Switch to the new code style

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/aes.c b/library/aes.c
index 56dc5cf..566e747 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -45,7 +45,7 @@
 #if !defined(MBEDTLS_AES_ALT)
 
 #if defined(MBEDTLS_PADLOCK_C) &&                      \
-    ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
+    (defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16))
 static int aes_padlock_ace = -1;
 #endif
 
@@ -94,86 +94,86 @@
  */
 #define FT \
 \
-    V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
-    V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
-    V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
-    V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
-    V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
-    V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
-    V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
-    V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
-    V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
-    V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
-    V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
-    V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
-    V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
-    V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
-    V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
-    V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
-    V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
-    V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
-    V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
-    V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
-    V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
-    V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
-    V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
-    V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
-    V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
-    V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
-    V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
-    V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
-    V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
-    V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
-    V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
-    V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
-    V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
-    V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
-    V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
-    V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
-    V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
-    V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
-    V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
-    V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
-    V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
-    V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
-    V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
-    V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
-    V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
-    V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
-    V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
-    V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
-    V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
-    V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
-    V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
-    V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
-    V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
-    V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
-    V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
-    V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
-    V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
-    V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
-    V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
-    V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
-    V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
-    V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
-    V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
-    V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
+    V(A5, 63, 63, C6), V(84, 7C, 7C, F8), V(99, 77, 77, EE), V(8D, 7B, 7B, F6), \
+    V(0D, F2, F2, FF), V(BD, 6B, 6B, D6), V(B1, 6F, 6F, DE), V(54, C5, C5, 91), \
+    V(50, 30, 30, 60), V(03, 01, 01, 02), V(A9, 67, 67, CE), V(7D, 2B, 2B, 56), \
+    V(19, FE, FE, E7), V(62, D7, D7, B5), V(E6, AB, AB, 4D), V(9A, 76, 76, EC), \
+    V(45, CA, CA, 8F), V(9D, 82, 82, 1F), V(40, C9, C9, 89), V(87, 7D, 7D, FA), \
+    V(15, FA, FA, EF), V(EB, 59, 59, B2), V(C9, 47, 47, 8E), V(0B, F0, F0, FB), \
+    V(EC, AD, AD, 41), V(67, D4, D4, B3), V(FD, A2, A2, 5F), V(EA, AF, AF, 45), \
+    V(BF, 9C, 9C, 23), V(F7, A4, A4, 53), V(96, 72, 72, E4), V(5B, C0, C0, 9B), \
+    V(C2, B7, B7, 75), V(1C, FD, FD, E1), V(AE, 93, 93, 3D), V(6A, 26, 26, 4C), \
+    V(5A, 36, 36, 6C), V(41, 3F, 3F, 7E), V(02, F7, F7, F5), V(4F, CC, CC, 83), \
+    V(5C, 34, 34, 68), V(F4, A5, A5, 51), V(34, E5, E5, D1), V(08, F1, F1, F9), \
+    V(93, 71, 71, E2), V(73, D8, D8, AB), V(53, 31, 31, 62), V(3F, 15, 15, 2A), \
+    V(0C, 04, 04, 08), V(52, C7, C7, 95), V(65, 23, 23, 46), V(5E, C3, C3, 9D), \
+    V(28, 18, 18, 30), V(A1, 96, 96, 37), V(0F, 05, 05, 0A), V(B5, 9A, 9A, 2F), \
+    V(09, 07, 07, 0E), V(36, 12, 12, 24), V(9B, 80, 80, 1B), V(3D, E2, E2, DF), \
+    V(26, EB, EB, CD), V(69, 27, 27, 4E), V(CD, B2, B2, 7F), V(9F, 75, 75, EA), \
+    V(1B, 09, 09, 12), V(9E, 83, 83, 1D), V(74, 2C, 2C, 58), V(2E, 1A, 1A, 34), \
+    V(2D, 1B, 1B, 36), V(B2, 6E, 6E, DC), V(EE, 5A, 5A, B4), V(FB, A0, A0, 5B), \
+    V(F6, 52, 52, A4), V(4D, 3B, 3B, 76), V(61, D6, D6, B7), V(CE, B3, B3, 7D), \
+    V(7B, 29, 29, 52), V(3E, E3, E3, DD), V(71, 2F, 2F, 5E), V(97, 84, 84, 13), \
+    V(F5, 53, 53, A6), V(68, D1, D1, B9), V(00, 00, 00, 00), V(2C, ED, ED, C1), \
+    V(60, 20, 20, 40), V(1F, FC, FC, E3), V(C8, B1, B1, 79), V(ED, 5B, 5B, B6), \
+    V(BE, 6A, 6A, D4), V(46, CB, CB, 8D), V(D9, BE, BE, 67), V(4B, 39, 39, 72), \
+    V(DE, 4A, 4A, 94), V(D4, 4C, 4C, 98), V(E8, 58, 58, B0), V(4A, CF, CF, 85), \
+    V(6B, D0, D0, BB), V(2A, EF, EF, C5), V(E5, AA, AA, 4F), V(16, FB, FB, ED), \
+    V(C5, 43, 43, 86), V(D7, 4D, 4D, 9A), V(55, 33, 33, 66), V(94, 85, 85, 11), \
+    V(CF, 45, 45, 8A), V(10, F9, F9, E9), V(06, 02, 02, 04), V(81, 7F, 7F, FE), \
+    V(F0, 50, 50, A0), V(44, 3C, 3C, 78), V(BA, 9F, 9F, 25), V(E3, A8, A8, 4B), \
+    V(F3, 51, 51, A2), V(FE, A3, A3, 5D), V(C0, 40, 40, 80), V(8A, 8F, 8F, 05), \
+    V(AD, 92, 92, 3F), V(BC, 9D, 9D, 21), V(48, 38, 38, 70), V(04, F5, F5, F1), \
+    V(DF, BC, BC, 63), V(C1, B6, B6, 77), V(75, DA, DA, AF), V(63, 21, 21, 42), \
+    V(30, 10, 10, 20), V(1A, FF, FF, E5), V(0E, F3, F3, FD), V(6D, D2, D2, BF), \
+    V(4C, CD, CD, 81), V(14, 0C, 0C, 18), V(35, 13, 13, 26), V(2F, EC, EC, C3), \
+    V(E1, 5F, 5F, BE), V(A2, 97, 97, 35), V(CC, 44, 44, 88), V(39, 17, 17, 2E), \
+    V(57, C4, C4, 93), V(F2, A7, A7, 55), V(82, 7E, 7E, FC), V(47, 3D, 3D, 7A), \
+    V(AC, 64, 64, C8), V(E7, 5D, 5D, BA), V(2B, 19, 19, 32), V(95, 73, 73, E6), \
+    V(A0, 60, 60, C0), V(98, 81, 81, 19), V(D1, 4F, 4F, 9E), V(7F, DC, DC, A3), \
+    V(66, 22, 22, 44), V(7E, 2A, 2A, 54), V(AB, 90, 90, 3B), V(83, 88, 88, 0B), \
+    V(CA, 46, 46, 8C), V(29, EE, EE, C7), V(D3, B8, B8, 6B), V(3C, 14, 14, 28), \
+    V(79, DE, DE, A7), V(E2, 5E, 5E, BC), V(1D, 0B, 0B, 16), V(76, DB, DB, AD), \
+    V(3B, E0, E0, DB), V(56, 32, 32, 64), V(4E, 3A, 3A, 74), V(1E, 0A, 0A, 14), \
+    V(DB, 49, 49, 92), V(0A, 06, 06, 0C), V(6C, 24, 24, 48), V(E4, 5C, 5C, B8), \
+    V(5D, C2, C2, 9F), V(6E, D3, D3, BD), V(EF, AC, AC, 43), V(A6, 62, 62, C4), \
+    V(A8, 91, 91, 39), V(A4, 95, 95, 31), V(37, E4, E4, D3), V(8B, 79, 79, F2), \
+    V(32, E7, E7, D5), V(43, C8, C8, 8B), V(59, 37, 37, 6E), V(B7, 6D, 6D, DA), \
+    V(8C, 8D, 8D, 01), V(64, D5, D5, B1), V(D2, 4E, 4E, 9C), V(E0, A9, A9, 49), \
+    V(B4, 6C, 6C, D8), V(FA, 56, 56, AC), V(07, F4, F4, F3), V(25, EA, EA, CF), \
+    V(AF, 65, 65, CA), V(8E, 7A, 7A, F4), V(E9, AE, AE, 47), V(18, 08, 08, 10), \
+    V(D5, BA, BA, 6F), V(88, 78, 78, F0), V(6F, 25, 25, 4A), V(72, 2E, 2E, 5C), \
+    V(24, 1C, 1C, 38), V(F1, A6, A6, 57), V(C7, B4, B4, 73), V(51, C6, C6, 97), \
+    V(23, E8, E8, CB), V(7C, DD, DD, A1), V(9C, 74, 74, E8), V(21, 1F, 1F, 3E), \
+    V(DD, 4B, 4B, 96), V(DC, BD, BD, 61), V(86, 8B, 8B, 0D), V(85, 8A, 8A, 0F), \
+    V(90, 70, 70, E0), V(42, 3E, 3E, 7C), V(C4, B5, B5, 71), V(AA, 66, 66, CC), \
+    V(D8, 48, 48, 90), V(05, 03, 03, 06), V(01, F6, F6, F7), V(12, 0E, 0E, 1C), \
+    V(A3, 61, 61, C2), V(5F, 35, 35, 6A), V(F9, 57, 57, AE), V(D0, B9, B9, 69), \
+    V(91, 86, 86, 17), V(58, C1, C1, 99), V(27, 1D, 1D, 3A), V(B9, 9E, 9E, 27), \
+    V(38, E1, E1, D9), V(13, F8, F8, EB), V(B3, 98, 98, 2B), V(33, 11, 11, 22), \
+    V(BB, 69, 69, D2), V(70, D9, D9, A9), V(89, 8E, 8E, 07), V(A7, 94, 94, 33), \
+    V(B6, 9B, 9B, 2D), V(22, 1E, 1E, 3C), V(92, 87, 87, 15), V(20, E9, E9, C9), \
+    V(49, CE, CE, 87), V(FF, 55, 55, AA), V(78, 28, 28, 50), V(7A, DF, DF, A5), \
+    V(8F, 8C, 8C, 03), V(F8, A1, A1, 59), V(80, 89, 89, 09), V(17, 0D, 0D, 1A), \
+    V(DA, BF, BF, 65), V(31, E6, E6, D7), V(C6, 42, 42, 84), V(B8, 68, 68, D0), \
+    V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
+    V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
 
-#define V(a,b,c,d) 0x##a##b##c##d
+#define V(a, b, c, d) 0x##a##b##c##d
 static const uint32_t FT0[256] = { FT };
 #undef V
 
 #if !defined(MBEDTLS_AES_FEWER_TABLES)
 
-#define V(a,b,c,d) 0x##b##c##d##a
+#define V(a, b, c, d) 0x##b##c##d##a
 static const uint32_t FT1[256] = { FT };
 #undef V
 
-#define V(a,b,c,d) 0x##c##d##a##b
+#define V(a, b, c, d) 0x##c##d##a##b
 static const uint32_t FT2[256] = { FT };
 #undef V
 
-#define V(a,b,c,d) 0x##d##a##b##c
+#define V(a, b, c, d) 0x##d##a##b##c
 static const uint32_t FT3[256] = { FT };
 #undef V
 
@@ -225,86 +225,86 @@
  */
 #define RT \
 \
-    V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
-    V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
-    V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
-    V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
-    V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
-    V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
-    V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
-    V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
-    V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
-    V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
-    V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
-    V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
-    V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
-    V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
-    V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
-    V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
-    V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
-    V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
-    V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
-    V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
-    V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
-    V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
-    V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
-    V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
-    V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
-    V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
-    V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
-    V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
-    V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
-    V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
-    V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
-    V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
-    V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
-    V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
-    V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
-    V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
-    V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
-    V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
-    V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
-    V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
-    V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
-    V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
-    V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
-    V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
-    V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
-    V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
-    V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
-    V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
-    V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
-    V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
-    V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
-    V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
-    V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
-    V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
-    V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
-    V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
-    V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
-    V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
-    V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
-    V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
-    V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
-    V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
-    V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
-    V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
+    V(50, A7, F4, 51), V(53, 65, 41, 7E), V(C3, A4, 17, 1A), V(96, 5E, 27, 3A), \
+    V(CB, 6B, AB, 3B), V(F1, 45, 9D, 1F), V(AB, 58, FA, AC), V(93, 03, E3, 4B), \
+    V(55, FA, 30, 20), V(F6, 6D, 76, AD), V(91, 76, CC, 88), V(25, 4C, 02, F5), \
+    V(FC, D7, E5, 4F), V(D7, CB, 2A, C5), V(80, 44, 35, 26), V(8F, A3, 62, B5), \
+    V(49, 5A, B1, DE), V(67, 1B, BA, 25), V(98, 0E, EA, 45), V(E1, C0, FE, 5D), \
+    V(02, 75, 2F, C3), V(12, F0, 4C, 81), V(A3, 97, 46, 8D), V(C6, F9, D3, 6B), \
+    V(E7, 5F, 8F, 03), V(95, 9C, 92, 15), V(EB, 7A, 6D, BF), V(DA, 59, 52, 95), \
+    V(2D, 83, BE, D4), V(D3, 21, 74, 58), V(29, 69, E0, 49), V(44, C8, C9, 8E), \
+    V(6A, 89, C2, 75), V(78, 79, 8E, F4), V(6B, 3E, 58, 99), V(DD, 71, B9, 27), \
+    V(B6, 4F, E1, BE), V(17, AD, 88, F0), V(66, AC, 20, C9), V(B4, 3A, CE, 7D), \
+    V(18, 4A, DF, 63), V(82, 31, 1A, E5), V(60, 33, 51, 97), V(45, 7F, 53, 62), \
+    V(E0, 77, 64, B1), V(84, AE, 6B, BB), V(1C, A0, 81, FE), V(94, 2B, 08, F9), \
+    V(58, 68, 48, 70), V(19, FD, 45, 8F), V(87, 6C, DE, 94), V(B7, F8, 7B, 52), \
+    V(23, D3, 73, AB), V(E2, 02, 4B, 72), V(57, 8F, 1F, E3), V(2A, AB, 55, 66), \
+    V(07, 28, EB, B2), V(03, C2, B5, 2F), V(9A, 7B, C5, 86), V(A5, 08, 37, D3), \
+    V(F2, 87, 28, 30), V(B2, A5, BF, 23), V(BA, 6A, 03, 02), V(5C, 82, 16, ED), \
+    V(2B, 1C, CF, 8A), V(92, B4, 79, A7), V(F0, F2, 07, F3), V(A1, E2, 69, 4E), \
+    V(CD, F4, DA, 65), V(D5, BE, 05, 06), V(1F, 62, 34, D1), V(8A, FE, A6, C4), \
+    V(9D, 53, 2E, 34), V(A0, 55, F3, A2), V(32, E1, 8A, 05), V(75, EB, F6, A4), \
+    V(39, EC, 83, 0B), V(AA, EF, 60, 40), V(06, 9F, 71, 5E), V(51, 10, 6E, BD), \
+    V(F9, 8A, 21, 3E), V(3D, 06, DD, 96), V(AE, 05, 3E, DD), V(46, BD, E6, 4D), \
+    V(B5, 8D, 54, 91), V(05, 5D, C4, 71), V(6F, D4, 06, 04), V(FF, 15, 50, 60), \
+    V(24, FB, 98, 19), V(97, E9, BD, D6), V(CC, 43, 40, 89), V(77, 9E, D9, 67), \
+    V(BD, 42, E8, B0), V(88, 8B, 89, 07), V(38, 5B, 19, E7), V(DB, EE, C8, 79), \
+    V(47, 0A, 7C, A1), V(E9, 0F, 42, 7C), V(C9, 1E, 84, F8), V(00, 00, 00, 00), \
+    V(83, 86, 80, 09), V(48, ED, 2B, 32), V(AC, 70, 11, 1E), V(4E, 72, 5A, 6C), \
+    V(FB, FF, 0E, FD), V(56, 38, 85, 0F), V(1E, D5, AE, 3D), V(27, 39, 2D, 36), \
+    V(64, D9, 0F, 0A), V(21, A6, 5C, 68), V(D1, 54, 5B, 9B), V(3A, 2E, 36, 24), \
+    V(B1, 67, 0A, 0C), V(0F, E7, 57, 93), V(D2, 96, EE, B4), V(9E, 91, 9B, 1B), \
+    V(4F, C5, C0, 80), V(A2, 20, DC, 61), V(69, 4B, 77, 5A), V(16, 1A, 12, 1C), \
+    V(0A, BA, 93, E2), V(E5, 2A, A0, C0), V(43, E0, 22, 3C), V(1D, 17, 1B, 12), \
+    V(0B, 0D, 09, 0E), V(AD, C7, 8B, F2), V(B9, A8, B6, 2D), V(C8, A9, 1E, 14), \
+    V(85, 19, F1, 57), V(4C, 07, 75, AF), V(BB, DD, 99, EE), V(FD, 60, 7F, A3), \
+    V(9F, 26, 01, F7), V(BC, F5, 72, 5C), V(C5, 3B, 66, 44), V(34, 7E, FB, 5B), \
+    V(76, 29, 43, 8B), V(DC, C6, 23, CB), V(68, FC, ED, B6), V(63, F1, E4, B8), \
+    V(CA, DC, 31, D7), V(10, 85, 63, 42), V(40, 22, 97, 13), V(20, 11, C6, 84), \
+    V(7D, 24, 4A, 85), V(F8, 3D, BB, D2), V(11, 32, F9, AE), V(6D, A1, 29, C7), \
+    V(4B, 2F, 9E, 1D), V(F3, 30, B2, DC), V(EC, 52, 86, 0D), V(D0, E3, C1, 77), \
+    V(6C, 16, B3, 2B), V(99, B9, 70, A9), V(FA, 48, 94, 11), V(22, 64, E9, 47), \
+    V(C4, 8C, FC, A8), V(1A, 3F, F0, A0), V(D8, 2C, 7D, 56), V(EF, 90, 33, 22), \
+    V(C7, 4E, 49, 87), V(C1, D1, 38, D9), V(FE, A2, CA, 8C), V(36, 0B, D4, 98), \
+    V(CF, 81, F5, A6), V(28, DE, 7A, A5), V(26, 8E, B7, DA), V(A4, BF, AD, 3F), \
+    V(E4, 9D, 3A, 2C), V(0D, 92, 78, 50), V(9B, CC, 5F, 6A), V(62, 46, 7E, 54), \
+    V(C2, 13, 8D, F6), V(E8, B8, D8, 90), V(5E, F7, 39, 2E), V(F5, AF, C3, 82), \
+    V(BE, 80, 5D, 9F), V(7C, 93, D0, 69), V(A9, 2D, D5, 6F), V(B3, 12, 25, CF), \
+    V(3B, 99, AC, C8), V(A7, 7D, 18, 10), V(6E, 63, 9C, E8), V(7B, BB, 3B, DB), \
+    V(09, 78, 26, CD), V(F4, 18, 59, 6E), V(01, B7, 9A, EC), V(A8, 9A, 4F, 83), \
+    V(65, 6E, 95, E6), V(7E, E6, FF, AA), V(08, CF, BC, 21), V(E6, E8, 15, EF), \
+    V(D9, 9B, E7, BA), V(CE, 36, 6F, 4A), V(D4, 09, 9F, EA), V(D6, 7C, B0, 29), \
+    V(AF, B2, A4, 31), V(31, 23, 3F, 2A), V(30, 94, A5, C6), V(C0, 66, A2, 35), \
+    V(37, BC, 4E, 74), V(A6, CA, 82, FC), V(B0, D0, 90, E0), V(15, D8, A7, 33), \
+    V(4A, 98, 04, F1), V(F7, DA, EC, 41), V(0E, 50, CD, 7F), V(2F, F6, 91, 17), \
+    V(8D, D6, 4D, 76), V(4D, B0, EF, 43), V(54, 4D, AA, CC), V(DF, 04, 96, E4), \
+    V(E3, B5, D1, 9E), V(1B, 88, 6A, 4C), V(B8, 1F, 2C, C1), V(7F, 51, 65, 46), \
+    V(04, EA, 5E, 9D), V(5D, 35, 8C, 01), V(73, 74, 87, FA), V(2E, 41, 0B, FB), \
+    V(5A, 1D, 67, B3), V(52, D2, DB, 92), V(33, 56, 10, E9), V(13, 47, D6, 6D), \
+    V(8C, 61, D7, 9A), V(7A, 0C, A1, 37), V(8E, 14, F8, 59), V(89, 3C, 13, EB), \
+    V(EE, 27, A9, CE), V(35, C9, 61, B7), V(ED, E5, 1C, E1), V(3C, B1, 47, 7A), \
+    V(59, DF, D2, 9C), V(3F, 73, F2, 55), V(79, CE, 14, 18), V(BF, 37, C7, 73), \
+    V(EA, CD, F7, 53), V(5B, AA, FD, 5F), V(14, 6F, 3D, DF), V(86, DB, 44, 78), \
+    V(81, F3, AF, CA), V(3E, C4, 68, B9), V(2C, 34, 24, 38), V(5F, 40, A3, C2), \
+    V(72, C3, 1D, 16), V(0C, 25, E2, BC), V(8B, 49, 3C, 28), V(41, 95, 0D, FF), \
+    V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
+    V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
 
-#define V(a,b,c,d) 0x##a##b##c##d
+#define V(a, b, c, d) 0x##a##b##c##d
 static const uint32_t RT0[256] = { RT };
 #undef V
 
 #if !defined(MBEDTLS_AES_FEWER_TABLES)
 
-#define V(a,b,c,d) 0x##b##c##d##a
+#define V(a, b, c, d) 0x##b##c##d##a
 static const uint32_t RT1[256] = { RT };
 #undef V
 
-#define V(a,b,c,d) 0x##c##d##a##b
+#define V(a, b, c, d) 0x##c##d##a##b
 static const uint32_t RT2[256] = { RT };
 #undef V
 
-#define V(a,b,c,d) 0x##d##a##b##c
+#define V(a, b, c, d) 0x##d##a##b##c
 static const uint32_t RT3[256] = { RT };
 #undef V
 
@@ -354,13 +354,13 @@
 /*
  * Tables generation code
  */
-#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
-#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
+#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24)
+#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00))
+#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0)
 
 static int aes_init_done = 0;
 
-static void aes_gen_tables( void )
+static void aes_gen_tables(void)
 {
     int i, x, y, z;
     int pow[256];
@@ -369,20 +369,18 @@
     /*
      * compute pow and log tables over GF(2^8)
      */
-    for( i = 0, x = 1; i < 256; i++ )
-    {
+    for (i = 0, x = 1; i < 256; i++) {
         pow[i] = x;
         log[x] = i;
-        x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
+        x = MBEDTLS_BYTE_0(x ^ XTIME(x));
     }
 
     /*
      * calculate the round constants
      */
-    for( i = 0, x = 1; i < 10; i++ )
-    {
+    for (i = 0, x = 1; i < 10; i++) {
         RCON[i] = (uint32_t) x;
-        x = MBEDTLS_BYTE_0( XTIME( x ) );
+        x = MBEDTLS_BYTE_0(XTIME(x));
     }
 
     /*
@@ -391,14 +389,13 @@
     FSb[0x00] = 0x63;
     RSb[0x63] = 0x00;
 
-    for( i = 1; i < 256; i++ )
-    {
+    for (i = 1; i < 256; i++) {
         x = pow[255 - log[i]];
 
-        y  = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
+        y  = x; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+        x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+        x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
+        x ^= y; y = MBEDTLS_BYTE_0((y << 1) | (y >> 7));
         x ^= y ^ 0x63;
 
         FSb[i] = (unsigned char) x;
@@ -408,34 +405,33 @@
     /*
      * generate the forward and reverse tables
      */
-    for( i = 0; i < 256; i++ )
-    {
+    for (i = 0; i < 256; i++) {
         x = FSb[i];
-        y = MBEDTLS_BYTE_0( XTIME( x ) );
-        z = MBEDTLS_BYTE_0( y ^ x );
+        y = MBEDTLS_BYTE_0(XTIME(x));
+        z = MBEDTLS_BYTE_0(y ^ x);
 
-        FT0[i] = ( (uint32_t) y       ) ^
-                 ( (uint32_t) x <<  8 ) ^
-                 ( (uint32_t) x << 16 ) ^
-                 ( (uint32_t) z << 24 );
+        FT0[i] = ((uint32_t) y) ^
+                 ((uint32_t) x <<  8) ^
+                 ((uint32_t) x << 16) ^
+                 ((uint32_t) z << 24);
 
 #if !defined(MBEDTLS_AES_FEWER_TABLES)
-        FT1[i] = ROTL8( FT0[i] );
-        FT2[i] = ROTL8( FT1[i] );
-        FT3[i] = ROTL8( FT2[i] );
+        FT1[i] = ROTL8(FT0[i]);
+        FT2[i] = ROTL8(FT1[i]);
+        FT3[i] = ROTL8(FT2[i]);
 #endif /* !MBEDTLS_AES_FEWER_TABLES */
 
         x = RSb[i];
 
-        RT0[i] = ( (uint32_t) MUL( 0x0E, x )       ) ^
-                 ( (uint32_t) MUL( 0x09, x ) <<  8 ) ^
-                 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
-                 ( (uint32_t) MUL( 0x0B, x ) << 24 );
+        RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
+                 ((uint32_t) MUL(0x09, x) <<  8) ^
+                 ((uint32_t) MUL(0x0D, x) << 16) ^
+                 ((uint32_t) MUL(0x0B, x) << 24);
 
 #if !defined(MBEDTLS_AES_FEWER_TABLES)
-        RT1[i] = ROTL8( RT0[i] );
-        RT2[i] = ROTL8( RT1[i] );
-        RT3[i] = ROTL8( RT2[i] );
+        RT1[i] = ROTL8(RT0[i]);
+        RT2[i] = ROTL8(RT1[i]);
+        RT3[i] = ROTL8(RT2[i]);
 #endif /* !MBEDTLS_AES_FEWER_TABLES */
     }
 }
@@ -446,19 +442,19 @@
 
 #if defined(MBEDTLS_AES_FEWER_TABLES)
 
-#define ROTL8(x)  ( (uint32_t)( ( x ) <<  8 ) + (uint32_t)( ( x ) >> 24 ) )
-#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
-#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >>  8 ) )
+#define ROTL8(x)  ((uint32_t) ((x) <<  8) + (uint32_t) ((x) >> 24))
+#define ROTL16(x) ((uint32_t) ((x) << 16) + (uint32_t) ((x) >> 16))
+#define ROTL24(x) ((uint32_t) ((x) << 24) + (uint32_t) ((x) >>  8))
 
 #define AES_RT0(idx) RT0[idx]
-#define AES_RT1(idx) ROTL8(  RT0[idx] )
-#define AES_RT2(idx) ROTL16( RT0[idx] )
-#define AES_RT3(idx) ROTL24( RT0[idx] )
+#define AES_RT1(idx) ROTL8(RT0[idx])
+#define AES_RT2(idx) ROTL16(RT0[idx])
+#define AES_RT3(idx) ROTL24(RT0[idx])
 
 #define AES_FT0(idx) FT0[idx]
-#define AES_FT1(idx) ROTL8(  FT0[idx] )
-#define AES_FT2(idx) ROTL16( FT0[idx] )
-#define AES_FT3(idx) ROTL24( FT0[idx] )
+#define AES_FT1(idx) ROTL8(FT0[idx])
+#define AES_FT2(idx) ROTL16(FT0[idx])
+#define AES_FT3(idx) ROTL24(FT0[idx])
 
 #else /* MBEDTLS_AES_FEWER_TABLES */
 
@@ -474,33 +470,35 @@
 
 #endif /* MBEDTLS_AES_FEWER_TABLES */
 
-void mbedtls_aes_init( mbedtls_aes_context *ctx )
+void mbedtls_aes_init(mbedtls_aes_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_aes_context ) );
+    memset(ctx, 0, sizeof(mbedtls_aes_context));
 }
 
-void mbedtls_aes_free( mbedtls_aes_context *ctx )
+void mbedtls_aes_free(mbedtls_aes_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context));
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx)
 {
-    mbedtls_aes_init( &ctx->crypt );
-    mbedtls_aes_init( &ctx->tweak );
+    mbedtls_aes_init(&ctx->crypt);
+    mbedtls_aes_init(&ctx->tweak);
 }
 
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_aes_free( &ctx->crypt );
-    mbedtls_aes_free( &ctx->tweak );
+    mbedtls_aes_free(&ctx->crypt);
+    mbedtls_aes_free(&ctx->tweak);
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
@@ -508,23 +506,21 @@
  * AES key schedule (encryption)
  */
 #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
+                           unsigned int keybits)
 {
     unsigned int i;
     uint32_t *RK;
 
-    switch( keybits )
-    {
+    switch (keybits) {
         case 128: ctx->nr = 10; break;
         case 192: ctx->nr = 12; break;
         case 256: ctx->nr = 14; break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+        default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }
 
 #if !defined(MBEDTLS_AES_ROM_TABLES)
-    if( aes_init_done == 0 )
-    {
+    if (aes_init_done == 0) {
         aes_gen_tables();
         aes_init_done = 1;
     }
@@ -532,35 +528,35 @@
 
     ctx->rk_offset = 0;
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+    if (aes_padlock_ace == -1) {
+        aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
+    }
 
-    if( aes_padlock_ace )
-        ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ) - ctx->buf;
+    if (aes_padlock_ace) {
+        ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16(ctx->buf) - ctx->buf;
+    }
 #endif
     RK = ctx->buf + ctx->rk_offset;
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_setkey_enc( (unsigned char *) RK, key, keybits ) );
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+        return mbedtls_aesni_setkey_enc((unsigned char *) RK, key, keybits);
+    }
 #endif
 
-    for( i = 0; i < ( keybits >> 5 ); i++ )
-    {
-        RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
+    for (i = 0; i < (keybits >> 5); i++) {
+        RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2);
     }
 
-    switch( ctx->nr )
-    {
+    switch (ctx->nr) {
         case 10:
 
-            for( i = 0; i < 10; i++, RK += 4 )
-            {
+            for (i = 0; i < 10; i++, RK += 4) {
                 RK[4]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
+                         ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] <<  8) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[3])] << 24);
 
                 RK[5]  = RK[1] ^ RK[4];
                 RK[6]  = RK[2] ^ RK[5];
@@ -570,13 +566,12 @@
 
         case 12:
 
-            for( i = 0; i < 8; i++, RK += 6 )
-            {
+            for (i = 0; i < 8; i++, RK += 6) {
                 RK[6]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
+                         ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] <<  8) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[5])] << 24);
 
                 RK[7]  = RK[1] ^ RK[6];
                 RK[8]  = RK[2] ^ RK[7];
@@ -588,23 +583,22 @@
 
         case 14:
 
-            for( i = 0; i < 7; i++, RK += 8 )
-            {
+            for (i = 0; i < 7; i++, RK += 8) {
                 RK[8]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
+                         ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] <<  8) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[7])] << 24);
 
                 RK[9]  = RK[1] ^ RK[8];
                 RK[10] = RK[2] ^ RK[9];
                 RK[11] = RK[3] ^ RK[10];
 
                 RK[12] = RK[4] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
+                         ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[11])]) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[11])] <<  8) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[11])] << 16) ^
+                         ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[11])] << 24);
 
                 RK[13] = RK[5] ^ RK[12];
                 RK[14] = RK[6] ^ RK[13];
@@ -613,7 +607,7 @@
             break;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
 
@@ -621,37 +615,39 @@
  * AES key schedule (decryption)
  */
 #if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
+                           unsigned int keybits)
 {
     int i, j, ret;
     mbedtls_aes_context cty;
     uint32_t *RK;
     uint32_t *SK;
 
-    mbedtls_aes_init( &cty );
+    mbedtls_aes_init(&cty);
 
     ctx->rk_offset = 0;
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+    if (aes_padlock_ace == -1) {
+        aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
+    }
 
-    if( aes_padlock_ace )
-        ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ) - ctx->buf;
+    if (aes_padlock_ace) {
+        ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16(ctx->buf) - ctx->buf;
+    }
 #endif
     RK = ctx->buf + ctx->rk_offset;
 
     /* Also checks keybits */
-    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
+    if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) {
         goto exit;
+    }
 
     ctx->nr = cty.nr;
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-    {
-        mbedtls_aesni_inverse_key( (unsigned char *) RK,
-                           (const unsigned char *) ( cty.buf + cty.rk_offset ), ctx->nr );
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+        mbedtls_aesni_inverse_key((unsigned char *) RK,
+                                  (const unsigned char *) (cty.buf + cty.rk_offset), ctx->nr);
         goto exit;
     }
 #endif
@@ -663,14 +659,12 @@
     *RK++ = *SK++;
     *RK++ = *SK++;
 
-    for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
-    {
-        for( j = 0; j < 4; j++, SK++ )
-        {
-            *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
-                    AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
-                    AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
-                    AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
+    for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) {
+        for (j = 0; j < 4; j++, SK++) {
+            *RK++ = AES_RT0(FSb[MBEDTLS_BYTE_0(*SK)]) ^
+                    AES_RT1(FSb[MBEDTLS_BYTE_1(*SK)]) ^
+                    AES_RT2(FSb[MBEDTLS_BYTE_2(*SK)]) ^
+                    AES_RT3(FSb[MBEDTLS_BYTE_3(*SK)]);
         }
     }
 
@@ -680,28 +674,27 @@
     *RK++ = *SK++;
 
 exit:
-    mbedtls_aes_free( &cty );
+    mbedtls_aes_free(&cty);
 
-    return( ret );
+    return ret;
 }
 #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
-                                        unsigned int keybits,
-                                        const unsigned char **key1,
-                                        unsigned int *key1bits,
-                                        const unsigned char **key2,
-                                        unsigned int *key2bits )
+static int mbedtls_aes_xts_decode_keys(const unsigned char *key,
+                                       unsigned int keybits,
+                                       const unsigned char **key1,
+                                       unsigned int *key1bits,
+                                       const unsigned char **key2,
+                                       unsigned int *key2bits)
 {
     const unsigned int half_keybits = keybits / 2;
     const unsigned int half_keybytes = half_keybits / 8;
 
-    switch( keybits )
-    {
+    switch (keybits) {
         case 256: break;
         case 512: break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+        default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }
 
     *key1bits = half_keybits;
@@ -712,160 +705,162 @@
     return 0;
 }
 
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
-    ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits,
+                                      &key2, &key2bits);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Set the tweak key. Always set tweak key for the encryption mode. */
-    ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Set crypt key for encryption. */
-    return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits );
+    return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits);
 }
 
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
-    ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits,
+                                      &key2, &key2bits);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Set the tweak key. Always set tweak key for encryption. */
-    ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Set crypt key for decryption. */
-    return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits );
+    return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits);
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
+#define AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3)                 \
     do                                                      \
     {                                                       \
-        (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y3 ) );     \
+        (X0) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y0)) ^    \
+               AES_FT1(MBEDTLS_BYTE_1(Y1)) ^    \
+               AES_FT2(MBEDTLS_BYTE_2(Y2)) ^    \
+               AES_FT3(MBEDTLS_BYTE_3(Y3));     \
                                                             \
-        (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y0 ) );     \
+        (X1) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y1)) ^    \
+               AES_FT1(MBEDTLS_BYTE_1(Y2)) ^    \
+               AES_FT2(MBEDTLS_BYTE_2(Y3)) ^    \
+               AES_FT3(MBEDTLS_BYTE_3(Y0));     \
                                                             \
-        (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y1 ) );     \
+        (X2) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y2)) ^    \
+               AES_FT1(MBEDTLS_BYTE_1(Y3)) ^    \
+               AES_FT2(MBEDTLS_BYTE_2(Y0)) ^    \
+               AES_FT3(MBEDTLS_BYTE_3(Y1));     \
                                                             \
-        (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y2 ) );     \
-    } while( 0 )
+        (X3) = *RK++ ^ AES_FT0(MBEDTLS_BYTE_0(Y3)) ^    \
+               AES_FT1(MBEDTLS_BYTE_1(Y0)) ^    \
+               AES_FT2(MBEDTLS_BYTE_2(Y1)) ^    \
+               AES_FT3(MBEDTLS_BYTE_3(Y2));     \
+    } while (0)
 
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
+#define AES_RROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3)                 \
     do                                                      \
     {                                                       \
-        (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y1 ) );     \
+        (X0) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y0)) ^    \
+               AES_RT1(MBEDTLS_BYTE_1(Y3)) ^    \
+               AES_RT2(MBEDTLS_BYTE_2(Y2)) ^    \
+               AES_RT3(MBEDTLS_BYTE_3(Y1));     \
                                                             \
-        (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y2 ) );     \
+        (X1) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y1)) ^    \
+               AES_RT1(MBEDTLS_BYTE_1(Y0)) ^    \
+               AES_RT2(MBEDTLS_BYTE_2(Y3)) ^    \
+               AES_RT3(MBEDTLS_BYTE_3(Y2));     \
                                                             \
-        (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y3 ) );     \
+        (X2) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y2)) ^    \
+               AES_RT1(MBEDTLS_BYTE_1(Y1)) ^    \
+               AES_RT2(MBEDTLS_BYTE_2(Y0)) ^    \
+               AES_RT3(MBEDTLS_BYTE_3(Y3));     \
                                                             \
-        (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y0 ) );     \
-    } while( 0 )
+        (X3) = *RK++ ^ AES_RT0(MBEDTLS_BYTE_0(Y3)) ^    \
+               AES_RT1(MBEDTLS_BYTE_1(Y2)) ^    \
+               AES_RT2(MBEDTLS_BYTE_2(Y1)) ^    \
+               AES_RT3(MBEDTLS_BYTE_3(Y0));     \
+    } while (0)
 
 /*
  * AES-ECB block encryption
  */
 #if !defined(MBEDTLS_AES_ENCRYPT_ALT)
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16])
 {
     int i;
     uint32_t *RK = ctx->buf + ctx->rk_offset;
-    struct
-    {
+    struct {
         uint32_t X[4];
         uint32_t Y[4];
     } t;
 
-    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
-    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
-    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
-    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
+    t.X[0] = MBEDTLS_GET_UINT32_LE(input,  0); t.X[0] ^= *RK++;
+    t.X[1] = MBEDTLS_GET_UINT32_LE(input,  4); t.X[1] ^= *RK++;
+    t.X[2] = MBEDTLS_GET_UINT32_LE(input,  8); t.X[2] ^= *RK++;
+    t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++;
 
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-        AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
+    for (i = (ctx->nr >> 1) - 1; i > 0; i--) {
+        AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
+        AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]);
     }
 
-    AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+    AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
 
     t.X[0] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
+             ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[0])]) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[1])] <<  8) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[3])] << 24);
 
     t.X[1] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
+             ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[1])]) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[2])] <<  8) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[0])] << 24);
 
     t.X[2] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
+             ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[2])]) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[3])] <<  8) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[1])] << 24);
 
     t.X[3] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
+             ((uint32_t) FSb[MBEDTLS_BYTE_0(t.Y[3])]) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_1(t.Y[0])] <<  8) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^
+             ((uint32_t) FSb[MBEDTLS_BYTE_3(t.Y[2])] << 24);
 
-    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE(t.X[0], output,  0);
+    MBEDTLS_PUT_UINT32_LE(t.X[1], output,  4);
+    MBEDTLS_PUT_UINT32_LE(t.X[2], output,  8);
+    MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12);
 
-    mbedtls_platform_zeroize( &t, sizeof( t ) );
+    mbedtls_platform_zeroize(&t, sizeof(t));
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_AES_ENCRYPT_ALT */
 
@@ -873,87 +868,87 @@
  * AES-ECB block decryption
  */
 #if !defined(MBEDTLS_AES_DECRYPT_ALT)
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16])
 {
     int i;
     uint32_t *RK = ctx->buf + ctx->rk_offset;
-    struct
-    {
+    struct {
         uint32_t X[4];
         uint32_t Y[4];
     } t;
 
-    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
-    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
-    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
-    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
+    t.X[0] = MBEDTLS_GET_UINT32_LE(input,  0); t.X[0] ^= *RK++;
+    t.X[1] = MBEDTLS_GET_UINT32_LE(input,  4); t.X[1] ^= *RK++;
+    t.X[2] = MBEDTLS_GET_UINT32_LE(input,  8); t.X[2] ^= *RK++;
+    t.X[3] = MBEDTLS_GET_UINT32_LE(input, 12); t.X[3] ^= *RK++;
 
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-        AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
+    for (i = (ctx->nr >> 1) - 1; i > 0; i--) {
+        AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
+        AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]);
     }
 
-    AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
+    AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]);
 
     t.X[0] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
+             ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[0])]) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[3])] <<  8) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[2])] << 16) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[1])] << 24);
 
     t.X[1] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
+             ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[1])]) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[0])] <<  8) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[3])] << 16) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[2])] << 24);
 
     t.X[2] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
+             ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[2])]) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[1])] <<  8) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[0])] << 16) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[3])] << 24);
 
     t.X[3] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
+             ((uint32_t) RSb[MBEDTLS_BYTE_0(t.Y[3])]) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_1(t.Y[2])] <<  8) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_2(t.Y[1])] << 16) ^
+             ((uint32_t) RSb[MBEDTLS_BYTE_3(t.Y[0])] << 24);
 
-    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE(t.X[0], output,  0);
+    MBEDTLS_PUT_UINT32_LE(t.X[1], output,  4);
+    MBEDTLS_PUT_UINT32_LE(t.X[2], output,  8);
+    MBEDTLS_PUT_UINT32_LE(t.X[3], output, 12);
 
-    mbedtls_platform_zeroize( &t, sizeof( t ) );
+    mbedtls_platform_zeroize(&t, sizeof(t));
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_AES_DECRYPT_ALT */
 
 /*
  * AES-ECB block encryption/decryption
  */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                           int mode,
-                           const unsigned char input[16],
-                           unsigned char output[16] )
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+                          int mode,
+                          const unsigned char input[16],
+                          unsigned char output[16])
 {
-    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+    if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+        return mbedtls_aesni_crypt_ecb(ctx, mode, input, output);
+    }
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace > 0)
-    {
-        if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
-            return( 0 );
+    if (aes_padlock_ace > 0) {
+        if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) {
+            return 0;
+        }
 
         // If padlock data misaligned, we just fall back to
         // unaccelerated mode
@@ -961,37 +956,40 @@
     }
 #endif
 
-    if( mode == MBEDTLS_AES_ENCRYPT )
-        return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
-    else
-        return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
+    if (mode == MBEDTLS_AES_ENCRYPT) {
+        return mbedtls_internal_aes_encrypt(ctx, input, output);
+    } else {
+        return mbedtls_internal_aes_decrypt(ctx, input, output);
+    }
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /*
  * AES-CBC buffer encryption/decryption
  */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output )
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+                          int mode,
+                          size_t length,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[16];
 
-    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+    if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
-    if( length % 16 )
-        return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+    if (length % 16) {
+        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
 
 #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace > 0 )
-    {
-        if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
-            return( 0 );
+    if (aes_padlock_ace > 0) {
+        if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
+            return 0;
+        }
 
         // If padlock data misaligned, we just fall back to
         // unaccelerated mode
@@ -999,34 +997,31 @@
     }
 #endif
 
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
-            if( ret != 0 )
+    if (mode == MBEDTLS_AES_DECRYPT) {
+        while (length > 0) {
+            memcpy(temp, input, 16);
+            ret = mbedtls_aes_crypt_ecb(ctx, mode, input, output);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            mbedtls_xor( output, output, iv, 16 );
+            mbedtls_xor(output, output, iv, 16);
 
