crypto:convert code style form openbsd to nuttx

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
2022-07-27 19:51:53 +08:00 · 2022-07-27 19:51:53 +08:00 · 82956a2894
commit 82956a2894
parent acd3350554
48 changed files with 11663 additions and 9236 deletions
--- a/crypto/aes.c
+++ b/crypto/aes.c
--- a/crypto/blf.c
+++ b/crypto/blf.c
--- a/crypto/cast.c
+++ b/crypto/cast.c
@ -1,11 +1,16 @@
-/*      $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $       */
+/****************************************************************************
+ * crypto/cast.c
+ * $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $
+ *
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ ****************************************************************************/

-/*
- *	CAST-128 in C
- *	Written by Steve Reid <sreid@sea-to-sky.net>
- *	100% Public Domain - no warranty
- *	Released 1997.10.11
- */
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/types.h>
 #include <sys/systm.h>
@ -13,265 +18,338 @@
 #include "castsb.h"

 /* Macros to access 8-bit bytes out of a 32-bit word */
-#define U_INT8_Ta(x) ( (u_int8_t) (x>>24) )
-#define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) )
-#define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) )
-#define U_INT8_Td(x) ( (u_int8_t) ((x)&255) )
+
+#define UINT8_TA(x) ( (uint8_t) (x>>24) )
+#define UINT8_TB(x) ( (uint8_t) ((x>>16)&255) )
+#define UINT8_TC(x) ( (uint8_t) ((x>>8)&255) )
+#define UINT8_TD(x) ( (uint8_t) ((x)&255) )

 /* Circular left shift */
+
 #define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )

 /* CAST-128 uses three different round functions */
+
 #define F1(l, r, i) \
-	t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
-	l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \
-	 cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)];
+  t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
+  l ^= ((cast_sbox1[UINT8_TA(t)] ^ cast_sbox2[UINT8_TB(t)]) - \
+    cast_sbox3[UINT8_TC(t)]) + cast_sbox4[UINT8_TD(t)];
+
 #define F2(l, r, i) \
-	t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
-	l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \
-	 cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)];
+  t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
+  l ^= ((cast_sbox1[UINT8_TA(t)] - cast_sbox2[UINT8_TB(t)]) + \
+    cast_sbox3[UINT8_TC(t)]) ^ cast_sbox4[UINT8_TD(t)];
+
 #define F3(l, r, i) \
-	t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
-	l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \
-	 cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)];
+  t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
+  l ^= ((cast_sbox1[UINT8_TA(t)] + cast_sbox2[UINT8_TB(t)]) ^ \
+    cast_sbox3[UINT8_TC(t)]) - cast_sbox4[UINT8_TD(t)];

+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/

-/***** Encryption Function *****/
+/* Encryption Function */

-void
-cast_encrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
+void cast_encrypt(FAR cast_key *key,
+                  FAR uint8_t *inblock,
+                  FAR uint8_t *outblock)
 {
-	u_int32_t t, l, r;
+  uint32_t t;
+  uint32_t l;
+  uint32_t r;

-	/* Get inblock into l,r */
-	l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
-	    ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
-	r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
-	    ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
-	/* Do the work */
-	F1(l, r,  0);
-	F2(r, l,  1);
-	F3(l, r,  2);
-	F1(r, l,  3);
-	F2(l, r,  4);
-	F3(r, l,  5);
-	F1(l, r,  6);
-	F2(r, l,  7);
-	F3(l, r,  8);
-	F1(r, l,  9);
-	F2(l, r, 10);
-	F3(r, l, 11);
-	/* Only do full 16 rounds if key length > 80 bits */
-	if (key->rounds > 12) {
-		F1(l, r, 12);
-		F2(r, l, 13);
-		F3(l, r, 14);
-		F1(r, l, 15);
-	}
-	/* Put l,r into outblock */
-	outblock[0] = U_INT8_Ta(r);
-	outblock[1] = U_INT8_Tb(r);
-	outblock[2] = U_INT8_Tc(r);
-	outblock[3] = U_INT8_Td(r);
-	outblock[4] = U_INT8_Ta(l);
-	outblock[5] = U_INT8_Tb(l);
-	outblock[6] = U_INT8_Tc(l);
-	outblock[7] = U_INT8_Td(l);
-	/* Wipe clean */
-	t = l = r = 0;
+  /* Get inblock into l,r */
+
+  l = ((uint32_t)inblock[0] << 24) |
+      ((uint32_t)inblock[1] << 16) |
+      ((uint32_t)inblock[2] << 8) |
+      (uint32_t)inblock[3];
+
+  r = ((uint32_t)inblock[4] << 24) |
+      ((uint32_t)inblock[5] << 16) |
+      ((uint32_t)inblock[6] << 8) |
+      (uint32_t)inblock[7];
+
+  /* Do the work */
+
+  F1(l, r, 0);
+  F2(r, l, 1);
+  F3(l, r, 2);
+  F1(r, l, 3);
+  F2(l, r, 4);
+  F3(r, l, 5);
+  F1(l, r, 6);
+  F2(r, l, 7);
+  F3(l, r, 8);
+  F1(r, l, 9);
+  F2(l, r, 10);
+  F3(r, l, 11);
+
+  /* Only do full 16 rounds if key length > 80 bits */
+
+  if (key->rounds > 12)
+    {
+      F1(l, r, 12);
+      F2(r, l, 13);
+      F3(l, r, 14);
+      F1(r, l, 15);
+    }
+
+  /* Put l,r into outblock */
+
+  outblock[0] = UINT8_TA(r);
+  outblock[1] = UINT8_TB(r);
+  outblock[2] = UINT8_TC(r);
+  outblock[3] = UINT8_TD(r);
+  outblock[4] = UINT8_TA(l);
+  outblock[5] = UINT8_TB(l);
+  outblock[6] = UINT8_TC(l);
+  outblock[7] = UINT8_TD(l);
+
+  /* Wipe clean */
+
+  t = l = r = 0;
 }

+/* Decryption Function */

-/***** Decryption Function *****/
-
-void
-cast_decrypt(cast_key *key, u_int8_t *inblock, u_int8_t *outblock)
+void cast_decrypt(FAR cast_key *key,
+                  FAR uint8_t *inblock,
+                  FAR uint8_t *outblock)
 {
-	u_int32_t t, l, r;
+  uint32_t t;
+  uint32_t l;
+  uint32_t r;

-	/* Get inblock into l,r */
-	r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
-	    ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
-	l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
-	    ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
-	/* Do the work */
-	/* Only do full 16 rounds if key length > 80 bits */
-	if (key->rounds > 12) {
-		F1(r, l, 15);
-		F3(l, r, 14);
-		F2(r, l, 13);
-		F1(l, r, 12);
-	}
-	F3(r, l, 11);
-	F2(l, r, 10);
-	F1(r, l,  9);
-	F3(l, r,  8);
-	F2(r, l,  7);
-	F1(l, r,  6);
-	F3(r, l,  5);
-	F2(l, r,  4);
-	F1(r, l,  3);
-	F3(l, r,  2);
-	F2(r, l,  1);
-	F1(l, r,  0);
-	/* Put l,r into outblock */
-	outblock[0] = U_INT8_Ta(l);
-	outblock[1] = U_INT8_Tb(l);
-	outblock[2] = U_INT8_Tc(l);
-	outblock[3] = U_INT8_Td(l);
-	outblock[4] = U_INT8_Ta(r);
-	outblock[5] = U_INT8_Tb(r);
-	outblock[6] = U_INT8_Tc(r);
-	outblock[7] = U_INT8_Td(r);
-	/* Wipe clean */
-	t = l = r = 0;
+  /* Get inblock into l,r */
+
+  r = ((uint32_t)inblock[0] << 24) |
+      ((uint32_t)inblock[1] << 16) |
+      ((uint32_t)inblock[2] << 8) |
+      (uint32_t)inblock[3];
+
+  l = ((uint32_t)inblock[4] << 24) |
+      ((uint32_t)inblock[5] << 16) |
+      ((uint32_t)inblock[6] << 8) |
+      (uint32_t)inblock[7];
+
+  /* Do the work */
+
+  /* Only do full 16 rounds if key length > 80 bits */
+
+  if (key->rounds > 12)
+    {
+      F1(r, l, 15);
+      F3(l, r, 14);
+      F2(r, l, 13);
+      F1(l, r, 12);
+    }
+
+  F3(r, l, 11);
+  F2(l, r, 10);
+  F1(r, l,  9);
+  F3(l, r,  8);
+  F2(r, l,  7);
+  F1(l, r,  6);
+  F3(r, l,  5);
+  F2(l, r,  4);
+  F1(r, l,  3);
+  F3(l, r,  2);
+  F2(r, l,  1);
+  F1(l, r,  0);
+
+  /* Put l,r into outblock */
+
+  outblock[0] = UINT8_TA(l);
+  outblock[1] = UINT8_TB(l);
+  outblock[2] = UINT8_TC(l);
+  outblock[3] = UINT8_TD(l);
+  outblock[4] = UINT8_TA(r);
+  outblock[5] = UINT8_TB(r);
+  outblock[6] = UINT8_TC(r);
+  outblock[7] = UINT8_TD(r);
+
+  /* Wipe clean */
+
+  t = l = r = 0;
 }

+/* Key Schedule */

-/***** Key Schedule *****/
-
-void
-cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
+void cast_setkey(FAR cast_key *key, FAR uint8_t *rawkey, int keybytes)
 {
-	u_int32_t t[4], z[4], x[4];
-	int i;
+  uint32_t t[4];
+  uint32_t z[4];
+  uint32_t x[4];
+  int i;

-	/* Set number of rounds to 12 or 16, depending on key length */
-	key->rounds = (keybytes <= 10 ? 12 : 16);
+  /* Set number of rounds to 12 or 16, depending on key length */

-	/* Copy key to workspace x */
-	for (i = 0; i < 4; i++) {
-		x[i] = 0;
-		if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
-		if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
-		if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
-		if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
-	}
-	/* Generate 32 subkeys, four at a time */
-	for (i = 0; i < 32; i+=4) {
-		switch (i & 4) {
-		case 0:
-			t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^
-			    cast_sbox6[U_INT8_Td(x[3])] ^
-			    cast_sbox7[U_INT8_Ta(x[3])] ^
-			    cast_sbox8[U_INT8_Tc(x[3])] ^
-			    cast_sbox7[U_INT8_Ta(x[2])];
-			t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^
-			    cast_sbox6[U_INT8_Tc(z[0])] ^
-			    cast_sbox7[U_INT8_Tb(z[0])] ^
-			    cast_sbox8[U_INT8_Td(z[0])] ^
-			    cast_sbox8[U_INT8_Tc(x[2])];
-			t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^
-			    cast_sbox6[U_INT8_Tc(z[1])] ^
-			    cast_sbox7[U_INT8_Tb(z[1])] ^
-			    cast_sbox8[U_INT8_Ta(z[1])] ^
-			    cast_sbox5[U_INT8_Tb(x[2])];
-			t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^
-			    cast_sbox6[U_INT8_Tb(z[2])] ^
-			    cast_sbox7[U_INT8_Td(z[2])] ^
-			    cast_sbox8[U_INT8_Ta(z[2])] ^
-			    cast_sbox6[U_INT8_Td(x[2])];
-			break;
-		 case 4:
-			t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^
-			    cast_sbox6[U_INT8_Td(z[1])] ^
-			    cast_sbox7[U_INT8_Ta(z[1])] ^
-			    cast_sbox8[U_INT8_Tc(z[1])] ^
-			    cast_sbox7[U_INT8_Ta(z[0])];
-			t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^
-			    cast_sbox6[U_INT8_Tc(x[0])] ^
-			    cast_sbox7[U_INT8_Tb(x[0])] ^
-			    cast_sbox8[U_INT8_Td(x[0])] ^
-			    cast_sbox8[U_INT8_Tc(z[0])];
-			t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^
-			    cast_sbox6[U_INT8_Tc(x[1])] ^
-			    cast_sbox7[U_INT8_Tb(x[1])] ^
-			    cast_sbox8[U_INT8_Ta(x[1])] ^
-			    cast_sbox5[U_INT8_Tb(z[0])];
-			t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^
-			    cast_sbox6[U_INT8_Tb(x[2])] ^
-			    cast_sbox7[U_INT8_Td(x[2])] ^
-			    cast_sbox8[U_INT8_Ta(x[2])] ^
-			    cast_sbox6[U_INT8_Td(z[0])];
-			break;
-		}
-		switch (i & 12) {
-		case 0:
-		case 12:
-			key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^
-			    cast_sbox6[U_INT8_Tb(t[2])] ^
-			    cast_sbox7[U_INT8_Td(t[1])] ^
-			    cast_sbox8[U_INT8_Tc(t[1])];
-			key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^
-			    cast_sbox6[U_INT8_Td(t[2])] ^
-			    cast_sbox7[U_INT8_Tb(t[1])] ^
-			    cast_sbox8[U_INT8_Ta(t[1])];
-			key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^
-			    cast_sbox6[U_INT8_Tb(t[3])] ^
-			    cast_sbox7[U_INT8_Td(t[0])] ^
-			    cast_sbox8[U_INT8_Tc(t[0])];
-			key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^
-			    cast_sbox6[U_INT8_Td(t[3])] ^
-			    cast_sbox7[U_INT8_Tb(t[0])] ^
-			    cast_sbox8[U_INT8_Ta(t[0])];
-			break;
-		case 4:
-		case 8:
-			key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^
-			    cast_sbox6[U_INT8_Tc(t[0])] ^
-			    cast_sbox7[U_INT8_Ta(t[3])] ^
-			    cast_sbox8[U_INT8_Tb(t[3])];
-			key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^
-			    cast_sbox6[U_INT8_Ta(t[0])] ^
-			    cast_sbox7[U_INT8_Tc(t[3])] ^
-			    cast_sbox8[U_INT8_Td(t[3])];
-			key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^
-			    cast_sbox6[U_INT8_Tc(t[1])] ^
-			    cast_sbox7[U_INT8_Ta(t[2])] ^
-			    cast_sbox8[U_INT8_Tb(t[2])];
-			key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^
-			    cast_sbox6[U_INT8_Ta(t[1])] ^
-			    cast_sbox7[U_INT8_Tc(t[2])] ^
-			    cast_sbox8[U_INT8_Td(t[2])];
-			break;
-		}
-		switch (i & 12) {
-		case 0:
-			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])];
-			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])];
-			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])];
-			key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])];
-			break;
-		case 4:
-			key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])];
-			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])];
-			key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])];
-			key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])];
-			break;
-		case 8:
-			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])];
-			key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])];
-			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])];
-			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])];
-			break;
-		case 12:
-			key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])];
-			key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])];
-			key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])];
-			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])];
-			break;
-		}
-		if (i >= 16) {
-			key->xkey[i+0] &= 31;
-			key->xkey[i+1] &= 31;
-			key->xkey[i+2] &= 31;
-			key->xkey[i+3] &= 31;
-		}
-	}
-	/* Wipe clean */
-	explicit_bzero(t, sizeof(t));
-	explicit_bzero(x, sizeof(x));
-	explicit_bzero(z, sizeof(z));
+  key->rounds = (keybytes <= 10 ? 12 : 16);
+
+  /* Copy key to workspace x */
+
+  for (i = 0; i < 4; i++)
+    {
+      x[i] = 0;
+      if ((i * 4 + 0) < keybytes)
+        {
+          x[i] = (uint32_t)rawkey[i * 4 + 0] << 24;
+        }
+
+      if ((i * 4 + 1) < keybytes)
+        {
+          x[i] |= (uint32_t)rawkey[i * 4 + 1] << 16;
+        }
+
+      if ((i * 4 + 2) < keybytes)
+        {
+          x[i] |= (uint32_t)rawkey[i * 4 + 2] << 8;
+        }
+
+      if ((i * 4 + 3) < keybytes)
+        {
+          x[i] |= (uint32_t)rawkey[i * 4 + 3];
+        }
+    }
+
+  /* Generate 32 subkeys, four at a time */
+
+  for (i = 0; i < 32; i += 4)
+    {
+      switch (i & 4)
+        {
+          case 0:
+            t[0] = z[0] = x[0] ^ cast_sbox5[UINT8_TB(x[3])] ^
+                cast_sbox6[UINT8_TD(x[3])] ^
+                cast_sbox7[UINT8_TA(x[3])] ^
+                cast_sbox8[UINT8_TC(x[3])] ^
+                cast_sbox7[UINT8_TA(x[2])];
+            t[1] = z[1] = x[2] ^ cast_sbox5[UINT8_TA(z[0])] ^
+                cast_sbox6[UINT8_TC(z[0])] ^
+                cast_sbox7[UINT8_TB(z[0])] ^
+                cast_sbox8[UINT8_TD(z[0])] ^
+                cast_sbox8[UINT8_TC(x[2])];
+            t[2] = z[2] = x[3] ^ cast_sbox5[UINT8_TD(z[1])] ^
+                cast_sbox6[UINT8_TC(z[1])] ^
+                cast_sbox7[UINT8_TB(z[1])] ^
+                cast_sbox8[UINT8_TA(z[1])] ^
+                cast_sbox5[UINT8_TB(x[2])];
+            t[3] = z[3] = x[1] ^ cast_sbox5[UINT8_TC(z[2])] ^
+                cast_sbox6[UINT8_TB(z[2])] ^
+                cast_sbox7[UINT8_TD(z[2])] ^
+                cast_sbox8[UINT8_TA(z[2])] ^
+                cast_sbox6[UINT8_TD(x[2])];
+            break;
+          case 4:
+            t[0] = x[0] = z[2] ^ cast_sbox5[UINT8_TB(z[1])] ^
+                cast_sbox6[UINT8_TD(z[1])] ^
+                cast_sbox7[UINT8_TA(z[1])] ^
+                cast_sbox8[UINT8_TC(z[1])] ^
+                cast_sbox7[UINT8_TA(z[0])];
+            t[1] = x[1] = z[0] ^ cast_sbox5[UINT8_TA(x[0])] ^
+                cast_sbox6[UINT8_TC(x[0])] ^
+                cast_sbox7[UINT8_TB(x[0])] ^
+                cast_sbox8[UINT8_TD(x[0])] ^
+                cast_sbox8[UINT8_TC(z[0])];
+            t[2] = x[2] = z[1] ^ cast_sbox5[UINT8_TD(x[1])] ^
+                cast_sbox6[UINT8_TC(x[1])] ^
+                cast_sbox7[UINT8_TB(x[1])] ^
+                cast_sbox8[UINT8_TA(x[1])] ^
+                cast_sbox5[UINT8_TB(z[0])];
+            t[3] = x[3] = z[3] ^ cast_sbox5[UINT8_TC(x[2])] ^
+                cast_sbox6[UINT8_TB(x[2])] ^
+                cast_sbox7[UINT8_TD(x[2])] ^
+                cast_sbox8[UINT8_TA(x[2])] ^
+                cast_sbox6[UINT8_TD(z[0])];
+            break;
+        }
+
+      switch (i & 12)
+        {
+          case 0:
+          case 12:
+            key->xkey[i + 0] = cast_sbox5[UINT8_TA(t[2])] ^
+                cast_sbox6[UINT8_TB(t[2])] ^
+                cast_sbox7[UINT8_TD(t[1])] ^
+                cast_sbox8[UINT8_TC(t[1])];
+            key->xkey[i + 1] = cast_sbox5[UINT8_TC(t[2])] ^
+                cast_sbox6[UINT8_TD(t[2])] ^
+                cast_sbox7[UINT8_TB(t[1])] ^
+                cast_sbox8[UINT8_TA(t[1])];
+            key->xkey[i + 2] = cast_sbox5[UINT8_TA(t[3])] ^
+                cast_sbox6[UINT8_TB(t[3])] ^
+                cast_sbox7[UINT8_TD(t[0])] ^
+                cast_sbox8[UINT8_TC(t[0])];
+            key->xkey[i + 3] = cast_sbox5[UINT8_TC(t[3])] ^
+                cast_sbox6[UINT8_TD(t[3])] ^
+                cast_sbox7[UINT8_TB(t[0])] ^
+                cast_sbox8[UINT8_TA(t[0])];
+            break;
+          case 4:
+          case 8:
+            key->xkey[i + 0] = cast_sbox5[UINT8_TD(t[0])] ^
+                cast_sbox6[UINT8_TC(t[0])] ^
+                cast_sbox7[UINT8_TA(t[3])] ^
+                cast_sbox8[UINT8_TB(t[3])];
+            key->xkey[i + 1] = cast_sbox5[UINT8_TB(t[0])] ^
+                cast_sbox6[UINT8_TA(t[0])] ^
+                cast_sbox7[UINT8_TC(t[3])] ^
+                cast_sbox8[UINT8_TD(t[3])];
+            key->xkey[i + 2] = cast_sbox5[UINT8_TD(t[1])] ^
+                cast_sbox6[UINT8_TC(t[1])] ^
+                cast_sbox7[UINT8_TA(t[2])] ^
+                cast_sbox8[UINT8_TB(t[2])];
+            key->xkey[i + 3] = cast_sbox5[UINT8_TB(t[1])] ^
+                cast_sbox6[UINT8_TA(t[1])] ^
+                cast_sbox7[UINT8_TC(t[2])] ^
+                cast_sbox8[UINT8_TD(t[2])];
+            break;
+        }
+
+      switch (i & 12)
+        {
+          case 0:
+            key->xkey[i + 0] ^= cast_sbox5[UINT8_TC(z[0])];
+            key->xkey[i + 1] ^= cast_sbox6[UINT8_TC(z[1])];
+            key->xkey[i + 2] ^= cast_sbox7[UINT8_TB(z[2])];
+            key->xkey[i + 3] ^= cast_sbox8[UINT8_TA(z[3])];
+            break;
+          case 4:
+            key->xkey[i + 0] ^= cast_sbox5[UINT8_TA(x[2])];
+            key->xkey[i + 1] ^= cast_sbox6[UINT8_TB(x[3])];
+            key->xkey[i + 2] ^= cast_sbox7[UINT8_TD(x[0])];
+            key->xkey[i + 3] ^= cast_sbox8[UINT8_TD(x[1])];
+            break;
+          case 8:
+            key->xkey[i + 0] ^= cast_sbox5[UINT8_TB(z[2])];
+            key->xkey[i + 1] ^= cast_sbox6[UINT8_TA(z[3])];
+            key->xkey[i + 2] ^= cast_sbox7[UINT8_TC(z[0])];
+            key->xkey[i + 3] ^= cast_sbox8[UINT8_TC(z[1])];
+            break;
+          case 12:
+            key->xkey[i + 0] ^= cast_sbox5[UINT8_TD(x[0])];
+            key->xkey[i + 1] ^= cast_sbox6[UINT8_TD(x[1])];
+            key->xkey[i + 2] ^= cast_sbox7[UINT8_TA(x[2])];
+            key->xkey[i + 3] ^= cast_sbox8[UINT8_TB(x[3])];
+            break;
+        }
+
+      if (i >= 16)
+        {
+          key->xkey[i + 0] &= 31;
+          key->xkey[i + 1] &= 31;
+          key->xkey[i + 2] &= 31;
+          key->xkey[i + 3] &= 31;
+        }
+    }
+
+  /* Wipe clean */
+
+  explicit_bzero(t, sizeof(t));
+  explicit_bzero(x, sizeof(x));
+  explicit_bzero(z, sizeof(z));
 }

 /* Made in Canada */
--- a/crypto/castsb.h
+++ b/crypto/castsb.h
--- a/crypto/chacha_private.h
+++ b/crypto/chacha_private.h
@ -1,62 +1,72 @@
-/*	$OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
-chacha-merged.c version 20080118
-D. J. Bernstein
-Public domain.
-*/
+/****************************************************************************
+ * crypto/chacha_private.h
+ * $OpenBSD: chacha_private.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
+ *
+ * chacha-merged.c version 20080118
+ * D. J. Bernstein
+ * Public domain.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/systm.h>

-typedef unsigned char u8;
-typedef unsigned int u32;
-
 typedef struct
 {
-  u32 input[16]; /* could be compressed */
-} chacha_ctx;
+  uint32_t input[16]; /* could be compressed */
+}
+chacha_ctx;

 #define U8C(v) (v##U)
 #define U32C(v) (v##U)

-#define U8V(v) ((u8)(v) & U8C(0xFF))
-#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+#define U8V(v) ((uint8_t)(v) & U8C(0xFF))
+#define U32V(v) ((uint32_t)(v) & U32C(0xFFFFFFFF))

 #define ROTL32(v, n) \
  (U32V((v) << (n)) | ((v) >> (32 - (n))))

 #define U8TO32_LITTLE(p) \
-  (((u32)((p)[0])      ) | \
-   ((u32)((p)[1]) <<  8) | \
-   ((u32)((p)[2]) << 16) | \
-   ((u32)((p)[3]) << 24))
+    (((uint32_t)((p)[0])) | \
+    ((uint32_t)((p)[1]) << 8) | \
+    ((uint32_t)((p)[2]) << 16) | \
+    ((uint32_t)((p)[3]) << 24)) \

 #define U32TO8_LITTLE(p, v) \
  do { \
-    (p)[0] = U8V((v)      ); \
-    (p)[1] = U8V((v) >>  8); \
+    (p)[0] = U8V((v)); \
+    (p)[1] = U8V((v) >> 8); \
    (p)[2] = U8V((v) >> 16); \
    (p)[3] = U8V((v) >> 24); \
  } while (0)

-#define ROTATE(v,c) (ROTL32(v,c))
-#define XOR(v,w) ((v) ^ (w))
-#define PLUS(v,w) (U32V((v) + (w)))
-#define PLUSONE(v) (PLUS((v),1))
+#define ROTATE(v, c) (ROTL32(v, c))
+#define XOR(v, w) ((v) ^ (w))
+#define PLUS(v, w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v), 1))

-#define QUARTERROUND(a,b,c,d) \
-  a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
-  c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
-  a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
-  c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+#define QUARTERROUND(a, b, c, d)                 \
+  do                                             \
+    {                                            \
+      a = PLUS(a, b); d = ROTATE(XOR(d, a), 16); \
+      c = PLUS(c, d); b = ROTATE(XOR(b, c), 12); \
+      a = PLUS(a, b); d = ROTATE(XOR(d, a), 8);  \
+      c = PLUS(c, d); b = ROTATE(XOR(b, c), 7);  \
+    }                                            \
+  while (0)

 static const char sigma[16] = "expand 32-byte k";
 static const char tau[16] = "expand 16-byte k";

-static inline void
-hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
+static inline void hchacha20(FAR uint32_t *derived_key,
+                             FAR const uint8_t *nonce,
+                             FAR const uint8_t *key)
 {
  int i;
-  uint32_t x[] = {
+  uint32_t x[] =
+  {
    U8TO32_LITTLE(sigma + 0),
    U8TO32_LITTLE(sigma + 4),
    U8TO32_LITTLE(sigma + 8),
@ -75,36 +85,46 @@ hchacha20(u32 derived_key[8], const u8 nonce[16], const u8 key[32])
    U8TO32_LITTLE(nonce + 12)
  };

-  for (i = 20;i > 0;i -= 2) {
-    QUARTERROUND( x[0], x[4], x[8],x[12])
-    QUARTERROUND( x[1], x[5], x[9],x[13])
-    QUARTERROUND( x[2], x[6],x[10],x[14])
-    QUARTERROUND( x[3], x[7],x[11],x[15])
-    QUARTERROUND( x[0], x[5],x[10],x[15])
-    QUARTERROUND( x[1], x[6],x[11],x[12])
-    QUARTERROUND( x[2], x[7], x[8],x[13])
-    QUARTERROUND( x[3], x[4], x[9],x[14])
-  }
+  for (i = 20; i > 0; i -= 2)
+    {
+      QUARTERROUND(x[0], x[4], x[8], x[12]);
+      QUARTERROUND(x[1], x[5], x[9], x[13]);
+      QUARTERROUND(x[2], x[6], x[10], x[14]);
+      QUARTERROUND(x[3], x[7], x[11], x[15]);
+      QUARTERROUND(x[0], x[5], x[10], x[15]);
+      QUARTERROUND(x[1], x[6], x[11], x[12]);
+      QUARTERROUND(x[2], x[7], x[8], x[13]);
+      QUARTERROUND(x[3], x[4], x[9], x[14]);
+    }

-  memcpy(derived_key + 0, x +  0, sizeof(u32) * 4);
-  memcpy(derived_key + 4, x + 12, sizeof(u32) * 4);
+  memcpy(derived_key + 0, x + 0, sizeof(uint32_t) * 4);
+  memcpy(derived_key + 4, x + 12, sizeof(uint32_t) * 4);
 }

-static void
-chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
+static void chacha_keysetup(FAR chacha_ctx *x,
+                            FAR const uint8_t *k,
+                            FAR uint32_t kbits)
 {
-  const char *constants;
+  FAR const char *constants;

  x->input[4] = U8TO32_LITTLE(k + 0);
  x->input[5] = U8TO32_LITTLE(k + 4);
  x->input[6] = U8TO32_LITTLE(k + 8);
  x->input[7] = U8TO32_LITTLE(k + 12);
-  if (kbits == 256) { /* recommended */
-    k += 16;
-    constants = sigma;
-  } else { /* kbits == 128 */
-    constants = tau;
-  }
+  if (kbits == 256)
+    {
+      /* recommended */
+
+      k += 16;
+      constants = sigma;
+    }
+  else
+    {
+      /* kbits == 128 */
+
+      constants = tau;
+    }
+
  x->input[8] = U8TO32_LITTLE(k + 0);
  x->input[9] = U8TO32_LITTLE(k + 4);
  x->input[10] = U8TO32_LITTLE(k + 8);
@ -115,8 +135,9 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
  x->input[3] = U8TO32_LITTLE(constants + 12);
 }

-static void
-chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
+static void chacha_ivsetup(FAR chacha_ctx *x,
+                           FAR const uint8_t *iv,
+                           FAR const uint8_t *counter)
 {
  x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
  x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
@ -124,16 +145,51 @@ chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
  x->input[15] = U8TO32_LITTLE(iv + 4);
 }

-static void
-chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+static void chacha_encrypt_bytes(FAR chacha_ctx *x,
+                                 FAR const uint8_t *m,
+                                 FAR uint8_t *c,
+                                 uint32_t bytes)
 {
-  u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
-  u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
-  u8 *ctarget = NULL;
-  u8 tmp[64];
+  uint32_t x0;
+  uint32_t x1;
+  uint32_t x2;
+  uint32_t x3;
+  uint32_t x4;
+  uint32_t x5;
+  uint32_t x6;
+  uint32_t x7;
+  uint32_t x8;
+  uint32_t x9;
+  uint32_t x10;
+  uint32_t x11;
+  uint32_t x12;
+  uint32_t x13;
+  uint32_t x14;
+  uint32_t x15;
+  uint32_t j0;
+  uint32_t j1;
+  uint32_t j2;
+  uint32_t j3;
+  uint32_t j4;
+  uint32_t j5;
+  uint32_t j6;
+  uint32_t j7;
+  uint32_t j8;
+  uint32_t j9;
+  uint32_t j10;
+  uint32_t j11;
+  uint32_t j12;
+  uint32_t j13;
+  uint32_t j14;
+  uint32_t j15;
+  FAR uint8_t *ctarget = NULL;
+  uint8_t tmp[64];
  u_int i;

-  if (!bytes) return;
+  if (!bytes)
+    {
+      return;
+    }

  j0 = x->input[0];
  j1 = x->input[1];
@ -152,110 +208,128 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
  j14 = x->input[14];
  j15 = x->input[15];

-  for (;;) {
-    if (bytes < 64) {
-      for (i = 0;i < bytes;++i) tmp[i] = m[i];
-      m = tmp;
-      ctarget = c;
-      c = tmp;
-    }
-    x0 = j0;
-    x1 = j1;
-    x2 = j2;
-    x3 = j3;
-    x4 = j4;
-    x5 = j5;
-    x6 = j6;
-    x7 = j7;
-    x8 = j8;
-    x9 = j9;
-    x10 = j10;
-    x11 = j11;
-    x12 = j12;
-    x13 = j13;
-    x14 = j14;
-    x15 = j15;
-    for (i = 20;i > 0;i -= 2) {
-      QUARTERROUND( x0, x4, x8,x12)
-      QUARTERROUND( x1, x5, x9,x13)
-      QUARTERROUND( x2, x6,x10,x14)
-      QUARTERROUND( x3, x7,x11,x15)
-      QUARTERROUND( x0, x5,x10,x15)
-      QUARTERROUND( x1, x6,x11,x12)
-      QUARTERROUND( x2, x7, x8,x13)
-      QUARTERROUND( x3, x4, x9,x14)
-    }
-    x0 = PLUS(x0,j0);
-    x1 = PLUS(x1,j1);
-    x2 = PLUS(x2,j2);
-    x3 = PLUS(x3,j3);
-    x4 = PLUS(x4,j4);
-    x5 = PLUS(x5,j5);
-    x6 = PLUS(x6,j6);
-    x7 = PLUS(x7,j7);
-    x8 = PLUS(x8,j8);
-    x9 = PLUS(x9,j9);
-    x10 = PLUS(x10,j10);
-    x11 = PLUS(x11,j11);
-    x12 = PLUS(x12,j12);
-    x13 = PLUS(x13,j13);
-    x14 = PLUS(x14,j14);
-    x15 = PLUS(x15,j15);
+  for (; ; )
+    {
+      if (bytes < 64)
+        {
+          for (i = 0; i < bytes; ++i)
+            {
+              tmp[i] = m[i];
+            }
+
+          m = tmp;
+          ctarget = c;
+          c = tmp;
+        }
+
+      x0 = j0;
+      x1 = j1;
+      x2 = j2;
+      x3 = j3;
+      x4 = j4;
+      x5 = j5;
+      x6 = j6;
+      x7 = j7;
+      x8 = j8;
+      x9 = j9;
+      x10 = j10;
+      x11 = j11;
+      x12 = j12;
+      x13 = j13;
+      x14 = j14;
+      x15 = j15;
+      for (i = 20; i > 0; i -= 2)
+        {
+          QUARTERROUND(x0, x4, x8, x12);
+          QUARTERROUND(x1, x5, x9, x13);
+          QUARTERROUND(x2, x6, x10, x14);
+          QUARTERROUND(x3, x7, x11, x15);
+          QUARTERROUND(x0, x5, x10, x15);
+          QUARTERROUND(x1, x6, x11, x12);
+          QUARTERROUND(x2, x7, x8, x13);
+          QUARTERROUND(x3, x4, x9, x14);
+        }
+
+      x0 = PLUS(x0, j0);
+      x1 = PLUS(x1, j1);
+      x2 = PLUS(x2, j2);
+      x3 = PLUS(x3, j3);
+      x4 = PLUS(x4, j4);
+      x5 = PLUS(x5, j5);
+      x6 = PLUS(x6, j6);
+      x7 = PLUS(x7, j7);
+      x8 = PLUS(x8, j8);
+      x9 = PLUS(x9, j9);
+      x10 = PLUS(x10, j10);
+      x11 = PLUS(x11, j11);
+      x12 = PLUS(x12, j12);
+      x13 = PLUS(x13, j13);
+      x14 = PLUS(x14, j14);
+      x15 = PLUS(x15, j15);

 #ifndef KEYSTREAM_ONLY
-    x0 = XOR(x0,U8TO32_LITTLE(m + 0));
-    x1 = XOR(x1,U8TO32_LITTLE(m + 4));
-    x2 = XOR(x2,U8TO32_LITTLE(m + 8));
-    x3 = XOR(x3,U8TO32_LITTLE(m + 12));
-    x4 = XOR(x4,U8TO32_LITTLE(m + 16));
-    x5 = XOR(x5,U8TO32_LITTLE(m + 20));
-    x6 = XOR(x6,U8TO32_LITTLE(m + 24));
-    x7 = XOR(x7,U8TO32_LITTLE(m + 28));
-    x8 = XOR(x8,U8TO32_LITTLE(m + 32));
-    x9 = XOR(x9,U8TO32_LITTLE(m + 36));
-    x10 = XOR(x10,U8TO32_LITTLE(m + 40));
-    x11 = XOR(x11,U8TO32_LITTLE(m + 44));
-    x12 = XOR(x12,U8TO32_LITTLE(m + 48));
-    x13 = XOR(x13,U8TO32_LITTLE(m + 52));
-    x14 = XOR(x14,U8TO32_LITTLE(m + 56));
-    x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+      x0 = XOR(x0, U8TO32_LITTLE(m + 0));
+      x1 = XOR(x1, U8TO32_LITTLE(m + 4));
+      x2 = XOR(x2, U8TO32_LITTLE(m + 8));
+      x3 = XOR(x3, U8TO32_LITTLE(m + 12));
+      x4 = XOR(x4, U8TO32_LITTLE(m + 16));
+      x5 = XOR(x5, U8TO32_LITTLE(m + 20));
+      x6 = XOR(x6, U8TO32_LITTLE(m + 24));
+      x7 = XOR(x7, U8TO32_LITTLE(m + 28));
+      x8 = XOR(x8, U8TO32_LITTLE(m + 32));
+      x9 = XOR(x9, U8TO32_LITTLE(m + 36));
+      x10 = XOR(x10, U8TO32_LITTLE(m + 40));
+      x11 = XOR(x11, U8TO32_LITTLE(m + 44));
+      x12 = XOR(x12, U8TO32_LITTLE(m + 48));
+      x13 = XOR(x13, U8TO32_LITTLE(m + 52));
+      x14 = XOR(x14, U8TO32_LITTLE(m + 56));
+      x15 = XOR(x15, U8TO32_LITTLE(m + 60));
 #endif

-    j12 = PLUSONE(j12);
-    if (!j12) {
-      j13 = PLUSONE(j13);
-      /* stopping at 2^70 bytes per nonce is user's responsibility */
-    }
+      j12 = PLUSONE(j12);
+      if (!j12)
+        {
+          j13 = PLUSONE(j13);

-    U32TO8_LITTLE(c + 0,x0);
-    U32TO8_LITTLE(c + 4,x1);
-    U32TO8_LITTLE(c + 8,x2);
-    U32TO8_LITTLE(c + 12,x3);
-    U32TO8_LITTLE(c + 16,x4);
-    U32TO8_LITTLE(c + 20,x5);
-    U32TO8_LITTLE(c + 24,x6);
-    U32TO8_LITTLE(c + 28,x7);
-    U32TO8_LITTLE(c + 32,x8);
-    U32TO8_LITTLE(c + 36,x9);
-    U32TO8_LITTLE(c + 40,x10);
-    U32TO8_LITTLE(c + 44,x11);
-    U32TO8_LITTLE(c + 48,x12);
-    U32TO8_LITTLE(c + 52,x13);
-    U32TO8_LITTLE(c + 56,x14);
-    U32TO8_LITTLE(c + 60,x15);
+          /* stopping at 2^70 bytes per nonce is user's responsibility */
+        }

-    if (bytes <= 64) {
-      if (bytes < 64) {
-        for (i = 0;i < bytes;++i) ctarget[i] = c[i];
-      }
-      x->input[12] = j12;
-      x->input[13] = j13;
-      return;
-    }
-    bytes -= 64;
-    c += 64;
+      U32TO8_LITTLE(c + 0, x0);
+      U32TO8_LITTLE(c + 4, x1);
+      U32TO8_LITTLE(c + 8, x2);
+      U32TO8_LITTLE(c + 12, x3);
+      U32TO8_LITTLE(c + 16, x4);
+      U32TO8_LITTLE(c + 20, x5);
+      U32TO8_LITTLE(c + 24, x6);
+      U32TO8_LITTLE(c + 28, x7);
+      U32TO8_LITTLE(c + 32, x8);
+      U32TO8_LITTLE(c + 36, x9);
+      U32TO8_LITTLE(c + 40, x10);
+      U32TO8_LITTLE(c + 44, x11);
+      U32TO8_LITTLE(c + 48, x12);
+      U32TO8_LITTLE(c + 52, x13);
+      U32TO8_LITTLE(c + 56, x14);
+      U32TO8_LITTLE(c + 60, x15);
+
+      if (bytes <= 64)
+        {
+          if (bytes < 64)
+            {
+              for (i = 0; i < bytes; ++i)
+                {
+                  ctarget[i] = c[i];
+                }
+            }
+
+          x->input[12] = j12;
+          x->input[13] = j13;
+          return;
+        }
+
+      bytes -= 64;
+      c += 64;
 #ifndef KEYSTREAM_ONLY
-    m += 64;
+      m += 64;
 #endif
-  }
+    }
 }
--- a/crypto/chachapoly.c
+++ b/crypto/chachapoly.c
@ -1,5 +1,7 @@
-/*	$OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * crypto/chachapoly.c
+ * $OpenBSD: chachapoly.c,v 1.6 2020/07/22 13:54:30 tobhe Exp $
+ *
 * Copyright (c) 2015 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -13,7 +15,11 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>
@ -22,240 +28,272 @@
 #include <crypto/poly1305.h>
 #include <crypto/chachapoly.h>

-int
-chacha20_setkey(void *sched, u_int8_t *key, int len)
+#include "chacha_private.h"
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static const uint8_t pad0[16];
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int chacha20_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)sched;

-	if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
-		return (-1);
+  if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+    {
+      return -1;
+    }

-	/* initial counter is 1 */
-	ctx->nonce[0] = 1;
-	memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
-	    CHACHA20_SALT);
-	chacha_keysetup((chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
-	return (0);
+  /* initial counter is 1 */
+
+  ctx->nonce[0] = 1;
+  memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+         CHACHA20_SALT);
+  chacha_keysetup((FAR chacha_ctx *)&ctx->block, key, CHACHA20_KEYSIZE * 8);
+  return 0;
 }

-void
-chacha20_reinit(caddr_t key, u_int8_t *iv)
+void chacha20_reinit(caddr_t key, FAR uint8_t *iv)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;

-	chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
+  chacha_ivsetup((FAR chacha_ctx *)ctx->block, iv, ctx->nonce);
 }

-void
-chacha20_crypt(caddr_t key, u_int8_t *data)
+void chacha20_crypt(caddr_t key, FAR uint8_t *data)
 {
-	struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+  FAR struct chacha20_ctx *ctx = (FAR struct chacha20_ctx *)key;

-	chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
-	    CHACHA20_BLOCK_LEN);
+  chacha_encrypt_bytes((FAR chacha_ctx *)ctx->block, data, data,
+                       CHACHA20_BLOCK_LEN);
 }

-void
-Chacha20_Poly1305_Init(void *xctx)
+void chacha20_poly1305_init(FAR void *xctx)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;

-	memset(ctx, 0, sizeof(*ctx));
+  memset(ctx, 0, sizeof(*ctx));
 }

-void
-Chacha20_Poly1305_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
+void chacha20_poly1305_setkey(FAR void *xctx, FAR const uint8_t *key,
+                              uint16_t klen)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;

-	/* salt is provided with the key material */
-	memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
-	    CHACHA20_SALT);
-	chacha_keysetup((chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
+  /* salt is provided with the key material */
+
+  memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+         CHACHA20_SALT);
+  chacha_keysetup((FAR chacha_ctx *)&ctx->chacha, key, CHACHA20_KEYSIZE * 8);
 }

