, usage, ivec,
+                                             &input->ciphertext, output);
     }
 
     return (*ktp->decrypt)(ktp->enc, ktp->hash, key, usage, ivec,
-			   &input->ciphertext, output);
+                           &input->ciphertext, output);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_decrypt(krb5_context context, const krb5_keyblock *keyblock,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_enc_data *input, krb5_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_enc_data *input, krb5_data *output)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_decrypt(context, key, usage, ivec, input, output);
     krb5_k_free_key(context, key);
     return ret;
diff --git a/src/lib/crypto/krb/decrypt_iov.c b/src/lib/crypto/krb/decrypt_iov.c
index 1813af9..7a37d3e 100644
--- a/src/lib/crypto/krb/decrypt_iov.c
+++ b/src/lib/crypto/krb/decrypt_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/encrypt_iov.c
  *
@@ -30,45 +31,45 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_decrypt_iov(krb5_context context,
-		   krb5_key key,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+                   krb5_key key,
+                   krb5_keyusage usage,
+                   const krb5_data *cipher_state,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (krb5int_c_locate_iov(data, num_data,
-			     KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash,
-					    key, usage, cipher_state, data,
-					    num_data);
+                             KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+        return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash,
+                                            key, usage, cipher_state, data,
+                                            num_data);
     }
 
     return (*ktp->aead->decrypt_iov)(ktp->aead, ktp->enc, ktp->hash, key,
-				     usage, cipher_state, data, num_data);
+                                     usage, cipher_state, data, num_data);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_decrypt_iov(krb5_context context,
-		   const krb5_keyblock *keyblock,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+                   const krb5_keyblock *keyblock,
+                   krb5_keyusage usage,
+                   const krb5_data *cipher_state,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_decrypt_iov(context, key, usage, cipher_state, data,
-			     num_data);
+                             num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c
index 9995b27..d44b31f 100644
--- a/src/lib/crypto/krb/default_state.c
+++ b/src/lib/crypto/krb/default_state.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2001 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -34,27 +35,27 @@
 krb5_error_code krb5int_des_init_state
 (const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state )
 {
-  new_state->length = 8;
-  new_state->data = (void *) malloc(8);
-  if (new_state->data) {
-    memset (new_state->data, 0, new_state->length);
-    /* We need to copy in the key for des-cbc-cr--ick, but that's how it works*/
-    if (key->enctype == ENCTYPE_DES_CBC_CRC) {
-      memcpy (new_state->data, key->contents, new_state->length);
-  }
-  } else {
-    return ENOMEM;
-  }
-  return 0;
+    new_state->length = 8;
+    new_state->data = (void *) malloc(8);
+    if (new_state->data) {
+        memset (new_state->data, 0, new_state->length);
+        /* We need to copy in the key for des-cbc-cr--ick, but that's how it works*/
+        if (key->enctype == ENCTYPE_DES_CBC_CRC) {
+            memcpy (new_state->data, key->contents, new_state->length);
+        }
+    } else {
+        return ENOMEM;
+    }
+    return 0;
 }
 
 krb5_error_code krb5int_default_free_state
 (krb5_data *state)
 {
-  if (state->data) {
-    free (state->data);
-    state-> data = NULL;
-    state->length = 0;
-  }
-  return 0;
+    if (state->data) {
+        free (state->data);
+        state-> data = NULL;
+        state->length = 0;
+    }
+    return 0;
 }
diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c
index 538060d..106bf15 100644
--- a/src/lib/crypto/krb/dk/checksum.c
+++ b/src/lib/crypto/krb/dk/checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,8 +34,8 @@
 
 krb5_error_code
 krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
-		      krb5_key key, krb5_keyusage usage,
-		      const krb5_data *input, krb5_data *output)
+                         krb5_key key, krb5_keyusage usage,
+                         const krb5_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
@@ -45,7 +46,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     /*
@@ -64,7 +65,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
 
     ret = krb5int_derive_key(enc, key, &kc, &datain);
     if (ret)
-	return ret;
+        return ret;
 
     /* hash the data */
 
@@ -72,7 +73,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
 
     ret = krb5int_hmac(hash, kc, 1, &datain, output);
     if (ret)
-	memset(output->data, 0, output->length);
+        memset(output->data, 0, output->length);
 
     krb5_k_free_key(NULL, kc);
     return ret;
@@ -80,9 +81,9 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
 
 krb5_error_code
 krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
-		          krb5_key key, krb5_keyusage usage,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  krb5_data *output)
+                             krb5_key key, krb5_keyusage usage,
+                             const krb5_crypto_iov *data, size_t num_data,
+                             krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
@@ -93,7 +94,7 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     /*
@@ -112,13 +113,13 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
 
     ret = krb5int_derive_key(enc, key, &kc, &datain);
     if (ret)
-	return ret;
+        return ret;
 
     /* Hash the data. */
 
     ret = krb5int_hmac_iov(hash, kc, data, num_data, output);
     if (ret)
-	memset(output->data, 0, output->length);
+        memset(output->data, 0, output->length);
 
     krb5_k_free_key(NULL, kc);
     return ret;
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index 5019975..c963c39 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,17 +32,17 @@ static krb5_key
 find_cached_dkey(struct derived_key *list, const krb5_data *constant)
 {
     for (; list; list = list->next) {
-	if (data_eq(list->constant, *constant)) {
-	    krb5_k_reference_key(NULL, list->dkey);
-	    return list->dkey;
-	}
+        if (data_eq(list->constant, *constant)) {
+            krb5_k_reference_key(NULL, list->dkey);
+            return list->dkey;
+        }
     }
     return NULL;
 }
 
 static krb5_error_code
 add_cached_dkey(krb5_key key, const krb5_data *constant,
-		const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
+                const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
 {
     krb5_key dkey;
     krb5_error_code ret;
@@ -51,13 +52,13 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
     /* Allocate fields for the new entry. */
     dkent = malloc(sizeof(*dkent));
     if (dkent == NULL)
-	goto cleanup;
+        goto cleanup;
     data = malloc(constant->length);
     if (data == NULL)
-	goto cleanup;
+        goto cleanup;
     ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Add the new entry to the list. */
     memcpy(data, constant->data, constant->length);
@@ -86,8 +87,8 @@ cleanup:
  */
 krb5_error_code
 krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
-		     krb5_key inkey, krb5_keyblock *outkey,
-		     const krb5_data *in_constant)
+                        krb5_key inkey, krb5_keyblock *outkey,
+                        const krb5_data *in_constant)
 {
     size_t blocksize, keybytes, n;
     unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
@@ -98,19 +99,19 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
     keybytes = enc->keybytes;
 
     if (inkey->keyblock.length != enc->keylength ||
-	outkey->length != enc->keylength)
-	return KRB5_CRYPTO_INTERNAL;
+        outkey->length != enc->keylength)
+        return KRB5_CRYPTO_INTERNAL;
 
     /* Allocate and set up buffers. */
     inblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     outblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     rawkey = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     inblock.data = (char *) inblockdata;
     inblock.length = blocksize;
@@ -121,28 +122,28 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
     /* Initialize the input block. */
 
     if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
+        memcpy(inblock.data, in_constant->data, inblock.length);
     } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
+        krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+                      inblock.length*8, (unsigned char *) inblock.data);
     }
 
     /* Loop encrypting the blocks until enough key bytes are generated */
 
     n = 0;
     while (n < keybytes) {
-	ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
-
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(rawkey + n, outblock.data, (keybytes - n));
-	    break;
-	}
-
-	memcpy(rawkey+n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
+        ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+        if (ret)
+            goto cleanup;
+
+        if ((keybytes - n) <= outblock.length) {
+            memcpy(rawkey + n, outblock.data, (keybytes - n));
+            break;
+        }
+
+        memcpy(rawkey+n, outblock.data, outblock.length);
+        memcpy(inblock.data, outblock.data, outblock.length);
+        n += outblock.length;
     }
 
     /* postprocess the key */
@@ -152,7 +153,7 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
 
     ret = (*enc->make_key)(&inblock, outkey);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     zapfree(inblockdata, blocksize);
@@ -163,8 +164,8 @@ cleanup:
 
 krb5_error_code
 krb5int_derive_key(const struct krb5_enc_provider *enc,
-		krb5_key inkey, krb5_key *outkey,
-		const krb5_data *in_constant)
+                   krb5_key inkey, krb5_key *outkey,
+                   const krb5_data *in_constant)
 {
     krb5_keyblock keyblock;
     krb5_error_code ret;
@@ -175,23 +176,23 @@ krb5int_derive_key(const struct krb5_enc_provider *enc,
     /* Check for a cached result. */
     dkey = find_cached_dkey(inkey->derived, in_constant);
     if (dkey != NULL) {
-	*outkey = dkey;
-	return 0;
+        *outkey = dkey;
+        return 0;
     }
 
     /* Derive into a temporary keyblock. */
     keyblock.length = enc->keylength;
     keyblock.contents = malloc(keyblock.length);
     if (keyblock.contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
     ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /* Cache the derived key. */
     ret = add_cached_dkey(inkey, in_constant, &keyblock, &dkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     *outkey = dkey;
 
@@ -202,8 +203,8 @@ cleanup:
 
 krb5_error_code
 krb5int_derive_random(const struct krb5_enc_provider *enc,
-		   krb5_key inkey, krb5_data *outrnd,
-		   const krb5_data *in_constant)
+                      krb5_key inkey, krb5_data *outrnd,
+                      const krb5_data *in_constant)
 {
     size_t blocksize, keybytes, n;
     unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
@@ -214,19 +215,19 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
     keybytes = enc->keybytes;
 
     if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     /* Allocate and set up buffers. */
 
     inblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     outblockdata = k5alloc(blocksize, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     rawkey = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     inblock.data = (char *) inblockdata;
     inblock.length = blocksize;
@@ -236,27 +237,27 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
 
     /* Initialize the input block. */
     if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
+        memcpy(inblock.data, in_constant->data, inblock.length);
     } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
+        krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+                      inblock.length*8, (unsigned char *) inblock.data);
     }
 
     /* Loop encrypting the blocks until enough key bytes are generated. */
     n = 0;
     while (n < keybytes) {
-	ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
-
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(rawkey + n, outblock.data, (keybytes - n));
-	    break;
-	}
-
-	memcpy(rawkey+n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
+        ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+        if (ret)
+            goto cleanup;
+
+        if ((keybytes - n) <= outblock.length) {
+            memcpy(rawkey + n, outblock.data, (keybytes - n));
+            break;
+        }
+
+        memcpy(rawkey+n, outblock.data, outblock.length);
+        memcpy(inblock.data, outblock.data, outblock.length);
+        n += outblock.length;
     }
 
     /* Postprocess the key. */
diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h
index 76937da..1ac3fbe 100644
--- a/src/lib/crypto/krb/dk/dk.h
+++ b/src/lib/crypto/krb/dk/dk.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -28,82 +29,82 @@
 
 void
 krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    size_t input, size_t *length);
+                          const struct krb5_hash_provider *hash,
+                          size_t input, size_t *length);
 
 krb5_error_code
 krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				krb5_key key, krb5_keyusage usage,
-				const krb5_data *ivec,
-				const krb5_data *input, krb5_data *output);
+                   const struct krb5_hash_provider *hash,
+                   krb5_key key, krb5_keyusage usage,
+                   const krb5_data *ivec,
+                   const krb5_data *input, krb5_data *output);
 
 void
 krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				size_t input, size_t *length);
+                           const struct krb5_hash_provider *hash,
+                           size_t input, size_t *length);
 
 krb5_error_code
 krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
-				       const struct krb5_hash_provider *hash,
-				       krb5_key key,
-				       krb5_keyusage usage,
-				       const krb5_data *ivec,
-				       const krb5_data *input,
-				       krb5_data *output);
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key,
+                       krb5_keyusage usage,
+                       const krb5_data *ivec,
+                       const krb5_data *input,
+                       krb5_data *output);
 
 krb5_error_code
 krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				krb5_key key, krb5_keyusage usage,
-				const krb5_data *ivec, const krb5_data *input,
-				krb5_data *arg_output);
+                   const struct krb5_hash_provider *hash,
+                   krb5_key key, krb5_keyusage usage,
+                   const krb5_data *ivec, const krb5_data *input,
+                   krb5_data *arg_output);
 
 krb5_error_code
 krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
-				       const struct krb5_hash_provider *hash,
-				       krb5_key key,
-				       krb5_keyusage usage,
-				       const krb5_data *ivec,
-				       const krb5_data *input,
-				       krb5_data *arg_output);
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key,
+                       krb5_keyusage usage,
+                       const krb5_data *ivec,
+                       const krb5_data *input,
+                       krb5_data *arg_output);
 
 krb5_error_code
 krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
-					 const krb5_data *string,
-					 const krb5_data *salt,
-					 const krb5_data *params,
-					 krb5_keyblock *key);
+                         const krb5_data *string,
+                         const krb5_data *salt,
+                         const krb5_data *params,
+                         krb5_keyblock *key);
 
 krb5_error_code
 krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
-				     krb5_key inkey,
-				     krb5_keyblock *outkey,
-				     const krb5_data *in_constant);
+                        krb5_key inkey,
+                        krb5_keyblock *outkey,
+                        const krb5_data *in_constant);
 
 krb5_error_code
 krb5int_derive_key(const struct krb5_enc_provider *enc,
-				krb5_key inkey,
-				krb5_key *outkey,
-				const krb5_data *in_constant);
+                   krb5_key inkey,
+                   krb5_key *outkey,
+                   const krb5_data *in_constant);
 
 krb5_error_code
 krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
-				      krb5_key key,
-				      krb5_keyusage usage,
-				      const krb5_data *input,
-				      krb5_data *output);
+                         krb5_key key,
+                         krb5_keyusage usage,
+                         const krb5_data *input,
+                         krb5_data *output);
 
 krb5_error_code
 krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
-			     krb5_key key, krb5_keyusage usage,
-			     const krb5_crypto_iov *data, size_t num_data,
-			     krb5_data *output);
+                             krb5_key key, krb5_keyusage usage,
+                             const krb5_crypto_iov *data, size_t num_data,
+                             krb5_data *output);
 
 krb5_error_code
 krb5int_derive_random(const struct krb5_enc_provider *enc,
-		   krb5_key inkey, krb5_data *outrnd,
-		   const krb5_data *in_constant);
+                      krb5_key inkey, krb5_data *outrnd,
+                      const krb5_data *in_constant);
 
 /* AEAD */
 
diff --git a/src/lib/crypto/krb/dk/dk_aead.c b/src/lib/crypto/krb/dk/dk_aead.c
index e35ca55..1e13fbc 100644
--- a/src/lib/crypto/krb/dk/dk_aead.c
+++ b/src/lib/crypto/krb/dk/dk_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/dk/dk_aead.c
  *
@@ -35,23 +36,23 @@
 
 static krb5_error_code
 krb5int_dk_crypto_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 krb5_cryptotype type,
-			 unsigned int *length)
+                         const struct krb5_enc_provider *enc,
+                         const struct krb5_hash_provider *hash,
+                         krb5_cryptotype type,
+                         unsigned int *length)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_HEADER:
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = enc->block_size;
-	break;
+        *length = enc->block_size;
+        break;
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = hash->hashsize;
-	break;
+        *length = hash->hashsize;
+        break;
     default:
-	assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
-	break;
+        assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
+        break;
     }
 
     return 0;
@@ -59,13 +60,13 @@ krb5int_dk_crypto_length(const struct krb5_aead_provider *aead,
 
 static krb5_error_code
 krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
-		       const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key,
-		       krb5_keyusage usage,
-		       const krb5_data *ivec,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+                       const struct krb5_enc_provider *enc,
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key,
+                       krb5_keyusage usage,
+                       const krb5_data *ivec,
+                       krb5_crypto_iov *data,
+                       size_t num_data)
 {
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
@@ -82,50 +83,50 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
     /* E(Confounder | Plaintext | Pad) | Checksum */
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-			      &blocksize);
+                              &blocksize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			      &hmacsize);
+                              &hmacsize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
-	    plainlen += iov->data.length;
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
     }
 
     /* Validate header and trailer lengths. */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL || header->data.length < enc->block_size)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer == NULL || trailer->data.length < hmacsize)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (blocksize != 0) {
-	/* Check that the input data is correctly padded. */
-	if (plainlen % blocksize)
-	    padsize = blocksize - (plainlen % blocksize);
+        /* Check that the input data is correctly padded. */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
     }
 
     padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
     if (padsize && (padding == NULL || padding->data.length < padsize))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (padding != NULL) {
-	memset(padding->data.data, 0, padsize);
-	padding->data.length = padsize;
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
     }
 
     cksum = k5alloc(hash->hashsize, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Derive the keys. */
 
@@ -138,13 +139,13 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Generate confounder. */
 
@@ -152,7 +153,7 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Hash the plaintext. */
     d2.length = hash->hashsize;
@@ -160,14 +161,14 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_hmac_iov(hash, ki, data, num_data, &d2);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Encrypt the plaintext (header | data | padding) */
     assert(enc->encrypt_iov != NULL);
 
     ret = (*enc->encrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Possibly truncate the hash */
     assert(hmacsize <= d2.length);
@@ -184,13 +185,13 @@ cleanup:
 
 static krb5_error_code
 krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
-		       const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key,
-		       krb5_keyusage usage,
-		       const krb5_data *ivec,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+                       const struct krb5_enc_provider *enc,
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key,
+                       krb5_keyusage usage,
+                       const krb5_data *ivec,
+                       krb5_crypto_iov *data,
+                       size_t num_data)
 {
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
@@ -204,53 +205,53 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
     unsigned char *cksum = NULL;
 
     if (krb5int_c_locate_iov(data, num_data,
-			     KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-					    usage, ivec, data, num_data);
+                             KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+        return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
+                                            usage, ivec, data, num_data);
     }
 
     /* E(Confounder | Plaintext | Pad) | Checksum */
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-			      &blocksize);
+                              &blocksize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			      &hmacsize);
+                              &hmacsize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    cipherlen += iov->data.length;
+        if (ENCRYPT_DATA_IOV(iov))
+            cipherlen += iov->data.length;
     }
 
     if (blocksize == 0) {
-	/* Check for correct input length in CTS mode */
-	if (enc->block_size != 0 && cipherlen < enc->block_size)
-	    return KRB5_BAD_MSIZE;
+        /* Check for correct input length in CTS mode */
+        if (enc->block_size != 0 && cipherlen < enc->block_size)
+            return KRB5_BAD_MSIZE;
     } else {
-	/* Check that the input data is correctly padded */
-	if ((cipherlen % blocksize) != 0)
-	    return KRB5_BAD_MSIZE;
+        /* Check that the input data is correctly padded */
+        if ((cipherlen % blocksize) != 0)
+            return KRB5_BAD_MSIZE;
     }
 
     /* Validate header and trailer lengths */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL || header->data.length != enc->block_size)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer == NULL || trailer->data.length != hmacsize)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     cksum = k5alloc(hash->hashsize, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Derive the keys. */
 
@@ -263,20 +264,20 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Decrypt the plaintext (header | data | padding). */
     assert(enc->decrypt_iov != NULL);
 
     ret = (*enc->decrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Verify the hash. */
     d1.length = hash->hashsize; /* non-truncated length */
@@ -284,12 +285,12 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_hmac_iov(hash, ki, data, num_data, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Compare only the possibly truncated length. */
     if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
 
 cleanup:
@@ -307,25 +308,25 @@ const struct krb5_aead_provider krb5int_aead_dk = {
 
 static krb5_error_code
 krb5int_aes_crypto_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 krb5_cryptotype type,
-			 unsigned int *length)
+                          const struct krb5_enc_provider *enc,
+                          const struct krb5_hash_provider *hash,
+                          krb5_cryptotype type,
+                          unsigned int *length)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_HEADER:
-	*length = enc->block_size;
-	break;
+        *length = enc->block_size;
+        break;
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = 0;
-	break;
+        *length = 0;
+        break;
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = 96 / 8;
-	break;
+        *length = 96 / 8;
+        break;
     default:
-	assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
-	break;
+        assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
+        break;
     }
 
     return 0;
diff --git a/src/lib/crypto/krb/dk/dk_decrypt.c b/src/lib/crypto/krb/dk/dk_decrypt.c
index b080d5f..4ef7e47 100644
--- a/src/lib/crypto/krb/dk/dk_decrypt.c
+++ b/src/lib/crypto/krb/dk/dk_decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,44 +32,44 @@
 
 static krb5_error_code
 krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
-				 const struct krb5_hash_provider *hash,
-				 krb5_key key,
-				 krb5_keyusage usage,
-				 const krb5_data *ivec,
-				 const krb5_data *input,
-				 krb5_data *output,
-				 size_t hmacsize,
-				 int ivec_mode);
+                                 const struct krb5_hash_provider *hash,
+                                 krb5_key key,
+                                 krb5_keyusage usage,
+                                 const krb5_data *ivec,
+                                 const krb5_data *input,
+                                 krb5_data *output,
+                                 size_t hmacsize,
+                                 int ivec_mode);
 
 krb5_error_code
 krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output)
+                   const struct krb5_hash_provider *hash,
+                   krb5_key key, krb5_keyusage usage,
+                   const krb5_data *ivec, const krb5_data *input,
+                   krb5_data *output)
 {
     return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 0, 0);
+                                            ivec, input, output, 0, 0);
 }
 
 krb5_error_code
 krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key, krb5_keyusage usage,
-		       const krb5_data *ivec, const krb5_data *input,
-		       krb5_data *output)
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key, krb5_keyusage usage,
+                       const krb5_data *ivec, const krb5_data *input,
+                       krb5_data *output)
 {
     return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 96 / 8, 1);
+                                            ivec, input, output, 96 / 8, 1);
 }
 
 static krb5_error_code
 krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
-				 const struct krb5_hash_provider *hash,
-				 krb5_key key, krb5_keyusage usage,
-				 const krb5_data *ivec, const krb5_data *input,
-				 krb5_data *output, size_t hmacsize,
-				 int ivec_mode)
+                                 const struct krb5_hash_provider *hash,
+                                 krb5_key key, krb5_keyusage usage,
+                                 const krb5_data *ivec, const krb5_data *input,
+                                 krb5_data *output, size_t hmacsize,
+                                 int ivec_mode)
 {
     krb5_error_code ret;
     size_t hashsize, blocksize, enclen, plainlen;
@@ -81,19 +82,19 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
     blocksize = enc->block_size;
 
     if (hmacsize == 0)
-	hmacsize = hashsize;
+        hmacsize = hashsize;
     else if (hmacsize > hashsize)
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
     enclen = input->length - hmacsize;
 
     /* Allocate and set up ciphertext and to-be-derived keys. */
     plaindata = k5alloc(enclen, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     cksum = k5alloc(hashsize, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Derive the keys. */
 
@@ -106,13 +107,13 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* decrypt the ciphertext */
 
@@ -124,18 +125,18 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
 
     ret = (*enc->decrypt)(ke, ivec, &d1, &d2);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (ivec != NULL && ivec->length == blocksize) {
-	if (ivec_mode == 0)
-	    cn = (unsigned char *) d1.data + d1.length - blocksize;
-	else if (ivec_mode == 1) {
-	    int nblocks = (d1.length + blocksize - 1) / blocksize;
-	    cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
-	} else
-	    abort();
+        if (ivec_mode == 0)
+            cn = (unsigned char *) d1.data + d1.length - blocksize;
+        else if (ivec_mode == 1) {
+            int nblocks = (d1.length + blocksize - 1) / blocksize;
+            cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
+        } else
+            abort();
     } else
-	cn = NULL;
+        cn = NULL;
 