-            memcpy( iv, temp, 16 );
+            memcpy(iv, temp, 16);
 
             input  += 16;
             output += 16;
             length -= 16;
         }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            mbedtls_xor( output, input, iv, 16 );
+    } else {
+        while (length > 0) {
+            mbedtls_xor(output, input, iv, 16);
 
-            ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
-            if( ret != 0 )
+            ret = mbedtls_aes_crypt_ecb(ctx, mode, output, output);
+            if (ret != 0) {
                 goto exit;
-            memcpy( iv, output, 16 );
+            }
+            memcpy(iv, output, 16);
 
             input  += 16;
             output += 16;
@@ -1036,7 +1031,7 @@
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -1052,30 +1047,30 @@
  * for machine endianness and hence works correctly on both big and little
  * endian machines.
  */
-static void mbedtls_gf128mul_x_ble( unsigned char r[16],
-                                    const unsigned char x[16] )
+static void mbedtls_gf128mul_x_ble(unsigned char r[16],
+                                   const unsigned char x[16])
 {
     uint64_t a, b, ra, rb;
 
-    a = MBEDTLS_GET_UINT64_LE( x, 0 );
-    b = MBEDTLS_GET_UINT64_LE( x, 8 );
+    a = MBEDTLS_GET_UINT64_LE(x, 0);
+    b = MBEDTLS_GET_UINT64_LE(x, 8);
 
-    ra = ( a << 1 )  ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
-    rb = ( a >> 63 ) | ( b << 1 );
+    ra = (a << 1)  ^ 0x0087 >> (8 - ((b >> 63) << 3));
+    rb = (a >> 63) | (b << 1);
 
-    MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
-    MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
+    MBEDTLS_PUT_UINT64_LE(ra, r, 0);
+    MBEDTLS_PUT_UINT64_LE(rb, r, 8);
 }
 
 /*
  * AES-XTS buffer encryption/decryption
  */
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output )
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+                          int mode,
+                          size_t length,
+                          const unsigned char data_unit[16],
+                          const unsigned char *input,
+                          unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t blocks = length / 16;
@@ -1084,53 +1079,55 @@
     unsigned char prev_tweak[16];
     unsigned char tmp[16];
 
-    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+    if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
     /* Data units must be at least 16 bytes long. */
-    if( length < 16 )
+    if (length < 16) {
         return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
 
     /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
-    if( length > ( 1 << 20 ) * 16 )
+    if (length > (1 << 20) * 16) {
         return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
 
     /* Compute the tweak. */
-    ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
-                                 data_unit, tweak );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT,
+                                data_unit, tweak);
+    if (ret != 0) {
+        return ret;
+    }
 
-    while( blocks-- )
-    {
-        if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
-        {
+    while (blocks--) {
+        if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) {
             /* We are on the last block in a decrypt operation that has
              * leftover bytes, so we need to use the next tweak for this block,
              * and this tweak for the leftover bytes. Save the current tweak for
              * the leftovers and then update the current tweak for use on this,
              * the last full block. */
-            memcpy( prev_tweak, tweak, sizeof( tweak ) );
-            mbedtls_gf128mul_x_ble( tweak, tweak );
+            memcpy(prev_tweak, tweak, sizeof(tweak));
+            mbedtls_gf128mul_x_ble(tweak, tweak);
         }
 
-        mbedtls_xor( tmp, input, tweak, 16 );
+        mbedtls_xor(tmp, input, tweak, 16);
 
-        ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
-            return( ret );
+        ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp);
+        if (ret != 0) {
+            return ret;
+        }
 
-        mbedtls_xor( output, tmp, tweak, 16 );
+        mbedtls_xor(output, tmp, tweak, 16);
 
         /* Update the tweak for the next block. */
-        mbedtls_gf128mul_x_ble( tweak, tweak );
+        mbedtls_gf128mul_x_ble(tweak, tweak);
 
         output += 16;
         input += 16;
     }
 
-    if( leftover )
-    {
+    if (leftover) {
         /* If we are on the leftover bytes in a decrypt operation, we need to
          * use the previous tweak for these bytes (as saved in prev_tweak). */
         unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
@@ -1142,28 +1139,28 @@
 
         /* Copy ciphertext bytes from the previous block to our output for each
          * byte of ciphertext we won't steal. */
-        for( i = 0; i < leftover; i++ )
-        {
+        for (i = 0; i < leftover; i++) {
             output[i] = prev_output[i];
         }
 
         /* Copy the remainder of the input for this final round. */
-        mbedtls_xor( tmp, input, t, leftover );
+        mbedtls_xor(tmp, input, t, leftover);
 
         /* Copy ciphertext bytes from the previous block for input in this
          * round. */
-        mbedtls_xor( tmp + i, prev_output + i, t + i, 16 - i );
+        mbedtls_xor(tmp + i, prev_output + i, t + i, 16 - i);
 
-        ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
+        ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp);
+        if (ret != 0) {
             return ret;
+        }
 
         /* Write the result back to the previous block, overriding the previous
          * output we copied. */
-        mbedtls_xor( prev_output, tmp, t, 16 );
+        mbedtls_xor(prev_output, tmp, t, 16);
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
@@ -1171,58 +1168,55 @@
 /*
  * AES-CFB128 buffer encryption/decryption
  */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+                             int mode,
+                             size_t length,
+                             size_t *iv_off,
+                             unsigned char iv[16],
+                             const unsigned char *input,
+                             unsigned char *output)
 {
     int c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
-    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+    if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
     n = *iv_off;
 
-    if( n > 15 )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    if (n > 15) {
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-            {
-                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-                if( ret != 0 )
+    if (mode == MBEDTLS_AES_DECRYPT) {
+        while (length--) {
+            if (n == 0) {
+                ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+                if (ret != 0) {
                     goto exit;
+                }
             }
 
             c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
+            *output++ = (unsigned char) (c ^ iv[n]);
             iv[n] = (unsigned char) c;
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-            {
-                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-                if( ret != 0 )
+    } else {
+        while (length--) {
+            if (n == 0) {
+                ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+                if (ret != 0) {
                     goto exit;
+                }
             }
 
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+            iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
     }
 
@@ -1230,46 +1224,49 @@
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 
 /*
  * AES-CFB8 buffer encryption/decryption
  */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[16],
-                            const unsigned char *input,
-                            unsigned char *output )
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[16],
+                           const unsigned char *input,
+                           unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char c;
     unsigned char ov[17];
 
-    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+    if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
-    while( length-- )
-    {
-        memcpy( ov, iv, 16 );
-        ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-        if( ret != 0 )
+    }
+    while (length--) {
+        memcpy(ov, iv, 16);
+        ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+        if (ret != 0) {
             goto exit;
+        }
 
-        if( mode == MBEDTLS_AES_DECRYPT )
+        if (mode == MBEDTLS_AES_DECRYPT) {
             ov[16] = *input;
+        }
 
-        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
+        c = *output++ = (unsigned char) (iv[0] ^ *input++);
 
-        if( mode == MBEDTLS_AES_ENCRYPT )
+        if (mode == MBEDTLS_AES_ENCRYPT) {
             ov[16] = c;
+        }
 
-        memcpy( iv, ov + 1, 16 );
+        memcpy(iv, ov + 1, 16);
     }
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -1277,38 +1274,38 @@
 /*
  * AES-OFB (Output Feedback Mode) buffer encryption/decryption
  */
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
-                           size_t length,
-                           size_t *iv_off,
-                           unsigned char iv[16],
-                           const unsigned char *input,
-                           unsigned char *output )
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output)
 {
     int ret = 0;
     size_t n;
 
     n = *iv_off;
 
-    if( n > 15 )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    if (n > 15) {
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
-    {
-        if( n == 0 )
-        {
-            ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-            if( ret != 0 )
+    while (length--) {
+        if (n == 0) {
+            ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv);
+            if (ret != 0) {
                 goto exit;
+            }
         }
         *output++ =  *input++ ^ iv[n];
 
-        n = ( n + 1 ) & 0x0F;
+        n = (n + 1) & 0x0F;
     }
 
     *iv_off = n;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
 
@@ -1316,13 +1313,13 @@
 /*
  * AES-CTR buffer encryption/decryption
  */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+                          size_t length,
+                          size_t *nc_off,
+                          unsigned char nonce_counter[16],
+                          unsigned char stream_block[16],
+                          const unsigned char *input,
+                          unsigned char *output)
 {
     int c, i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1330,31 +1327,34 @@
 
     n = *nc_off;
 
-    if ( n > 0x0F )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    if (n > 0x0F) {
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
-    {
-        if( n == 0 ) {
-            ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
-            if( ret != 0 )
+    while (length--) {
+        if (n == 0) {
+            ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
+            for (i = 16; i > 0; i--) {
+                if (++nonce_counter[i - 1] != 0) {
                     break;
+                }
+            }
         }
         c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
+        *output++ = (unsigned char) (c ^ stream_block[n]);
 
-        n = ( n + 1 ) & 0x0F;
+        n = (n + 1) & 0x0F;
     }
 
     *nc_off = n;
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
@@ -1600,7 +1600,7 @@
 };
 
 static const int aes_test_ctr_len[3] =
-    { 16, 32, 36 };
+{ 16, 32, 36 };
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -1661,12 +1661,12 @@
 
 static const unsigned char aes_test_xts_data_unit[][16] =
 {
-   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
 };
 
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
@@ -1674,7 +1674,7 @@
 /*
  * Checkup routine
  */
-int mbedtls_aes_self_test( int verbose )
+int mbedtls_aes_self_test(int verbose)
 {
     int ret = 0, i, j, u, mode;
     unsigned int keybits;
@@ -1701,32 +1701,29 @@
 #endif
     mbedtls_aes_context ctx;
 
-    memset( key, 0, 32 );
-    mbedtls_aes_init( &ctx );
+    memset(key, 0, 32);
+    mbedtls_aes_init(&ctx);
 
     /*
      * ECB mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         keybits = 128 + u * 64;
         mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-ECB-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_ecb_dec[u];
+        if (verbose != 0) {
+            mbedtls_printf("  AES-ECB-%3u (%s): ", keybits,
+                           (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
         }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+
+        memset(buf, 0, 16);
+
+        if (mode == MBEDTLS_AES_DECRYPT) {
+            ret = mbedtls_aes_setkey_dec(&ctx, key, keybits);
+            aes_tests = aes_test_ecb_dec[u];
+        } else {
+            ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
             aes_tests = aes_test_ecb_enc[u];
         }
 
@@ -1735,62 +1732,57 @@
          * there is an alternative underlying implementation i.e. when
          * MBEDTLS_AES_ALT is defined.
          */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
+        if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+            mbedtls_printf("skipped\n");
             continue;
-        }
-        else if( ret != 0 )
-        {
+        } else if (ret != 0) {
             goto exit;
         }
 
-        for( j = 0; j < 10000; j++ )
-        {
-            ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
-            if( ret != 0 )
+        for (j = 0; j < 10000; j++) {
+            ret = mbedtls_aes_crypt_ecb(&ctx, mode, buf, buf);
+            if (ret != 0) {
                 goto exit;
+            }
         }
 
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
+        if (memcmp(buf, aes_tests, 16) != 0) {
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /*
      * CBC mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         keybits = 128 + u * 64;
         mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CBC-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( iv , 0, 16 );
-        memset( prv, 0, 16 );
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_cbc_dec[u];
+        if (verbose != 0) {
+            mbedtls_printf("  AES-CBC-%3u (%s): ", keybits,
+                           (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
         }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+
+        memset(iv, 0, 16);
+        memset(prv, 0, 16);
+        memset(buf, 0, 16);
+
+        if (mode == MBEDTLS_AES_DECRYPT) {
+            ret = mbedtls_aes_setkey_dec(&ctx, key, keybits);
+            aes_tests = aes_test_cbc_dec[u];
+        } else {
+            ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
             aes_tests = aes_test_cbc_enc[u];
         }
 
@@ -1799,301 +1791,292 @@
          * there is an alternative underlying implementation i.e. when
          * MBEDTLS_AES_ALT is defined.
          */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
+        if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+            mbedtls_printf("skipped\n");
             continue;
-        }
-        else if( ret != 0 )
-        {
+        } else if (ret != 0) {
             goto exit;
         }
 
-        for( j = 0; j < 10000; j++ )
-        {
-            if( mode == MBEDTLS_AES_ENCRYPT )
-            {
+        for (j = 0; j < 10000; j++) {
+            if (mode == MBEDTLS_AES_ENCRYPT) {
                 unsigned char tmp[16];
 
-                memcpy( tmp, prv, 16 );
-                memcpy( prv, buf, 16 );
-                memcpy( buf, tmp, 16 );
+                memcpy(tmp, prv, 16);
+                memcpy(prv, buf, 16);
+                memcpy(buf, tmp, 16);
             }
 
-            ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
-            if( ret != 0 )
+            ret = mbedtls_aes_crypt_cbc(&ctx, mode, 16, iv, buf, buf);
+            if (ret != 0) {
                 goto exit;
+            }
 
         }
 
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
+        if (memcmp(buf, aes_tests, 16) != 0) {
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
     /*
      * CFB128 mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         keybits = 128 + u * 64;
         mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CFB128-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+        if (verbose != 0) {
+            mbedtls_printf("  AES-CFB128-%3u (%s): ", keybits,
+                           (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+        }
 
-        memcpy( iv,  aes_test_cfb128_iv, 16 );
-        memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
+        memcpy(iv,  aes_test_cfb128_iv, 16);
+        memcpy(key, aes_test_cfb128_key[u], keybits / 8);
 
         offset = 0;
-        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+        ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
         /*
          * AES-192 is an optional feature that may be unavailable when
          * there is an alternative underlying implementation i.e. when
          * MBEDTLS_AES_ALT is defined.
          */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
+        if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+            mbedtls_printf("skipped\n");
             continue;
-        }
-        else if( ret != 0 )
-        {
+        } else if (ret != 0) {
             goto exit;
         }
 
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_cfb128_ct[u], 64 );
+        if (mode == MBEDTLS_AES_DECRYPT) {
+            memcpy(buf, aes_test_cfb128_ct[u], 64);
             aes_tests = aes_test_cfb128_pt;
-        }
-        else
-        {
-            memcpy( buf, aes_test_cfb128_pt, 64 );
+        } else {
+            memcpy(buf, aes_test_cfb128_pt, 64);
             aes_tests = aes_test_cfb128_ct[u];
         }
 
-        ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
-        if( ret != 0 )
+        ret = mbedtls_aes_crypt_cfb128(&ctx, mode, 64, &offset, iv, buf, buf);
+        if (ret != 0) {
             goto exit;
+        }
 
-        if( memcmp( buf, aes_tests, 64 ) != 0 )
-        {
+        if (memcmp(buf, aes_tests, 64) != 0) {
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
     /*
      * OFB mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         keybits = 128 + u * 64;
         mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-OFB-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+        if (verbose != 0) {
+            mbedtls_printf("  AES-OFB-%3u (%s): ", keybits,
+                           (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+        }
 
-        memcpy( iv,  aes_test_ofb_iv, 16 );
-        memcpy( key, aes_test_ofb_key[u], keybits / 8 );
+        memcpy(iv,  aes_test_ofb_iv, 16);
+        memcpy(key, aes_test_ofb_key[u], keybits / 8);
 
         offset = 0;
-        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+        ret = mbedtls_aes_setkey_enc(&ctx, key, keybits);
         /*
          * AES-192 is an optional feature that may be unavailable when
          * there is an alternative underlying implementation i.e. when
          * MBEDTLS_AES_ALT is defined.
          */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
+        if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) {
+            mbedtls_printf("skipped\n");
             continue;
-        }
-        else if( ret != 0 )
-        {
+        } else if (ret != 0) {
             goto exit;
         }
 
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_ofb_ct[u], 64 );
+        if (mode == MBEDTLS_AES_DECRYPT) {
+            memcpy(buf, aes_test_ofb_ct[u], 64);
             aes_tests = aes_test_ofb_pt;
-        }
-        else
-        {
-            memcpy( buf, aes_test_ofb_pt, 64 );
+        } else {
+            memcpy(buf, aes_test_ofb_pt, 64);
             aes_tests = aes_test_ofb_ct[u];
         }
 
-        ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf );
-        if( ret != 0 )
+        ret = mbedtls_aes_crypt_ofb(&ctx, 64, &offset, iv, buf, buf);
+        if (ret != 0) {
             goto exit;
+        }
 
-        if( memcmp( buf, aes_tests, 64 ) != 0 )
-        {
+        if (memcmp(buf, aes_tests, 64) != 0) {
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     /*
      * CTR mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CTR-128 (%s): ",
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+        if (verbose != 0) {
+            mbedtls_printf("  AES-CTR-128 (%s): ",
+                           (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+        }
 
-        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, aes_test_ctr_key[u], 16 );
+        memcpy(nonce_counter, aes_test_ctr_nonce_counter[u], 16);
+        memcpy(key, aes_test_ctr_key[u], 16);
 
         offset = 0;
-        if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
+        if ((ret = mbedtls_aes_setkey_enc(&ctx, key, 128)) != 0) {
             goto exit;
+        }
 
         len = aes_test_ctr_len[u];
 
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_ctr_ct[u], len );
+        if (mode == MBEDTLS_AES_DECRYPT) {
+            memcpy(buf, aes_test_ctr_ct[u], len);
             aes_tests = aes_test_ctr_pt[u];
-        }
-        else
-        {
-            memcpy( buf, aes_test_ctr_pt[u], len );
+        } else {
+            memcpy(buf, aes_test_ctr_pt[u], len);
             aes_tests = aes_test_ctr_ct[u];
         }
 
-        ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
-                                     stream_block, buf, buf );
-        if( ret != 0 )
+        ret = mbedtls_aes_crypt_ctr(&ctx, len, &offset, nonce_counter,
+                                    stream_block, buf, buf);
+        if (ret != 0) {
             goto exit;
+        }
 
-        if( memcmp( buf, aes_tests, len ) != 0 )
-        {
+        if (memcmp(buf, aes_tests, len) != 0) {
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
     {
-    static const int num_tests =
-        sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
-    mbedtls_aes_xts_context ctx_xts;
+        static const int num_tests =
+            sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
+        mbedtls_aes_xts_context ctx_xts;
 
-    /*
-     * XTS mode
-     */
-    mbedtls_aes_xts_init( &ctx_xts );
+        /*
+         * XTS mode
+         */
+        mbedtls_aes_xts_init(&ctx_xts);
 
-    for( i = 0; i < num_tests << 1; i++ )
-    {
-        const unsigned char *data_unit;
-        u = i >> 1;
-        mode = i & 1;
+        for (i = 0; i < num_tests << 1; i++) {
+            const unsigned char *data_unit;
+            u = i >> 1;
+            mode = i & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-XTS-128 (%s): ",
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+            if (verbose != 0) {
+                mbedtls_printf("  AES-XTS-128 (%s): ",
+                               (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc");
+            }
 
-        memset( key, 0, sizeof( key ) );
-        memcpy( key, aes_test_xts_key[u], 32 );
-        data_unit = aes_test_xts_data_unit[u];
+            memset(key, 0, sizeof(key));
+            memcpy(key, aes_test_xts_key[u], 32);
+            data_unit = aes_test_xts_data_unit[u];
 
-        len = sizeof( *aes_test_xts_ct32 );
+            len = sizeof(*aes_test_xts_ct32);
 
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 );
-            if( ret != 0)
+            if (mode == MBEDTLS_AES_DECRYPT) {
+                ret = mbedtls_aes_xts_setkey_dec(&ctx_xts, key, 256);
+                if (ret != 0) {
+                    goto exit;
+                }
+                memcpy(buf, aes_test_xts_ct32[u], len);
+                aes_tests = aes_test_xts_pt32[u];
+            } else {
+                ret = mbedtls_aes_xts_setkey_enc(&ctx_xts, key, 256);
+                if (ret != 0) {
+                    goto exit;
+                }
+                memcpy(buf, aes_test_xts_pt32[u], len);
+                aes_tests = aes_test_xts_ct32[u];
+            }
+
+
+            ret = mbedtls_aes_crypt_xts(&ctx_xts, mode, len, data_unit,
+                                        buf, buf);
+            if (ret != 0) {
                 goto exit;
-            memcpy( buf, aes_test_xts_ct32[u], len );
-            aes_tests = aes_test_xts_pt32[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 );
-            if( ret != 0)
+            }
+
+            if (memcmp(buf, aes_tests, len) != 0) {
+                ret = 1;
                 goto exit;
-            memcpy( buf, aes_test_xts_pt32[u], len );
-            aes_tests = aes_test_xts_ct32[u];
+            }
+
+            if (verbose != 0) {
+                mbedtls_printf("passed\n");
+            }
         }
 
-
-        ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit,
-                                     buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, len ) != 0 )
-        {
-            ret = 1;
-            goto exit;
+        if (verbose != 0) {
+            mbedtls_printf("\n");
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    mbedtls_aes_xts_free( &ctx_xts );
+        mbedtls_aes_xts_free(&ctx_xts);
     }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
     ret = 0;
 
 exit:
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (ret != 0 && verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
-    mbedtls_aes_free( &ctx );
+    mbedtls_aes_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/aesni.c b/library/aesni.c
index 12125c9..d4abb4d 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -28,7 +28,8 @@
 
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
-#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
+#warning \
+    "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
 #endif
 #endif
 
@@ -47,22 +48,21 @@
 /*
  * AES-NI support detection routine
  */
-int mbedtls_aesni_has_support( unsigned int what )
+int mbedtls_aesni_has_support(unsigned int what)
 {
     static int done = 0;
     static unsigned int c = 0;
 
-    if( ! done )
-    {
-        asm( "movl  $1, %%eax   \n\t"
+    if (!done) {
+        asm ("movl  $1, %%eax   \n\t"
              "cpuid             \n\t"
              : "=c" (c)
              :
-             : "eax", "ebx", "edx" );
+             : "eax", "ebx", "edx");
         done = 1;
     }
 
-    return( ( c & what ) != 0 );
+    return (c & what) != 0;
 }
 
 /*
@@ -94,12 +94,12 @@
 /*
  * AES-NI AES-ECB block en(de)cryption
  */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                     int mode,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
+int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
+                            int mode,
+                            const unsigned char input[16],
+                            unsigned char output[16])
 {
-    asm( "movdqu    (%3), %%xmm0    \n\t" // load input
+    asm ("movdqu    (%3), %%xmm0    \n\t" // load input
          "movdqu    (%1), %%xmm1    \n\t" // load round key 0
          "pxor      %%xmm1, %%xmm0  \n\t" // round 0
          "add       $16, %1         \n\t" // point to next round key
@@ -110,51 +110,50 @@
          "1:                        \n\t" // encryption loop
          "movdqu    (%1), %%xmm1    \n\t" // load round key
          AESENC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t" // point to next round key
-         "subl      $1, %0          \n\t" // loop
-         "jnz       1b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
+                                   "add       $16, %1         \n\t" // point to next round key
+                                   "subl      $1, %0          \n\t" // loop
+                                   "jnz       1b              \n\t"
+                                   "movdqu    (%1), %%xmm1    \n\t" // load round key
          AESENCLAST xmm1_xmm0      "\n\t" // last round
-         "jmp       3f              \n\t"
+                                   "jmp       3f              \n\t"
 
-         "2:                        \n\t" // decryption loop
-         "movdqu    (%1), %%xmm1    \n\t"
+                                   "2:                        \n\t" // decryption loop
+                                   "movdqu    (%1), %%xmm1    \n\t"
          AESDEC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t"
-         "subl      $1, %0          \n\t"
-         "jnz       2b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
+                                   "add       $16, %1         \n\t"
+                                   "subl      $1, %0          \n\t"
+                                   "jnz       2b              \n\t"
+                                   "movdqu    (%1), %%xmm1    \n\t" // load round key
          AESDECLAST xmm1_xmm0      "\n\t" // last round
 
-         "3:                        \n\t"
-         "movdqu    %%xmm0, (%4)    \n\t" // export output
+                                   "3:                        \n\t"
+                                   "movdqu    %%xmm0, (%4)    \n\t" // export output
          :
          : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output)
-         : "memory", "cc", "xmm0", "xmm1" );
+         : "memory", "cc", "xmm0", "xmm1");
 
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * GCM multiplication: c = a times b in GF(2^128)
  * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
  */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                     const unsigned char a[16],
-                     const unsigned char b[16] )
+void mbedtls_aesni_gcm_mult(unsigned char c[16],
+                            const unsigned char a[16],
+                            const unsigned char b[16])
 {
     unsigned char aa[16], bb[16], cc[16];
     size_t i;
 
     /* The inputs are in big-endian order, so byte-reverse them */
-    for( i = 0; i < 16; i++ )
-    {
+    for (i = 0; i < 16; i++) {
         aa[i] = a[15 - i];
         bb[i] = b[15 - i];
     }
 
-    asm( "movdqu (%0), %%xmm0               \n\t" // a1:a0
+    asm ("movdqu (%0), %%xmm0               \n\t" // a1:a0
          "movdqu (%1), %%xmm1               \n\t" // b1:b0
 
          /*
@@ -168,30 +167,30 @@
          PCLMULQDQ xmm0_xmm2 ",0x11         \n\t" // a1*b1 = d1:d0
          PCLMULQDQ xmm0_xmm3 ",0x10         \n\t" // a0*b1 = e1:e0
          PCLMULQDQ xmm0_xmm4 ",0x01         \n\t" // a1*b0 = f1:f0
-         "pxor %%xmm3, %%xmm4               \n\t" // e1+f1:e0+f0
-         "movdqa %%xmm4, %%xmm3             \n\t" // same
-         "psrldq $8, %%xmm4                 \n\t" // 0:e1+f1
-         "pslldq $8, %%xmm3                 \n\t" // e0+f0:0
-         "pxor %%xmm4, %%xmm2               \n\t" // d1:d0+e1+f1
-         "pxor %%xmm3, %%xmm1               \n\t" // c1+e0+f1:c0
+                             "pxor %%xmm3, %%xmm4               \n\t" // e1+f1:e0+f0
+                             "movdqa %%xmm4, %%xmm3             \n\t" // same
+                             "psrldq $8, %%xmm4                 \n\t" // 0:e1+f1
+                             "pslldq $8, %%xmm3                 \n\t" // e0+f0:0
+                             "pxor %%xmm4, %%xmm2               \n\t" // d1:d0+e1+f1
+                             "pxor %%xmm3, %%xmm1               \n\t" // c1+e0+f1:c0
 
          /*
           * Now shift the result one bit to the left,
           * taking advantage of [CLMUL-WP] eq 27 (p. 20)
           */
-         "movdqa %%xmm1, %%xmm3             \n\t" // r1:r0
-         "movdqa %%xmm2, %%xmm4             \n\t" // r3:r2
-         "psllq $1, %%xmm1                  \n\t" // r1<<1:r0<<1
-         "psllq $1, %%xmm2                  \n\t" // r3<<1:r2<<1
-         "psrlq $63, %%xmm3                 \n\t" // r1>>63:r0>>63
-         "psrlq $63, %%xmm4                 \n\t" // r3>>63:r2>>63
-         "movdqa %%xmm3, %%xmm5             \n\t" // r1>>63:r0>>63
-         "pslldq $8, %%xmm3                 \n\t" // r0>>63:0
-         "pslldq $8, %%xmm4                 \n\t" // r2>>63:0
-         "psrldq $8, %%xmm5                 \n\t" // 0:r1>>63
-         "por %%xmm3, %%xmm1                \n\t" // r1<<1|r0>>63:r0<<1
-         "por %%xmm4, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1
-         "por %%xmm5, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
+                             "movdqa %%xmm1, %%xmm3             \n\t" // r1:r0
+                             "movdqa %%xmm2, %%xmm4             \n\t" // r3:r2
+                             "psllq $1, %%xmm1                  \n\t" // r1<<1:r0<<1
+                             "psllq $1, %%xmm2                  \n\t" // r3<<1:r2<<1
+                             "psrlq $63, %%xmm3                 \n\t" // r1>>63:r0>>63
+                             "psrlq $63, %%xmm4                 \n\t" // r3>>63:r2>>63
+                             "movdqa %%xmm3, %%xmm5             \n\t" // r1>>63:r0>>63
+                             "pslldq $8, %%xmm3                 \n\t" // r0>>63:0
+                             "pslldq $8, %%xmm4                 \n\t" // r2>>63:0
+                             "psrldq $8, %%xmm5                 \n\t" // 0:r1>>63
+                             "por %%xmm3, %%xmm1                \n\t" // r1<<1|r0>>63:r0<<1
+                             "por %%xmm4, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1
+                             "por %%xmm5, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
 
          /*
           * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
@@ -199,51 +198,52 @@
           * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
           */
          /* Step 2 (1) */
-         "movdqa %%xmm1, %%xmm3             \n\t" // x1:x0
-         "movdqa %%xmm1, %%xmm4             \n\t" // same
-         "movdqa %%xmm1, %%xmm5             \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // x1<<63:x0<<63 = stuff:a
-         "psllq $62, %%xmm4                 \n\t" // x1<<62:x0<<62 = stuff:b
-         "psllq $57, %%xmm5                 \n\t" // x1<<57:x0<<57 = stuff:c
+                             "movdqa %%xmm1, %%xmm3             \n\t" // x1:x0
+                             "movdqa %%xmm1, %%xmm4             \n\t" // same
+                             "movdqa %%xmm1, %%xmm5             \n\t" // same
+                             "psllq $63, %%xmm3                 \n\t" // x1<<63:x0<<63 = stuff:a
+                             "psllq $62, %%xmm4                 \n\t" // x1<<62:x0<<62 = stuff:b
+                             "psllq $57, %%xmm5                 \n\t" // x1<<57:x0<<57 = stuff:c
 
          /* Step 2 (2) */
-         "pxor %%xmm4, %%xmm3               \n\t" // stuff:a+b
-         "pxor %%xmm5, %%xmm3               \n\t" // stuff:a+b+c
-         "pslldq $8, %%xmm3                 \n\t" // a+b+c:0
-         "pxor %%xmm3, %%xmm1               \n\t" // x1+a+b+c:x0 = d:x0
+                             "pxor %%xmm4, %%xmm3               \n\t" // stuff:a+b
+                             "pxor %%xmm5, %%xmm3               \n\t" // stuff:a+b+c
+                             "pslldq $8, %%xmm3                 \n\t" // a+b+c:0
+                             "pxor %%xmm3, %%xmm1               \n\t" // x1+a+b+c:x0 = d:x0
 
          /* Steps 3 and 4 */
-         "movdqa %%xmm1,%%xmm0              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psrlq $1, %%xmm0                  \n\t" // e1:x0>>1 = e1:e0'
-         "psrlq $2, %%xmm4                  \n\t" // f1:x0>>2 = f1:f0'
-         "psrlq $7, %%xmm5                  \n\t" // g1:x0>>7 = g1:g0'
-         "pxor %%xmm4, %%xmm0               \n\t" // e1+f1:e0'+f0'
-         "pxor %%xmm5, %%xmm0               \n\t" // e1+f1+g1:e0'+f0'+g0'
+                             "movdqa %%xmm1,%%xmm0              \n\t" // d:x0
+                             "movdqa %%xmm1,%%xmm4              \n\t" // same
+                             "movdqa %%xmm1,%%xmm5              \n\t" // same
+                             "psrlq $1, %%xmm0                  \n\t" // e1:x0>>1 = e1:e0'
+                             "psrlq $2, %%xmm4                  \n\t" // f1:x0>>2 = f1:f0'
+                             "psrlq $7, %%xmm5                  \n\t" // g1:x0>>7 = g1:g0'
+                             "pxor %%xmm4, %%xmm0               \n\t" // e1+f1:e0'+f0'
+                             "pxor %%xmm5, %%xmm0               \n\t" // e1+f1+g1:e0'+f0'+g0'
          // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
          // bits carried from d. Now get those\t bits back in.
-         "movdqa %%xmm1,%%xmm3              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // d<<63:stuff
-         "psllq $62, %%xmm4                 \n\t" // d<<62:stuff
-         "psllq $57, %%xmm5                 \n\t" // d<<57:stuff
-         "pxor %%xmm4, %%xmm3               \n\t" // d<<63+d<<62:stuff
-         "pxor %%xmm5, %%xmm3               \n\t" // missing bits of d:stuff
-         "psrldq $8, %%xmm3                 \n\t" // 0:missing bits of d
-         "pxor %%xmm3, %%xmm0               \n\t" // e1+f1+g1:e0+f0+g0
-         "pxor %%xmm1, %%xmm0               \n\t" // h1:h0
-         "pxor %%xmm2, %%xmm0               \n\t" // x3+h1:x2+h0
+                             "movdqa %%xmm1,%%xmm3              \n\t" // d:x0
+                             "movdqa %%xmm1,%%xmm4              \n\t" // same
+                             "movdqa %%xmm1,%%xmm5              \n\t" // same
+                             "psllq $63, %%xmm3                 \n\t" // d<<63:stuff
+                             "psllq $62, %%xmm4                 \n\t" // d<<62:stuff
+                             "psllq $57, %%xmm5                 \n\t" // d<<57:stuff
+                             "pxor %%xmm4, %%xmm3               \n\t" // d<<63+d<<62:stuff
+                             "pxor %%xmm5, %%xmm3               \n\t" // missing bits of d:stuff
+                             "psrldq $8, %%xmm3                 \n\t" // 0:missing bits of d
+                             "pxor %%xmm3, %%xmm0               \n\t" // e1+f1+g1:e0+f0+g0
+                             "pxor %%xmm1, %%xmm0               \n\t" // h1:h0
+                             "pxor %%xmm2, %%xmm0               \n\t" // x3+h1:x2+h0
 
-         "movdqu %%xmm0, (%2)               \n\t" // done
+                             "movdqu %%xmm0, (%2)               \n\t" // done
          :
          : "r" (aa), "r" (bb), "r" (cc)
-         : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
+         : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
 
     /* Now byte-reverse the outputs */
-    for( i = 0; i < 16; i++ )
+    for (i = 0; i < 16; i++) {
         c[i] = cc[15 - i];
+    }
 
     return;
 }
@@ -251,32 +251,33 @@
 /*
  * Compute decryption round keys from encryption round keys
  */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                        const unsigned char *fwdkey, int nr )
+void mbedtls_aesni_inverse_key(unsigned char *invkey,
+                               const unsigned char *fwdkey, int nr)
 {
     unsigned char *ik = invkey;
     const unsigned char *fk = fwdkey + 16 * nr;
 
-    memcpy( ik, fk, 16 );
+    memcpy(ik, fk, 16);
 
-    for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
-        asm( "movdqu (%0), %%xmm0       \n\t"
+    for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
+        asm ("movdqu (%0), %%xmm0       \n\t"
              AESIMC  xmm0_xmm0         "\n\t"
-             "movdqu %%xmm0, (%1)       \n\t"
+                                       "movdqu %%xmm0, (%1)       \n\t"
              :
              : "r" (fk), "r" (ik)
-             : "memory", "xmm0" );
+             : "memory", "xmm0");
+    }
 
-    memcpy( ik, fk, 16 );
+    memcpy(ik, fk, 16);
 }
 
 /*
  * Key expansion, 128-bit case
  */
-static void aesni_setkey_enc_128( unsigned char *rk,
-                                  const unsigned char *key )
+static void aesni_setkey_enc_128(unsigned char *rk,
+                                 const unsigned char *key)
 {
-    asm( "movdqu (%1), %%xmm0               \n\t" // copy the original key
+    asm ("movdqu (%1), %%xmm0               \n\t" // copy the original key
          "movdqu %%xmm0, (%0)               \n\t" // as round key 0
          "jmp 2f                            \n\t" // skip auxiliary routine
 
@@ -317,16 +318,16 @@
          AESKEYGENA xmm0_xmm1 ",0x36        \n\tcall 1b \n\t"
          :
          : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
+         : "memory", "cc", "0");
 }
 
 /*
  * Key expansion, 192-bit case
  */
-static void aesni_setkey_enc_192( unsigned char *rk,
-                                  const unsigned char *key )
+static void aesni_setkey_enc_192(unsigned char *rk,
+                                 const unsigned char *key)
 {
-    asm( "movdqu (%1), %%xmm0   \n\t" // copy original round key
+    asm ("movdqu (%1), %%xmm0   \n\t" // copy original round key
          "movdqu %%xmm0, (%0)   \n\t"
          "add $16, %0           \n\t"
          "movq 16(%1), %%xmm1   \n\t"
@@ -374,16 +375,16 @@
 
          :
          : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
+         : "memory", "cc", "0");
 }
 
 /*
  * Key expansion, 256-bit case
  */
-static void aesni_setkey_enc_256( unsigned char *rk,
-                                  const unsigned char *key )
+static void aesni_setkey_enc_256(unsigned char *rk,
+                                 const unsigned char *key)
 {
-    asm( "movdqu (%1), %%xmm0           \n\t"
+    asm ("movdqu (%1), %%xmm0           \n\t"
          "movdqu %%xmm0, (%0)           \n\t"
          "add $16, %0                   \n\t"
          "movdqu 16(%1), %%xmm1         \n\t"
@@ -414,23 +415,23 @@
          /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
           * and proceed to generate next round key from there */
          AESKEYGENA xmm0_xmm2 ",0x00        \n\t"
-         "pshufd $0xaa, %%xmm2, %%xmm2      \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm2, %%xmm1               \n\t"
-         "add $16, %0                       \n\t"
-         "movdqu %%xmm1, (%0)               \n\t"
-         "ret                               \n\t"
+                              "pshufd $0xaa, %%xmm2, %%xmm2      \n\t"
+                              "pxor %%xmm1, %%xmm2               \n\t"
+                              "pslldq $4, %%xmm1                 \n\t"
+                              "pxor %%xmm1, %%xmm2               \n\t"
+                              "pslldq $4, %%xmm1                 \n\t"
+                              "pxor %%xmm1, %%xmm2               \n\t"
+                              "pslldq $4, %%xmm1                 \n\t"
+                              "pxor %%xmm2, %%xmm1               \n\t"
+                              "add $16, %0                       \n\t"
+                              "movdqu %%xmm1, (%0)               \n\t"
+                              "ret                               \n\t"
 
          /*
           * Main "loop" - Generating one more key than necessary,
           * see definition of mbedtls_aes_context.buf
           */
-         "2:                                \n\t"
+                              "2:                                \n\t"
          AESKEYGENA xmm1_xmm2 ",0x01        \n\tcall 1b \n\t"
          AESKEYGENA xmm1_xmm2 ",0x02        \n\tcall 1b \n\t"
          AESKEYGENA xmm1_xmm2 ",0x04        \n\tcall 1b \n\t"
@@ -440,25 +441,24 @@
          AESKEYGENA xmm1_xmm2 ",0x40        \n\tcall 1b \n\t"
          :
          : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
+         : "memory", "cc", "0");
 }
 
 /*
  * Key expansion, wrapper
  */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                      const unsigned char *key,
-                      size_t bits )
+int mbedtls_aesni_setkey_enc(unsigned char *rk,
+                             const unsigned char *key,
+                             size_t bits)
 {
-    switch( bits )
-    {
-        case 128: aesni_setkey_enc_128( rk, key ); break;
-        case 192: aesni_setkey_enc_192( rk, key ); break;
-        case 256: aesni_setkey_enc_256( rk, key ); break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+    switch (bits) {
+        case 128: aesni_setkey_enc_128(rk, key); break;
+        case 192: aesni_setkey_enc_192(rk, key); break;
+        case 256: aesni_setkey_enc_256(rk, key); break;
+        default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_HAVE_X86_64 */
diff --git a/library/aesni.h b/library/aesni.h
index 3359cfe..a842fb7 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -33,8 +33,8 @@
 #define MBEDTLS_AESNI_CLMUL    0x00000002u
 
 #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
-    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
-    ! defined(MBEDTLS_HAVE_X86_64)
+    (defined(__amd64__) || defined(__x86_64__))   &&  \
+    !defined(MBEDTLS_HAVE_X86_64)
 #define MBEDTLS_HAVE_X86_64
 #endif
 
@@ -55,7 +55,7 @@
  *
  * \return         1 if CPU has support for the feature, 0 otherwise
  */
-int mbedtls_aesni_has_support( unsigned int what );
+int mbedtls_aesni_has_support(unsigned int what);
 
 /**
  * \brief          Internal AES-NI AES-ECB block encryption and decryption
@@ -70,10 +70,10 @@
  *
  * \return         0 on success (cannot fail)
  */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                             int mode,
-                             const unsigned char input[16],
-                             unsigned char output[16] );
+int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
+                            int mode,
+                            const unsigned char input[16],
+                            unsigned char output[16]);
 
 /**
  * \brief          Internal GCM multiplication: c = a * b in GF(2^128)
@@ -88,9 +88,9 @@
  * \note           Both operands and result are bit strings interpreted as
  *                 elements of GF(2^128) as per the GCM spec.
  */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                             const unsigned char a[16],
-                             const unsigned char b[16] );
+void mbedtls_aesni_gcm_mult(unsigned char c[16],
+                            const unsigned char a[16],
+                            const unsigned char b[16]);
 
 /**
  * \brief           Internal round key inversion. This function computes
@@ -103,9 +103,9 @@
  * \param fwdkey    Original round keys (for encryption)
  * \param nr        Number of rounds (that is, number of round keys minus one)
  */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                                const unsigned char *fwdkey,
-                                int nr );
+void mbedtls_aesni_inverse_key(unsigned char *invkey,
+                               const unsigned char *fwdkey,
+                               int nr);
 
 /**
  * \brief           Internal key expansion for encryption
@@ -119,9 +119,9 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                              const unsigned char *key,
-                              size_t bits );
+int mbedtls_aesni_setkey_enc(unsigned char *rk,
+                             const unsigned char *key,
+                             size_t bits);
 
 #ifdef __cplusplus
 }
diff --git a/library/alignment.h b/library/alignment.h
index 3c5fa23..bfc965e 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -36,10 +36,10 @@
  * \param   p pointer to 2 bytes of data
  * \return  Data at the given address
  */
-inline uint16_t mbedtls_get_unaligned_uint16( const void *p )
+inline uint16_t mbedtls_get_unaligned_uint16(const void *p)
 {
     uint16_t r;
-    memcpy( &r, p, sizeof( r ) );
+    memcpy(&r, p, sizeof(r));
     return r;
 }
 
@@ -50,9 +50,9 @@
  * \param   p pointer to 2 bytes of data
  * \param   x data to write
  */
-inline void mbedtls_put_unaligned_uint16( void *p, uint16_t x )
+inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x)
 {
-    memcpy( p, &x, sizeof( x ) );
+    memcpy(p, &x, sizeof(x));
 }
 
 /**
@@ -62,10 +62,10 @@
  * \param   p pointer to 4 bytes of data
  * \return  Data at the given address
  */
-inline uint32_t mbedtls_get_unaligned_uint32( const void *p )
+inline uint32_t mbedtls_get_unaligned_uint32(const void *p)
 {
     uint32_t r;
-    memcpy( &r, p, sizeof( r ) );
+    memcpy(&r, p, sizeof(r));
     return r;
 }
 
@@ -76,9 +76,9 @@
  * \param   p pointer to 4 bytes of data
  * \param   x data to write
  */
-inline void mbedtls_put_unaligned_uint32( void *p, uint32_t x )
+inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x)
 {
-    memcpy( p, &x, sizeof( x ) );
+    memcpy(p, &x, sizeof(x));
 }
 
 /**
@@ -88,10 +88,10 @@
  * \param   p pointer to 8 bytes of data
  * \return  Data at the given address
  */
-inline uint64_t mbedtls_get_unaligned_uint64( const void *p )
+inline uint64_t mbedtls_get_unaligned_uint64(const void *p)
 {
     uint64_t r;
-    memcpy( &r, p, sizeof( r ) );
+    memcpy(&r, p, sizeof(r));
     return r;
 }
 