-void
-Chacha20_Poly1305_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
+void chacha20_poly1305_reinit(FAR void *xctx, FAR const uint8_t *iv,
+                              uint16_t ivlen)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;

-	/* initial counter is 0 */
-	chacha_ivsetup((chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
-	chacha_encrypt_bytes((chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
-	    POLY1305_KEYLEN);
-	poly1305_init((poly1305_state *)&ctx->poly, ctx->key);
+  /* initial counter is 0 */
+
+  chacha_ivsetup((FAR chacha_ctx *)&ctx->chacha, iv, ctx->nonce);
+  chacha_encrypt_bytes((FAR chacha_ctx *)&ctx->chacha, ctx->key, ctx->key,
+                        POLY1305_KEYLEN);
+  poly1305_init((FAR poly1305_state *)&ctx->poly, ctx->key);
 }

-int
-Chacha20_Poly1305_Update(void *xctx, const uint8_t *data, uint16_t len)
+int chacha20_poly1305_update(FAR void *xctx, FAR const uint8_t *data,
+                             uint16_t len)
 {
-	static const unsigned char zeroes[POLY1305_BLOCK_LEN];
-	CHACHA20_POLY1305_CTX *ctx = xctx;
-	size_t rem;
+  static const unsigned char zeroes[POLY1305_BLOCK_LEN];
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;
+  size_t rem;

-	poly1305_update((poly1305_state *)&ctx->poly, data, len);
+  poly1305_update((FAR poly1305_state *)&ctx->poly, data, len);

-	/* number of bytes in the last 16 byte block */
-	rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
-	if (rem > 0)
-		poly1305_update((poly1305_state *)&ctx->poly, zeroes,
-		    POLY1305_BLOCK_LEN - rem);
-	return (0);
+  /* number of bytes in the last 16 byte block */
+
+  rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1);
+  if (rem > 0)
+    {
+      poly1305_update((FAR poly1305_state *)&ctx->poly, zeroes,
+                      POLY1305_BLOCK_LEN - rem);
+    }
+
+  return 0;
 }

-void
-Chacha20_Poly1305_Final(uint8_t tag[POLY1305_TAGLEN], void *xctx)
+void chacha20_poly1305_final(FAR uint8_t *tag, FAR void *xctx)
 {
-	CHACHA20_POLY1305_CTX *ctx = xctx;
+  FAR CHACHA20_POLY1305_CTX *ctx = xctx;

-	poly1305_finish((poly1305_state *)&ctx->poly, tag);
-	explicit_bzero(ctx, sizeof(*ctx));
+  poly1305_finish((FAR poly1305_state *)&ctx->poly, tag);
+  explicit_bzero(ctx, sizeof(*ctx));
 }

-static const uint8_t pad0[16] = { 0 };
+void chacha20poly1305_encrypt(
+  FAR uint8_t *dst,
+  FAR const uint8_t *src,
+  const size_t src_len,
+  FAR const uint8_t *ad,
+  const size_t ad_len,
+  const uint64_t nonce,
+  FAR const uint8_t *key)
+{
+  poly1305_state poly1305_ctx;
+  chacha_ctx ctx;
+  union
+  {
+    uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
+    uint64_t lens[2];
+  } b =
+  {
+    {
+      0
+    }
+  };

-void
-chacha20poly1305_encrypt(
-    uint8_t *dst,
-    const uint8_t *src,
-    const size_t src_len,
-    const uint8_t *ad,
-    const size_t ad_len,
-    const uint64_t nonce,
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
-) {
-	poly1305_state poly1305_ctx;
-	chacha_ctx ctx;
-	union {
-		uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
-		uint64_t lens[2];
-	} b = { { 0 } };
-	uint64_t le_nonce = htole64(nonce);
+  uint64_t le_nonce = htole64(nonce);

-	chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
-	chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
-	chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
-	poly1305_init(&poly1305_ctx, b.b0);
+  chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
+  chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
+  chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
+  poly1305_init(&poly1305_ctx, b.b0);

-	poly1305_update(&poly1305_ctx, ad, ad_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
+  poly1305_update(&poly1305_ctx, ad, ad_len);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);

-	chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, src_len);
+  chacha_encrypt_bytes(&ctx, (FAR uint8_t *)src, dst, src_len);

-	poly1305_update(&poly1305_ctx, dst, src_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);
+  poly1305_update(&poly1305_ctx, dst, src_len);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - src_len) & 0xf);

-	b.lens[0] = htole64(ad_len);
-	b.lens[1] = htole64(src_len);
-	poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
+  b.lens[0] = htole64(ad_len);
+  b.lens[1] = htole64(src_len);
+  poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));

-	poly1305_finish(&poly1305_ctx, dst + src_len);
+  poly1305_finish(&poly1305_ctx, dst + src_len);

-	explicit_bzero(&ctx, sizeof(chacha_ctx));
-	explicit_bzero(&b, sizeof(b));
+  explicit_bzero(&ctx, sizeof(chacha_ctx));
+  explicit_bzero(&b, sizeof(b));
 }

-int
-chacha20poly1305_decrypt(
-    uint8_t *dst,
-    const uint8_t *src,
-    const size_t src_len,
-    const uint8_t *ad,
-    const size_t ad_len,
-    const uint64_t nonce,
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
-) {
-	poly1305_state poly1305_ctx;
-	chacha_ctx ctx;
-	int ret;
-	size_t dst_len;
-	union {
-		uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
-		uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
-		uint64_t lens[2];
-	} b = { { 0 } };
-	uint64_t le_nonce = htole64(nonce);
+int chacha20poly1305_decrypt(
+  FAR uint8_t *dst,
+  FAR const uint8_t *src,
+  const size_t src_len,
+  FAR const uint8_t *ad,
+  const size_t ad_len,
+  const uint64_t nonce,
+  FAR const uint8_t *key)
+{
+  poly1305_state poly1305_ctx;
+  chacha_ctx ctx;
+  int ret;
+  size_t dst_len;
+  union {
+    uint8_t b0[CHACHA20POLY1305_KEY_SIZE];
+    uint8_t mac[CHACHA20POLY1305_AUTHTAG_SIZE];
+    uint64_t lens[2];
+  } b =
+  {
+    {
+      0
+    }
+  };

-	if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
-		return 0;
+  uint64_t le_nonce = htole64(nonce);

-	chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
-	chacha_ivsetup(&ctx, (uint8_t *) &le_nonce, NULL);
-	chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
-	poly1305_init(&poly1305_ctx, b.b0);
+  if (src_len < CHACHA20POLY1305_AUTHTAG_SIZE)
+    {
+      return 0;
+    }

-	poly1305_update(&poly1305_ctx, ad, ad_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);
+  chacha_keysetup(&ctx, key, CHACHA20POLY1305_KEY_SIZE * 8);
+  chacha_ivsetup(&ctx, (FAR uint8_t *) &le_nonce, NULL);
+  chacha_encrypt_bytes(&ctx, b.b0, b.b0, sizeof(b.b0));
+  poly1305_init(&poly1305_ctx, b.b0);

-	dst_len = src_len - CHACHA20POLY1305_AUTHTAG_SIZE;
-	poly1305_update(&poly1305_ctx, src, dst_len);
-	poly1305_update(&poly1305_ctx, pad0, (0x10 - dst_len) & 0xf);
+  poly1305_update(&poly1305_ctx, ad, ad_len);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - ad_len) & 0xf);

-	b.lens[0] = htole64(ad_len);
-	b.lens[1] = htole64(dst_len);
-	poly1305_update(&poly1305_ctx, (uint8_t *)b.lens, sizeof(b.lens));
+  dst_len = src_len - CHACHA20POLY1305_AUTHTAG_SIZE;
+  poly1305_update(&poly1305_ctx, src, dst_len);
+  poly1305_update(&poly1305_ctx, pad0, (0x10 - dst_len) & 0xf);

-	poly1305_finish(&poly1305_ctx, b.mac);
+  b.lens[0] = htole64(ad_len);
+  b.lens[1] = htole64(dst_len);
+  poly1305_update(&poly1305_ctx, (FAR uint8_t *)b.lens, sizeof(b.lens));

-	ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
-	if (!ret)
-		chacha_encrypt_bytes(&ctx, (uint8_t *) src, dst, dst_len);
+  poly1305_finish(&poly1305_ctx, b.mac);

-	explicit_bzero(&ctx, sizeof(ctx));
-	explicit_bzero(&b, sizeof(b));
+  ret = timingsafe_bcmp(b.mac, src + dst_len, CHACHA20POLY1305_AUTHTAG_SIZE);
+  if (!ret)
+    {
+      chacha_encrypt_bytes(&ctx, (FAR uint8_t *) src, dst, dst_len);
+    }

-	return !ret;
+  explicit_bzero(&ctx, sizeof(chacha_ctx));
+  explicit_bzero(&b, sizeof(b));
+
+  return !ret;
 }

-void
-xchacha20poly1305_encrypt(
-    uint8_t *dst,
-    const uint8_t *src,
-    const size_t src_len,
-    const uint8_t *ad,
-    const size_t ad_len,
-    const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
-) {
-	int i;
-	uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
-	uint64_t h_nonce;
+void xchacha20poly1305_encrypt(
+  FAR uint8_t *dst,
+  FAR const uint8_t *src,
+  const size_t src_len,
+  FAR const uint8_t *ad,
+  const size_t ad_len,
+  FAR const uint8_t *nonce,
+  FAR const uint8_t *key)
+{
+  int i;
+  uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
+  uint64_t h_nonce;

-	memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
-	h_nonce = le64toh(h_nonce);
-	hchacha20(derived_key, nonce, key);
+  memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
+  h_nonce = le64toh(h_nonce);
+  hchacha20(derived_key, nonce, key);

-	for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
-		(derived_key[i]) = htole32((derived_key[i]));
+  for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
+    {
+      derived_key[i] = htole32(derived_key[i]);
+    }

-	chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
-	    h_nonce, (uint8_t *)derived_key);
-	explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+  chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
+                           h_nonce, (FAR uint8_t *)derived_key);
+  explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
 }

-int
-xchacha20poly1305_decrypt(
-    uint8_t *dst,
-    const uint8_t *src,
-    const size_t src_len,
-    const uint8_t *ad,
-    const size_t ad_len,
-    const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
-    const uint8_t key[CHACHA20POLY1305_KEY_SIZE]
-) {
-	int ret, i;
-	uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
-	uint64_t h_nonce;
+int xchacha20poly1305_decrypt(
+  FAR uint8_t *dst,
+  FAR const uint8_t *src,
+  const size_t src_len,
+  FAR const uint8_t *ad,
+  const size_t ad_len,
+  FAR const uint8_t *nonce,
+  FAR const uint8_t *key)
+{
+  int ret;
+  int i;
+  uint32_t derived_key[CHACHA20POLY1305_KEY_SIZE / sizeof(uint32_t)];
+  uint64_t h_nonce;

-	memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
-	h_nonce = le64toh(h_nonce);
-	hchacha20(derived_key, nonce, key);
-	for(i = 0; i < (sizeof(derived_key)/sizeof(derived_key[0])); i++)
-		(derived_key[i]) = htole32((derived_key[i]));
+  memcpy(&h_nonce, nonce + 16, sizeof(h_nonce));
+  h_nonce = le64toh(h_nonce);
+  hchacha20(derived_key, nonce, key);
+  for (i = 0; i < (sizeof(derived_key) / sizeof(derived_key[0])); i++)
+    {
+      derived_key[i] = htole32(derived_key[i]);
+    }

-	ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
-	    h_nonce, (uint8_t *)derived_key);
-	explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);
+  ret = chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
+                                 h_nonce, (FAR uint8_t *)derived_key);
+  explicit_bzero(derived_key, CHACHA20POLY1305_KEY_SIZE);

-	return ret;
+  return ret;
 }
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@ -1,6 +1,7 @@
-/*	$OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
-
-/*-
+/****************************************************************************
+ * crypto/cmac.c
+ * $OpenBSD: cmac.c,v 1.3 2017/05/02 17:07:06 mikeb Exp $
+ *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,107 +15,145 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-/*
- * This code implements the CMAC (Cipher-based Message Authentication)
+/* This code implements the CMAC (Cipher-based Message Authentication)
 * algorithm described in FIPS SP800-38B using the AES-128 cipher.
 */

+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include <sys/param.h>
 #include <sys/systm.h>

 #include <crypto/aes.h>
 #include <crypto/cmac.h>

-#define LSHIFT(v, r) do {					\
-	int i;							\
-	for (i = 0; i < 15; i++)				\
-		(r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7;		\
-	(r)[15] = (v)[15] << 1;					\
-} while (0)
+#define LSHIFT(v, r) do \
+  { \
+    int i; \
+    for (i = 0; i < 15; i++) \
+      (r)[i] = (v)[i] << 1 | (v)[i + 1] >> 7; \
+    (r)[15] = (v)[15] << 1; \
+  } while (0)

-#define XOR(v, r) do {						\
-	int i;							\
-	for (i = 0; i < 16; i++)				\
-		(r)[i] ^= (v)[i];				\
-} while (0)
+#define XOR(v, r) do \
+  { \
+    int i; \
+    for (i = 0; i < 16; i++) \
+      (r)[i] ^= (v)[i]; \
+  } while (0)

-void
-AES_CMAC_Init(AES_CMAC_CTX *ctx)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void aes_cmac_init(FAR AES_CMAC_CTX *ctx)
 {
-	memset(ctx->X, 0, sizeof ctx->X);
-	ctx->M_n = 0;
+  memset(ctx->X, 0, sizeof ctx->X);
+  ctx->m_n = 0;
 }

-void
-AES_CMAC_SetKey(AES_CMAC_CTX *ctx, const u_int8_t key[AES_CMAC_KEY_LENGTH])
+void aes_cmac_setkey(FAR AES_CMAC_CTX *ctx,
+                     FAR const uint8_t *key)
 {
-	AES_Setkey(&ctx->aesctx, key, 16);
+  aes_setkey(&ctx->aesctx, key, 16);
 }

-void
-AES_CMAC_Update(AES_CMAC_CTX *ctx, const u_int8_t *data, u_int len)
+void aes_cmac_update(FAR AES_CMAC_CTX *ctx,
+                     FAR const uint8_t *data,
+                     u_int len)
 {
-	u_int mlen;
+  u_int mlen;

-	if (ctx->M_n > 0) {
-		mlen = MIN(16 - ctx->M_n, len);
-		memcpy(ctx->M_last + ctx->M_n, data, mlen);
-		ctx->M_n += mlen;
-		if (ctx->M_n < 16 || len == mlen)
-			return;
-		XOR(ctx->M_last, ctx->X);
-		AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
-		data += mlen;
-		len -= mlen;
-	}
-	while (len > 16) {	/* not last block */
-		XOR(data, ctx->X);
-		AES_Encrypt(&ctx->aesctx, ctx->X, ctx->X);
-		data += 16;
-		len -= 16;
-	}
-	/* potential last block, save it */
-	memcpy(ctx->M_last, data, len);
-	ctx->M_n = len;
+  if (ctx->m_n > 0)
+    {
+      mlen = MIN(16 - ctx->m_n, len);
+      memcpy(ctx->m_last + ctx->m_n, data, mlen);
+      ctx->m_n += mlen;
+      if (ctx->m_n < 16 || len == mlen)
+        {
+          return;
+        }
+
+      XOR(ctx->m_last, ctx->X);
+      aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
+      data += mlen;
+      len -= mlen;
+    }
+
+  while (len > 16)
+    {
+      /* not last block */
+
+      XOR(data, ctx->X);
+      aes_encrypt(&ctx->aesctx, ctx->X, ctx->X);
+      data += 16;
+      len -= 16;
+    }
+
+  /* potential last block, save it */
+
+  memcpy(ctx->m_last, data, len);
+  ctx->m_n = len;
 }

-void
-AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx)
+void aes_cmac_final(FAR uint8_t *digest,
+                    FAR AES_CMAC_CTX *ctx)
 {
-	u_int8_t K[16];
+  uint8_t K[16];

-	/* generate subkey K1 */
-	memset(K, 0, sizeof K);
-	AES_Encrypt(&ctx->aesctx, K, K);
+  /* generate subkey K1 */

-	if (K[0] & 0x80) {
-		LSHIFT(K, K);
-		K[15] ^= 0x87;
-	} else
-		LSHIFT(K, K);
+  memset(K, 0, sizeof K);
+  aes_encrypt(&ctx->aesctx, K, K);

-	if (ctx->M_n == 16) {
-		/* last block was a complete block */
-		XOR(K, ctx->M_last);
-	} else {
-		/* generate subkey K2 */
-		if (K[0] & 0x80) {
-			LSHIFT(K, K);
-			K[15] ^= 0x87;
-		} else
-			LSHIFT(K, K);
+  if (K[0] & 0x80)
+    {
+      LSHIFT(K, K);
+      K[15] ^= 0x87;
+    }
+  else
+    {
+      LSHIFT(K, K);
+    }

-		/* padding(M_last) */
-		ctx->M_last[ctx->M_n] = 0x80;
-		while (++ctx->M_n < 16)
-			ctx->M_last[ctx->M_n] = 0;
+  if (ctx->m_n == 16)
+    {
+      /* last block was a complete block */

-		XOR(K, ctx->M_last);
-	}
-	XOR(ctx->M_last, ctx->X);
-	AES_Encrypt(&ctx->aesctx, ctx->X, digest);
+      XOR(K, ctx->m_last);
+    }
+  else
+    {
+      /* generate subkey K2 */

-	explicit_bzero(K, sizeof K);
+      if (K[0] & 0x80)
+        {
+          LSHIFT(K, K);
+          K[15] ^= 0x87;
+        }
+      else
+        {
+          LSHIFT(K, K);
+        }
+
+      /* padding(m_last) */
+
+      ctx->m_last[ctx->m_n] = 0x80;
+      while (++ctx->m_n < 16)
+        {
+          ctx->m_last[ctx->m_n] = 0;
+        }
+
+      XOR(K, ctx->m_last);
+    }
+
+  XOR(ctx->m_last, ctx->X);
+  aes_encrypt(&ctx->aesctx, ctx->X, digest);
+
+  explicit_bzero(K, sizeof K);
 }
--- a/crypto/crypto.c
+++ b/crypto/crypto.c
--- a/crypto/cryptodev.c
+++ b/crypto/cryptodev.c
--- a/crypto/cryptosoft.c
+++ b/crypto/cryptosoft.c
--- a/crypto/des_locl.h
+++ b/crypto/des_locl.h
@ -1,22 +1,24 @@
-/*	$OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $	*/
-
-/* lib/des/des_locl.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/des_locl.h
+ * $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $
+ *
+ * lib/des/des_locl.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +29,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed by
+ *    Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,122 +43,147 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/

-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
+#ifndef __CRYPTO_DES_LOCL_H
+#define __CRYPTO_DES_LOCL_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/types.h>
 #include <sys/systm.h>

 typedef unsigned char des_cblock[8];
 typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock cblock;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		int32_t pad[2];
-		} ks;
-	} des_key_schedule[16];
+{
+  union
+    {
+      des_cblock cblock;
+      /* make sure things are correct size on machines with
+       * 8 byte longs
+       */

-#define DES_KEY_SZ 	(sizeof(des_cblock))
+      int32_t pad[2];
+    } ks;
+}
+des_key_schedule[16];
+
+#define DES_KEY_SZ (sizeof(des_cblock))
 #define DES_SCHEDULE_SZ (sizeof(des_key_schedule))

-
-void des_encrypt2(u_int32_t *data,caddr_t ks, int enc);
-
+void des_encrypt2(FAR uint32_t *data, caddr_t ks, int enc);

 #define ITERATIONS 16
 #define HALF_ITERATIONS 8

+#define c2l(c, l)                          \
+  do                                       \
+    {                                      \
+      l = ((uint32_t)(*((c)++)));          \
+      l |= ((uint32_t)(*((c)++))) << 8l;   \
+      l |= ((uint32_t)(*((c)++))) << 16l;  \
+      l |= ((uint32_t)(*((c)++))) << 24l;  \
+    }                                      \
+  while (0)

-#define c2l(c,l)	(l =((u_int32_t)(*((c)++)))    , \
-			 l|=((u_int32_t)(*((c)++)))<< 8L, \
-			 l|=((u_int32_t)(*((c)++)))<<16L, \
-			 l|=((u_int32_t)(*((c)++)))<<24L)
+#define l2c(l,c)                                          \
+  do                                                      \
+    {                                                     \
+      *((c)++) = (unsigned char)(((l)) & 0xff);           \
+      *((c)++) = (unsigned char)(((l) >> 8L) & 0xff);     \
+      *((c)++) = (unsigned char)(((l) >> 16L) & 0xff);    \
+      *((c)++) = (unsigned char)(((l) >> 24L) & 0xff);    \
+    }                                                     \
+  while (0)

-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+#define D_ENCRYPT(Q, R, S)              \
+  do                                    \
+    {                                   \
+      u = (R ^ s[S]);                   \
+      t = R ^ s[S + 1];                 \
+      t = ((t >> 4L) + (t << 28L));     \
+      Q ^= des_sptrans[1][(t) & 0x3f]|  \
+      des_sptrans[3][(t >> 8l) & 0x3f]| \
+      des_sptrans[5][(t >>16l) & 0x3f]| \
+      des_sptrans[7][(t >>24l) & 0x3f]| \
+      des_sptrans[0][(u) & 0x3f]|       \
+      des_sptrans[2][(u >> 8l) & 0x3f]| \
+      des_sptrans[4][(u >>16l) & 0x3f]| \
+      des_sptrans[6][(u >>24l) & 0x3f]; \
+    }                                   \
+  while (0)

-#define D_ENCRYPT(Q,R,S) {\
-	u=(R^s[S  ]); \
-	t=R^s[S+1]; \
-	t=((t>>4L)+(t<<28L)); \
-	Q^=	des_SPtrans[1][(t     )&0x3f]| \
-		des_SPtrans[3][(t>> 8L)&0x3f]| \
-		des_SPtrans[5][(t>>16L)&0x3f]| \
-		des_SPtrans[7][(t>>24L)&0x3f]| \
-		des_SPtrans[0][(u     )&0x3f]| \
-		des_SPtrans[2][(u>> 8L)&0x3f]| \
-		des_SPtrans[4][(u>>16L)&0x3f]| \
-		des_SPtrans[6][(u>>24L)&0x3f]; }
+  /* IP and FP
+   * The problem is more of a geometric problem that random bit fiddling.
+   *    0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+   *    8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+   *  16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+   *  24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+   *
+   *  32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+   *  40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+   *  48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+   *  56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+   *
+   * The output has been subject to swaps of the form
+   * 0 1 -> 3 1 but the odd and even bits have been put into
+   * 2 3    2 0
+   * different words.  The main trick is to remember that
+   * t=((l>>size)^r)&(mask);
+   * r^=t;
+   * l^=(t<<size);
+   * can be used to swap and move bits between words.
+   *
+   * So l =  0  1  2  3  r = 16 17 18 19
+   *      4  5  6  7      20 21 22 23
+   *       8  9 10 11      24 25 26 27
+   *      12 13 14 15      28 29 30 31
+   * becomes (for size == 2 and mask == 0x3333)
+   *   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+   *   6^20  7^21 -- --        4  5 20 21       6  7 22 23
+   *  10^24 11^25 -- --        8  9 24 25      10 11 24 25
+   *  14^28 15^29 -- --       12 13 28 29      14 15 28 29
+   *
+   * Thanks for hints from Richard Outerbridge - he told me IP&FP
+   * could be done in 15 xor, 10 shifts and 5 ands.
+   * When I finally started to think of the problem in 2D
+   * I first got ~42 operations without xors.  When I remembered
+   * how to use xors :-) I got it to its final state.
+   */

-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+#define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n)) ^ (b)) & (m)),\
+  (b) ^= (t),\
+  (a) ^= ((t) << (n)))

-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+#define IP(l, r)                        \
+  do                                    \
+    {                                   \
+    register uint32_t tt;               \
+    PERM_OP(r, l, tt, 4, 0x0f0f0f0fl);  \
+    PERM_OP(l, r, tt, 16, 0x0000ffffl); \
+    PERM_OP(r, l, tt, 2, 0x33333333l);  \
+    PERM_OP(l, r, tt, 8, 0x00ff00ffl);  \
+    PERM_OP(r, l, tt, 1, 0x55555555l);  \
+    }                                   \
+  while (0)

-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register u_int32_t tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register u_int32_t tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-#endif
+#define FP(l, r) \
+  do                                    \
+    {                                   \
+    register uint32_t tt;               \
+    PERM_OP(l, r, tt, 1, 0x55555555L);  \
+    PERM_OP(r, l, tt, 8, 0x00ff00ffL);  \
+    PERM_OP(l, r, tt, 2, 0x33333333L);  \
+    PERM_OP(r, l, tt, 16, 0x0000ffffL); \
+    PERM_OP(l, r, tt, 4, 0x0f0f0f0fL);  \
+    }                                   \
+  while (0)
+#endif /* __CRYPTO_DES_LOCL_H */
--- a/crypto/ecb3_enc.c
+++ b/crypto/ecb3_enc.c
@ -1,22 +1,23 @@
-/*	$OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $	*/
-
-/* lib/des/ecb3_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/ecb3_enc.c
+ * $OpenBSD: ecb3_enc.c,v 1.3 2013/11/18 18:49:53 brad Exp $
+ * lib/des/ecb3_enc.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed
+ *    by Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,37 +42,46 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include "des_locl.h"

-void
-des_ecb3_encrypt(caddr_t (*input), caddr_t (*output),
-    caddr_t ks1, caddr_t ks2, caddr_t ks3,
-    int encrypt)
-{
-	register u_int32_t l0, l1;
-	register unsigned char *in, *out;
-	u_int32_t ll[2];
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/

-	in = (unsigned char *) input;
-	out = (unsigned char *) output;
-	c2l(in, l0);
-	c2l(in, l1);
-	IP(l0, l1);
-	ll[0] = l0;
-	ll[1] = l1;
-	des_encrypt2(ll, ks1, encrypt);
-	des_encrypt2(ll, ks2, !encrypt);
-	des_encrypt2(ll, ks3, encrypt);
-	l0 = ll[0];
-	l1 = ll[1];
-	FP(l1, l0);
-	l2c(l0, out);
-	l2c(l1, out);
+void des_ecb3_encrypt(FAR des_cblock *input, FAR des_cblock *output,
+                      caddr_t ks1, caddr_t ks2, caddr_t ks3, int encrypt)
+{
+  register uint32_t l0;
+  register uint32_t l1;
+  FAR register unsigned char *in;
+  FAR register unsigned char *out;
+  uint32_t ll[2];
+
+  in = (FAR unsigned char *)input;
+  out = (FAR unsigned char *)output;
+  c2l(in, l0);
+  c2l(in, l1);
+  IP(l0, l1);
+  ll[0] = l0;
+  ll[1] = l1;
+  des_encrypt2(ll, ks1, encrypt);
+  des_encrypt2(ll, ks2, !encrypt);
+  des_encrypt2(ll, ks3, encrypt);
+  l0 = ll[0];
+  l1 = ll[1];
+  FP(l1, l0);
+  l2c(l0, out);
+  l2c(l1, out);
 }
--- a/crypto/ecb_enc.c
+++ b/crypto/ecb_enc.c
@ -1,22 +1,23 @@
-/*	$OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $	*/
-
-/* lib/des/ecb_enc.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/ecb_enc.c
+ * $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $
+ * lib/des/ecb_enc.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed by
+ *    Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,63 +42,88 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include "des_locl.h"
 #include "spr.h"

-void
-des_encrypt2(u_int32_t *data, caddr_t ks, int encrypt)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void des_encrypt2(FAR uint32_t *data, caddr_t ks, int encrypt)
 {
-	register u_int32_t l, r, t, u;
+  register uint32_t l;
+  register uint32_t r;
+  register uint32_t t;
+  register uint32_t u;
 #ifdef DES_USE_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+  FAR register unsigned char *des_sp = (FAR unsigned char *)des_sptrans;
 #endif
-	register int i;
-	register u_int32_t *s;
+  register int i;
+  FAR register uint32_t *s;

-	u = data[0];
-	r = data[1];
+  u = data[0];
+  r = data[1];

-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	l = (r << 1) | (r >> 31);
-	r = (u << 1) | (u >> 31);
+  /* Things have been modified so that the initial rotate is
+   * done outside the loop.  This required the
+   * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+   * One perl script later and things have a 5% speed up on a sparc2.
+   * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+   * for pointing this out.
+   */

-	/* clear the top bits on machines with 8byte longs */
-	l &= 0xffffffffL;
-	r &= 0xffffffffL;
+  l = (r << 1) | (r >> 31);
+  r = (u << 1) | (u >> 31);

-	s = (u_int32_t *) ks;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (encrypt) {
-		for (i = 0; i < 32; i += 4) {
-			D_ENCRYPT(l, r, i + 0); /*  1 */
-			D_ENCRYPT(r, l, i + 2); /*  2 */
-		}
-	} else {
-		for (i = 30; i > 0; i -= 4) {
-			D_ENCRYPT(l, r, i - 0); /* 16 */
-			D_ENCRYPT(r, l, i - 2); /* 15 */
-		}
-	}
-	l = (l >> 1) | (l << 31);
-	r = (r >> 1) | (r << 31);
-	/* clear the top bits on machines with 8byte longs */
-	l &= 0xffffffffL;
-	r &= 0xffffffffL;
+  /* clear the top bits on machines with 8byte longs */

-	data[0] = l;
-	data[1] = r;
-	l = r = t = u = 0;
+  l &= 0xffffffffl;
+  r &= 0xffffffffl;
+
+  s = (FAR uint32_t *)ks;
+
+  /* I don't know if it is worth the effort of loop unrolling the
+   * inner loop
+   */
+
+  if (encrypt)
+    {
+      for (i = 0; i < 32; i += 4)
+        {
+          D_ENCRYPT(l, r, i + 0); /*  1 */
+          D_ENCRYPT(r, l, i + 2); /*  2 */
+        }
+    }
+  else
+    {
+      for (i = 30; i > 0; i -= 4)
+        {
+          D_ENCRYPT(l, r, i - 0); /* 16 */
+          D_ENCRYPT(r, l, i - 2); /* 15 */
+        }
+    }
+
+  l = (l >> 1) | (l << 31);
+  r = (r >> 1) | (r << 31);
+
+  /* clear the top bits on machines with 8byte longs */
+
+  l &= 0xffffffffl;
+  r &= 0xffffffffl;
+
+  data[0] = l;
+  data[1] = r;
+  l = r = t = u = 0;
 }
--- a/crypto/gmac.c
+++ b/crypto/gmac.c
@ -1,6 +1,7 @@
-/*	$OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $	*/
-
-/*
+/****************************************************************************
+ * crypto/gmac.c
+ * $OpenBSD: gmac.c,v 1.10 2017/05/02 11:44:32 mikeb Exp $
+ *
 * Copyright (c) 2010 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,13 +15,18 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
+ *
+ *
+ *
 * This code implements the Message Authentication part of the
 * Galois/Counter Mode (as being described in the RFC 4543) using
 * the AES cipher.  FIPS SP 800-38D describes the algorithm details.
- */
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>
@ -28,141 +34,169 @@
 #include <crypto/aes.h>
 #include <crypto/gmac.h>

-void	ghash_gfmul(uint32_t *, uint32_t *, uint32_t *);
-void	ghash_update_mi(GHASH_CTX *, uint8_t *, size_t);
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void ghash_gfmul(FAR uint32_t *, FAR uint32_t *, FAR uint32_t *);
+void ghash_update_mi(FAR GHASH_CTX *, FAR uint8_t *, size_t);

 /* Allow overriding with optimized MD function */
-void	(*ghash_update)(GHASH_CTX *, uint8_t *, size_t) = ghash_update_mi;
+
+CODE void (*ghash_update)(FAR GHASH_CTX *,
+                          FAR uint8_t *,
+                          size_t) = ghash_update_mi;

 /* Computes a block multiplication in the GF(2^128) */
-void
-ghash_gfmul(uint32_t *X, uint32_t *Y, uint32_t *product)
+
+void ghash_gfmul(FAR uint32_t *X, FAR uint32_t *Y, FAR uint32_t *product)
 {
-	uint32_t	v[4];
-	uint32_t	z[4] = { 0, 0, 0, 0};
-	uint8_t		*x = (uint8_t *)X;
-	uint32_t	mask;
-	int		i;
+  uint32_t v[4];
+  uint32_t z[4] =
+  {
+    0, 0, 0, 0
+  };

-	v[0] = betoh32(Y[0]);
-	v[1] = betoh32(Y[1]);
-	v[2] = betoh32(Y[2]);
-	v[3] = betoh32(Y[3]);
+  FAR uint8_t *x = (FAR uint8_t *)X;
+  uint32_t mask;
+  int i;

-	for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
-		/* update Z */
-		mask = !!(x[i >> 3] & (1 << (~i & 7)));
-		mask = ~(mask - 1);
-		z[0] ^= v[0] & mask;
-		z[1] ^= v[1] & mask;
-		z[2] ^= v[2] & mask;
-		z[3] ^= v[3] & mask;
+  v[0] = betoh32(Y[0]);
+  v[1] = betoh32(Y[1]);
+  v[2] = betoh32(Y[2]);
+  v[3] = betoh32(Y[3]);

-		/* update V */
-		mask = ~((v[3] & 1) - 1);
-		v[3] = (v[2] << 31) | (v[3] >> 1);
-		v[2] = (v[1] << 31) | (v[2] >> 1);
-		v[1] = (v[0] << 31) | (v[1] >> 1);
-		v[0] = (v[0] >> 1) ^ (0xe1000000 & mask);
-	}
+  for (i = 0; i < GMAC_BLOCK_LEN * 8; i++)
+    {
+      /* update Z */

-	product[0] = htobe32(z[0]);
-	product[1] = htobe32(z[1]);
-	product[2] = htobe32(z[2]);
-	product[3] = htobe32(z[3]);
+      mask = !!(x[i >> 3] & (1 << (~i & 7)));
+      mask = ~(mask - 1);
+      z[0] ^= v[0] & mask;
+      z[1] ^= v[1] & mask;
+      z[2] ^= v[2] & mask;
+      z[3] ^= v[3] & mask;
+
+      /* update V */
+
+      mask = ~((v[3] & 1) - 1);
+      v[3] = (v[2] << 31) | (v[3] >> 1);
+      v[2] = (v[1] << 31) | (v[2] >> 1);
+      v[1] = (v[0] << 31) | (v[1] >> 1);
+      v[0] = (v[0] >> 1) ^ (0xe1000000 & mask);
+    }
+
+  product[0] = htobe32(z[0]);
+  product[1] = htobe32(z[1]);
+  product[2] = htobe32(z[2]);
+  product[3] = htobe32(z[3]);
 }

-void
-ghash_update_mi(GHASH_CTX *ctx, uint8_t *X, size_t len)
+void ghash_update_mi(FAR GHASH_CTX *ctx, FAR uint8_t *X, size_t len)
 {
-	uint32_t	*x = (uint32_t *)X;
-	uint32_t	*s = (uint32_t *)ctx->S;
-	uint32_t	*y = (uint32_t *)ctx->Z;
-	int		i;
+  FAR uint32_t *x = (FAR uint32_t *)X;
+  FAR uint32_t *s = (FAR uint32_t *)ctx->S;
+  FAR uint32_t *y = (FAR uint32_t *)ctx->Z;
+  int i;

-	for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
-		s[0] = y[0] ^ x[0];
-		s[1] = y[1] ^ x[1];
-		s[2] = y[2] ^ x[2];
-		s[3] = y[3] ^ x[3];
+  for (i = 0; i < len / GMAC_BLOCK_LEN; i++)
+    {
+      s[0] = y[0] ^ x[0];
+      s[1] = y[1] ^ x[1];
+      s[2] = y[2] ^ x[2];
+      s[3] = y[3] ^ x[3];

-		ghash_gfmul((uint32_t *)ctx->S, (uint32_t *)ctx->H,
-		    (uint32_t *)ctx->S);
+      ghash_gfmul((FAR uint32_t *)ctx->S, (FAR uint32_t *)ctx->H,
+          (FAR uint32_t *)ctx->S);

-		y = s;
-		x += 4;
-	}
+      y = s;
+      x += 4;
+    }

-	bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
+  bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
 }

-#define AESCTR_NONCESIZE	4
+#define AESCTR_NONCESIZE 4

-void
-AES_GMAC_Init(void *xctx)
+void aes_gmac_init(FAR void *xctx)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;

-	bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
-	bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
-	bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
-	bzero(ctx->J, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
+  bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
+  bzero(ctx->J, GMAC_BLOCK_LEN);
 }

-void
-AES_GMAC_Setkey(void *xctx, const uint8_t *key, uint16_t klen)
+void aes_gmac_setkey(FAR void *xctx, FAR const uint8_t *key, uint16_t klen)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;

-	AES_Setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
-	/* copy out salt to the counter block */
-	bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
-	/* prepare a hash subkey */
-	AES_Encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
+  aes_setkey(&ctx->K, key, klen - AESCTR_NONCESIZE);
+
+  /* copy out salt to the counter block */
+
+  bcopy(key + klen - AESCTR_NONCESIZE, ctx->J, AESCTR_NONCESIZE);
+
+  /* prepare a hash subkey */
+
+  aes_encrypt(&ctx->K, ctx->ghash.H, ctx->ghash.H);
 }

-void
-AES_GMAC_Reinit(void *xctx, const uint8_t *iv, uint16_t ivlen)
+void aes_gmac_reinit(FAR void *xctx, FAR const uint8_t *iv, uint16_t ivlen)
 {
-	AES_GMAC_CTX	*ctx = xctx;
+  FAR AES_GMAC_CTX *ctx = xctx;

-	/* copy out IV to the counter block */
-	bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
+  /* copy out IV to the counter block */
+
+  bcopy(iv, ctx->J + AESCTR_NONCESIZE, ivlen);
 }

-int
-AES_GMAC_Update(void *xctx, const uint8_t *data, uint16_t len)
+int aes_gmac_update(FAR void *xctx, FAR const uint8_t *data, uint16_t len)
 {
-	AES_GMAC_CTX	*ctx = xctx;
-	uint32_t	blk[4] = { 0, 0, 0, 0 };
-	int		plen;
+  FAR AES_GMAC_CTX *ctx = xctx;
+  uint32_t blk[4] =
+  {
+    0, 0, 0, 0
+  };

-	if (len > 0) {
-		plen = len % GMAC_BLOCK_LEN;
-		if (len >= GMAC_BLOCK_LEN)
-			(*ghash_update)(&ctx->ghash, (uint8_t *)data,
-			    len - plen);
-		if (plen) {
-			memcpy((uint8_t *)blk, (uint8_t *)data + (len - plen),
-			    plen);
-			(*ghash_update)(&ctx->ghash, (uint8_t *)blk,
-			    GMAC_BLOCK_LEN);
-		}
-	}
-	return (0);
+  int plen;
+
+  if (len > 0)
+    {
+      plen = len % GMAC_BLOCK_LEN;
+      if (len >= GMAC_BLOCK_LEN)
+        {
+          (*ghash_update)(&ctx->ghash, (FAR uint8_t *)data,
+            len - plen);
+        }
+
+      if (plen)
+        {
+          memcpy((FAR uint8_t *)blk, (FAR uint8_t *)data + (len - plen),
+              plen);
+          (*ghash_update)(&ctx->ghash, (FAR uint8_t *)blk,
+              GMAC_BLOCK_LEN);
+        }
+    }
+
+  return (0);
 }

-void
-AES_GMAC_Final(uint8_t digest[GMAC_DIGEST_LEN], void *xctx)
+void aes_gmac_final(FAR uint8_t *digest, FAR void *xctx)
 {
-	AES_GMAC_CTX	*ctx = xctx;
-	uint8_t		keystream[GMAC_BLOCK_LEN];
-	int		i;
+  FAR AES_GMAC_CTX *ctx = xctx;
+  uint8_t keystream[GMAC_BLOCK_LEN];
+  int i;

-	/* do one round of GCTR */
-	ctx->J[GMAC_BLOCK_LEN - 1] = 1;
-	AES_Encrypt(&ctx->K, ctx->J, keystream);
-	for (i = 0; i < GMAC_DIGEST_LEN; i++)
-		digest[i] = ctx->ghash.S[i] ^ keystream[i];
-	explicit_bzero(keystream, sizeof(keystream));
+  /* do one round of GCTR */
+
+  ctx->J[GMAC_BLOCK_LEN - 1] = 1;
+  aes_encrypt(&ctx->K, ctx->J, keystream);
+  for (i = 0; i < GMAC_DIGEST_LEN; i++)
+    {
+      digest[i] = ctx->ghash.S[i] ^ keystream[i];
+    }
+
+  explicit_bzero(keystream, sizeof(keystream));
 }
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@ -1,6 +1,7 @@
-/*	$OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $	*/
-
-/*-
+/****************************************************************************
+ * crypto/hmac.c
+ * $OpenBSD: hmac.c,v 1.4 2016/09/19 18:09:40 tedu Exp $
+ *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,13 +15,17 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-/*
- * This code implements the HMAC algorithm described in RFC 2104 using
+/* This code implements the HMAC algorithm described in RFC 2104 using
 * the MD5, SHA1 and SHA-256 hash functions.
 */

+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include <sys/param.h>
 #include <sys/systm.h>

@ -29,164 +34,193 @@
 #include <crypto/sha2.h>
 #include <crypto/hmac.h>

-void
-HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void hmca_md5_init(FAR HMAC_MD5_CTX *ctx,
+                   FAR const uint8_t *key,
+                   u_int key_len)
 {
-	u_int8_t k_ipad[MD5_BLOCK_LENGTH];
-	int i;
+  uint8_t k_ipad[MD5_BLOCK_LENGTH];
+  int i;

-	if (key_len > MD5_BLOCK_LENGTH) {
-		MD5Init(&ctx->ctx);
-		MD5Update(&ctx->ctx, key, key_len);
-		MD5Final(ctx->key, &ctx->ctx);
-		ctx->key_len = MD5_DIGEST_LENGTH;
-	} else {
-		bcopy(key, ctx->key, key_len);
-		ctx->key_len = key_len;
-	}
+  if (key_len > MD5_BLOCK_LENGTH)
+    {
+      md5init(&ctx->ctx);
+      md5update(&ctx->ctx, key, key_len);
+      md5final(ctx->key, &ctx->ctx);
+      ctx->key_len = MD5_DIGEST_LENGTH;
+    }
+  else
+    {
+      bcopy(key, ctx->key, key_len);
+      ctx->key_len = key_len;
+    }

-	bzero(k_ipad, MD5_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < MD5_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+  bzero(k_ipad, MD5_BLOCK_LENGTH);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
+  for (i = 0; i < MD5_BLOCK_LENGTH; i++)
+    {
+      k_ipad[i] ^= 0x36;
+    }