     /* Verify the hash. */
 
@@ -144,11 +145,11 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
 
     ret = krb5int_hmac(hash, ki, 1, &d2, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
 
     /*
@@ -160,14 +161,14 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
     plainlen = enclen - blocksize;
 
     if (output->length < plainlen)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     output->length = plainlen;
 
     memcpy(output->data, d2.data+blocksize, output->length);
 
     if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
+        memcpy(ivec->data, cn, blocksize);
 
 cleanup:
     krb5_k_free_key(NULL, ke);
diff --git a/src/lib/crypto/krb/dk/dk_encrypt.c b/src/lib/crypto/krb/dk/dk_encrypt.c
index e84a092..29699d7 100644
--- a/src/lib/crypto/krb/dk/dk_encrypt.c
+++ b/src/lib/crypto/krb/dk/dk_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -40,8 +41,8 @@
 
 void
 krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       size_t inputlen, size_t *length)
+                          const struct krb5_hash_provider *hash,
+                          size_t inputlen, size_t *length)
 {
     size_t blocksize, hashsize;
 
@@ -52,10 +53,10 @@ krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
 
 krb5_error_code
 krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output)
+                   const struct krb5_hash_provider *hash,
+                   krb5_key key, krb5_keyusage usage,
+                   const krb5_data *ivec, const krb5_data *input,
+                   krb5_data *output)
 {
     size_t blocksize, plainlen, enclen;
     krb5_error_code ret;
@@ -73,13 +74,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
     /* key->length, ivec will be tested in enc->encrypt. */
 
     if (output->length < enclen)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     /* Allocate and set up plaintext and to-be-derived keys. */
 
     plaintext = malloc(plainlen);
     if (plaintext == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /* Derive the keys. */
 
@@ -92,13 +93,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Put together the plaintext. */
 
@@ -107,12 +108,12 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = krb5_c_random_make_octets(/* XXX */ 0, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     memcpy(plaintext + blocksize, input->data, input->length);
 
     memset(plaintext + blocksize + input->length, 0,
-	   plainlen - (blocksize + input->length));
+           plainlen - (blocksize + input->length));
 
     /* Encrypt the plaintext. */
 
@@ -124,12 +125,12 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (ivec != NULL && ivec->length == blocksize)
-	cn = d2.data + d2.length - blocksize;
+        cn = d2.data + d2.length - blocksize;
     else
-	cn = NULL;
+        cn = NULL;
 
     /* Hash the plaintext. */
 
@@ -140,13 +141,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = krb5int_hmac(hash, ki, 1, &d1, &d2);
     if (ret != 0) {
-	memset(d2.data, 0, d2.length);
-	goto cleanup;
+        memset(d2.data, 0, d2.length);
+        goto cleanup;
     }
 
     /* Update ivec. */
     if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
+        memcpy(ivec->data, cn, blocksize);
 
 cleanup:
     krb5_k_free_key(NULL, ke);
@@ -159,8 +160,8 @@ cleanup:
    with a 96-bit truncated HMAC".  */
 void
 krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
-			   const struct krb5_hash_provider *hash,
-			   size_t inputlen, size_t *length)
+                           const struct krb5_hash_provider *hash,
+                           size_t inputlen, size_t *length)
 {
     size_t blocksize, hashsize;
 
@@ -174,8 +175,8 @@ krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
 
 static krb5_error_code
 trunc_hmac (const struct krb5_hash_provider *hash,
-	    krb5_key ki, unsigned int num,
-	    const krb5_data *input, const krb5_data *output)
+            krb5_key ki, unsigned int num,
+            const krb5_data *input, const krb5_data *output)
 {
     size_t hashsize;
     krb5_data tmp;
@@ -183,14 +184,14 @@ trunc_hmac (const struct krb5_hash_provider *hash,
 
     hashsize = hash->hashsize;
     if (hashsize < output->length)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     tmp.length = hashsize;
     tmp.data = malloc(hashsize);
     if (tmp.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     ret = krb5int_hmac(hash, ki, num, input, &tmp);
     if (ret == 0)
-	memcpy(output->data, tmp.data, output->length);
+        memcpy(output->data, tmp.data, output->length);
     memset(tmp.data, 0, hashsize);
     free(tmp.data);
     return ret;
@@ -198,10 +199,10 @@ trunc_hmac (const struct krb5_hash_provider *hash,
 
 krb5_error_code
 krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key, krb5_keyusage usage,
-		       const krb5_data *ivec, const krb5_data *input,
-		       krb5_data *output)
+                       const struct krb5_hash_provider *hash,
+                       krb5_key key, krb5_keyusage usage,
+                       const krb5_data *ivec, const krb5_data *input,
+                       krb5_data *output)
 {
     size_t blocksize, keybytes, plainlen, enclen;
     krb5_error_code ret;
@@ -222,11 +223,11 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
     /* key->length, ivec will be tested in enc->encrypt */
 
     if (output->length < enclen)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     plaintext = malloc(plainlen);
     if (plaintext == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /* Derive the keys. */
 
@@ -239,13 +240,13 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* put together the plaintext */
 
@@ -254,13 +255,13 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = krb5_c_random_make_octets(NULL, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     memcpy(plaintext + blocksize, input->data, input->length);
 
     /* Ciphertext stealing; there should be no more.  */
     if (plainlen != blocksize + input->length)
-	abort();
+        abort();
 
     /* Encrypt the plaintext. */
 
@@ -272,32 +273,32 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
 
     ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (ivec != NULL && ivec->length == blocksize) {
-	int nblocks = (d2.length + blocksize - 1) / blocksize;
-	cn = d2.data + blocksize * (nblocks - 2);
+        int nblocks = (d2.length + blocksize - 1) / blocksize;
+        cn = d2.data + blocksize * (nblocks - 2);
     } else
-	cn = NULL;
+        cn = NULL;
 
     /* Hash the plaintext. */
 
     d2.length = enclen - plainlen;
     d2.data = output->data+plainlen;
     if (d2.length != 96 / 8)
-	abort();
+        abort();
 
     ret = trunc_hmac(hash, ki, 1, &d1, &d2);
     if (ret != 0) {
-	memset(d2.data, 0, d2.length);
-	goto cleanup;
+        memset(d2.data, 0, d2.length);
+        goto cleanup;
     }
 
     output->length = enclen;
 
     /* Update ivec. */
     if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
+        memcpy(ivec->data, cn, blocksize);
 
 cleanup:
     krb5_k_free_key(NULL, ke);
diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c
index 59404e4..ff436e6 100644
--- a/src/lib/crypto/krb/dk/stringtokey.c
+++ b/src/lib/crypto/krb/dk/stringtokey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,8 +32,8 @@ static const unsigned char kerberos[] = "kerberos";
 
 krb5_error_code
 krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
-			 const krb5_data *string, const krb5_data *salt,
-			 const krb5_data *parms, krb5_keyblock *keyblock)
+                         const krb5_data *string, const krb5_data *salt,
+                         const krb5_data *parms, krb5_keyblock *keyblock)
 {
     krb5_error_code ret;
     size_t keybytes, keylength, concatlen;
@@ -50,19 +51,19 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
 
     concat = k5alloc(concatlen, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     foldstring = k5alloc(keybytes, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     foldkeydata = k5alloc(keylength, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* construct input string ( = string + salt), fold it, make_key it */
 
     memcpy(concat, string->data, string->length);
     if (salt)
-	memcpy(concat + string->length, salt->data, salt->length);
+        memcpy(concat + string->length, salt->data, salt->length);
 
     krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
 
@@ -73,11 +74,11 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
 
     ret = (*enc->make_key)(&indata, &foldkeyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &foldkeyblock, &foldkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* now derive the key from this one */
 
@@ -86,7 +87,7 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
 
     ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata);
     if (ret != 0)
-	memset(keyblock->contents, 0, keyblock->length);
+        memset(keyblock->contents, 0, keyblock->length);
 
 cleanup:
     zapfree(concat, concatlen);
diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c
index ee9e0e2..07d8871 100644
--- a/src/lib/crypto/krb/encrypt.c
+++ b/src/lib/crypto/krb/encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,42 +31,42 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_encrypt(krb5_context context, krb5_key key,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_enc_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_data *input, krb5_enc_data *output)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     output->magic = KV5M_ENC_DATA;
     output->kvno = 0;
     output->enctype = key->keyblock.enctype;
 
     if (ktp->encrypt == NULL) {
-	assert(ktp->aead != NULL);
+        assert(ktp->aead != NULL);
 
-	return krb5int_c_encrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     key, usage, ivec, input,
-					     &output->ciphertext);
+        return krb5int_c_encrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
+                                             key, usage, ivec, input,
+                                             &output->ciphertext);
     }
 
     return (*ktp->encrypt)(ktp->enc, ktp->hash, key, usage, ivec, input,
-			   &output->ciphertext);
+                           &output->ciphertext);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt(krb5_context context, const krb5_keyblock *keyblock,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_enc_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_data *input, krb5_enc_data *output)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_encrypt(context, key, usage, ivec, input, output);
     krb5_k_free_key(context, key);
     return ret;
diff --git a/src/lib/crypto/krb/encrypt_iov.c b/src/lib/crypto/krb/encrypt_iov.c
index 64cb126..c0651e1 100644
--- a/src/lib/crypto/krb/encrypt_iov.c
+++ b/src/lib/crypto/krb/encrypt_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/encrypt_iov.c
  *
@@ -29,38 +30,38 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_encrypt_iov(krb5_context context,
-		   krb5_key key,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+                   krb5_key key,
+                   krb5_keyusage usage,
+                   const krb5_data *cipher_state,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     return (*ktp->aead->encrypt_iov)(ktp->aead, ktp->enc, ktp->hash,
-				     key, usage, cipher_state, data, num_data);
+                                     key, usage, cipher_state, data, num_data);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt_iov(krb5_context context,
-		   const krb5_keyblock *keyblock,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+                   const krb5_keyblock *keyblock,
+                   krb5_keyusage usage,
+                   const krb5_data *cipher_state,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_encrypt_iov(context, key, usage, cipher_state, data,
-			     num_data);
+                             num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/encrypt_length.c b/src/lib/crypto/krb/encrypt_length.c
index f2aad02..f270f8a 100644
--- a/src/lib/crypto/krb/encrypt_length.c
+++ b/src/lib/crypto/krb/encrypt_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,21 +31,21 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
-		      size_t inputlen, size_t *length)
+                      size_t inputlen, size_t *length)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (ktp->encrypt_len == NULL) {
-	assert(ktp->aead != NULL);
+        assert(ktp->aead != NULL);
 
-	krb5int_c_encrypt_length_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     inputlen, length);
+        krb5int_c_encrypt_length_aead_compat(ktp->aead, ktp->enc, ktp->hash,
+                                             inputlen, length);
     } else {
-	(*ktp->encrypt_len)(ktp->enc, ktp->hash, inputlen, length);
+        (*ktp->encrypt_len)(ktp->enc, ktp->hash, inputlen, length);
     }
 
     return 0;
diff --git a/src/lib/crypto/krb/enctype_compare.c b/src/lib/crypto/krb/enctype_compare.c
index 6d47f9d..3271880 100644
--- a/src/lib/crypto/krb/enctype_compare.c
+++ b/src/lib/crypto/krb/enctype_compare.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,14 +30,14 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
-		       krb5_boolean *similar)
+                       krb5_boolean *similar)
 {
     const struct krb5_keytypes *ktp1, *ktp2;
 
     ktp1 = find_enctype(e1);
     ktp2 = find_enctype(e2);
     if (ktp1 == NULL || ktp2 == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
     return 0;
diff --git a/src/lib/crypto/krb/enctype_to_string.c b/src/lib/crypto/krb/enctype_to_string.c
index c408782..f0e8962 100644
--- a/src/lib/crypto/krb/enctype_to_string.c
+++ b/src/lib/crypto/krb/enctype_to_string.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -34,8 +35,8 @@ krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return EINVAL;
+        return EINVAL;
     if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index a1acdc0..bd9bb97 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h
index 68dcdd4..57cca74 100644
--- a/src/lib/crypto/krb/etypes.h
+++ b/src/lib/crypto/krb/etypes.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,29 +28,29 @@
 #include "k5-int.h"
 
 typedef void (*krb5_encrypt_length_func)(const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 size_t inputlen, size_t *length);
+                                         const struct krb5_hash_provider *hash,
+                                         size_t inputlen, size_t *length);
 
 typedef krb5_error_code (*krb5_crypt_func)(const struct krb5_enc_provider *enc,
-					   const struct
-					   krb5_hash_provider *hash,
-					   krb5_key key,
-					   krb5_keyusage keyusage,
-					   const krb5_data *ivec,
-					   const krb5_data *input,
-					   krb5_data *output);
+                                           const struct
+                                           krb5_hash_provider *hash,
+                                           krb5_key key,
+                                           krb5_keyusage keyusage,
+                                           const krb5_data *ivec,
+                                           const krb5_data *input,
+                                           krb5_data *output);
 
 typedef krb5_error_code (*krb5_str2key_func)(const struct
-					     krb5_enc_provider *enc,
-					     const krb5_data *string,
-					     const krb5_data *salt,
-					     const krb5_data *parm,
-					     krb5_keyblock *key);
+                                             krb5_enc_provider *enc,
+                                             const krb5_data *string,
+                                             const krb5_data *salt,
+                                             const krb5_data *parm,
+                                             krb5_keyblock *key);
 
 typedef krb5_error_code (*krb5_prf_func)(const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 krb5_key key,
-					 const krb5_data *in, krb5_data *out);
+                                         const struct krb5_hash_provider *hash,
+                                         krb5_key key,
+                                         const krb5_data *in, krb5_data *out);
 
 struct krb5_keytypes {
     krb5_enctype etype;
@@ -80,11 +81,11 @@ find_enctype(krb5_enctype enctype)
     int i;
 
     for (i = 0; i < krb5int_enctypes_length; i++) {
-	if (krb5int_enctypes_list[i].etype == enctype)
-	    break;
+        if (krb5int_enctypes_list[i].etype == enctype)
+            break;
     }
 
     if (i == krb5int_enctypes_length)
-	return NULL;
+        return NULL;
     return &krb5int_enctypes_list[i];
 }
diff --git a/src/lib/crypto/krb/key.c b/src/lib/crypto/krb/key.c
index 15c6205..2fabd3a 100644
--- a/src/lib/crypto/krb/key.c
+++ b/src/lib/crypto/krb/key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -35,7 +36,7 @@
 /* Create a krb5_key from the enctype and key data in a keyblock. */
 krb5_error_code KRB5_CALLCONV
 krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
-		  krb5_key *out)
+                  krb5_key *out)
 {
     krb5_key key = NULL;
     krb5_error_code code;
@@ -44,10 +45,10 @@ krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
 
     key = malloc(sizeof(*key));
     if (key == NULL)
-	return ENOMEM;
+        return ENOMEM;
     code = krb5int_c_copy_keyblock_contents(context, key_data, &key->keyblock);
     if (code)
-	goto cleanup;
+        goto cleanup;
 
     key->refcount = 1;
     key->derived = NULL;
@@ -63,7 +64,7 @@ void KRB5_CALLCONV
 krb5_k_reference_key(krb5_context context, krb5_key key)
 {
     if (key)
-	key->refcount++;
+        key->refcount++;
 }
 
 /* Free the memory used by a krb5_key. */
@@ -73,14 +74,14 @@ krb5_k_free_key(krb5_context context, krb5_key key)
     struct derived_key *dk;
 
     if (key == NULL || --key->refcount > 0)
-	return;
+        return;
 
     /* Free the derived key cache. */
     while ((dk = key->derived) != NULL) {
-	key->derived = dk->next;
-	free(dk->constant.data);
-	krb5_k_free_key(context, dk->dkey);
-	free(dk);
+        key->derived = dk->next;
+        free(dk->constant.data);
+        krb5_k_free_key(context, dk->dkey);
+        free(dk);
     }
     krb5int_c_free_keyblock_contents(context, &key->keyblock);
     free(key);
@@ -89,7 +90,7 @@ krb5_k_free_key(krb5_context context, krb5_key key)
 /* Retrieve a copy of the keyblock from a krb5_key. */
 krb5_error_code KRB5_CALLCONV
 krb5_k_key_keyblock(krb5_context context, krb5_key key,
-		    krb5_keyblock **key_data)
+                    krb5_keyblock **key_data)
 {
     return krb5int_c_copy_keyblock(context, &key->keyblock, key_data);
 }
diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c
index d9db694..732a877 100644
--- a/src/lib/crypto/krb/keyblocks.c
+++ b/src/lib/crypto/krb/keyblocks.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/keyblocks.c
  *
@@ -35,7 +36,7 @@
 
 krb5_error_code
 krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
-			size_t length, krb5_keyblock **out)
+                        size_t length, krb5_keyblock **out)
 {
     krb5_keyblock *kb;
 
@@ -44,18 +45,18 @@ krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
 
     kb = malloc(sizeof(krb5_keyblock));
     if (kb == NULL)
-	return ENOMEM;
+        return ENOMEM;
     kb->magic = KV5M_KEYBLOCK;
     kb->enctype = enctype;
     kb->length = length;
     if (length) {
-	kb->contents = malloc(length);
-	if (!kb->contents) {
-	    free(kb);
-	    return ENOMEM;
-	}
+        kb->contents = malloc(length);
+        if (!kb->contents) {
+            free(kb);
+            return ENOMEM;
+        }
     } else {
-	kb->contents = NULL;
+        kb->contents = NULL;
     }
 
     *out = kb;
@@ -73,14 +74,14 @@ void
 krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
 {
     if (key && key->contents) {
-	zapfree(key->contents, key->length);
-	key->contents = NULL;
+        zapfree(key->contents, key->length);
+        key->contents = NULL;
     }
 }
 
 krb5_error_code
 krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
-			krb5_keyblock **to)
+                        krb5_keyblock **to)
 {
     krb5_keyblock *new_key;
     krb5_error_code code;
@@ -88,11 +89,11 @@ krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
     *to = NULL;
     new_key = malloc(sizeof(*new_key));
     if (!new_key)
-	return ENOMEM;
+        return ENOMEM;
     code = krb5int_c_copy_keyblock_contents(context, from, new_key);
     if (code) {
-	free(new_key);
-	return code;
+        free(new_key);
+        return code;
     }
     *to = new_key;
     return 0;
@@ -100,7 +101,7 @@ krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
 
 krb5_error_code
 krb5int_c_copy_keyblock_contents(krb5_context context,
-				 const krb5_keyblock *from, krb5_keyblock *to)
+                                 const krb5_keyblock *from, krb5_keyblock *to)
 {
     *to = *from;
     if (to->length) {
diff --git a/src/lib/crypto/krb/keyed_checksum_types.c b/src/lib/crypto/krb/keyed_checksum_types.c
index 4da6e25..2cba377 100644
--- a/src/lib/crypto/krb/keyed_checksum_types.c
+++ b/src/lib/crypto/krb/keyed_checksum_types.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -40,7 +41,7 @@ etype_match(krb5_enctype e1, krb5_enctype e2)
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
-			    unsigned int *count, krb5_cksumtype **cksumtypes)
+                            unsigned int *count, krb5_cksumtype **cksumtypes)
 {
     unsigned int i, c, nctypes;
     krb5_cksumtype *ctypes;
@@ -51,22 +52,22 @@ krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
 
     nctypes = 0;
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ct = &krb5int_cksumtypes_list[i];
-	if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
-	    (ct->flags & KRB5_CKSUMFLAG_DERIVE))
-	    nctypes++;
+        ct = &krb5int_cksumtypes_list[i];
+        if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+            (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+            nctypes++;
     }
 
     ctypes = malloc(nctypes * sizeof(krb5_cksumtype));
     if (ctypes == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     c = 0;
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ct = &krb5int_cksumtypes_list[i];
-	if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
-	    (ct->flags & KRB5_CKSUMFLAG_DERIVE))
-	    ctypes[c++] = krb5int_cksumtypes_list[i].ctype;
+        ct = &krb5int_cksumtypes_list[i];
+        if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
+            (ct->flags & KRB5_CKSUMFLAG_DERIVE))
+            ctypes[c++] = krb5int_cksumtypes_list[i].ctype;
     }
 
     *count = nctypes;
diff --git a/src/lib/crypto/krb/keyed_cksum.c b/src/lib/crypto/krb/keyed_cksum.c
index ac49ef6..2f8bed6 100644
--- a/src/lib/crypto/krb/keyed_cksum.c
+++ b/src/lib/crypto/krb/keyed_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -34,11 +35,11 @@ krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
     const struct krb5_cksumtypes *ctp;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ctp = &krb5int_cksumtypes_list[i];
-	if (ctp->ctype == ctype) {
-	    return (ctp->keyhash != NULL ||
-		    (ctp->flags & KRB5_CKSUMFLAG_DERIVE));
-	}
+        ctp = &krb5int_cksumtypes_list[i];
+        if (ctp->ctype == ctype) {
+            return (ctp->keyhash != NULL ||
+                    (ctp->flags & KRB5_CKSUMFLAG_DERIVE));
+        }
     }
 
     /* Invalid ctype.  This is misleading, but better than dumping core. */
diff --git a/src/lib/crypto/krb/keyhash_provider/descbc.c b/src/lib/crypto/krb/keyhash_provider/descbc.c
index c54e27f..1ed2260 100644
--- a/src/lib/crypto/krb/keyhash_provider/descbc.c
+++ b/src/lib/crypto/krb/keyhash_provider/descbc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,33 +31,33 @@
 
 static krb5_error_code
 k5_descbc_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     mit_des_key_schedule schedule;
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input->length%8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
     if (output->length != 8)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
 