@@ -102,9 +102,9 @@
  * \param   p pointer to 8 bytes of data
  * \param   x data to write
  */
-inline void mbedtls_put_unaligned_uint64( void *p, uint64_t x )
+inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x)
 {
-    memcpy( p, &x, sizeof( x ) );
+    memcpy(p, &x, sizeof(x));
 }
 
 /** Byte Reading Macros
@@ -112,23 +112,23 @@
  * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
  * byte from x, where byte 0 is the least significant byte.
  */
-#define MBEDTLS_BYTE_0( x ) ( (uint8_t) (   ( x )         & 0xff ) )
-#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
-#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
-#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
-#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
-#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
-#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
-#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
+#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x)         & 0xff))
+#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff))
+#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff))
+#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff))
+#define MBEDTLS_BYTE_4(x) ((uint8_t) (((x) >> 32) & 0xff))
+#define MBEDTLS_BYTE_5(x) ((uint8_t) (((x) >> 40) & 0xff))
+#define MBEDTLS_BYTE_6(x) ((uint8_t) (((x) >> 48) & 0xff))
+#define MBEDTLS_BYTE_7(x) ((uint8_t) (((x) >> 56) & 0xff))
 
 /*
  * Detect GCC built-in byteswap routines
  */
 #if defined(__GNUC__) && defined(__GNUC_PREREQ)
-#if __GNUC_PREREQ(4,8)
+#if __GNUC_PREREQ(4, 8)
 #define MBEDTLS_BSWAP16 __builtin_bswap16
 #endif /* __GNUC_PREREQ(4,8) */
-#if __GNUC_PREREQ(4,3)
+#if __GNUC_PREREQ(4, 3)
 #define MBEDTLS_BSWAP32 __builtin_bswap32
 #define MBEDTLS_BSWAP64 __builtin_bswap64
 #endif /* __GNUC_PREREQ(4,3) */
@@ -169,36 +169,39 @@
  * similar instruction.
  */
 #if !defined(MBEDTLS_BSWAP16)
-static inline uint16_t mbedtls_bswap16( uint16_t x ) {
+static inline uint16_t mbedtls_bswap16(uint16_t x)
+{
     return
-         ( x & 0x00ff ) << 8 |
-         ( x & 0xff00 ) >> 8;
+        (x & 0x00ff) << 8 |
+        (x & 0xff00) >> 8;
 }
 #define MBEDTLS_BSWAP16 mbedtls_bswap16
 #endif /* !defined(MBEDTLS_BSWAP16) */
 
 #if !defined(MBEDTLS_BSWAP32)
-static inline uint32_t mbedtls_bswap32( uint32_t x ) {
+static inline uint32_t mbedtls_bswap32(uint32_t x)
+{
     return
-         ( x & 0x000000ff ) << 24 |
-         ( x & 0x0000ff00 ) <<  8 |
-         ( x & 0x00ff0000 ) >>  8 |
-         ( x & 0xff000000 ) >> 24;
+        (x & 0x000000ff) << 24 |
+        (x & 0x0000ff00) <<  8 |
+        (x & 0x00ff0000) >>  8 |
+        (x & 0xff000000) >> 24;
 }
 #define MBEDTLS_BSWAP32 mbedtls_bswap32
 #endif /* !defined(MBEDTLS_BSWAP32) */
 
 #if !defined(MBEDTLS_BSWAP64)
-static inline uint64_t mbedtls_bswap64( uint64_t x ) {
+static inline uint64_t mbedtls_bswap64(uint64_t x)
+{
     return
-         ( x & 0x00000000000000ff ) << 56 |
-         ( x & 0x000000000000ff00 ) << 40 |
-         ( x & 0x0000000000ff0000 ) << 24 |
-         ( x & 0x00000000ff000000 ) <<  8 |
-         ( x & 0x000000ff00000000 ) >>  8 |
-         ( x & 0x0000ff0000000000 ) >> 24 |
-         ( x & 0x00ff000000000000 ) >> 40 |
-         ( x & 0xff00000000000000 ) >> 56;
+        (x & 0x00000000000000ff) << 56 |
+        (x & 0x000000000000ff00) << 40 |
+        (x & 0x0000000000ff0000) << 24 |
+        (x & 0x00000000ff000000) <<  8 |
+        (x & 0x000000ff00000000) >>  8 |
+        (x & 0x0000ff0000000000) >> 24 |
+        (x & 0x00ff000000000000) >> 40 |
+        (x & 0xff00000000000000) >> 56;
 }
 #define MBEDTLS_BSWAP64 mbedtls_bswap64
 #endif /* !defined(MBEDTLS_BSWAP64) */
@@ -219,8 +222,8 @@
  *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT32_BE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT32_BE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? mbedtls_get_unaligned_uint32((data) + (offset))                  \
         : MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \
     )
@@ -234,17 +237,17 @@
  * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT32_BE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t)(n));      \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t)(n))); \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT32_BE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n));      \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \
+        }                                                                        \
+    }
 
 /**
  * Get the unsigned 32 bits integer corresponding to four bytes in
@@ -255,8 +258,8 @@
  *                  byte of the four bytes to build the 32 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT32_LE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT32_LE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \
         : mbedtls_get_unaligned_uint32((data) + (offset))                  \
     )
@@ -271,17 +274,17 @@
  * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 32 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT32_LE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t)(n))); \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint32((data) + (offset), ((uint32_t)(n)));      \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT32_LE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint32((data) + (offset), ((uint32_t) (n)));      \
+        }                                                                        \
+    }
 
 /**
  * Get the unsigned 16 bits integer corresponding to two bytes in
@@ -292,8 +295,8 @@
  *                  byte of the two bytes to build the 16 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT16_LE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT16_LE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \
         : mbedtls_get_unaligned_uint16((data) + (offset))                  \
     )
@@ -307,17 +310,17 @@
  * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 16 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT16_LE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t)(n))); \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t)(n));      \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT16_LE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n));      \
+        }                                                                        \
+    }
 
 /**
  * Get the unsigned 16 bits integer corresponding to two bytes in
@@ -328,8 +331,8 @@
  *                  byte of the two bytes to build the 16 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT16_BE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT16_BE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? mbedtls_get_unaligned_uint16((data) + (offset))                  \
         : MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \
     )
@@ -343,17 +346,17 @@
  * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 16 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT16_BE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t)(n));      \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t)(n))); \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT16_BE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n));      \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \
+        }                                                                        \
+    }
 
 /**
  * Get the unsigned 24 bits integer corresponding to three bytes in
@@ -364,11 +367,11 @@
  *                  byte of the three bytes to build the 24 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT24_BE( data , offset )                  \
+#define MBEDTLS_GET_UINT24_BE(data, offset)                  \
     (                                                           \
-          ( (uint32_t) ( data )[( offset )    ] << 16 )         \
-        | ( (uint32_t) ( data )[( offset ) + 1] << 8  )         \
-        | ( (uint32_t) ( data )[( offset ) + 2]       )         \
+        ((uint32_t) (data)[(offset)] << 16)         \
+        | ((uint32_t) (data)[(offset) + 1] << 8)         \
+        | ((uint32_t) (data)[(offset) + 2])         \
     )
 
 /**
@@ -380,12 +383,12 @@
  * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 24 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT24_BE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_2( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_0( n );             \
-}
+#define MBEDTLS_PUT_UINT24_BE(n, data, offset)                \
+    {                                                               \
+        (data)[(offset)] = MBEDTLS_BYTE_2(n);             \
+        (data)[(offset) + 1] = MBEDTLS_BYTE_1(n);             \
+        (data)[(offset) + 2] = MBEDTLS_BYTE_0(n);             \
+    }
 
 /**
  * Get the unsigned 24 bits integer corresponding to three bytes in
@@ -396,11 +399,11 @@
  *                  byte of the three bytes to build the 24 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT24_LE( data, offset )                   \
+#define MBEDTLS_GET_UINT24_LE(data, offset)                   \
     (                                                           \
-          ( (uint32_t) ( data )[( offset )    ]       )         \
-        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )         \
-        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )         \
+        ((uint32_t) (data)[(offset)])         \
+        | ((uint32_t) (data)[(offset) + 1] <<  8)         \
+        | ((uint32_t) (data)[(offset) + 2] << 16)         \
     )
 
 /**
@@ -412,12 +415,12 @@
  * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 24 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT24_LE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
-}
+#define MBEDTLS_PUT_UINT24_LE(n, data, offset)                \
+    {                                                               \
+        (data)[(offset)] = MBEDTLS_BYTE_0(n);             \
+        (data)[(offset) + 1] = MBEDTLS_BYTE_1(n);             \
+        (data)[(offset) + 2] = MBEDTLS_BYTE_2(n);             \
+    }
 
 /**
  * Get the unsigned 64 bits integer corresponding to eight bytes in
@@ -428,8 +431,8 @@
  *                  byte of the eight bytes to build the 64 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT64_BE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT64_BE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? mbedtls_get_unaligned_uint64((data) + (offset))                  \
         : MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \
     )
@@ -443,17 +446,17 @@
  * \param   offset  Offset from \p data where to put the most significant
  *                  byte of the 64 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT64_BE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t)(n));      \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t)(n))); \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT64_BE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n));      \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \
+        }                                                                        \
+    }
 
 /**
  * Get the unsigned 64 bits integer corresponding to eight bytes in
@@ -464,8 +467,8 @@
  *                  byte of the eight bytes to build the 64 bits unsigned
  *                  integer from.
  */
-#define MBEDTLS_GET_UINT64_LE( data, offset )                              \
-    ( ( MBEDTLS_IS_BIG_ENDIAN )                                            \
+#define MBEDTLS_GET_UINT64_LE(data, offset)                              \
+    ((MBEDTLS_IS_BIG_ENDIAN)                                            \
         ? MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \
         : mbedtls_get_unaligned_uint64((data) + (offset))                  \
     )
@@ -479,16 +482,16 @@
  * \param   offset  Offset from \p data where to put the least significant
  *                  byte of the 64 bits unsigned integer \p n.
  */
-#define MBEDTLS_PUT_UINT64_LE( n, data, offset )                             \
-{                                                                            \
-    if ( MBEDTLS_IS_BIG_ENDIAN )                                             \
-    {                                                                        \
-        mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t)(n))); \
-    }                                                                        \
-    else                                                                     \
-    {                                                                        \
-        mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t)(n));      \
-    }                                                                        \
-}
+#define MBEDTLS_PUT_UINT64_LE(n, data, offset)                             \
+    {                                                                            \
+        if (MBEDTLS_IS_BIG_ENDIAN)                                             \
+        {                                                                        \
+            mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \
+        }                                                                        \
+        else                                                                     \
+        {                                                                        \
+            mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n));      \
+        }                                                                        \
+    }
 
 #endif /* MBEDTLS_LIBRARY_ALIGNMENT_H */
diff --git a/library/aria.c b/library/aria.c
index 517e10a..0980362 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -38,10 +38,10 @@
 #include "mbedtls/platform_util.h"
 
 /* Parameter validation macros */
-#define ARIA_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
-#define ARIA_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ARIA_VALIDATE_RET(cond)                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA)
+#define ARIA_VALIDATE(cond)                                           \
+    MBEDTLS_INTERNAL_VALIDATE(cond)
 
 /*
  * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
@@ -55,30 +55,30 @@
 #if defined(__arm__) /* rev16 available from v6 up */
 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
 #if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
+    (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) && \
     __ARM_ARCH >= 6
-static inline uint32_t aria_p1( uint32_t x )
+static inline uint32_t aria_p1(uint32_t x)
 {
     uint32_t r;
-    __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) );
-    return( r );
+    __asm("rev16 %0, %1" : "=l" (r) : "l" (x));
+    return r;
 }
 #define ARIA_P1 aria_p1
 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
-    ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
-static inline uint32_t aria_p1( uint32_t x )
+    (__TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3)
+static inline uint32_t aria_p1(uint32_t x)
 {
     uint32_t r;
-    __asm( "rev16 r, x" );
-    return( r );
+    __asm("rev16 r, x");
+    return r;
 }
 #define ARIA_P1 aria_p1
 #endif
 #endif /* arm */
 #if defined(__GNUC__) && \
-    defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
+    defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
 /* I couldn't find an Intel equivalent of rev16, so two instructions */
-#define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) )
+#define ARIA_P1(x) ARIA_P2(ARIA_P3(x))
 #endif /* x86 gnuc */
 #endif /* MBEDTLS_HAVE_ASM && GNUC */
 #if !defined(ARIA_P1)
@@ -124,28 +124,28 @@
  * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4.
  * The implementation below uses only P1 and P2 as they are sufficient.
  */
-static inline void aria_a( uint32_t *a, uint32_t *b,
-                           uint32_t *c, uint32_t *d )
+static inline void aria_a(uint32_t *a, uint32_t *b,
+                          uint32_t *c, uint32_t *d)
 {
     uint32_t ta, tb, tc;
     ta  =  *b;                      // 4567
     *b  =  *a;                      // 0123
-    *a  =  ARIA_P2( ta );           // 6745
-    tb  =  ARIA_P2( *d );           // efcd
-    *d  =  ARIA_P1( *c );           // 98ba
-    *c  =  ARIA_P1( tb );           // fedc
+    *a  =  ARIA_P2(ta);             // 6745
+    tb  =  ARIA_P2(*d);             // efcd
+    *d  =  ARIA_P1(*c);             // 98ba
+    *c  =  ARIA_P1(tb);             // fedc
     ta  ^= *d;                      // 4567+98ba
-    tc  =  ARIA_P2( *b );           // 2301
-    ta  =  ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc
-    tb  ^= ARIA_P2( *d );           // ba98+efcd
-    tc  ^= ARIA_P1( *a );           // 2301+7654
+    tc  =  ARIA_P2(*b);             // 2301
+    ta  =  ARIA_P1(ta) ^ tc ^ *c;   // 2301+5476+89ab+fedc
+    tb  ^= ARIA_P2(*d);             // ba98+efcd
+    tc  ^= ARIA_P1(*a);             // 2301+7654
     *b  ^= ta ^ tb;                 // 0123+2301+5476+89ab+ba98+efcd+fedc OUT
-    tb  =  ARIA_P2( tb ) ^ ta;      // 2301+5476+89ab+98ba+cdef+fedc
-    *a  ^= ARIA_P1( tb );           // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT
-    ta  =  ARIA_P2( ta );           // 0123+7654+ab89+dcfe
-    *d  ^= ARIA_P1( ta ) ^ tc;      // 1032+2301+6745+7654+98ba+ba98+cdef OUT
-    tc  =  ARIA_P2( tc );           // 0123+5476
-    *c  ^= ARIA_P1( tc ) ^ ta;      // 0123+1032+4567+7654+ab89+dcfe+fedc OUT
+    tb  =  ARIA_P2(tb) ^ ta;        // 2301+5476+89ab+98ba+cdef+fedc
+    *a  ^= ARIA_P1(tb);             // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT
+    ta  =  ARIA_P2(ta);             // 0123+7654+ab89+dcfe
+    *d  ^= ARIA_P1(ta) ^ tc;        // 1032+2301+6745+7654+98ba+ba98+cdef OUT
+    tc  =  ARIA_P2(tc);             // 0123+5476
+    *c  ^= ARIA_P1(tc) ^ ta;        // 0123+1032+4567+7654+ab89+dcfe+fedc OUT
 }
 
 /*
@@ -156,27 +156,27 @@
  * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1
  * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2
  */
-static inline void aria_sl( uint32_t *a, uint32_t *b,
-                            uint32_t *c, uint32_t *d,
-                            const uint8_t sa[256], const uint8_t sb[256],
-                            const uint8_t sc[256], const uint8_t sd[256] )
+static inline void aria_sl(uint32_t *a, uint32_t *b,
+                           uint32_t *c, uint32_t *d,
+                           const uint8_t sa[256], const uint8_t sb[256],
+                           const uint8_t sc[256], const uint8_t sd[256])
 {
-    *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
-    *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
-    *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
-    *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
+    *a = ((uint32_t) sa[MBEDTLS_BYTE_0(*a)]) ^
+         (((uint32_t) sb[MBEDTLS_BYTE_1(*a)]) <<  8) ^
+         (((uint32_t) sc[MBEDTLS_BYTE_2(*a)]) << 16) ^
+         (((uint32_t) sd[MBEDTLS_BYTE_3(*a)]) << 24);
+    *b = ((uint32_t) sa[MBEDTLS_BYTE_0(*b)]) ^
+         (((uint32_t) sb[MBEDTLS_BYTE_1(*b)]) <<  8) ^
+         (((uint32_t) sc[MBEDTLS_BYTE_2(*b)]) << 16) ^
+         (((uint32_t) sd[MBEDTLS_BYTE_3(*b)]) << 24);
+    *c = ((uint32_t) sa[MBEDTLS_BYTE_0(*c)]) ^
+         (((uint32_t) sb[MBEDTLS_BYTE_1(*c)]) <<  8) ^
+         (((uint32_t) sc[MBEDTLS_BYTE_2(*c)]) << 16) ^
+         (((uint32_t) sd[MBEDTLS_BYTE_3(*c)]) << 24);
+    *d = ((uint32_t) sa[MBEDTLS_BYTE_0(*d)]) ^
+         (((uint32_t) sb[MBEDTLS_BYTE_1(*d)]) <<  8) ^
+         (((uint32_t) sc[MBEDTLS_BYTE_2(*d)]) << 16) ^
+         (((uint32_t) sd[MBEDTLS_BYTE_3(*d)]) << 24);
 }
 
 /*
@@ -289,8 +289,8 @@
 /*
  * Helper for key schedule: r = FO( p, k ) ^ x
  */
-static void aria_fo_xor( uint32_t r[4], const uint32_t p[4],
-                         const uint32_t k[4], const uint32_t x[4] )
+static void aria_fo_xor(uint32_t r[4], const uint32_t p[4],
+                        const uint32_t k[4], const uint32_t x[4])
 {
     uint32_t a, b, c, d;
 
@@ -299,8 +299,8 @@
     c = p[2] ^ k[2];
     d = p[3] ^ k[3];
 
-    aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
-    aria_a( &a, &b, &c, &d );
+    aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2);
+    aria_a(&a, &b, &c, &d);
 
     r[0] = a ^ x[0];
     r[1] = b ^ x[1];
@@ -311,8 +311,8 @@
 /*
  * Helper for key schedule: r = FE( p, k ) ^ x
  */
-static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
-                         const uint32_t k[4], const uint32_t x[4] )
+static void aria_fe_xor(uint32_t r[4], const uint32_t p[4],
+                        const uint32_t k[4], const uint32_t x[4])
 {
     uint32_t a, b, c, d;
 
@@ -321,8 +321,8 @@
     c = p[2] ^ k[2];
     d = p[3] ^ k[3];
 
-    aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
-    aria_a( &a, &b, &c, &d );
+    aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
+    aria_a(&a, &b, &c, &d);
 
     r[0] = a ^ x[0];
     r[1] = b ^ x[1];
@@ -337,8 +337,8 @@
  * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
  * bytes here.
  */
-static void aria_rot128( uint32_t r[4], const uint32_t a[4],
-                         const uint32_t b[4], uint8_t n )
+static void aria_rot128(uint32_t r[4], const uint32_t a[4],
+                        const uint32_t b[4], uint8_t n)
 {
     uint8_t i, j;
     uint32_t t, u;
@@ -346,15 +346,14 @@
     const uint8_t n1 = n % 32;              // bit offset
     const uint8_t n2 = n1 ? 32 - n1 : 0;    // reverse bit offset
 
-    j = ( n / 32 ) % 4;                     // initial word offset
-    t = ARIA_P3( b[j] );                    // big endian
-    for( i = 0; i < 4; i++ )
-    {
-        j = ( j + 1 ) % 4;                  // get next word, big endian
-        u = ARIA_P3( b[j] );
+    j = (n / 32) % 4;                       // initial word offset
+    t = ARIA_P3(b[j]);                      // big endian
+    for (i = 0; i < 4; i++) {
+        j = (j + 1) % 4;                    // get next word, big endian
+        u = ARIA_P3(b[j]);
         t <<= n1;                           // rotate
         t |= u >> n2;
-        t = ARIA_P3( t );                   // back to little endian
+        t = ARIA_P3(t);                     // back to little endian
         r[i] = a[i] ^ t;                    // store
         t = u;                              // move to next word
     }
@@ -363,8 +362,8 @@
 /*
  * Set encryption key
  */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
-                             const unsigned char *key, unsigned int keybits )
+int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
+                            const unsigned char *key, unsigned int keybits)
 {
     /* round constant masks */
     const uint32_t rc[3][4] =
@@ -376,74 +375,71 @@
 
     int i;
     uint32_t w[4][4], *w2;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( key != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(key != NULL);
 
-    if( keybits != 128 && keybits != 192 && keybits != 256 )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+    if (keybits != 128 && keybits != 192 && keybits != 256) {
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
     /* Copy key to W0 (and potential remainder to W1) */
-    w[0][0] = MBEDTLS_GET_UINT32_LE( key,  0 );
-    w[0][1] = MBEDTLS_GET_UINT32_LE( key,  4 );
-    w[0][2] = MBEDTLS_GET_UINT32_LE( key,  8 );
-    w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
+    w[0][0] = MBEDTLS_GET_UINT32_LE(key,  0);
+    w[0][1] = MBEDTLS_GET_UINT32_LE(key,  4);
+    w[0][2] = MBEDTLS_GET_UINT32_LE(key,  8);
+    w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12);
 
-    memset( w[1], 0, 16 );
-    if( keybits >= 192 )
-    {
-        w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 );  // 192 bit key
-        w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
+    memset(w[1], 0, 16);
+    if (keybits >= 192) {
+        w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16);    // 192 bit key
+        w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20);
     }
-    if( keybits == 256 )
-    {
-        w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 );  // 256 bit key
-        w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
+    if (keybits == 256) {
+        w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24);    // 256 bit key
+        w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28);
     }
 
-    i = ( keybits - 128 ) >> 6;             // index: 0, 1, 2
+    i = (keybits - 128) >> 6;               // index: 0, 1, 2
     ctx->nr = 12 + 2 * i;                   // no. rounds: 12, 14, 16
 
-    aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR
+    aria_fo_xor(w[1], w[0], rc[i], w[1]);   // W1 = FO(W0, CK1) ^ KR
     i = i < 2 ? i + 1 : 0;
-    aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0
+    aria_fe_xor(w[2], w[1], rc[i], w[0]);   // W2 = FE(W1, CK2) ^ W0
     i = i < 2 ? i + 1 : 0;
-    aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1
+    aria_fo_xor(w[3], w[2], rc[i], w[1]);   // W3 = FO(W2, CK3) ^ W1
 
-    for( i = 0; i < 4; i++ )                // create round keys
-    {
+    for (i = 0; i < 4; i++) {               // create round keys
         w2 = w[(i + 1) & 3];
-        aria_rot128( ctx->rk[i     ], w[i], w2, 128 - 19 );
-        aria_rot128( ctx->rk[i +  4], w[i], w2, 128 - 31 );
-        aria_rot128( ctx->rk[i +  8], w[i], w2,       61 );
-        aria_rot128( ctx->rk[i + 12], w[i], w2,       31 );
+        aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);
+        aria_rot128(ctx->rk[i +  4], w[i], w2, 128 - 31);
+        aria_rot128(ctx->rk[i +  8], w[i], w2,       61);
+        aria_rot128(ctx->rk[i + 12], w[i], w2,       31);
     }
-    aria_rot128( ctx->rk[16], w[0], w[1], 19 );
+    aria_rot128(ctx->rk[16], w[0], w[1], 19);
 
     /* w holds enough info to reconstruct the round keys */
-    mbedtls_platform_zeroize( w, sizeof( w ) );
+    mbedtls_platform_zeroize(w, sizeof(w));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Set decryption key
  */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
-                             const unsigned char *key, unsigned int keybits )
+int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
+                            const unsigned char *key, unsigned int keybits)
 {
     int i, j, k, ret;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( key != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(key != NULL);
 
-    ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* flip the order of round keys */
-    for( i = 0, j = ctx->nr; i < j; i++, j-- )
-    {
-        for( k = 0; k < 4; k++ )
-        {
+    for (i = 0, j = ctx->nr; i < j; i++, j--) {
+        for (k = 0; k < 4; k++) {
             uint32_t t = ctx->rk[i][k];
             ctx->rk[i][k] = ctx->rk[j][k];
             ctx->rk[j][k] = t;
@@ -451,45 +447,43 @@
     }
 
     /* apply affine transform to middle keys */
-    for( i = 1; i < ctx->nr; i++ )
-    {
-        aria_a( &ctx->rk[i][0], &ctx->rk[i][1],
-                &ctx->rk[i][2], &ctx->rk[i][3] );
+    for (i = 1; i < ctx->nr; i++) {
+        aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
+               &ctx->rk[i][2], &ctx->rk[i][3]);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Encrypt a block
  */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
-                            const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] )
+int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
+                           const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
+                           unsigned char output[MBEDTLS_ARIA_BLOCKSIZE])
 {
     int i;
 
     uint32_t a, b, c, d;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( input != NULL );
-    ARIA_VALIDATE_RET( output != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(input != NULL);
+    ARIA_VALIDATE_RET(output != NULL);
 
-    a = MBEDTLS_GET_UINT32_LE( input,  0 );
-    b = MBEDTLS_GET_UINT32_LE( input,  4 );
-    c = MBEDTLS_GET_UINT32_LE( input,  8 );
-    d = MBEDTLS_GET_UINT32_LE( input, 12 );
+    a = MBEDTLS_GET_UINT32_LE(input,  0);
+    b = MBEDTLS_GET_UINT32_LE(input,  4);
+    c = MBEDTLS_GET_UINT32_LE(input,  8);
+    d = MBEDTLS_GET_UINT32_LE(input, 12);
 
     i = 0;
-    while( 1 )
-    {
+    while (1) {
         a ^= ctx->rk[i][0];
         b ^= ctx->rk[i][1];
         c ^= ctx->rk[i][2];
         d ^= ctx->rk[i][3];
         i++;
 
-        aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
-        aria_a( &a, &b, &c, &d );
+        aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2);
+        aria_a(&a, &b, &c, &d);
 
         a ^= ctx->rk[i][0];
         b ^= ctx->rk[i][1];
@@ -497,10 +491,11 @@
         d ^= ctx->rk[i][3];
         i++;
 
-        aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
-        if( i >= ctx->nr )
+        aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
+        if (i >= ctx->nr) {
             break;
-        aria_a( &a, &b, &c, &d );
+        }
+        aria_a(&a, &b, &c, &d);
     }
 
     /* final key mixing */
@@ -509,77 +504,74 @@
     c ^= ctx->rk[i][2];
     d ^= ctx->rk[i][3];
 
-    MBEDTLS_PUT_UINT32_LE( a, output,  0 );
-    MBEDTLS_PUT_UINT32_LE( b, output,  4 );
-    MBEDTLS_PUT_UINT32_LE( c, output,  8 );
-    MBEDTLS_PUT_UINT32_LE( d, output, 12 );
+    MBEDTLS_PUT_UINT32_LE(a, output,  0);
+    MBEDTLS_PUT_UINT32_LE(b, output,  4);
+    MBEDTLS_PUT_UINT32_LE(c, output,  8);
+    MBEDTLS_PUT_UINT32_LE(d, output, 12);
 
-    return( 0 );
+    return 0;
 }
 
 /* Initialize context */
-void mbedtls_aria_init( mbedtls_aria_context *ctx )
+void mbedtls_aria_init(mbedtls_aria_context *ctx)
 {
-    ARIA_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_aria_context ) );
+    ARIA_VALIDATE(ctx != NULL);
+    memset(ctx, 0, sizeof(mbedtls_aria_context));
 }
 
 /* Clear context */
-void mbedtls_aria_free( mbedtls_aria_context *ctx )
+void mbedtls_aria_free(mbedtls_aria_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context));
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /*
  * ARIA-CBC buffer encryption/decryption
  */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output )
+int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+                           const unsigned char *input,
+                           unsigned char *output)
 {
     unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
 
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
-                       mode == MBEDTLS_ARIA_DECRYPT );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( iv != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
+                      mode == MBEDTLS_ARIA_DECRYPT);
+    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
+    ARIA_VALIDATE_RET(length == 0 || output != NULL);
+    ARIA_VALIDATE_RET(iv != NULL);
 
-    if( length % MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
+    if (length % MBEDTLS_ARIA_BLOCKSIZE) {
+        return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_ARIA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE );
-            mbedtls_aria_crypt_ecb( ctx, input, output );
+    if (mode == MBEDTLS_ARIA_DECRYPT) {
+        while (length > 0) {
+            memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
+            mbedtls_aria_crypt_ecb(ctx, input, output);
 
-            mbedtls_xor( output, output, iv, MBEDTLS_ARIA_BLOCKSIZE );
+            mbedtls_xor(output, output, iv, MBEDTLS_ARIA_BLOCKSIZE);
 
-            memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE );
+            memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE);
 
             input  += MBEDTLS_ARIA_BLOCKSIZE;
             output += MBEDTLS_ARIA_BLOCKSIZE;
             length -= MBEDTLS_ARIA_BLOCKSIZE;
         }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            mbedtls_xor( output, input, iv, MBEDTLS_ARIA_BLOCKSIZE );
+    } else {
+        while (length > 0) {
+            mbedtls_xor(output, input, iv, MBEDTLS_ARIA_BLOCKSIZE);
 
-            mbedtls_aria_crypt_ecb( ctx, output, output );
-            memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE );
+            mbedtls_aria_crypt_ecb(ctx, output, output);
+            memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE);
 
             input  += MBEDTLS_ARIA_BLOCKSIZE;
             output += MBEDTLS_ARIA_BLOCKSIZE;
@@ -587,7 +579,7 @@
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -595,63 +587,61 @@
 /*
  * ARIA-CFB128 buffer encryption/decryption
  */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
-                               int mode,
-                               size_t length,
-                               size_t *iv_off,
-                               unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                               const unsigned char *input,
-                               unsigned char *output )
+int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
+                              int mode,
+                              size_t length,
+                              size_t *iv_off,
+                              unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+                              const unsigned char *input,
+                              unsigned char *output)
 {
     unsigned char c;
     size_t n;
 
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
-                       mode == MBEDTLS_ARIA_DECRYPT );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( iv != NULL );
-    ARIA_VALIDATE_RET( iv_off != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
+                      mode == MBEDTLS_ARIA_DECRYPT);
+    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
+    ARIA_VALIDATE_RET(length == 0 || output != NULL);
+    ARIA_VALIDATE_RET(iv != NULL);
+    ARIA_VALIDATE_RET(iv_off != NULL);
 
     n = *iv_off;
 
     /* An overly large value of n can lead to an unlimited
      * buffer overflow. Therefore, guard against this
      * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+    if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
-    if( mode == MBEDTLS_ARIA_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aria_crypt_ecb( ctx, iv, iv );
+    if (mode == MBEDTLS_ARIA_DECRYPT) {
+        while (length--) {
+            if (n == 0) {
+                mbedtls_aria_crypt_ecb(ctx, iv, iv);
+            }
 
             c = *input++;
             *output++ = c ^ iv[n];
             iv[n] = c;
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aria_crypt_ecb( ctx, iv, iv );
+    } else {
+        while (length--) {
+            if (n == 0) {
+                mbedtls_aria_crypt_ecb(ctx, iv, iv);
+            }
 
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+            iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
     }
 
     *iv_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -659,50 +649,52 @@
 /*
  * ARIA-CTR buffer encryption/decryption
  */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
-                            size_t length,
-                            size_t *nc_off,
-                            unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output )
+int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
+                           size_t length,
+                           size_t *nc_off,
+                           unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
+                           unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
+                           const unsigned char *input,
+                           unsigned char *output)
 {
     int c, i;
     size_t n;
 
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( nonce_counter != NULL );
-    ARIA_VALIDATE_RET( stream_block  != NULL );
-    ARIA_VALIDATE_RET( nc_off != NULL );
+    ARIA_VALIDATE_RET(ctx != NULL);
+    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
+    ARIA_VALIDATE_RET(length == 0 || output != NULL);
+    ARIA_VALIDATE_RET(nonce_counter != NULL);
+    ARIA_VALIDATE_RET(stream_block  != NULL);
+    ARIA_VALIDATE_RET(nc_off != NULL);
 
     n = *nc_off;
     /* An overly large value of n can lead to an unlimited
      * buffer overflow. Therefore, guard against this
      * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+    if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_aria_crypt_ecb( ctx, nonce_counter,
-                                stream_block );
+    while (length--) {
+        if (n == 0) {
+            mbedtls_aria_crypt_ecb(ctx, nonce_counter,
+                                   stream_block);
 
-            for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
+            for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {
+                if (++nonce_counter[i - 1] != 0) {
                     break;
+                }
+            }
         }
         c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
+        *output++ = (unsigned char) (c ^ stream_block[n]);
 
-        n = ( n + 1 ) & 0x0F;
+        n = (n + 1) & 0x0F;
     }
 
     *nc_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 #endif /* !MBEDTLS_ARIA_ALT */
@@ -841,22 +833,22 @@
 };
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
-#define ARIA_SELF_TEST_ASSERT( cond )                   \
-        do {                                            \
-            if( cond ) {                                \
-                if( verbose )                           \
-                    mbedtls_printf( "failed\n" );       \
-                goto exit;                              \
-            } else {                                    \
-                if( verbose )                           \
-                    mbedtls_printf( "passed\n" );       \
-            }                                           \
-        } while( 0 )
+#define ARIA_SELF_TEST_ASSERT(cond)                   \
+    do {                                            \
+        if (cond) {                                \
+            if (verbose)                           \
+            mbedtls_printf("failed\n");       \
+            goto exit;                              \
+        } else {                                    \
+            if (verbose)                           \
+            mbedtls_printf("passed\n");       \
+        }                                           \
+    } while (0)
 
 /*
  * Checkup routine
  */
-int mbedtls_aria_self_test( int verbose )
+int mbedtls_aria_self_test(int verbose)
 {
     int i;
     uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
@@ -868,134 +860,142 @@
 #endif
 
 #if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
-     defined(MBEDTLS_CIPHER_MODE_CFB) || \
-     defined(MBEDTLS_CIPHER_MODE_CTR))
+    defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_CTR))
     uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
 #endif
 
-    mbedtls_aria_init( &ctx );
+    mbedtls_aria_init(&ctx);
 
     /*
      * Test set 1
      */
-    for( i = 0; i < 3; i++ )
-    {
+    for (i = 0; i < 3; i++) {
         /* test ECB encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-ECB-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
-        mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
+        if (verbose) {
+            mbedtls_printf("  ARIA-ECB-%d (enc): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);
+        mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk);
         ARIA_SELF_TEST_ASSERT(
-                memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
-                != 0 );
+            memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE)
+            != 0);
 
         /* test ECB decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-ECB-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
-        mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
+        if (verbose) {
+            mbedtls_printf("  ARIA-ECB-%d (dec): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
+        mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
         ARIA_SELF_TEST_ASSERT(
-                memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
-                != 0 );
+            memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
+            != 0);
     }
-    if( verbose )
-        mbedtls_printf( "\n" );
+    if (verbose) {
+        mbedtls_printf("\n");
+    }
 
     /*
      * Test set 2
      */
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    for( i = 0; i < 3; i++ )
-    {
+    for (i = 0; i < 3; i++) {
         /* Test CBC encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CBC-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0x55, sizeof( buf ) );
-        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
-                != 0 );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CBC-%d (enc): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+        memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+        memset(buf, 0x55, sizeof(buf));
+        mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
+                               aria_test2_pt, buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cbc_ct[i], 48)
+                              != 0);
 
         /* Test CBC decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CBC-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0xAA, sizeof( buf ) );
-        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
-            aria_test2_cbc_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CBC-%d (dec): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);
+        memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+        memset(buf, 0xAA, sizeof(buf));
+        mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
+                               aria_test2_cbc_ct[i], buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
-        mbedtls_printf( "\n" );
+    if (verbose) {
+        mbedtls_printf("\n");
+    }
 
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-    for( i = 0; i < 3; i++ )
-    {
+    for (i = 0; i < 3; i++) {
         /* Test CFB encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CFB-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0x55, sizeof( buf ) );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CFB-%d (enc): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+        memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+        memset(buf, 0x55, sizeof(buf));
         j = 0;
-        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
+        mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
+                                  aria_test2_pt, buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);
 
         /* Test CFB decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CFB-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0xAA, sizeof( buf ) );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CFB-%d (dec): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+        memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
+        memset(buf, 0xAA, sizeof(buf));
         j = 0;
-        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
-            iv, aria_test2_cfb_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+        mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
+                                  iv, aria_test2_cfb_ct[i], buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
-        mbedtls_printf( "\n" );
+    if (verbose) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-    for( i = 0; i < 3; i++ )
-    {
+    for (i = 0; i < 3; i++) {
         /* Test CTR encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CTR-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
-        memset( buf, 0x55, sizeof( buf ) );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CTR-%d (enc): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+        memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE);                      // IV = 0
+        memset(buf, 0x55, sizeof(buf));
         j = 0;
-        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
+        mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk,
+                               aria_test2_pt, buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);
 
         /* Test CTR decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CTR-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
-        memset( buf, 0xAA, sizeof( buf ) );
+        if (verbose) {
+            mbedtls_printf("  ARIA-CTR-%d (dec): ", 128 + 64 * i);
+        }
+        mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
+        memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE);                      // IV = 0
+        memset(buf, 0xAA, sizeof(buf));
         j = 0;
-        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
-            aria_test2_ctr_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
+        mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk,
+                               aria_test2_ctr_ct[i], buf);
+        ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
-        mbedtls_printf( "\n" );
+    if (verbose) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
     ret = 0;
 
 exit:
-    mbedtls_aria_free( &ctx );
-    return( ret );
+    mbedtls_aria_free(&ctx);
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/asn1parse.c b/library/asn1parse.c
index 28a3b14..d257ef4 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -36,203 +36,219 @@
 /*
  * ASN.1 DER decoding routines
  */
-int mbedtls_asn1_get_len( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len )
+int mbedtls_asn1_get_len(unsigned char **p,
+                         const unsigned char *end,
+                         size_t *len)
 {
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    if( ( **p & 0x80 ) == 0 )
+    if ((**p & 0x80) == 0) {
         *len = *(*p)++;
-    else
-    {
-        switch( **p & 0x7F )
-        {
-        case 1:
-            if( ( end - *p ) < 2 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    } else {
+        switch (**p & 0x7F) {
+            case 1:
+                if ((end - *p) < 2) {
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
-            *len = (*p)[1];
-            (*p) += 2;
-            break;
+                *len = (*p)[1];
+                (*p) += 2;
+                break;
 
-        case 2:
-            if( ( end - *p ) < 3 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+            case 2:
+                if ((end - *p) < 3) {
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
-            *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
-            (*p) += 3;
-            break;
+                *len = ((size_t) (*p)[1] << 8) | (*p)[2];
+                (*p) += 3;
+                break;
 
-        case 3:
-            if( ( end - *p ) < 4 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+            case 3:
+                if ((end - *p) < 4) {
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
-            *len = ( (size_t)(*p)[1] << 16 ) |
-                   ( (size_t)(*p)[2] << 8  ) | (*p)[3];
-            (*p) += 4;
-            break;
+                *len = ((size_t) (*p)[1] << 16) |
+                       ((size_t) (*p)[2] << 8) | (*p)[3];
+                (*p) += 4;
+                break;
 
-        case 4:
-            if( ( end - *p ) < 5 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+            case 4:
+                if ((end - *p) < 5) {
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
-            *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
-                   ( (size_t)(*p)[3] << 8  ) |           (*p)[4];
-            (*p) += 5;
-            break;
+                *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
+                       ((size_t) (*p)[3] << 8) |           (*p)[4];
+                (*p) += 5;
+                break;
 
-        default:
-            return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+            default:
+                return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
         }
     }
 
-    if( *len > (size_t) ( end - *p ) )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    if (*len > (size_t) (end - *p)) {
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_asn1_get_tag( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len, int tag )
+int mbedtls_asn1_get_tag(unsigned char **p,
+                         const unsigned char *end,
+                         size_t *len, int tag)
 {
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    if( **p != tag )
-        return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+    if (**p != tag) {
+        return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+    }
 
     (*p)++;
 
-    return( mbedtls_asn1_get_len( p, end, len ) );
+    return mbedtls_asn1_get_len(p, end, len);
 }
 
-int mbedtls_asn1_get_bool( unsigned char **p,
-                   const unsigned char *end,
-                   int *val )
+int mbedtls_asn1_get_bool(unsigned char **p,
+                          const unsigned char *end,
+                          int *val)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) {
+        return ret;
+    }
 
-    if( len != 1 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if (len != 1) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
-    *val = ( **p != 0 ) ? 1 : 0;
+    *val = (**p != 0) ? 1 : 0;
     (*p)++;
 
-    return( 0 );
+    return 0;
 }
 
-static int asn1_get_tagged_int( unsigned char **p,
-                                const unsigned char *end,
-                                int tag, int *val )
+static int asn1_get_tagged_int(unsigned char **p,
+                               const unsigned char *end,
+                               int tag, int *val)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) {
+        return ret;
+    }
 
     /*
      * len==0 is malformed (0 must be represented as 020100 for INTEGER,
      * or 0A0100 for ENUMERATED tags
      */
-    if( len == 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if (len == 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
     /* This is a cryptography library. Reject negative integers. */
-    if( ( **p & 0x80 ) != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if ((**p & 0x80) != 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
     /* Skip leading zeros. */
-    while( len > 0 && **p == 0 )
-    {
-        ++( *p );
+    while (len > 0 && **p == 0) {
+        ++(*p);
         --len;
     }
 
     /* Reject integers that don't fit in an int. This code assumes that
      * the int type has no padding bit. */
-    if( len > sizeof( int ) )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-    if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if (len > sizeof(int)) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
+    if (len == sizeof(int) && (**p & 0x80) != 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
     *val = 0;
-    while( len-- > 0 )
-    {
-        *val = ( *val << 8 ) | **p;
+    while (len-- > 0) {
+        *val = (*val << 8) | **p;
         (*p)++;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_asn1_get_int( unsigned char **p,
+int mbedtls_asn1_get_int(unsigned char **p,
+                         const unsigned char *end,
+                         int *val)
+{
+    return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val);
+}
+
+int mbedtls_asn1_get_enum(unsigned char **p,
                           const unsigned char *end,
-                          int *val )
+                          int *val)
 {
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
-}
-
-int mbedtls_asn1_get_enum( unsigned char **p,
-                           const unsigned char *end,
-                           int *val )
-{
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
+    return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val);
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_mpi *X )
+int mbedtls_asn1_get_mpi(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_mpi *X)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_mpi_read_binary( X, *p, len );
+    ret = mbedtls_mpi_read_binary(X, *p, len);
 
     *p += len;
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_BIGNUM_C */
 
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                        mbedtls_asn1_bitstring *bs)
+int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end,
+                               mbedtls_asn1_bitstring *bs)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Certificate type is a single byte bitstring */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
+        return ret;
+    }
 
     /* Check length, subtract one for actual bit string length */
-    if( bs->len < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    if (bs->len < 1) {
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
     bs->len -= 1;
 
     /* Get number of unused bits, ensure unused bits <= 7 */
     bs->unused_bits = **p;
-    if( bs->unused_bits > 7 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if (bs->unused_bits > 7) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
     (*p)++;
 
     /* Get actual bitstring */
     bs->p = *p;
     *p += bs->len;
 