-	MD5Init(&ctx->ctx);
-	MD5Update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);
+  md5init(&ctx->ctx);
+  md5update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);

-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }

-void
-HMAC_MD5_Update(HMAC_MD5_CTX *ctx, const u_int8_t *data, u_int len)
+void hmac_md5_update(FAR HMAC_MD5_CTX *ctx,
+                     FAR const uint8_t *data,
+                     u_int len)
 {
-	MD5Update(&ctx->ctx, data, len);
+  md5update(&ctx->ctx, data, len);
 }

-void
-HMAC_MD5_Final(u_int8_t digest[MD5_DIGEST_LENGTH], HMAC_MD5_CTX *ctx)
+void hmac_md5_final(FAR uint8_t *digest, FAR HMAC_MD5_CTX *ctx)
 {
-	u_int8_t k_opad[MD5_BLOCK_LENGTH];
-	int i;
+  uint8_t k_opad[MD5_BLOCK_LENGTH];
+  int i;

-	MD5Final(digest, &ctx->ctx);
+  md5final(digest, &ctx->ctx);

-	bzero(k_opad, MD5_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < MD5_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+  bzero(k_opad, MD5_BLOCK_LENGTH);
+  memcpy(k_opad, ctx->key, ctx->key_len);
+  for (i = 0; i < MD5_BLOCK_LENGTH; i++)
+    {
+      k_opad[i] ^= 0x5c;
+    }

-	MD5Init(&ctx->ctx);
-	MD5Update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
-	MD5Update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
-	MD5Final(digest, &ctx->ctx);
+  md5init(&ctx->ctx);
+  md5update(&ctx->ctx, k_opad, MD5_BLOCK_LENGTH);
+  md5update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);
+  md5final(digest, &ctx->ctx);

-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }

-void
-HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)
+void hmac_sha1_init(FAR HMAC_SHA1_CTX *ctx,
+                    FAR const uint8_t *key,
+                    u_int key_len)
 {
-	u_int8_t k_ipad[SHA1_BLOCK_LENGTH];
-	int i;
+  uint8_t k_ipad[SHA1_BLOCK_LENGTH];
+  int i;

-	if (key_len > SHA1_BLOCK_LENGTH) {
-		SHA1Init(&ctx->ctx);
-		SHA1Update(&ctx->ctx, key, key_len);
-		SHA1Final(ctx->key, &ctx->ctx);
-		ctx->key_len = SHA1_DIGEST_LENGTH;
-	} else {
-		bcopy(key, ctx->key, key_len);
-		ctx->key_len = key_len;
-	}
+  if (key_len > SHA1_BLOCK_LENGTH)
+    {
+      sha1init(&ctx->ctx);
+      sha1update(&ctx->ctx, key, key_len);
+      sha1final(ctx->key, &ctx->ctx);
+      ctx->key_len = SHA1_DIGEST_LENGTH;
+    }
+  else
+    {
+      bcopy(key, ctx->key, key_len);
+      ctx->key_len = key_len;
+    }

-	bzero(k_ipad, SHA1_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+  bzero(k_ipad, SHA1_BLOCK_LENGTH);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
+  for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+    {
+      k_ipad[i] ^= 0x36;
+    }

-	SHA1Init(&ctx->ctx);
-	SHA1Update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);
+  sha1init(&ctx->ctx);
+  sha1update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);

-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }

-void
-HMAC_SHA1_Update(HMAC_SHA1_CTX *ctx, const u_int8_t *data, u_int len)
+void hmac_sha1_update(FAR HMAC_SHA1_CTX *ctx,
+                      FAR const uint8_t *data,
+                      u_int len)
 {
-	SHA1Update(&ctx->ctx, data, len);
+  sha1update(&ctx->ctx, data, len);
 }

-void
-HMAC_SHA1_Final(u_int8_t digest[SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *ctx)
+void hmca_sha1_final(FAR uint8_t *digest, FAR HMAC_SHA1_CTX *ctx)
 {
-	u_int8_t k_opad[SHA1_BLOCK_LENGTH];
-	int i;
+  uint8_t k_opad[SHA1_BLOCK_LENGTH];
+  int i;

-	SHA1Final(digest, &ctx->ctx);
+  sha1final(digest, &ctx->ctx);

-	bzero(k_opad, SHA1_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+  bzero(k_opad, SHA1_BLOCK_LENGTH);
+  memcpy(k_opad, ctx->key, ctx->key_len);
+  for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
+    {
+      k_opad[i] ^= 0x5c;
+    }

-	SHA1Init(&ctx->ctx);
-	SHA1Update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
-	SHA1Update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
-	SHA1Final(digest, &ctx->ctx);
+  sha1init(&ctx->ctx);
+  sha1update(&ctx->ctx, k_opad, SHA1_BLOCK_LENGTH);
+  sha1update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);
+  sha1final(digest, &ctx->ctx);

-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }

-void
-HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)
+void hmac_sha256_init(FAR HMAC_SHA256_CTX *ctx,
+                      FAR const uint8_t *key,
+                      u_int key_len)
 {
-	u_int8_t k_ipad[SHA256_BLOCK_LENGTH];
-	int i;
+  uint8_t k_ipad[SHA256_BLOCK_LENGTH];
+  int i;

-	if (key_len > SHA256_BLOCK_LENGTH) {
-		SHA256Init(&ctx->ctx);
-		SHA256Update(&ctx->ctx, key, key_len);
-		SHA256Final(ctx->key, &ctx->ctx);
-		ctx->key_len = SHA256_DIGEST_LENGTH;
-	} else {
-		bcopy(key, ctx->key, key_len);
-		ctx->key_len = key_len;
-	}
+  if (key_len > SHA256_BLOCK_LENGTH)
+    {
+      sha256init(&ctx->ctx);
+      sha256update(&ctx->ctx, key, key_len);
+      sha256final(ctx->key, &ctx->ctx);
+      ctx->key_len = SHA256_DIGEST_LENGTH;
+    }
+  else
+    {
+      bcopy(key, ctx->key, key_len);
+      ctx->key_len = key_len;
+    }

-	bzero(k_ipad, SHA256_BLOCK_LENGTH);
-	memcpy(k_ipad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
-		k_ipad[i] ^= 0x36;
+  bzero(k_ipad, SHA256_BLOCK_LENGTH);
+  memcpy(k_ipad, ctx->key, ctx->key_len);
+  for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
+    {
+      k_ipad[i] ^= 0x36;
+    }

-	SHA256Init(&ctx->ctx);
-	SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);
+  sha256init(&ctx->ctx);
+  sha256update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);

-	explicit_bzero(k_ipad, sizeof k_ipad);
+  explicit_bzero(k_ipad, sizeof k_ipad);
 }

-void
-HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const u_int8_t *data, u_int len)
+void hmac_sha256_update(FAR HMAC_SHA256_CTX *ctx,
+                        FAR const uint8_t *data,
+                        u_int len)
 {
-	SHA256Update(&ctx->ctx, data, len);
+  sha256update(&ctx->ctx, data, len);
 }

-void
-HMAC_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *ctx)
+void hmac_sha256_final(FAR uint8_t *digest,
+                       FAR HMAC_SHA256_CTX *ctx)
 {
-	u_int8_t k_opad[SHA256_BLOCK_LENGTH];
-	int i;
+  uint8_t k_opad[SHA256_BLOCK_LENGTH];
+  int i;

-	SHA256Final(digest, &ctx->ctx);
+  sha256final(digest, &ctx->ctx);

-	bzero(k_opad, SHA256_BLOCK_LENGTH);
-	memcpy(k_opad, ctx->key, ctx->key_len);
-	for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
-		k_opad[i] ^= 0x5c;
+  bzero(k_opad, SHA256_BLOCK_LENGTH);
+  memcpy(k_opad, ctx->key, ctx->key_len);
+  for (i = 0; i < SHA256_BLOCK_LENGTH; i++)
+    {
+      k_opad[i] ^= 0x5c;
+    }

-	SHA256Init(&ctx->ctx);
-	SHA256Update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
-	SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
-	SHA256Final(digest, &ctx->ctx);
+  sha256init(&ctx->ctx);
+  sha256update(&ctx->ctx, k_opad, SHA256_BLOCK_LENGTH);
+  sha256update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);
+  sha256final(digest, &ctx->ctx);

-	explicit_bzero(k_opad, sizeof k_opad);
+  explicit_bzero(k_opad, sizeof k_opad);
 }
--- a/crypto/idgen.c
+++ b/crypto/idgen.c
@ -1,5 +1,7 @@
-/*	$OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * crypto/idgen.c
+ * $OpenBSD: idgen.c,v 1.8 2020/07/22 13:54:30 tobhe Exp $
+ *
 * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -13,126 +15,142 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/

-/*
- * IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
+/* IDGEN32: non-repeating ID generation covering an almost maximal 32-bit
 * range.
- *
 * IDGEN32 is based on public domain SKIP32 by Greg Rose.
 */

+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include <sys/types.h>
 #include <sys/systm.h>
 #include <sys/time.h>

 #include <crypto/idgen.h>

-static const u_int8_t idgen32_ftable[256] = { 
-	0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
-	0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
-	0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
-	0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
-	0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
-	0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
-	0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
-	0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
-	0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
-	0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
-	0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
-	0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
-	0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
-	0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
-	0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
-	0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
-	0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
-	0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
-	0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
-	0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
-	0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
-	0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
-	0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
-	0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
-	0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
-	0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
-	0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
-	0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
-	0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
-	0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
-	0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
-	0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
+static const uint8_t idgen32_ftable[256] =
+{
+  0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
+  0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
+  0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
+  0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
+  0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
+  0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
+  0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
+  0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
+  0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
+  0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
+  0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
+  0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
+  0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
+  0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
+  0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
+  0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
+  0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
+  0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
+  0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
+  0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
+  0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
+  0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
+  0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
+  0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
+  0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
+  0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
+  0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
+  0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
+  0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
+  0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
+  0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
+  0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
 };

-static u_int16_t
-idgen32_g(u_int8_t *key, int k, u_int16_t w)
+static uint16_t idgen32_g(FAR uint8_t *key, int k, uint16_t w)
 {
-	u_int8_t g1, g2, g3, g4, g5, g6;
-	u_int o = k * 4;
+  uint8_t g1;
+  uint8_t g2;
+  uint8_t g3;
+  uint8_t g4;
+  uint8_t g5;
+  uint8_t g6;
+  u_int o = k * 4;

-	g1 = (w >> 8) & 0xff;
-	g2 = w & 0xff;
+  g1 = (w >> 8) & 0xff;
+  g2 = w & 0xff;

-	g3 = idgen32_ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
-	g4 = idgen32_ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
-	g5 = idgen32_ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
-	g6 = idgen32_ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;
+  g3 = idgen32_ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
+  g4 = idgen32_ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
+  g5 = idgen32_ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
+  g6 = idgen32_ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;

-	return (g5 << 8) | g6;
+  return (g5 << 8) | g6;
 }

-static u_int32_t
-idgen32_permute(struct idgen32_ctx *ctx, u_int32_t in)
+static uint32_t idgen32_permute(FAR struct idgen32_ctx *ctx, uint32_t in)
 {
-	u_int i, r;
-	u_int16_t wl, wr;
+  u_int i, r;
+  uint16_t wl;
+  uint16_t wr;

-	wl = (in >> 16) & 0x7fff;
-	wr = in & 0xffff;
+  wl = (in >> 16) & 0x7fff;
+  wr = in & 0xffff;

-	/* Doubled up rounds, with an odd round at the end to swap */
-	for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) {
-		wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
-		r++;
-		wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
-		r++;
-	}
-	wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
+  /* Doubled up rounds, with an odd round at the end to swap */

-	return (wl << 16) | wr;
+  for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i)
+    {
+      wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
+      r++;
+      wl ^= (idgen32_g(ctx->id32_key, r, wr) ^ r) & 0x7fff;
+      r++;
+    }
+
+  wr ^= (idgen32_g(ctx->id32_key, r, wl) ^ r);
+
+  return (wl << 16) | wr;
 }

-static void
-idgen32_rekey(struct idgen32_ctx *ctx)
+static void idgen32_rekey(FAR struct idgen32_ctx *ctx)
 {
-	ctx->id32_counter = 0;
-	ctx->id32_hibit ^= 0x80000000;
-	ctx->id32_offset = arc4random();
-	arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key));
-	ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
+  ctx->id32_counter = 0;
+  ctx->id32_hibit ^= 0x80000000;
+  ctx->id32_offset = arc4random();
+  arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key));
+  ctx->id32_rekey_time = getuptime() + IDGEN32_REKEY_TIME;
 }

-void
-idgen32_init(struct idgen32_ctx *ctx)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void idgen32_init(FAR struct idgen32_ctx *ctx)
 {
-	bzero(ctx, sizeof(*ctx));
-	ctx->id32_hibit = arc4random() & 0x80000000;
-	idgen32_rekey(ctx);
+  bzero(ctx, sizeof(*ctx));
+  ctx->id32_hibit = arc4random() & 0x80000000;
+  idgen32_rekey(ctx);
 }

-u_int32_t
-idgen32(struct idgen32_ctx *ctx)
+uint32_t idgen32(FAR struct idgen32_ctx *ctx)
 {
-	u_int32_t ret;
+  uint32_t ret;

-	do {
-		/* Rekey a little early to avoid "card counting" attack */
-		if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
-		    ctx->id32_rekey_time < getuptime())
-			idgen32_rekey(ctx);
-		ret = ctx->id32_hibit | idgen32_permute(ctx,
-		    (ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
-	} while (ret == 0); /* Zero IDs are often special, so avoid */
+  do
+    {
+      /* Rekey a little early to avoid "card counting" attack */

-	return ret;
+      if (ctx->id32_counter > IDGEN32_REKEY_LIMIT ||
+          ctx->id32_rekey_time < getuptime())
+        {
+          idgen32_rekey(ctx);
+        }
+
+      ret = ctx->id32_hibit | idgen32_permute(ctx,
+          (ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff);
+    }
+  while (ret == 0); /* Zero IDs are often special, so avoid */
+
+  return ret;
 }
-
--- a/crypto/key_wrap.c
+++ b/crypto/key_wrap.c
@ -1,6 +1,7 @@
-/*	$OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $	*/
-
-/*-
+/****************************************************************************
+ * crypto/key_wrap.c
+ * $OpenBSD: key_wrap.c,v 1.5 2017/05/02 17:07:06 mikeb Exp $
+ *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,11 +15,13 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/

-/*
- * This code implements the AES Key Wrap algorithm described in RFC 3394.
- */
+/* This code implements the AES Key Wrap algorithm described in RFC 3394. */
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>
@ -26,87 +29,127 @@
 #include <crypto/aes.h>
 #include <crypto/key_wrap.h>

-static const u_int8_t IV[8] =
-	{ 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6 };
-
-void
-aes_key_wrap_set_key(aes_key_wrap_ctx *ctx, const u_int8_t *K, size_t K_len)
+static const uint8_t IV[8] =
 {
-	AES_Setkey(&ctx->ctx, K, K_len);
+  0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *ctx,
+                          FAR const uint8_t *K,
+                          size_t k_len)
+{
+  aes_setkey(&ctx->ctx, K, k_len);
 }

-void
-aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *ctx, const u_int8_t *K,
-    size_t K_len)
+void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *ctx,
+                                    FAR const uint8_t *K,
+                                    size_t k_len)
 {
-	AES_Setkey(&ctx->ctx, K, K_len);
+  aes_setkey(&ctx->ctx, K, k_len);
 }

-void
-aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)
+void aes_key_wrap(FAR aes_key_wrap_ctx *ctx,
+                  FAR const uint8_t *P,
+                  size_t n, FAR uint8_t *C)
 {
-	u_int64_t B[2], t;
-	u_int8_t *A, *R;
-	size_t i;
-	int j;
+  uint64_t B[2];
+  uint64_t t;
+  FAR uint8_t *A;
+  FAR uint8_t *R;
+  size_t i;
+  int j;

-	memmove(C + 8, P, n * 8);	/* P and C may overlap */
-	A = C;				/* A points to C[0] */
-	memcpy(A, IV, 8);		/* A = IV, an initial value */
+  memmove(C + 8, P, n * 8); /* P and C may overlap */
+  A = C;                    /* A points to C[0] */
+  memcpy(A, IV, 8);         /* A = IV, an initial value */

-	for (j = 0, t = 1; j <= 5; j++) {
-		R = C + 8;
-		for (i = 1; i <= n; i++, t++) {
-			/* B = A | R[i] */
-			memcpy(&B[0], A, 8);
-			memcpy(&B[1], R, 8);
-			/* B = AES(K, B) */
-			AES_Encrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
-			/* MSB(64, B) = MSB(64, B) ^ t */
-			B[0] ^= htobe64(t);
-			/* A = MSB(64, B) */
-			memcpy(A, &B[0], 8);
-			/* R[i] = LSB(64, B) */
-			memcpy(R, &B[1], 8);
+  for (j = 0, t = 1; j <= 5; j++)
+    {
+      R = C + 8;
+      for (i = 1; i <= n; i++, t++)
+        {
+          /* B = A | R[i] */

-			R += 8;
-		}
-	}
-	explicit_bzero(B, sizeof B);
+          memcpy(&B[0], A, 8);
+          memcpy(&B[1], R, 8);
+
+          /* B = AES(K, B) */
+
+          aes_encrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
+
+          /* MSB(64, B) = MSB(64, B) ^ t */
+
+          B[0] ^= htobe64(t);
+
+          /* A = MSB(64, B) */
+
+          memcpy(A, &B[0], 8);
+
+          /* R[i] = LSB(64, B) */
+
+          memcpy(R, &B[1], 8);
+
+          R += 8;
+        }
+    }
+
+  explicit_bzero(B, sizeof B);
 }

-int
-aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)
+int aes_key_unwrap(FAR aes_key_wrap_ctx *ctx,
+                   FAR const uint8_t *C,
+                   FAR uint8_t *P, size_t n)
 {
-	u_int64_t B[2], t;
-	u_int8_t A[8], *R;
-	size_t i;
-	int j;
+  uint64_t B[2];
+  uint64_t t;
+  uint8_t A[8];
+  FAR uint8_t *R;
+  size_t i;
+  int j;

-	memcpy(A, C, 8);		/* A = C[0] */
-	memmove(P, C + 8, n * 8);	/* P and C may overlap */
+  memcpy(A, C, 8);          /* A = C[0] */
+  memmove(P, C + 8, n * 8); /* P and C may overlap */

-	for (j = 5, t = 6 * n; j >= 0; j--) {
-		R = P + (n - 1) * 8;
-		for (i = n; i >= 1; i--, t--) {
-			/* MSB(64, B) = A */
-			memcpy(&B[0], A, 8);
-			/* MSB(64, B) = MSB(64, B) ^ t */
-			B[0] ^= htobe64(t);
-			/* B = MSB(64, B) | R[i] */
-			memcpy(&B[1], R, 8);
-			/* B = AES-1(K, B) */
-			AES_Decrypt(&ctx->ctx, (uint8_t *)B, (uint8_t *)B);
-			/* A = MSB(64, B) */
-			memcpy(A, &B[0], 8);
-			/* R[i] = LSB(64, B) */
-			memcpy(R, &B[1], 8);
+  for (j = 5, t = 6 * n; j >= 0; j--)
+    {
+      R = P + (n - 1) * 8;
+      for (i = n; i >= 1; i--, t--)
+        {
+          /* MSB(64, B) = A */

-			R -= 8;
-		}
-	}
-	explicit_bzero(B, sizeof B);
+          memcpy(&B[0], A, 8);

-	/* check that A is an appropriate initial value */
-	return timingsafe_bcmp(A, IV, 8) != 0;
+          /* MSB(64, B) = MSB(64, B) ^ t */
+
+          B[0] ^= htobe64(t);
+
+          /* B = MSB(64, B) | R[i] */
+
+          memcpy(&B[1], R, 8);
+
+          /* B = AES-1(K, B) */
+
+          aes_decrypt(&ctx->ctx, (FAR uint8_t *)B, (FAR uint8_t *)B);
+
+          /* A = MSB(64, B) */
+
+          memcpy(A, &B[0], 8);
+
+          /* R[i] = LSB(64, B) */
+
+          memcpy(R, &B[1], 8);
+
+          R -= 8;
+        }
+    }
+
+  explicit_bzero(B, sizeof B);
+
+  /* check that A is an appropriate initial value */
+
+  return timingsafe_bcmp(A, IV, 8) != 0;
 }
--- a/crypto/md5.c
+++ b/crypto/md5.c
@ -1,8 +1,9 @@
-/*	$OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $	*/
-
-/*
+/****************************************************************************
+ * crypto/md5.c
+ * $OpenBSD: md5.c,v 1.4 2014/12/28 10:04:35 tedu Exp $
+ *
 * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest.	This code was
+ * The algorithm is due to Ron Rivest. This code was
 * written by Colin Plumb in 1993, no copyright is claimed.
 * This code is in the public domain; do with it what you wish.
 *
@ -15,224 +16,263 @@
 * MD5Context structure, pass it to MD5Init, call MD5Update as
 * needed on buffers full of bytes, and then call MD5Final, which
 * will fill a supplied 16-byte array with the digest.
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>
 #include <crypto/md5.h>

-#define PUT_64BIT_LE(cp, value) do {					\
-	(cp)[7] = (value) >> 56;					\
-	(cp)[6] = (value) >> 48;					\
-	(cp)[5] = (value) >> 40;					\
-	(cp)[4] = (value) >> 32;					\
-	(cp)[3] = (value) >> 24;					\
-	(cp)[2] = (value) >> 16;					\
-	(cp)[1] = (value) >> 8;						\
-	(cp)[0] = (value); } while (0)
+#define PUT_64BIT_LE(cp, value)           \
+  do                                      \
+    {                                     \
+      (cp)[7] = (value) >> 56;            \
+      (cp)[6] = (value) >> 48;            \
+      (cp)[5] = (value) >> 40;            \
+      (cp)[4] = (value) >> 32;            \
+      (cp)[3] = (value) >> 24;            \
+      (cp)[2] = (value) >> 16;            \
+      (cp)[1] = (value) >> 8;             \
+      (cp)[0] = (value);                  \
+    }                                     \
+  while (0)

-#define PUT_32BIT_LE(cp, value) do {					\
-	(cp)[3] = (value) >> 24;					\
-	(cp)[2] = (value) >> 16;					\
-	(cp)[1] = (value) >> 8;						\
-	(cp)[0] = (value); } while (0)
+#define PUT_32BIT_LE(cp, value)           \
+  do                                      \
+    {                                     \
+      (cp)[3] = (value) >> 24;            \
+      (cp)[2] = (value) >> 16;            \
+      (cp)[1] = (value) >> 8;             \
+      (cp)[0] = (value);                  \
+    }                                     \
+  while (0)

-static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
-	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+static uint8_t PADDING[MD5_BLOCK_LENGTH] =
+{
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };

-/*
- * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/* Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
 * initialization constants.
 */
-void
-MD5Init(MD5_CTX *ctx)
+
+void md5init(FAR MD5_CTX *ctx)
 {
-	ctx->count = 0;
-	ctx->state[0] = 0x67452301;
-	ctx->state[1] = 0xefcdab89;
-	ctx->state[2] = 0x98badcfe;
-	ctx->state[3] = 0x10325476;
+  ctx->count = 0;
+  ctx->state[0] = 0x67452301;
+  ctx->state[1] = 0xefcdab89;
+  ctx->state[2] = 0x98badcfe;
+  ctx->state[3] = 0x10325476;
 }

-/*
- * Update context to reflect the concatenation of another buffer full
+/* Update context to reflect the concatenation of another buffer full
 * of bytes.
 */
-void
-MD5Update(MD5_CTX *ctx, const void *inputptr, size_t len)
+
+void md5update(FAR MD5_CTX *ctx, FAR const void *inputptr, size_t len)
 {
-	const uint8_t *input = inputptr;
-	size_t have, need;
+  FAR const uint8_t *input = inputptr;
+  size_t have;
+  size_t need;

-	/* Check how many bytes we already have and how many more we need. */
-	have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
-	need = MD5_BLOCK_LENGTH - have;
+  /* Check how many bytes we already have and how many more we need. */

-	/* Update bitcount */
-	ctx->count += (u_int64_t)len << 3;
+  have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+  need = MD5_BLOCK_LENGTH - have;

-	if (len >= need) {
-		if (have != 0) {
-			memcpy(ctx->buffer + have, input, need);
-			MD5Transform(ctx->state, ctx->buffer);
-			input += need;
-			len -= need;
-			have = 0;
-		}
+  /* Update bitcount */

-		/* Process data in MD5_BLOCK_LENGTH-byte chunks. */
-		while (len >= MD5_BLOCK_LENGTH) {
-			MD5Transform(ctx->state, input);
-			input += MD5_BLOCK_LENGTH;
-			len -= MD5_BLOCK_LENGTH;
-		}
-	}
+  ctx->count += (uint64_t)len << 3;

-	/* Handle any remaining bytes of data. */
-	if (len != 0)
-		memcpy(ctx->buffer + have, input, len);
+  if (len >= need)
+    {
+      if (have != 0)
+        {
+          memcpy(ctx->buffer + have, input, need);
+          md5transform(ctx->state, ctx->buffer);
+          input += need;
+          len -= need;
+          have = 0;
+        }
+
+      /* Process data in MD5_BLOCK_LENGTH-byte chunks. */
+
+      while (len >= MD5_BLOCK_LENGTH)
+        {
+          md5transform(ctx->state, input);
+          input += MD5_BLOCK_LENGTH;
+          len -= MD5_BLOCK_LENGTH;
+        }
+    }
+
+  /* Handle any remaining bytes of data. */
+
+  if (len != 0)
+    {
+      memcpy(ctx->buffer + have, input, len);
+    }
 }

-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
+/* Final wrapup - pad to 64-byte boundary with the bit pattern
 * 1 0* (64-bit count of bits processed, MSB-first)
 */
-void
-MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
+
+void md5final(FAR unsigned char *digest, FAR MD5_CTX *ctx)
 {
-	u_int8_t count[8];
-	size_t padlen;
-	int i;
+  uint8_t count[8];
+  size_t padlen;
+  int i;

-	/* Convert count to 8 bytes in little endian order. */
-	PUT_64BIT_LE(count, ctx->count);
+  /* Convert count to 8 bytes in little endian order. */

-	/* Pad out to 56 mod 64. */
-	padlen = MD5_BLOCK_LENGTH -
-	    ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
-	if (padlen < 1 + 8)
-		padlen += MD5_BLOCK_LENGTH;
-	MD5Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
-	MD5Update(ctx, count, 8);
+  PUT_64BIT_LE(count, ctx->count);

-	for (i = 0; i < 4; i++)
-		PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
-	explicit_bzero(ctx, sizeof(*ctx));	/* in case it's sensitive */
+  /* Pad out to 56 mod 64. */
+
+  padlen = MD5_BLOCK_LENGTH -
+      ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
+  if (padlen < 1 + 8)
+    {
+      padlen += MD5_BLOCK_LENGTH;
+    }
+
+  md5update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
+  md5update(ctx, count, 8);
+
+  for (i = 0; i < 4; i++)
+    {
+      PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+    }
+
+  explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */
 }

-
 /* The four core functions - F1 is optimized somewhat */

 /* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
+
+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 #define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
+#define F3(x, y, z) ((x) ^ (y) ^ (z))
+#define F4(x, y, z) ((y) ^ ((x) | ~(z)))

 /* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
-	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )

-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
+#define MD5STEP(f, w, x, y, z, data, s) \
+  ((w) += f(x, y, z) + (data), \
+   (w) = (w) << (s) | (w) >> (32 - (s)), \
+   (w) += (x))
+
+/* The core of the MD5 algorithm, this alters an existing MD5 hash to
 * reflect the addition of 16 longwords of new data.  MD5Update blocks
 * the data and converts bytes into longwords for this routine.
 */
-void
-MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
+
+void md5transform(FAR uint32_t *state, FAR const uint8_t *block)
 {
-	u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
+  uint32_t a;
+  uint32_t b;
+  uint32_t c;
+  uint32_t d;
+  uint32_t in[MD5_BLOCK_LENGTH / 4];

 #if BYTE_ORDER == LITTLE_ENDIAN
-	memcpy(in, block, sizeof(in));
+  memcpy(in, block, sizeof(in));
 #else
-	for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
-		in[a] = (u_int32_t)(
-		    (u_int32_t)(block[a * 4 + 0]) |
-		    (u_int32_t)(block[a * 4 + 1]) <<  8 |
-		    (u_int32_t)(block[a * 4 + 2]) << 16 |
-		    (u_int32_t)(block[a * 4 + 3]) << 24);
-	}
+  for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++)
+    {
+      in[a] = (uint32_t)(
+          (uint32_t)(block[a * 4 + 0]) |
+          (uint32_t)(block[a * 4 + 1]) <<  8 |
+          (uint32_t)(block[a * 4 + 2]) << 16 |
+          (uint32_t)(block[a * 4 + 3]) << 24);
+    }
 #endif

-	a = state[0];
-	b = state[1];
-	c = state[2];
-	d = state[3];
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];

-	MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478,  7);
-	MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12);
-	MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17);
-	MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22);
-	MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf,  7);
-	MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12);
-	MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17);
-	MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22);
-	MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8,  7);
-	MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12);
-	MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
-	MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
-	MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122,  7);
-	MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
-	MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
-	MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+  MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+  MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+  MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
+  MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+  MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+  MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+  MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
+  MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
+  MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
+  MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+  MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+  MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+  MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
+  MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+  MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+  MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);

-	MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562,  5);
-	MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340,  9);
-	MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
-	MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20);
-	MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d,  5);
-	MD5STEP(F2, d, a, b, c, in[10] + 0x02441453,  9);
-	MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
-	MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20);
-	MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6,  5);
-	MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6,  9);
-	MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14);
-	MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20);
-	MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905,  5);
-	MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8,  9);
-	MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14);
-	MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+  MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+  MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
+  MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+  MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+  MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+  MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
+  MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+  MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+  MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+  MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+  MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+  MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+  MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+  MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+  MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+  MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);

-	MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942,  4);
-	MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11);
-	MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
-	MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
-	MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44,  4);
-	MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11);
-	MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16);
-	MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
-	MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6,  4);
-	MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11);
-	MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16);
-	MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23);
-	MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039,  4);
-	MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
-	MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
-	MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23);
+  MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+  MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
+  MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+  MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+  MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+  MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+  MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+  MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+  MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+  MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+  MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+  MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
+  MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+  MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+  MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+  MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);

-	MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244,  6);
-	MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10);
-	MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
-	MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21);
-	MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3,  6);
-	MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10);
-	MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
-	MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21);
-	MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f,  6);
-	MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
-	MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15);
-	MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
-	MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82,  6);
-	MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
-	MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15);
-	MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21);
+  MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
+  MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
+  MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+  MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+  MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+  MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+  MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+  MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+  MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+  MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+  MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
+  MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+  MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+  MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+  MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+  MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);

-	state[0] += a;
-	state[1] += b;
-	state[2] += c;
-	state[3] += d;
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
 }
--- a/crypto/podd.h
+++ b/crypto/podd.h
@ -1,22 +1,23 @@
-/*	$OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $	*/
-
-/* lib/des/podd.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/podd.h
+ * $OpenBSD: podd.h,v 1.1 2000/02/28 23:13:05 deraadt Exp $
+ * lib/des/podd.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed
+ *    by Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,27 +42,41 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/

-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+static const unsigned char odd_parity[256] =
+{
+  1, 1, 2,  2, 4, 4, 7, 7, 8, 8, 11, 11, 13,
+  13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22,
+  25, 25, 26, 26, 28, 28, 31, 31, 32, 32, 35,
+  35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44,
+  47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56,
+  56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67,
+  69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79,
+  79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88,
+  91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100,
+  100, 103, 103, 104, 104, 107, 107, 109, 109,
+  110, 110, 112, 112, 115, 115, 117, 117, 118,
+  118, 121, 121, 122, 122, 124, 124, 127, 127,
+  128, 128, 131, 131, 133, 133, 134, 134, 137,
+  137, 138, 138, 140, 140, 143, 143, 145, 145,
+  146, 146, 148, 148, 151, 151, 152, 152, 155,
+  155, 157, 157, 158, 158, 161, 161, 162, 162,
+  164, 164, 167, 167, 168, 168, 171, 171, 173,
+  173, 174, 174, 176, 176, 179, 179, 181, 181,
+  182, 182, 185, 185, 186, 186, 188, 188, 191,
+  191, 193, 193, 194, 194, 196, 196, 199, 199,
+  200, 200, 203, 203, 205, 205, 206, 206, 208,
+  208, 211, 211, 213, 213, 214, 214, 217, 217,
+  218, 218, 220, 220, 223, 223, 224, 224, 227,
+  227, 229, 229, 230, 230, 233, 233, 234, 234,
+  236, 236, 239, 239, 241, 241, 242, 242, 244,
+  244, 247, 247, 248, 248, 251, 251, 253, 253,
+  254, 254
+};
--- a/crypto/poly1305.c
+++ b/crypto/poly1305.c
@ -1,301 +1,371 @@
-/*	$OpenBSD: poly1305.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * crypto/poly1305.c
+ * $OpenBSD: poly1305.c,v 1.2 2020/07/22 13:54:30 tobhe Exp $
+ *
 * Public Domain poly1305 from Andrew Moon
 * Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from:
 *   https://github.com/floodyberry/poly1305-donna
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/types.h>
 #include <sys/systm.h>

 #include <crypto/poly1305.h>

-/*
- * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
+/* poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
 * and 64 bit addition.
 */

-/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */
-static unsigned long
-U8TO32(const unsigned char *p)
+/* interpret four 8 bit unsigned integers as a
+ * 32 bit unsigned integer in little endian
+ */
+
+static unsigned long U8TO32(FAR const unsigned char *p)
 {
-	return (((unsigned long)(p[0] & 0xff)) |
-	    ((unsigned long)(p[1] & 0xff) <<  8) |
-	    ((unsigned long)(p[2] & 0xff) << 16) |
-	    ((unsigned long)(p[3] & 0xff) << 24));
+  return (((unsigned long)(p[0] & 0xff)) |
+      ((unsigned long)(p[1] & 0xff) <<  8) |
+      ((unsigned long)(p[2] & 0xff) << 16) |
+      ((unsigned long)(p[3] & 0xff) << 24));
 }

-/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */
-static void
-U32TO8(unsigned char *p, unsigned long v)
+/* store a 32 bit unsigned integer as four
+ * 8 bit unsigned integers in little endian
+ */
+
+static void U32TO8(FAR unsigned char *p, unsigned long v)
 {
-	p[0] = (v) & 0xff;
-	p[1] = (v >>  8) & 0xff;
-	p[2] = (v >> 16) & 0xff;
-	p[3] = (v >> 24) & 0xff;
+  p[0] = (v) & 0xff;
+  p[1] = (v >>  8) & 0xff;
+  p[2] = (v >> 16) & 0xff;
+  p[3] = (v >> 24) & 0xff;
 }

-void
-poly1305_init(poly1305_state *st, const unsigned char key[32])
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void poly1305_init(FAR poly1305_state *st, FAR const unsigned char *key)
 {
-	/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
-	st->r[0] = (U8TO32(&key[0])) & 0x3ffffff;
-	st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03;
-	st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff;
-	st->r[3] = (U8TO32(&key[9]) >> 6) & 0x3f03fff;
-	st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;
+  /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */

-	/* h = 0 */
-	st->h[0] = 0;
-	st->h[1] = 0;
-	st->h[2] = 0;
-	st->h[3] = 0;
-	st->h[4] = 0;
+  st->r[0] = (U8TO32(&key[0])) & 0x3ffffff;
+  st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03;
+  st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff;
+  st->r[3] = (U8TO32(&key[9]) >> 6) & 0x3f03fff;
+  st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;

-	/* save pad for later */
-	st->pad[0] = U8TO32(&key[16]);
-	st->pad[1] = U8TO32(&key[20]);
-	st->pad[2] = U8TO32(&key[24]);
-	st->pad[3] = U8TO32(&key[28]);
+  /* h = 0 */

-	st->leftover = 0;
-	st->final = 0;
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+  st->h[3] = 0;
+  st->h[4] = 0;
+
+  /* save pad for later */
+
+  st->pad[0] = U8TO32(&key[16]);
+  st->pad[1] = U8TO32(&key[20]);
+  st->pad[2] = U8TO32(&key[24]);
+  st->pad[3] = U8TO32(&key[28]);
+
+  st->leftover = 0;
+  st->final = 0;
 }

-static void
-poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
+static void poly1305_blocks(FAR poly1305_state *st,
+                            FAR const unsigned char *m,
+                            size_t bytes)
 {
-	const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
-	unsigned long r0, r1, r2, r3, r4;
-	unsigned long s1, s2, s3, s4;
-	unsigned long h0, h1, h2, h3, h4;
-	unsigned long long d0, d1, d2, d3, d4;
-	unsigned long c;
+  const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
+  unsigned long r0;
+  unsigned long r1;
+  unsigned long r2;
+  unsigned long r3;
+  unsigned long r4;
+  unsigned long s1;
+  unsigned long s2;
+  unsigned long s3;
+  unsigned long s4;
+  unsigned long h0;
+  unsigned long h1;
+  unsigned long h2;
+  unsigned long h3;
+  unsigned long h4;
+  unsigned long long d0;
+  unsigned long long d1;
+  unsigned long long d2;
+  unsigned long long d3;
+  unsigned long long d4;
+  unsigned long c;

-	r0 = st->r[0];
-	r1 = st->r[1];
-	r2 = st->r[2];
-	r3 = st->r[3];
-	r4 = st->r[4];
+  r0 = st->r[0];
+  r1 = st->r[1];
+  r2 = st->r[2];
+  r3 = st->r[3];
+  r4 = st->r[4];

-	s1 = r1 * 5;
-	s2 = r2 * 5;
-	s3 = r3 * 5;
-	s4 = r4 * 5;
+  s1 = r1 * 5;
+  s2 = r2 * 5;
+  s3 = r3 * 5;
+  s4 = r4 * 5;

-	h0 = st->h[0];
-	h1 = st->h[1];
-	h2 = st->h[2];
-	h3 = st->h[3];
-	h4 = st->h[4];
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+  h3 = st->h[3];
+  h4 = st->h[4];

-	while (bytes >= poly1305_block_size) {
-		/* h += m[i] */
-		h0 += (U8TO32(m + 0)) & 0x3ffffff;
-		h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff;
-		h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff;
-		h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff;
-		h4 += (U8TO32(m + 12) >> 8) | hibit;
+  while (bytes >= poly1305_block_size)
+    {
+      /* h += m[i] */

-		/* h *= r */
-		d0 = ((unsigned long long)h0 * r0) +
-		    ((unsigned long long)h1 * s4) +
-		    ((unsigned long long)h2 * s3) +
-		    ((unsigned long long)h3 * s2) +
-		    ((unsigned long long)h4 * s1);
-		d1 = ((unsigned long long)h0 * r1) +
-		    ((unsigned long long)h1 * r0) +
-		    ((unsigned long long)h2 * s4) +
-		    ((unsigned long long)h3 * s3) +
-		    ((unsigned long long)h4 * s2);
-		d2 = ((unsigned long long)h0 * r2) +
-		    ((unsigned long long)h1 * r1) +
-		    ((unsigned long long)h2 * r0) +
-		    ((unsigned long long)h3 * s4) +
-		    ((unsigned long long)h4 * s3);
-		d3 = ((unsigned long long)h0 * r3) +
-		    ((unsigned long long)h1 * r2) +
-		    ((unsigned long long)h2 * r1) +
-		    ((unsigned long long)h3 * r0) +
-		    ((unsigned long long)h4 * s4);
-		d4 = ((unsigned long long)h0 * r4) +
-		    ((unsigned long long)h1 * r3) +
-		    ((unsigned long long)h2 * r2) +
-		    ((unsigned long long)h3 * r1) +
-		    ((unsigned long long)h4 * r0);
+      h0 += (U8TO32(m + 0)) & 0x3ffffff;
+      h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff;
+      h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff;
+      h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff;
+      h4 += (U8TO32(m + 12) >> 8) | hibit;

-		/* (partial) h %= p */
-		c = (unsigned long)(d0 >> 26);
-		h0 = (unsigned long)d0 & 0x3ffffff;
-		d1 += c;
-		c = (unsigned long)(d1 >> 26);
-		h1 = (unsigned long)d1 & 0x3ffffff;
-		d2 += c;
-		c = (unsigned long)(d2 >> 26);
-		h2 = (unsigned long)d2 & 0x3ffffff;
-		d3 += c;
-		c = (unsigned long)(d3 >> 26);
-		h3 = (unsigned long)d3 & 0x3ffffff;
-		d4 += c;
-		c = (unsigned long)(d4 >> 26);
-		h4 = (unsigned long)d4 & 0x3ffffff;
-		h0 += c * 5;
-		c = (h0 >> 26);
-		h0 = h0 & 0x3ffffff;
-		h1 += c;
+      /* h *= r */

-		m += poly1305_block_size;
-		bytes -= poly1305_block_size;
-	}
+      d0 = ((unsigned long long)h0 * r0) +
+          ((unsigned long long)h1 * s4) +
+          ((unsigned long long)h2 * s3) +
+          ((unsigned long long)h3 * s2) +
+          ((unsigned long long)h4 * s1);
+      d1 = ((unsigned long long)h0 * r1) +
+          ((unsigned long long)h1 * r0) +
+          ((unsigned long long)h2 * s4) +
+          ((unsigned long long)h3 * s3) +
+          ((unsigned long long)h4 * s2);
+      d2 = ((unsigned long long)h0 * r2) +
+          ((unsigned long long)h1 * r1) +
+          ((unsigned long long)h2 * r0) +
+          ((unsigned long long)h3 * s4) +
+          ((unsigned long long)h4 * s3);
+      d3 = ((unsigned long long)h0 * r3) +
+          ((unsigned long long)h1 * r2) +
+          ((unsigned long long)h2 * r1) +
+          ((unsigned long long)h3 * r0) +
+          ((unsigned long long)h4 * s4);
+      d4 = ((unsigned long long)h0 * r4) +
+          ((unsigned long long)h1 * r3) +
+          ((unsigned long long)h2 * r2) +
+          ((unsigned long long)h3 * r1) +
+          ((unsigned long long)h4 * r0);

-	st->h[0] = h0;
-	st->h[1] = h1;
-	st->h[2] = h2;
-	st->h[3] = h3;
-	st->h[4] = h4;
+      /* (partial) h %= p */
+
+      c = (unsigned long)(d0 >> 26);
+      h0 = (unsigned long)d0 & 0x3ffffff;
+      d1 += c;
+      c = (unsigned long)(d1 >> 26);
+      h1 = (unsigned long)d1 & 0x3ffffff;
+      d2 += c;
+      c = (unsigned long)(d2 >> 26);
+      h2 = (unsigned long)d2 & 0x3ffffff;
+      d3 += c;
+      c = (unsigned long)(d3 >> 26);
+      h3 = (unsigned long)d3 & 0x3ffffff;
+      d4 += c;
+      c = (unsigned long)(d4 >> 26);
+      h4 = (unsigned long)d4 & 0x3ffffff;
+      h0 += c * 5;
+      c = (h0 >> 26);
+      h0 = h0 & 0x3ffffff;
+      h1 += c;
+
+      m += poly1305_block_size;
+      bytes -= poly1305_block_size;
+    }
+
+  st->h[0] = h0;
+  st->h[1] = h1;
+  st->h[2] = h2;
+  st->h[3] = h3;
+  st->h[4] = h4;
 }