     /* this has a return value, but it's useless to us */
 
     mit_des_cbc_cksum((unsigned char *) input->data,
-		      (unsigned char *) output->data, input->length,
-		      schedule,
-		      ivec? (const unsigned char *)ivec->data:
-		            (const unsigned char *)mit_des_zeroblock);
+                      (unsigned char *) output->data, input->length,
+                      schedule,
+                      ivec? (const unsigned char *)ivec->data:
+                      (const unsigned char *)mit_des_zeroblock);
 
     memset(schedule, 0, sizeof(schedule));
 
diff --git a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
index 1aa7e3c..6bfbefd 100644
--- a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
+++ b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/keyhash_provider/hmac_md5.c
  *
@@ -37,122 +38,122 @@
 
 static  krb5_error_code
 k5_hmac_md5_hash (krb5_key key, krb5_keyusage usage,
-		  const krb5_data *iv,
-		  const krb5_data *input, krb5_data *output)
+                  const krb5_data *iv,
+                  const krb5_data *input, krb5_data *output)
 {
-  krb5_keyusage ms_usage;
-  krb5_error_code ret;
-  krb5_keyblock keyblock;
-  krb5_key ks = NULL;
-  krb5_data ds, ks_constant, md5tmp;
-  krb5_MD5_CTX ctx;
-  char t[4];
-
-
-  ds.length = key->keyblock.length;
-  ds.data = malloc(ds.length);
-  if (ds.data == NULL)
-    return ENOMEM;
-
-  ks_constant.data = "signaturekey";
-  ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
-
-  ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
-		   &ks_constant, &ds);
-  if (ret)
-    goto cleanup;
-
-  keyblock.length = key->keyblock.length;
-  keyblock.contents = (void *) ds.data;
-  ret = krb5_k_create_key(NULL, &keyblock, &ks);
-  if (ret)
-      goto cleanup;
-
-  krb5int_MD5Init (&ctx);
-  ms_usage = krb5int_arcfour_translate_usage (usage);
-  store_32_le(ms_usage, t);
-  krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
-  krb5int_MD5Update (&ctx, (unsigned char *) input-> data,
-		  (unsigned int) input->length );
-  krb5int_MD5Final(&ctx);
-  md5tmp.data = (void *) ctx.digest;
-  md5tmp.length = 16;
-
-  ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
-		    output);
-
-    cleanup:
-  memset(&ctx, 0, sizeof(ctx));
-  zapfree(ds.data, ds.length);
-  krb5_k_free_key(NULL, ks);
-  return ret;
+    krb5_keyusage ms_usage;
+    krb5_error_code ret;
+    krb5_keyblock keyblock;
+    krb5_key ks = NULL;
+    krb5_data ds, ks_constant, md5tmp;
+    krb5_MD5_CTX ctx;
+    char t[4];
+
+
+    ds.length = key->keyblock.length;
+    ds.data = malloc(ds.length);
+    if (ds.data == NULL)
+        return ENOMEM;
+
+    ks_constant.data = "signaturekey";
+    ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
+
+    ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
+                        &ks_constant, &ds);
+    if (ret)
+        goto cleanup;
+
+    keyblock.length = key->keyblock.length;
+    keyblock.contents = (void *) ds.data;
+    ret = krb5_k_create_key(NULL, &keyblock, &ks);
+    if (ret)
+        goto cleanup;
+
+    krb5int_MD5Init (&ctx);
+    ms_usage = krb5int_arcfour_translate_usage (usage);
+    store_32_le(ms_usage, t);
+    krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
+    krb5int_MD5Update (&ctx, (unsigned char *) input-> data,
+                       (unsigned int) input->length );
+    krb5int_MD5Final(&ctx);
+    md5tmp.data = (void *) ctx.digest;
+    md5tmp.length = 16;
+
+    ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
+                         output);
+
+cleanup:
+    memset(&ctx, 0, sizeof(ctx));
+    zapfree(ds.data, ds.length);
+    krb5_k_free_key(NULL, ks);
+    return ret;
 }
 
 static  krb5_error_code
 k5_hmac_md5_hash_iov (krb5_key key, krb5_keyusage usage,
-		      const krb5_data *iv,
-		      const krb5_crypto_iov *data, size_t num_data,
-		      krb5_data *output)
+                      const krb5_data *iv,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
 {
-  krb5_keyusage ms_usage;
-  krb5_error_code ret;
-  krb5_keyblock keyblock;
-  krb5_key ks = NULL;
-  krb5_data ds, ks_constant, md5tmp;
-  krb5_MD5_CTX ctx;
-  char t[4];
-  size_t i;
-
-  keyblock.contents = NULL;
-  keyblock.length = 0;
-
-  ds.length = key->keyblock.length;
-  ds.data = malloc(ds.length);
-  if (ds.data == NULL)
-    return ENOMEM;
-
-  ks_constant.data = "signaturekey";
-  ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
-
-  ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
-		   &ks_constant, &ds);
-  if (ret)
-    goto cleanup;
-
-  keyblock.length = key->keyblock.length;
-  keyblock.contents = (void *) ds.data;
-  ret = krb5_k_create_key(NULL, &keyblock, &ks);
-  if (ret)
-      goto cleanup;
-
-  krb5int_MD5Init (&ctx);
-  ms_usage = krb5int_arcfour_translate_usage (usage);
-  store_32_le(ms_usage, t);
-  krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
-  for (i = 0; i < num_data; i++) {
-    const krb5_crypto_iov *iov = &data[i];
-
-    if (SIGN_IOV(iov))
-      krb5int_MD5Update (&ctx, (unsigned char *)iov->data.data,
-		      (unsigned int)iov->data.length);
-  }
-  krb5int_MD5Final(&ctx);
-  md5tmp.data = (void *) ctx.digest;
-  md5tmp.length = 16;
-  ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
-		    output);
-
-    cleanup:
-  memset(&ctx, 0, sizeof(ctx));
-  zapfree(keyblock.contents, keyblock.length);
-  krb5_k_free_key(NULL, ks);
-  return ret;
+    krb5_keyusage ms_usage;
+    krb5_error_code ret;
+    krb5_keyblock keyblock;
+    krb5_key ks = NULL;
+    krb5_data ds, ks_constant, md5tmp;
+    krb5_MD5_CTX ctx;
+    char t[4];
+    size_t i;
+
+    keyblock.contents = NULL;
+    keyblock.length = 0;
+
+    ds.length = key->keyblock.length;
+    ds.data = malloc(ds.length);
+    if (ds.data == NULL)
+        return ENOMEM;
+
+    ks_constant.data = "signaturekey";
+    ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
+
+    ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
+                        &ks_constant, &ds);
+    if (ret)
+        goto cleanup;
+
+    keyblock.length = key->keyblock.length;
+    keyblock.contents = (void *) ds.data;
+    ret = krb5_k_create_key(NULL, &keyblock, &ks);
+    if (ret)
+        goto cleanup;
+
+    krb5int_MD5Init (&ctx);
+    ms_usage = krb5int_arcfour_translate_usage (usage);
+    store_32_le(ms_usage, t);
+    krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov))
+            krb5int_MD5Update (&ctx, (unsigned char *)iov->data.data,
+                               (unsigned int)iov->data.length);
+    }
+    krb5int_MD5Final(&ctx);
+    md5tmp.data = (void *) ctx.digest;
+    md5tmp.length = 16;
+    ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
+                         output);
+
+cleanup:
+    memset(&ctx, 0, sizeof(ctx));
+    zapfree(keyblock.contents, keyblock.length);
+    krb5_k_free_key(NULL, ks);
+    return ret;
 }
 
 const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5 = {
-  16,
-  k5_hmac_md5_hash,
-  NULL, /*checksum  again*/
-  k5_hmac_md5_hash_iov,
-  NULL  /*checksum  again */
+    16,
+    k5_hmac_md5_hash,
+    NULL, /*checksum  again*/
+    k5_hmac_md5_hash_iov,
+    NULL  /*checksum  again */
 };
diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
index 89d97f7..032cf39 100644
--- a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
+++ b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -48,10 +49,10 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
     size_t i = 0;
 
     if (origkey->keyblock.length != sizeof(xorbytes))
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
     for (i = 0; i < sizeof(xorbytes); i++)
-	xorbytes[i] ^= 0xf0;
+        xorbytes[i] ^= 0xf0;
 
     /* Do a shallow copy here. */
     xorkeyblock = origkey->keyblock;
@@ -64,7 +65,7 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
 
 static krb5_error_code
 k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     krb5_error_code ret;
     krb5_data data;
@@ -74,25 +75,25 @@ k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
     struct krb5_enc_provider *enc = &krb5int_enc_des;
 
     if (output->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH))
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     /* create the confouder */
 
     data.length = CONFLENGTH;
     data.data = (char *) conf;
     if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
-	return(ret);
+        return(ret);
 
     ret = mk_xorkey(key, &xorkey);
     if (ret)
-	return ret;
+        return ret;
 
     /* hash the confounder, then the input data */
 
     krb5int_MD4Init(&ctx);
     krb5int_MD4Update(&ctx, conf, CONFLENGTH);
     krb5int_MD4Update(&ctx, (unsigned char *) input->data,
-		   (unsigned int) input->length);
+                      (unsigned int) input->length);
     krb5int_MD4Final(&ctx);
 
     /* construct the buffer to be encrypted */
@@ -109,9 +110,9 @@ k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 
 static krb5_error_code
 k5_md4des_verify(krb5_key key, krb5_keyusage usage,
-		 const krb5_data *ivec,
-		 const krb5_data *input, const krb5_data *hash,
-		 krb5_boolean *valid)
+                 const krb5_data *ivec,
+                 const krb5_data *input, const krb5_data *hash,
+                 krb5_boolean *valid)
 {
     krb5_error_code ret;
     krb5_MD4_CTX ctx;
@@ -125,17 +126,17 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage,
     iv.length = 0;
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if (hash->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH)) {
 #ifdef KRB5int_MD4DES_BETA5_COMPAT
-	if (hash->length != RSA_MD4_CKSUM_LENGTH)
-	    return(KRB5_CRYPTO_INTERNAL);
-	else
-	    compathash = 1;
+        if (hash->length != RSA_MD4_CKSUM_LENGTH)
+            return(KRB5_CRYPTO_INTERNAL);
+        else
+            compathash = 1;
 #else
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 #endif
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
     }
 
     if (compathash) {
@@ -145,9 +146,9 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage,
         if (key->keyblock.contents)
             memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
     } else {
-	ret = mk_xorkey(key, &xorkey);
-	if (ret)
-	  return ret;
+        ret = mk_xorkey(key, &xorkey);
+        if (ret)
+            return ret;
     }
 
     /* decrypt it */
@@ -156,10 +157,10 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage,
 
     if (!compathash) {
         ret = enc->decrypt(xorkey, NULL, hash, &output);
-	krb5_k_free_key(NULL, xorkey);
+        krb5_k_free_key(NULL, xorkey);
     } else {
         ret = enc->decrypt(key, &iv, hash, &output);
-	zap(iv.data, iv.length);
+        zap(iv.data, iv.length);
         free(iv.data);
     }
 
@@ -172,21 +173,21 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage,
 
     krb5int_MD4Init(&ctx);
     if (!compathash) {
-	krb5int_MD4Update(&ctx, plaintext, CONFLENGTH);
+        krb5int_MD4Update(&ctx, plaintext, CONFLENGTH);
     }
     krb5int_MD4Update(&ctx, (unsigned char *) input->data,
-		   (unsigned int) input->length);
+                      (unsigned int) input->length);
     krb5int_MD4Final(&ctx);
 
     /* compare the decrypted hash to the computed one */
 
     if (!compathash) {
-	*valid =
-	    (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD4_CKSUM_LENGTH)
-	     == 0);
+        *valid =
+            (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD4_CKSUM_LENGTH)
+             == 0);
     } else {
-	*valid =
-	    (memcmp(plaintext, ctx.digest, RSA_MD4_CKSUM_LENGTH) == 0);
+        *valid =
+            (memcmp(plaintext, ctx.digest, RSA_MD4_CKSUM_LENGTH) == 0);
     }
 
     memset(plaintext, 0, sizeof(plaintext));
diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
index 4a3d623..b2bea25 100644
--- a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
+++ b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -48,10 +49,10 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
     size_t i = 0;
 
     if (origkey->keyblock.length != sizeof(xorbytes))
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
     for (i = 0; i < sizeof(xorbytes); i++)
-	xorbytes[i] ^= 0xf0;
+        xorbytes[i] ^= 0xf0;
 
     /* Do a shallow copy here. */
     xorkeyblock = origkey->keyblock;
@@ -64,7 +65,7 @@ mk_xorkey(krb5_key origkey, krb5_key *xorkey)
 
 static krb5_error_code
 k5_md5des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     krb5_error_code ret;
     krb5_data data;
@@ -74,25 +75,25 @@ k5_md5des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
     struct krb5_enc_provider *enc = &krb5int_enc_des;
 
     if (output->length != (CONFLENGTH+RSA_MD5_CKSUM_LENGTH))
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     /* create the confouder */
 
     data.length = CONFLENGTH;
     data.data = (char *) conf;
     if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
-	return(ret);
+        return(ret);
 
     ret = mk_xorkey(key, &xorkey);
     if (ret)
-	return ret;
+        return ret;
 
     /* hash the confounder, then the input data */
 
     krb5int_MD5Init(&ctx);
     krb5int_MD5Update(&ctx, conf, CONFLENGTH);
     krb5int_MD5Update(&ctx, (unsigned char *) input->data,
-		   (unsigned int) input->length);
+                      (unsigned int) input->length);
     krb5int_MD5Final(&ctx);
 
     /* construct the buffer to be encrypted */
@@ -110,8 +111,8 @@ k5_md5des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 
 static krb5_error_code
 k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
-		 const krb5_data *input, const krb5_data *hash,
-		 krb5_boolean *valid)
+                 const krb5_data *input, const krb5_data *hash,
+                 krb5_boolean *valid)
 {
     krb5_error_code ret;
     krb5_MD5_CTX ctx;
@@ -125,16 +126,16 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
     iv.length = 0;
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
 
     if (hash->length != (CONFLENGTH+RSA_MD5_CKSUM_LENGTH)) {
 #ifdef KRB5int_MD5DES_BETA5_COMPAT
-	if (hash->length != RSA_MD5_CKSUM_LENGTH)
-	    return(KRB5_CRYPTO_INTERNAL);
-	else
-	    compathash = 1;
+        if (hash->length != RSA_MD5_CKSUM_LENGTH)
+            return(KRB5_CRYPTO_INTERNAL);
+        else
+            compathash = 1;
 #else
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 #endif
     }
 
@@ -145,9 +146,9 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
         if (key->keyblock.contents)
             memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
     } else {
-	ret = mk_xorkey(key, &xorkey);
-	if (ret)
-	  return ret;
+        ret = mk_xorkey(key, &xorkey);
+        if (ret)
+            return ret;
     }
 
     /* decrypt it */
@@ -156,10 +157,10 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 
     if (!compathash) {
         ret = enc->decrypt(xorkey, NULL, hash, &output);
-	krb5_k_free_key(NULL, xorkey);
+        krb5_k_free_key(NULL, xorkey);
     } else {
         ret = enc->decrypt(key, &iv, hash, &output);
-	zap(iv.data, iv.length);
+        zap(iv.data, iv.length);
         free(iv.data);
     }
 
@@ -172,21 +173,21 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 
     krb5int_MD5Init(&ctx);
     if (!compathash) {
-	krb5int_MD5Update(&ctx, plaintext, CONFLENGTH);
+        krb5int_MD5Update(&ctx, plaintext, CONFLENGTH);
     }
     krb5int_MD5Update(&ctx, (unsigned char *) input->data,
-		   (unsigned) input->length);
+                      (unsigned) input->length);
     krb5int_MD5Final(&ctx);
 
     /* compare the decrypted hash to the computed one */
 
     if (!compathash) {
-	*valid =
-	    (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH)
-	     == 0);
+        *valid =
+            (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH)
+             == 0);
     } else {
-	*valid =
-	    (memcmp(plaintext, ctx.digest, RSA_MD5_CKSUM_LENGTH) == 0);
+        *valid =
+            (memcmp(plaintext, ctx.digest, RSA_MD5_CKSUM_LENGTH) == 0);
     }
     memset(plaintext, 0, sizeof(plaintext));
 
diff --git a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
index c16f0fc..0eb940f 100644
--- a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
+++ b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
index 7e44a03..b7d53f7 100644
--- a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
+++ b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/keyhash_provider/md5_hmac.c
  *
@@ -34,32 +35,32 @@
 
 static  krb5_error_code
 k5_md5_hmac_hash (krb5_key key, krb5_keyusage usage,
-		  const krb5_data *iv,
-		  const krb5_data *input, krb5_data *output)
+                  const krb5_data *iv,
+                  const krb5_data *input, krb5_data *output)
 {
-  krb5_keyusage ms_usage;
-  krb5_MD5_CTX ctx;
-  unsigned char t[4];
-  krb5_data ds;
+    krb5_keyusage ms_usage;
+    krb5_MD5_CTX ctx;
+    unsigned char t[4];
+    krb5_data ds;
 
-  krb5int_MD5Init(&ctx);
+    krb5int_MD5Init(&ctx);
 
-  ms_usage = krb5int_arcfour_translate_usage (usage);
-  store_32_le(ms_usage, t);
-  krb5int_MD5Update(&ctx, t, sizeof(t));
-  krb5int_MD5Update(&ctx, (unsigned char *)input->data, input->length);
-  krb5int_MD5Final(&ctx);
+    ms_usage = krb5int_arcfour_translate_usage (usage);
+    store_32_le(ms_usage, t);
+    krb5int_MD5Update(&ctx, t, sizeof(t));
+    krb5int_MD5Update(&ctx, (unsigned char *)input->data, input->length);
+    krb5int_MD5Final(&ctx);
 
-  ds.magic = KV5M_DATA;
-  ds.length = 16;
-  ds.data = (char *)ctx.digest;
+    ds.magic = KV5M_DATA;
+    ds.length = 16;
+    ds.data = (char *)ctx.digest;
 
-  return krb5int_hmac ( &krb5int_hash_md5, key, 1, &ds, output);
+    return krb5int_hmac ( &krb5int_hash_md5, key, 1, &ds, output);
 }
 
 const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = {
-  16,
-  k5_md5_hmac_hash,
-  NULL, /*checksum  again*/
-  NULL, NULL
+    16,
+    k5_md5_hmac_hash,
+    NULL, /*checksum  again*/
+    NULL, NULL
 };
diff --git a/src/lib/crypto/krb/keylengths.c b/src/lib/crypto/krb/keylengths.c
index f38a28c..fa65be1 100644
--- a/src/lib/crypto/krb/keylengths.c
+++ b/src/lib/crypto/krb/keylengths.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
@@ -37,21 +38,21 @@
  */
 krb5_error_code KRB5_CALLCONV
 krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
-		  size_t *keybytes, size_t *keylength)
+                  size_t *keybytes, size_t *keylength)
 {
     const struct krb5_keytypes *ktp;
 
     if (keybytes == NULL && keylength == NULL)
-	return EINVAL;
+        return EINVAL;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (keybytes)
-	*keybytes = ktp->enc->keybytes;
+        *keybytes = ktp->enc->keybytes;
     if (keylength)
-	*keylength = ktp->enc->keylength;
+        *keylength = ktp->enc->keylength;
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/make_checksum.c b/src/lib/crypto/krb/make_checksum.c
index 06a5247..f62f40a 100644
--- a/src/lib/crypto/krb/make_checksum.c
+++ b/src/lib/crypto/krb/make_checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,8 +32,8 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *input, krb5_checksum *cksum)
+                     krb5_key key, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
 {
     unsigned int i;
     const struct krb5_cksumtypes *ctp;
@@ -44,73 +45,73 @@ krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
     size_t cksumlen;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == cksumtype)
+            break;
     }
     if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     ctp = &krb5int_cksumtypes_list[i];
 
     if (ctp->keyhash != NULL)
-	cksumlen = ctp->keyhash->hashsize;
+        cksumlen = ctp->keyhash->hashsize;
     else
-	cksumlen = ctp->hash->hashsize;
+        cksumlen = ctp->hash->hashsize;
 
     cksum->length = cksumlen;
     cksum->contents = malloc(cksum->length);
     if (cksum->contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     data.length = cksum->length;
     data.data = (char *) cksum->contents;
 
     if (ctp->keyhash) {
-	/* check if key is compatible */
-	if (ctp->keyed_etype) {
-	    ktp1 = find_enctype(ctp->keyed_etype);
-	    ktp2 = key ? find_enctype(key->keyblock.enctype) : NULL;
-	    if (ktp1 == NULL || ktp2 == NULL || ktp1->enc != ktp2->enc) {
-		ret = KRB5_BAD_ENCTYPE;
-		goto cleanup;
-	    }
-	}
-
-	keyhash = ctp->keyhash;
-	if (keyhash->hash == NULL) {
-	    krb5_crypto_iov iov[1];
-
-	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-	    iov[0].data.data = input->data;
-	    iov[0].data.length = input->length;
-
-	    assert(keyhash->hash_iov != NULL);
-
-	    ret = (*keyhash->hash_iov)(key, usage, 0, iov, 1, &data);
-	} else {
-	    ret = (*keyhash->hash)(key, usage, 0, input, &data);
-	}
+        /* check if key is compatible */
+        if (ctp->keyed_etype) {
+            ktp1 = find_enctype(ctp->keyed_etype);
+            ktp2 = key ? find_enctype(key->keyblock.enctype) : NULL;
+            if (ktp1 == NULL || ktp2 == NULL || ktp1->enc != ktp2->enc) {
+                ret = KRB5_BAD_ENCTYPE;
+                goto cleanup;
+            }
+        }
+
+        keyhash = ctp->keyhash;
+        if (keyhash->hash == NULL) {
+            krb5_crypto_iov iov[1];
+
+            iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[0].data.data = input->data;
+            iov[0].data.length = input->length;
+
+            assert(keyhash->hash_iov != NULL);
+
+            ret = (*keyhash->hash_iov)(key, usage, 0, iov, 1, &data);
+        } else {
+            ret = (*keyhash->hash)(key, usage, 0, input, &data);
+        }
     } else if (ctp->flags & KRB5_CKSUMFLAG_DERIVE) {
-	ret = krb5int_dk_make_checksum(ctp->hash, key, usage, input, &data);
+        ret = krb5int_dk_make_checksum(ctp->hash, key, usage, input, &data);
     } else {
-	/* No key is used. */
-	ret = (*ctp->hash->hash)(1, input, &data);
+        /* No key is used. */
+        ret = (*ctp->hash->hash)(1, input, &data);
     }
 
     if (!ret) {
-	cksum->magic = KV5M_CHECKSUM;
-	cksum->checksum_type = cksumtype;
-	if (ctp->trunc_size) {
-	    cksum->length = ctp->trunc_size;
-	    trunc = realloc(cksum->contents, cksum->length);
-	    if (trunc)
-		cksum->contents = trunc;
-	}
+        cksum->magic = KV5M_CHECKSUM;
+        cksum->checksum_type = cksumtype;
+        if (ctp->trunc_size) {
+            cksum->length = ctp->trunc_size;
+            trunc = realloc(cksum->contents, cksum->length);
+            if (trunc)
+                cksum->contents = trunc;
+        }
     }
 
 cleanup:
     if (ret) {
-	zapfree(cksum->contents, cksum->length);
-	cksum->contents = NULL;
+        zapfree(cksum->contents, cksum->length);
+        cksum->contents = NULL;
     }
 
     return ret;
@@ -118,16 +119,16 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
-		     const krb5_keyblock *keyblock, krb5_keyusage usage,
-		     const krb5_data *input, krb5_checksum *cksum)
+                     const krb5_keyblock *keyblock, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
 {
     krb5_key key = NULL;
     krb5_error_code ret;
 
     if (keyblock != NULL) {
-	ret = krb5_k_create_key(context, keyblock, &key);
-	if (ret != 0)
-	    return ret;
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
     }
     ret = krb5_k_make_checksum(context, cksumtype, key, usage, input, cksum);
     krb5_k_free_key(context, key);
diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c
index 192f910..9ac70f5 100644
--- a/src/lib/crypto/krb/make_checksum_iov.c
+++ b/src/lib/crypto/krb/make_checksum_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/make_checksum_iov.c
  *
@@ -30,11 +31,11 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_make_checksum_iov(krb5_context context,
-			 krb5_cksumtype cksumtype,
-			 krb5_key key,
-			 krb5_keyusage usage,
-			 krb5_crypto_iov *data,
-			 size_t num_data)
+                         krb5_cksumtype cksumtype,
+                         krb5_key key,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
 {
     unsigned int i;
     size_t cksumlen;
@@ -44,37 +45,37 @@ krb5_k_make_checksum_iov(krb5_context context,
     const struct krb5_cksumtypes *ctp;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == cksumtype)
+            break;
     }
     if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     ctp = &krb5int_cksumtypes_list[i];
 
     if (ctp->keyhash != NULL)
-	cksum_data.length = ctp->keyhash->hashsize;
+        cksum_data.length = ctp->keyhash->hashsize;
     else
-	cksum_data.length = ctp->hash->hashsize;
+        cksum_data.length = ctp->hash->hashsize;
 
     if (ctp->trunc_size != 0)
-	cksumlen = ctp->trunc_size;
+        cksumlen = ctp->trunc_size;
     else
-	cksumlen = cksum_data.length;
+        cksumlen = cksum_data.length;
 
     checksum = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM);
     if (checksum == NULL || checksum->data.length < cksumlen)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     cksum_data.data = malloc(cksum_data.length);
     if (cksum_data.data == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i],
-				      key, usage, data, num_data,
-				      &cksum_data);
+                                      key, usage, data, num_data,
+                                      &cksum_data);
     if (ret == 0) {
-	memcpy(checksum->data.data, cksum_data.data, cksumlen);
-	checksum->data.length = cksumlen;
+        memcpy(checksum->data.data, cksum_data.data, cksumlen);
+        checksum->data.length = cksumlen;
     }
 
     free(cksum_data.data);
@@ -84,20 +85,20 @@ krb5_k_make_checksum_iov(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_checksum_iov(krb5_context context,
-			 krb5_cksumtype cksumtype,
-			 const krb5_keyblock *keyblock,
-			 krb5_keyusage usage,
-			 krb5_crypto_iov *data,
-			 size_t num_data)
+                         krb5_cksumtype cksumtype,
+                         const krb5_keyblock *keyblock,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_make_checksum_iov(context, cksumtype, key, usage,
-				   data, num_data);
+                                   data, num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/make_random_key.c b/src/lib/crypto/krb/make_random_key.c
index de2e6bb..a236844 100644
--- a/src/lib/crypto/krb/make_random_key.c
+++ b/src/lib/crypto/krb/make_random_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,7 +30,7 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
-		       krb5_keyblock *random_key)
+                       krb5_keyblock *random_key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
@@ -40,7 +41,7 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     keybytes = enc->keybytes;
@@ -48,17 +49,17 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
     bytes = k5alloc(keybytes, &ret);
     if (ret)
-	return ret;
+        return ret;
     random_key->contents = k5alloc(keylength, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     random_data.data = (char *) bytes;
     random_data.length = keybytes;
 
     ret = krb5_c_random_make_octets(context, &random_data);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     random_key->magic = KV5M_KEYBLOCK;
     random_key->enctype = enctype;
@@ -68,8 +69,8 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
 cleanup:
     if (ret) {
-	zapfree(random_key->contents, keylength);
-	random_key->contents = NULL;
+        zapfree(random_key->contents, keylength);
+        random_key->contents = NULL;
     }
     zapfree(bytes, keybytes);
     return ret;
diff --git a/src/lib/crypto/krb/mandatory_sumtype.c b/src/lib/crypto/krb/mandatory_sumtype.c
index e3e3707..3adeaf2 100644
--- a/src/lib/crypto/krb/mandatory_sumtype.c
+++ b/src/lib/crypto/krb/mandatory_sumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2003 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -27,13 +28,13 @@
 
 krb5_error_code
 krb5int_c_mandatory_cksumtype(krb5_context ctx, krb5_enctype etype,
-			      krb5_cksumtype *cksumtype)
+                              krb5_cksumtype *cksumtype)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(etype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *cksumtype = ktp->required_ctype;
     return 0;
 }
diff --git a/src/lib/crypto/krb/nfold.c b/src/lib/crypto/krb/nfold.c
index 976e131..11082ac 100644
--- a/src/lib/crypto/krb/nfold.c
+++ b/src/lib/crypto/krb/nfold.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,24 +31,24 @@
 #endif
 