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (*p != end) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -244,104 +260,105 @@
     const unsigned char *end,
     unsigned char tag_must_mask, unsigned char tag_must_val,
     unsigned char tag_may_mask, unsigned char tag_may_val,
-    int (*cb)( void *ctx, int tag,
-               unsigned char *start, size_t len ),
-    void *ctx )
+    int (*cb)(void *ctx, int tag,
+              unsigned char *start, size_t len),
+    void *ctx)
 {
     int ret;
     size_t len;
 
     /* Get main sequence tag */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
     }
 
-    if( *p + len != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (*p + len != end) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    while( *p < end )
-    {
+    while (*p < end) {
         unsigned char const tag = *(*p)++;
 
-        if( ( tag & tag_must_mask ) != tag_must_val )
-            return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+        if ((tag & tag_must_mask) != tag_must_val) {
+            return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+        }
 
-        if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) {
+            return ret;
+        }
 
-        if( ( tag & tag_may_mask ) == tag_may_val )
-        {
-            if( cb != NULL )
-            {
-                ret = cb( ctx, tag, *p, len );
-                if( ret != 0 )
-                    return( ret );
+        if ((tag & tag_may_mask) == tag_may_val) {
+            if (cb != NULL) {
+                ret = cb(ctx, tag, *p, len);
+                if (ret != 0) {
+                    return ret;
+                }
             }
         }
 
         *p += len;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Get a bit string without unused bits
  */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
-                             size_t *len )
+int mbedtls_asn1_get_bitstring_null(unsigned char **p, const unsigned char *end,
+                                    size_t *len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
+        return ret;
+    }
 
-    if( *len == 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-    --( *len );
+    if (*len == 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
+    --(*len);
 
-    if( **p != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-    ++( *p );
+    if (**p != 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
+    ++(*p);
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
+void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq)
 {
-    while( seq != NULL )
-    {
+    while (seq != NULL) {
         mbedtls_asn1_sequence *next = seq->next;
-        mbedtls_free( seq );
+        mbedtls_free(seq);
         seq = next;
     }
 }
 
-typedef struct
-{
+typedef struct {
     int tag;
     mbedtls_asn1_sequence *cur;
 } asn1_get_sequence_of_cb_ctx_t;
 
-static int asn1_get_sequence_of_cb( void *ctx,
-                                    int tag,
-                                    unsigned char *start,
-                                    size_t len )
+static int asn1_get_sequence_of_cb(void *ctx,
+                                   int tag,
+                                   unsigned char *start,
+                                   size_t len)
 {
     asn1_get_sequence_of_cb_ctx_t *cb_ctx =
         (asn1_get_sequence_of_cb_ctx_t *) ctx;
     mbedtls_asn1_sequence *cur =
         cb_ctx->cur;
 
-    if( cur->buf.p != NULL )
-    {
+    if (cur->buf.p != NULL) {
         cur->next =
-            mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+            mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
 
-        if( cur->next == NULL )
-            return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+        if (cur->next == NULL) {
+            return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+        }
 
         cur = cur->next;
     }
@@ -351,136 +368,139 @@
     cur->buf.tag = tag;
 
     cb_ctx->cur = cur;
-    return( 0 );
+    return 0;
 }
 
 /*
  *  Parses and splits an ASN.1 "SEQUENCE OF <tag>"
  */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_asn1_sequence *cur,
-                          int tag)
+int mbedtls_asn1_get_sequence_of(unsigned char **p,
+                                 const unsigned char *end,
+                                 mbedtls_asn1_sequence *cur,
+                                 int tag)
 {
     asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
-    memset( cur, 0, sizeof( mbedtls_asn1_sequence ) );
-    return( mbedtls_asn1_traverse_sequence_of(
-                p, end, 0xFF, tag, 0, 0,
-                asn1_get_sequence_of_cb, &cb_ctx ) );
+    memset(cur, 0, sizeof(mbedtls_asn1_sequence));
+    return mbedtls_asn1_traverse_sequence_of(
+        p, end, 0xFF, tag, 0, 0,
+        asn1_get_sequence_of_cb, &cb_ctx);
 }
 
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
+int mbedtls_asn1_get_alg(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
     alg->tag = **p;
     end = *p + len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) {
+        return ret;
+    }
 
     alg->p = *p;
     *p += alg->len;
 
-    if( *p == end )
-    {
-        mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
-        return( 0 );
+    if (*p == end) {
+        mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
+        return 0;
     }
 
     params->tag = **p;
     (*p)++;
 
-    if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_len(p, end, &params->len)) != 0) {
+        return ret;
+    }
 
     params->p = *p;
     *p += params->len;
 
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (*p != end) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg )
+int mbedtls_asn1_get_alg_null(unsigned char **p,
+                              const unsigned char *end,
+                              mbedtls_asn1_buf *alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_asn1_buf params;
 
-    memset( &params, 0, sizeof(mbedtls_asn1_buf) );
+    memset(&params, 0, sizeof(mbedtls_asn1_buf));
 
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_alg(p, end, alg, &params)) != 0) {
+        return ret;
+    }
 
-    if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+    if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
+void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur)
 {
-    if( cur == NULL )
+    if (cur == NULL) {
         return;
+    }
 
-    mbedtls_free( cur->oid.p );
-    mbedtls_free( cur->val.p );
+    mbedtls_free(cur->oid.p);
+    mbedtls_free(cur->val.p);
 
-    mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
+    mbedtls_platform_zeroize(cur, sizeof(mbedtls_asn1_named_data));
 }
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
+void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head)
 {
     mbedtls_asn1_named_data *cur;
 
-    while( ( cur = *head ) != NULL )
-    {
+    while ((cur = *head) != NULL) {
         *head = cur->next;
-        mbedtls_free( cur->oid.p );
-        mbedtls_free( cur->val.p );
-        mbedtls_free( cur );
+        mbedtls_free(cur->oid.p);
+        mbedtls_free(cur->val.p);
+        mbedtls_free(cur);
     }
 }
 
-void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name )
+void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name)
 {
-    for( mbedtls_asn1_named_data *next; name != NULL; name = next )
-    {
+    for (mbedtls_asn1_named_data *next; name != NULL; name = next) {
         next = name->next;
-        mbedtls_free( name );
+        mbedtls_free(name);
     }
 }
 
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len )
+const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
+                                                            const char *oid, size_t len)
 {
-    while( list != NULL )
-    {
-        if( list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
-        {
+    while (list != NULL) {
+        if (list->oid.len == len &&
+            memcmp(list->oid.p, oid, len) == 0) {
             break;
         }
 
         list = list->next;
     }
 
-    return( list );
+    return list;
 }
 
 #endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/library/asn1write.c b/library/asn1write.c
index 98c591d..b9d586a 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -28,452 +28,454 @@
 
 #include "mbedtls/platform.h"
 
-int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_t len )
+int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len)
 {
-    if( len < 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (len < 0x80) {
+        if (*p - start < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
         *--(*p) = (unsigned char) len;
-        return( 1 );
+        return 1;
     }
 
-    if( len <= 0xFF )
-    {
-        if( *p - start < 2 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (len <= 0xFF) {
+        if (*p - start < 2) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
         *--(*p) = (unsigned char) len;
         *--(*p) = 0x81;
-        return( 2 );
+        return 2;
     }
 
-    if( len <= 0xFFFF )
-    {
-        if( *p - start < 3 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (len <= 0xFFFF) {
+        if (*p - start < 3) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
+        *--(*p) = MBEDTLS_BYTE_0(len);
+        *--(*p) = MBEDTLS_BYTE_1(len);
         *--(*p) = 0x82;
-        return( 3 );
+        return 3;
     }
 
-    if( len <= 0xFFFFFF )
-    {
-        if( *p - start < 4 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (len <= 0xFFFFFF) {
+        if (*p - start < 4) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
-        *--(*p) = MBEDTLS_BYTE_2( len );
+        *--(*p) = MBEDTLS_BYTE_0(len);
+        *--(*p) = MBEDTLS_BYTE_1(len);
+        *--(*p) = MBEDTLS_BYTE_2(len);
         *--(*p) = 0x83;
-        return( 4 );
+        return 4;
     }
 
     int len_is_valid = 1;
 #if SIZE_MAX > 0xFFFFFFFF
-    len_is_valid = ( len <= 0xFFFFFFFF );
+    len_is_valid = (len <= 0xFFFFFFFF);
 #endif
-    if( len_is_valid )
-    {
-        if( *p - start < 5 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (len_is_valid) {
+        if (*p - start < 5) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
-        *--(*p) = MBEDTLS_BYTE_2( len );
-        *--(*p) = MBEDTLS_BYTE_3( len );
+        *--(*p) = MBEDTLS_BYTE_0(len);
+        *--(*p) = MBEDTLS_BYTE_1(len);
+        *--(*p) = MBEDTLS_BYTE_2(len);
+        *--(*p) = MBEDTLS_BYTE_3(len);
         *--(*p) = 0x84;
-        return( 5 );
+        return 5;
     }
 
-    return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
 }
 
-int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag )
+int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag)
 {
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p - start < 1) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *--(*p) = tag;
 
-    return( 1 );
+    return 1;
 }
 
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
-                           const unsigned char *buf, size_t size )
+int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
+                                  const unsigned char *buf, size_t size)
 {
     size_t len = 0;
 
-    if( *p < start || (size_t)( *p - start ) < size )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p < start || (size_t) (*p - start) < size) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = size;
     (*p) -= len;
-    memcpy( *p, buf, len );
+    memcpy(*p, buf, len);
 
-    return( (int) len );
+    return (int) len;
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const mbedtls_mpi *X )
+int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const mbedtls_mpi *X)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
     // Write the MPI
     //
-    len = mbedtls_mpi_size( X );
+    len = mbedtls_mpi_size(X);
 
     /* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
      * as 0 digits. We need to end up with 020100, not with 0200. */
-    if( len == 0 )
+    if (len == 0) {
         len = 1;
+    }
 
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p < start || (size_t) (*p - start) < len) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     (*p) -= len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len));
 
     // DER format assumes 2s complement for numbers, so the leftmost bit
     // should be 0 for positive numbers and 1 for negative numbers.
     //
-    if( X->s ==1 && **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (X->s == 1 && **p & 0x80) {
+        if (*p - start < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
         *--(*p) = 0x00;
         len += 1;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER));
 
     ret = (int) len;
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_BIGNUM_C */
 
-int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start )
+int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
     // Write NULL
     //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
-                    const char *oid, size_t oid_len )
+int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
+                           const char *oid, size_t oid_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                  (const unsigned char *) oid, oid_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+                                                            (const unsigned char *) oid, oid_len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, const unsigned char *start,
-                                     const char *oid, size_t oid_len,
-                                     size_t par_len )
+int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start,
+                                            const char *oid, size_t oid_len,
+                                            size_t par_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( par_len == 0 )
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
-    else
+    if (par_len == 0) {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
+    } else {
         len += par_len;
+    }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start, int boolean )
+int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p - start < 1) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *--(*p) = (boolean) ? 255 : 0;
     len++;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
 
-    return( (int) len );
+    return (int) len;
 }
 
-static int asn1_write_tagged_int( unsigned char **p, const unsigned char *start, int val, int tag )
+static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    do
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    do {
+        if (*p - start < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
         len += 1;
         *--(*p) = val & 0xff;
         val >>= 8;
-    }
-    while( val > 0 );
+    } while (val > 0);
 
-    if( **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (**p & 0x80) {
+        if (*p - start < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
         *--(*p) = 0x00;
         len += 1;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val )
+int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val)
 {
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
+    return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER);
 }
 
-int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val )
+int mbedtls_asn1_write_enum(unsigned char **p, const unsigned char *start, int val)
 {
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
+    return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED);
 }
 
-int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start, int tag,
-    const char *text, size_t text_len )
+int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *start, int tag,
+                                     const char *text, size_t text_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-        (const unsigned char *) text, text_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+                                                            (const unsigned char *) text,
+                                                            text_len));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
-    const char *text, size_t text_len )
+int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
+                                   const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len);
 }
 
-int mbedtls_asn1_write_printable_string( unsigned char **p, const unsigned char *start,
-                                 const char *text, size_t text_len )
+int mbedtls_asn1_write_printable_string(unsigned char **p, const unsigned char *start,
+                                        const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text,
+                                            text_len);
 }
 
-int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
-                           const char *text, size_t text_len )
+int mbedtls_asn1_write_ia5_string(unsigned char **p, const unsigned char *start,
+                                  const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len);
 }
 
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        const unsigned char *start,
-                                        const unsigned char *buf,
-                                        size_t bits )
+int mbedtls_asn1_write_named_bitstring(unsigned char **p,
+                                       const unsigned char *start,
+                                       const unsigned char *buf,
+                                       size_t bits)
 {
     size_t unused_bits, byte_len;
     const unsigned char *cur_byte;
     unsigned char cur_byte_shifted;
     unsigned char bit;
 
-    byte_len = ( bits + 7 ) / 8;
-    unused_bits = ( byte_len * 8 ) - bits;
+    byte_len = (bits + 7) / 8;
+    unused_bits = (byte_len * 8) - bits;
 
     /*
      * Named bitstrings require that trailing 0s are excluded in the encoding
      * of the bitstring. Trailing 0s are considered part of the 'unused' bits
      * when encoding this value in the first content octet
      */
-    if( bits != 0 )
-    {
+    if (bits != 0) {
         cur_byte = buf + byte_len - 1;
         cur_byte_shifted = *cur_byte >> unused_bits;
 
-        for( ; ; )
-        {
+        for (;;) {
             bit = cur_byte_shifted & 0x1;
             cur_byte_shifted >>= 1;
 
-            if( bit != 0 )
+            if (bit != 0) {
                 break;
+            }
 
             bits--;
-            if( bits == 0 )
+            if (bits == 0) {
                 break;
+            }
 
-            if( bits % 8 == 0 )
+            if (bits % 8 == 0) {
                 cur_byte_shifted = *--cur_byte;
+            }
         }
     }
 
-    return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
+    return mbedtls_asn1_write_bitstring(p, start, buf, bits);
 }
 
-int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
-                          const unsigned char *buf, size_t bits )
+int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
+                                 const unsigned char *buf, size_t bits)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     size_t unused_bits, byte_len;
 
-    byte_len = ( bits + 7 ) / 8;
-    unused_bits = ( byte_len * 8 ) - bits;
+    byte_len = (bits + 7) / 8;
+    unused_bits = (byte_len * 8) - bits;
 
-    if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p < start || (size_t) (*p - start) < byte_len + 1) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = byte_len + 1;
 
     /* Write the bitstring. Ensure the unused bits are zeroed */
-    if( byte_len > 0 )
-    {
+    if (byte_len > 0) {
         byte_len--;
-        *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
-        ( *p ) -= byte_len;
-        memcpy( *p, buf, byte_len );
+        *--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
+        (*p) -= byte_len;
+        memcpy(*p, buf, byte_len);
     }
 
     /* Write unused bits */
-    *--( *p ) = (unsigned char)unused_bits;
+    *--(*p) = (unsigned char) unused_bits;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
-                             const unsigned char *buf, size_t size )
+int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
+                                    const unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
 
-    return( (int) len );
+    return (int) len;
 }
 
 
 /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
  * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
 static mbedtls_asn1_named_data *asn1_find_named_data(
-                                               mbedtls_asn1_named_data *list,
-                                               const char *oid, size_t len )
+    mbedtls_asn1_named_data *list,
+    const char *oid, size_t len)
 {
-    while( list != NULL )
-    {
-        if( list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
-        {
+    while (list != NULL) {
+        if (list->oid.len == len &&
+            memcmp(list->oid.p, oid, len) == 0) {
             break;
         }
 
         list = list->next;
     }
 
-    return( list );
+    return list;
 }
 
 mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
-                                        mbedtls_asn1_named_data **head,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len )
+    mbedtls_asn1_named_data **head,
+    const char *oid, size_t oid_len,
+    const unsigned char *val,
+    size_t val_len)
 {
     mbedtls_asn1_named_data *cur;
 
-    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
-    {
+    if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
         // Add new entry if not present yet based on OID
         //
-        cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
-                                            sizeof(mbedtls_asn1_named_data) );
-        if( cur == NULL )
-            return( NULL );
-
-        cur->oid.len = oid_len;
-        cur->oid.p = mbedtls_calloc( 1, oid_len );
-        if( cur->oid.p == NULL )
-        {
-            mbedtls_free( cur );
-            return( NULL );
+        cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1,
+                                                         sizeof(mbedtls_asn1_named_data));
+        if (cur == NULL) {
+            return NULL;
         }
 
-        memcpy( cur->oid.p, oid, oid_len );
+        cur->oid.len = oid_len;
+        cur->oid.p = mbedtls_calloc(1, oid_len);
+        if (cur->oid.p == NULL) {
+            mbedtls_free(cur);
+            return NULL;
+        }
+
+        memcpy(cur->oid.p, oid, oid_len);
 
         cur->val.len = val_len;
-        if( val_len != 0 )
-        {
-            cur->val.p = mbedtls_calloc( 1, val_len );
-            if( cur->val.p == NULL )
-            {
-                mbedtls_free( cur->oid.p );
-                mbedtls_free( cur );
-                return( NULL );
+        if (val_len != 0) {
+            cur->val.p = mbedtls_calloc(1, val_len);
+            if (cur->val.p == NULL) {
+                mbedtls_free(cur->oid.p);
+                mbedtls_free(cur);
+                return NULL;
             }
         }
 
         cur->next = *head;
         *head = cur;
-    }
-    else if( val_len == 0 )
-    {
-        mbedtls_free( cur->val.p );
+    } else if (val_len == 0) {
+        mbedtls_free(cur->val.p);
         cur->val.p = NULL;
-    }
-    else if( cur->val.len != val_len )
-    {
+    } else if (cur->val.len != val_len) {
         /*
          * Enlarge existing value buffer if needed
          * Preserve old data until the allocation succeeded, to leave list in
          * a consistent state in case allocation fails.
          */
-        void *p = mbedtls_calloc( 1, val_len );
-        if( p == NULL )
-            return( NULL );
+        void *p = mbedtls_calloc(1, val_len);
+        if (p == NULL) {
+            return NULL;
+        }
 
-        mbedtls_free( cur->val.p );
+        mbedtls_free(cur->val.p);
         cur->val.p = p;
         cur->val.len = val_len;
     }
 
-    if( val != NULL && val_len != 0 )
-        memcpy( cur->val.p, val, val_len );
+    if (val != NULL && val_len != 0) {
+        memcpy(cur->val.p, val, val_len);
+    }
 
-    return( cur );
+    return cur;
 }
 #endif /* MBEDTLS_ASN1_WRITE_C */
diff --git a/library/base64.c b/library/base64.c
index 9021a04..4170610 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -31,68 +31,65 @@
 #include "mbedtls/platform.h"
 #endif /* MBEDTLS_SELF_TEST */
 
-#define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+#define BASE64_SIZE_T_MAX   ((size_t) -1)   /* SIZE_T_MAX is not standard */
 
 /*
  * Encode a buffer into base64 format
  */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
+int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
+                          const unsigned char *src, size_t slen)
 {
     size_t i, n;
     int C1, C2, C3;
     unsigned char *p;
 
-    if( slen == 0 )
-    {
+    if (slen == 0) {
         *olen = 0;
-        return( 0 );
+        return 0;
     }
 
-    n = slen / 3 + ( slen % 3 != 0 );
+    n = slen / 3 + (slen % 3 != 0);
 
-    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
-    {
+    if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
         *olen = BASE64_SIZE_T_MAX;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
     n *= 4;
 
-    if( ( dlen < n + 1 ) || ( NULL == dst ) )
-    {
+    if ((dlen < n + 1) || (NULL == dst)) {
         *olen = n + 1;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
-    n = ( slen / 3 ) * 3;
+    n = (slen / 3) * 3;
 
-    for( i = 0, p = dst; i < n; i += 3 )
-    {
+    for (i = 0, p = dst; i < n; i += 3) {
         C1 = *src++;
         C2 = *src++;
         C3 = *src++;
 
-        *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) )
-                                        & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
-                                        & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( C3 & 0x3F );
+        *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F);
+        *p++ = mbedtls_ct_base64_enc_char((((C1 &  3) << 4) + (C2 >> 4))
+                                          & 0x3F);
+        *p++ = mbedtls_ct_base64_enc_char((((C2 & 15) << 2) + (C3 >> 6))
+                                          & 0x3F);
+        *p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F);
     }
 
-    if( i < slen )
-    {
+    if (i < slen) {
         C1 = *src++;
-        C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
+        C2 = ((i + 1) < slen) ? *src++ : 0;
 
-        *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
-                                        & 0x3F );
+        *p++ = mbedtls_ct_base64_enc_char((C1 >> 2) & 0x3F);
+        *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
+                                          & 0x3F);
 
-        if( ( i + 1 ) < slen )
-             *p++ = mbedtls_ct_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
-        else *p++ = '=';
+        if ((i + 1) < slen) {
+            *p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F);
+        } else {
+            *p++ = '=';
+        }
 
         *p++ = '=';
     }
@@ -100,14 +97,14 @@
     *olen = p - dst;
     *p = 0;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Decode a base64-formatted buffer
  */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
+int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen,
+                          const unsigned char *src, size_t slen)
 {
     size_t i; /* index in source */
     size_t n; /* number of digits or trailing = in source */
@@ -118,92 +115,97 @@
     unsigned char *p;
 
     /* First pass: check for validity and get output length */
-    for( i = n = 0; i < slen; i++ )
-    {
+    for (i = n = 0; i < slen; i++) {
         /* Skip spaces before checking for EOL */
         spaces_present = 0;
-        while( i < slen && src[i] == ' ' )
-        {
+        while (i < slen && src[i] == ' ') {
             ++i;
             spaces_present = 1;
         }
 
         /* Spaces at end of buffer are OK */
-        if( i == slen )
+        if (i == slen) {
             break;
+        }
 
-        if( ( slen - i ) >= 2 &&
-            src[i] == '\r' && src[i + 1] == '\n' )
+        if ((slen - i) >= 2 &&
+            src[i] == '\r' && src[i + 1] == '\n') {
             continue;
+        }
 
-        if( src[i] == '\n' )
+        if (src[i] == '\n') {
             continue;
+        }
 
         /* Space inside a line is an error */
-        if( spaces_present )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] > 127 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] == '=' )
-        {
-            if( ++equals > 2 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+        if (spaces_present) {
+            return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
         }
-        else
-        {
-            if( equals != 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-            if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+        if (src[i] > 127) {
+            return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+        }
+
+        if (src[i] == '=') {
+            if (++equals > 2) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+            }
+        } else {
+            if (equals != 0) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+            }
+            if (mbedtls_ct_base64_dec_value(src[i]) < 0) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+            }
         }
         n++;
     }
 
-    if( n == 0 )
-    {
+    if (n == 0) {
         *olen = 0;
-        return( 0 );
+        return 0;
     }
 
     /* The following expression is to calculate the following formula without
      * risk of integer overflow in n:
      *     n = ( ( n * 6 ) + 7 ) >> 3;
      */
-    n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
+    n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
     n -= equals;
 
-    if( dst == NULL || dlen < n )
-    {
+    if (dst == NULL || dlen < n) {
         *olen = n;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
     equals = 0;
-    for( x = 0, p = dst; i > 0; i--, src++ )
-    {
-        if( *src == '\r' || *src == '\n' || *src == ' ' )
+    for (x = 0, p = dst; i > 0; i--, src++) {
+        if (*src == '\r' || *src == '\n' || *src == ' ') {
             continue;
+        }
 
         x = x << 6;
-        if( *src == '=' )
+        if (*src == '=') {
             ++equals;
-        else
-            x |= mbedtls_ct_base64_dec_value( *src );
+        } else {
+            x |= mbedtls_ct_base64_dec_value(*src);
+        }
 
-        if( ++accumulated_digits == 4 )
-        {
+        if (++accumulated_digits == 4) {
             accumulated_digits = 0;
-            *p++ = MBEDTLS_BYTE_2( x );
-            if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
-            if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
+            *p++ = MBEDTLS_BYTE_2(x);
+            if (equals <= 1) {
+                *p++ = MBEDTLS_BYTE_1(x);
+            }
+            if (equals <= 0) {
+                *p++ = MBEDTLS_BYTE_0(x);
+            }
         }
     }
 
     *olen = p - dst;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -227,44 +229,47 @@
 /*
  * Checkup routine
  */
-int mbedtls_base64_self_test( int verbose )
+int mbedtls_base64_self_test(int verbose)
 {
     size_t len;
     const unsigned char *src;
     unsigned char buffer[128];
 
-    if( verbose != 0 )
-        mbedtls_printf( "  Base64 encoding test: " );
+    if (verbose != 0) {
+        mbedtls_printf("  Base64 encoding test: ");
+    }
 
     src = base64_test_dec;
 
-    if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
-         memcmp( base64_test_enc, buffer, 88 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
+        memcmp(base64_test_enc, buffer, 88) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
-        return( 1 );
+        return 1;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  Base64 decoding test: " );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n  Base64 decoding test: ");
+    }
 
     src = base64_test_enc;
 
-    if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
-         memcmp( base64_test_dec, buffer, 64 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
+        memcmp(base64_test_dec, buffer, 64) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
-        return( 1 );
+        return 1;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/bignum.c b/library/bignum.c
index 62eb007..9bc1c2d 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -49,25 +49,25 @@
 
 #include "mbedtls/platform.h"
 
-#define MPI_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
-#define MPI_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
+#define MPI_VALIDATE_RET(cond)                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
+#define MPI_VALIDATE(cond)                                           \
+    MBEDTLS_INTERNAL_VALIDATE(cond)
 
-#define MPI_SIZE_T_MAX  ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+#define MPI_SIZE_T_MAX  ((size_t) -1)   /* SIZE_T_MAX is not standard */
 
 /* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
+static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n)
 {
-    mbedtls_platform_zeroize( v, ciL * n );
+    mbedtls_platform_zeroize(v, ciL * n);
 }
 
 /*
  * Initialize one MPI
  */
-void mbedtls_mpi_init( mbedtls_mpi *X )
+void mbedtls_mpi_init(mbedtls_mpi *X)
 {
-    MPI_VALIDATE( X != NULL );
+    MPI_VALIDATE(X != NULL);
 
     X->s = 1;
     X->n = 0;
@@ -77,15 +77,15 @@
 /*
  * Unallocate one MPI
  */
-void mbedtls_mpi_free( mbedtls_mpi *X )
+void mbedtls_mpi_free(mbedtls_mpi *X)
 {
-    if( X == NULL )
+    if (X == NULL) {
         return;
+    }
 
-    if( X->p != NULL )
-    {
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
+    if (X->p != NULL) {
+        mbedtls_mpi_zeroize(X->p, X->n);
+        mbedtls_free(X->p);
     }
 
     X->s = 1;
@@ -96,93 +96,93 @@
 /*
  * Enlarge to the specified number of limbs
  */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
+int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs)
 {
     mbedtls_mpi_uint *p;
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    if( X->n < nblimbs )
-    {
-        if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
-            return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if (X->n < nblimbs) {
+        if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) {
+            return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+        }
 
-        if( X->p != NULL )
-        {
-            memcpy( p, X->p, X->n * ciL );
-            mbedtls_mpi_zeroize( X->p, X->n );
-            mbedtls_free( X->p );
+        if (X->p != NULL) {
+            memcpy(p, X->p, X->n * ciL);
+            mbedtls_mpi_zeroize(X->p, X->n);
+            mbedtls_free(X->p);
         }
 
         X->n = nblimbs;
         X->p = p;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Resize down as much as possible,
  * while keeping at least the specified number of limbs
  */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
+int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs)
 {
     mbedtls_mpi_uint *p;
     size_t i;
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     /* Actually resize up if there are currently fewer than nblimbs limbs. */
-    if( X->n <= nblimbs )
-        return( mbedtls_mpi_grow( X, nblimbs ) );
+    if (X->n <= nblimbs) {
+        return mbedtls_mpi_grow(X, nblimbs);
+    }
     /* After this point, then X->n > nblimbs and in particular X->n > 0. */
 
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
+    for (i = X->n - 1; i > 0; i--) {
+        if (X->p[i] != 0) {
             break;
+        }
+    }
     i++;
 
-    if( i < nblimbs )
+    if (i < nblimbs) {
         i = nblimbs;
+    }
 
-    if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    if( X->p != NULL )
-    {
-        memcpy( p, X->p, i * ciL );
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
+    if (X->p != NULL) {
+        memcpy(p, X->p, i * ciL);
+        mbedtls_mpi_zeroize(X->p, X->n);
+        mbedtls_free(X->p);
     }
 
     X->n = i;
     X->p = p;
 
-    return( 0 );
+    return 0;
 }
 
 /* Resize X to have exactly n limbs and set it to 0. */
-static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs )
+static int mbedtls_mpi_resize_clear(mbedtls_mpi *X, size_t limbs)
 {
-    if( limbs == 0 )
-    {
-        mbedtls_mpi_free( X );
-        return( 0 );
-    }
-    else if( X->n == limbs )
-    {
-        memset( X->p, 0, limbs * ciL );
+    if (limbs == 0) {
+        mbedtls_mpi_free(X);
+        return 0;
+    } else if (X->n == limbs) {
+        memset(X->p, 0, limbs * ciL);
         X->s = 1;
-        return( 0 );
-    }
-    else
-    {
-        mbedtls_mpi_free( X );
-        return( mbedtls_mpi_grow( X, limbs ) );
+        return 0;
+    } else {
+        mbedtls_mpi_free(X);
+        return mbedtls_mpi_grow(X, limbs);
     }
 }
 
@@ -195,368 +195,374 @@
  * but some code in the bignum module relies on this property, for example
  * in mbedtls_mpi_exp_mod().
  */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     int ret = 0;
     size_t i;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
 
-    if( X == Y )
-        return( 0 );
-
-    if( Y->n == 0 )
-    {
-        if( X->n != 0 )
-        {
-            X->s = 1;
-            memset( X->p, 0, X->n * ciL );
-        }
-        return( 0 );
+    if (X == Y) {
+        return 0;
     }
 
-    for( i = Y->n - 1; i > 0; i-- )
-        if( Y->p[i] != 0 )
+    if (Y->n == 0) {
+        if (X->n != 0) {
+            X->s = 1;
+            memset(X->p, 0, X->n * ciL);
+        }
+        return 0;
+    }
+
+    for (i = Y->n - 1; i > 0; i--) {
+        if (Y->p[i] != 0) {
             break;
+        }
+    }
     i++;
 
     X->s = Y->s;
 
-    if( X->n < i )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
-    }
-    else
-    {
-        memset( X->p + i, 0, ( X->n - i ) * ciL );
+    if (X->n < i) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i));
+    } else {
+        memset(X->p + i, 0, (X->n - i) * ciL);
     }
 
-    memcpy( X->p, Y->p, i * ciL );
+    memcpy(X->p, Y->p, i * ciL);
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Swap the contents of X and Y
  */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
+void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)
 {
     mbedtls_mpi T;
-    MPI_VALIDATE( X != NULL );
-    MPI_VALIDATE( Y != NULL );
+    MPI_VALIDATE(X != NULL);
+    MPI_VALIDATE(Y != NULL);
 
-    memcpy( &T,  X, sizeof( mbedtls_mpi ) );
-    memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
-    memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
+    memcpy(&T,  X, sizeof(mbedtls_mpi));
+    memcpy(X,  Y, sizeof(mbedtls_mpi));
+    memcpy(Y, &T, sizeof(mbedtls_mpi));
 }
 
-static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
+static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z)
 {
-    if( z >= 0 )
-        return( z );
+    if (z >= 0) {
+        return z;
+    }
     /* Take care to handle the most negative value (-2^(biL-1)) correctly.
      * A naive -z would have undefined behavior.
      * Write this in a way that makes popular compilers happy (GCC, Clang,
      * MSVC). */
-    return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
+    return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z;
 }
 
 /*
  * Set value from integer
  */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
+int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
-    memset( X->p, 0, X->n * ciL );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1));
+    memset(X->p, 0, X->n * ciL);
 
-    X->p[0] = mpi_sint_abs( z );
-    X->s    = ( z < 0 ) ? -1 : 1;
+    X->p[0] = mpi_sint_abs(z);
+    X->s    = (z < 0) ? -1 : 1;
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Get a specific bit
  */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
+int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)
 {
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    if( X->n * biL <= pos )
-        return( 0 );
+    if (X->n * biL <= pos) {
+        return 0;
+    }
 
-    return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
+    return (X->p[pos / biL] >> (pos % biL)) & 0x01;
 }
 
 /*
  * Set a bit to a specific value of 0 or 1
  */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
+int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val)
 {
     int ret = 0;
     size_t off = pos / biL;
     size_t idx = pos % biL;
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    if( val != 0 && val != 1 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( X->n * biL <= pos )
-    {
-        if( val == 0 )
-            return( 0 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
+    if (val != 0 && val != 1) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
-    X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
+    if (X->n * biL <= pos) {
+        if (val == 0) {
+            return 0;
+        }
+
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1));
+    }
+
+    X->p[off] &= ~((mbedtls_mpi_uint) 0x01 << idx);
     X->p[off] |= (mbedtls_mpi_uint) val << idx;
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Return the number of less significant zero-bits
  */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
+size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)
 {
     size_t i, j, count = 0;
-    MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
+    MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0);
 
-    for( i = 0; i < X->n; i++ )
-        for( j = 0; j < biL; j++, count++ )
-            if( ( ( X->p[i] >> j ) & 1 ) != 0 )
-                return( count );
+    for (i = 0; i < X->n; i++) {
+        for (j = 0; j < biL; j++, count++) {
+            if (((X->p[i] >> j) & 1) != 0) {
+                return count;
+            }
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Return the number of bits
  */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
+size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X)
 {
-    return( mbedtls_mpi_core_bitlen( X->p, X->n ) );
+    return mbedtls_mpi_core_bitlen(X->p, X->n);
 }
 
 /*
  * Return the total size in bytes
  */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X )
+size_t mbedtls_mpi_size(const mbedtls_mpi *X)
 {
-    return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
+    return (mbedtls_mpi_bitlen(X) + 7) >> 3;
 }
 
 /*
  * Convert an ASCII character to digit value
  */
-static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
+static int mpi_get_digit(mbedtls_mpi_uint *d, int radix, char c)
 {
     *d = 255;
 
-    if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
-    if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
-    if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
+    if (c >= 0x30 && c <= 0x39) {
+        *d = c - 0x30;
+    }
+    if (c >= 0x41 && c <= 0x46) {
+        *d = c - 0x37;
+    }
+    if (c >= 0x61 && c <= 0x66) {
+        *d = c - 0x57;
+    }
 
-    if( *d >= (mbedtls_mpi_uint) radix )
-        return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
+    if (*d >= (mbedtls_mpi_uint) radix) {
+        return MBEDTLS_ERR_MPI_INVALID_CHARACTER;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Import from an ASCII string
  */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
+int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, j, slen, n;
     int sign = 1;
     mbedtls_mpi_uint d;
     mbedtls_mpi T;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( s != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(s != NULL);
 
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T );
-
-    if( s[0] == 0 )
-    {
-        mbedtls_mpi_free( X );
-        return( 0 );
+    if (radix < 2 || radix > 16) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
-    if( s[0] == '-' )
-    {
+    mbedtls_mpi_init(&T);
+
+    if (s[0] == 0) {
+        mbedtls_mpi_free(X);
+        return 0;
+    }
+
+    if (s[0] == '-') {
         ++s;
         sign = -1;
     }
 
-    slen = strlen( s );
+    slen = strlen(s);
 
-    if( radix == 16 )
-    {
-        if( slen > MPI_SIZE_T_MAX >> 2 )
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-        n = BITS_TO_LIMBS( slen << 2 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-        for( i = slen, j = 0; i > 0; i--, j++ )
-        {
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
-            X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
+    if (radix == 16) {
+        if (slen > MPI_SIZE_T_MAX >> 2) {
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
 
-        for( i = 0; i < slen; i++ )
-        {
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
+        n = BITS_TO_LIMBS(slen << 2);
+
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
+
+        for (i = slen, j = 0; i > 0; i--, j++) {
+            MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i - 1]));
+            X->p[j / (2 * ciL)] |= d << ((j % (2 * ciL)) << 2);
+        }
+    } else {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
+
+        for (i = 0; i < slen; i++) {
+            MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i]));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d));
         }
     }
 
-    if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
+    if (sign < 0 && mbedtls_mpi_bitlen(X) != 0) {
         X->s = -1;
+    }
 
 cleanup:
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Helper to write the digits high-order first.
  */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix,
-                          char **p, const size_t buflen )
+static int mpi_write_hlp(mbedtls_mpi *X, int radix,
+                         char **p, const size_t buflen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi_uint r;
     size_t length = 0;
     char *p_end = *p + buflen;
 
-    do
-    {
-        if( length >= buflen )
-        {
-            return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    do {
+        if (length >= buflen) {
+            return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
         }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, radix));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(X, NULL, X, radix));
         /*
          * Write the residue in the current position, as an ASCII character.
          */
-        if( r < 0xA )
-            *(--p_end) = (char)( '0' + r );
-        else
-            *(--p_end) = (char)( 'A' + ( r - 0xA ) );
+        if (r < 0xA) {
+            *(--p_end) = (char) ('0' + r);
+        } else {
+            *(--p_end) = (char) ('A' + (r - 0xA));
+        }
 
         length++;
-    } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
+    } while (mbedtls_mpi_cmp_int(X, 0) != 0);
 
-    memmove( *p, p_end, length );
+    memmove(*p, p_end, length);
     *p += length;
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Export into an ASCII string
  */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen )
+int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix,
+                             char *buf, size_t buflen, size_t *olen)
 {
     int ret = 0;
     size_t n;
     char *p;
     mbedtls_mpi T;
-    MPI_VALIDATE_RET( X    != NULL );
-    MPI_VALIDATE_RET( olen != NULL );
-    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+    MPI_VALIDATE_RET(X    != NULL);
+    MPI_VALIDATE_RET(olen != NULL);
+    MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
 
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (radix < 2 || radix > 16) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
-    if( radix >=  4 ) n >>= 1;   /* Number of 4-adic digits necessary to present
+    n = mbedtls_mpi_bitlen(X);   /* Number of bits necessary to present `n`. */
+    if (radix >=  4) {
+        n >>= 1;                 /* Number of 4-adic digits necessary to present
                                   * `n`. If radix > 4, this might be a strict
                                   * overapproximation of the number of
                                   * radix-adic digits needed to present `n`. */
-    if( radix >= 16 ) n >>= 1;   /* Number of hexadecimal digits necessary to
+    }
+    if (radix >= 16) {
+        n >>= 1;                 /* Number of hexadecimal digits necessary to
                                   * present `n`. */
 
+    }
     n += 1; /* Terminating null byte */
     n += 1; /* Compensate for the divisions above, which round down `n`
              * in case it's not even. */
     n += 1; /* Potential '-'-sign. */
-    n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
+    n += (n & 1);   /* Make n even to have enough space for hexadecimal writing,
                      * which always uses an even number of hex-digits. */
 
-    if( buflen < n )
-    {
+    if (buflen < n) {
         *olen = n;
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
     }
 
     p = buf;
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
-    if( X->s == -1 )
-    {
+    if (X->s == -1) {
         *p++ = '-';
         buflen--;
     }
 
-    if( radix == 16 )
-    {
+    if (radix == 16) {
         int c;
         size_t i, j, k;
 
-        for( i = X->n, k = 0; i > 0; i-- )
-        {
-            for( j = ciL; j > 0; j-- )
-            {
-                c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
+        for (i = X->n, k = 0; i > 0; i--) {
+            for (j = ciL; j > 0; j--) {
+                c = (X->p[i - 1] >> ((j - 1) << 3)) & 0xFF;
 
-                if( c == 0 && k == 0 && ( i + j ) != 2 )
+                if (c == 0 && k == 0 && (i + j) != 2) {
                     continue;
+                }
 
                 *(p++) = "0123456789ABCDEF" [c / 16];
                 *(p++) = "0123456789ABCDEF" [c % 16];
                 k = 1;
             }
         }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
+    } else {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T, X));
 
-        if( T.s == -1 )
+        if (T.s == -1) {
             T.s = 1;
+        }
 
-        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
+        MBEDTLS_MPI_CHK(mpi_write_hlp(&T, radix, &p, buflen));
     }
 
     *p++ = '\0';
@@ -564,16 +570,16 @@
 
 cleanup:
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_FS_IO)
 /*
  * Read X from an opened file
  */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
+int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin)
 {
     mbedtls_mpi_uint d;
     size_t slen;
@@ -582,37 +588,46 @@
      * Buffer should have space for (short) label and decimal formatted MPI,
      * newline characters and '\0'
      */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+    char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
 
-    MPI_VALIDATE_RET( X   != NULL );
-    MPI_VALIDATE_RET( fin != NULL );
+    MPI_VALIDATE_RET(X   != NULL);
+    MPI_VALIDATE_RET(fin != NULL);
 
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (radix < 2 || radix > 16) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    memset( s, 0, sizeof( s ) );
-    if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
-        return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+    memset(s, 0, sizeof(s));
+    if (fgets(s, sizeof(s) - 1, fin) == NULL) {
+        return MBEDTLS_ERR_MPI_FILE_IO_ERROR;
+    }
 
-    slen = strlen( s );
-    if( slen == sizeof( s ) - 2 )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    slen = strlen(s);
+    if (slen == sizeof(s) - 2) {
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+    }
 
-    if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
-    if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
+    if (slen > 0 && s[slen - 1] == '\n') {
+        slen--; s[slen] = '\0';
+    }
+    if (slen > 0 && s[slen - 1] == '\r') {
+        slen--; s[slen] = '\0';
+    }
 
     p = s + slen;
-    while( p-- > s )
-        if( mpi_get_digit( &d, radix, *p ) != 0 )
+    while (p-- > s) {
+        if (mpi_get_digit(&d, radix, *p) != 0) {
             break;
+        }
+    }
 
-    return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
+    return mbedtls_mpi_read_string(X, radix, p + 1);
 }
 
 /*
  * Write X into an opened file (or stdout if fout == NULL)
  */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
+int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE *fout)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n, slen, plen;
@@ -620,35 +635,38 @@
      * Buffer should have space for (short) label and decimal formatted MPI,
      * newline characters and '\0'
      */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-    MPI_VALIDATE_RET( X != NULL );
+    char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
+    MPI_VALIDATE_RET(X != NULL);
 
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (radix < 2 || radix > 16) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    memset( s, 0, sizeof( s ) );
+    memset(s, 0, sizeof(s));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n));
 
-    if( p == NULL ) p = "";
+    if (p == NULL) {
+        p = "";
+    }
 
-    plen = strlen( p );
-    slen = strlen( s );
+    plen = strlen(p);
+    slen = strlen(s);
     s[slen++] = '\r';
     s[slen++] = '\n';
 
-    if( fout != NULL )
-    {
-        if( fwrite( p, 1, plen, fout ) != plen ||
-            fwrite( s, 1, slen, fout ) != slen )
-            return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+    if (fout != NULL) {
+        if (fwrite(p, 1, plen, fout) != plen ||
+            fwrite(s, 1, slen, fout) != slen) {
+            return MBEDTLS_ERR_MPI_FILE_IO_ERROR;
+        }
+    } else {
+        mbedtls_printf("%s%s", p, s);
     }
-    else
-        mbedtls_printf( "%s%s", p, s );
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -658,16 +676,16 @@
  * This function is guaranteed to return an MPI with exactly the necessary
  * number of limbs (in particular, it does not skip 0s in the input).
  */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
-                                const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
+                               const unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const size_t limbs = CHARS_TO_LIMBS( buflen );
+    const size_t limbs = CHARS_TO_LIMBS(buflen);
 