-void
-poly1305_update(poly1305_state *st, const unsigned char *m, size_t bytes)
+void poly1305_update(FAR poly1305_state *st,
+                     FAR const unsigned char *m,
+                     size_t bytes)
 {
-	size_t i;
+  size_t i;

-	/* handle leftover */
-	if (st->leftover) {
-		size_t want = (poly1305_block_size - st->leftover);
-		if (want > bytes)
-			want = bytes;
-		for (i = 0; i < want; i++)
-			st->buffer[st->leftover + i] = m[i];
-		bytes -= want;
-		m += want;
-		st->leftover += want;
-		if (st->leftover < poly1305_block_size)
-			return;
-		poly1305_blocks(st, st->buffer, poly1305_block_size);
-		st->leftover = 0;
-	}
+  /* handle leftover */

-	/* process full blocks */
-	if (bytes >= poly1305_block_size) {
-		size_t want = (bytes & ~(poly1305_block_size - 1));
-		poly1305_blocks(st, m, want);
-		m += want;
-		bytes -= want;
-	}
+  if (st->leftover)
+    {
+      size_t want = (poly1305_block_size - st->leftover);
+      if (want > bytes)
+        {
+          want = bytes;
+        }

-	/* store leftover */
-	if (bytes) {
-		for (i = 0; i < bytes; i++)
-			st->buffer[st->leftover + i] = m[i];
-		st->leftover += bytes;
-	}
+      for (i = 0; i < want; i++)
+        {
+          st->buffer[st->leftover + i] = m[i];
+        }
+
+      bytes -= want;
+      m += want;
+      st->leftover += want;
+      if (st->leftover < poly1305_block_size)
+        {
+          return;
+        }
+
+      poly1305_blocks(st, st->buffer, poly1305_block_size);
+      st->leftover = 0;
+    }
+
+  /* process full blocks */
+
+  if (bytes >= poly1305_block_size)
+    {
+      size_t want = (bytes & ~(poly1305_block_size - 1));
+      poly1305_blocks(st, m, want);
+      m += want;
+      bytes -= want;
+    }
+
+  /* store leftover */
+
+  if (bytes)
+    {
+      for (i = 0; i < bytes; i++)
+        {
+          st->buffer[st->leftover + i] = m[i];
+        }
+
+      st->leftover += bytes;
+    }
 }

-void
-poly1305_finish(poly1305_state *st, unsigned char mac[16])
+void poly1305_finish(FAR poly1305_state *st, FAR unsigned char *mac)
 {
-	unsigned long h0, h1, h2, h3, h4, c;
-	unsigned long g0, g1, g2, g3, g4;
-	unsigned long long f;
-	unsigned long mask;
+  unsigned long h0;
+  unsigned long h1;
+  unsigned long h2;
+  unsigned long h3;
+  unsigned long h4;
+  unsigned long c;
+  unsigned long g0;
+  unsigned long g1;
+  unsigned long g2;
+  unsigned long g3;
+  unsigned long g4;
+  unsigned long long f;
+  unsigned long mask;

-	/* process the remaining block */
-	if (st->leftover) {
-		size_t i = st->leftover;
-		st->buffer[i++] = 1;
-		for (; i < poly1305_block_size; i++)
-			st->buffer[i] = 0;
-		st->final = 1;
-		poly1305_blocks(st, st->buffer, poly1305_block_size);
-	}
+  /* process the remaining block */

-	/* fully carry h */
-	h0 = st->h[0];
-	h1 = st->h[1];
-	h2 = st->h[2];
-	h3 = st->h[3];
-	h4 = st->h[4];
+  if (st->leftover)
+    {
+      size_t i = st->leftover;
+      st->buffer[i++] = 1;
+      for (; i < poly1305_block_size; i++)
+        st->buffer[i] = 0;
+      st->final = 1;
+      poly1305_blocks(st, st->buffer, poly1305_block_size);
+    }

-	c = h1 >> 26;
-	h1 = h1 & 0x3ffffff;
-	h2 += c;
-	c = h2 >> 26;
-	h2 = h2 & 0x3ffffff;
-	h3 += c;
-	c = h3 >> 26;
-	h3 = h3 & 0x3ffffff;
-	h4 += c;
-	c = h4 >> 26;
-	h4 = h4 & 0x3ffffff;
-	h0 += c * 5;
-	c = h0 >> 26;
-	h0 = h0 & 0x3ffffff;
-	h1 += c;
+  /* fully carry h */

-	/* compute h + -p */
-	g0 = h0 + 5;
-	c = g0 >> 26;
-	g0 &= 0x3ffffff;
-	g1 = h1 + c;
-	c = g1 >> 26;
-	g1 &= 0x3ffffff;
-	g2 = h2 + c;
-	c = g2 >> 26;
-	g2 &= 0x3ffffff;
-	g3 = h3 + c;
-	c = g3 >> 26;
-	g3 &= 0x3ffffff;
-	g4 = h4 + c - (1 << 26);
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+  h3 = st->h[3];
+  h4 = st->h[4];

-	/* select h if h < p, or h + -p if h >= p */
-	mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
-	g0 &= mask;
-	g1 &= mask;
-	g2 &= mask;
-	g3 &= mask;
-	g4 &= mask;
-	mask = ~mask;
-	h0 = (h0 & mask) | g0;
-	h1 = (h1 & mask) | g1;
-	h2 = (h2 & mask) | g2;
-	h3 = (h3 & mask) | g3;
-	h4 = (h4 & mask) | g4;
+  c = h1 >> 26;
+  h1 = h1 & 0x3ffffff;
+  h2 += c;
+  c = h2 >> 26;
+  h2 = h2 & 0x3ffffff;
+  h3 += c;
+  c = h3 >> 26;
+  h3 = h3 & 0x3ffffff;
+  h4 += c;
+  c = h4 >> 26;
+  h4 = h4 & 0x3ffffff;
+  h0 += c * 5;
+  c = h0 >> 26;
+  h0 = h0 & 0x3ffffff;
+  h1 += c;

-	/* h = h % (2^128) */
-	h0 = ((h0) | (h1 << 26)) & 0xffffffff;
-	h1 = ((h1 >>  6) | (h2 << 20)) & 0xffffffff;
-	h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
-	h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
+  /* compute h + -p */

-	/* mac = (h + pad) % (2^128) */
-	f = (unsigned long long)h0 + st->pad[0];
-	h0 = (unsigned long)f;
-	f = (unsigned long long)h1 + st->pad[1] + (f >> 32);
-	h1 = (unsigned long)f;
-	f = (unsigned long long)h2 + st->pad[2] + (f >> 32);
-	h2 = (unsigned long)f;
-	f = (unsigned long long)h3 + st->pad[3] + (f >> 32);
-	h3 = (unsigned long)f;
+  g0 = h0 + 5;
+  c = g0 >> 26;
+  g0 &= 0x3ffffff;
+  g1 = h1 + c;
+  c = g1 >> 26;
+  g1 &= 0x3ffffff;
+  g2 = h2 + c;
+  c = g2 >> 26;
+  g2 &= 0x3ffffff;
+  g3 = h3 + c;
+  c = g3 >> 26;
+  g3 &= 0x3ffffff;
+  g4 = h4 + c - (1 << 26);

-	U32TO8(mac +  0, h0);
-	U32TO8(mac +  4, h1);
-	U32TO8(mac +  8, h2);
-	U32TO8(mac + 12, h3);
+  /* select h if h < p, or h + -p if h >= p */

-	/* zero out the state */
-	st->h[0] = 0;
-	st->h[1] = 0;
-	st->h[2] = 0;
-	st->h[3] = 0;
-	st->h[4] = 0;
-	st->r[0] = 0;
-	st->r[1] = 0;
-	st->r[2] = 0;
-	st->r[3] = 0;
-	st->r[4] = 0;
-	st->pad[0] = 0;
-	st->pad[1] = 0;
-	st->pad[2] = 0;
-	st->pad[3] = 0;
+  mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
+  g0 &= mask;
+  g1 &= mask;
+  g2 &= mask;
+  g3 &= mask;
+  g4 &= mask;
+  mask = ~mask;
+  h0 = (h0 & mask) | g0;
+  h1 = (h1 & mask) | g1;
+  h2 = (h2 & mask) | g2;
+  h3 = (h3 & mask) | g3;
+  h4 = (h4 & mask) | g4;
+
+  /* h = h % (2^128) */
+
+  h0 = ((h0) | (h1 << 26)) & 0xffffffff;
+  h1 = ((h1 >>  6) | (h2 << 20)) & 0xffffffff;
+  h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
+  h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
+
+  /* mac = (h + pad) % (2^128) */
+
+  f = (unsigned long long)h0 + st->pad[0];
+  h0 = (unsigned long)f;
+  f = (unsigned long long)h1 + st->pad[1] + (f >> 32);
+  h1 = (unsigned long)f;
+  f = (unsigned long long)h2 + st->pad[2] + (f >> 32);
+  h2 = (unsigned long)f;
+  f = (unsigned long long)h3 + st->pad[3] + (f >> 32);
+  h3 = (unsigned long)f;
+
+  U32TO8(mac + 0, h0);
+  U32TO8(mac + 4, h1);
+  U32TO8(mac + 8, h2);
+  U32TO8(mac + 12, h3);
+
+  /* zero out the state */
+
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+  st->h[3] = 0;
+  st->h[4] = 0;
+  st->r[0] = 0;
+  st->r[1] = 0;
+  st->r[2] = 0;
+  st->r[3] = 0;
+  st->r[4] = 0;
+  st->pad[0] = 0;
+  st->pad[1] = 0;
+  st->pad[2] = 0;
+  st->pad[3] = 0;
 }
--- a/crypto/rijndael.c
+++ b/crypto/rijndael.c
--- a/crypto/rmd160.c
+++ b/crypto/rmd160.c
@ -1,5 +1,7 @@
-/*	$OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $	*/
-/*
+/****************************************************************************
+ * crypto/rmd160.c
+ * $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $
+ *
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -21,346 +23,414 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
+ *
+ * Preneel, Bosselaers, Dobbertin,
+ * "The Cryptographic Hash Function RIPEMD-160",
 * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
 * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/endian.h>
 #include <crypto/rmd160.h>

-#define PUT_64BIT_LE(cp, value) do { \
-	(cp)[7] = (value) >> 56; \
-	(cp)[6] = (value) >> 48; \
-	(cp)[5] = (value) >> 40; \
-	(cp)[4] = (value) >> 32; \
-	(cp)[3] = (value) >> 24; \
-	(cp)[2] = (value) >> 16; \
-	(cp)[1] = (value) >> 8; \
-	(cp)[0] = (value); } while (0)
+#define PUT_64BIT_LE(cp, value) \
+  do                            \
+    {                           \
+      (cp)[7] = (value) >> 56;  \
+      (cp)[6] = (value) >> 48;  \
+      (cp)[5] = (value) >> 40;  \
+      (cp)[4] = (value) >> 32;  \
+      (cp)[3] = (value) >> 24;  \
+      (cp)[2] = (value) >> 16;  \
+      (cp)[1] = (value) >> 8;   \
+      (cp)[0] = (value);        \
+    }                           \
+  while (0)

-#define PUT_32BIT_LE(cp, value) do { \
-	(cp)[3] = (value) >> 24; \
-	(cp)[2] = (value) >> 16; \
-	(cp)[1] = (value) >> 8; \
-	(cp)[0] = (value); } while (0)
+#define PUT_32BIT_LE(cp, value) \
+  do                            \
+    {                           \
+      (cp)[3] = (value) >> 24;  \
+      (cp)[2] = (value) >> 16;  \
+      (cp)[1] = (value) >> 8;   \
+      (cp)[0] = (value);        \
+    }                           \
+  while (0)

-#define	H0	0x67452301U
-#define	H1	0xEFCDAB89U
-#define	H2	0x98BADCFEU
-#define	H3	0x10325476U
-#define	H4	0xC3D2E1F0U
+#define H0  0x67452301U
+#define H1  0xEFCDAB89U
+#define H2  0x98BADCFEU
+#define H3  0x10325476U
+#define H4  0xC3D2E1F0U

-#define	K0	0x00000000U
-#define	K1	0x5A827999U
-#define	K2	0x6ED9EBA1U
-#define	K3	0x8F1BBCDCU
-#define	K4	0xA953FD4EU
+#define K0  0x00000000U
+#define K1  0x5A827999U
+#define K2  0x6ED9EBA1U
+#define K3  0x8F1BBCDCU
+#define K4  0xA953FD4EU

-#define	KK0	0x50A28BE6U
-#define	KK1	0x5C4DD124U
-#define	KK2	0x6D703EF3U
-#define	KK3	0x7A6D76E9U
-#define	KK4	0x00000000U
+#define KK0 0x50A28BE6U
+#define KK1 0x5C4DD124U
+#define KK2 0x6D703EF3U
+#define KK3 0x7A6D76E9U
+#define KK4 0x00000000U

 /* rotate x left n bits.  */
+
 #define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))

 #define F0(x, y, z) ((x) ^ (y) ^ (z))
-#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define F2(x, y, z) (((x) | (~y)) ^ (z))
-#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define F4(x, y, z) ((x) ^ ((y) | (~z)))
+#define F1(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define F2(x, y, z) (((x) | ~(y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & ~(z)))
+#define F4(x, y, z) ((x) ^ ((y) | ~(z)))

-#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
-	do { \
-		a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
-		c = ROL(10, c); \
-	} while(0)
+#define R(a, b, c, d, e, Fj, Kj, sj, rj)           \
+  do                                               \
+    {                                              \
+      a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
+      c = ROL(10, c);                              \
+    }                                              \
+  while (0)

-#define X(i)	x[i]
+#define X(i) x[i]

-static u_char PADDING[64] = {
-	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+static u_char PADDING[64] =
+{
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };

-void
-RMD160Init(RMD160_CTX *ctx)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void rmd160init(FAR RMD160_CTX *ctx)
 {
-	ctx->count = 0;
-	ctx->state[0] = H0;
-	ctx->state[1] = H1;
-	ctx->state[2] = H2;
-	ctx->state[3] = H3;
-	ctx->state[4] = H4;
+  ctx->count = 0;
+  ctx->state[0] = H0;
+  ctx->state[1] = H1;
+  ctx->state[2] = H2;
+  ctx->state[3] = H3;
+  ctx->state[4] = H4;
 }

-void
-RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
+void rmd160update(FAR RMD160_CTX *ctx,
+                  FAR const u_char *input,
+                  uint32_t len)
 {
-	u_int32_t have, off, need;
+  uint32_t have;
+  uint32_t off;
+  uint32_t need;

-	have = (ctx->count/8) % 64;
-	need = 64 - have;
-	ctx->count += 8 * len;
-	off = 0;
+  have = (ctx->count / 8) % 64;
+  need = 64 - have;
+  ctx->count += 8 * len;
+  off = 0;

-	if (len >= need) {
-		if (have) {
-			memcpy(ctx->buffer + have, input, need);
-			RMD160Transform(ctx->state, ctx->buffer);
-			off = need;
-			have = 0;
-		}
-		/* now the buffer is empty */
-		while (off + 64 <= len) {
-			RMD160Transform(ctx->state, input+off);
-			off += 64;
-		}
-	}
-	if (off < len)
-		memcpy(ctx->buffer + have, input+off, len-off);
+  if (len >= need)
+    {
+      if (have)
+        {
+          memcpy(ctx->buffer + have, input, need);
+          rmd160transform(ctx->state, ctx->buffer);
+          off = need;
+          have = 0;
+        }
+
+      /* now the buffer is empty */
+
+      while (off + 64 <= len)
+        {
+          rmd160transform(ctx->state, input + off);
+          off += 64;
+        }
+    }
+
+  if (off < len)
+    {
+      memcpy(ctx->buffer + have, input + off, len - off);
+    }
 }

-void
-RMD160Final(u_char digest[20], RMD160_CTX *ctx)
+void rmd160final(FAR u_char *digest, FAR RMD160_CTX *ctx)
 {
-	int i;
-	u_char size[8];
-	u_int32_t padlen;
+  int i;
+  u_char size[8];
+  uint32_t padlen;

-	PUT_64BIT_LE(size, ctx->count);
+  PUT_64BIT_LE(size, ctx->count);

-	/*
-	 * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
-	 * for the size
-	 */
-	padlen = 64 - ((ctx->count/8) % 64);
-	if (padlen < 1 + 8)
-		padlen += 64;
-	RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
-	RMD160Update(ctx, size, 8);
+  /* pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
+   * for the size
+   */

-	if (digest != NULL)
-		for (i = 0; i < 5; i++)
-			PUT_32BIT_LE(digest + i*4, ctx->state[i]);
+  padlen = 64 - ((ctx->count / 8) % 64);
+  if (padlen < 1 + 8)
+    {
+      padlen += 64;
+    }

-	explicit_bzero(ctx, sizeof (*ctx));
+  rmd160update(ctx, PADDING, padlen - 8);  /* padlen - 8 <= 64 */
+  rmd160update(ctx, size, 8);
+
+  if (digest != NULL)
+    {
+      for (i = 0; i < 5; i++)
+        {
+          PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
+        }
+    }
+
+  explicit_bzero(ctx, sizeof (*ctx));
 }

-void
-RMD160Transform(u_int32_t state[5], const u_char block[64])
+void rmd160transform(FAR uint32_t *state, FAR const u_char *block)
 {
-	u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
+  uint32_t a;
+  uint32_t b;
+  uint32_t c;
+  uint32_t d;
+  uint32_t e;
+  uint32_t aa;
+  uint32_t bb;
+  uint32_t cc;
+  uint32_t dd;
+  uint32_t ee;
+  uint32_t t;
+  uint32_t x[16];

 #if BYTE_ORDER == LITTLE_ENDIAN
-	memcpy(x, block, 64);
+  memcpy(x, block, 64);
 #else
-	int i;
+  int i;
+
+  for (i = 0; i < 16; i++)
+    {
+      x[i] = (uint32_t)(
+          (uint32_t)(block[i * 4 + 0]) |
+          (uint32_t)(block[i * 4 + 1]) <<  8 |
+          (uint32_t)(block[i * 4 + 2]) << 16 |
+          (uint32_t)(block[i * 4 + 3]) << 24);
+    }

-	for (i = 0; i < 16; i++)
-		x[i] = (u_int32_t)(
-		    (u_int32_t)(block[i*4 + 0]) |
-		    (u_int32_t)(block[i*4 + 1]) <<  8 |
-		    (u_int32_t)(block[i*4 + 2]) << 16 |
-		    (u_int32_t)(block[i*4 + 3]) << 24);
 #endif

-	a = state[0];
-	b = state[1];
-	c = state[2];
-	d = state[3];
-	e = state[4];
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];
+  e = state[4];

-	/* Round 1 */
-	R(a, b, c, d, e, F0, K0, 11,  0);
-	R(e, a, b, c, d, F0, K0, 14,  1);
-	R(d, e, a, b, c, F0, K0, 15,  2);
-	R(c, d, e, a, b, F0, K0, 12,  3);
-	R(b, c, d, e, a, F0, K0,  5,  4);
-	R(a, b, c, d, e, F0, K0,  8,  5);
-	R(e, a, b, c, d, F0, K0,  7,  6);
-	R(d, e, a, b, c, F0, K0,  9,  7);
-	R(c, d, e, a, b, F0, K0, 11,  8);
-	R(b, c, d, e, a, F0, K0, 13,  9);
-	R(a, b, c, d, e, F0, K0, 14, 10);
-	R(e, a, b, c, d, F0, K0, 15, 11);
-	R(d, e, a, b, c, F0, K0,  6, 12);
-	R(c, d, e, a, b, F0, K0,  7, 13);
-	R(b, c, d, e, a, F0, K0,  9, 14);
-	R(a, b, c, d, e, F0, K0,  8, 15); /* #15 */
-	/* Round 2 */
-	R(e, a, b, c, d, F1, K1,  7,  7);
-	R(d, e, a, b, c, F1, K1,  6,  4);
-	R(c, d, e, a, b, F1, K1,  8, 13);
-	R(b, c, d, e, a, F1, K1, 13,  1);
-	R(a, b, c, d, e, F1, K1, 11, 10);
-	R(e, a, b, c, d, F1, K1,  9,  6);
-	R(d, e, a, b, c, F1, K1,  7, 15);
-	R(c, d, e, a, b, F1, K1, 15,  3);
-	R(b, c, d, e, a, F1, K1,  7, 12);
-	R(a, b, c, d, e, F1, K1, 12,  0);
-	R(e, a, b, c, d, F1, K1, 15,  9);
-	R(d, e, a, b, c, F1, K1,  9,  5);
-	R(c, d, e, a, b, F1, K1, 11,  2);
-	R(b, c, d, e, a, F1, K1,  7, 14);
-	R(a, b, c, d, e, F1, K1, 13, 11);
-	R(e, a, b, c, d, F1, K1, 12,  8); /* #31 */
-	/* Round 3 */
-	R(d, e, a, b, c, F2, K2, 11,  3);
-	R(c, d, e, a, b, F2, K2, 13, 10);
-	R(b, c, d, e, a, F2, K2,  6, 14);
-	R(a, b, c, d, e, F2, K2,  7,  4);
-	R(e, a, b, c, d, F2, K2, 14,  9);
-	R(d, e, a, b, c, F2, K2,  9, 15);
-	R(c, d, e, a, b, F2, K2, 13,  8);
-	R(b, c, d, e, a, F2, K2, 15,  1);
-	R(a, b, c, d, e, F2, K2, 14,  2);
-	R(e, a, b, c, d, F2, K2,  8,  7);
-	R(d, e, a, b, c, F2, K2, 13,  0);
-	R(c, d, e, a, b, F2, K2,  6,  6);
-	R(b, c, d, e, a, F2, K2,  5, 13);
-	R(a, b, c, d, e, F2, K2, 12, 11);
-	R(e, a, b, c, d, F2, K2,  7,  5);
-	R(d, e, a, b, c, F2, K2,  5, 12); /* #47 */
-	/* Round 4 */
-	R(c, d, e, a, b, F3, K3, 11,  1);
-	R(b, c, d, e, a, F3, K3, 12,  9);
-	R(a, b, c, d, e, F3, K3, 14, 11);
-	R(e, a, b, c, d, F3, K3, 15, 10);
-	R(d, e, a, b, c, F3, K3, 14,  0);
-	R(c, d, e, a, b, F3, K3, 15,  8);
-	R(b, c, d, e, a, F3, K3,  9, 12);
-	R(a, b, c, d, e, F3, K3,  8,  4);
-	R(e, a, b, c, d, F3, K3,  9, 13);
-	R(d, e, a, b, c, F3, K3, 14,  3);
-	R(c, d, e, a, b, F3, K3,  5,  7);
-	R(b, c, d, e, a, F3, K3,  6, 15);
-	R(a, b, c, d, e, F3, K3,  8, 14);
-	R(e, a, b, c, d, F3, K3,  6,  5);
-	R(d, e, a, b, c, F3, K3,  5,  6);
-	R(c, d, e, a, b, F3, K3, 12,  2); /* #63 */
-	/* Round 5 */
-	R(b, c, d, e, a, F4, K4,  9,  4);
-	R(a, b, c, d, e, F4, K4, 15,  0);
-	R(e, a, b, c, d, F4, K4,  5,  5);
-	R(d, e, a, b, c, F4, K4, 11,  9);
-	R(c, d, e, a, b, F4, K4,  6,  7);
-	R(b, c, d, e, a, F4, K4,  8, 12);
-	R(a, b, c, d, e, F4, K4, 13,  2);
-	R(e, a, b, c, d, F4, K4, 12, 10);
-	R(d, e, a, b, c, F4, K4,  5, 14);
-	R(c, d, e, a, b, F4, K4, 12,  1);
-	R(b, c, d, e, a, F4, K4, 13,  3);
-	R(a, b, c, d, e, F4, K4, 14,  8);
-	R(e, a, b, c, d, F4, K4, 11, 11);
-	R(d, e, a, b, c, F4, K4,  8,  6);
-	R(c, d, e, a, b, F4, K4,  5, 15);
-	R(b, c, d, e, a, F4, K4,  6, 13); /* #79 */
+  /* Round 1 */

-	aa = a ; bb = b; cc = c; dd = d; ee = e;
+  R(a, b, c, d, e, F0, K0, 11, 0);
+  R(e, a, b, c, d, F0, K0, 14, 1);
+  R(d, e, a, b, c, F0, K0, 15, 2);
+  R(c, d, e, a, b, F0, K0, 12, 3);
+  R(b, c, d, e, a, F0, K0, 5, 4);
+  R(a, b, c, d, e, F0, K0, 8, 5);
+  R(e, a, b, c, d, F0, K0, 7, 6);
+  R(d, e, a, b, c, F0, K0, 9, 7);
+  R(c, d, e, a, b, F0, K0, 11, 8);
+  R(b, c, d, e, a, F0, K0, 13, 9);
+  R(a, b, c, d, e, F0, K0, 14, 10);
+  R(e, a, b, c, d, F0, K0, 15, 11);
+  R(d, e, a, b, c, F0, K0, 6, 12);
+  R(c, d, e, a, b, F0, K0, 7, 13);
+  R(b, c, d, e, a, F0, K0, 9, 14);
+  R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */

-	a = state[0];
-	b = state[1];
-	c = state[2];
-	d = state[3];
-	e = state[4];
+  /* Round 2 */

-	/* Parallel round 1 */
-	R(a, b, c, d, e, F4, KK0,  8,  5);
-	R(e, a, b, c, d, F4, KK0,  9, 14);
-	R(d, e, a, b, c, F4, KK0,  9,  7);
-	R(c, d, e, a, b, F4, KK0, 11,  0);
-	R(b, c, d, e, a, F4, KK0, 13,  9);
-	R(a, b, c, d, e, F4, KK0, 15,  2);
-	R(e, a, b, c, d, F4, KK0, 15, 11);
-	R(d, e, a, b, c, F4, KK0,  5,  4);
-	R(c, d, e, a, b, F4, KK0,  7, 13);
-	R(b, c, d, e, a, F4, KK0,  7,  6);
-	R(a, b, c, d, e, F4, KK0,  8, 15);
-	R(e, a, b, c, d, F4, KK0, 11,  8);
-	R(d, e, a, b, c, F4, KK0, 14,  1);
-	R(c, d, e, a, b, F4, KK0, 14, 10);
-	R(b, c, d, e, a, F4, KK0, 12,  3);
-	R(a, b, c, d, e, F4, KK0,  6, 12); /* #15 */
-	/* Parallel round 2 */
-	R(e, a, b, c, d, F3, KK1,  9,  6);
-	R(d, e, a, b, c, F3, KK1, 13, 11);
-	R(c, d, e, a, b, F3, KK1, 15,  3);
-	R(b, c, d, e, a, F3, KK1,  7,  7);
-	R(a, b, c, d, e, F3, KK1, 12,  0);
-	R(e, a, b, c, d, F3, KK1,  8, 13);
-	R(d, e, a, b, c, F3, KK1,  9,  5);
-	R(c, d, e, a, b, F3, KK1, 11, 10);
-	R(b, c, d, e, a, F3, KK1,  7, 14);
-	R(a, b, c, d, e, F3, KK1,  7, 15);
-	R(e, a, b, c, d, F3, KK1, 12,  8);
-	R(d, e, a, b, c, F3, KK1,  7, 12);
-	R(c, d, e, a, b, F3, KK1,  6,  4);
-	R(b, c, d, e, a, F3, KK1, 15,  9);
-	R(a, b, c, d, e, F3, KK1, 13,  1);
-	R(e, a, b, c, d, F3, KK1, 11,  2); /* #31 */
-	/* Parallel round 3 */
-	R(d, e, a, b, c, F2, KK2,  9, 15);
-	R(c, d, e, a, b, F2, KK2,  7,  5);
-	R(b, c, d, e, a, F2, KK2, 15,  1);
-	R(a, b, c, d, e, F2, KK2, 11,  3);
-	R(e, a, b, c, d, F2, KK2,  8,  7);
-	R(d, e, a, b, c, F2, KK2,  6, 14);
-	R(c, d, e, a, b, F2, KK2,  6,  6);
-	R(b, c, d, e, a, F2, KK2, 14,  9);
-	R(a, b, c, d, e, F2, KK2, 12, 11);
-	R(e, a, b, c, d, F2, KK2, 13,  8);
-	R(d, e, a, b, c, F2, KK2,  5, 12);
-	R(c, d, e, a, b, F2, KK2, 14,  2);
-	R(b, c, d, e, a, F2, KK2, 13, 10);
-	R(a, b, c, d, e, F2, KK2, 13,  0);
-	R(e, a, b, c, d, F2, KK2,  7,  4);
-	R(d, e, a, b, c, F2, KK2,  5, 13); /* #47 */
-	/* Parallel round 4 */
-	R(c, d, e, a, b, F1, KK3, 15,  8);
-	R(b, c, d, e, a, F1, KK3,  5,  6);
-	R(a, b, c, d, e, F1, KK3,  8,  4);
-	R(e, a, b, c, d, F1, KK3, 11,  1);
-	R(d, e, a, b, c, F1, KK3, 14,  3);
-	R(c, d, e, a, b, F1, KK3, 14, 11);
-	R(b, c, d, e, a, F1, KK3,  6, 15);
-	R(a, b, c, d, e, F1, KK3, 14,  0);
-	R(e, a, b, c, d, F1, KK3,  6,  5);
-	R(d, e, a, b, c, F1, KK3,  9, 12);
-	R(c, d, e, a, b, F1, KK3, 12,  2);
-	R(b, c, d, e, a, F1, KK3,  9, 13);
-	R(a, b, c, d, e, F1, KK3, 12,  9);
-	R(e, a, b, c, d, F1, KK3,  5,  7);
-	R(d, e, a, b, c, F1, KK3, 15, 10);
-	R(c, d, e, a, b, F1, KK3,  8, 14); /* #63 */
-	/* Parallel round 5 */
-	R(b, c, d, e, a, F0, KK4,  8, 12);
-	R(a, b, c, d, e, F0, KK4,  5, 15);
-	R(e, a, b, c, d, F0, KK4, 12, 10);
-	R(d, e, a, b, c, F0, KK4,  9,  4);
-	R(c, d, e, a, b, F0, KK4, 12,  1);
-	R(b, c, d, e, a, F0, KK4,  5,  5);
-	R(a, b, c, d, e, F0, KK4, 14,  8);
-	R(e, a, b, c, d, F0, KK4,  6,  7);
-	R(d, e, a, b, c, F0, KK4,  8,  6);
-	R(c, d, e, a, b, F0, KK4, 13,  2);
-	R(b, c, d, e, a, F0, KK4,  6, 13);
-	R(a, b, c, d, e, F0, KK4,  5, 14);
-	R(e, a, b, c, d, F0, KK4, 15,  0);
-	R(d, e, a, b, c, F0, KK4, 13,  3);
-	R(c, d, e, a, b, F0, KK4, 11,  9);
-	R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
+  R(e, a, b, c, d, F1, K1, 7, 7);
+  R(d, e, a, b, c, F1, K1, 6, 4);
+  R(c, d, e, a, b, F1, K1, 8, 13);
+  R(b, c, d, e, a, F1, K1, 13, 1);
+  R(a, b, c, d, e, F1, K1, 11, 10);
+  R(e, a, b, c, d, F1, K1, 9, 6);
+  R(d, e, a, b, c, F1, K1, 7, 15);
+  R(c, d, e, a, b, F1, K1, 15, 3);
+  R(b, c, d, e, a, F1, K1, 7, 12);
+  R(a, b, c, d, e, F1, K1, 12, 0);
+  R(e, a, b, c, d, F1, K1, 15, 9);
+  R(d, e, a, b, c, F1, K1, 9, 5);
+  R(c, d, e, a, b, F1, K1, 11, 2);
+  R(b, c, d, e, a, F1, K1, 7, 14);
+  R(a, b, c, d, e, F1, K1, 13, 11);
+  R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */

-	t =        state[1] + cc + d;
-	state[1] = state[2] + dd + e;
-	state[2] = state[3] + ee + a;
-	state[3] = state[4] + aa + b;
-	state[4] = state[0] + bb + c;
-	state[0] = t;
+  /* Round 3 */
+
+  R(d, e, a, b, c, F2, K2, 11, 3);
+  R(c, d, e, a, b, F2, K2, 13, 10);
+  R(b, c, d, e, a, F2, K2, 6, 14);
+  R(a, b, c, d, e, F2, K2, 7, 4);
+  R(e, a, b, c, d, F2, K2, 14, 9);
+  R(d, e, a, b, c, F2, K2, 9, 15);
+  R(c, d, e, a, b, F2, K2, 13, 8);
+  R(b, c, d, e, a, F2, K2, 15, 1);
+  R(a, b, c, d, e, F2, K2, 14, 2);
+  R(e, a, b, c, d, F2, K2, 8, 7);
+  R(d, e, a, b, c, F2, K2, 13, 0);
+  R(c, d, e, a, b, F2, K2, 6, 6);
+  R(b, c, d, e, a, F2, K2, 5, 13);
+  R(a, b, c, d, e, F2, K2, 12, 11);
+  R(e, a, b, c, d, F2, K2, 7, 5);
+  R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
+
+  /* Round 4 */
+
+  R(c, d, e, a, b, F3, K3, 11, 1);
+  R(b, c, d, e, a, F3, K3, 12, 9);
+  R(a, b, c, d, e, F3, K3, 14, 11);
+  R(e, a, b, c, d, F3, K3, 15, 10);
+  R(d, e, a, b, c, F3, K3, 14, 0);
+  R(c, d, e, a, b, F3, K3, 15, 8);
+  R(b, c, d, e, a, F3, K3, 9, 12);
+  R(a, b, c, d, e, F3, K3, 8, 4);
+  R(e, a, b, c, d, F3, K3, 9, 13);
+  R(d, e, a, b, c, F3, K3, 14, 3);
+  R(c, d, e, a, b, F3, K3, 5, 7);
+  R(b, c, d, e, a, F3, K3, 6, 15);
+  R(a, b, c, d, e, F3, K3, 8, 14);
+  R(e, a, b, c, d, F3, K3, 6, 5);
+  R(d, e, a, b, c, F3, K3, 5, 6);
+  R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
+
+  /* Round 5 */
+
+  R(b, c, d, e, a, F4, K4, 9, 4);
+  R(a, b, c, d, e, F4, K4, 15, 0);
+  R(e, a, b, c, d, F4, K4, 5, 5);
+  R(d, e, a, b, c, F4, K4, 11, 9);
+  R(c, d, e, a, b, F4, K4, 6, 7);
+  R(b, c, d, e, a, F4, K4, 8, 12);
+  R(a, b, c, d, e, F4, K4, 13, 2);
+  R(e, a, b, c, d, F4, K4, 12, 10);
+  R(d, e, a, b, c, F4, K4, 5, 14);
+  R(c, d, e, a, b, F4, K4, 12, 1);
+  R(b, c, d, e, a, F4, K4, 13, 3);
+  R(a, b, c, d, e, F4, K4, 14, 8);
+  R(e, a, b, c, d, F4, K4, 11, 11);
+  R(d, e, a, b, c, F4, K4, 8, 6);
+  R(c, d, e, a, b, F4, K4, 5, 15);
+  R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
+
+  aa = a ; bb = b; cc = c; dd = d; ee = e;
+
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];
+  e = state[4];
+
+  /* Parallel round 1 */
+
+  R(a, b, c, d, e, F4, KK0, 8, 5);
+  R(e, a, b, c, d, F4, KK0, 9, 14);
+  R(d, e, a, b, c, F4, KK0, 9, 7);
+  R(c, d, e, a, b, F4, KK0, 11, 0);
+  R(b, c, d, e, a, F4, KK0, 13, 9);
+  R(a, b, c, d, e, F4, KK0, 15, 2);
+  R(e, a, b, c, d, F4, KK0, 15, 11);
+  R(d, e, a, b, c, F4, KK0, 5, 4);
+  R(c, d, e, a, b, F4, KK0, 7, 13);
+  R(b, c, d, e, a, F4, KK0, 7, 6);
+  R(a, b, c, d, e, F4, KK0, 8, 15);
+  R(e, a, b, c, d, F4, KK0, 11, 8);
+  R(d, e, a, b, c, F4, KK0, 14, 1);
+  R(c, d, e, a, b, F4, KK0, 14, 10);
+  R(b, c, d, e, a, F4, KK0, 12, 3);
+  R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
+
+  /* Parallel round 2 */
+
+  R(e, a, b, c, d, F3, KK1, 9, 6);
+  R(d, e, a, b, c, F3, KK1, 13, 11);
+  R(c, d, e, a, b, F3, KK1, 15, 3);
+  R(b, c, d, e, a, F3, KK1, 7, 7);
+  R(a, b, c, d, e, F3, KK1, 12, 0);
+  R(e, a, b, c, d, F3, KK1, 8, 13);
+  R(d, e, a, b, c, F3, KK1, 9, 5);
+  R(c, d, e, a, b, F3, KK1, 11, 10);
+  R(b, c, d, e, a, F3, KK1, 7, 14);
+  R(a, b, c, d, e, F3, KK1, 7, 15);
+  R(e, a, b, c, d, F3, KK1, 12, 8);
+  R(d, e, a, b, c, F3, KK1, 7, 12);
+  R(c, d, e, a, b, F3, KK1, 6, 4);
+  R(b, c, d, e, a, F3, KK1, 15, 9);
+  R(a, b, c, d, e, F3, KK1, 13, 1);
+  R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
+
+  /* Parallel round 3 */
+
+  R(d, e, a, b, c, F2, KK2, 9, 15);
+  R(c, d, e, a, b, F2, KK2, 7, 5);
+  R(b, c, d, e, a, F2, KK2, 15, 1);
+  R(a, b, c, d, e, F2, KK2, 11, 3);
+  R(e, a, b, c, d, F2, KK2, 8, 7);
+  R(d, e, a, b, c, F2, KK2, 6, 14);
+  R(c, d, e, a, b, F2, KK2, 6, 6);
+  R(b, c, d, e, a, F2, KK2, 14, 9);
+  R(a, b, c, d, e, F2, KK2, 12, 11);
+  R(e, a, b, c, d, F2, KK2, 13, 8);
+  R(d, e, a, b, c, F2, KK2, 5, 12);
+  R(c, d, e, a, b, F2, KK2, 14, 2);
+  R(b, c, d, e, a, F2, KK2, 13, 10);
+  R(a, b, c, d, e, F2, KK2, 13, 0);
+  R(e, a, b, c, d, F2, KK2, 7, 4);
+  R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
+
+  /* Parallel round 4 */
+
+  R(c, d, e, a, b, F1, KK3, 15, 8);
+  R(b, c, d, e, a, F1, KK3, 5, 6);
+  R(a, b, c, d, e, F1, KK3, 8, 4);
+  R(e, a, b, c, d, F1, KK3, 11, 1);
+  R(d, e, a, b, c, F1, KK3, 14, 3);
+  R(c, d, e, a, b, F1, KK3, 14, 11);
+  R(b, c, d, e, a, F1, KK3, 6, 15);
+  R(a, b, c, d, e, F1, KK3, 14, 0);
+  R(e, a, b, c, d, F1, KK3, 6, 5);
+  R(d, e, a, b, c, F1, KK3, 9, 12);
+  R(c, d, e, a, b, F1, KK3, 12, 2);
+  R(b, c, d, e, a, F1, KK3, 9, 13);
+  R(a, b, c, d, e, F1, KK3, 12, 9);
+  R(e, a, b, c, d, F1, KK3, 5, 7);
+  R(d, e, a, b, c, F1, KK3, 15, 10);
+  R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
+
+  /* Parallel round 5 */
+
+  R(b, c, d, e, a, F0, KK4, 8, 12);
+  R(a, b, c, d, e, F0, KK4, 5, 15);
+  R(e, a, b, c, d, F0, KK4, 12, 10);
+  R(d, e, a, b, c, F0, KK4, 9, 4);
+  R(c, d, e, a, b, F0, KK4, 12, 1);
+  R(b, c, d, e, a, F0, KK4, 5, 5);
+  R(a, b, c, d, e, F0, KK4, 14, 8);
+  R(e, a, b, c, d, F0, KK4, 6, 7);
+  R(d, e, a, b, c, F0, KK4, 8, 6);
+  R(c, d, e, a, b, F0, KK4, 13, 2);
+  R(b, c, d, e, a, F0, KK4, 6, 13);
+  R(a, b, c, d, e, F0, KK4, 5, 14);
+  R(e, a, b, c, d, F0, KK4, 15, 0);
+  R(d, e, a, b, c, F0, KK4, 13, 3);
+  R(c, d, e, a, b, F0, KK4, 11, 9);
+  R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
+
+  t =        state[1] + cc + d;
+  state[1] = state[2] + dd + e;
+  state[2] = state[3] + ee + a;
+  state[3] = state[4] + aa + b;
+  state[4] = state[0] + bb + c;
+  state[0] = t;
 }
--- a/crypto/set_key.c
+++ b/crypto/set_key.c
@ -1,22 +1,23 @@
-/*	$OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $	*/
-
-/* lib/des/set_key.c */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/set_key.c
+ * $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
+ * lib/des/set_key.c
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed by
+ *    Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,38 +42,45 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
-
-/* set_key.c v 1.4 eay 24/9/91
+ *
+ * set_key.c v 1.4 eay 24/9/91
 * 1.4 Speed up by 400% :-)
 * 1.3 added register declarations.
 * 1.2 unrolled make_key_sched a bit more
 * 1.1 added norm_expand_bits
 * 1.0 First working version
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include "des_locl.h"
 #include "podd.h"
 #include "sk.h"

-static int check_parity(des_cblock (*key));
+static int check_parity(FAR des_cblock *key);

-int des_check_key=0;
+int des_check_key;

-static int
-check_parity(des_cblock (*key))
+static int check_parity(FAR des_cblock *key)
 {
-	int i;
+  int i;

-	for (i = 0; i < DES_KEY_SZ; i++) {
-		if ((*key)[i] != odd_parity[(*key)[i]])
-			return(0);
-	}
-	return (1);
+  for (i = 0; i < DES_KEY_SZ; i++)
+  {
+    if (*key[i] != odd_parity[*key[i]])
+      {
+        return 0;
+      }
+  }
+  return 1;
 }

 /* Weak and semi week keys as take from
@ -83,132 +92,206 @@ check_parity(des_cblock (*key))
 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
 * (and actual cblock values).
 */
-#define NUM_WEAK_KEY	16
-static des_cblock weak_keys[NUM_WEAK_KEY]={
-	/* weak keys */
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
-	{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
-	/* semi-weak keys */
-	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
-	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
-	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
-	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
-	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
-	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
-	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
-	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
-	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
-	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};