 /*
-n-fold(k-bits):
-  l = lcm(n,k)
-  r = l/k
-  s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
-  compute the 1's complement sum:
-	n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
-*/
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
 
 /* representation: msb first, assume n and k are multiples of 8, and
-   that k>=16.  this is the case of all the cryptosystems which are
-   likely to be used.  this function can be replaced if that
-   assumption ever fails.  */
+ * that k>=16.  this is the case of all the cryptosystems which are
+ * likely to be used.  this function can be replaced if that
+ * assumption ever fails.  */
 
 /* input length is in bits */
 
 void
 krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits,
-	   unsigned char *out)
+              unsigned char *out)
 {
     int a,b,c,lcm;
     int byte, i, msbit;
@@ -64,9 +65,9 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits
     b = inbits;
 
     while(b != 0) {
-	c = b;
-	b = a%b;
-	a = c;
+        c = b;
+        b = a%b;
+        a = c;
     }
 
     lcm = outbits*inbits/a;
@@ -79,51 +80,51 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits
     /* this will end up cycling through k lcm(k,n)/k times, which
        is correct */
     for (i=lcm-1; i>=0; i--) {
-	/* compute the msbit in k which gets added into this byte */
-	msbit = (/* first, start with the msbit in the first, unrotated
-		    byte */
-		 ((inbits<<3)-1)
-		 /* then, for each byte, shift to the right for each
-		    repetition */
-		 +(((inbits<<3)+13)*(i/inbits))
-		 /* last, pick out the correct byte within that
-		    shifted repetition */
-		 +((inbits-(i%inbits))<<3)
-		 )%(inbits<<3);
-
-	/* pull out the byte value itself */
-	byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
-		  (in[((inbits)-(msbit>>3))%inbits]))
-		 >>((msbit&7)+1))&0xff;
-
-	/* do the addition */
-	byte += out[i%outbits];
-	out[i%outbits] = byte&0xff;
+        /* compute the msbit in k which gets added into this byte */
+        msbit = (/* first, start with the msbit in the first, unrotated
+                    byte */
+            ((inbits<<3)-1)
+            /* then, for each byte, shift to the right for each
+               repetition */
+            +(((inbits<<3)+13)*(i/inbits))
+            /* last, pick out the correct byte within that
+               shifted repetition */
+            +((inbits-(i%inbits))<<3)
+        )%(inbits<<3);
+
+        /* pull out the byte value itself */
+        byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
+                  (in[((inbits)-(msbit>>3))%inbits]))
+                 >>((msbit&7)+1))&0xff;
+
+        /* do the addition */
+        byte += out[i%outbits];
+        out[i%outbits] = byte&0xff;
 
 #if 0
-	printf("msbit[%d] = %d\tbyte = %02x\tsum = %03x\n", i, msbit,
-	       (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
-		 (in[((inbits)-(msbit>>3))%inbits]))
-		>>((msbit&7)+1))&0xff, byte);
+        printf("msbit[%d] = %d\tbyte = %02x\tsum = %03x\n", i, msbit,
+               (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
+                 (in[((inbits)-(msbit>>3))%inbits]))
+                >>((msbit&7)+1))&0xff, byte);
 #endif
 
-	/* keep around the carry bit, if any */
-	byte >>= 8;
+        /* keep around the carry bit, if any */
+        byte >>= 8;
 
 #if 0
-	printf("carry=%d\n", byte);
+        printf("carry=%d\n", byte);
 #endif
     }
 
     /* if there's a carry bit left over, add it back in */
     if (byte) {
-	for (i=outbits-1; i>=0; i--) {
-	    /* do the addition */
-	    byte += out[i];
-	    out[i] = byte&0xff;
-
-	    /* keep around the carry bit, if any */
-	    byte >>= 8;
-	}
+        for (i=outbits-1; i>=0; i--) {
+            /* do the addition */
+            byte += out[i];
+            out[i] = byte&0xff;
+
+            /* keep around the carry bit, if any */
+            byte >>= 8;
+        }
     }
 }
diff --git a/src/lib/crypto/krb/old/des_stringtokey.c b/src/lib/crypto/krb/old/des_stringtokey.c
index 6a5c669..6f49166 100644
--- a/src/lib/crypto/krb/old/des_stringtokey.c
+++ b/src/lib/crypto/krb/old/des_stringtokey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,28 +32,28 @@
 /* XXX */
 extern krb5_error_code mit_des_string_to_key_int
 (krb5_keyblock * keyblock,
-		 const krb5_data * data,
-		 const krb5_data * salt);
+ const krb5_data * data,
+ const krb5_data * salt);
 
 krb5_error_code
 krb5int_des_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt, const krb5_data *parm,
-			  krb5_keyblock *key)
+                          const krb5_data *string,
+                          const krb5_data *salt, const krb5_data *parm,
+                          krb5_keyblock *key)
 {
     int type;
     if (parm ) {
-	if (parm->length != 1)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	type = parm->data[0];
+        if (parm->length != 1)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        type = parm->data[0];
     }
     else type = 0;
     switch(type) {
     case 0:
-    return(mit_des_string_to_key_int(key, string, salt));
+        return(mit_des_string_to_key_int(key, string, salt));
     case 1:
-	return mit_afs_string_to_key(key, string, salt);
+        return mit_afs_string_to_key(key, string, salt);
     default:
-	return KRB5_ERR_BAD_S2K_PARAMS;
+        return KRB5_ERR_BAD_S2K_PARAMS;
     }
 }
diff --git a/src/lib/crypto/krb/old/old.h b/src/lib/crypto/krb/old/old.h
index 953e61e..1ed19a0 100644
--- a/src/lib/crypto/krb/old/old.h
+++ b/src/lib/crypto/krb/old/old.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -26,27 +27,25 @@
 
 #include "k5-int.h"
 
-void krb5int_old_encrypt_length
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		size_t input, size_t *length);
+void krb5int_old_encrypt_length(const struct krb5_enc_provider *enc,
+                                const struct krb5_hash_provider *hash,
+                                size_t input, size_t *length);
 
-krb5_error_code krb5int_old_encrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output);
+krb5_error_code krb5int_old_encrypt(const struct krb5_enc_provider *enc,
+                                    const struct krb5_hash_provider *hash,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    const krb5_data *input, krb5_data *output);
 
-krb5_error_code krb5int_old_decrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *arg_output);
+krb5_error_code krb5int_old_decrypt(const struct krb5_enc_provider *enc,
+                                    const struct krb5_hash_provider *hash,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    const krb5_data *input,
+                                    krb5_data *arg_output);
 
-krb5_error_code krb5int_des_string_to_key
-(const struct krb5_enc_provider *enc,
-		const krb5_data *string, const krb5_data *salt,
-		const krb5_data *params,
-		krb5_keyblock *key);
+krb5_error_code krb5int_des_string_to_key(const struct krb5_enc_provider *enc,
+                                          const krb5_data *string,
+                                          const krb5_data *salt,
+                                          const krb5_data *params,
+                                          krb5_keyblock *key);
diff --git a/src/lib/crypto/krb/old/old_decrypt.c b/src/lib/crypto/krb/old/old_decrypt.c
index 97fbe6d..47996be 100644
--- a/src/lib/crypto/krb/old/old_decrypt.c
+++ b/src/lib/crypto/krb/old/old_decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,12 +30,12 @@
 
 krb5_error_code
 krb5int_old_decrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key,
-		 krb5_keyusage usage,
-		 const krb5_data *ivec,
-		 const krb5_data *input,
-		 krb5_data *arg_output)
+                    const struct krb5_hash_provider *hash,
+                    krb5_key key,
+                    krb5_keyusage usage,
+                    const krb5_data *ivec,
+                    const krb5_data *input,
+                    krb5_data *arg_output)
 {
     krb5_error_code ret;
     size_t blocksize, hashsize, plainsize;
@@ -48,53 +49,53 @@ krb5int_old_decrypt(const struct krb5_enc_provider *enc,
     plainsize = input->length - blocksize - hashsize;
 
     if (arg_output->length < plainsize)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     /* if there's enough space to work in the app buffer, use it,
        otherwise allocate our own */
 
     if ((cksumdata = (unsigned char *) malloc(hashsize)) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     if (arg_output->length < input->length) {
-	output.length = input->length;
+        output.length = input->length;
 
-	if ((output.data = (char *) malloc(output.length)) == NULL) {
-	    free(cksumdata);
-	    return(ENOMEM);
-	}
+        if ((output.data = (char *) malloc(output.length)) == NULL) {
+            free(cksumdata);
+            return(ENOMEM);
+        }
 
-	alloced = 1;
+        alloced = 1;
     } else {
-	output.length = input->length;
+        output.length = input->length;
 
-	output.data = arg_output->data;
+        output.data = arg_output->data;
 
-	alloced = 0;
+        alloced = 0;
     }
 
     /* decrypt it */
 
     /* save last ciphertext block in case we decrypt in place */
     if (ivec != NULL && ivec->length == blocksize) {
-	cn = malloc(blocksize);
-	if (cn == NULL) {
-	    ret = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(cn, input->data + input->length - blocksize, blocksize);
+        cn = malloc(blocksize);
+        if (cn == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(cn, input->data + input->length - blocksize, blocksize);
     } else
-	cn = NULL;
+        cn = NULL;
 
     /* XXX this is gross, but I don't have much choice */
     if ((key->keyblock.enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
-	crcivec.length = key->keyblock.length;
-	crcivec.data = (char *) key->keyblock.contents;
-	ivec = &crcivec;
+        crcivec.length = key->keyblock.length;
+        crcivec.data = (char *) key->keyblock.contents;
+        ivec = &crcivec;
     }
 
     if ((ret = ((*(enc->decrypt))(key, ivec, input, &output))))
-	goto cleanup;
+        goto cleanup;
 
     /* verify the checksum */
 
@@ -105,38 +106,38 @@ krb5int_old_decrypt(const struct krb5_enc_provider *enc,
     cksum.data = output.data+blocksize;
 
     if ((ret = ((*(hash->hash))(1, &output, &cksum))))
-	goto cleanup;
+        goto cleanup;
 
     if (memcmp(cksum.data, cksumdata, cksum.length) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
 
     /* copy the plaintext around */
 
     if (alloced) {
-	memcpy(arg_output->data, output.data+blocksize+hashsize,
-	       plainsize);
+        memcpy(arg_output->data, output.data+blocksize+hashsize,
+               plainsize);
     } else {
-	memmove(arg_output->data, arg_output->data+blocksize+hashsize,
-		plainsize);
+        memmove(arg_output->data, arg_output->data+blocksize+hashsize,
+                plainsize);
     }
     arg_output->length = plainsize;
 
     /* update ivec */
     if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
+        memcpy(ivec->data, cn, blocksize);
 
     ret = 0;
 
 cleanup:
     if (alloced) {
-	memset(output.data, 0, output.length);
-	free(output.data);
+        memset(output.data, 0, output.length);
+        free(output.data);
     }
 
     if (cn != NULL)
-	free(cn);
+        free(cn);
     memset(cksumdata, 0, hashsize);
     free(cksumdata);
     return(ret);
diff --git a/src/lib/crypto/krb/old/old_encrypt.c b/src/lib/crypto/krb/old/old_encrypt.c
index 137d6ed..1903a6c 100644
--- a/src/lib/crypto/krb/old/old_encrypt.c
+++ b/src/lib/crypto/krb/old/old_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,9 +30,9 @@
 
 void
 krb5int_old_encrypt_length(const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			size_t inputlen,
-			size_t *length)
+                           const struct krb5_hash_provider *hash,
+                           size_t inputlen,
+                           size_t *length)
 {
     size_t blocksize, hashsize;
 
@@ -43,12 +44,12 @@ krb5int_old_encrypt_length(const struct krb5_enc_provider *enc,
 
 krb5_error_code
 krb5int_old_encrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key,
-		 krb5_keyusage usage,
-		 const krb5_data *ivec,
-		 const krb5_data *input,
-		 krb5_data *output)
+                    const struct krb5_hash_provider *hash,
+                    krb5_key key,
+                    krb5_keyusage usage,
+                    const krb5_data *ivec,
+                    const krb5_data *input,
+                    krb5_data *output)
 {
     krb5_error_code ret;
     size_t blocksize, hashsize, enclen;
@@ -61,7 +62,7 @@ krb5int_old_encrypt(const struct krb5_enc_provider *enc,
     krb5int_old_encrypt_length(enc, hash, input->length, &enclen);
 
     if (output->length < enclen)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     output->length = enclen;
 
@@ -73,7 +74,7 @@ krb5int_old_encrypt(const struct krb5_enc_provider *enc,
     datain.data = output->data;
 
     if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &datain)))
-	return(ret);
+        return(ret);
     memcpy(output->data+blocksize+hashsize, input->data, input->length);
 
     /* compute the checksum */
@@ -82,29 +83,29 @@ krb5int_old_encrypt(const struct krb5_enc_provider *enc,
     datain.data = output->data+blocksize;
 
     if ((ret = ((*(hash->hash))(1, output, &datain))))
-	goto cleanup;
+        goto cleanup;
 
     /* encrypt it */
 
     /* XXX this is gross, but I don't have much choice */
     if ((key->keyblock.enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
-	crcivec.length = key->keyblock.length;
-	crcivec.data = (char *) key->keyblock.contents;
-	ivec = &crcivec;
-	real_ivec = 0;
+        crcivec.length = key->keyblock.length;
+        crcivec.data = (char *) key->keyblock.contents;
+        ivec = &crcivec;
+        real_ivec = 0;
     } else
-	real_ivec = 1;
+        real_ivec = 1;
 
     if ((ret = ((*(enc->encrypt))(key, ivec, output, output))))
-	goto cleanup;
+        goto cleanup;
 
     /* update ivec */
     if (real_ivec && ivec != NULL && ivec->length == blocksize)
-	memcpy(ivec->data, output->data + output->length - blocksize,
-	       blocksize);
+        memcpy(ivec->data, output->data + output->length - blocksize,
+               blocksize);
 cleanup:
     if (ret)
-	memset(output->data, 0, output->length);
+        memset(output->data, 0, output->length);
 
     return(ret);
 }
diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c
index c4ee596..c705ff5 100644
--- a/src/lib/crypto/krb/old_api_glue.c
+++ b/src/lib/crypto/krb/old_api_glue.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -38,16 +39,16 @@ krb5_boolean KRB5_CALLCONV is_coll_proof_cksum(krb5_cksumtype ctype);
 krb5_boolean KRB5_CALLCONV is_keyed_cksum(krb5_cksumtype ctype);
 krb5_error_code KRB5_CALLCONV krb5_random_confounder(size_t, krb5_pointer);
 krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_data *data,
-				  krb5_enc_data *enc_data);
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data);
 krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_enc_data *data,
-				  krb5_data *enc_data);
+                                  krb5_pointer ivec, krb5_enc_data *data,
+                                  krb5_data *enc_data);
 
 krb5_error_code KRB5_CALLCONV
 krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
-	     krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
-	     krb5_pointer ivec)
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
 {
     krb5_data inputd, ivecd;
     krb5_enc_data outputd;
@@ -55,12 +56,12 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     /* size is the length of the input cleartext data. */
@@ -73,19 +74,19 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
      */
     ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, &outlen);
     if (ret)
-	return ret;
+        return ret;
 
     outputd.ciphertext.length = outlen;
     outputd.ciphertext.data = outptr;
 
     return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
-			  &inputd, &outputd);
+                          &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
-	     krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
-	     krb5_pointer ivec)
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
 {
     krb5_enc_data inputd;
     krb5_data outputd, ivecd;
@@ -93,12 +94,12 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     /* size is the length of the input ciphertext data */
@@ -113,12 +114,12 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     outputd.data = outptr;
 
     return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
-			  &inputd, &outputd);
+                          &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
-		 const krb5_keyblock *key)
+                 const krb5_keyblock *key)
 {
     eblock->key = (krb5_keyblock *) key;
 
@@ -133,16 +134,16 @@ krb5_finish_key(krb5_context context, krb5_encrypt_block *eblock)
 
 krb5_error_code KRB5_CALLCONV
 krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
-		   krb5_keyblock *keyblock, const krb5_data *data,
-		   const krb5_data *salt)
+                   krb5_keyblock *keyblock, const krb5_data *data,
+                   const krb5_data *salt)
 {
     return krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
-				keyblock);
+                                keyblock);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		     const krb5_keyblock *keyblock, krb5_pointer *ptr)
+                     const krb5_keyblock *keyblock, krb5_pointer *ptr)
 {
     krb5_data data;
 
@@ -154,14 +155,14 @@ krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
 
 krb5_error_code KRB5_CALLCONV
 krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		       krb5_pointer *ptr)
+                       krb5_pointer *ptr)
 {
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		krb5_pointer ptr, krb5_keyblock **keyblock)
+                krb5_pointer ptr, krb5_keyblock **keyblock)
 {
     krb5_keyblock *key;
     krb5_error_code ret;
@@ -170,12 +171,12 @@ krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
 
     key = malloc(sizeof(krb5_keyblock));
     if (key == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_make_random_key(context, eblock->crypto_entry, key);
     if (ret) {
-	free(key);
-	return ret;
+        free(key);
+        return ret;
     }
 
     *keyblock = key;
@@ -190,7 +191,7 @@ krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock)
 
 krb5_error_code KRB5_CALLCONV
 krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
-		 krb5_enctype enctype)
+                 krb5_enctype enctype)
 {
     eblock->crypto_entry = enctype;
 
@@ -203,7 +204,7 @@ krb5_encrypt_size(size_t length, krb5_enctype crypto)
     size_t ret;
 
     if (krb5_c_encrypt_length(NULL, crypto, length, &ret))
-	return (size_t) -1; /* XXX */
+        return (size_t) -1; /* XXX */
 
     return ret;
 }
@@ -214,16 +215,16 @@ krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
     size_t ret;
 
     if (krb5_c_checksum_length(context, ctype, &ret))
-	return (size_t) -1; /* XXX */
+        return (size_t) -1; /* XXX */
 
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
-			krb5_const_pointer in, size_t in_length,
-			krb5_const_pointer seed, size_t seed_length,
-			krb5_checksum *outcksum)
+                        krb5_const_pointer in, size_t in_length,
+                        krb5_const_pointer seed, size_t seed_length,
+                        krb5_checksum *outcksum)
 {
     krb5_data input;
     krb5_keyblock key;
@@ -239,12 +240,12 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
 
     ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
     if (ret)
-	return ret;
+        return ret;
 
     if (outcksum->length < cksum.length) {
-	memset(cksum.contents, 0, cksum.length);
-	free(cksum.contents);
-	return KRB5_BAD_MSIZE;
+        memset(cksum.contents, 0, cksum.length);
+        free(cksum.contents);
+        return KRB5_BAD_MSIZE;
     }
 
     outcksum->magic = cksum.magic;
@@ -259,9 +260,9 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
 
 krb5_error_code KRB5_CALLCONV
 krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
-		     const krb5_checksum *cksum, krb5_const_pointer in,
-		     size_t in_length, krb5_const_pointer seed,
-		     size_t seed_length)
+                     const krb5_checksum *cksum, krb5_const_pointer in,
+                     size_t in_length, krb5_const_pointer seed,
+                     size_t seed_length)
 {
     krb5_data input;
     krb5_keyblock key;
@@ -276,10 +277,10 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 
     ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
     if (ret)
-	return ret;
+        return ret;
 
     if (!valid)
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
     return 0;
 }
@@ -296,8 +297,8 @@ krb5_random_confounder(size_t size, krb5_pointer ptr)
 }
 
 krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_data *data,
-				  krb5_enc_data *enc_data)
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data)
 {
     krb5_error_code ret;
     size_t enclen, blocksize;
@@ -305,15 +306,15 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
 
     ret = krb5_c_encrypt_length(context, key->enctype, data->length, &enclen);
     if (ret)
-	return ret;
+        return ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     enc_data->magic = KV5M_ENC_DATA;
@@ -322,40 +323,40 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
     enc_data->ciphertext.length = enclen;
     enc_data->ciphertext.data = malloc(enclen);
     if (enc_data->ciphertext.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
     if (ret)
-	free(enc_data->ciphertext.data);
+        free(enc_data->ciphertext.data);
 
     return ret;
 }
 
 krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_enc_data *enc_data,
-				  krb5_data *data)
+                                  krb5_pointer ivec, krb5_enc_data *enc_data,
+                                  krb5_data *data)
 {
     krb5_error_code ret;
     krb5_data ivecd;
     size_t blocksize;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     data->length = enc_data->ciphertext.length;
     data->data = malloc(data->length);
     if (data->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
     if (ret)
-	free(data->data);
+        free(data->data);
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/prf.c b/src/lib/crypto/krb/prf.c
index 27286c3..0361541 100644
--- a/src/lib/crypto/krb/prf.c
+++ b/src/lib/crypto/krb/prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/prf.c
  *
@@ -44,14 +45,14 @@ krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)
     assert(len);
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *len = ktp->prf_length;
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_prf(krb5_context context, krb5_key key,
-	   krb5_data *input, krb5_data *output)
+           krb5_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     krb5_error_code ret;
@@ -61,27 +62,27 @@ krb5_k_prf(krb5_context context, krb5_key key,
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     if (ktp->prf == NULL)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     output->magic = KV5M_DATA;
     if (ktp->prf_length != output->length)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     ret = (*ktp->prf)(ktp->enc, ktp->hash, key, input, output);
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock,
-	   krb5_data *input, krb5_data *output)
+           krb5_data *input, krb5_data *output)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_prf(context, key, input, output);
     krb5_k_free_key(context, key);
     return ret;
diff --git a/src/lib/crypto/krb/prf/des_prf.c b/src/lib/crypto/krb/prf/des_prf.c
index 4713086..6d5baf6 100644
--- a/src/lib/crypto/krb/prf/des_prf.c
+++ b/src/lib/crypto/krb/prf/des_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf//des_prf.c
  *
@@ -30,24 +31,24 @@
  */
 
 #include "prf_int.h"
-//#include <hash_provider/hash_provider.h>		/* XXX is this ok? */
+//#include <hash_provider/hash_provider.h>              /* XXX is this ok? */
 
 krb5_error_code
 krb5int_des_prf (const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, const krb5_data *in, krb5_data *out)
+                 const struct krb5_hash_provider *hash,
+                 krb5_key key, const krb5_data *in, krb5_data *out)
 {
-  krb5_data tmp;
-  krb5_error_code ret = 0;
+    krb5_data tmp;
+    krb5_error_code ret = 0;
 
-  hash = &krb5int_hash_md5;		/* MD5 is always used. */
-  tmp.length = hash->hashsize;
-  tmp.data = malloc(hash->hashsize);
-  if (tmp.data == NULL)
-    return ENOMEM;
-  ret = hash->hash(1, in, &tmp);
-  if (ret == 0)
-      ret = enc->encrypt(key, NULL, &tmp, out);
-  free(tmp.data);
-  return ret;
+    hash = &krb5int_hash_md5;             /* MD5 is always used. */
+    tmp.length = hash->hashsize;
+    tmp.data = malloc(hash->hashsize);
+    if (tmp.data == NULL)
+        return ENOMEM;
+    ret = hash->hash(1, in, &tmp);
+    if (ret == 0)
+        ret = enc->encrypt(key, NULL, &tmp, out);
+    free(tmp.data);
+    return ret;
 }
diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c
index 80f9d50..a453fc5 100644
--- a/src/lib/crypto/krb/prf/dk_prf.c
+++ b/src/lib/crypto/krb/prf/dk_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/dk_prf.c
  *
@@ -34,26 +35,26 @@
 
 krb5_error_code
 krb5int_dk_prf (const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, const krb5_data *in, krb5_data *out)
+                const struct krb5_hash_provider *hash,
+                krb5_key key, const krb5_data *in, krb5_data *out)
 {
-  krb5_data tmp;
-  krb5_data prfconst;
-  krb5_key kp = NULL;
-  krb5_error_code ret = 0;
+    krb5_data tmp;
+    krb5_data prfconst;
+    krb5_key kp = NULL;
+    krb5_error_code ret = 0;
 
-  prfconst.data = (char *) "prf";
-  prfconst.length = 3;
-  tmp.length = hash->hashsize;
-  tmp.data = malloc(hash->hashsize);
-  if (tmp.data == NULL)
-    return ENOMEM;
-  hash->hash(1, in, &tmp);
-  tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/
-  ret = krb5int_derive_key(enc, key, &kp, &prfconst);
-  if (ret == 0)
-      ret = enc->encrypt(kp, NULL, &tmp, out);
-  krb5_k_free_key(NULL, kp);
-  free (tmp.data);
-  return ret;
+    prfconst.data = (char *) "prf";
+    prfconst.length = 3;
+    tmp.length = hash->hashsize;
+    tmp.data = malloc(hash->hashsize);
+    if (tmp.data == NULL)
+        return ENOMEM;
+    hash->hash(1, in, &tmp);
+    tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/
+    ret = krb5int_derive_key(enc, key, &kp, &prfconst);
+    if (ret == 0)
+        ret = enc->encrypt(kp, NULL, &tmp, out);
+    krb5_k_free_key(NULL, kp);
+    free (tmp.data);
+    return ret;
 }
diff --git a/src/lib/crypto/krb/prf/prf_int.h b/src/lib/crypto/krb/prf/prf_int.h
index e21035f..341a99a 100644
--- a/src/lib/crypto/krb/prf/prf_int.h
+++ b/src/lib/crypto/krb/prf/prf_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/prf_int.h
  *
@@ -36,8 +37,8 @@ krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
 
 krb5_error_code
 krb5int_des_prf (const struct krb5_enc_provider *enc,
-                const struct krb5_hash_provider *hash,
-                krb5_key key, const krb5_data *in, krb5_data *out);
+                 const struct krb5_hash_provider *hash,
+                 krb5_key key, const krb5_data *in, krb5_data *out);
 
 krb5_error_code
 krb5int_dk_prf(const struct krb5_enc_provider *enc,
diff --git a/src/lib/crypto/krb/prf/rc4_prf.c b/src/lib/crypto/krb/prf/rc4_prf.c
index caeaa44..a851035 100644
--- a/src/lib/crypto/krb/prf/rc4_prf.c
+++ b/src/lib/crypto/krb/prf/rc4_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/rc4_prf.c
  *
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
index 00534ca..ef32699 100644
--- a/src/lib/crypto/krb/prng.c
+++ b/src/lib/crypto/krb/prng.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -42,17 +43,17 @@ entropy_estimate(unsigned int randsource, size_t length)
 {
     switch (randsource) {
     case KRB5_C_RANDSOURCE_OLDAPI:
-	return 4 * length;
+        return 4 * length;
     case KRB5_C_RANDSOURCE_OSRAND:
-	return 8 * length;
+        return 8 * length;
     case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
-	return 4 * length;
+        return 4 * length;
     case KRB5_C_RANDSOURCE_TIMING:
-	return 2;
+        return 2;
     case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
-	return 0;
+        return 0;
     default:
-	abort();
+        abort();
     }
     return 0;
 }
@@ -64,16 +65,16 @@ int krb5int_prng_init(void)
 
     yerr = k5_mutex_finish_init(&yarrow_lock);
     if (yerr)
-	return yerr;
+        return yerr;
 
     yerr = krb5int_yarrow_init (&y_ctx, NULL);
     if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
-	if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
-	    return KRB5_CRYPTO_INTERNAL;
-	assert (source_id == i);
+        if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
+            return KRB5_CRYPTO_INTERNAL;
+        assert (source_id == i);
     }
 
     return 0;
@@ -81,20 +82,20 @@ int krb5int_prng_init(void)
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
-			  const krb5_data *data)
+                          const krb5_data *data)
 {
     int yerr;
 
     /* Make sure the mutex got initialized.  */
     yerr = krb5int_crypto_init();
     if (yerr)
-	return yerr;
+        return yerr;
     /* Now, finally, feed in the data.  */
     yerr = krb5int_yarrow_input(&y_ctx, randsource,
-				data->data, data->length,
-				entropy_estimate(randsource, data->length));
+                                data->data, data->length,
+                                entropy_estimate(randsource, data->length));
     if (yerr != YARROW_OK)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     return 0;
 }
 
@@ -110,12 +111,12 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *data)
     int yerr;
     yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     if (yerr == YARROW_NOT_SEEDED) {
-	yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
-	if (yerr == YARROW_OK)
-	    yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
+        yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
+        if (yerr == YARROW_OK)
+            yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     }
     if (yerr != YARROW_OK)
-      return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     return 0;
 }
 
@@ -137,7 +138,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
 {
     if (success)
-	*success = 0;
+        *success = 0;
     return 0;
 }
 
@@ -167,28 +168,28 @@ read_entropy_from_device(krb5_context context, const char *device)
 
     fd = open (device, O_RDONLY);
     if (fd == -1)
-	return 0;
+        return 0;
     set_cloexec_fd(fd);
     if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
-	close(fd);
-	return 0;
+        close(fd);
+        return 0;
     }
 
     for (bp = buf, left = sizeof(buf); left > 0;) {
-	ssize_t count;
-	count = read(fd, bp, (unsigned) left);
-	if (count <= 0) {
-	    close(fd);
-	    return 0;
-	}
-	left -= count;
-	bp += count;
+        ssize_t count;
+        count = read(fd, bp, (unsigned) left);
+        if (count <= 0) {
+            close(fd);
+            return 0;
+        }
+        left -= count;
+        bp += count;
     }
     close(fd);
     data.length = sizeof (buf);
     data.data = (char *) buf;
     return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
-				      &data) == 0);
+                                      &data) == 0);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -203,11 +204,11 @@ krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
        we have both /dev/random and /dev/urandom.  We want the strong
        data included in the reseed so we get it first.*/
     if (strong) {
-	if (read_entropy_from_device(context, "/dev/random"))
-	    *oursuccess = 1;
+        if (read_entropy_from_device(context, "/dev/random"))
+            *oursuccess = 1;
     }
     if (read_entropy_from_device(context, "/dev/urandom"))
-	*oursuccess = 1;
+        *oursuccess = 1;
     return 0;
 }
 
diff --git a/src/lib/crypto/krb/rand2key/aes_rand2key.c b/src/lib/crypto/krb/rand2key/aes_rand2key.c
index c5028e5..4b876bc 100644
--- a/src/lib/crypto/krb/rand2key/aes_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/aes_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/aes_rand2key.c
  *
diff --git a/src/lib/crypto/krb/rand2key/des3_rand2key.c b/src/lib/crypto/krb/rand2key/des3_rand2key.c
index fe84c3a..31f3f4c 100644
--- a/src/lib/crypto/krb/rand2key/des3_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des3_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/des3_rand2key.c
  *
diff --git a/src/lib/crypto/krb/rand2key/des_rand2key.c b/src/lib/crypto/krb/rand2key/des_rand2key.c
index 1485965..e5cdded 100644
--- a/src/lib/crypto/krb/rand2key/des_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/des_rand2key.c
  *
@@ -32,9 +33,9 @@ krb5_error_code
 krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key)
 {
     if (key->length != KRB5_MIT_DES_KEYSIZE)
-    return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if (randombits->length != 7)
-    return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     key->magic = KV5M_KEYBLOCK;
 
@@ -43,9 +44,9 @@ krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key)
 
     memcpy(key->contents, randombits->data, randombits->length);
     key->contents[7] = (((key->contents[0]&1)<<1) | ((key->contents[1]&1)<<2) |
-            ((key->contents[2]&1)<<3) | ((key->contents[3]&1)<<4) |
-            ((key->contents[4]&1)<<5) | ((key->contents[5]&1)<<6) |
-            ((key->contents[6]&1)<<7));
+                        ((key->contents[2]&1)<<3) | ((key->contents[3]&1)<<4) |
+                        ((key->contents[4]&1)<<5) | ((key->contents[5]&1)<<6) |
+                        ((key->contents[6]&1)<<7));
 
     mit_des_fixup_key_parity(key->contents);
 
diff --git a/src/lib/crypto/krb/rand2key/rand2key.h b/src/lib/crypto/krb/rand2key/rand2key.h
index 01208f6..321c452 100644
--- a/src/lib/crypto/krb/rand2key/rand2key.h
+++ b/src/lib/crypto/krb/rand2key/rand2key.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 
 
diff --git a/src/lib/crypto/krb/rand2key/rc4_rand2key.c b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
index d498f05..2e2ddaa 100644
--- a/src/lib/crypto/krb/rand2key/rc4_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/rc4_rand2key.c
  *
diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c
index f94229a..8b37374 100644
--- a/src/lib/crypto/krb/random_to_key.c
+++ b/src/lib/crypto/krb/random_to_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
@@ -38,27 +39,27 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
-		     krb5_data *random_data, krb5_keyblock *random_key)
+                     krb5_data *random_data, krb5_keyblock *random_key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
 
     if (random_data == NULL || random_key == NULL ||
-	random_key->contents == NULL)
-	return EINVAL;
+        random_key->contents == NULL)
+        return EINVAL;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     if (random_key->length != enc->keylength)
-	return KRB5_BAD_KEYSIZE;
+        return KRB5_BAD_KEYSIZE;
 
     ret = (*enc->make_key)(random_data, random_key);
     if (ret)
-	memset(random_key->contents, 0, random_key->length);
+        memset(random_key->contents, 0, random_key->length);
 
     return ret;
 }
diff --git a/src/lib/crypto/krb/raw/raw.h b/src/lib/crypto/krb/raw/raw.h
index d5575e1..8f82fea 100644
--- a/src/lib/crypto/krb/raw/raw.h
+++ b/src/lib/crypto/krb/raw/raw.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -26,23 +27,22 @@
 
 #include "k5-int.h"
 
-void krb5_raw_encrypt_length
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		size_t input, size_t *length);
+void krb5_raw_encrypt_length(const struct krb5_enc_provider *enc,
+                             const struct krb5_hash_provider *hash,
+                             size_t input, size_t *length);
 
-krb5_error_code krb5int_raw_encrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output);
+krb5_error_code krb5int_raw_encrypt(const struct krb5_enc_provider *enc,
+                                    const struct krb5_hash_provider *hash,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    const krb5_data *input,
+                                    krb5_data *output);
 
-krb5_error_code krb5int_raw_decrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *arg_output);
+krb5_error_code krb5int_raw_decrypt(const struct krb5_enc_provider *enc,
+                                    const struct krb5_hash_provider *hash,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    const krb5_data *input,
+                                    krb5_data *arg_output);
 
 extern const struct krb5_aead_provider krb5int_aead_raw;
diff --git a/src/lib/crypto/krb/raw/raw_aead.c b/src/lib/crypto/krb/raw/raw_aead.c
index f15e486..a4551b9 100644
--- a/src/lib/crypto/krb/raw/raw_aead.c
+++ b/src/lib/crypto/krb/raw/raw_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/raw/raw_aead.c
  *
@@ -33,18 +34,18 @@
 
 static krb5_error_code
 krb5int_raw_crypto_length(const struct krb5_aead_provider *aead,
-			  const struct krb5_enc_provider *enc,
-			  const struct krb5_hash_provider *hash,
-			  krb5_cryptotype type,
-			  unsigned int *length)
+                          const struct krb5_enc_provider *enc,
+                          const struct krb5_hash_provider *hash,
+                          krb5_cryptotype type,
+                          unsigned int *length)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = enc->block_size;
-	break;
+        *length = enc->block_size;
+        break;
     default:
-	*length = 0;
-	break;
+        *length = 0;
+        break;
     }
 
     return 0;
@@ -52,13 +53,13 @@ krb5int_raw_crypto_length(const struct krb5_aead_provider *aead,
 
 static krb5_error_code
 krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead,
-			const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			krb5_key key,
-			krb5_keyusage usage,
-			const krb5_data *ivec,
-			krb5_crypto_iov *data,
-			size_t num_data)
+                        const struct krb5_enc_provider *enc,
+                        const struct krb5_hash_provider *hash,
+                        krb5_key key,
+                        krb5_keyusage usage,
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     krb5_error_code ret;
     krb5_crypto_iov *padding;
@@ -69,28 +70,28 @@ krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
-	    plainlen += iov->data.length;
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
     }
 
     if (blocksize != 0) {
-	/* Check that the input data is correctly padded */
-	if (plainlen % blocksize)
-	    padsize = blocksize - (plainlen % blocksize);
+        /* Check that the input data is correctly padded */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
     }
 
     padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
     if (padsize && (padding == NULL || padding->data.length < padsize))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (padding != NULL) {
-	memset(padding->data.data, 0, padsize);
-	padding->data.length = padsize;
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
     }
 
     assert(enc->encrypt_iov != NULL);
@@ -102,13 +103,13 @@ krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead,
 
 static krb5_error_code
 krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead,
-			const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			krb5_key key,
-			krb5_keyusage usage,
-			const krb5_data *ivec,
-			krb5_crypto_iov *data,
-			size_t num_data)
+                        const struct krb5_enc_provider *enc,
+                        const struct krb5_hash_provider *hash,
+                        krb5_key key,
+                        krb5_keyusage usage,
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     krb5_error_code ret;
     size_t i;
@@ -116,8 +117,8 @@ krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead,
     unsigned int cipherlen = 0;
 
     if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-					    usage, ivec, data, num_data);
+        return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
+                                            usage, ivec, data, num_data);
     }
 
 
@@ -125,23 +126,23 @@ krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
     if (ret != 0)
-	return ret;
+        return ret;
 
     for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    cipherlen += iov->data.length;
+        if (ENCRYPT_DATA_IOV(iov))
+            cipherlen += iov->data.length;
     }
 
     if (blocksize == 0) {
-	/* Check for correct input length in CTS mode */
-	if (enc->block_size != 0 && cipherlen < enc->block_size)
-	    return KRB5_BAD_MSIZE;
+        /* Check for correct input length in CTS mode */
+        if (enc->block_size != 0 && cipherlen < enc->block_size)
+            return KRB5_BAD_MSIZE;
     } else {
-	/* Check that the input data is correctly padded */
-	if ((cipherlen % blocksize) != 0)
-	    return KRB5_BAD_MSIZE;
+        /* Check that the input data is correctly padded */
+        if ((cipherlen % blocksize) != 0)
+            return KRB5_BAD_MSIZE;
     }
 
     /* Validate header and trailer lengths */
diff --git a/src/lib/crypto/krb/raw/raw_decrypt.c b/src/lib/crypto/krb/raw/raw_decrypt.c
index 34598bb..d2e12d6 100644
--- a/src/lib/crypto/krb/raw/raw_decrypt.c
+++ b/src/lib/crypto/krb/raw/raw_decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,10 +30,10 @@
 
 krb5_error_code
 krb5int_raw_decrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key, krb5_keyusage usage,
-		 const krb5_data *ivec, const krb5_data *input,
-		 krb5_data *output)
+                    const struct krb5_hash_provider *hash,
+                    krb5_key key, krb5_keyusage usage,
+                    const krb5_data *ivec, const krb5_data *input,
+                    krb5_data *output)
 {
     return((*(enc->decrypt))(key, ivec, input, output));
 }
diff --git a/src/lib/crypto/krb/raw/raw_encrypt.c b/src/lib/crypto/krb/raw/raw_encrypt.c
index 6e8516c..ba8eb3b 100644
--- a/src/lib/crypto/krb/raw/raw_encrypt.c
+++ b/src/lib/crypto/krb/raw/raw_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,8 +30,8 @@
 
 void
 krb5_raw_encrypt_length(const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			size_t inputlen, size_t *length)
+                        const struct krb5_hash_provider *hash,
+                        size_t inputlen, size_t *length)
 {
     size_t blocksize;
 
@@ -41,10 +42,10 @@ krb5_raw_encrypt_length(const struct krb5_enc_provider *enc,
 
 krb5_error_code
 krb5int_raw_encrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key, krb5_keyusage usage,
-		 const krb5_data *ivec, const krb5_data *input,
-		 krb5_data *output)
+                    const struct krb5_hash_provider *hash,
+                    krb5_key key, krb5_keyusage usage,
+                    const krb5_data *ivec, const krb5_data *input,
+                    krb5_data *output)
 {
     return((*(enc->encrypt))(key, ivec, input, output));
 }
diff --git a/src/lib/crypto/krb/state.c b/src/lib/crypto/krb/state.c
index 12638a4..ef0b2b6 100644
--- a/src/lib/crypto/krb/state.c
+++ b/src/lib/crypto/krb/state.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/state.c
  *
@@ -37,24 +38,24 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
-		   krb5_keyusage keyusage, krb5_data *new_state)
+                   krb5_keyusage keyusage, krb5_data *new_state)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     return ktp->enc->init_state(key, keyusage, new_state);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
-		  krb5_data *state)
+                  krb5_data *state)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     return ktp->enc->free_state(state);
 }
diff --git a/src/lib/crypto/krb/string_to_cksumtype.c b/src/lib/crypto/krb/string_to_cksumtype.c
index ae5da6d..b130b6c 100644
--- a/src/lib/crypto/krb/string_to_cksumtype.c
+++ b/src/lib/crypto/krb/string_to_cksumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -35,21 +36,21 @@ krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
     const struct krb5_cksumtypes *ctp;
 
     for (i=0; i<krb5int_cksumtypes_length; i++) {
-	ctp = &krb5int_cksumtypes_list[i];
-	if (strcasecmp(ctp->name, string) == 0) {
-	    *cksumtypep = ctp->ctype;
-	    return 0;
-	}
+        ctp = &krb5int_cksumtypes_list[i];
+        if (strcasecmp(ctp->name, string) == 0) {
+            *cksumtypep = ctp->ctype;
+            return 0;
+        }
 #define MAX_ALIASES (sizeof(ctp->aliases) / sizeof(ctp->aliases[0]))
-	for (j = 0; j < MAX_ALIASES; j++) {
-	    alias = ctp->aliases[j];
-	    if (alias == NULL)
-		break;
-	    if (strcasecmp(alias, string) == 0) {
-		*cksumtypep = ctp->ctype;
-		return 0;
-	    }
-	}
+        for (j = 0; j < MAX_ALIASES; j++) {
+            alias = ctp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *cksumtypep = ctp->ctype;
+                return 0;
+            }
+        }
     }
 
     return EINVAL;
diff --git a/src/lib/crypto/krb/string_to_enctype.c b/src/lib/crypto/krb/string_to_enctype.c
index 159c36b..25091fe 100644
--- a/src/lib/crypto/krb/string_to_enctype.c
+++ b/src/lib/crypto/krb/string_to_enctype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -36,21 +37,21 @@ krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
     const struct krb5_keytypes *ktp;
 
     for (i = 0; i < krb5int_enctypes_length; i++) {
-	ktp = &krb5int_enctypes_list[i];
-	if (strcasecmp(ktp->name, string) == 0) {
-	    *enctypep = ktp->etype;
-	    return 0;
-	}
+        ktp = &krb5int_enctypes_list[i];
+        if (strcasecmp(ktp->name, string) == 0) {
+            *enctypep = ktp->etype;
+            return 0;
+        }
 #define MAX_ALIASES (sizeof(ktp->aliases) / sizeof(ktp->aliases[0]))
-	for (j = 0; j < MAX_ALIASES; j++) {
-	    alias = ktp->aliases[j];
-	    if (alias == NULL)
-		break;
-	    if (strcasecmp(alias, string) == 0) {
-		*enctypep = ktp->etype;
-		return 0;
-	    }
-	}
+        for (j = 0; j < MAX_ALIASES; j++) {
+            alias = ktp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *enctypep = ktp->etype;
+                return 0;
+            }
+        }
     }
 
     return EINVAL;
diff --git a/src/lib/crypto/krb/string_to_key.c b/src/lib/crypto/krb/string_to_key.c
index e81568b..0a593d4 100644
--- a/src/lib/crypto/krb/string_to_key.c
+++ b/src/lib/crypto/krb/string_to_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,27 +30,27 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key_with_params(krb5_context context,
-				 krb5_enctype enctype,
-				 const krb5_data *string,
-				 const krb5_data *salt,
-				 const krb5_data *params,
-				 krb5_keyblock *key);
+                                 krb5_enctype enctype,
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params,
+                                 krb5_keyblock *key);
 