     /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_core_read_le( X->p, X->n, buf, buflen ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_le(X->p, X->n, buf, buflen));
 
 cleanup:
 
@@ -676,7 +694,7 @@
      * upon failure is not necessary because failure only can happen before any
      * input is copied.
      */
-    return( ret );
+    return ret;
 }
 
 /*
@@ -685,18 +703,18 @@
  * This function is guaranteed to return an MPI with exactly the necessary
  * number of limbs (in particular, it does not skip 0s in the input).
  */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const size_t limbs = CHARS_TO_LIMBS( buflen );
+    const size_t limbs = CHARS_TO_LIMBS(buflen);
 
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
 
     /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_core_read_be( X->p, X->n, buf, buflen ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_be(X->p, X->n, buf, buflen));
 
 cleanup:
 
@@ -705,66 +723,66 @@
      * upon failure is not necessary because failure only can happen before any
      * input is copied.
      */
-    return( ret );
+    return ret;
 }
 
 /*
  * Export X into unsigned binary data, little endian
  */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
-                                 unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
+                                unsigned char *buf, size_t buflen)
 {
-    return( mbedtls_mpi_core_write_le( X->p, X->n, buf, buflen ) );
+    return mbedtls_mpi_core_write_le(X->p, X->n, buf, buflen);
 }
 
 /*
  * Export X into unsigned binary data, big endian
  */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
-                              unsigned char *buf, size_t buflen )
+int mbedtls_mpi_write_binary(const mbedtls_mpi *X,
+                             unsigned char *buf, size_t buflen)
 {
-    return( mbedtls_mpi_core_write_be( X->p, X->n, buf, buflen ) );
+    return mbedtls_mpi_core_write_be(X->p, X->n, buf, buflen);
 }
 
 /*
  * Left-shift: X <<= count
  */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
+int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, v0, t1;
     mbedtls_mpi_uint r0 = 0, r1;
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    v0 = count / (biL    );
+    v0 = count / (biL);
     t1 = count & (biL - 1);
 
-    i = mbedtls_mpi_bitlen( X ) + count;
+    i = mbedtls_mpi_bitlen(X) + count;
 
-    if( X->n * biL < i )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
+    if (X->n * biL < i) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i)));
+    }
 
     ret = 0;
 
     /*
      * shift by count / limb_size
      */
-    if( v0 > 0 )
-    {
-        for( i = X->n; i > v0; i-- )
+    if (v0 > 0) {
+        for (i = X->n; i > v0; i--) {
             X->p[i - 1] = X->p[i - v0 - 1];
+        }
 
-        for( ; i > 0; i-- )
+        for (; i > 0; i--) {
             X->p[i - 1] = 0;
+        }
     }
 
     /*
      * shift by count % limb_size
      */
-    if( t1 > 0 )
-    {
-        for( i = v0; i < X->n; i++ )
-        {
+    if (t1 > 0) {
+        for (i = v0; i < X->n; i++) {
             r1 = X->p[i] >> (biL - t1);
             X->p[i] <<= t1;
             X->p[i] |= r0;
@@ -774,206 +792,237 @@
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Right-shift: X >>= count
  */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
+int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)
 {
-    MPI_VALIDATE_RET( X != NULL );
-    if( X->n != 0 )
-        mbedtls_mpi_core_shift_r( X->p, X->n, count );
-    return( 0 );
+    MPI_VALIDATE_RET(X != NULL);
+    if (X->n != 0) {
+        mbedtls_mpi_core_shift_r(X->p, X->n, count);
+    }
+    return 0;
 }
 
 /*
  * Compare unsigned values
  */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     size_t i, j;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
 
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
+    for (i = X->n; i > 0; i--) {
+        if (X->p[i - 1] != 0) {
             break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  1 );
-    if( j > i ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  1 );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
+        }
     }
 
-    return( 0 );
+    for (j = Y->n; j > 0; j--) {
+        if (Y->p[j - 1] != 0) {
+            break;
+        }
+    }
+
+    if (i == 0 && j == 0) {
+        return 0;
+    }
+
+    if (i > j) {
+        return 1;
+    }
+    if (j > i) {
+        return -1;
+    }
+
+    for (; i > 0; i--) {
+        if (X->p[i - 1] > Y->p[i - 1]) {
+            return 1;
+        }
+        if (X->p[i - 1] < Y->p[i - 1]) {
+            return -1;
+        }
+    }
+
+    return 0;
 }
 
 /*
  * Compare signed values
  */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     size_t i, j;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
 
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
+    for (i = X->n; i > 0; i--) {
+        if (X->p[i - 1] != 0) {
             break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  X->s );
-    if( j > i ) return( -Y->s );
-
-    if( X->s > 0 && Y->s < 0 ) return(  1 );
-    if( Y->s > 0 && X->s < 0 ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  X->s );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
+        }
     }
 
-    return( 0 );
+    for (j = Y->n; j > 0; j--) {
+        if (Y->p[j - 1] != 0) {
+            break;
+        }
+    }
+
+    if (i == 0 && j == 0) {
+        return 0;
+    }
+
+    if (i > j) {
+        return X->s;
+    }
+    if (j > i) {
+        return -Y->s;
+    }
+
+    if (X->s > 0 && Y->s < 0) {
+        return 1;
+    }
+    if (Y->s > 0 && X->s < 0) {
+        return -1;
+    }
+
+    for (; i > 0; i--) {
+        if (X->p[i - 1] > Y->p[i - 1]) {
+            return X->s;
+        }
+        if (X->p[i - 1] < Y->p[i - 1]) {
+            return -X->s;
+        }
+    }
+
+    return 0;
 }
 
 /*
  * Compare signed values
  */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
+int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)
 {
     mbedtls_mpi Y;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
+    MPI_VALIDATE_RET(X != NULL);
 
-    *p  = mpi_sint_abs( z );
-    Y.s = ( z < 0 ) ? -1 : 1;
+    *p  = mpi_sint_abs(z);
+    Y.s = (z < 0) ? -1 : 1;
     Y.n = 1;
     Y.p = p;
 
-    return( mbedtls_mpi_cmp_mpi( X, &Y ) );
+    return mbedtls_mpi_cmp_mpi(X, &Y);
 }
 
 /*
  * Unsigned addition: X = |A| + |B|  (HAC 14.7)
  */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t j;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    if( X == B )
-    {
+    if (X == B) {
         const mbedtls_mpi *T = A; A = X; B = T;
     }
 
-    if( X != A )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
+    if (X != A) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A));
+    }
 
     /*
      * X must always be positive as a result of unsigned additions.
      */
     X->s = 1;
 
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
+    for (j = B->n; j > 0; j--) {
+        if (B->p[j - 1] != 0) {
             break;
+        }
+    }
 
     /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
      * and B is 0 (of any size). */
-    if( j == 0 )
-        return( 0 );
+    if (j == 0) {
+        return 0;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j));
 
     /* j is the number of non-zero limbs of B. Add those to X. */
 
     mbedtls_mpi_uint *p = X->p;
 
-    mbedtls_mpi_uint c = mbedtls_mpi_core_add( p, p, B->p, j );
+    mbedtls_mpi_uint c = mbedtls_mpi_core_add(p, p, B->p, j);
 
     p += j;
 
     /* Now propagate any carry */
 
-    while( c != 0 )
-    {
-        if( j >= X->n )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j + 1 ) );
+    while (c != 0) {
+        if (j >= X->n) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j + 1));
             p = X->p + j;
         }
 
-        *p += c; c = ( *p < c ); j++; p++;
+        *p += c; c = (*p < c); j++; p++;
     }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Unsigned subtraction: X = |A| - |B|  (HAC 14.9, 14.10)
  */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     mbedtls_mpi_uint carry;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    for( n = B->n; n > 0; n-- )
-        if( B->p[n - 1] != 0 )
+    for (n = B->n; n > 0; n--) {
+        if (B->p[n - 1] != 0) {
             break;
-    if( n > A->n )
-    {
+        }
+    }
+    if (n > A->n) {
         /* B >= (2^ciL)^n > A */
         ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n));
 
     /* Set the high limbs of X to match A. Don't touch the lower limbs
      * because X might be aliased to B, and we must not overwrite the
      * significant digits of B. */
-    if( A->n > n )
-        memcpy( X->p + n, A->p + n, ( A->n - n ) * ciL );
-    if( X->n > A->n )
-        memset( X->p + A->n, 0, ( X->n - A->n ) * ciL );
+    if (A->n > n) {
+        memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
+    }
+    if (X->n > A->n) {
+        memset(X->p + A->n, 0, (X->n - A->n) * ciL);
+    }
 
-    carry = mbedtls_mpi_core_sub( X->p, A->p, B->p, n );
-    if( carry != 0 )
-    {
+    carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n);
+    if (carry != 0) {
         /* Propagate the carry through the rest of X. */
-        carry = mbedtls_mpi_core_sub_int( X->p + n, X->p + n, carry, X->n - n );
+        carry = mbedtls_mpi_core_sub_int(X->p + n, X->p + n, carry, X->n - n);
 
         /* If we have further carry/borrow, the result is negative. */
-        if( carry != 0 )
-        {
+        if (carry != 0) {
             ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
             goto cleanup;
         }
@@ -983,176 +1032,182 @@
     X->s = 1;
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /* Common function for signed addition and subtraction.
  * Calculate A + B * flip_B where flip_B is 1 or -1.
  */
-static int add_sub_mpi( mbedtls_mpi *X,
-                        const mbedtls_mpi *A, const mbedtls_mpi *B,
-                        int flip_B )
+static int add_sub_mpi(mbedtls_mpi *X,
+                       const mbedtls_mpi *A, const mbedtls_mpi *B,
+                       int flip_B)
 {
     int ret, s;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
     s = A->s;
-    if( A->s * B->s * flip_B < 0 )
-    {
-        int cmp = mbedtls_mpi_cmp_abs( A, B );
-        if( cmp >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
+    if (A->s * B->s * flip_B < 0) {
+        int cmp = mbedtls_mpi_cmp_abs(A, B);
+        if (cmp >= 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B));
             /* If |A| = |B|, the result is 0 and we must set the sign bit
              * to +1 regardless of which of A or B was negative. Otherwise,
              * since |A| > |B|, the sign is the sign of A. */
             X->s = cmp == 0 ? 1 : s;
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
+        } else {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A));
             /* Since |A| < |B|, the sign is the opposite of A. */
             X->s = -s;
         }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
+    } else {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B));
         X->s = s;
     }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Signed addition: X = A + B
  */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
-    return( add_sub_mpi( X, A, B, 1 ) );
+    return add_sub_mpi(X, A, B, 1);
 }
 
 /*
  * Signed subtraction: X = A - B
  */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
-    return( add_sub_mpi( X, A, B, -1 ) );
+    return add_sub_mpi(X, A, B, -1);
 }
 
 /*
  * Signed addition: X = A + b
  */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
 
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
+    p[0] = mpi_sint_abs(b);
+    B.s = (b < 0) ? -1 : 1;
     B.n = 1;
     B.p = p;
 
-    return( mbedtls_mpi_add_mpi( X, A, &B ) );
+    return mbedtls_mpi_add_mpi(X, A, &B);
 }
 
 /*
  * Signed subtraction: X = A - b
  */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
 
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
+    p[0] = mpi_sint_abs(b);
+    B.s = (b < 0) ? -1 : 1;
     B.n = 1;
     B.p = p;
 
-    return( mbedtls_mpi_sub_mpi( X, A, &B ) );
+    return mbedtls_mpi_sub_mpi(X, A, &B);
 }
 
 /*
  * Baseline multiplication: X = A * B  (HAC 14.12)
  */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, j;
     mbedtls_mpi TA, TB;
     int result_is_zero = 0;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+    mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB);
 
-    if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
-    if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
+    if (X == A) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA;
+    }
+    if (X == B) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB;
+    }
 
-    for( i = A->n; i > 0; i-- )
-        if( A->p[i - 1] != 0 )
+    for (i = A->n; i > 0; i--) {
+        if (A->p[i - 1] != 0) {
             break;
-    if( i == 0 )
+        }
+    }
+    if (i == 0) {
         result_is_zero = 1;
+    }
 
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
+    for (j = B->n; j > 0; j--) {
+        if (B->p[j - 1] != 0) {
             break;
-    if( j == 0 )
+        }
+    }
+    if (j == 0) {
         result_is_zero = 1;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0));
 
-    for( size_t k = 0; k < j; k++ )
-    {
+    for (size_t k = 0; k < j; k++) {
         /* We know that there cannot be any carry-out since we're
          * iterating from bottom to top. */
-        (void) mbedtls_mpi_core_mla( X->p + k, i + 1,
-                                     A->p, i,
-                                     B->p[k] );
+        (void) mbedtls_mpi_core_mla(X->p + k, i + 1,
+                                    A->p, i,
+                                    B->p[k]);
     }
 
     /* If the result is 0, we don't shortcut the operation, which reduces
      * but does not eliminate side channels leaking the zero-ness. We do
      * need to take care to set the sign bit properly since the library does
      * not fully support an MPI object with a value of 0 and s == -1. */
-    if( result_is_zero )
+    if (result_is_zero) {
         X->s = 1;
-    else
+    } else {
         X->s = A->s * B->s;
+    }
 
 cleanup:
 
-    mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
+    mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Baseline multiplication: X = A * b
  */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
+int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b)
 {
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
 
     size_t n = A->n;
-    while( n > 0 && A->p[n - 1] == 0 )
+    while (n > 0 && A->p[n - 1] == 0) {
         --n;
+    }
 
     /* The general method below doesn't work if b==0. */
-    if( b == 0 || n == 0 )
-        return( mbedtls_mpi_lset( X, 0 ) );
+    if (b == 0 || n == 0) {
+        return mbedtls_mpi_lset(X, 0);
+    }
 
     /* Calculate A*b as A + A*(b-1) to take advantage of mbedtls_mpi_core_mla */
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1167,26 +1222,28 @@
      *
      * Note that calculating A*b as 0 + A*b doesn't work as-is because
      * A,X can be the same. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-    mbedtls_mpi_core_mla( X->p, X->n, A->p, n, b - 1 );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A));
+    mbedtls_mpi_core_mla(X->p, X->n, A->p, n, b - 1);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
  * mbedtls_mpi_uint divisor, d
  */
-static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
-            mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
+static mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1,
+                                            mbedtls_mpi_uint u0,
+                                            mbedtls_mpi_uint d,
+                                            mbedtls_mpi_uint *r)
 {
 #if defined(MBEDTLS_HAVE_UDBL)
     mbedtls_t_udbl dividend, quotient;
 #else
     const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
-    const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
+    const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1;
     mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
     mbedtls_mpi_uint u0_msw, u0_lsw;
     size_t s;
@@ -1195,22 +1252,25 @@
     /*
      * Check for overflow
      */
-    if( 0 == d || u1 >= d )
-    {
-        if (r != NULL) *r = ~(mbedtls_mpi_uint)0u;
+    if (0 == d || u1 >= d) {
+        if (r != NULL) {
+            *r = ~(mbedtls_mpi_uint) 0u;
+        }
 
-        return ( ~(mbedtls_mpi_uint)0u );
+        return ~(mbedtls_mpi_uint) 0u;
     }
 
 #if defined(MBEDTLS_HAVE_UDBL)
     dividend  = (mbedtls_t_udbl) u1 << biL;
     dividend |= (mbedtls_t_udbl) u0;
     quotient = dividend / d;
-    if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
-        quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
+    if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) {
+        quotient = ((mbedtls_t_udbl) 1 << biL) - 1;
+    }
 
-    if( r != NULL )
-        *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
+    if (r != NULL) {
+        *r = (mbedtls_mpi_uint) (dividend - (quotient * d));
+    }
 
     return (mbedtls_mpi_uint) quotient;
 #else
@@ -1223,11 +1283,11 @@
     /*
      * Normalize the divisor, d, and dividend, u0, u1
      */
-    s = mbedtls_mpi_core_clz( d );
+    s = mbedtls_mpi_core_clz(d);
     d = d << s;
 
     u1 = u1 << s;
-    u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
+    u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint) s >> (biL - 1));
     u0 =  u0 << s;
 
     d1 = d >> biH;
@@ -1242,28 +1302,31 @@
     q1 = u1 / d1;
     r0 = u1 - d1 * q1;
 
-    while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
-    {
+    while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) {
         q1 -= 1;
         r0 += d1;
 
-        if ( r0 >= radix ) break;
+        if (r0 >= radix) {
+            break;
+        }
     }
 
-    rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
+    rAX = (u1 * radix) + (u0_msw - q1 * d);
     q0 = rAX / d1;
     r0 = rAX - q0 * d1;
 
-    while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
-    {
+    while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) {
         q0 -= 1;
         r0 += d1;
 
-        if ( r0 >= radix ) break;
+        if (r0 >= radix) {
+            break;
+        }
     }
 
-    if (r != NULL)
-        *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
+    if (r != NULL) {
+        *r = (rAX * radix + u0_lsw - q0 * d) >> s;
+    }
 
     quotient = q1 * radix + q0;
 
@@ -1274,21 +1337,22 @@
 /*
  * Division by mbedtls_mpi: A = Q * B + R  (HAC 14.20)
  */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B )
+int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
+                        const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, n, t, k;
     mbedtls_mpi X, Y, Z, T1, T2;
     mbedtls_mpi_uint TP2[3];
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+    if (mbedtls_mpi_cmp_int(B, 0) == 0) {
+        return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
+    }
 
-    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-    mbedtls_mpi_init( &T1 );
+    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
+    mbedtls_mpi_init(&T1);
     /*
      * Avoid dynamic memory allocations for constant-size T2.
      *
@@ -1297,196 +1361,194 @@
      * buffer.
      */
     T2.s = 1;
-    T2.n = sizeof( TP2 ) / sizeof( *TP2 );
+    T2.n = sizeof(TP2) / sizeof(*TP2);
     T2.p = TP2;
 
-    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
-    {
-        if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
-        if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
-        return( 0 );
+    if (mbedtls_mpi_cmp_abs(A, B) < 0) {
+        if (Q != NULL) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0));
+        }
+        if (R != NULL) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A));
+        }
+        return 0;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B));
     X.s = Y.s = 1;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z,  0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, A->n + 2 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z,  0));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2));
 
-    k = mbedtls_mpi_bitlen( &Y ) % biL;
-    if( k < biL - 1 )
-    {
+    k = mbedtls_mpi_bitlen(&Y) % biL;
+    if (k < biL - 1) {
         k = biL - 1 - k;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k));
+    } else {
+        k = 0;
     }
-    else k = 0;
 
     n = X.n - 1;
     t = Y.n - 1;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t)));
 
-    while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
-    {
+    while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) {
         Z.p[n - t]++;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y));
     }
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t)));
 
-    for( i = n; i > t ; i-- )
-    {
-        if( X.p[i] >= Y.p[t] )
-            Z.p[i - t - 1] = ~(mbedtls_mpi_uint)0u;
-        else
-        {
-            Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
-                                                            Y.p[t], NULL);
+    for (i = n; i > t; i--) {
+        if (X.p[i] >= Y.p[t]) {
+            Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u;
+        } else {
+            Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1],
+                                                 Y.p[t], NULL);
         }
 
-        T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
-        T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
+        T2.p[0] = (i < 2) ? 0 : X.p[i - 2];
+        T2.p[1] = (i < 1) ? 0 : X.p[i - 1];
         T2.p[2] = X.p[i];
 
         Z.p[i - t - 1]++;
-        do
-        {
+        do {
             Z.p[i - t - 1]--;
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
-            T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
+            MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0));
+            T1.p[0] = (t < 1) ? 0 : Y.p[t - 1];
             T1.p[1] = Y.p[t];
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-        }
-        while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1]));
+        } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0);
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1,  biL * ( i - t - 1 ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1]));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1,  biL * (i - t - 1)));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1));
 
-        if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
+        if (mbedtls_mpi_cmp_int(&X, 0) < 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1)));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1));
             Z.p[i - t - 1]--;
         }
     }
 
-    if( Q != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
+    if (Q != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z));
         Q->s = A->s * B->s;
     }
 
-    if( R != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
+    if (R != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k));
         X.s = A->s;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X));
 
-        if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
+        if (mbedtls_mpi_cmp_int(R, 0) == 0) {
             R->s = 1;
+        }
     }
 
 cleanup:
 
-    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-    mbedtls_mpi_free( &T1 );
-    mbedtls_platform_zeroize( TP2, sizeof( TP2 ) );
+    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
+    mbedtls_mpi_free(&T1);
+    mbedtls_platform_zeroize(TP2, sizeof(TP2));
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Division by int: A = Q * b + R
  */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
-                         const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b )
+int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_sint b)
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET(A != NULL);
 
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
+    p[0] = mpi_sint_abs(b);
+    B.s = (b < 0) ? -1 : 1;
     B.n = 1;
     B.p = p;
 
-    return( mbedtls_mpi_div_mpi( Q, R, A, &B ) );
+    return mbedtls_mpi_div_mpi(Q, R, A, &B);
 }
 
 /*
  * Modulo: R = A mod B
  */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET( R != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(R != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+    if (mbedtls_mpi_cmp_int(B, 0) < 0) {
+        return MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B));
 
-    while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
+    while (mbedtls_mpi_cmp_int(R, 0) < 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B));
+    }
 
-    while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
+    while (mbedtls_mpi_cmp_mpi(R, B) >= 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B));
+    }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Modulo: r = A mod b
  */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b)
 {
     size_t i;
     mbedtls_mpi_uint x, y, z;
-    MPI_VALIDATE_RET( r != NULL );
-    MPI_VALIDATE_RET( A != NULL );
+    MPI_VALIDATE_RET(r != NULL);
+    MPI_VALIDATE_RET(A != NULL);
 
-    if( b == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+    if (b == 0) {
+        return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
+    }
 
-    if( b < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+    if (b < 0) {
+        return MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
+    }
 
     /*
      * handle trivial cases
      */
-    if( b == 1 || A->n == 0 )
-    {
+    if (b == 1 || A->n == 0) {
         *r = 0;
-        return( 0 );
+        return 0;
     }
 
-    if( b == 2 )
-    {
+    if (b == 2) {
         *r = A->p[0] & 1;
-        return( 0 );
+        return 0;
     }
 
     /*
      * general case
      */
-    for( i = A->n, y = 0; i > 0; i-- )
-    {
+    for (i = A->n, y = 0; i > 0; i--) {
         x  = A->p[i - 1];
-        y  = ( y << biH ) | ( x >> biH );
+        y  = (y << biH) | (x >> biH);
         z  = y / b;
         y -= z * b;
 
         x <<= biH;
-        y  = ( y << biH ) | ( x >> biH );
+        y  = (y << biH) | (x >> biH);
         z  = y / b;
         y -= z * b;
     }
@@ -1495,17 +1557,18 @@
      * If A is negative, then the current y represents a negative value.
      * Flipping it to the positive side.
      */
-    if( A->s < 0 && y != 0 )
+    if (A->s < 0 && y != 0) {
         y = b - y;
+    }
 
     *r = y;
 
-    return( 0 );
+    return 0;
 }
 
-static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
+static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N)
 {
-    *mm = mbedtls_mpi_core_montmul_init( N->p );
+    *mm = mbedtls_mpi_core_montmul_init(N->p);
 }
 
 /** Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
@@ -1529,11 +1592,11 @@
  *                      its final content is indeterminate.
  *                      It does not get reallocated.
  */
-static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B,
-                         const mbedtls_mpi *N, mbedtls_mpi_uint mm,
-                         mbedtls_mpi *T )
+static void mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B,
+                        const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+                        mbedtls_mpi *T)
 {
-    mbedtls_mpi_core_montmul( A->p, A->p, B->p, B->n, N->p, N->n, mm, T->p );
+    mbedtls_mpi_core_montmul(A->p, A->p, B->p, B->n, N->p, N->n, mm, T->p);
 }
 
 /*
@@ -1541,8 +1604,8 @@
  *
  * See mpi_montmul() regarding constraints and guarantees on the parameters.
  */
-static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
-                         mbedtls_mpi_uint mm, mbedtls_mpi *T )
+static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N,
+                        mbedtls_mpi_uint mm, mbedtls_mpi *T)
 {
     mbedtls_mpi_uint z = 1;
     mbedtls_mpi U;
@@ -1550,7 +1613,7 @@
     U.n = U.s = (int) z;
     U.p = &z;
 
-    mpi_montmul( A, &U, N, mm, T );
+    mpi_montmul(A, &U, N, mm, T);
 }
 
 /**
@@ -1568,67 +1631,71 @@
  *
  * \return \c 0 on success, or a negative error code.
  */
-static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
+static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    for( size_t i = 0; i < T_size; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
-                        (unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) );
+    for (size_t i = 0; i < T_size; i++) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i],
+                                                     (unsigned char) mbedtls_ct_size_bool_eq(i,
+                                                                                             idx)));
     }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
  */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *E, const mbedtls_mpi *N,
-                         mbedtls_mpi *prec_RR )
+int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
+                        const mbedtls_mpi *E, const mbedtls_mpi *N,
+                        mbedtls_mpi *prec_RR)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t window_bitsize;
     size_t i, j, nblimbs;
     size_t bufsize, nbits;
     mbedtls_mpi_uint ei, mm, state;
-    mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
+    mbedtls_mpi RR, T, W[(size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE], WW, Apos;
     int neg;
 
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( E != NULL );
-    MPI_VALIDATE_RET( N != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(E != NULL);
+    MPI_VALIDATE_RET(N != NULL);
 
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(E, 0) < 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
-        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
-        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS ||
+        mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /*
      * Init temps and window size
      */
-    mpi_montg_init( &mm, N );
-    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
-    mbedtls_mpi_init( &Apos );
-    mbedtls_mpi_init( &WW );
-    memset( W, 0, sizeof( W ) );
+    mpi_montg_init(&mm, N);
+    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&T);
+    mbedtls_mpi_init(&Apos);
+    mbedtls_mpi_init(&WW);
+    memset(W, 0, sizeof(W));
 
-    i = mbedtls_mpi_bitlen( E );
+    i = mbedtls_mpi_bitlen(E);
 
-    window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
-            ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
+    window_bitsize = (i > 671) ? 6 : (i > 239) ? 5 :
+                     (i >  79) ? 4 : (i >  23) ? 3 : 1;
 
-#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
-    if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
+#if (MBEDTLS_MPI_WINDOW_SIZE < 6)
+    if (window_bitsize > MBEDTLS_MPI_WINDOW_SIZE) {
         window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
+    }
 #endif
 
     const size_t w_table_used_size = (size_t) 1 << window_bitsize;
@@ -1666,8 +1733,8 @@
      * calculation from this point on.
      */
     const size_t x_index = 0;
-    mbedtls_mpi_init( &W[x_index] );
-    mbedtls_mpi_copy( &W[x_index], X );
+    mbedtls_mpi_init(&W[x_index]);
+    mbedtls_mpi_copy(&W[x_index], X);
 
     j = N->n + 1;
     /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
@@ -1675,17 +1742,16 @@
      * large enough, and later we'll grow other W[i] to the same length.
      * They must not be shrunk midway through this function!
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1],  j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1],  j));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2));
 
     /*
      * Compensate for negative A (and correct at the end)
      */
-    neg = ( A->s == -1 );
-    if( neg )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
+    neg = (A->s == -1);
+    if (neg) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A));
         Apos.s = 1;
         A = &Apos;
     }
@@ -1693,45 +1759,43 @@
     /*
      * If 1st call, pre-compute R^2 mod N
      */
-    if( prec_RR == NULL || prec_RR->p == NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
+    if (prec_RR == NULL || prec_RR->p == NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N));
 
-        if( prec_RR != NULL )
-            memcpy( prec_RR, &RR, sizeof( mbedtls_mpi ) );
+        if (prec_RR != NULL) {
+            memcpy(prec_RR, &RR, sizeof(mbedtls_mpi));
+        }
+    } else {
+        memcpy(&RR, prec_RR, sizeof(mbedtls_mpi));
     }
-    else
-        memcpy( &RR, prec_RR, sizeof( mbedtls_mpi ) );
 
     /*
      * W[1] = A * R^2 * R^-1 mod N = A * R mod N
      */
-    if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
+    if (mbedtls_mpi_cmp_mpi(A, N) >= 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N));
         /* This should be a no-op because W[1] is already that large before
          * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow
          * in mpi_montmul() below, so let's make sure. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], N->n + 1));
+    } else {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A));
     }
-    else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
 
     /* Note that this is safe because W[1] always has at least N->n limbs
      * (it grew above and was preserved by mbedtls_mpi_copy()). */
-    mpi_montmul( &W[1], &RR, N, mm, &T );
+    mpi_montmul(&W[1], &RR, N, mm, &T);
 
     /*
      * W[x_index] = R^2 * R^-1 mod N = R mod N
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) );
-    mpi_montred( &W[x_index], N, mm, &T );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], &RR));
+    mpi_montred(&W[x_index], N, mm, &T);
 
 
-    if( window_bitsize > 1 )
-    {
+    if (window_bitsize > 1) {
         /*
          * W[i] = W[1] ^ i
          *
@@ -1744,21 +1808,21 @@
          */
         j = w_table_used_size / 2;
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1]    ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1]));
 
-        for( i = 0; i < window_bitsize - 1; i++ )
-            mpi_montmul( &W[j], &W[j], N, mm, &T );
+        for (i = 0; i < window_bitsize - 1; i++) {
+            mpi_montmul(&W[j], &W[j], N, mm, &T);
+        }
 
         /*
          * W[i] = W[i - 1] * W[1]
          */
-        for( i = j + 1; i < w_table_used_size; i++ )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
+        for (i = j + 1; i < w_table_used_size; i++) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1]));
 
-            mpi_montmul( &W[i], &W[1], N, mm, &T );
+            mpi_montmul(&W[i], &W[1], N, mm, &T);
         }
     }
 
@@ -1768,16 +1832,15 @@
     size_t exponent_bits_in_window = 0;
     state   = 0;
 
-    while( 1 )
-    {
-        if( bufsize == 0 )
-        {
-            if( nblimbs == 0 )
+    while (1) {
+        if (bufsize == 0) {
+            if (nblimbs == 0) {
                 break;
+            }
 
             nblimbs--;
 
-            bufsize = sizeof( mbedtls_mpi_uint ) << 3;
+            bufsize = sizeof(mbedtls_mpi_uint) << 3;
         }
 
         bufsize--;
@@ -1787,16 +1850,16 @@
         /*
          * skip leading 0s
          */
-        if( ei == 0 && state == 0 )
+        if (ei == 0 && state == 0) {
             continue;
+        }
 
-        if( ei == 0 && state == 1 )
-        {
+        if (ei == 0 && state == 1) {
             /*
              * out of window, square W[x_index]
              */
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
+            MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index));
+            mpi_montmul(&W[x_index], &WW, N, mm, &T);
             continue;
         }
 
@@ -1806,26 +1869,24 @@
         state = 2;
 
         nbits++;
-        exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) );
+        exponent_bits_in_window |= (ei << (window_bitsize - nbits));
 
-        if( nbits == window_bitsize )
-        {
+        if (nbits == window_bitsize) {
             /*
              * W[x_index] = W[x_index]^window_bitsize R^-1 mod N
              */
-            for( i = 0; i < window_bitsize; i++ )
-            {
-                MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
-                                             x_index ) );
-                mpi_montmul( &W[x_index], &WW, N, mm, &T );
+            for (i = 0; i < window_bitsize; i++) {
+                MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size,
+                                           x_index));
+                mpi_montmul(&W[x_index], &WW, N, mm, &T);
             }
 
             /*
              * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N
              */
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
-                                         exponent_bits_in_window ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
+            MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size,
+                                       exponent_bits_in_window));
+            mpi_montmul(&W[x_index], &WW, N, mm, &T);
 
             state--;
             nbits = 0;
@@ -1836,88 +1897,87 @@
     /*
      * process the remaining bits
      */
-    for( i = 0; i < nbits; i++ )
-    {
-        MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
-        mpi_montmul( &W[x_index], &WW, N, mm, &T );
+    for (i = 0; i < nbits; i++) {
+        MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index));
+        mpi_montmul(&W[x_index], &WW, N, mm, &T);
 
         exponent_bits_in_window <<= 1;
 
-        if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 )
-        {
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
+        if ((exponent_bits_in_window & ((size_t) 1 << window_bitsize)) != 0) {
+            MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, 1));
+            mpi_montmul(&W[x_index], &WW, N, mm, &T);
         }
     }
 
     /*
      * W[x_index] = A^E * R * R^-1 mod N = A^E mod N
      */
-    mpi_montred( &W[x_index], N, mm, &T );
+    mpi_montred(&W[x_index], N, mm, &T);
 
-    if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
-    {
+    if (neg && E->n != 0 && (E->p[0] & 1) != 0) {
         W[x_index].s = -1;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&W[x_index], N, &W[x_index]));
     }
 
     /*
      * Load the result in the output variable.
      */
-    mbedtls_mpi_copy( X, &W[x_index] );
+    mbedtls_mpi_copy(X, &W[x_index]);
 
 cleanup:
 
     /* The first bit of the sliding window is always 1 and therefore the first
      * half of the table was unused. */
-    for( i = w_table_used_size/2; i < w_table_used_size; i++ )
-        mbedtls_mpi_free( &W[i] );
+    for (i = w_table_used_size/2; i < w_table_used_size; i++) {
+        mbedtls_mpi_free(&W[i]);
+    }
 
-    mbedtls_mpi_free( &W[x_index] );
-    mbedtls_mpi_free( &W[1] );
-    mbedtls_mpi_free( &T );
-    mbedtls_mpi_free( &Apos );
-    mbedtls_mpi_free( &WW );
+    mbedtls_mpi_free(&W[x_index]);
+    mbedtls_mpi_free(&W[1]);
+    mbedtls_mpi_free(&T);
+    mbedtls_mpi_free(&Apos);
+    mbedtls_mpi_free(&WW);
 
-    if( prec_RR == NULL || prec_RR->p == NULL )
-        mbedtls_mpi_free( &RR );
+    if (prec_RR == NULL || prec_RR->p == NULL) {
+        mbedtls_mpi_free(&RR);
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Greatest common divisor: G = gcd(A, B)  (HAC 14.54)
  */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
+int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t lz, lzt;
     mbedtls_mpi TA, TB;
 
-    MPI_VALIDATE_RET( G != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
+    MPI_VALIDATE_RET(G != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(B != NULL);
 
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+    mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B));
 
-    lz = mbedtls_mpi_lsb( &TA );
-    lzt = mbedtls_mpi_lsb( &TB );
+    lz = mbedtls_mpi_lsb(&TA);
+    lzt = mbedtls_mpi_lsb(&TB);
 
     /* The loop below gives the correct result when A==0 but not when B==0.
      * So have a special case for B==0. Leverage the fact that we just
      * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
      * slightly more efficient than cmp_int(). */
-    if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
-    {
-        ret = mbedtls_mpi_copy( G, A );
+    if (lzt == 0 && mbedtls_mpi_get_bit(&TB, 0) == 0) {
+        ret = mbedtls_mpi_copy(G, A);
         goto cleanup;
     }
 
-    if( lzt < lz )
+    if (lzt < lz) {
         lz = lzt;
+    }
 
     TA.s = TB.s = 1;
 
@@ -1954,11 +2014,10 @@
      * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
      * since in that case TB is calculated from TB-TA with the condition TB>TA).
      */
-    while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
-    {
+    while (mbedtls_mpi_cmp_int(&TA, 0) != 0) {
         /* Divisions by 2 preserve the invariant (I). */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA)));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB)));
 
         /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
          * TA-TB is even so the division by 2 has an integer result.
@@ -1967,15 +2026,12 @@
          * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
          * divides TA.
          */
-        if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
+        if (mbedtls_mpi_cmp_mpi(&TA, &TB) >= 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TA, &TA, &TB));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, 1));
+        } else {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TB, &TB, &TA));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, 1));
         }
         /* Note that one of TA or TB is still odd. */
     }
@@ -1989,14 +2045,14 @@
      *   In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
      */
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB));
 
 cleanup:
 
-    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
+    mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TB);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2005,171 +2061,168 @@
  * is suitable for deterministic ECDSA (see the specification of
  * mbedtls_mpi_random() and the implementation in mbedtls_mpi_fill_random()).
  */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const size_t limbs = CHARS_TO_LIMBS( size );
+    const size_t limbs = CHARS_TO_LIMBS(size);
 
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
+    MPI_VALIDATE_RET(X     != NULL);
+    MPI_VALIDATE_RET(f_rng != NULL);
 
     /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
-    if( size == 0 )
-        return( 0 );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
+    if (size == 0) {
+        return 0;
+    }
 
-    ret = mbedtls_mpi_core_fill_random( X->p, X->n, size, f_rng, p_rng );
+    ret = mbedtls_mpi_core_fill_random(X->p, X->n, size, f_rng, p_rng);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
-int mbedtls_mpi_random( mbedtls_mpi *X,
-                        mbedtls_mpi_sint min,
-                        const mbedtls_mpi *N,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng )
+int mbedtls_mpi_random(mbedtls_mpi *X,
+                       mbedtls_mpi_sint min,
+                       const mbedtls_mpi *N,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng)
 {
-    if( min < 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (min < 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+    if (mbedtls_mpi_cmp_int(N, min) <= 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /* Ensure that target MPI has exactly the same number of limbs
      * as the upper bound, even if the upper bound has leading zeros.
      * This is necessary for mbedtls_mpi_core_random. */
-    int ret = mbedtls_mpi_resize_clear( X, N->n );
-    if( ret != 0 )
-        return( ret );
+    int ret = mbedtls_mpi_resize_clear(X, N->n);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( mbedtls_mpi_core_random( X->p, min, N->p, X->n, f_rng, p_rng ) );
+    return mbedtls_mpi_core_random(X->p, min, N->p, X->n, f_rng, p_rng);
 }
 
 /*
  * Modular inverse: X = A^-1 mod N  (HAC 14.61 / 14.64)
  */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
+int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( N != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(A != NULL);
+    MPI_VALIDATE_RET(N != NULL);
 
-    if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(N, 1) <= 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
-    mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
-    mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
+    mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TU); mbedtls_mpi_init(&U1); mbedtls_mpi_init(&U2);
+    mbedtls_mpi_init(&G); mbedtls_mpi_init(&TB); mbedtls_mpi_init(&TV);
+    mbedtls_mpi_init(&V1); mbedtls_mpi_init(&V2);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N));
 
-    if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
-    {
+    if (mbedtls_mpi_cmp_int(&G, 1) != 0) {
         ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1));
 
-    do
-    {
-        while( ( TU.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
+    do {
+        while ((TU.p[0] & 1) == 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TU, 1));
 
-            if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
+            if ((U1.p[0] & 1) != 0 || (U2.p[0] & 1) != 0) {
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB));
+                MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA));
             }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U1, 1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U2, 1));
         }
 
-        while( ( TV.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
+        while ((TV.p[0] & 1) == 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TV, 1));
 
-            if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
+            if ((V1.p[0] & 1) != 0 || (V2.p[0] & 1) != 0) {
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB));
+                MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA));
             }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V1, 1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V2, 1));
         }
 
-        if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
+        if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2));
+        } else {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2));
         }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
-        }
+    } while (mbedtls_mpi_cmp_int(&TU, 0) != 0);
+
+    while (mbedtls_mpi_cmp_int(&V1, 0) < 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N));
     }
-    while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
 
-    while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
+    while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N));
+    }
 
-    while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1));
 
 cleanup:
 
-    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
-    mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
-    mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
+    mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TU); mbedtls_mpi_free(&U1); mbedtls_mpi_free(&U2);
+    mbedtls_mpi_free(&G); mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TV);
+    mbedtls_mpi_free(&V1); mbedtls_mpi_free(&V2);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_GENPRIME)
 
 static const int small_prime[] =
 {
-        3,    5,    7,   11,   13,   17,   19,   23,
-       29,   31,   37,   41,   43,   47,   53,   59,
-       61,   67,   71,   73,   79,   83,   89,   97,
-      101,  103,  107,  109,  113,  127,  131,  137,
-      139,  149,  151,  157,  163,  167,  173,  179,
-      181,  191,  193,  197,  199,  211,  223,  227,
-      229,  233,  239,  241,  251,  257,  263,  269,
-      271,  277,  281,  283,  293,  307,  311,  313,
-      317,  331,  337,  347,  349,  353,  359,  367,
-      373,  379,  383,  389,  397,  401,  409,  419,
-      421,  431,  433,  439,  443,  449,  457,  461,
-      463,  467,  479,  487,  491,  499,  503,  509,
-      521,  523,  541,  547,  557,  563,  569,  571,
-      577,  587,  593,  599,  601,  607,  613,  617,
-      619,  631,  641,  643,  647,  653,  659,  661,
-      673,  677,  683,  691,  701,  709,  719,  727,
-      733,  739,  743,  751,  757,  761,  769,  773,
-      787,  797,  809,  811,  821,  823,  827,  829,
-      839,  853,  857,  859,  863,  877,  881,  883,
-      887,  907,  911,  919,  929,  937,  941,  947,
-      953,  967,  971,  977,  983,  991,  997, -103
+    3,    5,    7,   11,   13,   17,   19,   23,
+    29,   31,   37,   41,   43,   47,   53,   59,
+    61,   67,   71,   73,   79,   83,   89,   97,
+    101,  103,  107,  109,  113,  127,  131,  137,
+    139,  149,  151,  157,  163,  167,  173,  179,
+    181,  191,  193,  197,  199,  211,  223,  227,
+    229,  233,  239,  241,  251,  257,  263,  269,
+    271,  277,  281,  283,  293,  307,  311,  313,
+    317,  331,  337,  347,  349,  353,  359,  367,
+    373,  379,  383,  389,  397,  401,  409,  419,
+    421,  431,  433,  439,  443,  449,  457,  461,
+    463,  467,  479,  487,  491,  499,  503,  509,
+    521,  523,  541,  547,  557,  563,  569,  571,
+    577,  587,  593,  599,  601,  607,  613,  617,
+    619,  631,  641,  643,  647,  653,  659,  661,
+    673,  677,  683,  691,  701,  709,  719,  727,
+    733,  739,  743,  751,  757,  761,  769,  773,
+    787,  797,  809,  811,  821,  823,  827,  829,
+    839,  853,  857,  859,  863,  877,  881,  883,
+    887,  907,  911,  919,  929,  937,  941,  947,
+    953,  967,  971,  977,  983,  991,  997, -103
 };
 
 /*
@@ -2181,70 +2234,71 @@
  * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
  * other negative: error
  */
-static int mpi_check_small_factors( const mbedtls_mpi *X )
+static int mpi_check_small_factors(const mbedtls_mpi *X)
 {
     int ret = 0;
     size_t i;
     mbedtls_mpi_uint r;
 
-    if( ( X->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+    if ((X->p[0] & 1) == 0) {
+        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+    }
 
-    for( i = 0; small_prime[i] > 0; i++ )
-    {
-        if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
-            return( 1 );
+    for (i = 0; small_prime[i] > 0; i++) {
+        if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) {
+            return 1;
+        }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i]));
 
-        if( r == 0 )
-            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+        if (r == 0) {
+            return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+        }
     }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Miller-Rabin pseudo-primality test  (HAC 4.24)
  */
-static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
+static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     int ret, count;
     size_t i, j, k, s;
     mbedtls_mpi W, R, T, A, RR;
 
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
+    MPI_VALIDATE_RET(X     != NULL);
+    MPI_VALIDATE_RET(f_rng != NULL);
 