-int
-des_is_weak_key(des_cblock (*key))
+#define NUM_WEAK_KEY 16
+static des_cblock weak_keys[NUM_WEAK_KEY] =
 {
-	int i;
+  /* weak keys */

-	for (i = 0; i < NUM_WEAK_KEY; i++) {
-		/* Added == 0 to comparison, I obviously don't run
-		 * this section very often :-(, thanks to
-		 * engineering@MorningStar.Com for the fix
-		 * eay 93/06/29 */
-		if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
-			return (1);
-	}
-	return (0);
+  {
+    0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
+  },
+  {
+    0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
+  },
+  {
+    0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
+  },
+  {
+    0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
+  },
+
+  /* semi-weak keys */
+
+  {
+    0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
+  },
+  {
+    0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
+  },
+  {
+    0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
+  },
+  {
+    0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
+  },
+  {
+    0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
+  },
+  {
+    0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
+  },
+  {
+    0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
+  },
+  {
+    0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
+  },
+  {
+    0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
+  },
+  {
+    0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
+  },
+  {
+    0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
+  },
+  {
+    0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
+  }
+};
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int des_is_weak_key(FAR des_cblock *key)
+{
+  int i;
+
+  for (i = 0; i < NUM_WEAK_KEY; i++)
+    {
+      /* Added == 0 to comparison, I obviously don't run
+       * this section very often :-(, thanks to
+       * engineering@MorningStar.Com for the fix
+       * eay 93/06/29
+       */
+
+      if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
+        {
+          return 1;
+        }
+    }
+
+  return 0;
 }

 /* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
+ * See ecb_encrypt.c for a pseudo description of these macros.
 * #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
- * 	(b)^=(t),\
- * 	(a) = ((a)^((t) << (n))))
+ *  (b)^=(t),\
+ *  (a) = ((a)^((t) << (n))))
 */

 #define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
-	(a) = (a)^(t)^(t >> (16 - (n))))
+  (a) = (a)^(t)^(t >> (16 - (n))))

-static int shifts2[16]={0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0};
+static int shifts2[16] =
+{
+  0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0
+};

 /* return 0 if key parity is odd (correct),
 * return -1 if key parity error,
 * return -2 if illegal weak key.
 */
-int
-des_set_key(des_cblock (*key), des_key_schedule schedule)
+
+int des_set_key(FAR des_cblock *key, des_key_schedule schedule)
 {
-	register u_int32_t c, d, t, s;
-	register unsigned char *in;
-	register u_int32_t *k;
-	register int i;
+  register uint32_t c;
+  register uint32_t d;
+  register uint32_t t;
+  register uint32_t s;
+  FAR register unsigned char *in;
+  FAR register uint32_t *k;
+  register int i;

-	if (des_check_key) {
-		if (!check_parity(key))
-			return(-1);
+  if (des_check_key)
+    {
+      if (!check_parity(key))
+        {
+          return(-1);
+        }

-		if (des_is_weak_key(key))
-			return(-2);
-	}
+      if (des_is_weak_key(key))
+        {
+          return(-2);
+        }
+    }

-	k = (u_int32_t *) schedule;
-	in = (unsigned char *) key;
+  k = (FAR uint32_t *)schedule;
+  in = (FAR unsigned char *)key;

-	c2l(in, c);
-	c2l(in, d);
+  c2l(in, c);
+  c2l(in, d);

-	/* do PC1 in 60 simple operations */ 
-/*	PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
-	HPERM_OP(c, t, -2, 0xcccc0000L);
-	HPERM_OP(c, t, -1, 0xaaaa0000L);
-	HPERM_OP(c, t, 8, 0x00ff0000L);
-	HPERM_OP(c, t, -1, 0xaaaa0000L);
-	HPERM_OP(d, t, -8, 0xff000000L);
-	HPERM_OP(d, t, 8, 0x00ff0000L);
-	HPERM_OP(d, t, 2, 0x33330000L);
-	d = ((d & 0x00aa00aaL) << 7L) | ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
-	d = (d >> 8) | ((c & 0xf0000000L) >> 4);
-	c &= 0x0fffffffL; */
+  /* do PC1 in 60 simple operations */

-	/* I now do it in 47 simple operations :-)
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 * for the inspiration. :-) */
-	PERM_OP (d, c, t, 4, 0x0f0f0f0fL);
-	HPERM_OP(c, t, -2, 0xcccc0000L);
-	HPERM_OP(d, t, -2, 0xcccc0000L);
-	PERM_OP (d, c, t, 1, 0x55555555L);
-	PERM_OP (c, d, t, 8, 0x00ff00ffL);
-	PERM_OP (d, c, t, 1, 0x55555555L);
-	d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
-	     ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
-	c &= 0x0fffffffL;
+  /* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+   * HPERM_OP(c, t, -2, 0xcccc0000L);
+   * HPERM_OP(c, t, -1, 0xaaaa0000L);
+   * HPERM_OP(c, t, 8, 0x00ff0000L);
+   * HPERM_OP(c, t, -1, 0xaaaa0000L);
+   * HPERM_OP(d, t, -8, 0xff000000L);
+   * HPERM_OP(d, t, 8, 0x00ff0000L);
+   * HPERM_OP(d, t, 2, 0x33330000L);
+   * d = ((d & 0x00aa00aaL) << 7L) |
+   * ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
+   * d = (d >> 8) | ((c & 0xf0000000L) >> 4);
+   * c &= 0x0fffffffL;
+   */

-	for (i = 0; i < ITERATIONS; i++) {
-		if (shifts2[i])
-			{ c = ((c >> 2L) | (c << 26L)); d = ((d >> 2L) | (d << 26L)); }
-		else
-			{ c = ((c >> 1L) | (c << 27L)); d = ((d >> 1L) | (d << 27L)); }
-		c &= 0x0fffffffL;
-		d &= 0x0fffffffL;
-		/* could be a few less shifts but I am to lazy at this
-		 * point in time to investigate */
-		s = des_skb[0][ (c    ) & 0x3f                ]|
-		    des_skb[1][((c >> 6) & 0x03) | ((c >> 7L) & 0x3c)]|
-		    des_skb[2][((c >> 13) & 0x0f) | ((c >> 14L) & 0x30)]|
-		    des_skb[3][((c >> 20) & 0x01) | ((c >> 21L) & 0x06) |
-						  ((c >> 22L) & 0x38)];
-		t = des_skb[4][ (d    ) & 0x3f                ]|
-		    des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)]|
-		    des_skb[6][ (d >> 15L) & 0x3f                ]|
-		    des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+  /* I now do it in 47 simple operations :-)
+   * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+   * for the inspiration. :-)
+   */

-		/* table contained 0213 4657 */
-		*(k++) = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
-		s = ((s >> 16L) | (t & 0xffff0000L));
-		
-		s = (s << 4L) | (s >> 28L);
-		*(k++) = s & 0xffffffffL;
-	}
-	return (0);
+  PERM_OP (d, c, t, 4, 0x0f0f0f0fl);
+  HPERM_OP(c, t, -2, 0xcccc0000l);
+  HPERM_OP(d, t, -2, 0xcccc0000l);
+  PERM_OP (d, c, t, 1, 0x55555555l);
+  PERM_OP (c, d, t, 8, 0x00ff00ffl);
+  PERM_OP (d, c, t, 1, 0x55555555l);
+  d = (((d & 0x000000ffl) << 16l) | (d & 0x0000ff00l) |
+      ((d & 0x00ff0000l) >> 16l) | ((c & 0xf0000000l) >> 4l));
+  c &= 0x0fffffffl;
+
+  for (i = 0; i < ITERATIONS; i++)
+    {
+      if (shifts2[i])
+        {
+          c = ((c >> 2l) | (c << 26l)); d = ((d >> 2l) | (d << 26l));
+        }
+      else
+        {
+          c = ((c >> 1l) | (c << 27l)); d = ((d >> 1l) | (d << 27l));
+        }
+
+      c &= 0x0fffffffl;
+      d &= 0x0fffffffl;
+
+      /* could be a few less shifts but I am to lazy at this
+       * point in time to investigate
+       */
+
+      s = des_skb[0][(c) & 0x3f] |
+          des_skb[1][((c >> 6) & 0x03) | ((c >> 7l) & 0x3c)] |
+          des_skb[2][((c >> 13) & 0x0f) | ((c >> 14l) & 0x30)] |
+          des_skb[3][((c >> 20) & 0x01) | ((c >> 21l) & 0x06) |
+                ((c >> 22l) & 0x38)];
+      t = des_skb[4][(d) & 0x3f] |
+          des_skb[5][((d >> 7l) & 0x03) | ((d >> 8l) & 0x3c)] |
+          des_skb[6][(d >> 15l) & 0x3f] |
+          des_skb[7][((d >> 21l) & 0x0f) | ((d >> 22l) & 0x30)];
+
+      /* table contained 0213 4657 */
+
+      *(k++) = ((t << 16l) | (s & 0x0000ffffl)) & 0xffffffffl;
+      s = ((s >> 16l) | (t & 0xffff0000l));
+
+      s = (s << 4l) | (s >> 28l);
+      *(k++) = s & 0xffffffffl;
+    }
+
+  return 0;
 }
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@ -1,10 +1,11 @@
-/*	$OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $	*/
-
-/*
+/****************************************************************************
+ * crypto/sha1.c
+ * $OpenBSD: sha1.c,v 1.11 2014/12/28 10:04:35 tedu Exp $
+ *
 * SHA-1 in C
 * By Steve Reid <steve@edmweb.com>
 * 100% Public Domain
- * 
+ *
 * Test Vectors (from FIPS PUB 180-1)
 * "abc"
 *   A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
@ -12,158 +13,294 @@
 *   84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
 * A million repetitions of "a"
 *   34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-*/

-/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
+ ****************************************************************************/

-#define SHA1HANDSOFF
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>

 #include <crypto/sha1.h>

+/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+
+#define SHA1HANDSOFF
+
 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))

 /* blk0() and blk() perform the initial expand. */
+
 /* I got the idea of expanding during the round function from SSLeay */
+
 #if BYTE_ORDER == LITTLE_ENDIAN
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
-    |(rol(block->l[i],8)&0x00FF00FF))
+#  define blk0(i) (block->l[i] = (rol(block->l[i] , 24) & 0xff00ff00) \
+    | (rol(block->l[i], 8) & 0x00ff00ff))
 #else
-#define blk0(i) block->l[i]
+#  define blk0(i) block->l[i]
 #endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
-    ^block->l[(i+2)&15]^block->l[i&15],1))
+#define blk(i) (block->l[i & 15] = \
+    rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
+    ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1))

 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+#define R0(v,w,x,y,z,i)                   \
+  do                                      \
+    {                                     \
+      z += ((w & (x ^ y)) ^ y)            \
+      + blk0(i) + 0x5a827999 + rol(v, 5); \
+      w = rol(w, 30);                     \
+    }                                     \
+  while (0)
+
+#define R1(v,w,x,y,z,i)                   \
+  do                                      \
+    {                                     \
+      z += ((w & (x ^ y)) ^y)             \
+      + blk(i) + 0x5a827999 + rol(v, 5);  \
+      w = rol(w, 30);                     \
+    }                                     \
+  while (0)
+
+#define R2(v,w,x,y,z,i)                   \
+  do                                      \
+    {                                     \
+      z += (w ^ x ^ y)                    \
+      + blk(i) + 0x6ed9eba1 + rol(v, 5);  \
+      w = rol(w,30);                      \
+    }                                     \
+  while (0)
+
+#define R3(v,w,x,y,z,i)                   \
+  do                                      \
+    {                                     \
+      z += (((w | x) & y) | (w & x))      \
+      + blk(i)+ 0x8f1bbcdc + rol(v, 5);   \
+      w = rol(w, 30);                     \
+    }                                     \
+  while (0)
+
+#define R4(v,w,x,y,z,i)                   \
+  do                                      \
+    {                                     \
+      z += (w ^ x ^y)                     \
+      + blk(i) + 0xca62c1d6 + rol(v, 5);  \
+      w=rol(w, 30);                       \
+    }                                     \
+  while (0)
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/

 /* Hash a single 512-bit block. This is the core of the algorithm. */

-void
-SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
+void sha1transform(FAR uint32_t *state,
+                   FAR const unsigned char *buffer)
 {
-    u_int32_t a, b, c, d, e;
-    typedef union {
-        unsigned char c[64];
-        unsigned int l[16];
-    } CHAR64LONG16;
-    CHAR64LONG16* block;
+  uint32_t a;
+  uint32_t b;
+  uint32_t c;
+  uint32_t d;
+  uint32_t e;
+
+  typedef union
+  {
+    unsigned char c[64];
+    unsigned int l[16];
+  } CHAR64LONG16;
+
+  FAR CHAR64LONG16 *block;
+
 #ifdef SHA1HANDSOFF
-    unsigned char workspace[SHA1_BLOCK_LENGTH];
+  unsigned char workspace[SHA1_BLOCK_LENGTH];

-    block = (CHAR64LONG16 *)workspace;
-    memcpy(block, buffer, SHA1_BLOCK_LENGTH);
+  block = (FAR CHAR64LONG16 *)workspace;
+  memcpy(block, buffer, SHA1_BLOCK_LENGTH);
 #else
-    block = (CHAR64LONG16 *)buffer;
+  block = (FAR CHAR64LONG16 *)buffer;
 #endif
-    /* Copy context->state[] to working vars */
-    a = state[0];
-    b = state[1];
-    c = state[2];
-    d = state[3];
-    e = state[4];

-    /* 4 rounds of 20 operations each. Loop unrolled. */
-    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
-    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
-    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
-    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
-    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
-    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
-    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
-    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
-    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
-    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
-    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
-    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
-    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
-    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
-    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
-    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+  /* Copy context->state[] to working vars */

-    /* Add the working vars back into context.state[] */
-    state[0] += a;
-    state[1] += b;
-    state[2] += c;
-    state[3] += d;
-    state[4] += e;
-    /* Wipe variables */
-    a = b = c = d = e = 0;
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];
+  e = state[4];
+
+  /* 4 rounds of 20 operations each. Loop unrolled. */
+
+  R0(a, b, c, d, e, 0);
+  R0(e, a, b, c, d, 1);
+  R0(d, e, a, b, c, 2);
+  R0(c, d, e, a, b, 3);
+  R0(b, c, d, e, a, 4);
+  R0(a, b, c, d, e, 5);
+  R0(e, a, b, c, d, 6);
+  R0(d, e, a, b, c, 7);
+  R0(c, d, e, a, b, 8);
+  R0(b, c, d, e, a, 9);
+  R0(a, b, c, d, e, 10);
+  R0(e, a, b, c, d, 11);
+  R0(d, e, a, b, c, 12);
+  R0(c, d, e, a, b, 13);
+  R0(b, c, d, e, a, 14);
+  R0(a, b, c, d, e, 15);
+  R1(e, a, b, c, d, 16);
+  R1(d, e, a, b, c, 17);
+  R1(c, d, e, a, b, 18);
+  R1(b, c, d, e, a, 19);
+  R2(a, b, c, d, e, 20);
+  R2(e, a, b, c, d, 21);
+  R2(d, e, a, b, c, 22);
+  R2(c, d, e, a, b, 23);
+  R2(b, c, d, e, a, 24);
+  R2(a, b, c, d, e, 25);
+  R2(e, a, b, c, d, 26);
+  R2(d, e, a, b, c, 27);
+  R2(c, d, e, a, b, 28);
+  R2(b, c, d, e, a, 29);
+  R2(a, b, c, d, e, 30);
+  R2(e, a, b, c, d, 31);
+  R2(d, e, a, b, c, 32);
+  R2(c, d, e, a, b, 33);
+  R2(b, c, d, e, a, 34);
+  R2(a, b, c, d, e, 35);
+  R2(e, a, b, c, d, 36);
+  R2(d, e, a, b, c, 37);
+  R2(c, d, e, a, b, 38);
+  R2(b, c, d, e, a, 39);
+  R3(a, b, c, d, e, 40);
+  R3(e, a, b, c, d, 41);
+  R3(d, e, a, b, c, 42);
+  R3(c, d, e, a, b, 43);
+  R3(b, c, d, e, a, 44);
+  R3(a, b, c, d, e, 45);
+  R3(e, a, b, c, d, 46);
+  R3(d, e, a, b, c, 47);
+  R3(c, d, e, a, b, 48);
+  R3(b, c, d, e, a, 49);
+  R3(a, b, c, d, e, 50);
+  R3(e, a, b, c, d, 51);
+  R3(d, e, a, b, c, 52);
+  R3(c, d, e, a, b, 53);
+  R3(b, c, d, e, a, 54);
+  R3(a, b, c, d, e, 55);
+  R3(e, a, b, c, d, 56);
+  R3(d, e, a, b, c, 57);
+  R3(c, d, e, a, b, 58);
+  R3(b, c, d, e, a, 59);
+  R4(a, b, c, d, e, 60);
+  R4(e, a, b, c, d, 61);
+  R4(d, e, a, b, c, 62);
+  R4(c, d, e, a, b, 63);
+  R4(b, c, d, e, a, 64);
+  R4(a, b, c, d, e, 65);
+  R4(e, a, b, c, d, 66);
+  R4(d, e, a, b, c, 67);
+  R4(c, d, e, a, b, 68);
+  R4(b, c, d, e, a, 69);
+  R4(a, b, c, d, e, 70);
+  R4(e, a, b, c, d, 71);
+  R4(d, e, a, b, c, 72);
+  R4(c, d, e, a, b, 73);
+  R4(b, c, d, e, a, 74);
+  R4(a, b, c, d, e, 75);
+  R4(e, a, b, c, d, 76);
+  R4(d, e, a, b, c, 77);
+  R4(c, d, e, a, b, 78);
+  R4(b, c, d, e, a, 79);
+
+  /* Add the working vars back into context.state[] */
+
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+  state[4] += e;
+
+  /* Wipe variables */
+
+  a = b = c = d = e = 0;
 }

-
 /* SHA1Init - Initialize new context */

-void
-SHA1Init(SHA1_CTX *context)
+void sha1init(FAR SHA1_CTX *context)
 {
-    /* SHA1 initialization constants */
-    context->count = 0;
-    context->state[0] = 0x67452301;
-    context->state[1] = 0xEFCDAB89;
-    context->state[2] = 0x98BADCFE;
-    context->state[3] = 0x10325476;
-    context->state[4] = 0xC3D2E1F0;
-}
+  /* SHA1 initialization constants */

+  context->count = 0;
+  context->state[0] = 0x67452301;
+  context->state[1] = 0xefcdab89;
+  context->state[2] = 0x98badcfe;
+  context->state[3] = 0x10325476;
+  context->state[4] = 0xc3d2e1f0;
+}

 /* Run your data through this. */

-void
-SHA1Update(SHA1_CTX *context, const void *dataptr, unsigned int len)
+void sha1update(FAR SHA1_CTX *context,
+                FAR const void *dataptr,
+                unsigned int len)
 {
-    const uint8_t *data = dataptr;
-    unsigned int i;
-    unsigned int j;
+  FAR const uint8_t *data = dataptr;
+  unsigned int i;
+  unsigned int j;

-    j = (u_int32_t)((context->count >> 3) & 63);
-    context->count += (len << 3);
-    if ((j + len) > 63) {
-        memcpy(&context->buffer[j], data, (i = 64 - j));
-        SHA1Transform(context->state, context->buffer);
-        for ( ; i + 63 < len; i += 64) {
-            SHA1Transform(context->state, &data[i]);
+  j = (uint32_t)((context->count >> 3) & 63);
+  context->count += (len << 3);
+  if ((j + len) > 63)
+    {
+      memcpy(&context->buffer[j], data, (i = 64 - j));
+      sha1transform(context->state, context->buffer);
+      for (; i + 63 < len; i += 64)
+        {
+          sha1transform(context->state, &data[i]);
        }
-        j = 0;
-    }
-    else i = 0;
-    memcpy(&context->buffer[j], &data[i], len - i);
-}

+      j = 0;
+    }
+  else
+    {
+      i = 0;
+    }
+
+  memcpy(&context->buffer[j], &data[i], len - i);
+}

 /* Add padding and return the message digest. */

-void
-SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
+void sha1final(FAR unsigned char *digest,
+               FAR SHA1_CTX *context)
 {
-    unsigned int i;
-    unsigned char finalcount[8];
+  unsigned int i;
+  unsigned char finalcount[8];

-    for (i = 0; i < 8; i++) {
-        finalcount[i] = (unsigned char)((context->count >>
-            ((7 - (i & 7)) * 8)) & 255);  /* Endian independent */
+  for (i = 0; i < 8; i++)
+    {
+      finalcount[i] = (unsigned char)((context->count >>
+          ((7 - (i & 7)) * 8)) & 255);  /* Endian independent */
    }
-    SHA1Update(context, "\200", 1);
-    while ((context->count & 504) != 448) {
-        SHA1Update(context, "\0", 1);
-    }
-    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */

-    for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
-        digest[i] = (unsigned char)((context->state[i >> 2] >>
-            ((3 - (i & 3)) * 8)) & 255);
+  sha1update(context, "\200", 1);
+  while ((context->count & 504) != 448)
+    {
+      sha1update(context, "\0", 1);
    }
-    explicit_bzero(&finalcount, sizeof(finalcount));
-    explicit_bzero(context, sizeof(*context));
+
+  sha1update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
+  for (i = 0; i < SHA1_DIGEST_LENGTH; i++)
+    {
+      digest[i] = (unsigned char)((context->state[i >> 2] >>
+        ((3 - (i & 3)) * 8)) & 255);
+    }
+
+  explicit_bzero(&finalcount, sizeof(finalcount));
+  explicit_bzero(context, sizeof(*context));
 }
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
--- a/crypto/siphash.c
+++ b/crypto/siphash.c
@ -1,6 +1,7 @@
-/*	$OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $ */
-
-/*-
+/****************************************************************************
+ * crypto/siphash.c
+ * $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $
+ *
 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
 * All rights reserved.
 *
@ -27,11 +28,11 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- */
+ ****************************************************************************/

-/*
- * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
- * are the number of compression rounds and the number of finalization rounds.
+/* SipHash is a family of PRFs SipHash-c-d where the integer parameters
+ * c and d are the number of compression rounds and the number of
+ * finalization rounds.
 * A compression round is identical to a finalization round and this round
 * function is called SipRound.  Given a 128-bit key k and a (possibly empty)
 * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
@ -43,139 +44,154 @@
 * https://131002.net/siphash/
 */

+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
 #include <sys/param.h>
 #include <sys/systm.h>

 #include <crypto/siphash.h>

-static void	SipHash_CRounds(SIPHASH_CTX *, int);
-static void	SipHash_Rounds(SIPHASH_CTX *, int);
+static void	siphash_crounds(FAR SIPHASH_CTX *, int);
+static void	siphash_rounds(FAR SIPHASH_CTX *, int);

-void
-SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void siphash_init(FAR SIPHASH_CTX *ctx, FAR const SIPHASH_KEY *key)
 {
-	uint64_t k0, k1;
+  uint64_t k0, k1;

-	k0 = lemtoh64(&key->k0);
-	k1 = lemtoh64(&key->k1);
+  k0 = lemtoh64(&key->k0);
+  k1 = lemtoh64(&key->k1);

-	ctx->v[0] = 0x736f6d6570736575ULL ^ k0;
-	ctx->v[1] = 0x646f72616e646f6dULL ^ k1;
-	ctx->v[2] = 0x6c7967656e657261ULL ^ k0;
-	ctx->v[3] = 0x7465646279746573ULL ^ k1;
+  ctx->v[0] = 0x736f6d6570736575ull ^ k0;
+  ctx->v[1] = 0x646f72616e646f6dull ^ k1;
+  ctx->v[2] = 0x6c7967656e657261ull ^ k0;
+  ctx->v[3] = 0x7465646279746573ull ^ k1;

-	memset(ctx->buf, 0, sizeof(ctx->buf));
-	ctx->bytes = 0;
+  memset(ctx->buf, 0, sizeof(ctx->buf));
+  ctx->bytes = 0;
 }

-void
-SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)
+void siphash_update(FAR SIPHASH_CTX *ctx,
+                    int rc, int rf,
+                    FAR const void *src, size_t len)
 {
-	const uint8_t *ptr = src;
-	size_t left, used;
+  FAR const uint8_t *ptr = src;
+  size_t left;
+  size_t used;

-	if (len == 0)
-		return;
+  if (len == 0)
+    return;

-	used = ctx->bytes % sizeof(ctx->buf);
-	ctx->bytes += len;
+  used = ctx->bytes % sizeof(ctx->buf);
+  ctx->bytes += len;

-	if (used > 0) {
-		left = sizeof(ctx->buf) - used;
+  if (used > 0)
+    {
+      left = sizeof(ctx->buf) - used;

-		if (len >= left) {
-			memcpy(&ctx->buf[used], ptr, left);
-			SipHash_CRounds(ctx, rc);
-			len -= left;
-			ptr += left;
-		} else {
-			memcpy(&ctx->buf[used], ptr, len);
-			return;
-		}
-	}
+      if (len >= left)
+        {
+          memcpy(&ctx->buf[used], ptr, left);
+          siphash_crounds(ctx, rc);
+          len -= left;
+          ptr += left;
+        }
+      else
+        {
+          memcpy(&ctx->buf[used], ptr, len);
+          return;
+        }
+    }

-	while (len >= sizeof(ctx->buf)) {
-		memcpy(ctx->buf, ptr, sizeof(ctx->buf));
-		SipHash_CRounds(ctx, rc);
-		len -= sizeof(ctx->buf);
-		ptr += sizeof(ctx->buf);
-	}
+  while (len >= sizeof(ctx->buf))
+    {
+      memcpy(ctx->buf, ptr, sizeof(ctx->buf));
+      siphash_crounds(ctx, rc);
+      len -= sizeof(ctx->buf);
+      ptr += sizeof(ctx->buf);
+    }

-	if (len > 0)
-		memcpy(ctx->buf, ptr, len);
+  if (len > 0)
+    {
+      memcpy(ctx->buf, ptr, len);
+    }
 }

-void
-SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)
+void siphash_final(FAR void *dst, FAR SIPHASH_CTX *ctx, int rc, int rf)
 {
-	uint64_t r;
+  uint64_t r;

-	htolem64(&r, SipHash_End(ctx, rc, rf));
-	memcpy(dst, &r, sizeof r);
+  htolem64(&r, siphash_end(ctx, rc, rf));
+  memcpy(dst, &r, sizeof r);
 }

-uint64_t
-SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)
+uint64_t siphash_end(FAR SIPHASH_CTX *ctx, int rc, int rf)
 {
-	uint64_t r;
-	size_t left, used;
+  uint64_t r;
+  size_t left;
+  size_t used;

-	used = ctx->bytes % sizeof(ctx->buf);
-	left = sizeof(ctx->buf) - used;
-	memset(&ctx->buf[used], 0, left - 1);
-	ctx->buf[7] = ctx->bytes;
+  used = ctx->bytes % sizeof(ctx->buf);
+  left = sizeof(ctx->buf) - used;
+  memset(&ctx->buf[used], 0, left - 1);
+  ctx->buf[7] = ctx->bytes;

-	SipHash_CRounds(ctx, rc);
-	ctx->v[2] ^= 0xff;
-	SipHash_Rounds(ctx, rf);
+  siphash_crounds(ctx, rc);
+  ctx->v[2] ^= 0xff;
+  siphash_rounds(ctx, rf);

-	r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
-	explicit_bzero(ctx, sizeof(*ctx));
-	return (r);
+  r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
+  explicit_bzero(ctx, sizeof(*ctx));
+  return (r);
 }

-uint64_t
-SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)
+uint64_t siphash(FAR const SIPHASH_KEY *key,
+                 int rc, int rf,
+                 FAR const void *src, size_t len)
 {
-	SIPHASH_CTX ctx;
+  SIPHASH_CTX ctx;

-	SipHash_Init(&ctx, key);
-	SipHash_Update(&ctx, rc, rf, src, len);
-	return (SipHash_End(&ctx, rc, rf));
+  siphash_init(&ctx, key);
+  siphash_update(&ctx, rc, rf, src, len);
+  return (siphash_end(&ctx, rc, rf));
 }

 #define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))

-static void
-SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
+static void siphash_rounds(FAR SIPHASH_CTX *ctx, int rounds)
 {
-	while (rounds--) {
-		ctx->v[0] += ctx->v[1];
-		ctx->v[2] += ctx->v[3];
-		ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
-		ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
+  while (rounds--)
+    {
+      ctx->v[0] += ctx->v[1];
+      ctx->v[2] += ctx->v[3];
+      ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
+      ctx->v[3] = SIP_ROTL(ctx->v[3], 16);

-		ctx->v[1] ^= ctx->v[0];
-		ctx->v[3] ^= ctx->v[2];
-		ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
+      ctx->v[1] ^= ctx->v[0];
+      ctx->v[3] ^= ctx->v[2];
+      ctx->v[0] = SIP_ROTL(ctx->v[0], 32);

-		ctx->v[2] += ctx->v[1];
-		ctx->v[0] += ctx->v[3];
-		ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
-		ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
+      ctx->v[2] += ctx->v[1];
+      ctx->v[0] += ctx->v[3];
+      ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
+      ctx->v[3] = SIP_ROTL(ctx->v[3], 21);

-		ctx->v[1] ^= ctx->v[2];
-		ctx->v[3] ^= ctx->v[0];
-		ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
-	}
+      ctx->v[1] ^= ctx->v[2];
+      ctx->v[3] ^= ctx->v[0];
+      ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
+    }
 }

-static void
-SipHash_CRounds(SIPHASH_CTX *ctx, int rounds)
+static void siphash_crounds(FAR SIPHASH_CTX *ctx, int rounds)
 {
-	uint64_t m = lemtoh64((uint64_t *)ctx->buf);
+  uint64_t m = lemtoh64((uint64_t *)ctx->buf);

-	ctx->v[3] ^= m;
-	SipHash_Rounds(ctx, rounds);
-	ctx->v[0] ^= m;
+  ctx->v[3] ^= m;
+  siphash_rounds(ctx, rounds);
+  ctx->v[0] ^= m;
 }
--- a/crypto/sk.h
+++ b/crypto/sk.h
@ -1,22 +1,23 @@
-/*	$OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $	*/
-
-/* lib/des/sk.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/sk.h
+ * $OpenBSD: sk.h,v 1.2 2002/10/27 13:24:26 miod Exp $
+ * lib/des/sk.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,169 +28,189 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed
+ *    by Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAl,  SPECIAl,
+ * EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ *
+ * The licence and distribution terms for any publically
+ * available version or derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/

-static const u_int32_t des_skb[8][64]={
+static const uint32_t des_skb[8][64] =
 {
-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-},{
-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-},{
-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-},{
-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-},{
-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-},{
-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-},{
-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-},{
-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-}};
+  {
+    /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+
+    0x00000000l, 0x00000010l, 0x20000000l, 0x20000010l,
+    0x00010000l, 0x00010010l, 0x20010000l, 0x20010010l,
+    0x00000800l, 0x00000810l, 0x20000800l, 0x20000810l,
+    0x00010800l, 0x00010810l, 0x20010800l, 0x20010810l,
+    0x00000020l, 0x00000030l, 0x20000020l, 0x20000030l,
+    0x00010020l, 0x00010030l, 0x20010020l, 0x20010030l,
+    0x00000820l, 0x00000830l, 0x20000820l, 0x20000830l,
+    0x00010820l, 0x00010830l, 0x20010820l, 0x20010830l,
+    0x00080000l, 0x00080010l, 0x20080000l, 0x20080010l,
+    0x00090000l, 0x00090010l, 0x20090000l, 0x20090010l,
+    0x00080800l, 0x00080810l, 0x20080800l, 0x20080810l,
+    0x00090800l, 0x00090810l, 0x20090800l, 0x20090810l,
+    0x00080020l, 0x00080030l, 0x20080020l, 0x20080030l,
+    0x00090020l, 0x00090030l, 0x20090020l, 0x20090030l,
+    0x00080820l, 0x00080830l, 0x20080820l, 0x20080830l,
+    0x00090820l, 0x00090830l, 0x20090820l, 0x20090830l,
+  },
+  {
+    /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+
+    0x00000000l, 0x02000000l, 0x00002000l, 0x02002000l,
+    0x00200000l, 0x02200000l, 0x00202000l, 0x02202000l,
+    0x00000004l, 0x02000004l, 0x00002004l, 0x02002004l,
+    0x00200004l, 0x02200004l, 0x00202004l, 0x02202004l,
+    0x00000400l, 0x02000400l, 0x00002400l, 0x02002400l,
+    0x00200400l, 0x02200400l, 0x00202400l, 0x02202400l,
+    0x00000404l, 0x02000404l, 0x00002404l, 0x02002404l,
+    0x00200404l, 0x02200404l, 0x00202404l, 0x02202404l,
+    0x10000000l, 0x12000000l, 0x10002000l, 0x12002000l,
+    0x10200000l, 0x12200000l, 0x10202000l, 0x12202000l,
+    0x10000004l, 0x12000004l, 0x10002004l, 0x12002004l,
+    0x10200004l, 0x12200004l, 0x10202004l, 0x12202004l,
+    0x10000400l, 0x12000400l, 0x10002400l, 0x12002400l,
+    0x10200400l, 0x12200400l, 0x10202400l, 0x12202400l,
+    0x10000404l, 0x12000404l, 0x10002404l, 0x12002404l,
+    0x10200404l, 0x12200404l, 0x10202404l, 0x12202404l,
+  },
+  {
+    /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+
+    0x00000000l, 0x00000001l, 0x00040000l, 0x00040001l,
+    0x01000000l, 0x01000001l, 0x01040000l, 0x01040001l,
+    0x00000002l, 0x00000003l, 0x00040002l, 0x00040003l,
+    0x01000002l, 0x01000003l, 0x01040002l, 0x01040003l,
+    0x00000200l, 0x00000201l, 0x00040200l, 0x00040201l,
+    0x01000200l, 0x01000201l, 0x01040200l, 0x01040201l,
+    0x00000202l, 0x00000203l, 0x00040202l, 0x00040203l,
+    0x01000202l, 0x01000203l, 0x01040202l, 0x01040203l,
+    0x08000000l, 0x08000001l, 0x08040000l, 0x08040001l,
+    0x09000000l, 0x09000001l, 0x09040000l, 0x09040001l,
+    0x08000002l, 0x08000003l, 0x08040002l, 0x08040003l,
+    0x09000002l, 0x09000003l, 0x09040002l, 0x09040003l,
+    0x08000200l, 0x08000201l, 0x08040200l, 0x08040201l,
+    0x09000200l, 0x09000201l, 0x09040200l, 0x09040201l,
+    0x08000202l, 0x08000203l, 0x08040202l, 0x08040203l,
+    0x09000202l, 0x09000203l, 0x09040202l, 0x09040203l,
+  },
+  {
+    /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+
+    0x00000000l, 0x00100000l, 0x00000100l, 0x00100100l,
+    0x00000008l, 0x00100008l, 0x00000108l, 0x00100108l,
+    0x00001000l, 0x00101000l, 0x00001100l, 0x00101100l,
+    0x00001008l, 0x00101008l, 0x00001108l, 0x00101108l,
+    0x04000000l, 0x04100000l, 0x04000100l, 0x04100100l,
+    0x04000008l, 0x04100008l, 0x04000108l, 0x04100108l,
+    0x04001000l, 0x04101000l, 0x04001100l, 0x04101100l,
+    0x04001008l, 0x04101008l, 0x04001108l, 0x04101108l,
+    0x00020000l, 0x00120000l, 0x00020100l, 0x00120100l,
+    0x00020008l, 0x00120008l, 0x00020108l, 0x00120108l,
+    0x00021000l, 0x00121000l, 0x00021100l, 0x00121100l,
+    0x00021008l, 0x00121008l, 0x00021108l, 0x00121108l,
+    0x04020000l, 0x04120000l, 0x04020100l, 0x04120100l,
+    0x04020008l, 0x04120008l, 0x04020108l, 0x04120108l,
+    0x04021000l, 0x04121000l, 0x04021100l, 0x04121100l,
+    0x04021008l, 0x04121008l, 0x04021108l, 0x04121108l,
+  },
+  {
+    /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+
+    0x00000000l, 0x10000000l, 0x00010000l, 0x10010000l,
+    0x00000004l, 0x10000004l, 0x00010004l, 0x10010004l,
+    0x20000000l, 0x30000000l, 0x20010000l, 0x30010000l,
+    0x20000004l, 0x30000004l, 0x20010004l, 0x30010004l,
+    0x00100000l, 0x10100000l, 0x00110000l, 0x10110000l,
+    0x00100004l, 0x10100004l, 0x00110004l, 0x10110004l,
+    0x20100000l, 0x30100000l, 0x20110000l, 0x30110000l,
+    0x20100004l, 0x30100004l, 0x20110004l, 0x30110004l,
+    0x00001000l, 0x10001000l, 0x00011000l, 0x10011000l,
+    0x00001004l, 0x10001004l, 0x00011004l, 0x10011004l,
+    0x20001000l, 0x30001000l, 0x20011000l, 0x30011000l,
+    0x20001004l, 0x30001004l, 0x20011004l, 0x30011004l,
+    0x00101000l, 0x10101000l, 0x00111000l, 0x10111000l,
+    0x00101004l, 0x10101004l, 0x00111004l, 0x10111004l,
+    0x20101000l, 0x30101000l, 0x20111000l, 0x30111000l,
+    0x20101004l, 0x30101004l, 0x20111004l, 0x30111004l,
+  },
+  {
+    /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+
+    0x00000000l, 0x08000000l, 0x00000008l, 0x08000008l,
+    0x00000400l, 0x08000400l, 0x00000408l, 0x08000408l,
+    0x00020000l, 0x08020000l, 0x00020008l, 0x08020008l,
+    0x00020400l, 0x08020400l, 0x00020408l, 0x08020408l,
+    0x00000001l, 0x08000001l, 0x00000009l, 0x08000009l,
+    0x00000401l, 0x08000401l, 0x00000409l, 0x08000409l,
+    0x00020001l, 0x08020001l, 0x00020009l, 0x08020009l,
+    0x00020401l, 0x08020401l, 0x00020409l, 0x08020409l,
+    0x02000000l, 0x0a000000l, 0x02000008l, 0x0a000008l,
+    0x02000400l, 0x0a000400l, 0x02000408l, 0x0a000408l,
+    0x02020000l, 0x0a020000l, 0x02020008l, 0x0a020008l,
+    0x02020400l, 0x0a020400l, 0x02020408l, 0x0a020408l,
+    0x02000001l, 0x0a000001l, 0x02000009l, 0x0a000009l,
+    0x02000401l, 0x0a000401l, 0x02000409l, 0x0a000409l,
+    0x02020001l, 0x0a020001l, 0x02020009l, 0x0a020009l,
+    0x02020401l, 0x0a020401l, 0x02020409l, 0x0a020409l,
+  },
+  {
+    /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+
+    0x00000000l, 0x00000100l, 0x00080000l, 0x00080100l,
+    0x01000000l, 0x01000100l, 0x01080000l, 0x01080100l,
+    0x00000010l, 0x00000110l, 0x00080010l, 0x00080110l,
+    0x01000010l, 0x01000110l, 0x01080010l, 0x01080110l,
+    0x00200000l, 0x00200100l, 0x00280000l, 0x00280100l,
+    0x01200000l, 0x01200100l, 0x01280000l, 0x01280100l,
+    0x00200010l, 0x00200110l, 0x00280010l, 0x00280110l,
+    0x01200010l, 0x01200110l, 0x01280010l, 0x01280110l,
+    0x00000200l, 0x00000300l, 0x00080200l, 0x00080300l,
+    0x01000200l, 0x01000300l, 0x01080200l, 0x01080300l,
+    0x00000210l, 0x00000310l, 0x00080210l, 0x00080310l,
+    0x01000210l, 0x01000310l, 0x01080210l, 0x01080310l,
+    0x00200200l, 0x00200300l, 0x00280200l, 0x00280300l,
+    0x01200200l, 0x01200300l, 0x01280200l, 0x01280300l,
+    0x00200210l, 0x00200310l, 0x00280210l, 0x00280310l,
+    0x01200210l, 0x01200310l, 0x01280210l, 0x01280310l,
+  },
+  {
+    /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+
+    0x00000000l, 0x04000000l, 0x00040000l, 0x04040000l,
+    0x00000002l, 0x04000002l, 0x00040002l, 0x04040002l,
+    0x00002000l, 0x04002000l, 0x00042000l, 0x04042000l,
+    0x00002002l, 0x04002002l, 0x00042002l, 0x04042002l,
+    0x00000020l, 0x04000020l, 0x00040020l, 0x04040020l,
+    0x00000022l, 0x04000022l, 0x00040022l, 0x04040022l,
+    0x00002020l, 0x04002020l, 0x00042020l, 0x04042020l,
+    0x00002022l, 0x04002022l, 0x00042022l, 0x04042022l,
+    0x00000800l, 0x04000800l, 0x00040800l, 0x04040800l,
+    0x00000802l, 0x04000802l, 0x00040802l, 0x04040802l,
+    0x00002800l, 0x04002800l, 0x00042800l, 0x04042800l,
+    0x00002802l, 0x04002802l, 0x00042802l, 0x04042802l,
+    0x00000820l, 0x04000820l, 0x00040820l, 0x04040820l,
+    0x00000822l, 0x04000822l, 0x00040822l, 0x04040822l,
+    0x00002820l, 0x04002820l, 0x00042820l, 0x04042820l,
+    0x00002822l, 0x04002822l, 0x00042822l, 0x04042822l,
+  }
+};
--- a/crypto/spr.h
+++ b/crypto/spr.h
@ -1,22 +1,23 @@
-/*	$OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $	*/
-
-/* lib/des/spr.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
+/****************************************************************************
+ * crypto/spr.h
+ * $OpenBSD: spr.h,v 1.2 2002/10/27 13:24:26 miod Exp $
+ * lib/des/spr.h
+ * Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
 * All rights reserved.
- * 
+ *
 * This file is part of an SSL implementation written
 * by Eric Young (eay@mincom.oz.au).
 * The implementation was written so as to conform with Netscapes SSL
 * specification.  This library and applications are
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 * as long as the following conditions are aheared to.
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.  If this code is used in a product,
 * Eric Young should be given attribution as the author of the parts used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -27,8 +28,9 @@
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
+ *    This product includes software developed
+ *    by Eric Young (eay@mincom.oz.au)
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -40,156 +42,174 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * derivative of this code cannot be changed.
+ * i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
- */
+ ****************************************************************************/