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
-		     const krb5_data *string, const krb5_data *salt,
-		     krb5_keyblock *key)
+                     const krb5_data *string, const krb5_data *salt,
+                     krb5_keyblock *key)
 {
     return krb5_c_string_to_key_with_params(context, enctype, string, salt,
-					    NULL, key);
+                                            NULL, key);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
-				 const krb5_data *string,
-				 const krb5_data *salt,
-				 const krb5_data *params, krb5_keyblock *key)
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params, krb5_keyblock *key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
@@ -57,7 +58,7 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     keylength = ktp->enc->keylength;
 
     /*
@@ -66,19 +67,19 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
      * deal with this.  Using s2kparams would be a much better solution.
      */
     if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
-	switch (enctype) {
-	case ENCTYPE_DES_CBC_CRC:
-	case ENCTYPE_DES_CBC_MD4:
-	case ENCTYPE_DES_CBC_MD5:
-	    break;
-	default:
-	    return KRB5_CRYPTO_INTERNAL;
-	}
+        switch (enctype) {
+        case ENCTYPE_DES_CBC_CRC:
+        case ENCTYPE_DES_CBC_MD4:
+        case ENCTYPE_DES_CBC_MD5:
+            break;
+        default:
+            return KRB5_CRYPTO_INTERNAL;
+        }
     }
 
     key->contents = malloc(keylength);
     if (key->contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     key->magic = KV5M_KEYBLOCK;
     key->enctype = enctype;
@@ -86,9 +87,9 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
 
     ret = (*ktp->str2key)(ktp->enc, string, salt, params, key);
     if (ret) {
-	zapfree(key->contents, keylength);
-	key->length = 0;
-	key->contents = NULL;
+        zapfree(key->contents, keylength);
+        key->length = 0;
+        key->contents = NULL;
     }
 
     return ret;
diff --git a/src/lib/crypto/krb/valid_cksumtype.c b/src/lib/crypto/krb/valid_cksumtype.c
index 2b1e722..a701efc 100644
--- a/src/lib/crypto/krb/valid_cksumtype.c
+++ b/src/lib/crypto/krb/valid_cksumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,8 +34,8 @@ krb5_c_valid_cksumtype(krb5_cksumtype ctype)
     unsigned int i;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == ctype)
-	    return TRUE;
+        if (krb5int_cksumtypes_list[i].ctype == ctype)
+            return TRUE;
     }
 
     return FALSE;
diff --git a/src/lib/crypto/krb/valid_enctype.c b/src/lib/crypto/krb/valid_enctype.c
index e6fcb2e..0957219 100644
--- a/src/lib/crypto/krb/valid_enctype.c
+++ b/src/lib/crypto/krb/valid_enctype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c
index a4869eb..3664abd 100644
--- a/src/lib/crypto/krb/verify_checksum.c
+++ b/src/lib/crypto/krb/verify_checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,8 +30,8 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_verify_checksum(krb5_context context, krb5_key key,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
     unsigned int i;
     const struct krb5_cksumtypes *ctp;
@@ -41,11 +42,11 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key,
     krb5_checksum computed;
 
     for (i=0; i<krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksum->checksum_type)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == cksum->checksum_type)
+            break;
     }
     if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     ctp = &krb5int_cksumtypes_list[i];
 
     indata.length = cksum->length;
@@ -53,36 +54,36 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key,
 
     /* If there's actually a verify function, call it. */
     if (ctp->keyhash) {
-	keyhash = ctp->keyhash;
+        keyhash = ctp->keyhash;
 
-	if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
-	    krb5_crypto_iov iov[1];
+        if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
+            krb5_crypto_iov iov[1];
 
-	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-	    iov[0].data.data = data->data;
-	    iov[0].data.length = data->length;
+            iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[0].data.data = data->data;
+            iov[0].data.length = data->length;
 
-	    return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata,
-					  valid);
-	} else if (keyhash->verify != NULL) {
-	    return (*keyhash->verify)(key, usage, 0, data, &indata, valid);
-	}
+            return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata,
+                                          valid);
+        } else if (keyhash->verify != NULL) {
+            return (*keyhash->verify)(key, usage, 0, data, &indata, valid);
+        }
     }
 
     /* Otherwise, make the checksum again, and compare. */
     ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize);
     if (ret)
-	return ret;
+        return ret;
 
     if (cksum->length != hashsize)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     computed.length = hashsize;
 
     ret = krb5_k_make_checksum(context, cksum->checksum_type, key, usage,
-			       data, &computed);
+                               data, &computed);
     if (ret)
-	return ret;
+        return ret;
 
     *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0);
 
@@ -92,16 +93,16 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key,
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *keyblock,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
     krb5_key key = NULL;
     krb5_error_code ret;
 
     if (keyblock != NULL) {
-	ret = krb5_k_create_key(context, keyblock, &key);
-	if (ret != 0)
-	    return ret;
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
     }
     ret = krb5_k_verify_checksum(context, key, usage, data, cksum, valid);
     krb5_k_free_key(context, key);
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index cbac1db..19f1f5e 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/verify_checksum_iov.c
  *
@@ -30,12 +31,12 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_verify_checksum_iov(krb5_context context,
-			   krb5_cksumtype checksum_type,
-			   krb5_key key,
-			   krb5_keyusage usage,
-			   const krb5_crypto_iov *data,
-			   size_t num_data,
-			   krb5_boolean *valid)
+                           krb5_cksumtype checksum_type,
+                           krb5_key key,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
 {
     unsigned int i;
     const struct krb5_cksumtypes *ctp;
@@ -45,51 +46,51 @@ krb5_k_verify_checksum_iov(krb5_context context,
     krb5_crypto_iov *checksum;
 
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == checksum_type)
-	    break;
+        if (krb5int_cksumtypes_list[i].ctype == checksum_type)
+            break;
     }
     if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     ctp = &krb5int_cksumtypes_list[i];
 
     checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
-				    KRB5_CRYPTO_TYPE_CHECKSUM);
+                                    KRB5_CRYPTO_TYPE_CHECKSUM);
     if (checksum == NULL)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     /* If there's actually a verify function, call it. */
     if (ctp->keyhash && ctp->keyhash->verify_iov) {
-	return (*ctp->keyhash->verify_iov)(key, usage, 0, data, num_data,
-					   &checksum->data, valid);
+        return (*ctp->keyhash->verify_iov)(key, usage, 0, data, num_data,
+                                           &checksum->data, valid);
     }
 
     /* Otherwise, make the checksum again, and compare. */
     if (ctp->keyhash != NULL)
-	computed.length = ctp->keyhash->hashsize;
+        computed.length = ctp->keyhash->hashsize;
     else
-	computed.length = ctp->hash->hashsize;
+        computed.length = ctp->hash->hashsize;
 
     if (ctp->trunc_size != 0)
-	cksumlen = ctp->trunc_size;
+        cksumlen = ctp->trunc_size;
     else
-	cksumlen = computed.length;
+        cksumlen = computed.length;
 
     if (checksum->data.length != cksumlen)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     computed.data = malloc(computed.length);
     if (computed.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i], key, usage,
-				      data, num_data, &computed);
+                                      data, num_data, &computed);
     if (ret) {
-	free(computed.data);
-	return ret;
+        free(computed.data);
+        return ret;
     }
 
     *valid = (computed.length == cksumlen) &&
-	     (memcmp(computed.data, checksum->data.data, cksumlen) == 0);
+        (memcmp(computed.data, checksum->data.data, cksumlen) == 0);
 
     free(computed.data);
     return 0;
@@ -97,21 +98,21 @@ krb5_k_verify_checksum_iov(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_verify_checksum_iov(krb5_context context,
-			   krb5_cksumtype checksum_type,
-			   const krb5_keyblock *keyblock,
-			   krb5_keyusage usage,
-			   const krb5_crypto_iov *data,
-			   size_t num_data,
-			   krb5_boolean *valid)
+                           krb5_cksumtype checksum_type,
+                           const krb5_keyblock *keyblock,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_verify_checksum_iov(context, checksum_type, key, usage, data,
-				     num_data, valid);
+                                     num_data, valid);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c
index 66a5fe4..0695cd3 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.c
+++ b/src/lib/crypto/krb/yarrow/yarrow.c
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 /*
  * Yarrow - Cryptographic Pseudo-Random Number Generator
@@ -106,11 +106,11 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y)
     limit = min(tmp1, tmp2);
     if (limit < COUNTER_MAX)
     {
-	y->gates_limit = limit;
+        y->gates_limit = limit;
     }
     else
     {
-	y->gates_limit = COUNTER_MAX;
+        y->gates_limit = COUNTER_MAX;
     }
 }
 
@@ -122,8 +122,8 @@ static int yarrow_reseed_locked( Yarrow_CTX* y, int pool );
 
 static int
 yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
-		     const void *sample,
-		     size_t size, size_t entropy_bits );
+                     const void *sample,
+                     size_t size, size_t entropy_bits );
 
 static int Yarrow_detect_fork(Yarrow_CTX *y)
 {
@@ -132,21 +132,21 @@ static int Yarrow_detect_fork(Yarrow_CTX *y)
 
     /* this does not work for multi-threaded apps if threads have different
      * pids */
-       newpid = getpid();
+    newpid = getpid();
     if ( y->pid != newpid )
     {
-	/* we input the pid twice, so it will get into the fast pool at least once
-	 * Then we reseed.  This doesn't really increase entropy, but does make the
-	 * streams distinct assuming we already have good entropy*/
-	y->pid = newpid;
-	TRY (yarrow_input_locked (y, 0, &newpid,
-				  sizeof (newpid), 0));
-	TRY (yarrow_input_locked (y, 0, &newpid,
-				  sizeof (newpid), 0));
-	TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
+        /* we input the pid twice, so it will get into the fast pool at least once
+         * Then we reseed.  This doesn't really increase entropy, but does make the
+         * streams distinct assuming we already have good entropy*/
+        y->pid = newpid;
+        TRY (yarrow_input_locked (y, 0, &newpid,
+                                  sizeof (newpid), 0));
+        TRY (yarrow_input_locked (y, 0, &newpid,
+                                  sizeof (newpid), 0));
+        TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
     }
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -215,41 +215,41 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename)
 #if defined( YARROW_SAVE_STATE )
     if ( y->entropyfile != NULL )
     {
-	int ret = Yarrow_Load_State( y );
-	if ( ret != YARROW_OK && ret != YARROW_NO_STATE )
-	{
-	    THROW( ret );
-	}
-
-	/*  if load suceeded then write new state back immediately
-	 */
-
-	/*  Also check that it's not already saved, because the reseed in
-	 *  Yarrow_Load_State may trigger a save
-	 */
-
-	if ( ret == YARROW_OK && !y->saved )
-	{
-	    TRY( Yarrow_Save_State( y ) );
-	}
+        int ret = Yarrow_Load_State( y );
+        if ( ret != YARROW_OK && ret != YARROW_NO_STATE )
+        {
+            THROW( ret );
+        }
+
+        /*  if load suceeded then write new state back immediately
+         */
+
+        /*  Also check that it's not already saved, because the reseed in
+         *  Yarrow_Load_State may trigger a save
+         */
+
+        if ( ret == YARROW_OK && !y->saved )
+        {
+            TRY( Yarrow_Save_State( y ) );
+        }
     }
 #endif
 
     if ( !y->seeded )
     {
-	THROW( YARROW_NOT_SEEDED );
+        THROW( YARROW_NOT_SEEDED );
     }
 
- CATCH:
+CATCH:
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }
 
 static
 int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
-				const void* sample,
-				size_t size, size_t entropy_bits,
-				int do_lock )
+                                const void* sample,
+                                size_t size, size_t entropy_bits,
+                                int do_lock )
 {
     EXCEP_DECL;
     int ret;
@@ -259,8 +259,8 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     size_t estimate;
 
     if (do_lock) {
-	    TRY( LOCK() );
-	    locked = 1;
+        TRY( LOCK() );
+        locked = 1;
     }
     k5_assert_locked(&krb5int_yarrow_lock);
 
@@ -272,7 +272,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 
     if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL)
     {
-	THROW( YARROW_BAD_SOURCE );
+        THROW( YARROW_BAD_SOURCE );
     }
 
     /* hash in the sample */
@@ -282,78 +282,78 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     /* only update entropy estimate if pool is not full */
 
     if ( (source->pool == YARROW_FAST_POOL &&
-	  source->entropy[source->pool] < y->fast_thresh) ||
-	 (source->pool == YARROW_SLOW_POOL &&
-	  source->entropy[source->pool] < y->slow_thresh) )
+          source->entropy[source->pool] < y->fast_thresh) ||
+         (source->pool == YARROW_SLOW_POOL &&
+          source->entropy[source->pool] < y->slow_thresh) )
     {
-	new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER);
-	if (source->estimator)
-	{
-	    estimate = source->estimator(sample, size);
-	    new_entropy = min(new_entropy, estimate);
-	}
-	source->entropy[source->pool] += new_entropy;
-	if ( source->entropy[source->pool] > YARROW_POOL_SIZE )
-	{
-	    source->entropy[source->pool] = YARROW_POOL_SIZE;
-	}
-
-	if (source->pool == YARROW_FAST_POOL)
-	{
-	    if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
-	    {
-		ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
-		if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
-		{
-		    THROW( ret );
-		}
-	    }
-	}
-	else
-	{
-	    if (!source->reached_slow_thresh &&
-		source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
-	    {
-		source->reached_slow_thresh = 1;
-		y->slow_k_of_n++;
-		if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
-		{
-		    y->slow_k_of_n = 0;
-		    ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
-		    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
-		    {
-			THROW( ret );
-		    }
-		}
-	    }
-	}
+        new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER);
+        if (source->estimator)
+        {
+            estimate = source->estimator(sample, size);
+            new_entropy = min(new_entropy, estimate);
+        }
+        source->entropy[source->pool] += new_entropy;
+        if ( source->entropy[source->pool] > YARROW_POOL_SIZE )
+        {
+            source->entropy[source->pool] = YARROW_POOL_SIZE;
+        }
+
+        if (source->pool == YARROW_FAST_POOL)
+        {
+            if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
+            {
+                ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
+                if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
+                {
+                    THROW( ret );
+                }
+            }
+        }
+        else
+        {
+            if (!source->reached_slow_thresh &&
+                source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
+            {
+                source->reached_slow_thresh = 1;
+                y->slow_k_of_n++;
+                if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
+                {
+                    y->slow_k_of_n = 0;
+                    ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
+                    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
+                    {
+                        THROW( ret );
+                    }
+                }
+            }
+        }
     }
 
     /* put samples in alternate pools */
 
     source->pool = (source->pool + 1) % 2;
 
- CATCH:
+CATCH:
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }
 
 YARROW_DLL
 int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
-		  const void* sample,
-		  size_t size, size_t entropy_bits )
+                          const void* sample,
+                          size_t size, size_t entropy_bits )
 {
     return yarrow_input_maybe_locking(y, source_id, sample, size,
-				      entropy_bits, 1);
+                                      entropy_bits, 1);
 }
 
 static int
 yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
-		     const void *sample,
-		     size_t size, size_t entropy_bits )
+                     const void *sample,
+                     size_t size, size_t entropy_bits )
 {
     return yarrow_input_maybe_locking(y, source_id, sample, size,
-				      entropy_bits, 0);
+                                      entropy_bits, 0);
 }
 
 YARROW_DLL
@@ -370,7 +370,7 @@ int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id)
 
     if (y->num_sources + 1 > YARROW_MAX_SOURCES)
     {
-	THROW( YARROW_TOO_MANY_SOURCES );
+        THROW( YARROW_TOO_MANY_SOURCES );
     }
 
     *source_id = y->num_sources;
@@ -390,7 +390,7 @@ CATCH:
 }
 
 int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
-                                     estimator_fn* fptr)
+                                             estimator_fn* fptr)
 {
     EXCEP_DECL;
     Source* source;
@@ -402,7 +402,7 @@ int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
 
     source->estimator = fptr;
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -419,22 +419,22 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
     y->out_count++;
     if (y->out_count >= y->Pg)
     {
-	y->out_count = 0;
-	TRY( yarrow_gate_locked( y ) );
+        y->out_count = 0;
+        TRY( yarrow_gate_locked( y ) );
 
-	/* require new seed after reaching gates_limit */
+        /* require new seed after reaching gates_limit */
 
-	y->gate_count++;
-	if ( y->gate_count >= y->gates_limit )
-	{
-	    y->gate_count = 0;
+        y->gate_count++;
+        if ( y->gate_count >= y->gates_limit )
+        {
+            y->gate_count = 0;
 
-	    /* not defined whether to do slow or fast reseed */
+            /* not defined whether to do slow or fast reseed */
 
-	    TRACE( printf( "OUTPUT LIMIT REACHED," ); );
+            TRACE( printf( "OUTPUT LIMIT REACHED," ); );
 
-	    TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
-	}
+            TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
+        }
     }
 
     /* C <- (C + 1) mod 2^n */
@@ -451,13 +451,13 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
     hex_print( stdout, "output: K", y->K, CIPHER_KEY_SIZE );
     hex_print( stdout, "output: O", out, CIPHER_BLOCK_SIZE );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
 YARROW_DLL
 int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
-		   size_t *entropy_bits, size_t *entropy_max )
+                           size_t *entropy_bits, size_t *entropy_max )
 {
     EXCEP_DECL;
     int num = y->slow_k_of_n_thresh;
@@ -476,22 +476,22 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
 
     if (y->seeded)
     {
-	if (num_sources) { *num_sources = 0; }
-	if (entropy_bits) { *entropy_bits = emax; }
-	THROW( YARROW_OK );
+        if (num_sources) { *num_sources = 0; }
+        if (entropy_bits) { *entropy_bits = emax; }
+        THROW( YARROW_OK );
     }
 
     for (i = 0; i < y->num_sources; i++)
     {
-	if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
-	{
-	    num--;
-	}
-	else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy)
-	{
-	    source = i;
-	    entropy = y->source[i].entropy[YARROW_SLOW_POOL];
-	}
+        if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
+        {
+            num--;
+        }
+        else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy)
+        {
+            source = i;
+            entropy = y->source[i].entropy[YARROW_SLOW_POOL];
+        }
     }
 
     if (num_sources) { *num_sources = num; }
@@ -499,7 +499,7 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
     if (entropy_bits) { *entropy_bits = entropy; }
     THROW( YARROW_NOT_SEEDED );
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -534,28 +534,28 @@ int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size )
 
     if (y->out_left > 0)
     {
-	use = min(left, y->out_left);
-	mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use);
-	left -= use;
-	y->out_left -= use;
-	outp += use;
+        use = min(left, y->out_left);
+        mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use);
+        left -= use;
+        y->out_left -= use;
+        outp += use;
     }
 
     for ( ;
-	  left >= CIPHER_BLOCK_SIZE;
-	  left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
+          left >= CIPHER_BLOCK_SIZE;
+          left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
     {
-	TRY( krb5int_yarrow_output_Block(y, outp) );
+        TRY( krb5int_yarrow_output_Block(y, outp) );
     }
 
     if (left > 0)
     {
-	TRY( krb5int_yarrow_output_Block(y, y->out) );
-	mem_copy(outp, y->out, left);
-	y->out_left = CIPHER_BLOCK_SIZE - left;
+        TRY( krb5int_yarrow_output_Block(y, y->out) );
+        mem_copy(outp, y->out, left);
+        y->out_left = CIPHER_BLOCK_SIZE - left;
     }
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -577,7 +577,7 @@ static int yarrow_gate_locked(Yarrow_CTX* y)
 
     TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(new_K, sizeof(new_K));
     EXCEP_RET;
@@ -601,7 +601,7 @@ int krb5int_yarrow_gate(Yarrow_CTX* y)
 
     TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(new_K, sizeof(new_K));
     EXCEP_RET;
@@ -617,24 +617,24 @@ static int Yarrow_Load_State( Yarrow_CTX *y )
 
     if ( y->entropyfile )
     {
-	TRY( STATE_Load(y->entropyfile, &state) );
-	TRACE( printf( "LOAD STATE," ); );
+        TRY( STATE_Load(y->entropyfile, &state) );
+        TRACE( printf( "LOAD STATE," ); );
 
 #if defined( YARROW_DEBUG )
-	hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
+        hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
 #endif
 
-	/* what to do here is not defined by the Yarrow paper */
-	/* this is a place holder until we get some clarification */
+        /* what to do here is not defined by the Yarrow paper */
+        /* this is a place holder until we get some clarification */
 
-	HASH_Update( &y->pool[YARROW_FAST_POOL],
-		     state.seed, sizeof(state.seed) );
+        HASH_Update( &y->pool[YARROW_FAST_POOL],
+                     state.seed, sizeof(state.seed) );
 
-	Yarrow_Make_Seeded( y );
+        Yarrow_Make_Seeded( y );
 
-	TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) );
+        TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) );
     }
- CATCH:
+CATCH:
     mem_zero(state.seed, sizeof(state.seed));
     EXCEP_RET;
 }
@@ -648,16 +648,16 @@ static int Yarrow_Save_State( Yarrow_CTX *y )
 
     if ( y->entropyfile && y->seeded )
     {
-	TRACE( printf( "SAVE STATE[" ); );
-	TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
-	TRY( STATE_Save(y->entropyfile, &state) );
+        TRACE( printf( "SAVE STATE[" ); );
+        TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
+        TRY( STATE_Save(y->entropyfile, &state) );
     }
     y->saved = 1;
 # if defined(YARROW_DEBUG)
     hex_print(stdout, "state.save", state.seed, sizeof(state.seed));
 # endif
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(state.seed, sizeof(state.seed));
     EXCEP_RET;
@@ -683,33 +683,33 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
     slow_pool = &y->pool[YARROW_SLOW_POOL];
     if( pool != YARROW_FAST_POOL && pool != YARROW_SLOW_POOL )
     {
-	THROW( YARROW_BAD_ARG );
+        THROW( YARROW_BAD_ARG );
     }
 
     TRACE( printf( "%s RESEED,",
-		   pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
+                   pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
 
     if (pool == YARROW_SLOW_POOL)
     {
-	/* SLOW RESEED */
+        /* SLOW RESEED */
 
-	/* feed hash of slow pool into the fast pool */
+        /* feed hash of slow pool into the fast pool */
 
 
-	HASH_Final(slow_pool, digest);
+        HASH_Final(slow_pool, digest);
 
-	/*  Each pool contains the running hash of all inputs fed into it
-	 *  since it was last used to carry out a reseed -- this implies
-	 *  that the pool must be reinitialized after a reseed
-	 */
+        /*  Each pool contains the running hash of all inputs fed into it
+         *  since it was last used to carry out a reseed -- this implies
+         *  that the pool must be reinitialized after a reseed
+         */
 