-    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
-    mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
-    mbedtls_mpi_init( &RR );
+    mbedtls_mpi_init(&W); mbedtls_mpi_init(&R);
+    mbedtls_mpi_init(&T); mbedtls_mpi_init(&A);
+    mbedtls_mpi_init(&RR);
 
     /*
      * W = |X| - 1
      * R = W >> lsb( W )
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
-    s = mbedtls_mpi_lsb( &W );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&W, X, 1));
+    s = mbedtls_mpi_lsb(&W);
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R, &W));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&R, s));
 
-    for( i = 0; i < rounds; i++ )
-    {
+    for (i = 0; i < rounds; i++) {
         /*
          * pick a random A, 1 < A < |X| - 1
          */
         count = 0;
         do {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng));
 
-            j = mbedtls_mpi_bitlen( &A );
-            k = mbedtls_mpi_bitlen( &W );
+            j = mbedtls_mpi_bitlen(&A);
+            k = mbedtls_mpi_bitlen(&W);
             if (j > k) {
-                A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1;
+                A.p[A.n - 1] &= ((mbedtls_mpi_uint) 1 << (k - (A.n - 1) * biL - 1)) - 1;
             }
 
             if (count++ > 30) {
@@ -2252,29 +2306,30 @@
                 goto cleanup;
             }
 
-        } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
-                  mbedtls_mpi_cmp_int( &A, 1 )  <= 0    );
+        } while (mbedtls_mpi_cmp_mpi(&A, &W) >= 0 ||
+                 mbedtls_mpi_cmp_int(&A, 1)  <= 0);
 
         /*
          * A = A^R mod |X|
          */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&A, &A, &R, X, &RR));
 
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
+        if (mbedtls_mpi_cmp_mpi(&A, &W) == 0 ||
+            mbedtls_mpi_cmp_int(&A,  1) == 0) {
             continue;
+        }
 
         j = 1;
-        while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
-        {
+        while (j < s && mbedtls_mpi_cmp_mpi(&A, &W) != 0) {
             /*
              * A = A * A mod |X|
              */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X  ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &A, &A));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&A, &T, X));
 
-            if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
+            if (mbedtls_mpi_cmp_int(&A, 1) == 0) {
                 break;
+            }
 
             j++;
         }
@@ -2282,54 +2337,55 @@
         /*
          * not prime if A != |X| - 1 or A == 1
          */
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
-        {
+        if (mbedtls_mpi_cmp_mpi(&A, &W) != 0 ||
+            mbedtls_mpi_cmp_int(&A,  1) == 0) {
             ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
             break;
         }
     }
 
 cleanup:
-    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
-    mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
-    mbedtls_mpi_free( &RR );
+    mbedtls_mpi_free(&W); mbedtls_mpi_free(&R);
+    mbedtls_mpi_free(&T); mbedtls_mpi_free(&A);
+    mbedtls_mpi_free(&RR);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Pseudo-primality test: small factors, then Miller-Rabin
  */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi XX;
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
+    MPI_VALIDATE_RET(X     != NULL);
+    MPI_VALIDATE_RET(f_rng != NULL);
 
     XX.s = 1;
     XX.n = X->n;
     XX.p = X->p;
 
-    if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
-        mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
-        return( 0 );
-
-    if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
-    {
-        if( ret == 1 )
-            return( 0 );
-
-        return( ret );
+    if (mbedtls_mpi_cmp_int(&XX, 0) == 0 ||
+        mbedtls_mpi_cmp_int(&XX, 1) == 0) {
+        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
     }
 
-    return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
+    if (mbedtls_mpi_cmp_int(&XX, 2) == 0) {
+        return 0;
+    }
+
+    if ((ret = mpi_check_small_factors(&XX)) != 0) {
+        if (ret == 1) {
+            return 0;
+        }
+
+        return ret;
+    }
+
+    return mpi_miller_rabin(&XX, rounds, f_rng, p_rng);
 }
 
 /*
@@ -2339,9 +2395,9 @@
  * be either 1024 bits or 1536 bits long, and flags must contain
  * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR.
  */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng )
+int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng)
 {
 #ifdef MBEDTLS_HAVE_INT64
 // ceil(2^63.5)
@@ -2356,56 +2412,55 @@
     mbedtls_mpi_uint r;
     mbedtls_mpi Y;
 
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
+    MPI_VALIDATE_RET(X     != NULL);
+    MPI_VALIDATE_RET(f_rng != NULL);
 
-    if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_init( &Y );
+    mbedtls_mpi_init(&Y);
 
-    n = BITS_TO_LIMBS( nbits );
+    n = BITS_TO_LIMBS(nbits);
 
-    if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 )
-    {
+    if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR) == 0) {
         /*
          * 2^-80 error probability, number of rounds chosen per HAC, table 4.4
          */
-        rounds = ( ( nbits >= 1300 ) ?  2 : ( nbits >=  850 ) ?  3 :
-                   ( nbits >=  650 ) ?  4 : ( nbits >=  350 ) ?  8 :
-                   ( nbits >=  250 ) ? 12 : ( nbits >=  150 ) ? 18 : 27 );
-    }
-    else
-    {
+        rounds = ((nbits >= 1300) ?  2 : (nbits >=  850) ?  3 :
+                  (nbits >=  650) ?  4 : (nbits >=  350) ?  8 :
+                  (nbits >=  250) ? 12 : (nbits >=  150) ? 18 : 27);
+    } else {
         /*
          * 2^-100 error probability, number of rounds computed based on HAC,
          * fact 4.48
          */
-        rounds = ( ( nbits >= 1450 ) ?  4 : ( nbits >=  1150 ) ?  5 :
-                   ( nbits >= 1000 ) ?  6 : ( nbits >=   850 ) ?  7 :
-                   ( nbits >=  750 ) ?  8 : ( nbits >=   500 ) ? 13 :
-                   ( nbits >=  250 ) ? 28 : ( nbits >=   150 ) ? 40 : 51 );
+        rounds = ((nbits >= 1450) ?  4 : (nbits >=  1150) ?  5 :
+                  (nbits >= 1000) ?  6 : (nbits >=   850) ?  7 :
+                  (nbits >=  750) ?  8 : (nbits >=   500) ? 13 :
+                  (nbits >=  250) ? 28 : (nbits >=   150) ? 40 : 51);
     }
 
-    while( 1 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
+    while (1) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng));
         /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
-        if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
+        if (X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2) {
+            continue;
+        }
 
         k = n * biL;
-        if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
+        if (k > nbits) {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, k - nbits));
+        }
         X->p[0] |= 1;
 
-        if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 )
-        {
-            ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng );
+        if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) == 0) {
+            ret = mbedtls_mpi_is_prime_ext(X, rounds, f_rng, p_rng);
 
-            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+            if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
                 goto cleanup;
-        }
-        else
-        {
+            }
+        } else {
             /*
              * A necessary condition for Y and X = 2Y + 1 to be prime
              * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
@@ -2414,49 +2469,51 @@
 
             X->p[0] |= 2;
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
-            if( r == 0 )
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
-            else if( r == 1 )
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, 3));
+            if (r == 0) {
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 8));
+            } else if (r == 1) {
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 4));
+            }
 
             /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, X));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, 1));
 
-            while( 1 )
-            {
+            while (1) {
                 /*
                  * First, check small factors for X and Y
                  * before doing Miller-Rabin on any of them
                  */
-                if( ( ret = mpi_check_small_factors(  X         ) ) == 0 &&
-                    ( ret = mpi_check_small_factors( &Y         ) ) == 0 &&
-                    ( ret = mpi_miller_rabin(  X, rounds, f_rng, p_rng  ) )
-                                                                    == 0 &&
-                    ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng  ) )
-                                                                    == 0 )
+                if ((ret = mpi_check_small_factors(X)) == 0 &&
+                    (ret = mpi_check_small_factors(&Y)) == 0 &&
+                    (ret = mpi_miller_rabin(X, rounds, f_rng, p_rng))
+                    == 0 &&
+                    (ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng))
+                    == 0) {
                     goto cleanup;
+                }
 
-                if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+                if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
                     goto cleanup;
+                }
 
                 /*
                  * Next candidates. We want to preserve Y = (X-1) / 2 and
                  * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
                  * so up Y by 6 and X by 12.
                  */
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int(  X,  X, 12 ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6  ) );
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X,  X, 12));
+                MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&Y, &Y, 6));
             }
         }
     }
 
 cleanup:
 
-    mbedtls_mpi_free( &Y );
+    mbedtls_mpi_free(&Y);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_GENPRIME */
@@ -2475,162 +2532,173 @@
 /*
  * Checkup routine
  */
-int mbedtls_mpi_self_test( int verbose )
+int mbedtls_mpi_self_test(int verbose)
 {
     int ret, i;
     mbedtls_mpi A, E, N, X, Y, U, V;
 
-    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
-    mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
+    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); mbedtls_mpi_init(&X);
+    mbedtls_mpi_init(&Y); mbedtls_mpi_init(&U); mbedtls_mpi_init(&V);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
-        "EFE021C2645FD1DC586E69184AF4A31E" \
-        "D5F53E93B5F123FA41680867BA110131" \
-        "944FE7952E2517337780CB0DB80E61AA" \
-        "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&A, 16,
+                                            "EFE021C2645FD1DC586E69184AF4A31E" \
+                                            "D5F53E93B5F123FA41680867BA110131" \
+                                            "944FE7952E2517337780CB0DB80E61AA" \
+                                            "E7C8DDC6C5C6AADEB34EB38A2F40D5E6"));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
-        "B2E7EFD37075B9F03FF989C7C5051C20" \
-        "34D2A323810251127E7BF8625A4F49A5" \
-        "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
-        "5B5C25763222FEFCCFC38B832366C29E" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 16,
+                                            "B2E7EFD37075B9F03FF989C7C5051C20" \
+                                            "34D2A323810251127E7BF8625A4F49A5" \
+                                            "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
+                                            "5B5C25763222FEFCCFC38B832366C29E"));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
-        "0066A198186C18C10B2F5ED9B522752A" \
-        "9830B69916E535C8F047518A889A43A5" \
-        "94B6BED27A168D31D4A52F88925AA8F5" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16,
+                                            "0066A198186C18C10B2F5ED9B522752A" \
+                                            "9830B69916E535C8F047518A889A43A5" \
+                                            "94B6BED27A168D31D4A52F88925AA8F5"));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "602AB7ECA597A3D6B56FF9829A5E8B85" \
-        "9E857EA95A03512E2BAE7391688D264A" \
-        "A5663B0341DB9CCFD2C4C5F421FEC814" \
-        "8001B72E848A38CAE1C65F78E56ABDEF" \
-        "E12D3C039B8A02D6BE593F0BBBDA56F1" \
-        "ECF677152EF804370C1A305CAF3B5BF1" \
-        "30879B56C61DE584A0F53A2447A51E" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+                                            "602AB7ECA597A3D6B56FF9829A5E8B85" \
+                                            "9E857EA95A03512E2BAE7391688D264A" \
+                                            "A5663B0341DB9CCFD2C4C5F421FEC814" \
+                                            "8001B72E848A38CAE1C65F78E56ABDEF" \
+                                            "E12D3C039B8A02D6BE593F0BBBDA56F1" \
+                                            "ECF677152EF804370C1A305CAF3B5BF1" \
+                                            "30879B56C61DE584A0F53A2447A51E"));
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #1 (mul_mpi): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MPI test #1 (mul_mpi): ");
+    }
 
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "256567336059E52CAE22925474705F39A94" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+                                            "256567336059E52CAE22925474705F39A94"));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
-        "6613F26162223DF488E9CD48CC132C7A" \
-        "0AC93C701B001B092E4E5B9F73BCD27B" \
-        "9EE50D0657C77F374E903CDFA4C642" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&V, 16,
+                                            "6613F26162223DF488E9CD48CC132C7A" \
+                                            "0AC93C701B001B092E4E5B9F73BCD27B" \
+                                            "9EE50D0657C77F374E903CDFA4C642"));
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #2 (div_mpi): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MPI test #2 (div_mpi): ");
+    }
 
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_mpi_cmp_mpi(&X, &U) != 0 ||
+        mbedtls_mpi_cmp_mpi(&Y, &V) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "36E139AEA55215609D2816998ED020BB" \
-        "BD96C37890F65171D948E9BC7CBAA4D9" \
-        "325D24D6A3C12710F10A09FA08AB87" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+                                            "36E139AEA55215609D2816998ED020BB" \
+                                            "BD96C37890F65171D948E9BC7CBAA4D9" \
+                                            "325D24D6A3C12710F10A09FA08AB87"));
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #3 (exp_mod): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MPI test #3 (exp_mod): ");
+    }
 
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
-        "C3DBA76456363A10869622EAC2DD84EC" \
-        "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16,
+                                            "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
+                                            "C3DBA76456363A10869622EAC2DD84EC" \
+                                            "C5B8A74DAC4D09E03B5E0BE779F2DF61"));
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #4 (inv_mod): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MPI test #4 (inv_mod): ");
+    }
 
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #5 (simple gcd): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MPI test #5 (simple gcd): ");
+    }
 
-    for( i = 0; i < GCD_PAIR_COUNT; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
+    for (i = 0; i < GCD_PAIR_COUNT; i++) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&X, gcd_pairs[i][0]));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Y, gcd_pairs[i][1]));
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&A, &X, &Y));
 
-        if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed at %d\n", i );
+        if (mbedtls_mpi_cmp_int(&A, gcd_pairs[i][2]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed at %d\n", i);
+            }
 
             ret = 1;
             goto cleanup;
         }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
 cleanup:
 
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
+    if (ret != 0 && verbose != 0) {
+        mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret);
+    }
 
-    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
-    mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
+    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); mbedtls_mpi_free(&X);
+    mbedtls_mpi_free(&Y); mbedtls_mpi_free(&U); mbedtls_mpi_free(&V);
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/bignum_core.c b/library/bignum_core.c
index bda62f2..e50f043 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -33,84 +33,84 @@
 #include "bn_mul.h"
 #include "constant_time_internal.h"
 
-size_t mbedtls_mpi_core_clz( mbedtls_mpi_uint a )
+size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a)
 {
     size_t j;
     mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
 
-    for( j = 0; j < biL; j++ )
-    {
-        if( a & mask ) break;
+    for (j = 0; j < biL; j++) {
+        if (a & mask) {
+            break;
+        }
 
         mask >>= 1;
     }
 
-    return( j );
+    return j;
 }
 
-size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs )
+size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs)
 {
     size_t i, j;
 
-    if( A_limbs == 0 )
-        return( 0 );
+    if (A_limbs == 0) {
+        return 0;
+    }
 
-    for( i = A_limbs - 1; i > 0; i-- )
-        if( A[i] != 0 )
+    for (i = A_limbs - 1; i > 0; i--) {
+        if (A[i] != 0) {
             break;
+        }
+    }
 
-    j = biL - mbedtls_mpi_core_clz( A[i] );
+    j = biL - mbedtls_mpi_core_clz(A[i]);
 
-    return( ( i * biL ) + j );
+    return (i * biL) + j;
 }
 
 /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
  * into the storage form used by mbedtls_mpi. */
-static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint a )
+static mbedtls_mpi_uint mpi_bigendian_to_host_c(mbedtls_mpi_uint a)
 {
     uint8_t i;
     unsigned char *a_ptr;
     mbedtls_mpi_uint tmp = 0;
 
-    for( i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++ )
-    {
+    for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) {
         tmp <<= CHAR_BIT;
         tmp |= (mbedtls_mpi_uint) *a_ptr;
     }
 
-    return( tmp );
+    return tmp;
 }
 
-static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint a )
+static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a)
 {
-    if ( MBEDTLS_IS_BIG_ENDIAN )
-    {
+    if (MBEDTLS_IS_BIG_ENDIAN) {
         /* Nothing to do on bigendian systems. */
-        return( a );
-    }
-    else
-    {
-        switch( sizeof(mbedtls_mpi_uint) )
-        {
+        return a;
+    } else {
+        switch (sizeof(mbedtls_mpi_uint)) {
             case 4:
-                return (mbedtls_mpi_uint) MBEDTLS_BSWAP32( (uint32_t)a );
+                return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a);
             case 8:
-                return (mbedtls_mpi_uint) MBEDTLS_BSWAP64( (uint64_t)a );
+                return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a);
         }
 
         /* Fall back to C-based reordering if we don't know the byte order
-        * or we couldn't use a compiler-specific builtin. */
-        return( mpi_bigendian_to_host_c( a ) );
+         * or we couldn't use a compiler-specific builtin. */
+        return mpi_bigendian_to_host_c(a);
     }
 }
 
-void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A,
-                                         size_t A_limbs )
+void mbedtls_mpi_core_bigendian_to_host(mbedtls_mpi_uint *A,
+                                        size_t A_limbs)
 {
     mbedtls_mpi_uint *cur_limb_left;
     mbedtls_mpi_uint *cur_limb_right;
-    if( A_limbs == 0 )
+    if (A_limbs == 0) {
         return;
+    }
 
     /*
      * Traverse limbs and
@@ -121,165 +121,163 @@
      * than the right index (it's not a problem if limbs is odd and the
      * indices coincide in the last iteration).
      */
-    for( cur_limb_left = A, cur_limb_right = A + ( A_limbs - 1 );
+    for (cur_limb_left = A, cur_limb_right = A + (A_limbs - 1);
          cur_limb_left <= cur_limb_right;
-         cur_limb_left++, cur_limb_right-- )
-    {
+         cur_limb_left++, cur_limb_right--) {
         mbedtls_mpi_uint tmp;
         /* Note that if cur_limb_left == cur_limb_right,
          * this code effectively swaps the bytes only once. */
-        tmp             = mpi_bigendian_to_host( *cur_limb_left );
-        *cur_limb_left  = mpi_bigendian_to_host( *cur_limb_right );
+        tmp             = mpi_bigendian_to_host(*cur_limb_left);
+        *cur_limb_left  = mpi_bigendian_to_host(*cur_limb_right);
         *cur_limb_right = tmp;
     }
 }
 
 /* Whether min <= A, in constant time.
  * A_limbs must be at least 1. */
-unsigned mbedtls_mpi_core_uint_le_mpi( mbedtls_mpi_uint min,
-                                       const mbedtls_mpi_uint *A,
-                                       size_t A_limbs )
+unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
+                                      const mbedtls_mpi_uint *A,
+                                      size_t A_limbs)
 {
     /* min <= least significant limb? */
-    unsigned min_le_lsl = 1 ^ mbedtls_ct_mpi_uint_lt( A[0], min );
+    unsigned min_le_lsl = 1 ^ mbedtls_ct_mpi_uint_lt(A[0], min);
 
     /* limbs other than the least significant one are all zero? */
     mbedtls_mpi_uint msll_mask = 0;
-    for( size_t i = 1; i < A_limbs; i++ )
+    for (size_t i = 1; i < A_limbs; i++) {
         msll_mask |= A[i];
+    }
     /* The most significant limbs of A are not all zero iff msll_mask != 0. */
-    unsigned msll_nonzero = mbedtls_ct_mpi_uint_mask( msll_mask ) & 1;
+    unsigned msll_nonzero = mbedtls_ct_mpi_uint_mask(msll_mask) & 1;
 
     /* min <= A iff the lowest limb of A is >= min or the other limbs
      * are not all zero. */
-    return( min_le_lsl | msll_nonzero );
+    return min_le_lsl | msll_nonzero;
 }
 
-void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X,
-                                   const mbedtls_mpi_uint *A,
-                                   size_t limbs,
-                                   unsigned char assign )
+void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
+                                  const mbedtls_mpi_uint *A,
+                                  size_t limbs,
+                                  unsigned char assign)
 {
-    if( X == A )
+    if (X == A) {
         return;
+    }
 
-    mbedtls_ct_mpi_uint_cond_assign( limbs, X, A, assign );
+    mbedtls_ct_mpi_uint_cond_assign(limbs, X, A, assign);
 }
 
-void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X,
-                                 mbedtls_mpi_uint *Y,
-                                 size_t limbs,
-                                 unsigned char swap )
+void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,
+                                mbedtls_mpi_uint *Y,
+                                size_t limbs,
+                                unsigned char swap)
 {
-    if( X == Y )
+    if (X == Y) {
         return;
+    }
 
     /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
-    mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( swap );
+    mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(swap);
 
-    for( size_t i = 0; i < limbs; i++ )
-    {
+    for (size_t i = 0; i < limbs; i++) {
         mbedtls_mpi_uint tmp = X[i];
-        X[i] = ( X[i] & ~limb_mask ) | ( Y[i] & limb_mask );
-        Y[i] = ( Y[i] & ~limb_mask ) | (  tmp & limb_mask );
+        X[i] = (X[i] & ~limb_mask) | (Y[i] & limb_mask);
+        Y[i] = (Y[i] & ~limb_mask) | (tmp & limb_mask);
     }
 }
 
-int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X,
-                              size_t X_limbs,
-                              const unsigned char *input,
-                              size_t input_length )
+int mbedtls_mpi_core_read_le(mbedtls_mpi_uint *X,
+                             size_t X_limbs,
+                             const unsigned char *input,
+                             size_t input_length)
 {
-    const size_t limbs = CHARS_TO_LIMBS( input_length );
+    const size_t limbs = CHARS_TO_LIMBS(input_length);
 
-    if( X_limbs < limbs )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    if (X_limbs < limbs) {
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+    }
 
-    if( X != NULL )
-    {
-        memset( X, 0, X_limbs * ciL );
+    if (X != NULL) {
+        memset(X, 0, X_limbs * ciL);
 
-        for( size_t i = 0; i < input_length; i++ )
-        {
-            size_t offset = ( ( i % ciL ) << 3 );
-            X[i / ciL] |= ( (mbedtls_mpi_uint) input[i] ) << offset;
+        for (size_t i = 0; i < input_length; i++) {
+            size_t offset = ((i % ciL) << 3);
+            X[i / ciL] |= ((mbedtls_mpi_uint) input[i]) << offset;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X,
-                              size_t X_limbs,
-                              const unsigned char *input,
-                              size_t input_length )
+int mbedtls_mpi_core_read_be(mbedtls_mpi_uint *X,
+                             size_t X_limbs,
+                             const unsigned char *input,
+                             size_t input_length)
 {
-    const size_t limbs = CHARS_TO_LIMBS( input_length );
+    const size_t limbs = CHARS_TO_LIMBS(input_length);
 
-    if( X_limbs < limbs )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    if (X_limbs < limbs) {
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+    }
 
     /* If X_limbs is 0, input_length must also be 0 (from previous test).
      * Nothing to do. */
-    if( X_limbs == 0 )
-        return( 0 );
-
-    memset( X, 0, X_limbs * ciL );
-
-    /* memcpy() with (NULL, 0) is undefined behaviour */
-    if( input_length != 0 )
-    {
-        size_t overhead = ( X_limbs * ciL ) - input_length;
-        unsigned char *Xp = (unsigned char *) X;
-        memcpy( Xp + overhead, input, input_length );
+    if (X_limbs == 0) {
+        return 0;
     }
 
-    mbedtls_mpi_core_bigendian_to_host( X, X_limbs );
+    memset(X, 0, X_limbs * ciL);
 
-    return( 0 );
+    /* memcpy() with (NULL, 0) is undefined behaviour */
+    if (input_length != 0) {
+        size_t overhead = (X_limbs * ciL) - input_length;
+        unsigned char *Xp = (unsigned char *) X;
+        memcpy(Xp + overhead, input, input_length);
+    }
+
+    mbedtls_mpi_core_bigendian_to_host(X, X_limbs);
+
+    return 0;
 }
 
-int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A,
-                               size_t A_limbs,
-                               unsigned char *output,
-                               size_t output_length )
+int mbedtls_mpi_core_write_le(const mbedtls_mpi_uint *A,
+                              size_t A_limbs,
+                              unsigned char *output,
+                              size_t output_length)
 {
     size_t stored_bytes = A_limbs * ciL;
     size_t bytes_to_copy;
 
-    if( stored_bytes < output_length )
-    {
+    if (stored_bytes < output_length) {
         bytes_to_copy = stored_bytes;
-    }
-    else
-    {
+    } else {
         bytes_to_copy = output_length;
 
         /* The output buffer is smaller than the allocated size of A.
          * However A may fit if its leading bytes are zero. */
-        for( size_t i = bytes_to_copy; i < stored_bytes; i++ )
-        {
-            if( GET_BYTE( A, i ) != 0 )
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        for (size_t i = bytes_to_copy; i < stored_bytes; i++) {
+            if (GET_BYTE(A, i) != 0) {
+                return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+            }
         }
     }
 
-    for( size_t i = 0; i < bytes_to_copy; i++ )
-        output[i] = GET_BYTE( A, i );
-
-    if( stored_bytes < output_length )
-    {
-        /* Write trailing 0 bytes */
-        memset( output + stored_bytes, 0, output_length - stored_bytes );
+    for (size_t i = 0; i < bytes_to_copy; i++) {
+        output[i] = GET_BYTE(A, i);
     }
 
-    return( 0 );
+    if (stored_bytes < output_length) {
+        /* Write trailing 0 bytes */
+        memset(output + stored_bytes, 0, output_length - stored_bytes);
+    }
+
+    return 0;
 }
 
-int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X,
-                               size_t X_limbs,
-                               unsigned char *output,
-                               size_t output_length )
+int mbedtls_mpi_core_write_be(const mbedtls_mpi_uint *X,
+                              size_t X_limbs,
+                              unsigned char *output,
+                              size_t output_length)
 {
     size_t stored_bytes;
     size_t bytes_to_copy;
@@ -287,8 +285,7 @@
 
     stored_bytes = X_limbs * ciL;
 
-    if( stored_bytes < output_length )
-    {
+    if (stored_bytes < output_length) {
         /* There is enough space in the output buffer. Write initial
          * null bytes and record the position at which to start
          * writing the significant bytes. In this case, the execution
@@ -296,29 +293,28 @@
          * number. */
         bytes_to_copy = stored_bytes;
         p = output + output_length - stored_bytes;
-        memset( output, 0, output_length - stored_bytes );
-    }
-    else
-    {
+        memset(output, 0, output_length - stored_bytes);
+    } else {
         /* The output buffer is smaller than the allocated size of X.
          * However X may fit if its leading bytes are zero. */
         bytes_to_copy = output_length;
         p = output;
-        for( size_t i = bytes_to_copy; i < stored_bytes; i++ )
-        {
-            if( GET_BYTE( X, i ) != 0 )
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        for (size_t i = bytes_to_copy; i < stored_bytes; i++) {
+            if (GET_BYTE(X, i) != 0) {
+                return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+            }
         }
     }
 
-    for( size_t i = 0; i < bytes_to_copy; i++ )
-        p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
+    for (size_t i = 0; i < bytes_to_copy; i++) {
+        p[bytes_to_copy - i - 1] = GET_BYTE(X, i);
+    }
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
-                               size_t count )
+void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs,
+                              size_t count)
 {
     size_t i, v0, v1;
     mbedtls_mpi_uint r0 = 0, r1;
@@ -326,31 +322,29 @@
     v0 = count /  biL;
     v1 = count & (biL - 1);
 
-    if( v0 > limbs || ( v0 == limbs && v1 > 0 ) )
-    {
-        memset( X, 0, limbs * ciL );
+    if (v0 > limbs || (v0 == limbs && v1 > 0)) {
+        memset(X, 0, limbs * ciL);
         return;
     }
 
     /*
      * shift by count / limb_size
      */
-    if( v0 > 0 )
-    {
-        for( i = 0; i < limbs - v0; i++ )
+    if (v0 > 0) {
+        for (i = 0; i < limbs - v0; i++) {
             X[i] = X[i + v0];
+        }
 
-        for( ; i < limbs; i++ )
+        for (; i < limbs; i++) {
             X[i] = 0;
+        }
     }
 
     /*
      * shift by count % limb_size
      */
-    if( v1 > 0 )
-    {
-        for( i = limbs; i > 0; i-- )
-        {
+    if (v1 > 0) {
+        for (i = limbs; i > 0; i--) {
             r1 = X[i - 1] << (biL - v1);
             X[i - 1] >>= v1;
             X[i - 1] |= r0;
@@ -359,69 +353,66 @@
     }
 }
 
-mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_uint *A,
-                                       const mbedtls_mpi_uint *B,
-                                       size_t limbs )
+mbedtls_mpi_uint mbedtls_mpi_core_add(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_uint *A,
+                                      const mbedtls_mpi_uint *B,
+                                      size_t limbs)
 {
     mbedtls_mpi_uint c = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
-    {
+    for (size_t i = 0; i < limbs; i++) {
         mbedtls_mpi_uint t = c + A[i];
-        c = ( t < A[i] );
+        c = (t < A[i]);
         t += B[i];
-        c += ( t < B[i] );
+        c += (t < B[i]);
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
-mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *X,
-                                          const mbedtls_mpi_uint *A,
-                                          size_t limbs,
-                                          unsigned cond )
+mbedtls_mpi_uint mbedtls_mpi_core_add_if(mbedtls_mpi_uint *X,
+                                         const mbedtls_mpi_uint *A,
+                                         size_t limbs,
+                                         unsigned cond)
 {
     mbedtls_mpi_uint c = 0;
 
     /* all-bits 0 if cond is 0, all-bits 1 if cond is non-0 */
-    const mbedtls_mpi_uint mask = mbedtls_ct_mpi_uint_mask( cond );
+    const mbedtls_mpi_uint mask = mbedtls_ct_mpi_uint_mask(cond);
 
-    for( size_t i = 0; i < limbs; i++ )
-    {
+    for (size_t i = 0; i < limbs; i++) {
         mbedtls_mpi_uint add = mask & A[i];
         mbedtls_mpi_uint t = c + X[i];
-        c = ( t < X[i] );
+        c = (t < X[i]);
         t += add;
-        c += ( t < add );
+        c += (t < add);
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
-mbedtls_mpi_uint mbedtls_mpi_core_sub( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_uint *A,
-                                       const mbedtls_mpi_uint *B,
-                                       size_t limbs )
+mbedtls_mpi_uint mbedtls_mpi_core_sub(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_uint *A,
+                                      const mbedtls_mpi_uint *B,
+                                      size_t limbs)
 {
     mbedtls_mpi_uint c = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
-    {
-        mbedtls_mpi_uint z = ( A[i] < c );
+    for (size_t i = 0; i < limbs; i++) {
+        mbedtls_mpi_uint z = (A[i] < c);
         mbedtls_mpi_uint t = A[i] - c;
-        c = ( t < B[i] ) + z;
+        c = (t < B[i]) + z;
         X[i] = t - B[i];
     }
 
-    return( c );
+    return c;
 }
 
-mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
-                                       const mbedtls_mpi_uint *s, size_t s_len,
-                                       mbedtls_mpi_uint b )
+mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *d, size_t d_len,
+                                      const mbedtls_mpi_uint *s, size_t s_len,
+                                      mbedtls_mpi_uint b)
 {
     mbedtls_mpi_uint c = 0; /* carry */
     /*
@@ -429,70 +420,68 @@
      * If that's not the case, we swap these round: this turns what would be
      * a buffer overflow into an incorrect result.
      */
-    if( d_len < s_len )
+    if (d_len < s_len) {
         s_len = d_len;
+    }
     size_t excess_len = d_len - s_len;
     size_t steps_x8 = s_len / 8;
     size_t steps_x1 = s_len & 7;
 
-    while( steps_x8-- )
-    {
+    while (steps_x8--) {
         MULADDC_X8_INIT
         MULADDC_X8_CORE
-        MULADDC_X8_STOP
+            MULADDC_X8_STOP
     }
 
-    while( steps_x1-- )
-    {
+    while (steps_x1--) {
         MULADDC_X1_INIT
         MULADDC_X1_CORE
-        MULADDC_X1_STOP
+            MULADDC_X1_STOP
     }
 
-    while( excess_len-- )
-    {
+    while (excess_len--) {
         *d += c;
-        c = ( *d < c );
+        c = (*d < c);
         d++;
     }
 
-    return( c );
+    return c;
 }
 
 /*
  * Fast Montgomery initialization (thanks to Tom St Denis).
  */
-mbedtls_mpi_uint mbedtls_mpi_core_montmul_init( const mbedtls_mpi_uint *N )
+mbedtls_mpi_uint mbedtls_mpi_core_montmul_init(const mbedtls_mpi_uint *N)
 {
     mbedtls_mpi_uint x = N[0];
 
-    x += ( ( N[0] + 2 ) & 4 ) << 1;
+    x += ((N[0] + 2) & 4) << 1;
 
-    for( unsigned int i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( N[0] * x ) );
+    for (unsigned int i = biL; i >= 8; i /= 2) {
+        x *= (2 - (N[0] * x));
+    }
 
-    return( ~x + 1 );
+    return ~x + 1;
 }
 
-void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
-                               const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_uint *B,
-                               size_t B_limbs,
-                               const mbedtls_mpi_uint *N,
-                               size_t AN_limbs,
-                               mbedtls_mpi_uint mm,
-                               mbedtls_mpi_uint *T )
+void mbedtls_mpi_core_montmul(mbedtls_mpi_uint *X,
+                              const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_uint *B,
+                              size_t B_limbs,
+                              const mbedtls_mpi_uint *N,
+                              size_t AN_limbs,
+                              mbedtls_mpi_uint mm,
+                              mbedtls_mpi_uint *T)
 {
-    memset( T, 0, ( 2 * AN_limbs + 1 ) * ciL );
+    memset(T, 0, (2 * AN_limbs + 1) * ciL);
 
-    for( size_t i = 0; i < AN_limbs; i++ )
-    {
+    for (size_t i = 0; i < AN_limbs; i++) {
         /* T = (T + u0*B + u1*N) / 2^biL */
         mbedtls_mpi_uint u0 = A[i];
-        mbedtls_mpi_uint u1 = ( T[0] + u0 * B[0] ) * mm;
+        mbedtls_mpi_uint u1 = (T[0] + u0 * B[0]) * mm;
 
-        (void) mbedtls_mpi_core_mla( T, AN_limbs + 2, B, B_limbs, u0 );
-        (void) mbedtls_mpi_core_mla( T, AN_limbs + 2, N, AN_limbs, u1 );
+        (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, B, B_limbs, u0);
+        (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, N, AN_limbs, u1);
 
         T++;
     }
@@ -508,7 +497,7 @@
      */
 
     mbedtls_mpi_uint carry  = T[AN_limbs];
-    mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub( X, T, N, AN_limbs );
+    mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, T, N, AN_limbs);
 
     /*
      * Using R as the Montgomery radix (auxiliary modulus) i.e. 2^(biL*AN_limbs):
@@ -524,34 +513,33 @@
      * So the correct return value is already in X if (carry ^ borrow) = 0,
      * but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1.
      */
-    mbedtls_ct_mpi_uint_cond_assign( AN_limbs, X, T, (unsigned char) ( carry ^ borrow ) );
+    mbedtls_ct_mpi_uint_cond_assign(AN_limbs, X, T, (unsigned char) (carry ^ borrow));
 }
 
-int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
-                                         const mbedtls_mpi *N )
+int mbedtls_mpi_core_get_mont_r2_unsafe(mbedtls_mpi *X,
+                                        const mbedtls_mpi *N)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, N->n * 2 * biL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( X, X, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( X, N->n ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, N->n * 2 * biL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(X, N->n));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_STATIC_TESTABLE
-void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
-                                            const mbedtls_mpi_uint *table,
-                                            size_t limbs,
-                                            size_t count,
-                                            size_t index )
+void mbedtls_mpi_core_ct_uint_table_lookup(mbedtls_mpi_uint *dest,
+                                           const mbedtls_mpi_uint *table,
+                                           size_t limbs,
+                                           size_t count,
+                                           size_t index)
 {
-    for( size_t i = 0; i < count; i++, table += limbs )
-    {
-        unsigned char assign = mbedtls_ct_size_bool_eq( i, index );
-        mbedtls_mpi_core_cond_assign( dest, table, limbs, assign );
+    for (size_t i = 0; i < count; i++, table += limbs) {
+        unsigned char assign = mbedtls_ct_size_bool_eq(i, index);
+        mbedtls_mpi_core_cond_assign(dest, table, limbs, assign);
     }
 }
 
@@ -564,34 +552,35 @@
 int mbedtls_mpi_core_fill_random(
     mbedtls_mpi_uint *X, size_t X_limbs,
     size_t n_bytes,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const size_t limbs = CHARS_TO_LIMBS( n_bytes );
-    const size_t overhead = ( limbs * ciL ) - n_bytes;
+    const size_t limbs = CHARS_TO_LIMBS(n_bytes);
+    const size_t overhead = (limbs * ciL) - n_bytes;
 
-    if( X_limbs < limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (X_limbs < limbs) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    memset( X, 0, overhead );
-    memset( (unsigned char *) X + limbs * ciL, 0, ( X_limbs - limbs ) * ciL );
-    MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X + overhead, n_bytes ) );
-    mbedtls_mpi_core_bigendian_to_host( X, limbs );
+    memset(X, 0, overhead);
+    memset((unsigned char *) X + limbs * ciL, 0, (X_limbs - limbs) * ciL);
+    MBEDTLS_MPI_CHK(f_rng(p_rng, (unsigned char *) X + overhead, n_bytes));
+    mbedtls_mpi_core_bigendian_to_host(X, limbs);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
-int mbedtls_mpi_core_random( mbedtls_mpi_uint *X,
-                             mbedtls_mpi_uint min,
-                             const mbedtls_mpi_uint *N,
-                             size_t limbs,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
+int mbedtls_mpi_core_random(mbedtls_mpi_uint *X,
+                            mbedtls_mpi_uint min,
+                            const mbedtls_mpi_uint *N,
+                            size_t limbs,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     unsigned ge_lower = 1, lt_upper = 0;
-    size_t n_bits = mbedtls_mpi_core_bitlen( N, limbs );
-    size_t n_bytes = ( n_bits + 7 ) / 8;
+    size_t n_bits = mbedtls_mpi_core_bitlen(N, limbs);
+    size_t n_bytes = (n_bits + 7) / 8;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /*
@@ -611,7 +600,7 @@
      * is small, use a higher repeat count, otherwise the probability of
      * failure is macroscopic.
      */
-    int count = ( n_bytes > 4 ? 30 : 250 );
+    int count = (n_bytes > 4 ? 30 : 250);
 
     /*
      * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)
@@ -621,80 +610,77 @@
      * - try until result is in the desired range.
      * This also avoids any bias, which is especially important for ECDSA.
      */
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_core_fill_random( X, limbs,
-                                                       n_bytes,
-                                                       f_rng, p_rng ) );
-        mbedtls_mpi_core_shift_r( X, limbs, 8 * n_bytes - n_bits );
+    do {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_core_fill_random(X, limbs,
+                                                     n_bytes,
+                                                     f_rng, p_rng));
+        mbedtls_mpi_core_shift_r(X, limbs, 8 * n_bytes - n_bits);
 
-        if( --count == 0 )
-        {
+        if (--count == 0) {
             ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
             goto cleanup;
         }
 
-        ge_lower = mbedtls_mpi_core_uint_le_mpi( min, X, limbs );
-        lt_upper = mbedtls_mpi_core_lt_ct( X, N, limbs );
-    }
-    while( ge_lower == 0 || lt_upper == 0 );
+        ge_lower = mbedtls_mpi_core_uint_le_mpi(min, X, limbs);
+        lt_upper = mbedtls_mpi_core_lt_ct(X, N, limbs);
+    } while (ge_lower == 0 || lt_upper == 0);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /* BEGIN MERGE SLOT 1 */
 
-static size_t exp_mod_get_window_size( size_t Ebits )
+static size_t exp_mod_get_window_size(size_t Ebits)
 {
-    size_t wsize = ( Ebits > 671 ) ? 6 : ( Ebits > 239 ) ? 5 :
-                   ( Ebits >  79 ) ? 4 : 1;
+    size_t wsize = (Ebits > 671) ? 6 : (Ebits > 239) ? 5 :
+                   (Ebits >  79) ? 4 : 1;
 
-#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
-    if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
+#if (MBEDTLS_MPI_WINDOW_SIZE < 6)
+    if (wsize > MBEDTLS_MPI_WINDOW_SIZE) {
         wsize = MBEDTLS_MPI_WINDOW_SIZE;
+    }
 #endif
 
-    return( wsize );
+    return wsize;
 }
 
-size_t mbedtls_mpi_core_exp_mod_working_limbs( size_t AN_limbs, size_t E_limbs )
+size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs)
 {
-    const size_t wsize = exp_mod_get_window_size( E_limbs * biL );
-    const size_t welem = ( (size_t) 1 ) << wsize;
+    const size_t wsize = exp_mod_get_window_size(E_limbs * biL);
+    const size_t welem = ((size_t) 1) << wsize;
 
     /* How big does each part of the working memory pool need to be? */
     const size_t table_limbs   = welem * AN_limbs;
     const size_t select_limbs  = AN_limbs;
     const size_t temp_limbs    = 2 * AN_limbs + 1;
 
-    return( table_limbs + select_limbs + temp_limbs );
+    return table_limbs + select_limbs + temp_limbs;
 }
 
-static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
-                                       const mbedtls_mpi_uint *N,
-                                       size_t AN_limbs,
-                                       mbedtls_mpi_uint mm,
-                                       const mbedtls_mpi_uint *RR,
-                                       size_t welem,
-                                       mbedtls_mpi_uint *Wtable,
-                                       mbedtls_mpi_uint *temp )
+static void exp_mod_precompute_window(const mbedtls_mpi_uint *A,
+                                      const mbedtls_mpi_uint *N,
+                                      size_t AN_limbs,
+                                      mbedtls_mpi_uint mm,
+                                      const mbedtls_mpi_uint *RR,
+                                      size_t welem,
+                                      mbedtls_mpi_uint *Wtable,
+                                      mbedtls_mpi_uint *temp)
 {
     /* W[0] = 1 (in Montgomery presentation) */
-    memset( Wtable, 0, AN_limbs * ciL );
+    memset(Wtable, 0, AN_limbs * ciL);
     Wtable[0] = 1;
-    mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp );
+    mbedtls_mpi_core_montmul(Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp);
 
     /* W[1] = A (already in Montgomery presentation) */
     mbedtls_mpi_uint *W1 = Wtable + AN_limbs;
-    memcpy( W1, A, AN_limbs * ciL );
+    memcpy(W1, A, AN_limbs * ciL);
 
     /* W[i+1] = W[i] * W[1], i >= 2 */
     mbedtls_mpi_uint *Wprev = W1;
-    for( size_t i = 2; i < welem; i++ )
-    {
+    for (size_t i = 2; i < welem; i++) {
         mbedtls_mpi_uint *Wcur = Wprev + AN_limbs;
-        mbedtls_mpi_core_montmul( Wcur, Wprev, W1, AN_limbs, N, AN_limbs, mm, temp );
+        mbedtls_mpi_core_montmul(Wcur, Wprev, W1, AN_limbs, N, AN_limbs, mm, temp);
         Wprev = Wcur;
     }
 }
@@ -711,17 +697,17 @@
  * (The difference is that the body in our loop processes a single bit instead
  * of a full window.)
  */
-void mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
-                               const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_uint *N,
-                               size_t AN_limbs,
-                               const mbedtls_mpi_uint *E,
-                               size_t E_limbs,
-                               const mbedtls_mpi_uint *RR,
-                               mbedtls_mpi_uint *T )
+void mbedtls_mpi_core_exp_mod(mbedtls_mpi_uint *X,
+                              const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_uint *N,
+                              size_t AN_limbs,
+                              const mbedtls_mpi_uint *E,
+                              size_t E_limbs,
+                              const mbedtls_mpi_uint *RR,
+                              mbedtls_mpi_uint *T)
 {
-    const size_t wsize = exp_mod_get_window_size( E_limbs * biL );
-    const size_t welem = ( (size_t) 1 ) << wsize;
+    const size_t wsize = exp_mod_get_window_size(E_limbs * biL);
+    const size_t welem = ((size_t) 1) << wsize;
 