-static const u_int32_t des_SPtrans[8][64]={
+static const uint32_t des_sptrans[8][64] =
 {
-/* nibble 0 */
-0x00820200L, 0x00020000L, 0x80800000L, 0x80820200L,
-0x00800000L, 0x80020200L, 0x80020000L, 0x80800000L,
-0x80020200L, 0x00820200L, 0x00820000L, 0x80000200L,
-0x80800200L, 0x00800000L, 0x00000000L, 0x80020000L,
-0x00020000L, 0x80000000L, 0x00800200L, 0x00020200L,
-0x80820200L, 0x00820000L, 0x80000200L, 0x00800200L,
-0x80000000L, 0x00000200L, 0x00020200L, 0x80820000L,
-0x00000200L, 0x80800200L, 0x80820000L, 0x00000000L,
-0x00000000L, 0x80820200L, 0x00800200L, 0x80020000L,
-0x00820200L, 0x00020000L, 0x80000200L, 0x00800200L,
-0x80820000L, 0x00000200L, 0x00020200L, 0x80800000L,
-0x80020200L, 0x80000000L, 0x80800000L, 0x00820000L,
-0x80820200L, 0x00020200L, 0x00820000L, 0x80800200L,
-0x00800000L, 0x80000200L, 0x80020000L, 0x00000000L,
-0x00020000L, 0x00800000L, 0x80800200L, 0x00820200L,
-0x80000000L, 0x80820000L, 0x00000200L, 0x80020200L,
-},{
-/* nibble 1 */
-0x10042004L, 0x00000000L, 0x00042000L, 0x10040000L,
-0x10000004L, 0x00002004L, 0x10002000L, 0x00042000L,
-0x00002000L, 0x10040004L, 0x00000004L, 0x10002000L,
-0x00040004L, 0x10042000L, 0x10040000L, 0x00000004L,
-0x00040000L, 0x10002004L, 0x10040004L, 0x00002000L,
-0x00042004L, 0x10000000L, 0x00000000L, 0x00040004L,
-0x10002004L, 0x00042004L, 0x10042000L, 0x10000004L,
-0x10000000L, 0x00040000L, 0x00002004L, 0x10042004L,
-0x00040004L, 0x10042000L, 0x10002000L, 0x00042004L,
-0x10042004L, 0x00040004L, 0x10000004L, 0x00000000L,
-0x10000000L, 0x00002004L, 0x00040000L, 0x10040004L,
-0x00002000L, 0x10000000L, 0x00042004L, 0x10002004L,
-0x10042000L, 0x00002000L, 0x00000000L, 0x10000004L,
-0x00000004L, 0x10042004L, 0x00042000L, 0x10040000L,
-0x10040004L, 0x00040000L, 0x00002004L, 0x10002000L,
-0x10002004L, 0x00000004L, 0x10040000L, 0x00042000L,
-},{
-/* nibble 2 */
-0x41000000L, 0x01010040L, 0x00000040L, 0x41000040L,
-0x40010000L, 0x01000000L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00010000L, 0x01010000L, 0x40000000L,
-0x41010040L, 0x40000040L, 0x40000000L, 0x41010000L,
-0x00000000L, 0x40010000L, 0x01010040L, 0x00000040L,
-0x40000040L, 0x41010040L, 0x00010000L, 0x41000000L,
-0x41010000L, 0x01000040L, 0x40010040L, 0x01010000L,
-0x00010040L, 0x00000000L, 0x01000000L, 0x40010040L,
-0x01010040L, 0x00000040L, 0x40000000L, 0x00010000L,
-0x40000040L, 0x40010000L, 0x01010000L, 0x41000040L,
-0x00000000L, 0x01010040L, 0x00010040L, 0x41010000L,
-0x40010000L, 0x01000000L, 0x41010040L, 0x40000000L,
-0x40010040L, 0x41000000L, 0x01000000L, 0x41010040L,
-0x00010000L, 0x01000040L, 0x41000040L, 0x00010040L,
-0x01000040L, 0x00000000L, 0x41010000L, 0x40000040L,
-0x41000000L, 0x40010040L, 0x00000040L, 0x01010000L,
-},{
-/* nibble 3 */
-0x00100402L, 0x04000400L, 0x00000002L, 0x04100402L,
-0x00000000L, 0x04100000L, 0x04000402L, 0x00100002L,
-0x04100400L, 0x04000002L, 0x04000000L, 0x00000402L,
-0x04000002L, 0x00100402L, 0x00100000L, 0x04000000L,
-0x04100002L, 0x00100400L, 0x00000400L, 0x00000002L,
-0x00100400L, 0x04000402L, 0x04100000L, 0x00000400L,
-0x00000402L, 0x00000000L, 0x00100002L, 0x04100400L,
-0x04000400L, 0x04100002L, 0x04100402L, 0x00100000L,
-0x04100002L, 0x00000402L, 0x00100000L, 0x04000002L,
-0x00100400L, 0x04000400L, 0x00000002L, 0x04100000L,
-0x04000402L, 0x00000000L, 0x00000400L, 0x00100002L,
-0x00000000L, 0x04100002L, 0x04100400L, 0x00000400L,
-0x04000000L, 0x04100402L, 0x00100402L, 0x00100000L,
-0x04100402L, 0x00000002L, 0x04000400L, 0x00100402L,
-0x00100002L, 0x00100400L, 0x04100000L, 0x04000402L,
-0x00000402L, 0x04000000L, 0x04000002L, 0x04100400L,
-},{
-/* nibble 4 */
-0x02000000L, 0x00004000L, 0x00000100L, 0x02004108L,
-0x02004008L, 0x02000100L, 0x00004108L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x00004100L,
-0x02000108L, 0x02004008L, 0x02004100L, 0x00000000L,
-0x00004100L, 0x02000000L, 0x00004008L, 0x00000108L,
-0x02000100L, 0x00004108L, 0x00000000L, 0x02000008L,
-0x00000008L, 0x02000108L, 0x02004108L, 0x00004008L,
-0x02004000L, 0x00000100L, 0x00000108L, 0x02004100L,
-0x02004100L, 0x02000108L, 0x00004008L, 0x02004000L,
-0x00004000L, 0x00000008L, 0x02000008L, 0x02000100L,
-0x02000000L, 0x00004100L, 0x02004108L, 0x00000000L,
-0x00004108L, 0x02000000L, 0x00000100L, 0x00004008L,
-0x02000108L, 0x00000100L, 0x00000000L, 0x02004108L,
-0x02004008L, 0x02004100L, 0x00000108L, 0x00004000L,
-0x00004100L, 0x02004008L, 0x02000100L, 0x00000108L,
-0x00000008L, 0x00004108L, 0x02004000L, 0x02000008L,
-},{
-/* nibble 5 */
-0x20000010L, 0x00080010L, 0x00000000L, 0x20080800L,
-0x00080010L, 0x00000800L, 0x20000810L, 0x00080000L,
-0x00000810L, 0x20080810L, 0x00080800L, 0x20000000L,
-0x20000800L, 0x20000010L, 0x20080000L, 0x00080810L,
-0x00080000L, 0x20000810L, 0x20080010L, 0x00000000L,
-0x00000800L, 0x00000010L, 0x20080800L, 0x20080010L,
-0x20080810L, 0x20080000L, 0x20000000L, 0x00000810L,
-0x00000010L, 0x00080800L, 0x00080810L, 0x20000800L,
-0x00000810L, 0x20000000L, 0x20000800L, 0x00080810L,
-0x20080800L, 0x00080010L, 0x00000000L, 0x20000800L,
-0x20000000L, 0x00000800L, 0x20080010L, 0x00080000L,
-0x00080010L, 0x20080810L, 0x00080800L, 0x00000010L,
-0x20080810L, 0x00080800L, 0x00080000L, 0x20000810L,
-0x20000010L, 0x20080000L, 0x00080810L, 0x00000000L,
-0x00000800L, 0x20000010L, 0x20000810L, 0x20080800L,
-0x20080000L, 0x00000810L, 0x00000010L, 0x20080010L,
-},{
-/* nibble 6 */
-0x00001000L, 0x00000080L, 0x00400080L, 0x00400001L,
-0x00401081L, 0x00001001L, 0x00001080L, 0x00000000L,
-0x00400000L, 0x00400081L, 0x00000081L, 0x00401000L,
-0x00000001L, 0x00401080L, 0x00401000L, 0x00000081L,
-0x00400081L, 0x00001000L, 0x00001001L, 0x00401081L,
-0x00000000L, 0x00400080L, 0x00400001L, 0x00001080L,
-0x00401001L, 0x00001081L, 0x00401080L, 0x00000001L,
-0x00001081L, 0x00401001L, 0x00000080L, 0x00400000L,
-0x00001081L, 0x00401000L, 0x00401001L, 0x00000081L,
-0x00001000L, 0x00000080L, 0x00400000L, 0x00401001L,
-0x00400081L, 0x00001081L, 0x00001080L, 0x00000000L,
-0x00000080L, 0x00400001L, 0x00000001L, 0x00400080L,
-0x00000000L, 0x00400081L, 0x00400080L, 0x00001080L,
-0x00000081L, 0x00001000L, 0x00401081L, 0x00400000L,
-0x00401080L, 0x00000001L, 0x00001001L, 0x00401081L,
-0x00400001L, 0x00401080L, 0x00401000L, 0x00001001L,
-},{
-/* nibble 7 */
-0x08200020L, 0x08208000L, 0x00008020L, 0x00000000L,
-0x08008000L, 0x00200020L, 0x08200000L, 0x08208020L,
-0x00000020L, 0x08000000L, 0x00208000L, 0x00008020L,
-0x00208020L, 0x08008020L, 0x08000020L, 0x08200000L,
-0x00008000L, 0x00208020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x08000020L, 0x00000000L, 0x00208000L,
-0x08000000L, 0x00200000L, 0x08008020L, 0x08200020L,
-0x00200000L, 0x00008000L, 0x08208000L, 0x00000020L,
-0x00200000L, 0x00008000L, 0x08000020L, 0x08208020L,
-0x00008020L, 0x08000000L, 0x00000000L, 0x00208000L,
-0x08200020L, 0x08008020L, 0x08008000L, 0x00200020L,
-0x08208000L, 0x00000020L, 0x00200020L, 0x08008000L,
-0x08208020L, 0x00200000L, 0x08200000L, 0x08000020L,
-0x00208000L, 0x00008020L, 0x08008020L, 0x08200000L,
-0x00000020L, 0x08208000L, 0x00208020L, 0x00000000L,
-0x08000000L, 0x08200020L, 0x00008000L, 0x00208020L,
-}};
+  {
+    /* nibble 0 */
+
+    0x00820200l, 0x00020000l, 0x80800000l, 0x80820200l,
+    0x00800000l, 0x80020200l, 0x80020000l, 0x80800000l,
+    0x80020200l, 0x00820200l, 0x00820000l, 0x80000200l,
+    0x80800200l, 0x00800000l, 0x00000000l, 0x80020000l,
+    0x00020000l, 0x80000000l, 0x00800200l, 0x00020200l,
+    0x80820200l, 0x00820000l, 0x80000200l, 0x00800200l,
+    0x80000000l, 0x00000200l, 0x00020200l, 0x80820000l,
+    0x00000200l, 0x80800200l, 0x80820000l, 0x00000000l,
+    0x00000000l, 0x80820200l, 0x00800200l, 0x80020000l,
+    0x00820200l, 0x00020000l, 0x80000200l, 0x00800200l,
+    0x80820000l, 0x00000200l, 0x00020200l, 0x80800000l,
+    0x80020200l, 0x80000000l, 0x80800000l, 0x00820000l,
+    0x80820200l, 0x00020200l, 0x00820000l, 0x80800200l,
+    0x00800000l, 0x80000200l, 0x80020000l, 0x00000000l,
+    0x00020000l, 0x00800000l, 0x80800200l, 0x00820200l,
+    0x80000000l, 0x80820000l, 0x00000200l, 0x80020200l,
+  },
+  {
+    /* nibble 1 */
+
+    0x10042004l, 0x00000000l, 0x00042000l, 0x10040000l,
+    0x10000004l, 0x00002004l, 0x10002000l, 0x00042000l,
+    0x00002000l, 0x10040004l, 0x00000004l, 0x10002000l,
+    0x00040004l, 0x10042000l, 0x10040000l, 0x00000004l,
+    0x00040000l, 0x10002004l, 0x10040004l, 0x00002000l,
+    0x00042004l, 0x10000000l, 0x00000000l, 0x00040004l,
+    0x10002004l, 0x00042004l, 0x10042000l, 0x10000004l,
+    0x10000000l, 0x00040000l, 0x00002004l, 0x10042004l,
+    0x00040004l, 0x10042000l, 0x10002000l, 0x00042004l,
+    0x10042004l, 0x00040004l, 0x10000004l, 0x00000000l,
+    0x10000000l, 0x00002004l, 0x00040000l, 0x10040004l,
+    0x00002000l, 0x10000000l, 0x00042004l, 0x10002004l,
+    0x10042000l, 0x00002000l, 0x00000000l, 0x10000004l,
+    0x00000004l, 0x10042004l, 0x00042000l, 0x10040000l,
+    0x10040004l, 0x00040000l, 0x00002004l, 0x10002000l,
+    0x10002004l, 0x00000004l, 0x10040000l, 0x00042000l,
+  },
+  {
+    /* nibble 2 */
+
+    0x41000000l, 0x01010040l, 0x00000040l, 0x41000040l,
+    0x40010000l, 0x01000000l, 0x41000040l, 0x00010040l,
+    0x01000040l, 0x00010000l, 0x01010000l, 0x40000000l,
+    0x41010040l, 0x40000040l, 0x40000000l, 0x41010000l,
+    0x00000000l, 0x40010000l, 0x01010040l, 0x00000040l,
+    0x40000040l, 0x41010040l, 0x00010000l, 0x41000000l,
+    0x41010000l, 0x01000040l, 0x40010040l, 0x01010000l,
+    0x00010040l, 0x00000000l, 0x01000000l, 0x40010040l,
+    0x01010040l, 0x00000040l, 0x40000000l, 0x00010000l,
+    0x40000040l, 0x40010000l, 0x01010000l, 0x41000040l,
+    0x00000000l, 0x01010040l, 0x00010040l, 0x41010000l,
+    0x40010000l, 0x01000000l, 0x41010040l, 0x40000000l,
+    0x40010040l, 0x41000000l, 0x01000000l, 0x41010040l,
+    0x00010000l, 0x01000040l, 0x41000040l, 0x00010040l,
+    0x01000040l, 0x00000000l, 0x41010000l, 0x40000040l,
+    0x41000000l, 0x40010040l, 0x00000040l, 0x01010000l,
+  },
+  {
+    /* nibble 3 */
+
+    0x00100402l, 0x04000400l, 0x00000002l, 0x04100402l,
+    0x00000000l, 0x04100000l, 0x04000402l, 0x00100002l,
+    0x04100400l, 0x04000002l, 0x04000000l, 0x00000402l,
+    0x04000002l, 0x00100402l, 0x00100000l, 0x04000000l,
+    0x04100002l, 0x00100400l, 0x00000400l, 0x00000002l,
+    0x00100400l, 0x04000402l, 0x04100000l, 0x00000400l,
+    0x00000402l, 0x00000000l, 0x00100002l, 0x04100400l,
+    0x04000400l, 0x04100002l, 0x04100402l, 0x00100000l,
+    0x04100002l, 0x00000402l, 0x00100000l, 0x04000002l,
+    0x00100400l, 0x04000400l, 0x00000002l, 0x04100000l,
+    0x04000402l, 0x00000000l, 0x00000400l, 0x00100002l,
+    0x00000000l, 0x04100002l, 0x04100400l, 0x00000400l,
+    0x04000000l, 0x04100402l, 0x00100402l, 0x00100000l,
+    0x04100402l, 0x00000002l, 0x04000400l, 0x00100402l,
+    0x00100002l, 0x00100400l, 0x04100000l, 0x04000402l,
+    0x00000402l, 0x04000000l, 0x04000002l, 0x04100400l,
+  },
+  {
+    /* nibble 4 */
+
+    0x02000000l, 0x00004000l, 0x00000100l, 0x02004108l,
+    0x02004008l, 0x02000100l, 0x00004108l, 0x02004000l,
+    0x00004000l, 0x00000008l, 0x02000008l, 0x00004100l,
+    0x02000108l, 0x02004008l, 0x02004100l, 0x00000000l,
+    0x00004100l, 0x02000000l, 0x00004008l, 0x00000108l,
+    0x02000100l, 0x00004108l, 0x00000000l, 0x02000008l,
+    0x00000008l, 0x02000108l, 0x02004108l, 0x00004008l,
+    0x02004000l, 0x00000100l, 0x00000108l, 0x02004100l,
+    0x02004100l, 0x02000108l, 0x00004008l, 0x02004000l,
+    0x00004000l, 0x00000008l, 0x02000008l, 0x02000100l,
+    0x02000000l, 0x00004100l, 0x02004108l, 0x00000000l,
+    0x00004108l, 0x02000000l, 0x00000100l, 0x00004008l,
+    0x02000108l, 0x00000100l, 0x00000000l, 0x02004108l,
+    0x02004008l, 0x02004100l, 0x00000108l, 0x00004000l,
+    0x00004100l, 0x02004008l, 0x02000100l, 0x00000108l,
+    0x00000008l, 0x00004108l, 0x02004000l, 0x02000008l,
+  },
+  {
+    /* nibble 5 */
+
+    0x20000010l, 0x00080010l, 0x00000000l, 0x20080800l,
+    0x00080010l, 0x00000800l, 0x20000810l, 0x00080000l,
+    0x00000810l, 0x20080810l, 0x00080800l, 0x20000000l,
+    0x20000800l, 0x20000010l, 0x20080000l, 0x00080810l,
+    0x00080000l, 0x20000810l, 0x20080010l, 0x00000000l,
+    0x00000800l, 0x00000010l, 0x20080800l, 0x20080010l,
+    0x20080810l, 0x20080000l, 0x20000000l, 0x00000810l,
+    0x00000010l, 0x00080800l, 0x00080810l, 0x20000800l,
+    0x00000810l, 0x20000000l, 0x20000800l, 0x00080810l,
+    0x20080800l, 0x00080010l, 0x00000000l, 0x20000800l,
+    0x20000000l, 0x00000800l, 0x20080010l, 0x00080000l,
+    0x00080010l, 0x20080810l, 0x00080800l, 0x00000010l,
+    0x20080810l, 0x00080800l, 0x00080000l, 0x20000810l,
+    0x20000010l, 0x20080000l, 0x00080810l, 0x00000000l,
+    0x00000800l, 0x20000010l, 0x20000810l, 0x20080800l,
+    0x20080000l, 0x00000810l, 0x00000010l, 0x20080010l,
+  },
+  {
+    /* nibble 6 */
+
+    0x00001000l, 0x00000080l, 0x00400080l, 0x00400001l,
+    0x00401081l, 0x00001001l, 0x00001080l, 0x00000000l,
+    0x00400000l, 0x00400081l, 0x00000081l, 0x00401000l,
+    0x00000001l, 0x00401080l, 0x00401000l, 0x00000081l,
+    0x00400081l, 0x00001000l, 0x00001001l, 0x00401081l,
+    0x00000000l, 0x00400080l, 0x00400001l, 0x00001080l,
+    0x00401001l, 0x00001081l, 0x00401080l, 0x00000001l,
+    0x00001081l, 0x00401001l, 0x00000080l, 0x00400000l,
+    0x00001081l, 0x00401000l, 0x00401001l, 0x00000081l,
+    0x00001000l, 0x00000080l, 0x00400000l, 0x00401001l,
+    0x00400081l, 0x00001081l, 0x00001080l, 0x00000000l,
+    0x00000080l, 0x00400001l, 0x00000001l, 0x00400080l,
+    0x00000000l, 0x00400081l, 0x00400080l, 0x00001080l,
+    0x00000081l, 0x00001000l, 0x00401081l, 0x00400000l,
+    0x00401080l, 0x00000001l, 0x00001001l, 0x00401081l,
+    0x00400001l, 0x00401080l, 0x00401000l, 0x00001001l,
+  },
+  {
+    /* nibble 7 */
+
+    0x08200020l, 0x08208000l, 0x00008020l, 0x00000000l,
+    0x08008000l, 0x00200020l, 0x08200000l, 0x08208020l,
+    0x00000020l, 0x08000000l, 0x00208000l, 0x00008020l,
+    0x00208020l, 0x08008020l, 0x08000020l, 0x08200000l,
+    0x00008000l, 0x00208020l, 0x00200020l, 0x08008000l,
+    0x08208020l, 0x08000020l, 0x00000000l, 0x00208000l,
+    0x08000000l, 0x00200000l, 0x08008020l, 0x08200020l,
+    0x00200000l, 0x00008000l, 0x08208000l, 0x00000020l,
+    0x00200000l, 0x00008000l, 0x08000020l, 0x08208020l,
+    0x00008020l, 0x08000000l, 0x00000000l, 0x00208000l,
+    0x08200020l, 0x08008020l, 0x08008000l, 0x00200020l,
+    0x08208000l, 0x00000020l, 0x00200020l, 0x08008000l,
+    0x08208020l, 0x00200000l, 0x08200000l, 0x08000020l,
+    0x00208000l, 0x00008020l, 0x08008020l, 0x08200000l,
+    0x00000020l, 0x08208000l, 0x00208020l, 0x00000000l,
+    0x08000000l, 0x08200020l, 0x00008000l, 0x00208020l,
+  }
+};
--- a/crypto/xform.c
+++ b/crypto/xform.c
@ -1,5 +1,7 @@
-/*	$OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $	*/
-/*
+/****************************************************************************
+ * crypto/xform.c
+ * $OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $
+ *
 * The authors of this code are John Ioannidis (ji@tla.org),
 * Angelos D. Keromytis (kermit@csd.uch.gr),
 * Niels Provos (provos@physnet.uni-hamburg.de),
@ -9,11 +11,12 @@
 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
 * in November 1995.
 *
- * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * Ported to OpenBSD and NetBSD, with additional transforms,
+ * in December 1996,
 * by Angelos D. Keromytis.
 *
- * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
- * and Niels Provos.
+ * Additional transforms and features in 1997 and 1998 by
+ * Angelos D. Keromytis and Niels Provos.
 *
 * Additional features in 1999 by Angelos D. Keromytis.
 *
@ -44,7 +47,11 @@
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
- */
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/param.h>
 #include <sys/systm.h>
@ -68,548 +75,586 @@

 #include "des_locl.h"

-extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/

-int  des_set_key(void *, caddr_t);
-int  des3_setkey(void *, u_int8_t *, int);
-int  blf_setkey(void *, u_int8_t *, int);
-int  cast5_setkey(void *, u_int8_t *, int);
-int  aes_setkey(void *, u_int8_t *, int);
-int  aes_ctr_setkey(void *, u_int8_t *, int);
-int  aes_xts_setkey(void *, u_int8_t *, int);
-int  null_setkey(void *, u_int8_t *, int);
+extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t,
+                             caddr_t, caddr_t, int);

-void des3_encrypt(caddr_t, u_int8_t *);
-void blf_encrypt(caddr_t, u_int8_t *);
-void cast5_encrypt(caddr_t, u_int8_t *);
-void aes_encrypt(caddr_t, u_int8_t *);
-void null_encrypt(caddr_t, u_int8_t *);
-void aes_xts_encrypt(caddr_t, u_int8_t *);
+int des_set_key(FAR void *, caddr_t);
+int des3_setkey(FAR void *, FAR uint8_t *, int);
+int blf_setkey(FAR void *, FAR uint8_t *, int);
+int cast5_setkey(FAR void *, FAR uint8_t *, int);
+int aes_setkey_xform(FAR void *, FAR uint8_t *, int);
+int aes_ctr_setkey(FAR void *, FAR uint8_t *, int);
+int aes_xts_setkey(FAR void *, FAR uint8_t *, int);
+int null_setkey(FAR void *, FAR uint8_t *, int);

-void des3_decrypt(caddr_t, u_int8_t *);
-void blf_decrypt(caddr_t, u_int8_t *);
-void cast5_decrypt(caddr_t, u_int8_t *);
-void aes_decrypt(caddr_t, u_int8_t *);
-void null_decrypt(caddr_t, u_int8_t *);
-void aes_xts_decrypt(caddr_t, u_int8_t *);
+void des3_encrypt(caddr_t, FAR uint8_t *);
+void blf_encrypt(caddr_t, FAR uint8_t *);
+void cast5_encrypt(caddr_t, FAR uint8_t *);
+void aes_encrypt_xform(caddr_t, FAR uint8_t *);
+void null_encrypt(caddr_t, FAR uint8_t *);
+void aes_xts_encrypt(caddr_t, FAR uint8_t *);

-void aes_ctr_crypt(caddr_t, u_int8_t *);
+void des3_decrypt(caddr_t, FAR uint8_t *);
+void blf_decrypt(caddr_t, FAR uint8_t *);
+void cast5_decrypt(caddr_t, FAR uint8_t *);
+void aes_decrypt_xform(caddr_t, FAR uint8_t *);
+void null_decrypt(caddr_t, FAR uint8_t *);
+void aes_xts_decrypt(caddr_t, FAR uint8_t *);

-void aes_ctr_reinit(caddr_t, u_int8_t *);
-void aes_xts_reinit(caddr_t, u_int8_t *);
-void aes_gcm_reinit(caddr_t, u_int8_t *);
+void aes_ctr_crypt(caddr_t, FAR uint8_t *);

-int MD5Update_int(void *, const u_int8_t *, u_int16_t);
-int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
-int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
-int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
-int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
-int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
+void aes_ctr_reinit(caddr_t, FAR uint8_t *);
+void aes_xts_reinit(caddr_t, FAR uint8_t *);
+void aes_gcm_reinit(caddr_t, FAR uint8_t *);

-u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
-u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
+int md5update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int sha1update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int rmd160update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int sha256update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int sha384update_int(FAR void *, FAR const uint8_t *, uint16_t);
+int sha512update_int(FAR void *, FAR const uint8_t *, uint16_t);

-struct aes_ctr_ctx {
-	AES_CTX		ac_key;
-	u_int8_t	ac_block[AESCTR_BLOCKSIZE];
+uint32_t deflate_compress(FAR uint8_t *, uint32_t, FAR uint8_t **);
+uint32_t deflate_decompress(FAR uint8_t *, uint32_t, FAR uint8_t **);
+
+struct aes_ctr_ctx
+{
+  AES_CTX ac_key;
+  uint8_t ac_block[AESCTR_BLOCKSIZE];
 };

-struct aes_xts_ctx {
-	rijndael_ctx key1;
-	rijndael_ctx key2;
-	u_int8_t tweak[AES_XTS_BLOCKSIZE];
+struct aes_xts_ctx
+{
+  rijndael_ctx key1;
+  rijndael_ctx key2;
+  uint8_t tweak[AES_XTS_BLOCKSIZE];
 };

 /* Helper */
-void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int);
+
+void aes_xts_crypt(FAR struct aes_xts_ctx *, FAR uint8_t *, u_int);

 /* Encryption instances */
-const struct enc_xform enc_xform_3des = {
-	CRYPTO_3DES_CBC, "3DES",
-	8, 8, 24, 24, 384,
-	des3_encrypt,
-	des3_decrypt,
-	des3_setkey,
-	NULL
+
+const struct enc_xform enc_xform_3des =
+{
+  CRYPTO_3DES_CBC, "3DES",
+  8, 8, 24, 24, 384,
+  des3_encrypt,
+  des3_decrypt,
+  des3_setkey,
+  NULL
 };

-const struct enc_xform enc_xform_blf = {
-	CRYPTO_BLF_CBC, "Blowfish",
-	8, 8, 5, 56 /* 448 bits, max key */,
-	sizeof(blf_ctx),
-	blf_encrypt,
-	blf_decrypt,
-	blf_setkey,
-	NULL
+const struct enc_xform enc_xform_blf =
+{
+  CRYPTO_BLF_CBC, "Blowfish",
+  8, 8, 5, 56 /* 448 bits, max key */,
+  sizeof(blf_ctx),
+  blf_encrypt,
+  blf_decrypt,
+  blf_setkey,
+  NULL
 };

-const struct enc_xform enc_xform_cast5 = {
-	CRYPTO_CAST_CBC, "CAST-128",
-	8, 8, 5, 16,
-	sizeof(cast_key),
-	cast5_encrypt,
-	cast5_decrypt,
-	cast5_setkey,
-	NULL
+const struct enc_xform enc_xform_cast5 =
+{
+  CRYPTO_CAST_CBC, "CAST-128",
+  8, 8, 5, 16,
+  sizeof(cast_key),
+  cast5_encrypt,
+  cast5_decrypt,
+  cast5_setkey,
+  NULL
 };

-const struct enc_xform enc_xform_aes = {
-	CRYPTO_AES_CBC, "AES",
-	16, 16, 16, 32,
-	sizeof(AES_CTX),
-	aes_encrypt,
-	aes_decrypt,
-	aes_setkey,
-	NULL
+const struct enc_xform enc_xform_aes =
+{
+  CRYPTO_AES_CBC, "AES",
+  16, 16, 16, 32,
+  sizeof(AES_CTX),
+  aes_encrypt_xform,
+  aes_decrypt_xform,
+  aes_setkey_xform,
+  NULL
 };

-const struct enc_xform enc_xform_aes_ctr = {
-	CRYPTO_AES_CTR, "AES-CTR",
-	16, 8, 16+4, 32+4,
-	sizeof(struct aes_ctr_ctx),
-	aes_ctr_crypt,
-	aes_ctr_crypt,
-	aes_ctr_setkey,
-	aes_ctr_reinit
+const struct enc_xform enc_xform_aes_ctr =
+{
+  CRYPTO_AES_CTR, "AES-CTR",
+  16, 8, 16 + 4, 32 + 4,
+  sizeof(struct aes_ctr_ctx),
+  aes_ctr_crypt,
+  aes_ctr_crypt,
+  aes_ctr_setkey,
+  aes_ctr_reinit
 };

-const struct enc_xform enc_xform_aes_gcm = {
-	CRYPTO_AES_GCM_16, "AES-GCM",
-	1, 8, 16+4, 32+4,
-	sizeof(struct aes_ctr_ctx),
-	aes_ctr_crypt,
-	aes_ctr_crypt,
-	aes_ctr_setkey,
-	aes_gcm_reinit
+const struct enc_xform enc_xform_aes_gcm =
+{
+  CRYPTO_AES_GCM_16, "AES-GCM",
+  1, 8, 16 + 4, 32 + 4,
+  sizeof(struct aes_ctr_ctx),
+  aes_ctr_crypt,
+  aes_ctr_crypt,
+  aes_ctr_setkey,
+  aes_gcm_reinit
 };

-const struct enc_xform enc_xform_aes_gmac = {
-	CRYPTO_AES_GMAC, "AES-GMAC",
-	1, 8, 16+4, 32+4, 0,
-	NULL,
-	NULL,
-	NULL,
-	NULL
+const struct enc_xform enc_xform_aes_gmac =
+{
+  CRYPTO_AES_GMAC, "AES-GMAC",
+  1, 8, 16 + 4, 32 + 4, 0,
+  NULL,
+  NULL,
+  NULL,
+  NULL
 };

-const struct enc_xform enc_xform_aes_xts = {
-	CRYPTO_AES_XTS, "AES-XTS",
-	16, 8, 32, 64,
-	sizeof(struct aes_xts_ctx),
-	aes_xts_encrypt,
-	aes_xts_decrypt,
-	aes_xts_setkey,
-	aes_xts_reinit
+const struct enc_xform enc_xform_aes_xts =
+{
+  CRYPTO_AES_XTS, "AES-XTS",
+  16, 8, 32, 64,
+  sizeof(struct aes_xts_ctx),
+  aes_xts_encrypt,
+  aes_xts_decrypt,
+  aes_xts_setkey,
+  aes_xts_reinit
 };

-const struct enc_xform enc_xform_chacha20_poly1305 = {
-	CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305",
-	1, 8, 32+4, 32+4,
-	sizeof(struct chacha20_ctx),
-	chacha20_crypt,
-	chacha20_crypt,
-	chacha20_setkey,
-	chacha20_reinit
+const struct enc_xform enc_xform_chacha20_poly1305 =
+{
+  CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305",
+  1, 8, 32 + 4, 32 + 4,
+  sizeof(struct chacha20_ctx),
+  chacha20_crypt,
+  chacha20_crypt,
+  chacha20_setkey,
+  chacha20_reinit
 };

-const struct enc_xform enc_xform_null = {
-	CRYPTO_NULL, "NULL",
-	4, 0, 0, 256, 0,
-	null_encrypt,
-	null_decrypt,
-	null_setkey,
-	NULL
+const struct enc_xform enc_xform_null =
+{
+  CRYPTO_NULL, "NULL",
+  4, 0, 0, 256, 0,
+  null_encrypt,
+  null_decrypt,
+  null_setkey,
+  NULL
 };

 /* Authentication instances */
-const struct auth_hash auth_hash_hmac_md5_96 = {
-	CRYPTO_MD5_HMAC, "HMAC-MD5",
-	16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN,
-	(void (*) (void *)) MD5Init, NULL, NULL,
-	MD5Update_int,
-	(void (*) (u_int8_t *, void *)) MD5Final
+
+const struct auth_hash auth_hash_hmac_md5_96 =
+{
+  CRYPTO_MD5_HMAC, "HMAC-MD5",
+  16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN,
+  (void (*) (FAR void *)) md5init, NULL, NULL,
+  md5update_int,
+  (void (*) (FAR uint8_t *, FAR void *)) md5final
 };

-const struct auth_hash auth_hash_hmac_sha1_96 = {
-	CRYPTO_SHA1_HMAC, "HMAC-SHA1",
-	20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN,
-	(void (*) (void *)) SHA1Init, NULL, NULL,
-	SHA1Update_int,
-	(void (*) (u_int8_t *, void *)) SHA1Final
+const struct auth_hash auth_hash_hmac_sha1_96 =
+{
+  CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+  20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN,
+  (void (*) (FAR void *)) sha1init, NULL, NULL,
+  sha1update_int,
+  (void (*) (FAR uint8_t *, FAR void *)) sha1final
 };

-const struct auth_hash auth_hash_hmac_ripemd_160_96 = {
-	CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
-	20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN,
-	(void (*)(void *)) RMD160Init, NULL, NULL,
-	RMD160Update_int,
-	(void (*)(u_int8_t *, void *)) RMD160Final
+const struct auth_hash auth_hash_hmac_ripemd_160_96 =
+{
+  CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
+  20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN,
+  (void (*)(FAR void *)) rmd160init, NULL, NULL,
+  rmd160update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) rmd160final
 };

-const struct auth_hash auth_hash_hmac_sha2_256_128 = {
-	CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
-	32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN,
-	(void (*)(void *)) SHA256Init, NULL, NULL,
-	SHA256Update_int,
-	(void (*)(u_int8_t *, void *)) SHA256Final
+const struct auth_hash auth_hash_hmac_sha2_256_128 =
+{
+  CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
+  32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN,
+  (void (*)(FAR void *)) sha256init, NULL, NULL,
+  sha256update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) sha256final
 };

-const struct auth_hash auth_hash_hmac_sha2_384_192 = {
-	CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
-	48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
-	(void (*)(void *)) SHA384Init, NULL, NULL,
-	SHA384Update_int,
-	(void (*)(u_int8_t *, void *)) SHA384Final
+const struct auth_hash auth_hash_hmac_sha2_384_192 =
+{
+  CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
+  48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
+  (void (*)(FAR void *)) sha384init, NULL, NULL,
+  sha384update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) sha384final
 };

-const struct auth_hash auth_hash_hmac_sha2_512_256 = {
-	CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
-	64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN,
-	(void (*)(void *)) SHA512Init, NULL, NULL,
-	SHA512Update_int,
-	(void (*)(u_int8_t *, void *)) SHA512Final
+const struct auth_hash auth_hash_hmac_sha2_512_256 =
+{
+  CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
+  64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN,
+  (void (*)(FAR void *)) sha512init, NULL, NULL,
+  sha512update_int,
+  (void (*)(FAR uint8_t *, FAR void *)) sha512final
 };

-const struct auth_hash auth_hash_gmac_aes_128 = {
-	CRYPTO_AES_128_GMAC, "GMAC-AES-128",
-	16+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
-	AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
-	AES_GMAC_Update, AES_GMAC_Final
+const struct auth_hash auth_hash_gmac_aes_128 =
+{
+  CRYPTO_AES_128_GMAC, "GMAC-AES-128",
+  16 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
+  AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
+  aes_gmac_update, aes_gmac_final
 };

-const struct auth_hash auth_hash_gmac_aes_192 = {
-	CRYPTO_AES_192_GMAC, "GMAC-AES-192",
-	24+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
-	AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
-	AES_GMAC_Update, AES_GMAC_Final
+const struct auth_hash auth_hash_gmac_aes_192 =
+{
+  CRYPTO_AES_192_GMAC, "GMAC-AES-192",
+  24 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
+  AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
+  aes_gmac_update, aes_gmac_final
 };

-const struct auth_hash auth_hash_gmac_aes_256 = {
-	CRYPTO_AES_256_GMAC, "GMAC-AES-256",
-	32+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
-	AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
-	AES_GMAC_Update, AES_GMAC_Final
+const struct auth_hash auth_hash_gmac_aes_256 =
+{
+  CRYPTO_AES_256_GMAC, "GMAC-AES-256",
+  32 + 4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
+  AESCTR_BLOCKSIZE, aes_gmac_init, aes_gmac_setkey, aes_gmac_reinit,
+  aes_gmac_update, aes_gmac_final
 };

-const struct auth_hash auth_hash_chacha20_poly1305 = {
-	CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305",
-	CHACHA20_KEYSIZE+CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN,
-	sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN,
-	Chacha20_Poly1305_Init, Chacha20_Poly1305_Setkey,
-	Chacha20_Poly1305_Reinit, Chacha20_Poly1305_Update,
-	Chacha20_Poly1305_Final
+const struct auth_hash auth_hash_chacha20_poly1305 =
+{
+  CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305",
+  CHACHA20_KEYSIZE + CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN,
+  sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN,
+  chacha20_poly1305_init, chacha20_poly1305_setkey,
+  chacha20_poly1305_reinit, chacha20_poly1305_update,
+  chacha20_poly1305_final
 };

 /* Compression instance */
-const struct comp_algo comp_algo_deflate = {
-	CRYPTO_DEFLATE_COMP, "Deflate",
-	90, deflate_compress,
-	deflate_decompress
+
+const struct comp_algo comp_algo_deflate =
+{
+  CRYPTO_DEFLATE_COMP, "Deflate",
+  90, deflate_compress,
+  deflate_decompress
 };

-/*
- * Encryption wrapper routines.
- */
-void
-des3_encrypt(caddr_t key, u_int8_t *blk)
+/* Encryption wrapper routines. */
+
+void des3_encrypt(caddr_t key, FAR uint8_t *blk)
 {
-	des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key, key + 128, key + 256, 1);
+  des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key, key + 128, key + 256, 1);
 }

-void
-des3_decrypt(caddr_t key, u_int8_t *blk)
+void des3_decrypt(caddr_t key, FAR uint8_t *blk)
 {
-	des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key + 256, key + 128, key, 0);
+  des_ecb3_encrypt((caddr_t)blk, (caddr_t)blk, key + 256, key + 128, key, 0);
 }

-int
-des3_setkey(void *sched, u_int8_t *key, int len)
+int des3_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	if (des_set_key(key, sched) < 0 || des_set_key(key + 8, sched + 128)
-	    < 0 || des_set_key(key + 16, sched + 256) < 0)
-		return -1;
+  if (des_set_key(key, sched) < 0 || des_set_key(key + 8, sched + 128)
+      < 0 || des_set_key(key + 16, sched + 256) < 0)
+    {
+      return -1;
+    }

-	return 0;
+  return 0;
 }

-void
-blf_encrypt(caddr_t key, u_int8_t *blk)
+void blf_encrypt(caddr_t key, FAR uint8_t *blk)
 {
-	blf_ecb_encrypt((blf_ctx *) key, blk, 8);
+  blf_ecb_encrypt((FAR blf_ctx *) key, blk, 8);
 }

-void
-blf_decrypt(caddr_t key, u_int8_t *blk)
+void blf_decrypt(caddr_t key, FAR uint8_t *blk)
 {
-	blf_ecb_decrypt((blf_ctx *) key, blk, 8);
+  blf_ecb_decrypt((FAR blf_ctx *) key, blk, 8);
 }

-int
-blf_setkey(void *sched, u_int8_t *key, int len)
+int blf_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	blf_key((blf_ctx *)sched, key, len);
+  blf_key((FAR blf_ctx *)sched, key, len);

-	return 0;
+  return 0;
 }

-int
-null_setkey(void *sched, u_int8_t *key, int len)
+int null_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	return 0;
+  return 0;
 }

-void
-null_encrypt(caddr_t key, u_int8_t *blk)
+void null_encrypt(caddr_t key, FAR uint8_t *blk)
 {
 }

-void
-null_decrypt(caddr_t key, u_int8_t *blk)
+void null_decrypt(caddr_t key, FAR uint8_t *blk)
 {
 }

-void
-cast5_encrypt(caddr_t key, u_int8_t *blk)
+void cast5_encrypt(caddr_t key, FAR uint8_t *blk)
 {
-	cast_encrypt((cast_key *) key, blk, blk);
+  cast_encrypt((FAR cast_key *) key, blk, blk);
 }

-void
-cast5_decrypt(caddr_t key, u_int8_t *blk)
+void cast5_decrypt(caddr_t key, FAR uint8_t *blk)
 {
-	cast_decrypt((cast_key *) key, blk, blk);
+  cast_decrypt((FAR cast_key *) key, blk, blk);
 }

-int
-cast5_setkey(void *sched, u_int8_t *key, int len)
+int cast5_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	cast_setkey((cast_key *)sched, key, len);
+  cast_setkey((FAR cast_key *)sched, key, len);

-	return 0;
+  return 0;
 }

-void
-aes_encrypt(caddr_t key, u_int8_t *blk)
+void aes_encrypt_xform(caddr_t key, FAR uint8_t *blk)
 {
-	AES_Encrypt((AES_CTX *)key, blk, blk);
+  aes_encrypt((FAR AES_CTX *)key, blk, blk);
 }

-void
-aes_decrypt(caddr_t key, u_int8_t *blk)
+void aes_decrypt_xform(caddr_t key, FAR uint8_t *blk)
 {
-	AES_Decrypt((AES_CTX *)key, blk, blk);
+  aes_decrypt((FAR AES_CTX *)key, blk, blk);
 }

-int
-aes_setkey(void *sched, u_int8_t *key, int len)
+int aes_setkey_xform(FAR void *sched, FAR uint8_t *key, int len)
 {
-	return AES_Setkey((AES_CTX *)sched, key, len);
+  return aes_setkey((FAR AES_CTX *)sched, key, len);
 }

-void
-aes_ctr_reinit(caddr_t key, u_int8_t *iv)
+void aes_ctr_reinit(caddr_t key, FAR uint8_t *iv)
 {
-	struct aes_ctr_ctx *ctx;
+  FAR struct aes_ctr_ctx *ctx;

-	ctx = (struct aes_ctr_ctx *)key;
-	bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
+  ctx = (FAR struct aes_ctr_ctx *)key;
+  bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);

-	/* reset counter */
-	bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
+  /* reset counter */
+
+  bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
 }