-	HASH_Init(slow_pool);    /* reinitialize slow pool */
-	HASH_Update(fast_pool, digest, sizeof(digest));
+        HASH_Init(slow_pool);    /* reinitialize slow pool */
+        HASH_Update(fast_pool, digest, sizeof(digest));
 
-	if (y->seeded == 0)
-	{
-	    Yarrow_Make_Seeded( y );
-	}
+        if (y->seeded == 0)
+        {
+            Yarrow_Make_Seeded( y );
+        }
     }
 
     /* step 1. v_0 <- hash of all inputs into fast pool */
@@ -727,14 +727,14 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 
     for ( i = 0; i < y->Pt[pool]; i++ )
     {
-	HASH_Init(&hash);
-	HASH_Update(&hash, v_i, sizeof(v_i));
-	HASH_Update(&hash, v_0, sizeof(v_0));
-	big_endian_int32 = make_big_endian32(0); /* MS word */
-	HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
-	big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */
-	HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
-	HASH_Final(&hash, &v_i);
+        HASH_Init(&hash);
+        HASH_Update(&hash, v_i, sizeof(v_i));
+        HASH_Update(&hash, v_0, sizeof(v_0));
+        big_endian_int32 = make_big_endian32(0); /* MS word */
+        HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
+        big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */
+        HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
+        HASH_Final(&hash, &v_i);
     }
 
     /* step3. K = h'(h(v_Pt|K)) */
@@ -781,15 +781,15 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 
     for (i = 0; i < y->num_sources; i++)
     {
-	y->source[i].entropy[pool] = 0;
-	if (pool == YARROW_SLOW_POOL)
-	{
-    /*   if this is a slow reseed, reset the fast pool entropy
-     *   accumulator also
-     */
-	    y->source[i].entropy[YARROW_FAST_POOL] = 0;
-	    y->source[i].reached_slow_thresh = 0;
-	}
+        y->source[i].entropy[pool] = 0;
+        if (pool == YARROW_SLOW_POOL)
+        {
+            /*   if this is a slow reseed, reset the fast pool entropy
+             *   accumulator also
+             */
+            y->source[i].entropy[YARROW_FAST_POOL] = 0;
+            y->source[i].reached_slow_thresh = 0;
+        }
     }
 
     /*  step 7. If a seed file is in use, the next 2k bits of output
@@ -799,11 +799,11 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 #if defined( YARROW_SAVE_STATE )
     if ( y->seeded && y->entropyfile )
     {
-	TRY( Yarrow_Save_State( y ) );
+        TRY( Yarrow_Save_State( y ) );
     }
 #endif
 
- CATCH:
+CATCH:
     /*   step 6. Wipe the memory of all intermediate values
      *
      */
@@ -817,11 +817,11 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 }
 int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
 {
-	int r;
-	LOCK();
-	r = yarrow_reseed_locked(y, pool);
-	UNLOCK();
-	return r;
+    int r;
+    LOCK();
+    r = yarrow_reseed_locked(y, pool);
+    UNLOCK();
+    return r;
 }
 
 int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size)
@@ -836,7 +836,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 
     if (m == NULL || size == 0 || out == NULL || out_size == 0)
     {
-	THROW( YARROW_BAD_ARG );
+        THROW( YARROW_BAD_ARG );
     }
 
     /*
@@ -859,28 +859,28 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 
     HASH_Init(&hash);
     for ( ;
-	  left > 0;
-	  left -= HASH_DIGEST_SIZE)
+          left > 0;
+          left -= HASH_DIGEST_SIZE)
     {
-	HASH_Update(&hash, s_i, use);
+        HASH_Update(&hash, s_i, use);
 
-	/* have to save hash state to one side as HASH_final changes state */
+        /* have to save hash state to one side as HASH_final changes state */
 
-	mem_copy(&save, &hash, sizeof(hash));
-	HASH_Final(&hash, digest);
+        mem_copy(&save, &hash, sizeof(hash));
+        HASH_Final(&hash, digest);
 
-	use = min(HASH_DIGEST_SIZE, left);
-	mem_copy(outp, digest, use);
+        use = min(HASH_DIGEST_SIZE, left);
+        mem_copy(outp, digest, use);
 
-	/* put state back for next time */
+        /* put state back for next time */
 
-	mem_copy(&hash, &save, sizeof(hash));
+        mem_copy(&hash, &save, sizeof(hash));
 
-	s_i = outp;            /* retain pointer to s_i */
-	outp += use;
+        s_i = outp;            /* retain pointer to s_i */
+        outp += use;
     }
 
- CATCH:
+CATCH:
     mem_zero(&hash, sizeof(hash));
     mem_zero(digest, sizeof(digest));
 
@@ -894,7 +894,7 @@ static void block_increment(void* block, const int sz)
 
     for (i = sz-1; (++b[i]) == 0 && i > 0; i--)
     {
-	; /* nothing */
+        ; /* nothing */
     }
 }
 
@@ -911,15 +911,15 @@ int krb5int_yarrow_final(Yarrow_CTX* y)
 #if defined( YARROW_SAVE_STATE )
     if ( y->seeded && y->entropyfile )
     {
-	TRY( Yarrow_Save_State( y ) );
+        TRY( Yarrow_Save_State( y ) );
     }
 #endif
 
- CATCH:
+CATCH:
     if ( y )
     {
-	krb5int_yarrow_cipher_final(&y->cipher);
-	mem_zero( y, sizeof(Yarrow_CTX) );
+        krb5int_yarrow_cipher_final(&y->cipher);
+        mem_zero( y, sizeof(Yarrow_CTX) );
     }
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
@@ -930,9 +930,9 @@ const char* krb5int_yarrow_str_error( int err )
 {
     err = 1-err;
     if ( err < 0 ||
-	 (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
+         (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
     {
-	err = 1-YARROW_FAIL;
+        err = 1-YARROW_FAIL;
     }
     return yarrow_str_error[ err ];
 }
@@ -949,9 +949,9 @@ static void hex_print(FILE* f, const char* var, void* data, size_t size)
     fprintf(f, " = ");
     for (i = 0; i < size; i++)
     {
-	c = conv[(p[i] >> 4) & 0xf];
-	d = conv[p[i] & 0xf];
-	fprintf(f, "%c%c", c, d);
+        c = conv[(p[i] >> 4) & 0xf];
+        d = conv[p[i] & 0xf];
+        fprintf(f, "%c%c", c, d);
     }
     fprintf(f, "\n");
 }
diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h
index 3cf50fd..4f7cd51 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.h
+++ b/src/lib/crypto/krb/yarrow/yarrow.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YARROW_H
 #define YARROW_H
@@ -135,12 +135,12 @@ int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
 
 YARROW_DLL
 int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
-		  const void* sample,
-		  size_t size, size_t entropy_bits );
+                          const void* sample,
+                          size_t size, size_t entropy_bits );
 
 YARROW_DLL
 int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
-		   size_t *entropy_bits, size_t *entropy_max );
+                           size_t *entropy_bits, size_t *entropy_max );
 
 YARROW_DLL
 int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size );
@@ -150,7 +150,7 @@ int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
 
 YARROW_DLL
 int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id,
-				      estimator_fn* fptr );
+                                              estimator_fn* fptr );
 
 YARROW_DLL
 int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size );
diff --git a/src/lib/crypto/krb/yarrow/ycipher.c b/src/lib/crypto/krb/yarrow/ycipher.c
index 8da7b71..2eacc95 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.c
+++ b/src/lib/crypto/krb/yarrow/ycipher.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/yarrow/ycipher.c
  *
@@ -38,49 +39,49 @@ krb5int_yarrow_cipher_init
 (CIPHER_CTX *ctx,
  unsigned const char * key)
 {
-  size_t keybytes, keylength;
-  const struct krb5_enc_provider *enc = &yarrow_enc_provider;
-  krb5_error_code ret;
-  krb5_data randombits;
-  krb5_keyblock keyblock;
+    size_t keybytes, keylength;
+    const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+    krb5_error_code ret;
+    krb5_data randombits;
+    krb5_keyblock keyblock;
 
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  assert (keybytes == CIPHER_KEY_SIZE);
-  krb5_k_free_key(NULL, ctx->key);
-  ctx->key = NULL;
-  keyblock.contents = malloc(keylength);
-  keyblock.length = keylength;
-  if (keyblock.contents == NULL)
-    return (YARROW_NOMEM);
-  randombits.data = (char *) key;
-  randombits.length = keybytes;
-  ret = enc->make_key(&randombits, &keyblock);
-  if (ret != 0)
-      goto cleanup;
-  ret = krb5_k_create_key(NULL, &keyblock, &ctx->key);
+    keybytes = enc->keybytes;
+    keylength = enc->keylength;
+    assert (keybytes == CIPHER_KEY_SIZE);
+    krb5_k_free_key(NULL, ctx->key);
+    ctx->key = NULL;
+    keyblock.contents = malloc(keylength);
+    keyblock.length = keylength;
+    if (keyblock.contents == NULL)
+        return (YARROW_NOMEM);
+    randombits.data = (char *) key;
+    randombits.length = keybytes;
+    ret = enc->make_key(&randombits, &keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5_k_create_key(NULL, &keyblock, &ctx->key);
 cleanup:
-  free(keyblock.contents);
-  if (ret)
-    return YARROW_FAIL;
-  return YARROW_OK;
+    free(keyblock.contents);
+    if (ret)
+        return YARROW_FAIL;
+    return YARROW_OK;
 }
 
 int krb5int_yarrow_cipher_encrypt_block
 (CIPHER_CTX *ctx, const unsigned char *in,
  unsigned char *out)
 {
-  krb5_error_code ret;
-  krb5_data ind, outd;
-  const struct krb5_enc_provider *enc = &yarrow_enc_provider;
-  ind.data = (char *) in;
-  ind.length = CIPHER_BLOCK_SIZE;
-  outd.data = (char *) out;
-  outd.length = CIPHER_BLOCK_SIZE;
-  ret = enc->encrypt(ctx->key, 0, &ind, &outd);
-  if (ret)
-    return YARROW_FAIL;
-  return YARROW_OK;
+    krb5_error_code ret;
+    krb5_data ind, outd;
+    const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+    ind.data = (char *) in;
+    ind.length = CIPHER_BLOCK_SIZE;
+    outd.data = (char *) out;
+    outd.length = CIPHER_BLOCK_SIZE;
+    ret = enc->encrypt(ctx->key, 0, &ind, &outd);
+    if (ret)
+        return YARROW_FAIL;
+    return YARROW_OK;
 }
 
 void
@@ -88,6 +89,6 @@ krb5int_yarrow_cipher_final
 (CIPHER_CTX *ctx)
 
 {
-  krb5_k_free_key(NULL, ctx->key);
-  ctx->key = NULL;
+    krb5_k_free_key(NULL, ctx->key);
+    ctx->key = NULL;
 }
diff --git a/src/lib/crypto/krb/yarrow/ycipher.h b/src/lib/crypto/krb/yarrow/ycipher.h
index 554cf9a..21151bd 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.h
+++ b/src/lib/crypto/krb/yarrow/ycipher.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YCIPHER_H
 #define YCIPHER_H
diff --git a/src/lib/crypto/krb/yarrow/yexcep.h b/src/lib/crypto/krb/yarrow/yexcep.h
index b066c91..f76f650 100644
--- a/src/lib/crypto/krb/yarrow/yexcep.h
+++ b/src/lib/crypto/krb/yarrow/yexcep.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YEXCEP_H
 #define YEXCEP_H
@@ -85,16 +85,16 @@
 #define EXCEP_OK 1
 #define EXCEP_DECL int _thr = 0, _ret2 = 0, _ret = _ret2+EXCEP_OK
 
-#define THROW( x ) \
-    do { \
-        _ret = (x); \
-        if( !_thr ) { goto _catch; } \
+#define THROW( x )                              \
+    do {                                        \
+        _ret = (x);                             \
+        if( !_thr ) { goto _catch; }            \
     } while ( 0 )
 
-#define TRY( x ) \
-    do { \
-        _ret2 = (x); \
-        if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); } \
+#define TRY( x )                                                \
+    do {                                                        \
+        _ret2 = (x);                                            \
+        if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); }       \
     } while ( 0 )
 
 #define SET( x ) (_ret = (x))
diff --git a/src/lib/crypto/krb/yarrow/ylock.h b/src/lib/crypto/krb/yarrow/ylock.h
index 9c032dc..aacf786 100644
--- a/src/lib/crypto/krb/yarrow/ylock.h
+++ b/src/lib/crypto/krb/yarrow/ylock.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YLOCK_H
 #define YLOCK_H
@@ -17,7 +17,7 @@ static int UNLOCK( void ) {  return (YARROW_OK); }
 #else
 #include "k5-thread.h"
 extern k5_mutex_t krb5int_yarrow_lock;
-#define LOCK()	(k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
+#define LOCK()  (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
 #define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
 #endif
 
diff --git a/src/lib/crypto/krb/yarrow/ystate.h b/src/lib/crypto/krb/yarrow/ystate.h
index 2886ca3..fd277d2 100644
--- a/src/lib/crypto/krb/yarrow/ystate.h
+++ b/src/lib/crypto/krb/yarrow/ystate.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YSTATE_H
 #define YSTATE_H
diff --git a/src/lib/crypto/krb/yarrow/ytypes.h b/src/lib/crypto/krb/yarrow/ytypes.h
index 23c1bdf..9abbf8c 100644
--- a/src/lib/crypto/krb/yarrow/ytypes.h
+++ b/src/lib/crypto/krb/yarrow/ytypes.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YTYPES_H
 #define YTYPES_H
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c
index 9dd1402..b2fa1f1 100644
--- a/src/lib/crypto/openssl/aes/aes_s2k.c
+++ b/src/lib/crypto/openssl/aes/aes_s2k.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/aes/aes_s2k.c
  *
@@ -31,15 +32,15 @@
 #include "dk.h"
 #include "aes_s2k.h"
 
-#define DEFAULT_ITERATION_COUNT		4096 /* was 0xb000L in earlier drafts */
-#define MAX_ITERATION_COUNT		0x1000000L
+#define DEFAULT_ITERATION_COUNT         4096 /* was 0xb000L in earlier drafts */
+#define MAX_ITERATION_COUNT             0x1000000L
 
 krb5_error_code
 krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt,
-			  const krb5_data *params,
-			  krb5_keyblock *key)
+                          const krb5_data *string,
+                          const krb5_data *salt,
+                          const krb5_data *params,
+                          krb5_keyblock *key)
 {
     unsigned long iter_count;
     krb5_data out;
@@ -48,44 +49,44 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
     krb5_error_code err;
 
     if (params) {
-	unsigned char *p = (unsigned char *) params->data;
-	if (params->length != 4)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	/* The first two need casts in case 'int' is 16 bits.  */
-	iter_count = load_32_be(p);
-	if (iter_count == 0) {
-	    iter_count = (1UL << 16) << 16;
-	    if (((iter_count >> 16) >> 16) != 1)
-		return KRB5_ERR_BAD_S2K_PARAMS;
-	}
+        unsigned char *p = (unsigned char *) params->data;
+        if (params->length != 4)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        /* The first two need casts in case 'int' is 16 bits.  */
+        iter_count = load_32_be(p);
+        if (iter_count == 0) {
+            iter_count = (1UL << 16) << 16;
+            if (((iter_count >> 16) >> 16) != 1)
+                return KRB5_ERR_BAD_S2K_PARAMS;
+        }
     } else
-	iter_count = DEFAULT_ITERATION_COUNT;
+        iter_count = DEFAULT_ITERATION_COUNT;
 
     /* This is not a protocol specification constraint; this is an
        implementation limit, which should eventually be controlled by
        a config file.  */
     if (iter_count >= MAX_ITERATION_COUNT)
-	return KRB5_ERR_BAD_S2K_PARAMS;
+        return KRB5_ERR_BAD_S2K_PARAMS;
 
     /* Use the output keyblock contents for temporary space. */
     out.data = (char *) key->contents;
     out.length = key->length;
     if (out.length != 16 && out.length != 32)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     err = krb5_k_create_key (NULL, key, &tempkey);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
 
 cleanup:
     if (err)
-	memset (out.data, 0, out.length);
+        memset (out.data, 0, out.length);
     krb5_k_free_key (NULL, tempkey);
     return err;
 }
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.h b/src/lib/crypto/openssl/aes/aes_s2k.h
index f39b95a..f9bb1fe 100644
--- a/src/lib/crypto/openssl/aes/aes_s2k.h
+++ b/src/lib/crypto/openssl/aes/aes_s2k.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/aes/aes_s2k.h
  */
@@ -5,5 +6,5 @@
 
 extern krb5_error_code
 krb5int_aes_string_to_key (const struct krb5_enc_provider *,
-			   const krb5_data *, const krb5_data *,
-			   const krb5_data *, krb5_keyblock *key);
+                           const krb5_data *, const krb5_data *,
+                           const krb5_data *, krb5_keyblock *key);
diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h
index 84d678c..6cb54fd 100644
--- a/src/lib/crypto/openssl/des/des_int.h
+++ b/src/lib/crypto/openssl/des/des_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_int.h
  *
@@ -53,7 +54,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* only do the whole thing once	 */
+/* only do the whole thing once  */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
 
@@ -91,7 +92,7 @@
 #define DES_UINT32 unsigned long
 #endif
 
-typedef unsigned char des_cblock[8] 	/* crypto-block size */
+typedef unsigned char des_cblock[8]     /* crypto-block size */
 KRB5INT_DES_DEPRECATED;
 
 /*
@@ -119,11 +120,11 @@ typedef des_cblock mit_des_cblock;
 typedef des_key_schedule mit_des_key_schedule;
 
 /* Triple-DES structures */
-typedef mit_des_cblock		mit_des3_cblock[3];
-typedef mit_des_key_schedule	mit_des3_key_schedule[3];
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
 
-#define MIT_DES_ENCRYPT	1
-#define MIT_DES_DECRYPT	0
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
 
 typedef struct mit_des_ran_key_seed {
     krb5_encrypt_block eblock;
@@ -132,22 +133,22 @@ typedef struct mit_des_ran_key_seed {
 
 /* the first byte of the key is already in the keyblock */
 
-#define MIT_DES_BLOCK_LENGTH 		(8*sizeof(krb5_octet))
-#define	MIT_DES_CBC_CRC_PAD_MINIMUM	CRC32_CKSUM_LENGTH
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM     CRC32_CKSUM_LENGTH
 /* This used to be 8*sizeof(krb5_octet) */
-#define MIT_DES_KEYSIZE		 	8
+#define MIT_DES_KEYSIZE                 8
 
-#define MIT_DES_CBC_CKSUM_LENGTH	(4*sizeof(krb5_octet))
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
 
 /*
  * Check if k5-int.h has been included before us.  If so, then check to see
  * that our view of the DES key size is the same as k5-int.h's.
  */
-#ifdef	KRB5_MIT_DES_KEYSIZE
-#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef  KRB5_MIT_DES_KEYSIZE
+#if     MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif	/* KRB5_MIT_DES_KEYSIZE */
+#endif  /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif  /* KRB5_MIT_DES_KEYSIZE */
 #endif /* KRB5_MIT_DES__ */
 /*
  * End "mit-des.h"
@@ -162,10 +163,10 @@ extern int mit_des_check_key_parity (mit_des_cblock );
 
 /* string2key.c */
 extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *,
-	       krb5_keyblock *, const krb5_data *, const krb5_data *);
+( const krb5_encrypt_block *,
+  krb5_keyblock *, const krb5_data *, const krb5_data *);
 extern krb5_error_code mit_des_string_to_key_int
-	(krb5_keyblock *, const krb5_data *, const krb5_data *);
+(krb5_keyblock *, const krb5_data *, const krb5_data *);
 
 /* weak_key.c */
 extern int mit_des_is_weak_key (mit_des_cblock );
@@ -185,4 +186,4 @@ extern unsigned long swap_long_bytes_bit_number (unsigned long );
 /* XXX depends on FILE being a #define! */
 extern void test_set (FILE *, const char *, int, const char *, int);
 #endif
-#endif	/*DES_INTERNAL_DEFS*/
+#endif  /*DES_INTERNAL_DEFS*/
diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c
index c931efc..eb1e586 100644
--- a/src/lib/crypto/openssl/des/des_oldapis.c
+++ b/src/lib/crypto/openssl/des/des_oldapis.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/des_oldapis.c
  *
@@ -33,8 +34,8 @@ const mit_des_cblock mit_des_zeroblock /* = all zero */;
 
 unsigned long
 mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
-		  unsigned long length, const mit_des_key_schedule schedule,
-		  const krb5_octet *ivec)
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
 {
     /* Unsupported operation */
     return KRB5_CRYPTO_INTERNAL;
diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c
index bc33eb8..b8baac9 100644
--- a/src/lib/crypto/openssl/des/f_parity.c
+++ b/src/lib/crypto/openssl/des/f_parity.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/f_parity.c
  *
@@ -30,7 +31,7 @@
 void
 mit_des_fixup_key_parity(mit_des_cblock key)
 {
-   DES_set_odd_parity(key);
+    DES_set_odd_parity(key);
 }
 
 /*
@@ -42,6 +43,6 @@ int
 mit_des_check_key_parity(mit_des_cblock key)
 {
     if (!DES_check_key_parity(key))
-                return(0);
+        return(0);
     return (1);
 }
diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c
index 6034e86..c192734 100644
--- a/src/lib/crypto/openssl/des/string2key.c
+++ b/src/lib/crypto/openssl/des/string2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/string2key.c
  *
@@ -30,7 +31,7 @@
 
 krb5_error_code
 mit_des_string_to_key_int (krb5_keyblock *key,
-			   const krb5_data *pw, const krb5_data *salt)
+                           const krb5_data *pw, const krb5_data *salt)
 {
     DES_cblock outkey;
     DES_string_to_key(pw->data, &outkey);
diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c
index 4d7e99b..eb49d58 100644
--- a/src/lib/crypto/openssl/des/weak_key.c
+++ b/src/lib/crypto/openssl/des/weak_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/weak_key.c
  *
@@ -76,11 +77,11 @@ mit_des_is_weak_key(mit_des_cblock key)
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
-	    return 1;
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
     }
     if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */
-	    return 1;
+        return 1;
 
     return 0;
 }
diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c
index 51ba8af..519a1b5 100644
--- a/src/lib/crypto/openssl/enc_provider/aes.c
+++ b/src/lib/crypto/openssl/enc_provider/aes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/enc_provider/aes.c
  *
@@ -36,22 +37,22 @@
 /* proto's */
 static krb5_error_code
 cts_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+        const krb5_data *input, krb5_data *output);
 static krb5_error_code
 cbc_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+        const krb5_data *input, krb5_data *output);
 static krb5_error_code
 cts_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+         const krb5_data *input, krb5_data *output);
 static krb5_error_code
 cbc_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+         const krb5_data *input, krb5_data *output);
 static krb5_error_code
 cts_encr_iov(krb5_key key, const krb5_data *ivec,
-                    krb5_crypto_iov *data, size_t num_data, size_t dlen);
+             krb5_crypto_iov *data, size_t num_data, size_t dlen);
 static krb5_error_code
 cts_decr_iov(krb5_key key, const krb5_data *ivec,
-                    krb5_crypto_iov *data, size_t num_data, size_t dlen);
+             krb5_crypto_iov *data, size_t num_data, size_t dlen);
 