     /* This is how we will use the temporary storage T, which must have space
      * for table_limbs, select_limbs and (2 * AN_limbs + 1) for montmul. */
@@ -737,19 +723,19 @@
      * Window precomputation
      */
 
-    const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init( N );
+    const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N);
 
     /* Set Wtable[i] = A^(2^i) (in Montgomery representation) */
-    exp_mod_precompute_window( A, N, AN_limbs,
-                               mm, RR,
-                               welem, Wtable, temp );
+    exp_mod_precompute_window(A, N, AN_limbs,
+                              mm, RR,
+                              welem, Wtable, temp);
 
     /*
      * Fixed window exponentiation
      */
 
     /* X = 1 (in Montgomery presentation) initially */
-    memcpy( X, Wtable, AN_limbs * ciL );
+    memcpy(X, Wtable, AN_limbs * ciL);
 
     /* We'll process the bits of E from most significant
      * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant
@@ -761,43 +747,37 @@
     size_t window_bits = 0;
     mbedtls_mpi_uint window = 0;
 
-    do
-    {
+    do {
         /* Square */
-        mbedtls_mpi_core_montmul( X, X, X, AN_limbs, N, AN_limbs, mm, temp );
+        mbedtls_mpi_core_montmul(X, X, X, AN_limbs, N, AN_limbs, mm, temp);
 
         /* Move to the next bit of the exponent */
-        if( E_bit_index == 0 )
-        {
+        if (E_bit_index == 0) {
             --E_limb_index;
             E_bit_index = biL - 1;
-        }
-        else
-        {
+        } else {
             --E_bit_index;
         }
         /* Insert next exponent bit into window */
         ++window_bits;
         window <<= 1;
-        window |= ( E[E_limb_index] >> E_bit_index ) & 1;
+        window |= (E[E_limb_index] >> E_bit_index) & 1;
 
         /* Clear window if it's full. Also clear the window at the end,
          * when we've finished processing the exponent. */
-        if( window_bits == wsize ||
-            ( E_bit_index == 0 && E_limb_index == 0 ) )
-        {
+        if (window_bits == wsize ||
+            (E_bit_index == 0 && E_limb_index == 0)) {
             /* Select Wtable[window] without leaking window through
              * memory access patterns. */
-            mbedtls_mpi_core_ct_uint_table_lookup( Wselect, Wtable,
-                                                   AN_limbs, welem, window );
+            mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable,
+                                                  AN_limbs, welem, window);
             /* Multiply X by the selected element. */
-            mbedtls_mpi_core_montmul( X, X, Wselect, AN_limbs, N, AN_limbs, mm,
-                                      temp );
+            mbedtls_mpi_core_montmul(X, X, Wselect, AN_limbs, N, AN_limbs, mm,
+                                     temp);
             window = 0;
             window_bits = 0;
         }
-    }
-    while( ! ( E_bit_index == 0 && E_limb_index == 0 ) );
+    } while (!(E_bit_index == 0 && E_limb_index == 0));
 }
 
 /* END MERGE SLOT 1 */
@@ -808,54 +788,54 @@
 
 /* BEGIN MERGE SLOT 3 */
 
-mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
-                                           const mbedtls_mpi_uint *A,
-                                           mbedtls_mpi_uint c, /* doubles as carry */
-                                           size_t limbs )
+mbedtls_mpi_uint mbedtls_mpi_core_sub_int(mbedtls_mpi_uint *X,
+                                          const mbedtls_mpi_uint *A,
+                                          mbedtls_mpi_uint c,  /* doubles as carry */
+                                          size_t limbs)
 {
-    for( size_t i = 0; i < limbs; i++ )
-    {
+    for (size_t i = 0; i < limbs; i++) {
         mbedtls_mpi_uint s = A[i];
         mbedtls_mpi_uint t = s - c;
-        c = ( t > s );
+        c = (t > s);
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
-mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
-                                                 size_t limbs )
+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A,
+                                                size_t limbs)
 {
     mbedtls_mpi_uint bits = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
         bits |= A[i];
+    }
 
-    return( bits );
+    return bits;
 }
 
-void mbedtls_mpi_core_to_mont_rep( mbedtls_mpi_uint *X,
-                                   const mbedtls_mpi_uint *A,
-                                   const mbedtls_mpi_uint *N,
-                                   size_t AN_limbs,
-                                   mbedtls_mpi_uint mm,
-                                   const mbedtls_mpi_uint *rr,
-                                   mbedtls_mpi_uint *T )
+void mbedtls_mpi_core_to_mont_rep(mbedtls_mpi_uint *X,
+                                  const mbedtls_mpi_uint *A,
+                                  const mbedtls_mpi_uint *N,
+                                  size_t AN_limbs,
+                                  mbedtls_mpi_uint mm,
+                                  const mbedtls_mpi_uint *rr,
+                                  mbedtls_mpi_uint *T)
 {
-    mbedtls_mpi_core_montmul( X, A, rr, AN_limbs, N, AN_limbs, mm, T );
+    mbedtls_mpi_core_montmul(X, A, rr, AN_limbs, N, AN_limbs, mm, T);
 }
 
-void mbedtls_mpi_core_from_mont_rep( mbedtls_mpi_uint *X,
-                                     const mbedtls_mpi_uint *A,
-                                     const mbedtls_mpi_uint *N,
-                                     size_t AN_limbs,
-                                     mbedtls_mpi_uint mm,
-                                     mbedtls_mpi_uint *T )
+void mbedtls_mpi_core_from_mont_rep(mbedtls_mpi_uint *X,
+                                    const mbedtls_mpi_uint *A,
+                                    const mbedtls_mpi_uint *N,
+                                    size_t AN_limbs,
+                                    mbedtls_mpi_uint mm,
+                                    mbedtls_mpi_uint *T)
 {
     const mbedtls_mpi_uint Rinv = 1;    /* 1/R in Mont. rep => 1 */
 
-    mbedtls_mpi_core_montmul( X, A, &Rinv, 1, N, AN_limbs, mm, T );
+    mbedtls_mpi_core_montmul(X, A, &Rinv, 1, N, AN_limbs, mm, T);
 }
 
 /* END MERGE SLOT 3 */
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 771f208..44d5c5a 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -86,19 +86,19 @@
 #include "mbedtls/bignum.h"
 #endif
 
-#define ciL    ( sizeof(mbedtls_mpi_uint) )   /** chars in limb  */
-#define biL    ( ciL << 3 )                   /** bits  in limb  */
-#define biH    ( ciL << 2 )                   /** half limb size */
+#define ciL    (sizeof(mbedtls_mpi_uint))     /** chars in limb  */
+#define biL    (ciL << 3)                     /** bits  in limb  */
+#define biH    (ciL << 2)                     /** half limb size */
 
 /*
  * Convert between bits/chars and number of limbs
  * Divide first in order to avoid potential overflows
  */
-#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
-#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
+#define BITS_TO_LIMBS(i)  ((i) / biL + ((i) % biL != 0))
+#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0))
 /* Get a specific byte, without range checks. */
-#define GET_BYTE( X, i )                                \
-    ( ( (X)[(i) / ciL] >> ( ( (i) % ciL ) * 8 ) ) & 0xff )
+#define GET_BYTE(X, i)                                \
+    (((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff)
 
 /** Count leading zero bits in a given integer.
  *
@@ -106,7 +106,7 @@
  *
  * \return      The number of leading zero bits in \p a.
  */
-size_t mbedtls_mpi_core_clz( mbedtls_mpi_uint a );
+size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a);
 
 /** Return the minimum number of bits required to represent the value held
  * in the MPI.
@@ -118,7 +118,7 @@
  *
  * \return      The number of bits in \p A.
  */
-size_t mbedtls_mpi_core_bitlen( const mbedtls_mpi_uint *A, size_t A_limbs );
+size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs);
 
 /** Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
  * into the storage form used by mbedtls_mpi.
@@ -126,8 +126,8 @@
  * \param[in,out] A     The address of the MPI.
  * \param A_limbs       The number of limbs of \p A.
  */
-void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A,
-                                         size_t A_limbs );
+void mbedtls_mpi_core_bigendian_to_host(mbedtls_mpi_uint *A,
+                                        size_t A_limbs);
 
 /** \brief         Compare a machine integer with an MPI.
  *
@@ -141,9 +141,9 @@
  *
  * \return         1 if \p min is less than or equal to \p A, otherwise 0.
  */
-unsigned mbedtls_mpi_core_uint_le_mpi( mbedtls_mpi_uint min,
-                                       const mbedtls_mpi_uint *A,
-                                       size_t A_limbs );
+unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
+                                      const mbedtls_mpi_uint *A,
+                                      size_t A_limbs);
 
 /**
  * \brief   Perform a safe conditional copy of an MPI which doesn't reveal
@@ -166,10 +166,10 @@
  *                 is indeterminate, and the resulting value in \p X might be
  *                 neither its original value nor the value in \p A.
  */
-void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X,
-                                   const mbedtls_mpi_uint *A,
-                                   size_t limbs,
-                                   unsigned char assign );
+void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
+                                  const mbedtls_mpi_uint *A,
+                                  size_t limbs,
+                                  unsigned char assign);
 
 /**
  * \brief   Perform a safe conditional swap of two MPIs which doesn't reveal
@@ -192,10 +192,10 @@
  *                 is indeterminate, and both \p X and \p Y might end up with
  *                 values different to either of the original ones.
  */
-void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X,
-                                 mbedtls_mpi_uint *Y,
-                                 size_t limbs,
-                                 unsigned char swap );
+void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,
+                                mbedtls_mpi_uint *Y,
+                                size_t limbs,
+                                unsigned char swap);
 
 /** Import X from unsigned binary data, little-endian.
  *
@@ -211,10 +211,10 @@
  * \return       #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
  *               large enough to hold the value in \p input.
  */
-int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X,
-                              size_t X_limbs,
-                              const unsigned char *input,
-                              size_t input_length );
+int mbedtls_mpi_core_read_le(mbedtls_mpi_uint *X,
+                             size_t X_limbs,
+                             const unsigned char *input,
+                             size_t input_length);
 
 /** Import X from unsigned binary data, big-endian.
  *
@@ -233,10 +233,10 @@
  * \return       #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
  *               large enough to hold the value in \p input.
  */
-int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X,
-                              size_t X_limbs,
-                              const unsigned char *input,
-                              size_t input_length );
+int mbedtls_mpi_core_read_be(mbedtls_mpi_uint *X,
+                             size_t X_limbs,
+                             const unsigned char *input,
+                             size_t input_length);
 
 /** Export A into unsigned binary data, little-endian.
  *
@@ -253,10 +253,10 @@
  * \return       #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't
  *               large enough to hold the value of \p A.
  */
-int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A,
-                               size_t A_limbs,
-                               unsigned char *output,
-                               size_t output_length );
+int mbedtls_mpi_core_write_le(const mbedtls_mpi_uint *A,
+                              size_t A_limbs,
+                              unsigned char *output,
+                              size_t output_length);
 
 /** Export A into unsigned binary data, big-endian.
  *
@@ -273,10 +273,10 @@
  * \return       #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't
  *               large enough to hold the value of \p A.
  */
-int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *A,
-                               size_t A_limbs,
-                               unsigned char *output,
-                               size_t output_length );
+int mbedtls_mpi_core_write_be(const mbedtls_mpi_uint *A,
+                              size_t A_limbs,
+                              unsigned char *output,
+                              size_t output_length);
 
 /** \brief              Shift an MPI right in place by a number of bits.
  *
@@ -290,8 +290,8 @@
  * \param limbs         The number of limbs of \p X. This must be at least 1.
  * \param count         The number of bits to shift by.
  */
-void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
-                               size_t count );
+void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs,
+                              size_t count);
 
 /**
  * \brief Add two fixed-size large unsigned integers, returning the carry.
@@ -310,10 +310,10 @@
  *
  * \return          1 if `A + B >= 2^(biL*limbs)`, 0 otherwise.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_uint *A,
-                                       const mbedtls_mpi_uint *B,
-                                       size_t limbs );
+mbedtls_mpi_uint mbedtls_mpi_core_add(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_uint *A,
+                                      const mbedtls_mpi_uint *B,
+                                      size_t limbs);
 
 /**
  * \brief Conditional addition of two fixed-size large unsigned integers,
@@ -345,10 +345,10 @@
  *
  * \return           1 if `X + cond * A >= 2^(biL*limbs)`, 0 otherwise.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *X,
-                                          const mbedtls_mpi_uint *A,
-                                          size_t limbs,
-                                          unsigned cond );
+mbedtls_mpi_uint mbedtls_mpi_core_add_if(mbedtls_mpi_uint *X,
+                                         const mbedtls_mpi_uint *A,
+                                         size_t limbs,
+                                         unsigned cond);
 
 /**
  * \brief Subtract two fixed-size large unsigned integers, returning the borrow.
@@ -368,10 +368,10 @@
  * \return          1 if `A < B`.
  *                  0 if `A >= B`.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_sub( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_uint *A,
-                                       const mbedtls_mpi_uint *B,
-                                       size_t limbs );
+mbedtls_mpi_uint mbedtls_mpi_core_sub(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_uint *A,
+                                      const mbedtls_mpi_uint *B,
+                                      size_t limbs);
 
 /**
  * \brief Perform a fixed-size multiply accumulate operation: X += b * A
@@ -394,9 +394,9 @@
  *
  * \return           The carry at the end of the operation.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *X, size_t X_limbs,
-                                       const mbedtls_mpi_uint *A, size_t A_limbs,
-                                       mbedtls_mpi_uint b );
+mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *X, size_t X_limbs,
+                                      const mbedtls_mpi_uint *A, size_t A_limbs,
+                                      mbedtls_mpi_uint b);
 
 /**
  * \brief Calculate initialisation value for fast Montgomery modular
@@ -407,7 +407,7 @@
  *
  * \return       The initialisation value for fast Montgomery modular multiplication
  */
-mbedtls_mpi_uint mbedtls_mpi_core_montmul_init( const mbedtls_mpi_uint *N );
+mbedtls_mpi_uint mbedtls_mpi_core_montmul_init(const mbedtls_mpi_uint *N);
 
 /**
  * \brief Montgomery multiplication: X = A * B * R^-1 mod N (HAC 14.36)
@@ -444,11 +444,11 @@
  *                          It must not alias or otherwise overlap any of the
  *                          other parameters.
  */
-void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
-                               const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_uint *B, size_t B_limbs,
-                               const mbedtls_mpi_uint *N, size_t AN_limbs,
-                               mbedtls_mpi_uint mm, mbedtls_mpi_uint *T );
+void mbedtls_mpi_core_montmul(mbedtls_mpi_uint *X,
+                              const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_uint *B, size_t B_limbs,
+                              const mbedtls_mpi_uint *N, size_t AN_limbs,
+                              mbedtls_mpi_uint mm, mbedtls_mpi_uint *T);
 
 /**
  * \brief Calculate the square of the Montgomery constant. (Needed
@@ -465,8 +465,8 @@
  * \return        #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p N modulus is zero.
  * \return        #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p N modulus is negative.
  */
-int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
-                                         const mbedtls_mpi *N );
+int mbedtls_mpi_core_get_mont_r2_unsafe(mbedtls_mpi *X,
+                                        const mbedtls_mpi *N);
 
 #if defined(MBEDTLS_TEST_HOOKS)
 /**
@@ -481,11 +481,11 @@
  * \param index             The (secret) table index to look up. This must be in the
  *                          range `0 .. count-1`.
  */
-void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
-                                            const mbedtls_mpi_uint *table,
-                                            size_t limbs,
-                                            size_t count,
-                                            size_t index );
+void mbedtls_mpi_core_ct_uint_table_lookup(mbedtls_mpi_uint *dest,
+                                           const mbedtls_mpi_uint *table,
+                                           size_t limbs,
+                                           size_t count,
+                                           size_t index);
 #endif /* MBEDTLS_TEST_HOOKS */
 
 /**
@@ -507,10 +507,10 @@
  *                 as a big-endian representation of an MPI; this can
  *                 be relevant in applications like deterministic ECDSA.
  */
-int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs,
-                                  size_t bytes,
-                                  int (*f_rng)(void *, unsigned char *, size_t),
-                                  void *p_rng );
+int mbedtls_mpi_core_fill_random(mbedtls_mpi_uint *X, size_t X_limbs,
+                                 size_t bytes,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng);
 
 /** Generate a random number uniformly in a range.
  *
@@ -542,12 +542,12 @@
  *                 is significantly larger than \p min, which is the case
  *                 for all usual cryptographic applications.
  */
-int mbedtls_mpi_core_random( mbedtls_mpi_uint *X,
-                             mbedtls_mpi_uint min,
-                             const mbedtls_mpi_uint *N,
-                             size_t limbs,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng );
+int mbedtls_mpi_core_random(mbedtls_mpi_uint *X,
+                            mbedtls_mpi_uint min,
+                            const mbedtls_mpi_uint *N,
+                            size_t limbs,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /* BEGIN MERGE SLOT 1 */
 
@@ -568,7 +568,7 @@
  * \return         The number of limbs of working memory required by
  *                 `mbedtls_mpi_core_exp_mod()`.
  */
-size_t mbedtls_mpi_core_exp_mod_working_limbs( size_t AN_limbs, size_t E_limbs );
+size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs);
 
 /**
  * \brief            Perform a modular exponentiation with secret exponent:
@@ -597,12 +597,12 @@
  *                   longer needed, and before freeing it if it was dynamically
  *                   allocated.
  */
-void mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
-                               const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_uint *N, size_t AN_limbs,
-                               const mbedtls_mpi_uint *E, size_t E_limbs,
-                               const mbedtls_mpi_uint *RR,
-                               mbedtls_mpi_uint *T );
+void mbedtls_mpi_core_exp_mod(mbedtls_mpi_uint *X,
+                              const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_uint *N, size_t AN_limbs,
+                              const mbedtls_mpi_uint *E, size_t E_limbs,
+                              const mbedtls_mpi_uint *RR,
+                              mbedtls_mpi_uint *T);
 
 /* END MERGE SLOT 1 */
 
@@ -624,10 +624,10 @@
  * \return          1 if `A < b`.
  *                  0 if `A >= b`.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
-                                           const mbedtls_mpi_uint *A,
-                                           mbedtls_mpi_uint b,
-                                           size_t limbs );
+mbedtls_mpi_uint mbedtls_mpi_core_sub_int(mbedtls_mpi_uint *X,
+                                          const mbedtls_mpi_uint *A,
+                                          mbedtls_mpi_uint b,
+                                          size_t limbs);
 
 /**
  * \brief Determine if a given MPI has the value \c 0 in constant time with
@@ -639,8 +639,8 @@
  * \return        0 if `A == 0`
  *                non-0 (may be any value) if `A != 0`.
  */
-mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
-                                                 size_t limbs );
+mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A,
+                                                size_t limbs);
 
 /**
  * \brief          Returns the number of limbs of working memory required for
@@ -654,9 +654,9 @@
  * \return         The number of limbs of working memory required by
  *                 `mbedtls_mpi_core_montmul()` (or other similar function).
  */
-static inline size_t mbedtls_mpi_core_montmul_working_limbs( size_t AN_limbs )
+static inline size_t mbedtls_mpi_core_montmul_working_limbs(size_t AN_limbs)
 {
-    return( 2 * AN_limbs + 1 );
+    return 2 * AN_limbs + 1;
 }
 
 /** Convert an MPI into Montgomery form.
@@ -690,13 +690,13 @@
  *                          It must not alias or otherwise overlap any of the
  *                          other parameters.
  */
-void mbedtls_mpi_core_to_mont_rep( mbedtls_mpi_uint *X,
-                                   const mbedtls_mpi_uint *A,
-                                   const mbedtls_mpi_uint *N,
-                                   size_t AN_limbs,
-                                   mbedtls_mpi_uint mm,
-                                   const mbedtls_mpi_uint *rr,
-                                   mbedtls_mpi_uint *T );
+void mbedtls_mpi_core_to_mont_rep(mbedtls_mpi_uint *X,
+                                  const mbedtls_mpi_uint *A,
+                                  const mbedtls_mpi_uint *N,
+                                  size_t AN_limbs,
+                                  mbedtls_mpi_uint mm,
+                                  const mbedtls_mpi_uint *rr,
+                                  mbedtls_mpi_uint *T);
 
 /** Convert an MPI from Montgomery form.
  *
@@ -727,12 +727,12 @@
  *                          It must not alias or otherwise overlap any of the
  *                          other parameters.
  */
-void mbedtls_mpi_core_from_mont_rep( mbedtls_mpi_uint *X,
-                                     const mbedtls_mpi_uint *A,
-                                     const mbedtls_mpi_uint *N,
-                                     size_t AN_limbs,
-                                     mbedtls_mpi_uint mm,
-                                     mbedtls_mpi_uint *T );
+void mbedtls_mpi_core_from_mont_rep(mbedtls_mpi_uint *X,
+                                    const mbedtls_mpi_uint *A,
+                                    const mbedtls_mpi_uint *N,
+                                    size_t AN_limbs,
+                                    mbedtls_mpi_uint mm,
+                                    mbedtls_mpi_uint *T);
 
 /* END MERGE SLOT 3 */
 
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index bd67241..e701a68 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -34,33 +34,36 @@
 #include "bignum_mod_raw.h"
 #include "constant_time_internal.h"
 
-int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r,
-                                   const mbedtls_mpi_mod_modulus *m,
-                                   mbedtls_mpi_uint *p,
-                                   size_t p_limbs )
+int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
+                                  const mbedtls_mpi_mod_modulus *m,
+                                  mbedtls_mpi_uint *p,
+                                  size_t p_limbs)
 {
-    if( p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct(p, m->p, m->limbs)) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     r->limbs = m->limbs;
     r->p = p;
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r )
+void mbedtls_mpi_mod_residue_release(mbedtls_mpi_mod_residue *r)
 {
-    if( r == NULL )
+    if (r == NULL) {
         return;
+    }
 
     r->limbs = 0;
     r->p = NULL;
 }
 
-void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m )
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m)
 {
-    if( m == NULL )
+    if (m == NULL) {
         return;
+    }
 
     m->p = NULL;
     m->limbs = 0;
@@ -68,25 +71,24 @@
     m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
 }
 
-void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m )
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m)
 {
-    if( m == NULL )
+    if (m == NULL) {
         return;
+    }
 
-    switch( m->int_rep )
-    {
+    switch (m->int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            if (m->rep.mont.rr != NULL)
-            {
-                mbedtls_platform_zeroize( (mbedtls_mpi_uint *) m->rep.mont.rr,
-                                           m->limbs * sizeof(mbedtls_mpi_uint) );
-                mbedtls_free( (mbedtls_mpi_uint *)m->rep.mont.rr );
+            if (m->rep.mont.rr != NULL) {
+                mbedtls_platform_zeroize((mbedtls_mpi_uint *) m->rep.mont.rr,
+                                         m->limbs * sizeof(mbedtls_mpi_uint));
+                mbedtls_free((mbedtls_mpi_uint *) m->rep.mont.rr);
                 m->rep.mont.rr = NULL;
             }
             m->rep.mont.mm = 0;
             break;
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            mbedtls_free( m->rep.ored );
+            mbedtls_free(m->rep.ored);
             break;
         case MBEDTLS_MPI_MOD_REP_INVALID:
             break;
@@ -98,30 +100,31 @@
     m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
 }
 
-static int set_mont_const_square( const mbedtls_mpi_uint **X,
-                                  const mbedtls_mpi_uint *A,
-                                  size_t limbs )
+static int set_mont_const_square(const mbedtls_mpi_uint **X,
+                                 const mbedtls_mpi_uint *A,
+                                 size_t limbs)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi N;
     mbedtls_mpi RR;
     *X = NULL;
 
-    mbedtls_mpi_init( &N );
-    mbedtls_mpi_init( &RR );
+    mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&RR);
 
-    if( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 )
+    if (A == NULL || limbs == 0 || limbs >= (MBEDTLS_MPI_MAX_LIMBS / 2) - 2) {
         goto cleanup;
+    }
 
-    if( mbedtls_mpi_grow( &N, limbs ) )
+    if (mbedtls_mpi_grow(&N, limbs)) {
         goto cleanup;
+    }
 
-    memcpy( N.p, A, sizeof(mbedtls_mpi_uint) * limbs );
+    memcpy(N.p, A, sizeof(mbedtls_mpi_uint) * limbs);
 
     ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N);
 
-    if( ret == 0 )
-    {
+    if (ret == 0) {
         *X = RR.p;
         RR.p = NULL;
     }
@@ -129,27 +132,26 @@
 cleanup:
     mbedtls_mpi_free(&N);
     mbedtls_mpi_free(&RR);
-    ret = ( ret != 0 ) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
-    return( ret );
+    ret = (ret != 0) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
+    return ret;
 }
 
-int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
-                                   const mbedtls_mpi_uint *p,
-                                   size_t p_limbs,
-                                   mbedtls_mpi_mod_rep_selector int_rep )
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+                                  const mbedtls_mpi_uint *p,
+                                  size_t p_limbs,
+                                  mbedtls_mpi_mod_rep_selector int_rep)
 {
     int ret = 0;
 
     m->p = p;
     m->limbs = p_limbs;
-    m->bits = mbedtls_mpi_core_bitlen( p, p_limbs );
+    m->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
 
-    switch( int_rep )
-    {
+    switch (int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
             m->int_rep = int_rep;
-            m->rep.mont.mm = mbedtls_mpi_core_montmul_init( m->p );
-            ret = set_mont_const_square( &m->rep.mont.rr, m->p, m->limbs );
+            m->rep.mont.mm = mbedtls_mpi_core_montmul_init(m->p);
+            ret = set_mont_const_square(&m->rep.mont.rr, m->p, m->limbs);
             break;
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
             m->int_rep = int_rep;
@@ -162,12 +164,11 @@
 
 exit:
 
-    if( ret != 0 )
-    {
-        mbedtls_mpi_mod_modulus_free( m );
+    if (ret != 0) {
+        mbedtls_mpi_mod_modulus_free(m);
     }
 
-    return( ret );
+    return ret;
 }
 
 /* BEGIN MERGE SLOT 1 */
@@ -176,129 +177,135 @@
 
 /* BEGIN MERGE SLOT 2 */
 
-int mbedtls_mpi_mod_mul( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N )
+int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N)
 {
-    if( N->limbs == 0 )
+    if (N->limbs == 0) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_uint *T = mbedtls_calloc( N->limbs * 2 + 1, ciL );
-    if( T == NULL )
+    mbedtls_mpi_uint *T = mbedtls_calloc(N->limbs * 2 + 1, ciL);
+    if (T == NULL) {
         return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    mbedtls_mpi_mod_raw_mul( X->p, A->p, B->p, N, T );
+    mbedtls_mpi_mod_raw_mul(X->p, A->p, B->p, N, T);
 
-    mbedtls_free( T );
+    mbedtls_free(T);
 
-    return( 0 );
+    return 0;
 }
 
 /* END MERGE SLOT 2 */
 
 /* BEGIN MERGE SLOT 3 */
-int mbedtls_mpi_mod_sub( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N )
+int mbedtls_mpi_mod_sub(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_mod_raw_sub( X->p, A->p, B->p, N );
+    mbedtls_mpi_mod_raw_sub(X->p, A->p, B->p, N);
 
-    return( 0 );
+    return 0;
 }
 
-static int mbedtls_mpi_mod_inv_mont( mbedtls_mpi_mod_residue *X,
-                                     const mbedtls_mpi_mod_residue *A,
-                                     const mbedtls_mpi_mod_modulus *N,
-                                     mbedtls_mpi_uint *working_memory )
+static int mbedtls_mpi_mod_inv_mont(mbedtls_mpi_mod_residue *X,
+                                    const mbedtls_mpi_mod_residue *A,
+                                    const mbedtls_mpi_mod_modulus *N,
+                                    mbedtls_mpi_uint *working_memory)
 {
     /* Input already in Montgomery form, so there's little to do */
-    mbedtls_mpi_mod_raw_inv_prime( X->p, A->p,
-                                   N->p, N->limbs,
-                                   N->rep.mont.rr,
-                                   working_memory );
-    return( 0 );
+    mbedtls_mpi_mod_raw_inv_prime(X->p, A->p,
+                                  N->p, N->limbs,
+                                  N->rep.mont.rr,
+                                  working_memory);
+    return 0;
 }
 
-static int mbedtls_mpi_mod_inv_non_mont( mbedtls_mpi_mod_residue *X,
-                                         const mbedtls_mpi_mod_residue *A,
-                                         const mbedtls_mpi_mod_modulus *N,
-                                         mbedtls_mpi_uint *working_memory )
+static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X,
+                                        const mbedtls_mpi_mod_residue *A,
+                                        const mbedtls_mpi_mod_modulus *N,
+                                        mbedtls_mpi_uint *working_memory)
 {
     /* Need to convert input into Montgomery form */
 
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     mbedtls_mpi_mod_modulus Nmont;
-    mbedtls_mpi_mod_modulus_init( &Nmont );
+    mbedtls_mpi_mod_modulus_init(&Nmont);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_modulus_setup( &Nmont, N->p, N->limbs,
-                                         MBEDTLS_MPI_MOD_REP_MONTGOMERY ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs,
+                                                  MBEDTLS_MPI_MOD_REP_MONTGOMERY));
 
     /* We'll use X->p to hold the Montgomery form of the input A->p */
-    mbedtls_mpi_core_to_mont_rep( X->p, A->p, Nmont.p, Nmont.limbs,
-                                  Nmont.rep.mont.mm, Nmont.rep.mont.rr,
-                                  working_memory );
+    mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs,
+                                 Nmont.rep.mont.mm, Nmont.rep.mont.rr,
+                                 working_memory);
 
-    mbedtls_mpi_mod_raw_inv_prime( X->p, X->p,
-                                   Nmont.p, Nmont.limbs,
-                                   Nmont.rep.mont.rr,
-                                   working_memory );
+    mbedtls_mpi_mod_raw_inv_prime(X->p, X->p,
+                                  Nmont.p, Nmont.limbs,
+                                  Nmont.rep.mont.rr,
+                                  working_memory);
 
     /* And convert back from Montgomery form */
 
-    mbedtls_mpi_core_from_mont_rep( X->p, X->p, Nmont.p, Nmont.limbs,
-                                    Nmont.rep.mont.mm, working_memory );
+    mbedtls_mpi_core_from_mont_rep(X->p, X->p, Nmont.p, Nmont.limbs,
+                                   Nmont.rep.mont.mm, working_memory);
 
 cleanup:
-    mbedtls_mpi_mod_modulus_free( &Nmont );
-    return( ret );
+    mbedtls_mpi_mod_modulus_free(&Nmont);
+    return ret;
 }
 
-int mbedtls_mpi_mod_inv( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_modulus *N )
+int mbedtls_mpi_mod_inv(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (X->limbs != N->limbs || A->limbs != N->limbs) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /* Zero has the same value regardless of Montgomery form or not */
-    if( mbedtls_mpi_core_check_zero_ct( A->p, A->limbs ) == 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_core_check_zero_ct(A->p, A->limbs) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     size_t working_limbs =
-                    mbedtls_mpi_mod_raw_inv_prime_working_limbs( N->limbs );
+        mbedtls_mpi_mod_raw_inv_prime_working_limbs(N->limbs);
 
-    mbedtls_mpi_uint *working_memory = mbedtls_calloc( working_limbs,
-                                                     sizeof(mbedtls_mpi_uint) );
-    if( working_memory == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    mbedtls_mpi_uint *working_memory = mbedtls_calloc(working_limbs,
+                                                      sizeof(mbedtls_mpi_uint));
+    if (working_memory == NULL) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    switch( N->int_rep )
-    {
+    switch (N->int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            ret = mbedtls_mpi_mod_inv_mont( X, A, N, working_memory );
+            ret = mbedtls_mpi_mod_inv_mont(X, A, N, working_memory);
             break;
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            ret = mbedtls_mpi_mod_inv_non_mont( X, A, N, working_memory );
+            ret = mbedtls_mpi_mod_inv_non_mont(X, A, N, working_memory);
             break;
         default:
             ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
             break;
     }
 
-    mbedtls_platform_zeroize( working_memory,
-                              working_limbs * sizeof(mbedtls_mpi_uint) );
-    mbedtls_free( working_memory );
+    mbedtls_platform_zeroize(working_memory,
+                             working_limbs * sizeof(mbedtls_mpi_uint));
+    mbedtls_free(working_memory);
 
     return ret;
 }
@@ -309,99 +316,106 @@
 /* END MERGE SLOT 4 */
 
 /* BEGIN MERGE SLOT 5 */
-int mbedtls_mpi_mod_add( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N )
+int mbedtls_mpi_mod_add(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_mod_raw_add(X->p, A->p, B->p, N);
 
-    return( 0 );
+    return 0;
 }
 /* END MERGE SLOT 5 */
 
 /* BEGIN MERGE SLOT 6 */
 
-int mbedtls_mpi_mod_random( mbedtls_mpi_mod_residue *X,
-                            mbedtls_mpi_uint min,
-                            const mbedtls_mpi_mod_modulus *N,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_mpi_mod_random(mbedtls_mpi_mod_residue *X,
+                           mbedtls_mpi_uint min,
+                           const mbedtls_mpi_mod_modulus *N,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng)
 {
-    if( X->limbs != N->limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    return( mbedtls_mpi_mod_raw_random( X->p, min, N, f_rng, p_rng ) );
+    if (X->limbs != N->limbs) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+    return mbedtls_mpi_mod_raw_random(X->p, min, N, f_rng, p_rng);
 }
 
 /* END MERGE SLOT 6 */
 
 /* BEGIN MERGE SLOT 7 */
-int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r,
-                          const mbedtls_mpi_mod_modulus *m,
-                          const unsigned char *buf,
-                          size_t buflen,
-                          mbedtls_mpi_mod_ext_rep ext_rep )
+int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
+                         const mbedtls_mpi_mod_modulus *m,
+                         const unsigned char *buf,
+                         size_t buflen,
+                         mbedtls_mpi_mod_ext_rep ext_rep)
 {
     int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
 
     /* Do our best to check if r and m have been set up */
-    if( r->limbs == 0 || m->limbs == 0 )
+    if (r->limbs == 0 || m->limbs == 0) {
         goto cleanup;
-    if( r->limbs != m->limbs )
+    }
+    if (r->limbs != m->limbs) {
         goto cleanup;
+    }
 
-    ret = mbedtls_mpi_mod_raw_read( r->p, m, buf, buflen, ext_rep );
-    if( ret != 0 )
+    ret = mbedtls_mpi_mod_raw_read(r->p, m, buf, buflen, ext_rep);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     r->limbs = m->limbs;
 
-    ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep( r->p, m );
+    ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, m);
 
 cleanup:
-    return ( ret );
+    return ret;
 }
 
-int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r,
-                           const mbedtls_mpi_mod_modulus *m,
-                           unsigned char *buf,
-                           size_t buflen,
-                           mbedtls_mpi_mod_ext_rep ext_rep )
+int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
+                          const mbedtls_mpi_mod_modulus *m,
+                          unsigned char *buf,
+                          size_t buflen,
+                          mbedtls_mpi_mod_ext_rep ext_rep)
 {
     int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
 
     /* Do our best to check if r and m have been set up */
-    if( r->limbs == 0 || m->limbs == 0 )
+    if (r->limbs == 0 || m->limbs == 0) {
         goto cleanup;
-    if( r->limbs != m->limbs )
+    }
+    if (r->limbs != m->limbs) {
         goto cleanup;
-
-    if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
-    {
-        ret = mbedtls_mpi_mod_raw_from_mont_rep( r->p, m );
-        if( ret != 0 )
-            goto cleanup;
     }
 
-    ret = mbedtls_mpi_mod_raw_write( r->p, m, buf, buflen, ext_rep );
+    if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+        ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, m);
+        if (ret != 0) {
+            goto cleanup;
+        }
+    }
 
-    if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
-    {
+    ret = mbedtls_mpi_mod_raw_write(r->p, m, buf, buflen, ext_rep);
+
+    if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
         /* If this fails, the value of r is corrupted and we want to return
          * this error (as opposed to the error code from the write above) to
          * let the caller know. If it succeeds, we want to return the error
          * code from write above. */
-        int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep( r->p, m );
-        if( ret == 0 )
+        int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m);
+        if (ret == 0) {
             ret = conv_ret;
+        }
     }
 
 cleanup:
 
-    return ( ret );
+    return ret;
 }
 /* END MERGE SLOT 7 */
 
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index 1b1e920..0a22e71 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -92,8 +92,7 @@
  * This also determines which fields of the modulus structure are valid and
  * what their contents are (see #mbedtls_mpi_mod_modulus).
  */
-typedef enum
-{
+typedef enum {
     /** Representation not chosen (makes the modulus structure invalid). */
     MBEDTLS_MPI_MOD_REP_INVALID    = 0,
     /* Skip 1 as it is slightly easier to accidentally pass to functions. */
@@ -108,15 +107,13 @@
 
 /* Make mbedtls_mpi_mod_rep_selector and mbedtls_mpi_mod_ext_rep disjoint to
  * make it easier to catch when they are accidentally swapped. */
-typedef enum
-{
+typedef enum {
     MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0,
     MBEDTLS_MPI_MOD_EXT_REP_LE      = 8,
     MBEDTLS_MPI_MOD_EXT_REP_BE
 } mbedtls_mpi_mod_ext_rep;
 
-typedef struct
-{
+typedef struct {
     mbedtls_mpi_uint *p;
     size_t limbs;
 } mbedtls_mpi_mod_residue;
@@ -133,8 +130,7 @@
     size_t limbs;                            // number of limbs
     size_t bits;                             // bitlen of p
     mbedtls_mpi_mod_rep_selector int_rep;    // selector to signal the active member of the union
-    union rep
-    {
+    union rep {
         /* if int_rep == #MBEDTLS_MPI_MOD_REP_MONTGOMERY */
         mbedtls_mpi_mont_struct mont;
         /* if int_rep == #MBEDTLS_MPI_MOD_REP_OPT_RED */
@@ -170,10 +166,10 @@
  * \return      #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the
  *              limbs in \p m or if \p p is not less than \p m.
  */
-int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r,
-                                   const mbedtls_mpi_mod_modulus *m,
-                                   mbedtls_mpi_uint *p,
-                                   size_t p_limbs );
+int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
+                                  const mbedtls_mpi_mod_modulus *m,
+                                  mbedtls_mpi_uint *p,
+                                  size_t p_limbs);
 
 /** Unbind elements of a residue structure.
  *
@@ -185,13 +181,13 @@
  *
  * \param[out] r     The address of residue to release.
  */
-void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r );
+void mbedtls_mpi_mod_residue_release(mbedtls_mpi_mod_residue *r);
 
 /** Initialize a modulus structure.
  *
  * \param[out] m     The address of the modulus structure to initialize.
  */
-void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m );
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m);
 
 /** Setup a modulus structure.
  *
@@ -207,10 +203,10 @@
  * \return      \c 0 if successful.
  * \return      #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
  */
-int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
-                                   const mbedtls_mpi_uint *p,
-                                   size_t p_limbs,
-                                   mbedtls_mpi_mod_rep_selector int_rep );
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+                                  const mbedtls_mpi_uint *p,
+                                  size_t p_limbs,
+                                  mbedtls_mpi_mod_rep_selector int_rep);
 
 /** Free elements of a modulus structure.
  *
@@ -222,7 +218,7 @@
  *
  * \param[in,out] m     The address of the modulus structure to free.
  */
-void mbedtls_mpi_mod_modulus_free( mbedtls_mpi_mod_modulus *m );
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m);
 
 /* BEGIN MERGE SLOT 1 */
 
@@ -259,10 +255,10 @@
  *              have the same number of limbs or \p N is invalid.
  * \return      #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  */
-int mbedtls_mpi_mod_mul( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N );
+int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N);
 
 /* END MERGE SLOT 2 */
 
@@ -292,10 +288,10 @@
  * \return          #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the given MPIs do not
  *                  have the correct number of limbs.
  */
-int mbedtls_mpi_mod_sub( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N );
+int mbedtls_mpi_mod_sub(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N);
 
 /**
  * \brief Perform modular inversion of an MPI with respect to a modulus \p N.
@@ -322,9 +318,9 @@
  *                 by the inversion calculation itself).
  */
 
-int mbedtls_mpi_mod_inv( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_modulus *N );
+int mbedtls_mpi_mod_inv(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_modulus *N);
 /* END MERGE SLOT 3 */
 
 /* BEGIN MERGE SLOT 4 */
@@ -358,10 +354,10 @@
  * \return          #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the given MPIs do not
  *                  have the correct number of limbs.
  */
-int mbedtls_mpi_mod_add( mbedtls_mpi_mod_residue *X,
-                         const mbedtls_mpi_mod_residue *A,
-                         const mbedtls_mpi_mod_residue *B,
-                         const mbedtls_mpi_mod_modulus *N );
+int mbedtls_mpi_mod_add(mbedtls_mpi_mod_residue *X,
+                        const mbedtls_mpi_mod_residue *A,
+                        const mbedtls_mpi_mod_residue *B,
+                        const mbedtls_mpi_mod_modulus *N);
 /* END MERGE SLOT 5 */
 
 /* BEGIN MERGE SLOT 6 */
@@ -393,11 +389,11 @@
  *                 is significantly larger than \p min, which is the case
  *                 for all usual cryptographic applications.
  */
-int mbedtls_mpi_mod_random( mbedtls_mpi_mod_residue *X,
-                            mbedtls_mpi_uint min,
-                            const mbedtls_mpi_mod_modulus *N,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
+int mbedtls_mpi_mod_random(mbedtls_mpi_mod_residue *X,
+                           mbedtls_mpi_uint min,
+                           const mbedtls_mpi_mod_modulus *N,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng);
 
 /* END MERGE SLOT 6 */
 
@@ -425,11 +421,11 @@
  * \return       #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep
  *               is invalid or the value in the buffer is not less than \p m.
  */
-int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r,
-                          const mbedtls_mpi_mod_modulus *m,
-                          const unsigned char *buf,
-                          size_t buflen,
-                          mbedtls_mpi_mod_ext_rep ext_rep );
+int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
+                         const mbedtls_mpi_mod_modulus *m,
+                         const unsigned char *buf,
+                         size_t buflen,
+                         mbedtls_mpi_mod_ext_rep ext_rep);
 
 /** Write a residue into a byte buffer.
  *
@@ -463,11 +459,11 @@
  *               memory for conversion. Can occur only for moduli with
  *               MBEDTLS_MPI_MOD_REP_MONTGOMERY.
  */
-int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r,
-                           const mbedtls_mpi_mod_modulus *m,
-                           unsigned char *buf,
-                           size_t buflen,
-                           mbedtls_mpi_mod_ext_rep ext_rep );
+int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
+                          const mbedtls_mpi_mod_modulus *m,
+                          unsigned char *buf,
+                          size_t buflen,
+                          mbedtls_mpi_mod_ext_rep ext_rep);
 /* END MERGE SLOT 7 */
 
 /* BEGIN MERGE SLOT 8 */
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index 18599c3..aa2bd46 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -33,74 +33,72 @@
 #include "bignum_mod.h"
 #include "constant_time_internal.h"
 