-void
-aes_gcm_reinit(caddr_t key, u_int8_t *iv)
+void aes_gcm_reinit(caddr_t key, FAR uint8_t *iv)
 {
-	struct aes_ctr_ctx *ctx;
+  FAR struct aes_ctr_ctx *ctx;

-	ctx = (struct aes_ctr_ctx *)key;
-	bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
+  ctx = (FAR struct aes_ctr_ctx *)key;
+  bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);

-	/* reset counter */
-	bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
-	ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
+  /* reset counter */
+
+  bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
+  ctx->ac_block[AESCTR_BLOCKSIZE - 1] = 1; /* GCM starts with 1 */
 }

-void
-aes_ctr_crypt(caddr_t key, u_int8_t *data)
+void aes_ctr_crypt(caddr_t key, FAR uint8_t *data)
 {
-	struct aes_ctr_ctx *ctx;
-	u_int8_t keystream[AESCTR_BLOCKSIZE];
-	int i;
+  FAR struct aes_ctr_ctx *ctx;
+  uint8_t keystream[AESCTR_BLOCKSIZE];
+  int i;

-	ctx = (struct aes_ctr_ctx *)key;
-	/* increment counter */
-	for (i = AESCTR_BLOCKSIZE - 1;
-	     i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
-		if (++ctx->ac_block[i])   /* continue on overflow */
-			break;
-	AES_Encrypt(&ctx->ac_key, ctx->ac_block, keystream);
-	for (i = 0; i < AESCTR_BLOCKSIZE; i++)
-		data[i] ^= keystream[i];
-	explicit_bzero(keystream, sizeof(keystream));
+  ctx = (FAR struct aes_ctr_ctx *)key;
+
+  /* increment counter */
+
+  for (i = AESCTR_BLOCKSIZE - 1;
+        i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
+    {
+      if (++ctx->ac_block[i])   /* continue on overflow */
+        {
+          break;
+        }
+    }
+
+  aes_encrypt(&ctx->ac_key, ctx->ac_block, keystream);
+  for (i = 0; i < AESCTR_BLOCKSIZE; i++)
+    {
+      data[i] ^= keystream[i];
+    }
+
+  explicit_bzero(keystream, sizeof(keystream));
 }

-int
-aes_ctr_setkey(void *sched, u_int8_t *key, int len)
+int aes_ctr_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	struct aes_ctr_ctx *ctx;
+  FAR struct aes_ctr_ctx *ctx;

-	if (len < AESCTR_NONCESIZE)
-		return -1;
+  if (len < AESCTR_NONCESIZE)
+    {
+      return -1;
+    }

-	ctx = (struct aes_ctr_ctx *)sched;
-	if (AES_Setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0)
-		return -1;
-	bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
-	return 0;
+  ctx = (FAR struct aes_ctr_ctx *)sched;
+  if (aes_setkey(&ctx->ac_key, key, len - AESCTR_NONCESIZE) != 0)
+    {
+      return -1;
+    }
+
+  bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
+  return 0;
 }

-void
-aes_xts_reinit(caddr_t key, u_int8_t *iv)
+void aes_xts_reinit(caddr_t key, FAR uint8_t *iv)
 {
-	struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
-	u_int64_t blocknum;
-	u_int i;
+  FAR struct aes_xts_ctx *ctx = (FAR struct aes_xts_ctx *)key;
+  uint64_t blocknum;
+  u_int i;

-	/*
-	 * Prepare tweak as E_k2(IV). IV is specified as LE representation
-	 * of a 64-bit block number which we allow to be passed in directly.
-	 */
-	memcpy(&blocknum, iv, AES_XTS_IVSIZE);
-	for (i = 0; i < AES_XTS_IVSIZE; i++) {
-		ctx->tweak[i] = blocknum & 0xff;
-		blocknum >>= 8;
-	}
-	/* Last 64 bits of IV are always zero */
-	bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
+  /* Prepare tweak as E_k2(IV). IV is specified as LE representation
+   * of a 64-bit block number which we allow to be passed in directly.
+   */

-	rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
+  memcpy(&blocknum, iv, AES_XTS_IVSIZE);
+  for (i = 0; i < AES_XTS_IVSIZE; i++)
+    {
+      ctx->tweak[i] = blocknum & 0xff;
+      blocknum >>= 8;
+    }
+
+  /* Last 64 bits of IV are always zero */
+
+  bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
+
+  rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
 }

-void
-aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
+void aes_xts_crypt(FAR struct aes_xts_ctx *ctx,
+                   FAR uint8_t *data,
+                   u_int do_encrypt)
 {
-	u_int8_t block[AES_XTS_BLOCKSIZE];
-	u_int i, carry_in, carry_out;
+  uint8_t block[AES_XTS_BLOCKSIZE];
+  u_int i;
+  u_int carry_in;
+  u_int carry_out;

-	for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
-		block[i] = data[i] ^ ctx->tweak[i];
+  for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
+    {
+      block[i] = data[i] ^ ctx->tweak[i];
+    }

-	if (do_encrypt)
-		rijndael_encrypt(&ctx->key1, block, data);
-	else
-		rijndael_decrypt(&ctx->key1, block, data);
+  if (do_encrypt)
+    {
+      rijndael_encrypt(&ctx->key1, block, data);
+    }
+  else
+    {
+      rijndael_decrypt(&ctx->key1, block, data);
+    }

-	for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
-		data[i] ^= ctx->tweak[i];
+  for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
+    {
+      data[i] ^= ctx->tweak[i];
+    }

-	/* Exponentiate tweak */
-	carry_in = 0;
-	for (i = 0; i < AES_XTS_BLOCKSIZE; i++) {
-		carry_out = ctx->tweak[i] & 0x80;
-		ctx->tweak[i] = (ctx->tweak[i] << 1) | carry_in;
-		carry_in = carry_out >> 7;
-	}
-	ctx->tweak[0] ^= (AES_XTS_ALPHA & -carry_in);
-	explicit_bzero(block, sizeof(block));
+  /* Exponentiate tweak */
+
+  carry_in = 0;
+  for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
+    {
+      carry_out = ctx->tweak[i] & 0x80;
+      ctx->tweak[i] = (ctx->tweak[i] << 1) | carry_in;
+      carry_in = carry_out >> 7;
+    }
+
+  ctx->tweak[0] ^= (AES_XTS_ALPHA & -carry_in);
+  explicit_bzero(block, sizeof(block));
 }

-void
-aes_xts_encrypt(caddr_t key, u_int8_t *data)
+void aes_xts_encrypt(caddr_t key, FAR uint8_t *data)
 {
-	aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
+  aes_xts_crypt((FAR struct aes_xts_ctx *)key, data, 1);
 }

-void
-aes_xts_decrypt(caddr_t key, u_int8_t *data)
+void aes_xts_decrypt(caddr_t key, FAR uint8_t *data)
 {
-	aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
+  aes_xts_crypt((FAR struct aes_xts_ctx *)key, data, 0);
 }

-int
-aes_xts_setkey(void *sched, u_int8_t *key, int len)
+int aes_xts_setkey(FAR void *sched, FAR uint8_t *key, int len)
 {
-	struct aes_xts_ctx *ctx;
+  FAR struct aes_xts_ctx *ctx;

-	if (len != 32 && len != 64)
-		return -1;
+  if (len != 32 && len != 64)
+    {
+      return -1;
+    }

-	ctx = (struct aes_xts_ctx *)sched;
+  ctx = (FAR struct aes_xts_ctx *)sched;

-	rijndael_set_key(&ctx->key1, key, len * 4);
-	rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
+  rijndael_set_key(&ctx->key1, key, len * 4);
+  rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);

-	return 0;
+  return 0;
 }

-/*
- * And now for auth.
- */
+/* And now for auth. */

-int
-RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int rmd160update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	RMD160Update(ctx, buf, len);
-	return 0;
+  rmd160update(ctx, buf, len);
+  return 0;
 }

-int
-MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int md5update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	MD5Update(ctx, buf, len);
-	return 0;
+  md5update(ctx, buf, len);
+  return 0;
 }

-int
-SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int sha1update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	SHA1Update(ctx, buf, len);
-	return 0;
+  sha1update(ctx, buf, len);
+  return 0;
 }

-int
-SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int sha256update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	SHA256Update(ctx, buf, len);
-	return 0;
+  sha256update(ctx, buf, len);
+  return 0;
 }

-int
-SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int sha384update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	SHA384Update(ctx, buf, len);
-	return 0;
+  sha384update(ctx, buf, len);
+  return 0;
 }

-int
-SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
+int sha512update_int(FAR void *ctx, FAR const uint8_t *buf, uint16_t len)
 {
-	SHA512Update(ctx, buf, len);
-	return 0;
+  sha512update(ctx, buf, len);
+  return 0;
 }

+uint32_t deflate_global(FAR uint8_t *, uint32_t, int, FAR uint8_t **);

-u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
-
-struct deflate_buf {
-        u_int8_t *out;
-        u_int32_t size;
-        int flag;
+struct deflate_buf
+{
+  FAR uint8_t *out;
+  uint32_t size;
+  int flag;
 };

-/*
- * And compression
- */
+/* And compression */

-u_int32_t
-deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out)
+uint32_t deflate_compress(FAR uint8_t *data,
+                          uint32_t size,
+                          FAR uint8_t **out)
 {
-	return deflate_global(data, size, 0, out);
+  return deflate_global(data, size, 0, out);
 }

-u_int32_t
-deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
+uint32_t deflate_decompress(FAR uint8_t *data,
+                            uint32_t size,
+                            FAR uint8_t **out)
 {
-	return deflate_global(data, size, 1, out);
+  return deflate_global(data, size, 1, out);
 }
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@ -1,5 +1,7 @@
-/*	$OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * include/crypto/aes.h
+ * $OpenBSD: aes.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
+ *
 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
 * Copyright (c) 2016 Mike Belopuhov
 *
@ -22,29 +24,32 @@
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
- */
+ ****************************************************************************/

-#ifndef _AES_H_
-#define _AES_H_
+#ifndef __INCLUDE_CRYPTO_AES_H
+#define __INCLUDE_CRYPTO_AES_H

 #ifndef AES_MAXROUNDS
-#define AES_MAXROUNDS	(14)
+#  define AES_MAXROUNDS (14)
 #endif

-typedef struct aes_ctx {
-	uint32_t sk[60];
-	uint32_t sk_exp[120];
+typedef struct aes_ctx
+{
+  uint32_t sk[60];
+  uint32_t sk_exp[120];

-	unsigned num_rounds;
+  unsigned num_rounds;
 } AES_CTX;

-int	AES_Setkey(AES_CTX *, const uint8_t *, int);
-void	AES_Encrypt(AES_CTX *, const uint8_t *, uint8_t *);
-void	AES_Decrypt(AES_CTX *, const uint8_t *, uint8_t *);
-void	AES_Encrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
-void	AES_Decrypt_ECB(AES_CTX *, const uint8_t *, uint8_t *, size_t);
+int aes_setkey(FAR AES_CTX *, FAR const uint8_t *, int);
+void aes_encrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_decrypt(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *);
+void aes_encrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
+                     size_t);
+void aes_decrypt_ecb(FAR AES_CTX *, FAR const uint8_t *, FAR uint8_t *,
+                     size_t);

-int	AES_KeySetup_Encrypt(uint32_t *, const uint8_t *, int);
-int	AES_KeySetup_Decrypt(uint32_t *, const uint8_t *, int);
+int aes_keysetup_encrypt(FAR uint32_t *, FAR const uint8_t *, int);
+int aes_keysetup_decrypt(FAR uint32_t *, FAR const uint8_t *, int);

-#endif	/* _AES_H_ */
+#endif /* __INCLUDE_CRYPTO_AES_H */
--- a/include/crypto/blf.h
+++ b/include/crypto/blf.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/blf.h
+ * $OpenBSD: blf.h,v 1.7 2021/11/29 01:04:45 djm Exp $
+ *
 * Blowfish - a fast block cipher designed by Bruce Schneier
 *
 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@ -27,10 +28,10 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+ ****************************************************************************/

-#ifndef _BLF_H_
-#define _BLF_H_
+#ifndef __INCLUDE_CRYPTO_BLF_H
+#define __INCLUDE_CRYPTO_BLF_H

 /* Schneier states the maximum key length to be 56 bytes.
 * The way how the subkeys are initialized by the key up
@ -39,41 +40,48 @@
 * of the key affect all cipherbits.
 */

-#define BLF_N	16			/* Number of Subkeys */
-#define BLF_MAXKEYLEN ((BLF_N-2)*4)	/* 448 bits */
-#define BLF_MAXUTILIZED ((BLF_N+2)*4)	/* 576 bits */
+#define BLF_N 16                          /* Number of Subkeys */
+#define BLF_MAXKEYLEN ((BLF_N - 2) * 4)   /* 448 bits */
+#define BLF_MAXUTILIZED ((BLF_N + 2) * 4) /* 576 bits */

 /* Blowfish context */
-typedef struct BlowfishContext {
-	u_int32_t S[4][256];	/* S-Boxes */
-	u_int32_t P[BLF_N + 2];	/* Subkeys */
-} blf_ctx;
+
+typedef struct blowfishcontext
+{
+  uint32_t S[4][256];     /* S-Boxes */
+  uint32_t P[BLF_N + 2];  /* Subkeys */
+}
+blf_ctx;

 /* Raw access to customized Blowfish
- *	blf_key is just:
- *	Blowfish_initstate( state )
- *	Blowfish_expand0state( state, key, keylen )
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
 */

-void Blowfish_encipher(blf_ctx *, u_int32_t *);
-void Blowfish_decipher(blf_ctx *, u_int32_t *);
-void Blowfish_initstate(blf_ctx *);
-void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
-void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
+void blowfish_encipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_decipher(FAR blf_ctx *, FAR uint32_t *);
+void blowfish_initstate(FAR blf_ctx *);
+void blowfish_expand0state(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blowfish_expandstate(FAR blf_ctx *, FAR const uint8_t *,
+                          uint16_t, FAR const uint8_t *, uint16_t);

 /* Standard Blowfish */

-void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
-void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
-void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
+void blf_key(FAR blf_ctx *, FAR const uint8_t *, uint16_t);
+void blf_enc(FAR blf_ctx *, FAR uint32_t *, uint16_t);
+void blf_dec(FAR blf_ctx *, FAR uint32_t *, uint16_t);

-/* Converts u_int8_t to u_int32_t */
-u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t ,
-				    u_int16_t *);
+/* Converts uint8_t to uint32_t */

-void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
-void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
+uint32_t blowfish_stream2word(FAR const uint8_t *, uint16_t,
+                              FAR uint16_t *);

-void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
-void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
-#endif
+void blf_ecb_encrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+void blf_ecb_decrypt(FAR blf_ctx *, FAR uint8_t *, uint32_t);
+
+void blf_cbc_encrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
+                     uint32_t);
+void blf_cbc_decrypt(FAR blf_ctx *, FAR uint8_t *, FAR uint8_t *,
+                     uint32_t);
+#endif /* __INCLUDE_CRYPTO_BLF_H */
--- a/include/crypto/cast.h
+++ b/include/crypto/cast.h
@ -1,22 +1,28 @@
-/*      $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $       */
+/****************************************************************************
+ * include/crypto/cast.h
+ * $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $
+ *
+ * CAST-128 in C
+ * Written by Steve Reid <sreid@sea-to-sky.net>
+ * 100% Public Domain - no warranty
+ * Released 1997.10.11
+ ****************************************************************************/

-/*
- *	CAST-128 in C
- *	Written by Steve Reid <sreid@sea-to-sky.net>
- *	100% Public Domain - no warranty
- *	Released 1997.10.11
- */
+#ifndef __INCLUDE_CRYPTO_CAST_H
+#define __INCLUDE_CRYPTO_CAST_H

-#ifndef _CAST_H_
-#define _CAST_H_
-
-typedef struct {
-	u_int32_t	xkey[32];	/* Key, after expansion */
-	int		rounds;		/* Number of rounds to use, 12 or 16 */
+typedef struct
+{
+  uint32_t xkey[32]; /* Key, after expansion */
+  int rounds;        /* Number of rounds to use, 12 or 16 */
 } cast_key;

-void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
-void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
-void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+void cast_setkey(FAR cast_key *key, FAR uint8_t *rawkey, int keybytes);
+void cast_encrypt(FAR cast_key *key,
+                  FAR uint8_t *inblock,
+                  FAR uint8_t *outblock);
+void cast_decrypt(FAR cast_key *key,
+                  FAR uint8_t *inblock,
+                  FAR uint8_t *outblock);

-#endif /* ifndef _CAST_H_ */
+#endif /* __INCLUDE_CRYPTO_CAST_H */
--- a/include/crypto/chachapoly.h
+++ b/include/crypto/chachapoly.h
@ -1,5 +1,6 @@
-/*	$OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * include/crypto/chachapoly.h
+ * $OpenBSD: chachapoly.h,v 1.4 2020/07/22 13:54:30 tobhe Exp $
 * Copyright (c) 2015 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -13,74 +14,85 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/

-#ifndef _CHACHAPOLY_H_
-#define _CHACHAPOLY_H_
+#ifndef __INCLUDE_CRYPTO_CHACHAPOLY_H
+#define __INCLUDE_CRYPTO_CHACHAPOLY_H

-#define CHACHA20_KEYSIZE	32
-#define CHACHA20_CTR		4
-#define CHACHA20_SALT		4
-#define CHACHA20_NONCE		8
-#define CHACHA20_BLOCK_LEN	64
+#define CHACHA20_KEYSIZE   32
+#define CHACHA20_CTR       4
+#define CHACHA20_SALT      4
+#define CHACHA20_NONCE     8
+#define CHACHA20_BLOCK_LEN 64

-struct chacha20_ctx {
-	uint8_t			block[CHACHA20_BLOCK_LEN];
-	uint8_t			nonce[CHACHA20_NONCE];
+struct chacha20_ctx
+{
+  uint8_t block[CHACHA20_BLOCK_LEN];
+  uint8_t nonce[CHACHA20_NONCE];
 };

-int	chacha20_setkey(void *, u_int8_t *, int);
-void	chacha20_reinit(caddr_t, u_int8_t *);
-void	chacha20_crypt(caddr_t, u_int8_t *);
+int chacha20_setkey(FAR void *, FAR uint8_t *, int);
+void chacha20_reinit(caddr_t, FAR uint8_t *);
+void chacha20_crypt(caddr_t, FAR uint8_t *);

+#define POLY1305_KEYLEN 32
+#define POLY1305_TAGLEN 16
+#define POLY1305_BLOCK_LEN 16

-#define POLY1305_KEYLEN		32
-#define POLY1305_TAGLEN		16
-#define POLY1305_BLOCK_LEN	16
+struct poly1305_ctx
+{
+  /* r, h, pad, leftover */

-struct poly1305_ctx {
-	/* r, h, pad, leftover */
-	unsigned long		state[5+5+4];
-	size_t			leftover;
-	unsigned char		buffer[POLY1305_BLOCK_LEN];
-	unsigned char		final;
+  unsigned long state[5 + 5 + 4];
+  size_t leftover;
+  unsigned char buffer[POLY1305_BLOCK_LEN];
+  unsigned char final;
 };

-typedef struct {
-	uint8_t			key[POLY1305_KEYLEN];
-	/* counter, salt */
-	uint8_t			nonce[CHACHA20_NONCE];
-	struct chacha20_ctx	chacha;
-	struct poly1305_ctx	poly;
-} CHACHA20_POLY1305_CTX;
+typedef struct
+{
+  uint8_t key[POLY1305_KEYLEN];

-void	Chacha20_Poly1305_Init(void *);
-void	Chacha20_Poly1305_Setkey(void *, const uint8_t *, uint16_t);
-void	Chacha20_Poly1305_Reinit(void *, const uint8_t *, uint16_t);
-int	Chacha20_Poly1305_Update(void *, const uint8_t *, uint16_t);
-void	Chacha20_Poly1305_Final(uint8_t[POLY1305_TAGLEN], void *);
+  /* counter, salt */
+
+  uint8_t nonce[CHACHA20_NONCE];
+  struct chacha20_ctx chacha;
+  struct poly1305_ctx poly;
+}
+CHACHA20_POLY1305_CTX;
+
+void chacha20_poly1305_init(FAR void *);
+void chacha20_poly1305_setkey(FAR void *, FAR const uint8_t *, uint16_t);
+void chacha20_poly1305_reinit(FAR void *, FAR const uint8_t *, uint16_t);
+int chacha20_poly1305_update(FAR void *, FAR const uint8_t *, uint16_t);
+void chacha20_poly1305_final(FAR uint8_t *, FAR void *);

 /* WireGuard crypto */
-#define CHACHA20POLY1305_KEY_SIZE	CHACHA20_KEYSIZE
-#define CHACHA20POLY1305_AUTHTAG_SIZE	POLY1305_TAGLEN
-#define XCHACHA20POLY1305_NONCE_SIZE	24

-void chacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
-	const uint8_t *, const size_t,	const uint64_t,
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+#define CHACHA20POLY1305_KEY_SIZE CHACHA20_KEYSIZE
+#define CHACHA20POLY1305_AUTHTAG_SIZE POLY1305_TAGLEN
+#define XCHACHA20POLY1305_NONCE_SIZE 24

-int chacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
-	const uint8_t *, const size_t, const uint64_t,
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+void chacha20poly1305_encrypt(
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
+  FAR const uint8_t *, const size_t, const uint64_t,
+  FAR const uint8_t *);

-void xchacha20poly1305_encrypt(uint8_t *, const uint8_t *, const size_t,
-	const uint8_t *, const size_t,
-	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+int chacha20poly1305_decrypt(
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
+  FAR const uint8_t *, const size_t, const uint64_t,
+  FAR const uint8_t *);

-int xchacha20poly1305_decrypt(uint8_t *, const uint8_t *, const size_t,
-	const uint8_t *, const size_t,
-	const uint8_t[XCHACHA20POLY1305_NONCE_SIZE],
-	const uint8_t[CHACHA20POLY1305_KEY_SIZE]);
+void xchacha20poly1305_encrypt(
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
+  FAR const uint8_t *, const size_t,
+  FAR const uint8_t *,
+  FAR const uint8_t *);

-#endif	/* _CHACHAPOLY_H_ */
+int xchacha20poly1305_decrypt(
+  FAR uint8_t *, FAR const uint8_t *, const size_t,
+  FAR const uint8_t *, const size_t,
+  FAR const uint8_t *,
+  FAR const uint8_t *);
+
+#endif /* __INCLUDE_CRYPTO_CHACHAPOLY_H */
--- a/include/crypto/cmac.h
+++ b/include/crypto/cmac.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
-
-/*-
+/****************************************************************************
+ * include/crypto/cmac.h
+ * $OpenBSD: cmac.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
+ *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,28 +15,26 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-#ifndef _CMAC_H_
-#define _CMAC_H_
+#ifndef __INCLUDE_CRYPTO_CMAC_H_
+#define __INCLUDE_CRYPTO_CMAC_H_

 #define AES_CMAC_KEY_LENGTH	16
 #define AES_CMAC_DIGEST_LENGTH	16

-typedef struct _AES_CMAC_CTX {
-	AES_CTX		aesctx;
-	u_int8_t	X[16];
-	u_int8_t	M_last[16];
-	u_int		M_n;
+typedef struct _AES_CMAC_CTX
+{
+  AES_CTX aesctx;
+  u_int8_t X[16];
+  u_int8_t m_last[16];
+  u_int m_n;
 } AES_CMAC_CTX;

-__BEGIN_DECLS
-void	 AES_CMAC_Init(AES_CMAC_CTX *);
-void	 AES_CMAC_SetKey(AES_CMAC_CTX *, const u_int8_t [AES_CMAC_KEY_LENGTH]);
-void	 AES_CMAC_Update(AES_CMAC_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 AES_CMAC_Final(u_int8_t [AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *)
-		__attribute__((__bounded__(__minbytes__,1,AES_CMAC_DIGEST_LENGTH)));
-__END_DECLS
+void aes_cmac_init(FAR AES_CMAC_CTX *);
+void aes_cmac_setkey(FAR AES_CMAC_CTX *, FAR const u_int8_t *);
+void aes_cmac_update(FAR AES_CMAC_CTX *, FAR const u_int8_t *, u_int);
+void aes_cmac_final(FAR u_int8_t *, FAR AES_CMAC_CTX *);

-#endif /* _CMAC_H_ */
+#endif /* __INCLUDE_CRYPTO_CMAC_H_ */
--- a/include/crypto/cryptodev.h
+++ b/include/crypto/cryptodev.h
@ -1,6 +1,6 @@
-/*	$OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/cryptodev.h
+ * $OpenBSD: cryptodev.h,v 1.58 2013/10/31 10:32:38 mikeb Exp $
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
 *
 * This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -47,294 +47,316 @@
 * Agency (DARPA) and Air Force Research Laboratory, Air Force
 * Materiel Command, USAF, under agreement number F30602-01-2-0537.
 *
- */
+ ****************************************************************************/
+#ifndef __INCLUDE_CRYPTO_CRYPTODEV_H
+#define __INCLUDE_CRYPTO_CRYPTODEV_H

-#ifndef _CRYPTO_CRYPTO_H_
-#define _CRYPTO_CRYPTO_H_
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <sys/ioccom.h>
 #include <sys/task.h>

 /* Some initial values */
-#define CRYPTO_DRIVERS_INITIAL	4
-#define CRYPTO_DRIVERS_MAX	128
-#define CRYPTO_SW_SESSIONS	32
+
+#define CRYPTO_DRIVERS_INITIAL 4
+#define CRYPTO_DRIVERS_MAX 128
+#define CRYPTO_SW_SESSIONS 32

 /* HMAC values */
-#define HMAC_MD5_BLOCK_LEN	64
-#define HMAC_SHA1_BLOCK_LEN	64
+#define HMAC_MD5_BLOCK_LEN       64
+#define HMAC_SHA1_BLOCK_LEN      64
 #define HMAC_RIPEMD160_BLOCK_LEN 64
-#define HMAC_SHA2_256_BLOCK_LEN	64
-#define HMAC_SHA2_384_BLOCK_LEN	128
-#define HMAC_SHA2_512_BLOCK_LEN	128
-#define HMAC_MAX_BLOCK_LEN	HMAC_SHA2_512_BLOCK_LEN	/* keep in sync */
-#define HMAC_IPAD_VAL		0x36
-#define HMAC_OPAD_VAL		0x5C
+#define HMAC_SHA2_256_BLOCK_LEN  64
+#define HMAC_SHA2_384_BLOCK_LEN  128
+#define HMAC_SHA2_512_BLOCK_LEN  128
+#define HMAC_MAX_BLOCK_LEN       HMAC_SHA2_512_BLOCK_LEN
+
+/* keep in sync */
+
+#define HMAC_IPAD_VAL            0x36
+#define HMAC_OPAD_VAL            0x5C

 /* Encryption algorithm block sizes */
-#define DES_BLOCK_LEN		8
-#define DES3_BLOCK_LEN		8
-#define BLOWFISH_BLOCK_LEN	8
-#define CAST128_BLOCK_LEN	8
-#define RIJNDAEL128_BLOCK_LEN	16
-#define EALG_MAX_BLOCK_LEN	16 /* Keep this updated */
+
+#define DES_BLOCK_LEN         8
+#define DES3_BLOCK_LEN        8
+#define BLOWFISH_BLOCK_LEN    8
+#define CAST128_BLOCK_LEN     8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define EALG_MAX_BLOCK_LEN    16
+
+/* Keep this updated */

 /* Maximum hash algorithm result length */
-#define AALG_MAX_RESULT_LEN	64 /* Keep this updated */
+#define AALG_MAX_RESULT_LEN     64 /* Keep this updated */

-#define CRYPTO_3DES_CBC		1
-#define CRYPTO_BLF_CBC		2
-#define CRYPTO_CAST_CBC		3
-#define CRYPTO_MD5_HMAC		4
-#define CRYPTO_SHA1_HMAC	5
-#define CRYPTO_RIPEMD160_HMAC	6
-#define CRYPTO_RIJNDAEL128_CBC	7 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC		7 /* 128 bit blocksize -- the same as above */
-#define CRYPTO_DEFLATE_COMP	8 /* Deflate compression algorithm */
-#define CRYPTO_NULL		9
-#define CRYPTO_SHA2_256_HMAC	11
-#define CRYPTO_SHA2_384_HMAC	12
-#define CRYPTO_SHA2_512_HMAC	13
-#define CRYPTO_AES_CTR		14
-#define CRYPTO_AES_XTS		15
-#define CRYPTO_AES_GCM_16	16
-#define CRYPTO_AES_128_GMAC	17
-#define CRYPTO_AES_192_GMAC	18
-#define CRYPTO_AES_256_GMAC	19
-#define CRYPTO_AES_GMAC		20
-#define CRYPTO_CHACHA20_POLY1305	21
-#define CRYPTO_CHACHA20_POLY1305_MAC	22
-#define CRYPTO_ESN		23 /* Support for Extended Sequence Numbers */
-#define CRYPTO_ALGORITHM_MAX	23 /* Keep updated */
+#define CRYPTO_3DES_CBC         1
+#define CRYPTO_BLF_CBC          2
+#define CRYPTO_CAST_CBC         3
+#define CRYPTO_MD5_HMAC         4
+#define CRYPTO_SHA1_HMAC        5
+#define CRYPTO_RIPEMD160_HMAC   6
+#define CRYPTO_RIJNDAEL128_CBC  7 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC          7 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_DEFLATE_COMP     8 /* Deflate compression algorithm */
+#define CRYPTO_NULL             9
+#define CRYPTO_SHA2_256_HMAC    11
+#define CRYPTO_SHA2_384_HMAC    12
+#define CRYPTO_SHA2_512_HMAC    13
+#define CRYPTO_AES_CTR          14
+#define CRYPTO_AES_XTS          15
+#define CRYPTO_AES_GCM_16       16
+#define CRYPTO_AES_128_GMAC     17
+#define CRYPTO_AES_192_GMAC     18
+#define CRYPTO_AES_256_GMAC     19
+#define CRYPTO_AES_GMAC         20
+#define CRYPTO_CHACHA20_POLY1305 21
+#define CRYPTO_CHACHA20_POLY1305_MAC 22
+#define CRYPTO_ESN              23 /* Support for Extended Sequence Numbers */
+#define CRYPTO_ALGORITHM_MAX    23 /* Keep updated */

 /* Algorithm flags */
-#define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
-#define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
-#define	CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
+
+#define	CRYPTO_ALG_FLAG_SUPPORTED   0x01 /* Algorithm is supported */
+#define	CRYPTO_ALG_FLAG_RNG_ENABLE  0x02 /* Has HW RNG for DH/DSA */
+#define	CRYPTO_ALG_FLAG_DSA_SHA     0x04 /* Can do SHA on msg */

 /* Standard initialization structure beginning */
-struct cryptoini {
-	int		cri_alg;	/* Algorithm to use */
-	int		cri_klen;	/* Key length, in bits */
-	int		cri_rnd;	/* Algorithm rounds, where relevant */
-	caddr_t		cri_key;	/* key to use */
-	union {
-		u_int8_t	iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
-		u_int8_t	esn[4];			/* high-order ESN */
-	} u;
-#define cri_iv		u.iv
-#define cri_esn		u.esn
-	struct cryptoini *cri_next;
+
+struct cryptoini
+{
+  int cri_alg;       /* Algorithm to use */
+  int cri_klen;      /* Key length, in bits */
+  int cri_rnd;       /* Algorithm rounds, where relevant */
+  caddr_t cri_key;   /* key to use */
+  union
+  {
+    uint8_t iv[EALG_MAX_BLOCK_LEN];  /* IV to use */
+    uint8_t esn[4];                  /* high-order ESN */
+  } u;
+  #define cri_iv u.iv
+  #define cri_esn u.esn
+  FAR struct cryptoini *cri_next;
 };

 /* Describe boundaries of a single crypto operation */
-struct cryptodesc {
-	int		crd_skip;	/* How many bytes to ignore from start */
-	int		crd_len;	/* How many bytes to process */
-	int		crd_inject;	/* Where to inject results, if applicable */
-	int		crd_flags;

-#define	CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
-#define	CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
-					   place, so don't copy. */
-#define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
-#define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
-#define CRD_F_COMP		0x10    /* Set when doing compression */
-#define CRD_F_ESN		0x20	/* Set when ESN field is provided */
+struct cryptodesc
+{
+  int crd_skip;   /* How many bytes to ignore from start */
+  int crd_len;    /* How many bytes to process */
+  int crd_inject; /* Where to inject results, if applicable */
+  int crd_flags;

-	struct cryptoini	CRD_INI; /* Initialization/context data */
-#define crd_esn		CRD_INI.cri_esn
-#define crd_iv		CRD_INI.cri_iv
-#define crd_key		CRD_INI.cri_key
-#define crd_rnd		CRD_INI.cri_rnd
-#define crd_alg		CRD_INI.cri_alg
-#define crd_klen	CRD_INI.cri_klen
+  #define CRD_F_ENCRYPT 0x01       /* Set when doing encryption */
+  #define CRD_F_IV_PRESENT 0x02    /* When encrypting, IV is already in
+                                    * place, so don't copy.
+                                    */
+  #define CRD_F_IV_EXPLICIT 0x04   /* IV explicitly provided */
+  #define CRD_F_COMP 0x10          /* Set when doing compression */
+  #define CRD_F_ESN 0x20           /* Set when ESN field is provided */

-	struct cryptodesc *crd_next;
+  struct cryptoini CRD_INI; /* Initialization/context data */
+  #define crd_esn CRD_INI.cri_esn
+  #define crd_iv CRD_INI.cri_iv
+  #define crd_key CRD_INI.cri_key
+  #define crd_rnd CRD_INI.cri_rnd
+  #define crd_alg CRD_INI.cri_alg
+  #define crd_klen CRD_INI.cri_klen
+
+  FAR struct cryptodesc *crd_next;
 };

 /* Structure describing complete operation */
-struct cryptop {
-	struct task	crp_task;

-	u_int64_t	crp_sid;	/* Session ID */
-	int		crp_ilen;	/* Input data total length */
-	int		crp_olen;	/* Result total length */
-	int		crp_alloctype;	/* Type of buf to allocate if needed */
+struct cryptop
+{
+  struct task crp_task;
+  uint64_t crp_sid;  /* Session ID */
+  int crp_ilen;      /* Input data total length */
+  int crp_olen;      /* Result total length */
+  int crp_alloctype; /* Type of buf to allocate if needed */
+  int crp_etype;     /* Error type (zero means no error).
+                      * All error codes except EAGAIN
+                      * indicate possible data corruption (as in,
+                      * the data have been touched). On all
+                      * errors, the crp_sid may have changed
+                      * (reset to a new one), so the caller
+                      * should always check and use the new
+                      * value on future requests.
+                      */
+  int crp_flags;

-	int		crp_etype;	/*
-					 * Error type (zero means no error).
-					 * All error codes except EAGAIN
-					 * indicate possible data corruption (as in,
-					 * the data have been touched). On all
-					 * errors, the crp_sid may have changed
-					 * (reset to a new one), so the caller
-					 * should always check and use the new
-					 * value on future requests.
-					 */
-	int		crp_flags;
+#define CRYPTO_F_IMBUF 0x0001   /* Input/output are mbuf chains, otherwise contig */
+#define CRYPTO_F_IOV 0x0002     /* Input/output are uio */
+#define CRYPTO_F_REL 0x0004     /* Must return data in same place */
+#define CRYPTO_F_NOQUEUE 0x0008 /* Don't use crypto queue/thread */
+#define CRYPTO_F_DONE 0x0010    /* request completed */

-#define CRYPTO_F_IMBUF	0x0001	/* Input/output are mbuf chains, otherwise contig */
-#define CRYPTO_F_IOV	0x0002	/* Input/output are uio */
-#define CRYPTO_F_REL	0x0004	/* Must return data in same place */
-#define CRYPTO_F_NOQUEUE	0x0008	/* Don't use crypto queue/thread */
-#define CRYPTO_F_DONE	0x0010	/* request completed */
+  FAR void *crp_buf;               /* Data to be processed */
+  FAR void *crp_opaque;            /* Opaque pointer, passed along */
+  FAR struct cryptodesc *crp_desc; /* Linked list of processing descriptors */

-	void 		*crp_buf;	/* Data to be processed */
-	void 		*crp_opaque;	/* Opaque pointer, passed along */
-	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
+  CODE int (*crp_callback)(FAR struct cryptop *); /* Callback function */

-	int (*crp_callback)(struct cryptop *); /* Callback function */
-
-	caddr_t		crp_mac;
+  caddr_t crp_mac;
 };

-#define CRYPTO_BUF_IOV		0x1
-#define CRYPTO_BUF_MBUF		0x2
+#define CRYPTO_BUF_IOV 0x1
+#define CRYPTO_BUF_MBUF 0x2

-#define CRYPTO_OP_DECRYPT	0x0
-#define CRYPTO_OP_ENCRYPT	0x1
+#define CRYPTO_OP_DECRYPT 0x0
+#define CRYPTO_OP_ENCRYPT 0x1

 /* bignum parameter, in packed bytes, ... */
-struct crparam {
-	caddr_t		crp_p;
-	u_int		crp_nbits;
+
+struct crparam
+{
+  caddr_t crp_p;
+  u_int crp_nbits;
 };

-#define CRK_MAXPARAM	8
+#define CRK_MAXPARAM 8

-struct crypt_kop {
-	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
-	u_int		crk_status;	/* return status */
-	u_short		crk_iparams;	/* # of input parameters */
-	u_short		crk_oparams;	/* # of output parameters */
-	u_int		crk_pad1;
-	struct crparam	crk_param[CRK_MAXPARAM];
+struct crypt_kop
+{
+  u_int crk_op;        /* ie. CRK_MOD_EXP or other */
+  u_int crk_status;    /* return status */
+  u_short crk_iparams; /* # of input parameters */
+  u_short crk_oparams; /* # of output parameters */
+  u_int crk_pad1;
+  struct crparam crk_param[CRK_MAXPARAM];
 };
-#define CRK_MOD_EXP		0
-#define CRK_MOD_EXP_CRT		1
-#define CRK_DSA_SIGN		2
-#define CRK_DSA_VERIFY		3
-#define CRK_DH_COMPUTE_KEY	4
-#define CRK_ALGORITHM_MAX	4 /* Keep updated */

-#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
+#define CRK_MOD_EXP        0
+#define CRK_MOD_EXP_CRT    1
+#define CRK_DSA_SIGN       2
+#define CRK_DSA_VERIFY     3
+#define CRK_DH_COMPUTE_KEY 4
+#define CRK_ALGORITHM_MAX  4 /* Keep updated */

-struct cryptkop {
-	struct task	krp_task;
+#define CRF_MOD_EXP        (1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT    (1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN       (1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY     (1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)

-	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
-	u_int		krp_status;	/* return status */
-	u_short		krp_iparams;	/* # of input parameters */
-	u_short		krp_oparams;	/* # of output parameters */
-	u_int32_t	krp_hid;
-	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
-	int		(*krp_callback)(struct cryptkop *);
+struct cryptkop
+{
+  struct task krp_task;
+
+  u_int krp_op;        /* ie. CRK_MOD_EXP or other */
+  u_int krp_status;    /* return status */
+  u_short krp_iparams; /* # of input parameters */
+  u_short krp_oparams; /* # of output parameters */
+  uint32_t krp_hid;
+  struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
+  CODE int (*krp_callback)(FAR struct cryptkop *);
 };

 /* Crypto capabilities structure */
-struct cryptocap {
-	u_int64_t	cc_operations;	/* Counter of how many ops done */
-	u_int64_t	cc_bytes;	/* Counter of how many bytes done */
-	u_int64_t	cc_koperations;	/* How many PK ops done */

-	u_int32_t	cc_sessions;	/* How many sessions allocated */
+struct cryptocap
+{
+  uint64_t cc_operations;  /* Counter of how many ops done */
+  uint64_t cc_bytes;       /* Counter of how many bytes done */
+  uint64_t cc_koperations; /* How many PK ops done */

-	/* Symmetric/hash algorithms supported */
-	int		cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+  uint32_t cc_sessions;   /* How many sessions allocated */

-	/* Asymmetric algorithms supported */
-	int		cc_kalg[CRK_ALGORITHM_MAX + 1];
+  /* Symmetric/hash algorithms supported */

-	int		cc_queued;	/* Operations queued */
+  int cc_alg[CRYPTO_ALGORITHM_MAX + 1];

-	u_int8_t	cc_flags;
+  /* Asymmetric algorithms supported */
+
+  int cc_kalg[CRK_ALGORITHM_MAX + 1];
+
+  uint8_t cc_flags;
 #define CRYPTOCAP_F_CLEANUP     0x01
 #define CRYPTOCAP_F_SOFTWARE    0x02
 #define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
 #define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */

-	int		(*cc_newsession) (u_int32_t *, struct cryptoini *);
-	int		(*cc_process) (struct cryptop *);
-	int		(*cc_freesession) (u_int64_t);
-	int		(*cc_kprocess) (struct cryptkop *);
+  CODE int (*cc_newsession)(FAR uint32_t *, FAR struct cryptoini *);
+  CODE int (*cc_process)(FAR struct cryptop *);
+  CODE int (*cc_freesession)(uint64_t);
+  CODE int (*cc_kprocess)(FAR struct cryptkop *);
 };

-/*
- * ioctl parameter to request creation of a session.
- */
-struct session_op {
-	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
-	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+/* ioctl parameter to request creation of a session. */

-	u_int32_t	keylen;		/* cipher key */
-	caddr_t		key;
-	int		mackeylen;	/* mac key */
-	caddr_t		mackey;
+struct session_op
+{
+  uint32_t cipher;    /* ie. CRYPTO_AES_EBC */
+  uint32_t mac;
+  uint32_t keylen;    /* cipher key */
+  caddr_t key;
+  int mackeylen;      /* mac key */
+  caddr_t mackey;

-	u_int32_t	ses;		/* returns: session # */
+  uint32_t ses;       /* returns: session # */
 };

-/*
- * ioctl parameter to request a crypt/decrypt operation against a session.
- */
-struct crypt_op {
-	u_int32_t	ses;
-	u_int16_t	op;		/* ie. COP_ENCRYPT */
-#define COP_ENCRYPT	1
-#define COP_DECRYPT	2
-	u_int16_t	flags;		/* always 0 */
+struct crypt_op
+{
+  uint32_t ses;

-	u_int		len;
-	caddr_t		src, dst;	/* become iov[] inside kernel */
-	caddr_t		mac;		/* must be big enough for chosen MAC */
-	caddr_t		iv;
+#define COP_ENCRYPT    1
+#define COP_DECRYPT    2
+
+  uint16_t op;        /* i.e. COP_ENCRYPT */
+
+  uint16_t flags;
+  unsigned len;
+  caddr_t src, dst;   /* become iov[] inside kernel */
+  caddr_t mac;        /* must be big enough for chosen MAC */
+  caddr_t iv;
 };