 #define BLOCK_SIZE 16
 #define NUM_BITS 8
@@ -70,7 +71,7 @@ map_mode(unsigned int len)
 
 static krb5_error_code
 cbc_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+        const krb5_data *input, krb5_data *output)
 {
     int             ret = 0, tmp_len = 0;
     unsigned char  *tmp_buf = NULL;
@@ -85,12 +86,12 @@ cbc_enc(krb5_key key, const krb5_data *ivec,
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
-                  NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
 
     if (ret == 1){
         EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
         ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
-                           (unsigned char *)input->data, input->length);
+                                (unsigned char *)input->data, input->length);
         output->length = tmp_len;
         if(ret)
             ret = EVP_EncryptFinal_ex(&ciph_ctx,tmp_buf+tmp_len,&tmp_len);
@@ -113,7 +114,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 cbc_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+         const krb5_data *input, krb5_data *output)
 {
     int              ret = 0, tmp_len = 0;
     unsigned char   *tmp_buf = NULL;
@@ -128,11 +129,11 @@ cbc_decr(krb5_key key, const krb5_data *ivec,
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
-                  NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
     if (ret == 1) {
         EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
         ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
-                           (unsigned char *)input->data, input->length);
+                                (unsigned char *)input->data, input->length);
         output->length = tmp_len;
         if (ret == 1)
             ret = EVP_DecryptFinal_ex(&ciph_ctx,tmp_buf+tmp_len,&tmp_len);
@@ -156,7 +157,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 cts_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+        const krb5_data *input, krb5_data *output)
 {
     int             ret = 0, tmp_len = 0;
     size_t          size = 0;
@@ -177,7 +178,7 @@ cts_enc(krb5_key key, const krb5_data *ivec,
     tmp_len = input->length;
 
     AES_set_encrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &enck);
+                        NUM_BITS * key->keyblock.length, &enck);
 
     size = CRYPTO_cts128_encrypt((unsigned char *)input->data, tmp_buf,
                                  input->length, &enck,
@@ -201,7 +202,7 @@ cts_enc(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 cts_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+         const krb5_data *input, krb5_data *output)
 {
     int    ret = 0, tmp_len = 0;
     size_t size = 0;
@@ -222,7 +223,7 @@ cts_decr(krb5_key key, const krb5_data *ivec,
     tmp_len = input->length;
 
     AES_set_decrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &deck);
+                        NUM_BITS * key->keyblock.length, &deck);
 
     size = CRYPTO_cts128_decrypt((unsigned char *)input->data, tmp_buf,
                                  input->length, &deck,
@@ -246,9 +247,9 @@ cts_decr(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 cts_encr_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data, size_t dlen)
+             const krb5_data *ivec,
+             krb5_crypto_iov *data,
+             size_t num_data, size_t dlen)
 {
     int                    ret = 0;
     int                    oblock_len = BLOCK_SIZE * num_data;
@@ -285,20 +286,20 @@ cts_encr_iov(krb5_key key,
     tlen = 0;
     for (;;) {
         if (krb5int_c_iov_get_block(iblock, BLOCK_SIZE,
-                                     data, num_data, &input_pos)){
+                                    data, num_data, &input_pos)){
             memcpy(dbuf+tlen,iblock, BLOCK_SIZE);
 
             tlen += BLOCK_SIZE;
-       } else {
+        } else {
             memcpy(dbuf+tlen,iblock, dlen - tlen);
             break;
-       }
+        }
 
         if (tlen > dlen) break;
     }
 
     AES_set_encrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &enck);
+                        NUM_BITS * key->keyblock.length, &enck);
 
     size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
                                  iv_cts, (cbc128_f)AES_cbc_encrypt);
@@ -322,9 +323,9 @@ cts_encr_iov(krb5_key key,
 
 static krb5_error_code
 cts_decr_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data, size_t dlen)
+             const krb5_data *ivec,
+             krb5_crypto_iov *data,
+             size_t num_data, size_t dlen)
 {
     int                    ret = 0;
     int                    oblock_len = BLOCK_SIZE*num_data;
@@ -359,19 +360,19 @@ cts_decr_iov(krb5_key key,
     memset(dbuf, 0, dlen);
 
     AES_set_decrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &deck);
+                        NUM_BITS * key->keyblock.length, &deck);
 
     tlen = 0;
     for (;;) {
         if (krb5int_c_iov_get_block(iblock, BLOCK_SIZE,
-                                     data, num_data, &input_pos)){
+                                    data, num_data, &input_pos)){
             memcpy(dbuf+tlen,iblock, BLOCK_SIZE);
 
             tlen += BLOCK_SIZE;
-       } else {
+        } else {
             memcpy(dbuf+tlen,iblock, dlen - tlen);
             break;
-       }
+        }
 
         if (tlen > dlen) break;
     }
@@ -398,7 +399,7 @@ cts_decr_iov(krb5_key key,
 
 krb5_error_code
 krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+                    const krb5_data *input, krb5_data *output)
 {
     int  ret = 0;
 
@@ -413,7 +414,7 @@ krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
 
 krb5_error_code
 krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+                    const krb5_data *input, krb5_data *output)
 {
     int ret = 0;
     int nblocks = 0;
@@ -432,9 +433,9 @@ krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 krb5int_aes_encrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     int    ret = 0;
     int    nblocks = 0;
@@ -457,9 +458,9 @@ krb5int_aes_encrypt_iov(krb5_key key,
 
 static krb5_error_code
 krb5int_aes_decrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                        const krb5_data *ivec,
+                        krb5_crypto_iov *data,
+                        size_t num_data)
 {
     int    ret = 0;
     int    nblocks = 0;
@@ -483,12 +484,12 @@ krb5int_aes_decrypt_iov(krb5_key key,
 
 static krb5_error_code
 krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
-			krb5_data *state)
+                        krb5_data *state)
 {
     state->length = 16;
     state->data = (void *) malloc(16);
     if (state->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(state->data, 0, state->length);
     return 0;
 }
diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c
index 9c30ef1..5881291 100644
--- a/src/lib/crypto/openssl/enc_provider/des.c
+++ b/src/lib/crypto/openssl/enc_provider/des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/enc_provider/des.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -60,7 +61,7 @@
 
 static krb5_error_code
 validate(krb5_key key, const krb5_data *ivec,
-                      const krb5_data *input, const krb5_data *output)
+         const krb5_data *input, const krb5_data *output)
 {
     /* key->keyblock.enctype was checked by the caller */
     if (key->keyblock.length != KRB5_MIT_DES_KEYSIZE)
@@ -77,7 +78,7 @@ validate(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 validate_iov(krb5_key key, const krb5_data *ivec,
-                          const krb5_crypto_iov *data, size_t num_data)
+             const krb5_crypto_iov *data, size_t num_data)
 {
     size_t i, input_length;
 
@@ -99,7 +100,7 @@ validate_iov(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des_encrypt(krb5_key key, const krb5_data *ivec,
-           const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     int              ret = 0, tmp_len = 0;
     unsigned int     tmp_buf_len = 0;
@@ -148,7 +149,7 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des_decrypt(krb5_key key, const krb5_data *ivec,
-           const krb5_data *input, krb5_data *output)
+               const krb5_data *input, krb5_data *output)
 {
     /* key->keyblock.enctype was checked by the caller */
     int              ret = 0, tmp_len = 0;
@@ -194,9 +195,9 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des_encrypt_iov(krb5_key key,
-            const krb5_data *ivec,
-            krb5_crypto_iov *data,
-            size_t num_data)
+                   const krb5_data *ivec,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     int             ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH;
     int             oblock_len = MIT_DES_BLOCK_LENGTH * num_data;
@@ -268,9 +269,9 @@ k5_des_encrypt_iov(krb5_key key,
 
 static krb5_error_code
 k5_des_decrypt_iov(krb5_key key,
-           const krb5_data *ivec,
-           krb5_crypto_iov *data,
-           size_t num_data)
+                   const krb5_data *ivec,
+                   krb5_crypto_iov *data,
+                   size_t num_data)
 {
     int                    ret = 0;
     int                    tmp_len = MIT_DES_BLOCK_LENGTH;
diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c
index 7228a46..b299d3c 100644
--- a/src/lib/crypto/openssl/enc_provider/des3.c
+++ b/src/lib/crypto/openssl/enc_provider/des3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/enc_provider/des3.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -59,47 +60,47 @@
 
 static krb5_error_code
 validate(krb5_key key, const krb5_data *ivec,
-		      const krb5_data *input, const krb5_data *output)
+         const krb5_data *input, const krb5_data *output)
 {
     /* key->keyblock.enctype was checked by the caller */
 
     if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input->length%DES_BLOCK_SIZE) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     return 0;
 }
 
 static krb5_error_code
 validate_iov(krb5_key key, const krb5_data *ivec,
-			  const krb5_crypto_iov *data, size_t num_data)
+             const krb5_crypto_iov *data, size_t num_data)
 {
     size_t i, input_length;
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        const krb5_crypto_iov *iov = &data[i];
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input_length%DES_BLOCK_SIZE) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     return 0;
 }
 
 static krb5_error_code
 k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+                const krb5_data *input, krb5_data *output)
 {
     int              ret = 0, tmp_len = 0;
     unsigned int     tmp_buf_len = 0;
@@ -108,7 +109,7 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
 
     ret = validate(key, ivec, input, output);
     if (ret)
-	return ret;
+        return ret;
 
     tmp_buf_len = output->length * 2;
     tmp_buf = OPENSSL_malloc(tmp_buf_len);
@@ -148,7 +149,7 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+                const krb5_data *input, krb5_data *output)
 {
     int              ret = 0, tmp_len = 0;
     unsigned int     tmp_buf_len = 0;
@@ -157,7 +158,7 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
 
     ret = validate(key, ivec, input, output);
     if (ret)
-	return ret;
+        return ret;
 
 
     tmp_buf_len = output->length;
@@ -197,9 +198,9 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
 
 static krb5_error_code
 k5_des3_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+                    const krb5_data *ivec,
+                    krb5_crypto_iov *data,
+                    size_t num_data)
 {
     int                    ret = 0;
     int                    tmp_len = MIT_DES_BLOCK_LENGTH;
@@ -258,7 +259,7 @@ k5_des3_encrypt_iov(krb5_key key,
 
     if(ret) {
         /*if (ivec != NULL && ivec->data)
-            memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
+          memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
         ret = EVP_EncryptFinal_ex(&ciph_ctx, oblock+input_pos.data_pos, &tmp_len);
     }
 
@@ -276,9 +277,9 @@ k5_des3_encrypt_iov(krb5_key key,
 
 static krb5_error_code
 k5_des3_decrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+                    const krb5_data *ivec,
+                    krb5_crypto_iov *data,
+                    size_t num_data)
 {
     int                    ret = 0;
     int                    tmp_len = MIT_DES_BLOCK_LENGTH;
@@ -337,7 +338,7 @@ k5_des3_decrypt_iov(krb5_key key,
 
     if(ret) {
         /*if (ivec != NULL && ivec->data)
-            memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
+          memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
         ret = EVP_DecryptFinal_ex(&ciph_ctx,
                                   oblock + input_pos.data_pos, &tmp_len);
     }
diff --git a/src/lib/crypto/openssl/enc_provider/enc_provider.h b/src/lib/crypto/openssl/enc_provider/enc_provider.h
index 49ffaaf..8144b65 100644
--- a/src/lib/crypto/openssl/enc_provider/enc_provider.h
+++ b/src/lib/crypto/openssl/enc_provider/enc_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
index b5e69ff..edfbb32 100644
--- a/src/lib/crypto/openssl/enc_provider/rc4.c
+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*  lib/crypto/openssl/enc_provider/rc4.c
  *
  * #include STD_DISCLAIMER
@@ -61,12 +62,12 @@ typedef struct {
 /* prototypes */
 static krb5_error_code
 k5_arcfour_docrypt(krb5_key, const krb5_data *,
-           const krb5_data *, krb5_data *);
+                   const krb5_data *, krb5_data *);
 static krb5_error_code
 k5_arcfour_free_state ( krb5_data *state);
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
-               krb5_keyusage keyusage, krb5_data *new_state);
+                       krb5_keyusage keyusage, krb5_data *new_state);
 
 /* The workhorse of the arcfour system,
  * this impliments the cipher
@@ -75,7 +76,7 @@ k5_arcfour_init_state (const krb5_keyblock *key,
 /* In-place rc4 crypto */
 static krb5_error_code
 k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
-           const krb5_data *input, krb5_data *output)
+                   const krb5_data *input, krb5_data *output)
 {
     int ret = 0, tmp_len = 0;
     unsigned char   *tmp_buf = NULL;
@@ -114,9 +115,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
 /* In-place IOV crypto */
 static krb5_error_code
 k5_arcfour_docrypt_iov(krb5_key key,
-               const krb5_data *state,
-               krb5_crypto_iov *data,
-               size_t num_data)
+                       const krb5_data *state,
+                       krb5_crypto_iov *data,
+                       size_t num_data)
 {
     size_t i;
     int ret = 0, tmp_len = 0;
@@ -141,8 +142,8 @@ k5_arcfour_docrypt_iov(krb5_key key,
         if (ENCRYPT_IOV(iov)) {
             tmp_buf=(unsigned char *)iov->data.data;
             ret = EVP_EncryptUpdate(&ciph_ctx,
-                      tmp_buf, &tmp_len,
-                      (unsigned char *)iov->data.data, iov->data.length);
+                                    tmp_buf, &tmp_len,
+                                    (unsigned char *)iov->data.data, iov->data.length);
             if (!ret) break;
             iov->data.length = tmp_len;
         }
@@ -163,14 +164,14 @@ k5_arcfour_docrypt_iov(krb5_key key,
 static krb5_error_code
 k5_arcfour_free_state ( krb5_data *state)
 {
-   return 0; /* not implemented */
+    return 0; /* not implemented */
 }
 
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
                        krb5_keyusage keyusage, krb5_data *new_state)
 {
-   return 0; /* not implemented */
+    return 0; /* not implemented */
 
 }
 
diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
index 771a7d6..e748c98 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,18 +31,18 @@
 
 static krb5_error_code
 k5_crc32_hash(unsigned int icount, const krb5_data *input,
-	      krb5_data *output)
+              krb5_data *output)
 {
     unsigned long c, cn;
     unsigned int i;
 
     if (output->length != CRC32_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     c = 0;
     for (i=0; i<icount; i++) {
-	mit_crc32(input[i].data, input[i].length, &cn);
-	c ^= cn;
+        mit_crc32(input[i].data, input[i].length, &cn);
+        c ^= cn;
     }
 
     store_32_le(c, output->data);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c
index 916da0f..3a7d0d4 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md4.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,17 +31,17 @@
 
 static krb5_error_code
 k5_md4_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+            krb5_data *output)
 {
     krb5_MD4_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD4_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD4Init(&ctx);
     for (i=0; i<icount; i++)
-	krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+        krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
     krb5int_MD4Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c
index e1e29f0..610e414 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md5.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,17 +31,17 @@
 
 static krb5_error_code
 k5_md5_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+            krb5_data *output)
 {
     krb5_MD5_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD5_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD5Init(&ctx);
     for (i=0; i<icount; i++)
-	krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+        krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
     krb5int_MD5Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_provider.h b/src/lib/crypto/openssl/hash_provider/hash_provider.h
index 1023d1a..eebe845 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_provider.h
+++ b/src/lib/crypto/openssl/hash_provider/hash_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
index 18ee830..a914e34 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hash/yhash.h
  *
  * Copyright (C) 1998 by the FundsXpress, INC.
@@ -31,17 +32,17 @@
 
 static krb5_error_code
 k5_sha1_hash(unsigned int icount, const krb5_data *input,
-	     krb5_data *output)
+             krb5_data *output)
 {
     SHS_INFO ctx;
     unsigned int i;
 
     if (output->length != SHS_DIGESTSIZE)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     shsInit(&ctx);
     for (i=0; i<icount; i++)
-	shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
+        shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
     shsFinal(&ctx);
 
     if (ctx.digestLen > 0 && ctx.digestLen <= output->length){
diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
index b1768e0..425223d 100644
--- a/src/lib/crypto/openssl/hmac.c
+++ b/src/lib/crypto/openssl/hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hmac.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -82,8 +83,8 @@ map_digest(const struct krb5_hash_provider *hash)
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-		      const krb5_keyblock *key, unsigned int icount,
-		      const krb5_data *input, krb5_data *output)
+                      const krb5_keyblock *key, unsigned int icount,
+                      const krb5_data *input, krb5_data *output)
 {
     unsigned int i = 0, md_len = 0;
     unsigned char md[EVP_MAX_MD_SIZE];
@@ -162,16 +163,16 @@ krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
 
 krb5_error_code
 krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
-         unsigned int icount, const krb5_data *input, krb5_data *output)
+             unsigned int icount, const krb5_data *input, krb5_data *output)
 {
     return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
 }
 
 krb5_error_code
 krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key,
-                const krb5_crypto_iov *data, size_t num_data,
-                krb5_data *output)
+                 const krb5_crypto_iov *data, size_t num_data,
+                 krb5_data *output)
 {
     return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data,
-                                    output);
+                                     output);
 }
diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c
index cd7684d..8d2cd48 100644
--- a/src/lib/crypto/openssl/md4/md4.c
+++ b/src/lib/crypto/openssl/md4/md4.c
@@ -1,5 +1,6 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- *	lib/crypto/openssl/md4/md4.c
+ *      lib/crypto/openssl/md4/md4.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
  * All rights reserved.
diff --git a/src/lib/crypto/openssl/md4/rsa-md4.h b/src/lib/crypto/openssl/md4/rsa-md4.h
index 93737e6..3d32f08 100644
--- a/src/lib/crypto/openssl/md4/rsa-md4.h
+++ b/src/lib/crypto/openssl/md4/rsa-md4.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md4/rsa-md4.h
  *
@@ -45,37 +46,37 @@
 #define RSA_MD4_DES_CONFOUND_LENGTH     8
 
 /*
- **********************************************************************
- ** md4.h -- Header file for implementation of MD4                   **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
- **********************************************************************
- */
+**********************************************************************
+** md4.h -- Header file for implementation of MD4                   **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 /* Data structure for MD4 (Message Digest) computation */
 typedef struct {
@@ -92,8 +93,8 @@ extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned in
 extern void krb5int_MD4Final(krb5_MD4_CTX *);
 
 /*
- **********************************************************************
- ** End of md4.h                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.h                                                     **
+******************************* (cut) ********************************
+*/
 #endif /* __KRB5_RSA_MD4_H__ */
diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c
index 84c6d49..41a8498 100644
--- a/src/lib/crypto/openssl/md5/md5.c
+++ b/src/lib/crypto/openssl/md5/md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/md5.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -30,7 +31,7 @@
 
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
- */
+*/
 void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
@@ -41,7 +42,7 @@ krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 /* The routine krb5int_MD5Update updates the message-digest context to
    account for the presence of each of the characters inBuf[0..inLen-1]
    in the message whose digest is being computed.
- */
+*/
 void
 krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
@@ -50,7 +51,7 @@ krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned
 
 /* The routine krb5int_MD5Final terminates the message-digest computation and
    ends with the desired message digest in mdContext->digest[0...15].
- */
+*/
 void
 krb5int_MD5Final (krb5_MD5_CTX *mdContext)
 {
diff --git a/src/lib/crypto/openssl/md5/rsa-md5.h b/src/lib/crypto/openssl/md5/rsa-md5.h
index c9a5f90..a8380f4 100644
--- a/src/lib/crypto/openssl/md5/rsa-md5.h
+++ b/src/lib/crypto/openssl/md5/rsa-md5.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/rsa-md5.h
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -24,43 +25,43 @@
  */
 
 /*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5                    **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
- ** Revised (for MD5): RLR 4/27/91                                    **
- **   -- G modified to have y&~z instead of y&z                       **
- **   -- FF, GG, HH modified to add in last register done             **
- **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
- **   -- distinct additive constant for each step                     **
- **   -- round 4 added, working mod 7                                 **
- ***********************************************************************
- */
+***********************************************************************
+** md5.h -- header file for implementation of MD5                    **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+** Revised (for MD5): RLR 4/27/91                                    **
+**   -- G modified to have y&~z instead of y&z                       **
+**   -- FF, GG, HH modified to add in last register done             **
+**   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+**   -- distinct additive constant for each step                     **
+**   -- round 4 added, working mod 7                                 **
+***********************************************************************
+*/
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
 
 #ifndef    KRB5_RSA_MD5__
diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
index 2681739..e64e562 100644
--- a/src/lib/crypto/openssl/pbkdf2.c
+++ b/src/lib/crypto/openssl/pbkdf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/pbkdf2.c
  *
@@ -39,13 +40,13 @@
 
 krb5_error_code
 krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt)
+                          const krb5_data *pass, const krb5_data *salt)
 {
 /*
  * This is an implementation of PKCS#5 v2.0
  * Does not return an error
  */
-   PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
+    PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
                            (unsigned char *)salt->data, salt->length, count,
                            out->length, (unsigned char *)out->data);
     return 0;
diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c
index 98eeef3..42d260d 100644
--- a/src/lib/crypto/openssl/sha1/shs.c
+++ b/src/lib/crypto/openssl/sha1/shs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/sha1/shs.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
diff --git a/src/lib/crypto/openssl/sha1/shs.h b/src/lib/crypto/openssl/sha1/shs.h
index 88ab172..60cf2ad 100644
--- a/src/lib/crypto/openssl/sha1/shs.h
+++ b/src/lib/crypto/openssl/sha1/shs.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _SHS_DEFINED
 
 #include "k5-int.h"
@@ -8,8 +9,8 @@
 
 /* Some useful types */
 
-typedef krb5_octet	SHS_BYTE;
-typedef krb5_ui_4	SHS_LONG;
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
 
 /* Define the following to use the updated SHS implementation */
 #define NEW_SHS         /**/
@@ -35,13 +36,13 @@ void shsFinal(SHS_INFO *shsInfo);
 
 /* Keyed Message digest functions (hmac_sha.c) */
 krb5_error_code hmac_sha(krb5_octet *text,
-			int text_len,
-			krb5_octet *key,
-			int key_len,
-			krb5_octet *digest);
+                         int text_len,
+                         krb5_octet *key,
+                         int key_len,
+                         krb5_octet *digest);
 
 
-#define NIST_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
 
 #endif /* _SHS_DEFINED */
diff --git a/src/lib/crypto/openssl/yhash.h b/src/lib/crypto/openssl/yhash.h
index 95fee18..151818f 100644
--- a/src/lib/crypto/openssl/yhash.h
+++ b/src/lib/crypto/openssl/yhash.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hash/yhash.h
  */
 
@@ -16,13 +16,13 @@
 #define HASH_Init(x) shsInit(x)
 #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
 
-#define HASH_Final(x, tdigest)  do { \
-  int loopvar; \
-  unsigned char *out2 = (void *)(tdigest); \
-  HASH_CTX  *ctx = (x); \
-  shsFinal(ctx); \
-  memcpy(out2, ctx->digestBuf, ctx->digestLen); \
-  } while(0)
+#define HASH_Final(x, tdigest)  do {                    \
+        int loopvar;                                    \
+        unsigned char *out2 = (void *)(tdigest);        \
+        HASH_CTX  *ctx = (x);                           \
+        shsFinal(ctx);                                  \
+        memcpy(out2, ctx->digestBuf, ctx->digestLen);   \
+    } while(0)
 
 #define HASH_DIGEST_SIZE SHS_DIGESTSIZE
 
-- 
cgit v1.1