-#define CRYPTO_MAX_MAC_LEN	20
+#define CRYPTO_MAX_MAC_LEN  20

-/*
- * done against open of /dev/crypto, to get a cloned descriptor.
+/* done against open of /dev/crypto, to get a cloned descriptor.
 * Please use F_SETFD against the cloned descriptor.
 */
-#define	CRIOGET		_IOWR('c', 100, u_int32_t)
+
+#define CRIOGET       _IOWR('c', 100, uint32_t)

 /* the following are done against the cloned descriptor */
-#define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
-#define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
-#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
-#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
+#define CIOCGSESSION  _IOWR('c', 101, struct session_op)
+#define CIOCFSESSION  _IOW('c', 102, uint32_t)
+#define CIOCCRYPT     _IOWR('c', 103, struct crypt_op)
+#define CIOCKEY       _IOWR('c', 104, struct crypt_kop)

-#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
+#define CIOCASYMFEAT  _IOR('c', 105, uint32_t)

 #ifdef _KERNEL
-int	crypto_newsession(u_int64_t *, struct cryptoini *, int);
-int	crypto_freesession(u_int64_t);
-int	crypto_dispatch(struct cryptop *);
-int	crypto_kdispatch(struct cryptkop *);
-int	crypto_register(u_int32_t, int *,
-	    int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
-	    int (*)(struct cryptop *));
-int	crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
-int	crypto_unregister(u_int32_t, int);
-int32_t	crypto_get_driverid(u_int8_t);
-int	crypto_invoke(struct cryptop *);
-int	crypto_kinvoke(struct cryptkop *);
-void	crypto_done(struct cryptop *);
-void	crypto_kdone(struct cryptkop *);
-int	crypto_getfeat(int *);
+int crypto_newsession(FAR uint64_t *, FAR struct cryptoini *, int);
+int crypto_freesession(uint64_t);
+int crypto_dispatch(FAR struct cryptop *);
+int crypto_kdispatch(FAR struct cryptkop *);
+int crypto_register(uint32_t, FAR int *,
+                    CODE int (*)(uint32_t *, struct cryptoini *),
+                    CODE int (*)(uint64_t),
+                    CODE int (*)(FAR struct cryptop *));
+int crypto_kregister(uint32_t, FAR int *, CODE int (*)(struct cryptkop *));
+int crypto_unregister(uint32_t, int);
+int crypto_get_driverid(uint8_t);
+int crypto_invoke(FAR struct cryptop *);
+int crypto_kinvoke(FAR struct cryptkop *);
+void crypto_done(FAR struct cryptop *);
+void crypto_kdone(FAR struct cryptkop *);
+int crypto_getfeat(FAR int *);

-void	cuio_copydata(struct uio *, int, int, caddr_t);
-void	cuio_copyback(struct uio *, int, int, const void *);
-int	cuio_getptr(struct uio *, int, int *);
-int	cuio_apply(struct uio *, int, int,
-	    int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);
+void cuio_copydata(FAR struct uio *, int, int, caddr_t);
+void cuio_copyback(FAR struct uio *, int, int, const void *);
+int cuio_getptr(FAR struct uio *, int, FAR int *);
+int cuio_apply(FAR struct uio *, int, int,
+               CODE int (*f)(caddr_t, caddr_t, unsigned int), caddr_t);

-struct	cryptop *crypto_getreq(int);
-void	crypto_freereq(struct cryptop *);
+FAR struct cryptop *crypto_getreq(int);
+void crypto_freereq(FAR struct cryptop *);
 #endif /* _KERNEL */
-#endif /* _CRYPTO_CRYPTO_H_ */
+#endif /* __INCLUDE_CRYPTO_CRYPTODEV_H */
--- a/include/crypto/cryptosoft.h
+++ b/include/crypto/cryptosoft.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/cryptosoft.h
+ * $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $
+ *
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
 *
 * This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -19,56 +20,71 @@
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
- */
+ *
+ ****************************************************************************/

-#ifndef _CRYPTO_CRYPTOSOFT_H_
-#define _CRYPTO_CRYPTOSOFT_H_
+#ifndef __INCLUDE_CRYPTO_CRYPTOSOFT_H
+#define __INCLUDE_CRYPTO_CRYPTOSOFT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 /* Software session entry */
-struct swcr_data {
-	int		sw_alg;		/* Algorithm */
-	union {
-		struct {
-			u_int8_t	 *SW_ictx;
-			u_int8_t	 *SW_octx;
-			u_int32_t	 SW_klen;
-			const struct auth_hash *SW_axf;
-		} SWCR_AUTH;
-		struct {
-			u_int8_t	 *SW_kschedule;
-			const struct enc_xform *SW_exf;
-		} SWCR_ENC;
-		struct {
-			u_int32_t	 SW_size;
-			const struct comp_algo *SW_cxf;
-		} SWCR_COMP;
-	} SWCR_UN;

-#define sw_ictx		SWCR_UN.SWCR_AUTH.SW_ictx
-#define sw_octx		SWCR_UN.SWCR_AUTH.SW_octx
-#define sw_klen		SWCR_UN.SWCR_AUTH.SW_klen
-#define sw_axf		SWCR_UN.SWCR_AUTH.SW_axf
-#define sw_kschedule	SWCR_UN.SWCR_ENC.SW_kschedule
-#define sw_exf		SWCR_UN.SWCR_ENC.SW_exf
-#define sw_size		SWCR_UN.SWCR_COMP.SW_size
-#define sw_cxf		SWCR_UN.SWCR_COMP.SW_cxf
+struct swcr_data
+{
+  int sw_alg; /* Algorithm */
+  union
+    {
+      struct
+      {
+        FAR uint8_t *ictx;
+        FAR uint8_t *octx;
+        uint32_t klen;
+        FAR const struct auth_hash *axf;
+      } SWCR_AUTH;

-	struct swcr_data *sw_next;
+      struct
+      {
+        FAR uint8_t *kschedule;
+        FAR const struct enc_xform *exf;
+      } SWCR_ENC;
+
+      struct
+      {
+        uint32_t size;
+        FAR const struct comp_algo *cxf;
+      } SWCR_COMP;
+    } SWCR_UN;
+
+#define sw_ictx   SWCR_UN.SWCR_AUTH.ictx
+#define sw_octx   SWCR_UN.SWCR_AUTH.octx
+#define sw_klen   SWCR_UN.SWCR_AUTH.klen
+#define sw_axf    SWCR_UN.SWCR_AUTH.axf
+#define sw_kschedule SWCR_UN.SWCR_ENC.kschedule
+#define sw_exf    SWCR_UN.SWCR_ENC.exf
+#define sw_size   SWCR_UN.SWCR_COMP.size
+#define sw_cxf    SWCR_UN.SWCR_COMP.cxf
+
+  struct swcr_data *sw_next;
 };

 #ifdef _KERNEL
-extern const u_int8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
-extern const u_int8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_ipad_buffer[HMAC_MAX_BLOCK_LEN];
+extern const uint8_t hmac_opad_buffer[HMAC_MAX_BLOCK_LEN];

-int	swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
-int	swcr_authcompute(struct cryptop *, struct cryptodesc *, struct swcr_data *,
-	caddr_t, int);
-int	swcr_authenc(struct cryptop *);
-int	swcr_compdec(struct cryptodesc *, struct swcr_data *, caddr_t, int);
-int	swcr_process(struct cryptop *);
-int	swcr_newsession(u_int32_t *, struct cryptoini *);
-int	swcr_freesession(u_int64_t);
-void	swcr_init(void);
+int swcr_encdec(FAR struct cryptodesc *,
+                FAR struct swcr_data *, caddr_t, int);
+int swcr_authcompute(FAR struct cryptop *, FAR struct cryptodesc *,
+                     FAR struct swcr_data *, caddr_t, int);
+int swcr_authenc(FAR struct cryptop *);
+int swcr_compdec(FAR struct cryptodesc *, FAR struct swcr_data *,
+                 caddr_t, int);
+int swcr_process(FAR struct cryptop *);
+int swcr_newsession(FAR uint32_t *, FAR struct cryptoini *);
+int swcr_freesession(uint64_t);
+void swcr_init(void);
 #endif /* _KERNEL */

-#endif /* _CRYPTO_CRYPTO_H_ */
+#endif /* __INCLUDE_CRYPTO_CRYPTOSOFT_H */
--- a/include/crypto/gmac.h
+++ b/include/crypto/gmac.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/gmac.h
+ * $OpenBSD: gmac.h,v 1.6 2017/05/02 11:44:32 mikeb Exp $
+ *
 * Copyright (c) 2010 Mike Belopuhov
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,36 +15,42 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ ****************************************************************************/

-#ifndef _GMAC_H_
-#define _GMAC_H_
+#ifndef __INCLUDE_CRYPTO_GMAC_H
+#define __INCLUDE_CRYPTO_GMAC_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <crypto/aes.h>

-#define GMAC_BLOCK_LEN		16
-#define GMAC_DIGEST_LEN		16
+#define GMAC_BLOCK_LEN 16
+#define GMAC_DIGEST_LEN 16

-typedef struct _GHASH_CTX {
-	uint8_t		H[GMAC_BLOCK_LEN];		/* hash subkey */
-	uint8_t		S[GMAC_BLOCK_LEN];		/* state */
-	uint8_t		Z[GMAC_BLOCK_LEN];		/* initial state */
-} GHASH_CTX;
+typedef struct _GHASH_CTX
+{
+  uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
+  uint8_t S[GMAC_BLOCK_LEN]; /* state */
+  uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
+}
+GHASH_CTX;

-typedef struct _AES_GMAC_CTX {
-	GHASH_CTX	ghash;
-	AES_CTX		K;
-	uint8_t		J[GMAC_BLOCK_LEN];		/* counter block */
-} AES_GMAC_CTX;
+typedef struct _AES_GMAC_CTX
+{
+  GHASH_CTX ghash;
+  AES_CTX K;
+  uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
+}
+AES_GMAC_CTX;

-__BEGIN_DECLS
-extern void (*ghash_update)(GHASH_CTX *, uint8_t *, size_t);
+extern void (*ghash_update)(FAR GHASH_CTX *, FAR uint8_t *, size_t);

-void	AES_GMAC_Init(void *);
-void	AES_GMAC_Setkey(void *, const uint8_t *, uint16_t);
-void	AES_GMAC_Reinit(void *, const uint8_t *, uint16_t);
-int	AES_GMAC_Update(void *, const uint8_t *, uint16_t);
-void	AES_GMAC_Final(uint8_t [GMAC_DIGEST_LEN], void *);
-__END_DECLS
+void aes_gmac_init(FAR void *);
+void aes_gmac_setkey(FAR void *, FAR const uint8_t *, uint16_t);
+void aes_gmac_reinit(FAR void *, FAR const uint8_t *, uint16_t);
+int aes_gmac_update(FAR void *, FAR const uint8_t *, uint16_t);
+void aes_gmac_final(FAR uint8_t *, FAR void *);

-#endif /* _GMAC_H_ */
+#endif /* __INCLUDE_CRYPTO_GMAC_H */
--- a/include/crypto/hmac.h
+++ b/include/crypto/hmac.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $	*/
-
-/*-
+/****************************************************************************
+ * include/crypto/hmac.h
+ * $OpenBSD: hmac.h,v 1.3 2012/12/05 23:20:15 deraadt Exp $
+ *
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,52 +15,42 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-#ifndef _HMAC_H_
-#define _HMAC_H_
+#ifndef __INCLUDE_CRYPTO_HMAC_H_
+#define __INCLUDE_CRYPTO_HMAC_H_

-typedef struct _HMAC_MD5_CTX {
-	MD5_CTX		ctx;
-	u_int8_t	key[MD5_BLOCK_LENGTH];
-	u_int		key_len;
+typedef struct _HMAC_MD5_CTX
+{
+  MD5_CTX ctx;
+  u_int8_t key[MD5_BLOCK_LENGTH];
+  u_int key_len;
 } HMAC_MD5_CTX;

-typedef struct _HMAC_SHA1_CTX {
-	SHA1_CTX	ctx;
-	u_int8_t	key[SHA1_BLOCK_LENGTH];
-	u_int		key_len;
+typedef struct _HMAC_SHA1_CTX
+{
+  SHA1_CTX ctx;
+  u_int8_t key[SHA1_BLOCK_LENGTH];
+  u_int key_len;
 } HMAC_SHA1_CTX;

-typedef struct _HMAC_SHA256_CTX {
-	SHA2_CTX	ctx;
-	u_int8_t	key[SHA256_BLOCK_LENGTH];
-	u_int		key_len;
+typedef struct _HMAC_SHA256_CTX
+{
+  SHA2_CTX ctx;
+  u_int8_t key[SHA256_BLOCK_LENGTH];
+  u_int key_len;
 } HMAC_SHA256_CTX;

-__BEGIN_DECLS
+void hmac_md5_init(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
+void hmac_md5_update(FAR HMAC_MD5_CTX *, FAR const u_int8_t *, u_int);
+void hmac_md5_final(FAR u_int8_t *, FAR HMAC_MD5_CTX *);
+void hmac_sha1_init(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
+void hmac_sha1_update(FAR HMAC_SHA1_CTX *, FAR const u_int8_t *, u_int);
+void hmac_sha1_final(FAR u_int8_t *, FAR HMAC_SHA1_CTX *);

-void	 HMAC_MD5_Init(HMAC_MD5_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_MD5_Update(HMAC_MD5_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_MD5_Final(u_int8_t [MD5_DIGEST_LENGTH], HMAC_MD5_CTX *)
-		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
+void hmac_sha256_init(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
+void hmac_sha256_update(FAR HMAC_SHA256_CTX *, FAR const u_int8_t *, u_int);
+void hmac_sha256_final(FAR u_int8_t *, FAR HMAC_SHA256_CTX *);

-void	 HMAC_SHA1_Init(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_SHA1_Update(HMAC_SHA1_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_SHA1_Final(u_int8_t [SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *)
-		__attribute__((__bounded__(__minbytes__,1,SHA1_DIGEST_LENGTH)));
-
-void	 HMAC_SHA256_Init(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_SHA256_Update(HMAC_SHA256_CTX *, const u_int8_t *, u_int)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 HMAC_SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *)
-		__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
-
-__END_DECLS
-
-#endif	/* _HMAC_H_ */
+#endif /* __INCLUDE_CRYPTO_HMAC_H_ */
--- a/include/crypto/idgen.h
+++ b/include/crypto/idgen.h
@ -1,5 +1,7 @@
-/*	$OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $	*/
-/*
+/****************************************************************************
+ * include/crypto/idgen.h
+ * $OpenBSD: idgen.h,v 1.3 2013/06/05 05:45:54 djm Exp $
+ *
 * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -13,21 +15,27 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-#define IDGEN32_ROUNDS		31
-#define IDGEN32_KEYLEN		32
-#define IDGEN32_REKEY_LIMIT	0x60000000
-#define IDGEN32_REKEY_TIME	600
+#ifndef __INCLUDE_CRYPTO_IDGEN_H_
+#define __INCLUDE_CRYPTO_IDGEN_H_

-struct idgen32_ctx {
-	u_int32_t id32_counter;
-	u_int32_t id32_offset;
-	u_int32_t id32_hibit;
-	u_int8_t id32_key[IDGEN32_KEYLEN];
-	time_t id32_rekey_time;
+#define IDGEN32_ROUNDS 31
+#define IDGEN32_KEYLEN 32
+#define IDGEN32_REKEY_LIMIT 0x60000000
+#define IDGEN32_REKEY_TIME 600
+
+struct idgen32_ctx
+{
+  u_int32_t id32_counter;
+  u_int32_t id32_offset;
+  u_int32_t id32_hibit;
+  u_int8_t id32_key[IDGEN32_KEYLEN];
+  time_t id32_rekey_time;
 };

-void idgen32_init(struct idgen32_ctx *);
-u_int32_t idgen32(struct idgen32_ctx *);
+void idgen32_init(FAR struct idgen32_ctx *);
+u_int32_t idgen32(FAR struct idgen32_ctx *);

+#endif /* __INCLUDE_CRYPTO_IDGEN_H_ */
--- a/include/crypto/key_wrap.h
+++ b/include/crypto/key_wrap.h
@ -1,6 +1,6 @@
-/*	$OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $	*/
-
-/*-
+/****************************************************************************
+ * include/crypto/key_wrap.h
+ *$OpenBSD: key_wrap.h,v 1.3 2017/05/02 17:07:06 mikeb Exp $
 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
 *
 * Permission to use, copy, modify, and distribute this software for any
@ -14,23 +14,26 @@
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+ *
+ ****************************************************************************/

-#ifndef _KEY_WRAP_H_
-#define _KEY_WRAP_H_
+#ifndef __INCLUDE_CRYPTO_KEY_WRAP_H_
+#define __INCLUDE_CRYPTO_KEY_WRAP_H_

-typedef struct _aes_key_wrap_ctx {
-	AES_CTX		ctx;
+typedef struct _aes_key_wrap_ctx
+{
+  AES_CTX ctx;
 } aes_key_wrap_ctx;

-__BEGIN_DECLS
+void aes_key_wrap_set_key(FAR aes_key_wrap_ctx *,
+                          FAR const u_int8_t *,
+                          size_t);
+void aes_key_wrap_set_key_wrap_only(FAR aes_key_wrap_ctx *,
+                                    FAR const u_int8_t *,
+                                    size_t);
+void aes_key_wrap(FAR aes_key_wrap_ctx *,
+                  FAR const u_int8_t *, size_t, FAR u_int8_t *);
+int aes_key_unwrap(FAR aes_key_wrap_ctx *,
+                   FAR const u_int8_t *, FAR u_int8_t *, size_t);

-void	aes_key_wrap_set_key(aes_key_wrap_ctx *, const u_int8_t *, size_t);
-void	aes_key_wrap_set_key_wrap_only(aes_key_wrap_ctx *, const u_int8_t *,
-	    size_t);
-void	aes_key_wrap(aes_key_wrap_ctx *, const u_int8_t *, size_t, u_int8_t *);
-int	aes_key_unwrap(aes_key_wrap_ctx *, const u_int8_t *, u_int8_t *,
-	    size_t);
-__END_DECLS
-
-#endif /* _KEY_WRAP_H_ */
+#endif /* __INCLUDE_CRYPTO_KEY_WRAP_H_ */
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@ -1,6 +1,8 @@
-/*	$OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/md5.h
+ * $OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $
+ *
+ *
 * This code implements the MD5 message-digest algorithm.
 * The algorithm is due to Ron Rivest.  This code was
 * written by Colin Plumb in 1993, no copyright is claimed.
@ -10,29 +12,25 @@
 * This code has been tested against that, and is equivalent,
 * except that you don't need to include two pages of legalese
 * with every copy.
- */
+ *
+ ****************************************************************************/

-#ifndef _MD5_H_
-#define _MD5_H_
+#ifndef __INCLUDE_CRYPTO_MD5_H
+#define __INCLUDE_CRYPTO_MD5_H

-#define	MD5_BLOCK_LENGTH		64
-#define	MD5_DIGEST_LENGTH		16
+#define MD5_BLOCK_LENGTH    64
+#define MD5_DIGEST_LENGTH   16

-typedef struct MD5Context {
-	u_int32_t state[4];			/* state */
-	u_int64_t count;			/* number of bits, mod 2^64 */
-	u_int8_t buffer[MD5_BLOCK_LENGTH];	/* input buffer */
+typedef struct MD5CONTEXT
+{
+  uint32_t state[4];                 /* state */
+  uint64_t count;                    /* number of bits, mod 2^64 */
+  uint8_t buffer[MD5_BLOCK_LENGTH];  /* input buffer */
 } MD5_CTX;

-__BEGIN_DECLS
-void	 MD5Init(MD5_CTX *);
-void	 MD5Update(MD5_CTX *, const void *, size_t)
-		__attribute__((__bounded__(__string__,2,3)));
-void	 MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
-		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
-void	 MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
-		__attribute__((__bounded__(__minbytes__,1,4)))
-		__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
-__END_DECLS
+void md5init(FAR MD5_CTX *);
+void md5update(FAR MD5_CTX *, FAR const void *, size_t);
+void md5final(FAR uint8_t *, FAR MD5_CTX *);
+void md5transform(FAR uint32_t *, FAR const uint8_t *);

-#endif /* _MD5_H_ */
+#endif /* __INCLUDE_CRYPTO_MD5_H */
--- a/include/crypto/poly1305.h
+++ b/include/crypto/poly1305.h
@ -1,27 +1,31 @@
-/*	$OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $	*/
-/*
+/****************************************************************************
+ * include/crypto/poly1305.h
+ * $OpenBSD: poly1305.h,v 1.2 2020/07/22 13:54:30 tobhe Exp $
+ *
 * Public Domain poly1305 from Andrew Moon
 *
 * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
 * and 64 bit addition from https://github.com/floodyberry/poly1305-donna
- */
+ ****************************************************************************/

-#ifndef _POLY1305_H_
-#define _POLY1305_H_
+#ifndef __INCLUDE_CRYPTO_POLY1305_H
+#define __INCLUDE_CRYPTO_POLY1305_H

 #define poly1305_block_size 16

-typedef struct poly1305_state {
-	unsigned long r[5];
-	unsigned long h[5];
-	unsigned long pad[4];
-	size_t leftover;
-	unsigned char buffer[poly1305_block_size];
-	unsigned char final;
+typedef struct poly1305_state
+{
+  unsigned long r[5];
+  unsigned long h[5];
+  unsigned long pad[4];
+  size_t leftover;
+  unsigned char buffer[poly1305_block_size];
+  unsigned char final;
 } poly1305_state;

-void	poly1305_init(poly1305_state *, const unsigned char[32]);
-void	poly1305_update(poly1305_state *, const unsigned char *, size_t);
-void	poly1305_finish(poly1305_state *, unsigned char[16]);
+void poly1305_init(FAR poly1305_state *, FAR const unsigned char *);
+void poly1305_update(FAR poly1305_state *,
+                     FAR const unsigned char *, size_t);
+void poly1305_finish(FAR poly1305_state *, FAR unsigned char *);

-#endif	/* _POLY1305_H_ */
+#endif /* __INCLUDE_CRYPTO_POLY1305_H */
--- a/include/crypto/rijndael.h
+++ b/include/crypto/rijndael.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $ */
-
-/**
+/****************************************************************************
+ * include/crypto/rijndael.h
+ * $OpenBSD: rijndael.h,v 1.13 2008/06/09 07:49:45 djm Exp $
+ *
 * rijndael-alg-fst.h
 *
 * @version 3.0 (December 2000)
@ -24,35 +25,42 @@
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef __RIJNDAEL_H
-#define __RIJNDAEL_H
+ ****************************************************************************/
+
+#ifndef __INCLUDE_CRYPTO_RIJNDAEL_H
+#define __INCLUDE_CRYPTO_RIJNDAEL_H
+
+#define AES_MAXKEYBITS  (256)
+#define AES_MAXKEYBYTES (AES_MAXKEYBITS / 8)

-#define AES_MAXKEYBITS	(256)
-#define AES_MAXKEYBYTES	(AES_MAXKEYBITS/8)
 /* for 256-bit keys, fewer for less */
-#define AES_MAXROUNDS	14

-typedef unsigned char	u8;
-typedef unsigned short	u16;
-typedef unsigned int	u32;
+#define AES_MAXROUNDS 14

 /*  The structure for key information */
-typedef struct {
-	int	enc_only;		/* context contains only encrypt schedule */
-	int	Nr;			/* key-length-dependent number of rounds */
-	u32	ek[4*(AES_MAXROUNDS + 1)];	/* encrypt key schedule */
-	u32	dk[4*(AES_MAXROUNDS + 1)];	/* decrypt key schedule */
+
+typedef struct
+{
+  int enc_only;                         /* context contains only encrypt schedule */
+  int nr;                               /* key-length-dependent number of rounds */
+  uint32_t ek[4 * (AES_MAXROUNDS + 1)]; /* encrypt key schedule */
+  uint32_t dk[4 * (AES_MAXROUNDS + 1)]; /* decrypt key schedule */
 } rijndael_ctx;

-int	 rijndael_set_key(rijndael_ctx *, const u_char *, int);
-int	 rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int);
-void	 rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *);
-void	 rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *);
+int rijndael_set_key(FAR rijndael_ctx *, FAR const u_char *, int);
+int rijndael_set_key_enc_only(FAR rijndael_ctx *, FAR const u_char *, int);
+void rijndael_decrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);
+void rijndael_encrypt(FAR rijndael_ctx *, FAR const u_char *, FAR u_char *);

-int	rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
-int	rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
-void	rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
-	    unsigned char []);
+int rijndael_keysetupenc(unsigned int [],
+                         const unsigned char [],
+                         int);
+int rijndael_keysetupdec(unsigned int [],
+                         const unsigned char [],
+                         int);
+void rijndael_encrypt1(const unsigned int [],
+                       int,
+                       const unsigned char [],
+                       unsigned char []);

-#endif /* __RIJNDAEL_H */
+#endif /* __INCLUDE_CRYPTO_RIJNDAEL_H */
--- a/include/crypto/rmd160.h
+++ b/include/crypto/rmd160.h
@ -1,5 +1,7 @@
-/*	$OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $	*/
-/*
+/****************************************************************************
+ * include/crypto/rmd160.h
+ * $OpenBSD: rmd160.h,v 1.5 2009/07/05 19:33:46 millert Exp $
+ *
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -21,29 +23,27 @@
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef  _RMD160_H
-#define  _RMD160_H
+ ****************************************************************************/

-#define RMD160_BLOCK_LENGTH		64
-#define RMD160_DIGEST_LENGTH		20
+#ifndef __INCLUDE_CRYPTO_RMD160_H
+#define __INCLUDE_CRYPTO_RMD160_H
+
+#define RMD160_BLOCK_LENGTH  64
+#define RMD160_DIGEST_LENGTH 20

 /* RMD160 context. */
-typedef struct RMD160Context {
-	u_int32_t state[5];			/* state */
-	u_int64_t count;			/* number of bits, mod 2^64 */
-	u_char buffer[RMD160_BLOCK_LENGTH];	/* input buffer */
+
+typedef struct RMD160CONTEXT
+{
+  uint32_t state[5];                  /* state */
+  uint64_t count;                     /* number of bits, mod 2^64 */
+  u_char buffer[RMD160_BLOCK_LENGTH]; /* input buffer */
 } RMD160_CTX;

-__BEGIN_DECLS
-void	 RMD160Init(RMD160_CTX *);
-void	 RMD160Transform(u_int32_t [5], const u_char [RMD160_BLOCK_LENGTH])
-	     __attribute__((__bounded__(__minbytes__,1,5)))
-	     __attribute__((__bounded__(__minbytes__,2,RMD160_BLOCK_LENGTH)));
-void	 RMD160Update(RMD160_CTX *, const u_char *, u_int32_t)
-	     __attribute__((__bounded__(__string__,2,3)));
-void	 RMD160Final(u_char [RMD160_DIGEST_LENGTH], RMD160_CTX *)
-	     __attribute__((__bounded__(__minbytes__,1,RMD160_DIGEST_LENGTH)));
-__END_DECLS
+void rmd160init(FAR RMD160_CTX *);
+void rmd160transform(FAR uint32_t *,
+                     FAR const u_char *);
+void rmd160update(FAR RMD160_CTX *, FAR const u_char *, uint32_t);
+void rmd160final(FAR u_char *, FAR RMD160_CTX *);

-#endif  /* _RMD160_H */
+#endif  /* __INCLUDE_CRYPTO_RMD160_H */
--- a/include/crypto/sha1.h
+++ b/include/crypto/sha1.h
@ -1,26 +1,31 @@
-/*	$OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/sha1.h
+ * $OpenBSD: sha1.h,v 1.6 2014/11/16 17:39:09 tedu Exp $
 * SHA-1 in C
 * By Steve Reid <steve@edmweb.com>
 * 100% Public Domain
- */
+ ****************************************************************************/

-#ifndef _SHA1_H_
-#define _SHA1_H_
+#ifndef __INCLUDE_CRYPTO_SHA1_H
+#define __INCLUDE_CRYPTO_SHA1_H

-#define	SHA1_BLOCK_LENGTH		64
-#define	SHA1_DIGEST_LENGTH		20
+#define SHA1_BLOCK_LENGTH  64
+#define SHA1_DIGEST_LENGTH 20

-typedef struct {
-	u_int32_t	state[5];
-	u_int64_t	count;
-	unsigned char	buffer[SHA1_BLOCK_LENGTH];
+typedef struct
+{
+  uint32_t state[5];
+  uint64_t count;
+  unsigned char buffer[SHA1_BLOCK_LENGTH];
 } SHA1_CTX;
-  
-void SHA1Init(SHA1_CTX * context);
-void SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH]);
-void SHA1Update(SHA1_CTX *context, const void *data, unsigned int len);
-void SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context);

-#endif /* _SHA1_H_ */
+void sha1init(FAR SHA1_CTX * context);
+void sha1transform(FAR uint32_t *state,
+                   FAR const unsigned char *buffer);
+void sha1update(FAR SHA1_CTX *context,
+                FAR const void *data,
+                unsigned int len);
+void sha1final(FAR unsigned char *digest,
+               FAR SHA1_CTX *context);
+
+#endif /* __INCLUDE_CRYPTO_SHA1_H */
--- a/include/crypto/sha2.h
+++ b/include/crypto/sha2.h
@ -1,9 +1,10 @@
-/*	$OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $	*/
-
-/*
- * FILE:	sha2.h
- * AUTHOR:	Aaron D. Gifford <me@aarongifford.com>
- * 
+/****************************************************************************
+ * include/crypto/sha2.h
+ * $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $
+ *
+ * FILE: sha2.h
+ * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
+ *
 * Copyright (c) 2000-2001, Aaron D. Gifford
 * All rights reserved.
 *
@ -18,7 +19,7 @@
 * 3. Neither the name of the copyright holder nor the names of contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -32,52 +33,46 @@
 * SUCH DAMAGE.
 *
 * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
- */
+ ****************************************************************************/

-#ifndef _SHA2_H
-#define _SHA2_H
+#ifndef __INCLUDE_CRYPTO_SHA2_H
+#define __INCLUDE_CRYPTO_SHA2_H

+/* SHA-256/384/512 Various Length Definitions */

-/*** SHA-256/384/512 Various Length Definitions ***********************/
-#define SHA256_BLOCK_LENGTH		64
-#define SHA256_DIGEST_LENGTH		32
-#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
-#define SHA384_BLOCK_LENGTH		128
-#define SHA384_DIGEST_LENGTH		48
-#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
-#define SHA512_BLOCK_LENGTH		128
-#define SHA512_DIGEST_LENGTH		64
-#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+#define SHA256_BLOCK_LENGTH         64
+#define SHA256_DIGEST_LENGTH        32
+#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH         128
+#define SHA384_DIGEST_LENGTH        48
+#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH         128
+#define SHA512_DIGEST_LENGTH        64
+#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)

+/* SHA-256/384/512 Context Structure */

-/*** SHA-256/384/512 Context Structure *******************************/
-typedef struct _SHA2_CTX {
-	union {
-		u_int32_t	st32[8];
-		u_int64_t	st64[8];
-	} state;
-	u_int64_t	bitcount[2];
-	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+typedef struct _SHA2_CTX
+{
+  union
+  {
+    uint32_t st32[8];
+    uint64_t st64[8];
+  } state;
+  uint64_t bitcount[2];
+  uint8_t buffer[SHA512_BLOCK_LENGTH];
 } SHA2_CTX;

-__BEGIN_DECLS
-void SHA256Init(SHA2_CTX *);
-void SHA256Update(SHA2_CTX *, const void *, size_t)
-	__attribute__((__bounded__(__string__,2,3)));
-void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *)
-	__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
+void sha256init(FAR SHA2_CTX *);
+void sha256update(FAR SHA2_CTX *, FAR const void *, size_t);
+void sha256final(FAR uint8_t *, FAR SHA2_CTX *);

-void SHA384Init(SHA2_CTX *);
-void SHA384Update(SHA2_CTX *, const void *, size_t)
-	__attribute__((__bounded__(__string__,2,3)));
-void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *)
-	__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
+void sha384init(FAR SHA2_CTX *);
+void sha384update(FAR SHA2_CTX *, FAR const void *, size_t);
+void sha384final(FAR uint8_t *, FAR SHA2_CTX *);

-void SHA512Init(SHA2_CTX *);
-void SHA512Update(SHA2_CTX *, const void *, size_t)
-	__attribute__((__bounded__(__string__,2,3)));
-void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *)
-	__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
-__END_DECLS
+void sha512init(FAR SHA2_CTX *);
+void sha512update(FAR SHA2_CTX *, FAR const void *, size_t);
+void sha512final(FAR uint8_t *, FAR SHA2_CTX *);

-#endif /* _SHA2_H */
+#endif /* __INCLUDE_CRYPTO_SHA2_H */
--- a/include/crypto/siphash.h
+++ b/include/crypto/siphash.h
@ -1,5 +1,7 @@
-/* $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $ */
-/*-
+/****************************************************************************
+ * include/crypto/siphash.h
+ * $OpenBSD: siphash.h,v 1.5 2015/02/20 11:51:03 tedu Exp $
+ *
 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
 * All rights reserved.
 *
@ -28,60 +30,61 @@
 * SUCH DAMAGE.
 *
 * $FreeBSD$
- */
+ *
+ ****************************************************************************/

-/*
- * SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions)
+/* SipHash is a family of pseudorandom functions
+ * (a.k.a. keyed hash functions)
 * optimized for speed on short messages returning a 64bit hash/digest value.
 *
 * The number of rounds is defined during the initialization:
- *  SipHash24_Init() for the fast and resonable strong version
- *  SipHash48_Init() for the strong version (half as fast)
+ *  siphash24_init() for the fast and resonable strong version
+ *  siphash48_init() for the strong version (half as fast)
 *
 * struct SIPHASH_CTX ctx;
- * SipHash24_Init(&ctx);
- * SipHash_SetKey(&ctx, "16bytes long key");
- * SipHash_Update(&ctx, pointer_to_string, length_of_string);
- * SipHash_Final(output, &ctx);
+ * siphash24_init(&ctx);
+ * siphash_setkey(&ctx, "16bytes long key");
+ * siphash_update(&ctx, pointer_to_string, length_of_string);
+ * siphash_final(output, &ctx);
 */

-#ifndef _SIPHASH_H_
-#define _SIPHASH_H_
+#ifndef __INCLUDE_CRYPTO_SIPHASH_H_
+#define __INCLUDE_CRYPTO_SIPHASH_H_

-#define SIPHASH_BLOCK_LENGTH	 8
-#define SIPHASH_KEY_LENGTH	16
-#define SIPHASH_DIGEST_LENGTH	 8
+#define SIPHASH_BLOCK_LENGTH  8
+#define SIPHASH_KEY_LENGTH    16
+#define SIPHASH_DIGEST_LENGTH 8

-typedef struct _SIPHASH_CTX {
-	uint64_t	v[4];
-	uint8_t	buf[SIPHASH_BLOCK_LENGTH];
-	uint32_t	bytes;
+typedef struct _SIPHASH_CTX
+{
+  uint64_t v[4];
+  uint8_t buf[SIPHASH_BLOCK_LENGTH];
+  uint32_t bytes;
 } SIPHASH_CTX;

-typedef struct {
-	uint64_t	k0;
-	uint64_t	k1;
+typedef struct
+{
+  uint64_t k0;
+  uint64_t k1;
 } SIPHASH_KEY;

-void		SipHash_Init(SIPHASH_CTX *, const SIPHASH_KEY *);
-void		SipHash_Update(SIPHASH_CTX *, int, int, const void *, size_t)
-		    __bounded((__buffer__, 4, 5));
-uint64_t	SipHash_End(SIPHASH_CTX *, int, int);
-void		SipHash_Final(void *, SIPHASH_CTX *, int, int)
-		    __bounded((__minbytes__, 1, SIPHASH_DIGEST_LENGTH));
-uint64_t	SipHash(const SIPHASH_KEY *, int, int, const void *, size_t)
-		    __bounded((__buffer__, 4, 5));
+void siphash_init(FAR SIPHASH_CTX *, FAR const SIPHASH_KEY *);
+void siphash_update(FAR SIPHASH_CTX *, int, int, FAR const void *, size_t);
+uint64_t siphash_end(FAR SIPHASH_CTX *, int, int);
+void siphash_final(FAR void *, FAR SIPHASH_CTX *, int, int);
+uint64_t siphash(FAR const SIPHASH_KEY *,
+                 int, int, FAR const void *, size_t);

-#define SipHash24_Init(_c, _k)		SipHash_Init((_c), (_k))
-#define SipHash24_Update(_c, _p, _l)	SipHash_Update((_c), 2, 4, (_p), (_l))
-#define SipHash24_End(_d)		SipHash_End((_d), 2, 4)
-#define SipHash24_Final(_d, _c)		SipHash_Final((_d), (_c), 2, 4)
-#define SipHash24(_k, _p, _l)		SipHash((_k), 2, 4, (_p), (_l))
+#define SipHash24_Init(_c, _k)        siphash_init((_c), (_k))
+#define SipHash24_Update(_c, _p, _l)  siphash_update((_c), 2, 4, (_p), (_l))
+#define SipHash24_End(_d)             siphash_end((_d), 2, 4)
+#define SipHash24_Final(_d, _c)       siphash_final((_d), (_c), 2, 4)
+#define SipHash24(_k, _p, _l)         siphash((_k), 2, 4, (_p), (_l))

-#define SipHash48_Init(_c, _k)		SipHash_Init((_c), (_k))
-#define SipHash48_Update(_c, _p, _l)	SipHash_Update((_c), 4, 8, (_p), (_l))
-#define SipHash48_End(_d)		SipHash_End((_d), 4, 8)
-#define SipHash48_Final(_d, _c)		SipHash_Final((_d), (_c), 4, 8)
-#define SipHash48(_k, _p, _l)		SipHash((_k), 4, 8, (_p), (_l))
+#define SipHash48_Init(_c, _k)        siphash_init((_c), (_k))
+#define SipHash48_Update(_c, _p, _l)  siphash_update((_c), 4, 8, (_p), (_l))
+#define SipHash48_End(_d)             siphash_end((_d), 4, 8)
+#define SipHash48_Final(_d, _c)       siphash_final((_d), (_c), 4, 8)
+#define SipHash48(_k, _p, _l)         siphash((_k), 4, 8, (_p), (_l))

 #endif /* _SIPHASH_H_ */
--- a/include/crypto/xform.h
+++ b/include/crypto/xform.h
@ -1,6 +1,7 @@
-/*	$OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $	*/
-
-/*
+/****************************************************************************
+ * include/crypto/xform.h
+ * $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $
+ *
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
 *
 * This code was written by Angelos D. Keromytis in Athens, Greece, in
@ -19,10 +20,14 @@
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
- */
+ ****************************************************************************/

-#ifndef _CRYPTO_XFORM_H_
-#define _CRYPTO_XFORM_H_
+#ifndef __INCLUDE_CRYPTO_XFORM_H
+#define __INCLUDE_CRYPTO_XFORM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/

 #include <crypto/md5.h>
 #include <crypto/sha1.h>
@ -30,58 +35,63 @@
 #include <crypto/sha2.h>
 #include <crypto/gmac.h>

-#define AESCTR_NONCESIZE	4
-#define AESCTR_IVSIZE		8
-#define AESCTR_BLOCKSIZE	16
+#define AESCTR_NONCESIZE   4
+#define AESCTR_IVSIZE      8
+#define AESCTR_BLOCKSIZE   16

-#define AES_XTS_BLOCKSIZE	16
-#define AES_XTS_IVSIZE		8
-#define AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
+#define AES_XTS_BLOCKSIZE  16
+#define AES_XTS_IVSIZE     8
+#define AES_XTS_ALPHA      0x87 /* GF(2^128) generator polynomial */

 /* Declarations */
-struct auth_hash {
-	int type;
-	char *name;
-	u_int16_t keysize;
-	u_int16_t hashsize;
-	u_int16_t authsize;
-	u_int16_t ctxsize;
-	u_int16_t blocksize;
-	void (*Init) (void *);
-	void (*Setkey) (void *, const u_int8_t *, u_int16_t);
-	void (*Reinit) (void *, const u_int8_t *, u_int16_t);
-	int  (*Update) (void *, const u_int8_t *, u_int16_t);
-	void (*Final) (u_int8_t *, void *);
+
+struct auth_hash
+{
+  int type;
+  FAR char *name;
+  uint16_t keysize;
+  uint16_t hashsize;
+  uint16_t authsize;
+  uint16_t ctxsize;
+  uint16_t blocksize;
+  CODE void (*init) (FAR void *);
+  CODE void (*setkey) (FAR void *, FAR const uint8_t *, uint16_t);
+  CODE void (*reinit) (FAR void *, FAR const uint8_t *, uint16_t);
+  CODE int  (*update) (FAR void *, FAR const uint8_t *, uint16_t);
+  CODE void (*final) (FAR uint8_t *, FAR void *);
 };

-struct enc_xform {
-	int type;
-	char *name;
-	u_int16_t blocksize;
-	u_int16_t ivsize;
-	u_int16_t minkey;
-	u_int16_t maxkey;
-	u_int16_t ctxsize;
-	void (*encrypt) (caddr_t, u_int8_t *);
-	void (*decrypt) (caddr_t, u_int8_t *);
-	int  (*setkey) (void *, u_int8_t *, int len);
-	void (*reinit) (caddr_t, u_int8_t *);
+struct enc_xform
+{
+  int type;
+  FAR char *name;
+  uint16_t blocksize;
+  uint16_t ivsize;
+  uint16_t minkey;
+  uint16_t maxkey;
+  uint16_t ctxsize;
+  CODE void (*encrypt) (caddr_t, FAR uint8_t *);
+  CODE void (*decrypt) (caddr_t, FAR uint8_t *);
+  CODE int  (*setkey) (void *, FAR uint8_t *, int len);
+  CODE void (*reinit) (caddr_t, FAR uint8_t *);
 };

-struct comp_algo {
-	int type;
-	char *name;
-	size_t minlen;
-	u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
-	u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
+struct comp_algo
+{
+  int type;
+  FAR char *name;
+  size_t minlen;
+  CODE uint32_t (*compress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
+  CODE uint32_t (*decompress) (FAR uint8_t *, uint32_t, FAR uint8_t **);
 };

-union authctx {
-	MD5_CTX md5ctx;
-	SHA1_CTX sha1ctx;
-	RMD160_CTX rmd160ctx;
-	SHA2_CTX sha2_ctx;
-	AES_GMAC_CTX aes_gmac_ctx;
+union authctx
+{
+  MD5_CTX md5ctx;
+  SHA1_CTX sha1ctx;
+  RMD160_CTX rmd160ctx;
+  SHA2_CTX sha2_ctx;
+  AES_GMAC_CTX aes_gmac_ctx;
 };

 extern const struct enc_xform enc_xform_3des;
@ -108,4 +118,4 @@ extern const struct auth_hash auth_hash_chacha20_poly1305;

 extern const struct comp_algo comp_algo_deflate;

-#endif /* _CRYPTO_XFORM_H_ */
+#endif /* __INCLUDE_CRYPTO_XFORM_H */