-void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X,
-                                      const mbedtls_mpi_uint *A,
-                                      const mbedtls_mpi_mod_modulus *N,
-                                      unsigned char assign )
+void mbedtls_mpi_mod_raw_cond_assign(mbedtls_mpi_uint *X,
+                                     const mbedtls_mpi_uint *A,
+                                     const mbedtls_mpi_mod_modulus *N,
+                                     unsigned char assign)
 {
-    mbedtls_mpi_core_cond_assign( X, A, N->limbs, assign );
+    mbedtls_mpi_core_cond_assign(X, A, N->limbs, assign);
 }
 
-void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X,
-                                    mbedtls_mpi_uint *Y,
-                                    const mbedtls_mpi_mod_modulus *N,
-                                    unsigned char swap )
+void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X,
+                                   mbedtls_mpi_uint *Y,
+                                   const mbedtls_mpi_mod_modulus *N,
+                                   unsigned char swap)
 {
-    mbedtls_mpi_core_cond_swap( X, Y, N->limbs, swap );
+    mbedtls_mpi_core_cond_swap(X, Y, N->limbs, swap);
 }
 
-int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_mod_modulus *m,
-                              const unsigned char *input,
-                              size_t input_length,
-                              mbedtls_mpi_mod_ext_rep ext_rep )
+int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_mod_modulus *m,
+                             const unsigned char *input,
+                             size_t input_length,
+                             mbedtls_mpi_mod_ext_rep ext_rep)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    switch( ext_rep )
-    {
+    switch (ext_rep) {
         case MBEDTLS_MPI_MOD_EXT_REP_LE:
-            ret = mbedtls_mpi_core_read_le( X, m->limbs,
-                                            input, input_length );
+            ret = mbedtls_mpi_core_read_le(X, m->limbs,
+                                           input, input_length);
             break;
         case MBEDTLS_MPI_MOD_EXT_REP_BE:
-            ret = mbedtls_mpi_core_read_be( X, m->limbs,
-                                            input, input_length );
+            ret = mbedtls_mpi_core_read_be(X, m->limbs,
+                                           input, input_length);
             break;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    if( !mbedtls_mpi_core_lt_ct( X, m->p, m->limbs ) )
-    {
+    if (!mbedtls_mpi_core_lt_ct(X, m->p, m->limbs)) {
         ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         goto cleanup;
     }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_mod_modulus *m,
-                               unsigned char *output,
-                               size_t output_length,
-                               mbedtls_mpi_mod_ext_rep ext_rep )
+int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_mod_modulus *m,
+                              unsigned char *output,
+                              size_t output_length,
+                              mbedtls_mpi_mod_ext_rep ext_rep)
 {
-    switch( ext_rep )
-    {
+    switch (ext_rep) {
         case MBEDTLS_MPI_MOD_EXT_REP_LE:
-            return( mbedtls_mpi_core_write_le( A, m->limbs,
-                                               output, output_length ) );
+            return mbedtls_mpi_core_write_le(A, m->limbs,
+                                             output, output_length);
         case MBEDTLS_MPI_MOD_EXT_REP_BE:
-            return( mbedtls_mpi_core_write_be( A, m->limbs,
-                                               output, output_length ) );
+            return mbedtls_mpi_core_write_be(A, m->limbs,
+                                             output, output_length);
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
@@ -110,45 +108,45 @@
 
 /* BEGIN MERGE SLOT 2 */
 
-void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N )
+void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N)
 {
-    mbedtls_mpi_uint c = mbedtls_mpi_core_sub( X, A, B, N->limbs );
+    mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, A, B, N->limbs);
 
-    (void) mbedtls_mpi_core_add_if( X, N->p, N->limbs, (unsigned) c );
+    (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
 }
 
-void mbedtls_mpi_mod_raw_mul( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N,
-                              mbedtls_mpi_uint *T )
+void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N,
+                             mbedtls_mpi_uint *T)
 {
-    mbedtls_mpi_core_montmul( X, A, B, N->limbs, N->p, N->limbs,
-                              N->rep.mont.mm, T );
+    mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,
+                             N->rep.mont.mm, T);
 }
 
 /* END MERGE SLOT 2 */
 
 /* BEGIN MERGE SLOT 3 */
 
-size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs( size_t AN_limbs )
+size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs)
 {
     /* mbedtls_mpi_mod_raw_inv_prime() needs a temporary for the exponent,
      * which will be the same size as the modulus and input (AN_limbs),
      * and additional space to pass to mbedtls_mpi_core_exp_mod(). */
-    return( AN_limbs +
-            mbedtls_mpi_core_exp_mod_working_limbs( AN_limbs, AN_limbs ) );
+    return AN_limbs +
+           mbedtls_mpi_core_exp_mod_working_limbs(AN_limbs, AN_limbs);
 }
 
-void mbedtls_mpi_mod_raw_inv_prime( mbedtls_mpi_uint *X,
-                                    const mbedtls_mpi_uint *A,
-                                    const mbedtls_mpi_uint *N,
-                                    size_t AN_limbs,
-                                    const mbedtls_mpi_uint *RR,
-                                    mbedtls_mpi_uint *T )
+void mbedtls_mpi_mod_raw_inv_prime(mbedtls_mpi_uint *X,
+                                   const mbedtls_mpi_uint *A,
+                                   const mbedtls_mpi_uint *N,
+                                   size_t AN_limbs,
+                                   const mbedtls_mpi_uint *RR,
+                                   mbedtls_mpi_uint *T)
 {
     /* Inversion by power: g^|G| = 1 => g^(-1) = g^(|G|-1), and
      *                       |G| = N - 1, so we want
@@ -157,12 +155,12 @@
 
     /* Use the first AN_limbs of T to hold N - 2 */
     mbedtls_mpi_uint *Nminus2 = T;
-    (void) mbedtls_mpi_core_sub_int( Nminus2, N, 2, AN_limbs );
+    (void) mbedtls_mpi_core_sub_int(Nminus2, N, 2, AN_limbs);
 
     /* Rest of T is given to exp_mod for its working space */
-    mbedtls_mpi_core_exp_mod( X,
-                              A, N, AN_limbs, Nminus2, AN_limbs,
-                              RR, T + AN_limbs );
+    mbedtls_mpi_core_exp_mod(X,
+                             A, N, AN_limbs, Nminus2, AN_limbs,
+                             RR, T + AN_limbs);
 }
 
 /* END MERGE SLOT 3 */
@@ -172,15 +170,15 @@
 /* END MERGE SLOT 4 */
 
 /* BEGIN MERGE SLOT 5 */
-void mbedtls_mpi_mod_raw_add( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N )
+void mbedtls_mpi_mod_raw_add(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N)
 {
     mbedtls_mpi_uint carry, borrow;
-    carry  = mbedtls_mpi_core_add( X, A, B, N->limbs );
-    borrow = mbedtls_mpi_core_sub( X, X, N->p, N->limbs );
-    (void) mbedtls_mpi_core_add_if( X, N->p, N->limbs, (unsigned) ( carry ^ borrow ) );
+    carry  = mbedtls_mpi_core_add(X, A, B, N->limbs);
+    borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);
+    (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) (carry ^ borrow));
 }
 /* END MERGE SLOT 5 */
 
@@ -188,92 +186,93 @@
 
 int mbedtls_mpi_mod_raw_canonical_to_modulus_rep(
     mbedtls_mpi_uint *X,
-    const mbedtls_mpi_mod_modulus *N )
+    const mbedtls_mpi_mod_modulus *N)
 {
-    switch( N->int_rep )
-    {
+    switch (N->int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            return( mbedtls_mpi_mod_raw_to_mont_rep( X, N ) );
+            return mbedtls_mpi_mod_raw_to_mont_rep(X, N);
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
 int mbedtls_mpi_mod_raw_modulus_to_canonical_rep(
     mbedtls_mpi_uint *X,
-    const mbedtls_mpi_mod_modulus *N )
+    const mbedtls_mpi_mod_modulus *N)
 {
-    switch( N->int_rep )
-    {
+    switch (N->int_rep) {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            return( mbedtls_mpi_mod_raw_from_mont_rep( X, N ) );
+            return mbedtls_mpi_mod_raw_from_mont_rep(X, N);
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
-int mbedtls_mpi_mod_raw_random( mbedtls_mpi_uint *X,
-                                mbedtls_mpi_uint min,
-                                const mbedtls_mpi_mod_modulus *N,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng )
+int mbedtls_mpi_mod_raw_random(mbedtls_mpi_uint *X,
+                               mbedtls_mpi_uint min,
+                               const mbedtls_mpi_mod_modulus *N,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng)
 {
-    int ret = mbedtls_mpi_core_random( X, min, N->p, N->limbs, f_rng, p_rng );
-    if( ret != 0 )
-        return( ret );
-    return( mbedtls_mpi_mod_raw_canonical_to_modulus_rep( X, N ) );
+    int ret = mbedtls_mpi_core_random(X, min, N->p, N->limbs, f_rng, p_rng);
+    if (ret != 0) {
+        return ret;
+    }
+    return mbedtls_mpi_mod_raw_canonical_to_modulus_rep(X, N);
 }
 
 /* END MERGE SLOT 6 */
 
 /* BEGIN MERGE SLOT 7 */
-int mbedtls_mpi_mod_raw_to_mont_rep( mbedtls_mpi_uint *X,
-                                     const mbedtls_mpi_mod_modulus *m )
+int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
+                                    const mbedtls_mpi_mod_modulus *m)
 {
     mbedtls_mpi_uint *T;
-    const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs( m->limbs );
+    const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
 
-    if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    mbedtls_mpi_core_to_mont_rep( X, X, m->p, m->limbs,
-                                  m->rep.mont.mm, m->rep.mont.rr, T );
+    mbedtls_mpi_core_to_mont_rep(X, X, m->p, m->limbs,
+                                 m->rep.mont.mm, m->rep.mont.rr, T);
 
-    mbedtls_platform_zeroize( T, t_limbs * ciL );
-    mbedtls_free( T );
-    return( 0 );
+    mbedtls_platform_zeroize(T, t_limbs * ciL);
+    mbedtls_free(T);
+    return 0;
 }
 
-int mbedtls_mpi_mod_raw_from_mont_rep( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_mod_modulus *m )
+int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_mod_modulus *m)
 {
-    const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs( m->limbs );
+    const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
     mbedtls_mpi_uint *T;
 
-    if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    mbedtls_mpi_core_from_mont_rep( X, X, m->p, m->limbs, m->rep.mont.mm, T );
+    mbedtls_mpi_core_from_mont_rep(X, X, m->p, m->limbs, m->rep.mont.mm, T);
 
-    mbedtls_platform_zeroize( T, t_limbs * ciL );
-    mbedtls_free( T );
-    return( 0 );
+    mbedtls_platform_zeroize(T, t_limbs * ciL);
+    mbedtls_free(T);
+    return 0;
 }
 
-void mbedtls_mpi_mod_raw_neg( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_mod_modulus *m )
+void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_mod_modulus *m)
 {
-    mbedtls_mpi_core_sub( X, m->p, A, m->limbs );
+    mbedtls_mpi_core_sub(X, m->p, A, m->limbs);
 
     /* If A=0 initially, then X=N now. Detect this by
      * subtracting N and catching the carry. */
-    mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub( X, X, m->p, m->limbs );
-    (void) mbedtls_mpi_core_add_if( X, m->p, m->limbs, (unsigned) borrow  );
+    mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, m->p, m->limbs);
+    (void) mbedtls_mpi_core_add_if(X, m->p, m->limbs, (unsigned) borrow);
 }
 /* END MERGE SLOT 7 */
 
diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h
index ea3207f..da8db6f 100644
--- a/library/bignum_mod_raw.h
+++ b/library/bignum_mod_raw.h
@@ -109,10 +109,10 @@
  *                 is indeterminate, and the resulting value in \p X might be
  *                 neither its original value nor the value in \p A.
  */
-void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X,
-                                      const mbedtls_mpi_uint *A,
-                                      const mbedtls_mpi_mod_modulus *N,
-                                      unsigned char assign );
+void mbedtls_mpi_mod_raw_cond_assign(mbedtls_mpi_uint *X,
+                                     const mbedtls_mpi_uint *A,
+                                     const mbedtls_mpi_mod_modulus *N,
+                                     unsigned char assign);
 
 /**
  * \brief   Perform a safe conditional swap of two MPIs which doesn't reveal
@@ -135,10 +135,10 @@
  *                 is indeterminate, and both \p X and \p Y might end up with
  *                 values different to either of the original ones.
  */
-void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X,
-                                    mbedtls_mpi_uint *Y,
-                                    const mbedtls_mpi_mod_modulus *N,
-                                    unsigned char swap );
+void mbedtls_mpi_mod_raw_cond_swap(mbedtls_mpi_uint *X,
+                                   mbedtls_mpi_uint *Y,
+                                   const mbedtls_mpi_mod_modulus *N,
+                                   unsigned char swap);
 
 /** Import X from unsigned binary data.
  *
@@ -159,11 +159,11 @@
  * \return       #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
  *               of \p m is invalid or \p X is not less than \p m.
  */
-int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_mod_modulus *m,
-                              const unsigned char *input,
-                              size_t input_length,
-                              mbedtls_mpi_mod_ext_rep ext_rep );
+int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_mod_modulus *m,
+                             const unsigned char *input,
+                             size_t input_length,
+                             mbedtls_mpi_mod_ext_rep ext_rep);
 
 /** Export A into unsigned binary data.
  *
@@ -181,11 +181,11 @@
  * \return       #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
  *               of \p m is invalid.
  */
-int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A,
-                               const mbedtls_mpi_mod_modulus *m,
-                               unsigned char *output,
-                               size_t output_length,
-                               mbedtls_mpi_mod_ext_rep ext_rep );
+int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
+                              const mbedtls_mpi_mod_modulus *m,
+                              unsigned char *output,
+                              size_t output_length,
+                              mbedtls_mpi_mod_ext_rep ext_rep);
 
 /* BEGIN MERGE SLOT 1 */
 
@@ -210,10 +210,10 @@
  * \param[in]  N        The address of the modulus. Used to perform a modulo
  *                      operation on the result of the subtraction.
  */
-void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N );
+void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N);
 
 /** \brief  Multiply two MPIs, returning the residue modulo the specified
  *          modulus.
@@ -244,11 +244,11 @@
  *                      It must not alias or otherwise overlap any of the
  *                      other parameters.
  */
-void mbedtls_mpi_mod_raw_mul( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N,
-                              mbedtls_mpi_uint *T );
+void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N,
+                             mbedtls_mpi_uint *T);
 
 /* END MERGE SLOT 2 */
 
@@ -269,7 +269,7 @@
  * \return         The number of limbs of working memory required by
  *                 `mbedtls_mpi_mod_raw_inv_prime()`.
  */
-size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs( size_t AN_limbs );
+size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs);
 
 /**
  * \brief Perform fixed-width modular inversion of a Montgomery-form MPI with
@@ -296,12 +296,12 @@
  *                   longer needed, and before freeing it if it was dynamically
  *                   allocated.
  */
-void mbedtls_mpi_mod_raw_inv_prime( mbedtls_mpi_uint *X,
-                                    const mbedtls_mpi_uint *A,
-                                    const mbedtls_mpi_uint *N,
-                                    size_t AN_limbs,
-                                    const mbedtls_mpi_uint *RR,
-                                    mbedtls_mpi_uint *T );
+void mbedtls_mpi_mod_raw_inv_prime(mbedtls_mpi_uint *X,
+                                   const mbedtls_mpi_uint *A,
+                                   const mbedtls_mpi_uint *N,
+                                   size_t AN_limbs,
+                                   const mbedtls_mpi_uint *RR,
+                                   mbedtls_mpi_uint *T);
 
 /* END MERGE SLOT 3 */
 
@@ -328,10 +328,10 @@
  *                  must be smaller than \p N.
  * \param[in] N     The address of the modulus.
  */
-void mbedtls_mpi_mod_raw_add( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_uint *B,
-                              const mbedtls_mpi_mod_modulus *N );
+void mbedtls_mpi_mod_raw_add(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_uint *B,
+                             const mbedtls_mpi_mod_modulus *N);
 /* END MERGE SLOT 5 */
 
 /* BEGIN MERGE SLOT 6 */
@@ -351,7 +351,7 @@
  */
 int mbedtls_mpi_mod_raw_canonical_to_modulus_rep(
     mbedtls_mpi_uint *X,
-    const mbedtls_mpi_mod_modulus *N );
+    const mbedtls_mpi_mod_modulus *N);
 
 /** Convert an MPI from the representation associated with the modulus
  * to canonical representation (little-endian limb array).
@@ -368,7 +368,7 @@
  */
 int mbedtls_mpi_mod_raw_modulus_to_canonical_rep(
     mbedtls_mpi_uint *X,
-    const mbedtls_mpi_mod_modulus *N );
+    const mbedtls_mpi_mod_modulus *N);
 
 /** Generate a random number uniformly in a range.
  *
@@ -398,11 +398,11 @@
  *                 is significantly larger than \p min, which is the case
  *                 for all usual cryptographic applications.
  */
-int mbedtls_mpi_mod_raw_random( mbedtls_mpi_uint *X,
-                                mbedtls_mpi_uint min,
-                                const mbedtls_mpi_mod_modulus *N,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng );
+int mbedtls_mpi_mod_raw_random(mbedtls_mpi_uint *X,
+                               mbedtls_mpi_uint min,
+                               const mbedtls_mpi_mod_modulus *N,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng);
 
 /* END MERGE SLOT 6 */
 
@@ -416,8 +416,8 @@
  *
  * \return       \c 0 if successful.
  */
-int mbedtls_mpi_mod_raw_to_mont_rep( mbedtls_mpi_uint *X,
-                                     const mbedtls_mpi_mod_modulus *m );
+int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
+                                    const mbedtls_mpi_mod_modulus *m);
 
 /** Convert an MPI back from Montgomery representation.
  *
@@ -428,8 +428,8 @@
  *
  * \return       \c 0 if successful.
  */
-int mbedtls_mpi_mod_raw_from_mont_rep( mbedtls_mpi_uint *X,
-                                       const mbedtls_mpi_mod_modulus *m );
+int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
+                                      const mbedtls_mpi_mod_modulus *m);
 
 /** \brief  Perform fixed width modular negation.
  *
@@ -444,9 +444,9 @@
  *                      must be less than or equal to \p m.
  * \param[in] m         The modulus to use.
  */
-void mbedtls_mpi_mod_raw_neg( mbedtls_mpi_uint *X,
-                              const mbedtls_mpi_uint *A,
-                              const mbedtls_mpi_mod_modulus *m);
+void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
+                             const mbedtls_mpi_uint *A,
+                             const mbedtls_mpi_mod_modulus *m);
 /* END MERGE SLOT 7 */
 
 /* BEGIN MERGE SLOT 8 */
diff --git a/library/bn_mul.h b/library/bn_mul.h
index b7e9690..307c241 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -47,36 +47,36 @@
  */
 #if defined(MBEDTLS_HAVE_INT32)
 
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d )               \
-    ( (mbedtls_mpi_uint) (a) <<  0 ) |                        \
-    ( (mbedtls_mpi_uint) (b) <<  8 ) |                        \
-    ( (mbedtls_mpi_uint) (c) << 16 ) |                        \
-    ( (mbedtls_mpi_uint) (d) << 24 )
+#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d)               \
+    ((mbedtls_mpi_uint) (a) <<  0) |                        \
+    ((mbedtls_mpi_uint) (b) <<  8) |                        \
+    ((mbedtls_mpi_uint) (c) << 16) |                        \
+    ((mbedtls_mpi_uint) (d) << 24)
 
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b )                   \
-    MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_2(a, b)                   \
+    MBEDTLS_BYTES_TO_T_UINT_4(a, b, 0, 0)
 
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
-    MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ),                \
-    MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h )
+#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \
+    MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d),                \
+    MBEDTLS_BYTES_TO_T_UINT_4(e, f, g, h)
 
 #else /* 64-bits */
 
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h )   \
-    ( (mbedtls_mpi_uint) (a) <<  0 ) |                        \
-    ( (mbedtls_mpi_uint) (b) <<  8 ) |                        \
-    ( (mbedtls_mpi_uint) (c) << 16 ) |                        \
-    ( (mbedtls_mpi_uint) (d) << 24 ) |                        \
-    ( (mbedtls_mpi_uint) (e) << 32 ) |                        \
-    ( (mbedtls_mpi_uint) (f) << 40 ) |                        \
-    ( (mbedtls_mpi_uint) (g) << 48 ) |                        \
-    ( (mbedtls_mpi_uint) (h) << 56 )
+#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h)   \
+    ((mbedtls_mpi_uint) (a) <<  0) |                        \
+    ((mbedtls_mpi_uint) (b) <<  8) |                        \
+    ((mbedtls_mpi_uint) (c) << 16) |                        \
+    ((mbedtls_mpi_uint) (d) << 24) |                        \
+    ((mbedtls_mpi_uint) (e) << 32) |                        \
+    ((mbedtls_mpi_uint) (f) << 40) |                        \
+    ((mbedtls_mpi_uint) (g) << 48) |                        \
+    ((mbedtls_mpi_uint) (h) << 56)
 
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d )             \
-    MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d)             \
+    MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, 0, 0, 0, 0)
 
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b )                   \
-    MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
+#define MBEDTLS_BYTES_TO_T_UINT_2(a, b)                   \
+    MBEDTLS_BYTES_TO_T_UINT_8(a, b, 0, 0, 0, 0, 0, 0)
 
 #endif /* bits in mbedtls_mpi_uint */
 
diff --git a/library/camellia.c b/library/camellia.c
index 6e781c7..409727d 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -50,109 +50,109 @@
 
 static const unsigned char FSb[256] =
 {
-    112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
-     35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
-    134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
-    166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
-    139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
-    223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
-     20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
-    254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
-    170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
-     16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
-    135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
-     82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
-    233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
-    120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
-    114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
-     64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
+    112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
+    35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
+    134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
+    166, 225, 57, 202, 213, 71, 93, 61, 217,  1, 90, 214, 81, 86, 108, 77,
+    139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
+    223, 76, 203, 194, 52, 126, 118,  5, 109, 183, 169, 49, 209, 23,  4, 215,
+    20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
+    254, 68, 207, 178, 195, 181, 122, 145, 36,  8, 232, 168, 96, 252, 105, 80,
+    170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
+    16, 196,  0, 72, 163, 247, 117, 219, 138,  3, 230, 218,  9, 63, 221, 148,
+    135, 92, 131,  2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
+    82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
+    233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
+    120, 152,  6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
+    114,  7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
+    64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
 };
 
 #define SBOX1(n) FSb[(n)]
-#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
-#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
+#define SBOX2(n) (unsigned char) ((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
+#define SBOX3(n) (unsigned char) ((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
 #define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
 
 #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
 
 static const unsigned char FSb[256] =
 {
- 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
-  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
- 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
- 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
- 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
- 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
-  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
- 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
- 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
-  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
- 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
-  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
- 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
- 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
- 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
- 64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
+    112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
+    35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
+    134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
+    166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
+    139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
+    223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
+    20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
+    254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
+    170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
+    16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
+    135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
+    82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
+    233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
+    120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
+    114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
+    64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
 };
 
 static const unsigned char FSb2[256] =
 {
- 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
-  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
-  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
-  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
-  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
- 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
-  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
- 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
-  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
-  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
-  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
- 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
- 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
- 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
- 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
- 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
+    224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
+    70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
+    13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
+    77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
+    23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
+    191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
+    40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
+    253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
+    85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
+    32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
+    15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
+    164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
+    211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
+    240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
+    228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
+    128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
 };
 
 static const unsigned char FSb3[256] =
 {
-  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
- 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
-  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
-  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
- 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
- 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
-  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
- 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
-  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
-   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
- 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
-  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
- 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
-  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
-  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
-  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
+    56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
+    145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
+    67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
+    83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
+    197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
+    239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
+    10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
+    127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
+    85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
+    8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
+    195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
+    41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
+    244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
+    60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
+    57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
+    32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
 };
 
 static const unsigned char FSb4[256] =
 {
- 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
- 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
- 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
-  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
- 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
- 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
- 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
- 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
- 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
- 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
-  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
-  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
- 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
-  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
- 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
-  7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
+    112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
+    134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
+    139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
+    20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
+    170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
+    135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
+    233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
+    114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
+    130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
+    184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
+    13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
+    88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
+    208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
+    92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
+    121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
+    7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
 };
 
 #define SBOX1(n) FSb[(n)]
@@ -182,23 +182,23 @@
 {
     {
         {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
-          36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
+           36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
         { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
           -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
         {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
-          18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
+           18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
         { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
           -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
     },
     {
         {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
-          -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
+           -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
         { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
           18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
         { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
           56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
         {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
-          22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }  /* KB -> RK */
+           22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */
     }
 };
 
@@ -222,57 +222,57 @@
 
 /* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
 #define ROTL(DEST, SRC, SHIFT)                                      \
-{                                                                   \
-    (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
-    (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
-    (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
-    (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
-}
+    {                                                                   \
+        (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
+        (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
+        (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
+        (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
+    }
 
 #define FL(XL, XR, KL, KR)                                          \
-{                                                                   \
-    (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR);   \
-    (XL) = ((XR) | (KR)) ^ (XL);                                    \
-}
+    {                                                                   \
+        (XR) = ((((XL) &(KL)) << 1) | (((XL) &(KL)) >> 31)) ^ (XR);   \
+        (XL) = ((XR) | (KR)) ^ (XL);                                    \
+    }
 
 #define FLInv(YL, YR, KL, KR)                                       \
-{                                                                   \
-    (YL) = ((YR) | (KR)) ^ (YL);                                    \
-    (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR);   \
-}
+    {                                                                   \
+        (YL) = ((YR) | (KR)) ^ (YL);                                    \
+        (YR) = ((((YL) &(KL)) << 1) | (((YL) &(KL)) >> 31)) ^ (YR);   \
+    }
 
 #define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
-{                                                           \
-    TK[0] = KC[(OFFSET) * 4 + 0];                           \
-    TK[1] = KC[(OFFSET) * 4 + 1];                           \
-    TK[2] = KC[(OFFSET) * 4 + 2];                           \
-    TK[3] = KC[(OFFSET) * 4 + 3];                           \
+    {                                                           \
+        TK[0] = KC[(OFFSET) * 4 + 0];                           \
+        TK[1] = KC[(OFFSET) * 4 + 1];                           \
+        TK[2] = KC[(OFFSET) * 4 + 2];                           \
+        TK[3] = KC[(OFFSET) * 4 + 3];                           \
                                                             \
-    for( i = 1; i <= 4; i++ )                               \
-        if( shifts[(INDEX)][(OFFSET)][i -1] )               \
-            ROTL(TK + i * 4, TK, ( 15 * i ) % 32);          \
+        for (i = 1; i <= 4; i++)                               \
+        if (shifts[(INDEX)][(OFFSET)][i -1])               \
+        ROTL(TK + i * 4, TK, (15 * i) % 32);          \
                                                             \
-    for( i = 0; i < 20; i++ )                               \
-        if( indexes[(INDEX)][(OFFSET)][i] != -1 ) {         \
-            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ];    \
+        for (i = 0; i < 20; i++)                               \
+        if (indexes[(INDEX)][(OFFSET)][i] != -1) {         \
+            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[i];    \
         }                                                   \
-}
+    }
 
-static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
-                              uint32_t z[2])
+static void camellia_feistel(const uint32_t x[2], const uint32_t k[2],
+                             uint32_t z[2])
 {
     uint32_t I0, I1;
     I0 = x[0] ^ k[0];
     I1 = x[1] ^ k[1];
 
-    I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
-         ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
-         ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) <<  8) |
-         ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 ))      );
-    I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
-         ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
-         ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) <<  8) |
-         ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 ))      );
+    I0 = ((uint32_t) SBOX1(MBEDTLS_BYTE_3(I0)) << 24) |
+         ((uint32_t) SBOX2(MBEDTLS_BYTE_2(I0)) << 16) |
+         ((uint32_t) SBOX3(MBEDTLS_BYTE_1(I0)) <<  8) |
+         ((uint32_t) SBOX4(MBEDTLS_BYTE_0(I0)));
+    I1 = ((uint32_t) SBOX2(MBEDTLS_BYTE_3(I1)) << 24) |
+         ((uint32_t) SBOX3(MBEDTLS_BYTE_2(I1)) << 16) |
+         ((uint32_t) SBOX4(MBEDTLS_BYTE_1(I1)) <<  8) |
+         ((uint32_t) SBOX1(MBEDTLS_BYTE_0(I1)));
 
     I0 ^= (I1 << 8) | (I1 >> 24);
     I1 ^= (I0 << 16) | (I0 >> 16);
@@ -283,25 +283,26 @@
     z[1] ^= I0;
 }
 
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
+void mbedtls_camellia_init(mbedtls_camellia_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
+    memset(ctx, 0, sizeof(mbedtls_camellia_context));
 }
 
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
+void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
 }
 
 /*
  * Camellia key schedule (encryption)
  */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits )
+int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits)
 {
     int idx;
     size_t i;
@@ -313,63 +314,68 @@
 
     RK = ctx->rk;
 
-    memset( t, 0, 64 );
-    memset( RK, 0, sizeof(ctx->rk) );
+    memset(t, 0, 64);
+    memset(RK, 0, sizeof(ctx->rk));
 
-    switch( keybits )
-    {
+    switch (keybits) {
         case 128: ctx->nr = 3; idx = 0; break;
         case 192:
         case 256: ctx->nr = 4; idx = 1; break;
-        default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+        default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
     }
 
-    for( i = 0; i < keybits / 8; ++i )
+    for (i = 0; i < keybits / 8; ++i) {
         t[i] = key[i];
+    }
 
-    if( keybits == 192 ) {
-        for( i = 0; i < 8; i++ )
+    if (keybits == 192) {
+        for (i = 0; i < 8; i++) {
             t[24 + i] = ~t[16 + i];
+        }
     }
 
     /*
      * Prepare SIGMA values
      */
-    for( i = 0; i < 6; i++ ) {
-        SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
-        SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
+    for (i = 0; i < 6; i++) {
+        SIGMA[i][0] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 0);
+        SIGMA[i][1] = MBEDTLS_GET_UINT32_BE(SIGMA_CHARS[i], 4);
     }
 
     /*
      * Key storage in KC
      * Order: KL, KR, KA, KB
      */
-    memset( KC, 0, sizeof(KC) );
+    memset(KC, 0, sizeof(KC));
 
     /* Store KL, KR */
-    for( i = 0; i < 8; i++ )
-        KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
+    for (i = 0; i < 8; i++) {
+        KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
+    }
 
     /* Generate KA */
-    for( i = 0; i < 4; ++i )
+    for (i = 0; i < 4; ++i) {
         KC[8 + i] = KC[i] ^ KC[4 + i];
+    }
 
-    camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
+    camellia_feistel(KC + 8, SIGMA[0], KC + 10);
+    camellia_feistel(KC + 10, SIGMA[1], KC + 8);
 
-    for( i = 0; i < 4; ++i )
+    for (i = 0; i < 4; ++i) {
         KC[8 + i] ^= KC[i];
+    }
 
-    camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
+    camellia_feistel(KC + 8, SIGMA[2], KC + 10);
+    camellia_feistel(KC + 10, SIGMA[3], KC + 8);
 
-    if( keybits > 128 ) {
+    if (keybits > 128) {
         /* Generate KB */
-        for( i = 0; i < 4; ++i )
+        for (i = 0; i < 4; ++i) {
             KC[12 + i] = KC[4 + i] ^ KC[8 + i];
+        }
 
-        camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
-        camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
+        camellia_feistel(KC + 12, SIGMA[4], KC + 14);
+        camellia_feistel(KC + 14, SIGMA[5], KC + 12);
     }
 
     /*
@@ -377,37 +383,37 @@
      */
 
     /* Manipulating KL */
-    SHIFT_AND_PLACE( idx, 0 );
+    SHIFT_AND_PLACE(idx, 0);
 
     /* Manipulating KR */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 1 );
+    if (keybits > 128) {
+        SHIFT_AND_PLACE(idx, 1);
     }
 
     /* Manipulating KA */
-    SHIFT_AND_PLACE( idx, 2 );
+    SHIFT_AND_PLACE(idx, 2);
 
     /* Manipulating KB */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 3 );
+    if (keybits > 128) {
+        SHIFT_AND_PLACE(idx, 3);
     }
 
     /* Do transpositions */
-    for( i = 0; i < 20; i++ ) {
-        if( transposes[idx][i] != -1 ) {
+    for (i = 0; i < 20; i++) {
+        if (transposes[idx][i] != -1) {
             RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Camellia key schedule (decryption)
  */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits )
+int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits)
 {
     int idx, ret;
     size_t i;
@@ -415,14 +421,15 @@
     uint32_t *RK;
     uint32_t *SK;
 
-    mbedtls_camellia_init( &cty );
+    mbedtls_camellia_init(&cty);
 
     /* Also checks keybits */
-    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
+    if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
         goto exit;
+    }
 
     ctx->nr = cty.nr;
-    idx = ( ctx->nr == 4 );
+    idx = (ctx->nr == 4);
 
     RK = ctx->rk;
     SK = cty.rk + 24 * 2 + 8 * idx * 2;
@@ -432,8 +439,7 @@
     *RK++ = *SK++;
     *RK++ = *SK++;
 
-    for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
-    {
+    for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
         *RK++ = *SK++;
         *RK++ = *SK++;
     }
@@ -446,55 +452,56 @@
     *RK++ = *SK++;
 
 exit:
-    mbedtls_camellia_free( &cty );
+    mbedtls_camellia_free(&cty);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Camellia-ECB block encryption/decryption
  */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] )
+int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
+                               int mode,
+                               const unsigned char input[16],
+                               unsigned char output[16])
 {
     int NR;
     uint32_t *RK, X[4];
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    ( (void) mode );
+    ((void) mode);
 
     NR = ctx->nr;
     RK = ctx->rk;
 
-    X[0] = MBEDTLS_GET_UINT32_BE( input,  0 );
-    X[1] = MBEDTLS_GET_UINT32_BE( input,  4 );
-    X[2] = MBEDTLS_GET_UINT32_BE( input,  8 );
-    X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
+    X[0] = MBEDTLS_GET_UINT32_BE(input,  0);
+    X[1] = MBEDTLS_GET_UINT32_BE(input,  4);
+    X[2] = MBEDTLS_GET_UINT32_BE(input,  8);
+    X[3] = MBEDTLS_GET_UINT32_BE(input, 12);
 
     X[0] ^= *RK++;
     X[1] ^= *RK++;
     X[2] ^= *RK++;
     X[3] ^= *RK++;
 
-    while( NR ) {
+    while (NR) {
         --NR;
-        camellia_feistel( X, RK, X + 2 );
+        camellia_feistel(X, RK, X + 2);
         RK += 2;
-        camellia_feistel( X + 2, RK, X );
+        camellia_feistel(X + 2, RK, X);
         RK += 2;
-        camellia_feistel( X, RK, X + 2 );
+        camellia_feistel(X, RK, X + 2);
         RK += 2;
-        camellia_feistel( X + 2, RK, X );
+        camellia_feistel(X + 2, RK, X);
         RK += 2;
-        camellia_feistel( X, RK, X + 2 );
+        camellia_feistel(X, RK, X + 2);
         RK += 2;
-        camellia_feistel( X + 2, RK, X );
+        camellia_feistel(X + 2, RK, X);
         RK += 2;
 
-        if( NR ) {
+        if (NR) {
             FL(X[0], X[1], RK[0], RK[1]);
             RK += 2;
             FLInv(X[2], X[3], RK[0], RK[1]);
@@ -507,56 +514,53 @@
     X[0] ^= *RK++;
     X[1] ^= *RK++;
 
-    MBEDTLS_PUT_UINT32_BE( X[2], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( X[3], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( X[0], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
+    MBEDTLS_PUT_UINT32_BE(X[2], output,  0);
+    MBEDTLS_PUT_UINT32_BE(X[3], output,  4);
+    MBEDTLS_PUT_UINT32_BE(X[0], output,  8);
+    MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /*
  * Camellia-CBC buffer encryption/decryption
  */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                                int mode,
-                                size_t length,
-                                unsigned char iv[16],
-                                const unsigned char *input,
-                                unsigned char *output )
+int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
+                               int mode,
+                               size_t length,
+                               unsigned char iv[16],
+                               const unsigned char *input,
+                               unsigned char *output)
 {
     unsigned char temp[16];
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    if( length % 16 )
-        return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
+    if (length % 16) {
+        return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
+    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
+        while (length > 0) {
+            memcpy(temp, input, 16);
+            mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
 
-            mbedtls_xor( output, output, iv, 16 );
+            mbedtls_xor(output, output, iv, 16);
 
-            memcpy( iv, temp, 16 );
+            memcpy(iv, temp, 16);
 
             input  += 16;
             output += 16;
             length -= 16;
         }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            mbedtls_xor( output, input, iv, 16 );
+    } else {
+        while (length > 0) {
+            mbedtls_xor(output, input, iv, 16);
 
-            mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, 16 );
+            mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
+            memcpy(iv, output, 16);
 
             input  += 16;
             output += 16;
@@ -564,7 +568,7 @@
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -572,53 +576,52 @@
 /*
  * Camellia-CFB128 buffer encryption/decryption
  */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
+                                  int mode,
+                                  size_t length,
+                                  size_t *iv_off,
+                                  unsigned char iv[16],
+                                  const unsigned char *input,
+                                  unsigned char *output)
 {
     int c;
     size_t n;
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
     n = *iv_off;
-    if( n >= 16 )
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+    if (n >= 16) {
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
+        while (length--) {
+            if (n == 0) {
+                mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+            }
 
             c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
+            *output++ = (unsigned char) (c ^ iv[n]);
             iv[n] = (unsigned char) c;
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+    } else {
+        while (length--) {
+            if (n == 0) {
+                mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+            }
 
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+            iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
 
-            n = ( n + 1 ) & 0x0F;
+            n = (n + 1) & 0x0F;
         }
     }
 
     *iv_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -626,40 +629,42 @@
 /*
  * Camellia-CTR buffer encryption/decryption
  */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
+                               size_t length,
+                               size_t *nc_off,
+                               unsigned char nonce_counter[16],
+                               unsigned char stream_block[16],
+                               const unsigned char *input,
+                               unsigned char *output)
 {
     int c, i;
     size_t n;
 
     n = *nc_off;
-    if( n >= 16 )
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+    if (n >= 16) {
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
-                                stream_block );
+    while (length--) {
+        if (n == 0) {
+            mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
+                                       stream_block);
 
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
+            for (i = 16; i > 0; i--) {
+                if (++nonce_counter[i - 1] != 0) {
                     break;
+                }
+            }
         }
         c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
+        *output++ = (unsigned char) (c ^ stream_block[n]);
 
-        n = ( n + 1 ) & 0x0F;
+        n = (n + 1) & 0x0F;
     }
 
     *nc_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 #endif /* !MBEDTLS_CAMELLIA_ALT */
@@ -739,23 +744,23 @@
 
 static const unsigned char camellia_test_cbc_key[3][32] =
 {
-        { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-          0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
+    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
     ,
-        { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-          0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-          0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
+    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
+      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
+      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
     ,
-        { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-          0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-          0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-          0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
+    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
 };
 
 static const unsigned char camellia_test_cbc_iv[16] =
 
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
+{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
 ;
 
 static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
@@ -858,13 +863,13 @@
 };
 
 static const int camellia_test_ctr_len[3] =
-    { 16, 32, 36 };
+{ 16, 32, 36 };
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 /*
  * Checkup routine
  */
-int mbedtls_camellia_self_test( int verbose )
+int mbedtls_camellia_self_test(int verbose)
 {
     int i, j, u, v;
     unsigned char key[32];
@@ -883,163 +888,167 @@
 
     mbedtls_camellia_context ctx;
 
-    mbedtls_camellia_init( &ctx );
-    memset( key, 0, 32 );
+    mbedtls_camellia_init(&ctx);
+    memset(key, 0, 32);
 
-    for( j = 0; j < 6; j++ ) {
+    for (j = 0; j < 6; j++) {
         u = j >> 1;
-    v = j & 1;
+        v = j & 1;
 
-    if( verbose != 0 )
-        mbedtls_printf( "  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
-                         (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
-
-    for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
-        memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
-            memcpy( dst, camellia_test_ecb_plain[i], 16 );
-        } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_plain[i], 16 );
-            memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
+        if (verbose != 0) {
+            mbedtls_printf("  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
+                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
         }
 
-        mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
+        for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
+            memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
 
-        if( memcmp( buf, dst, 16 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
+            if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+                mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
+                memcpy(src, camellia_test_ecb_cipher[u][i], 16);
+                memcpy(dst, camellia_test_ecb_plain[i], 16);
+            } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+                mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
+                memcpy(src, camellia_test_ecb_plain[i], 16);
+                memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
+            }
+
+            mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
+
+            if (memcmp(buf, dst, 16) != 0) {
+                if (verbose != 0) {
+                    mbedtls_printf("failed\n");
+                }
+                goto exit;
+            }
+        }
+
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
         }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /*
      * CBC mode
      */
-    for( j = 0; j < 6; j++ )
-    {
+    for (j = 0; j < 6; j++) {
         u = j >> 1;
         v = j  & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( src, camellia_test_cbc_iv, 16 );
-        memcpy( dst, camellia_test_cbc_iv, 16 );
-        memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-        } else {
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
+        if (verbose != 0) {
+            mbedtls_printf("  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
+                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
         }
 
-        for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
+        memcpy(src, camellia_test_cbc_iv, 16);
+        memcpy(dst, camellia_test_cbc_iv, 16);
+        memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u);
 
-            if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-                memcpy( iv , src, 16 );
-                memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
-                memcpy( dst, camellia_test_cbc_plain[i], 16 );
+        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+            mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64);
+        } else {
+            mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64);
+        }
+
+        for (i = 0; i < CAMELLIA_TESTS_CBC; i++) {
+
+            if (v == MBEDTLS_CAMELLIA_DECRYPT) {
+                memcpy(iv, src, 16);
+                memcpy(src, camellia_test_cbc_cipher[u][i], 16);
+                memcpy(dst, camellia_test_cbc_plain[i], 16);
             } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-                memcpy( iv , dst, 16 );
-                memcpy( src, camellia_test_cbc_plain[i], 16 );
-                memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
+                memcpy(iv, dst, 16);
+                memcpy(src, camellia_test_cbc_plain[i], 16);
+                memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
             }
 
-            mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
+            mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
 
-            if( memcmp( buf, dst, 16 ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
+            if (memcmp(buf, dst, 16) != 0) {
+                if (verbose != 0) {
+                    mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     /*
      * CTR mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CTR-128 (%s): ",
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
+        if (verbose != 0) {
+            mbedtls_printf("  CAMELLIA-CTR-128 (%s): ",
+                           (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+        }
 
-        memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, camellia_test_ctr_key[u], 16 );
+        memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
+        memcpy(key, camellia_test_ctr_key[u], 16);
 
         offset = 0;
-        mbedtls_camellia_setkey_enc( &ctx, key, 128 );
+        mbedtls_camellia_setkey_enc(&ctx, key, 128);
 
-        if( v == MBEDTLS_CAMELLIA_DECRYPT )
-        {
+        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
             len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_ct[u], len );
+            memcpy(buf, camellia_test_ctr_ct[u], len);
 
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
+            mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
+                                       buf, buf);
 
-            if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
+            if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
+                if (verbose != 0) {
+                    mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
-        }
-        else
-        {
+        } else {
             len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_pt[u], len );
+            memcpy(buf, camellia_test_ctr_pt[u], len);
 
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
+            mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
+                                       buf, buf);
 
-            if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
+            if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
+                if (verbose != 0) {
+                    mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
     ret = 0;
 
 exit:
-    mbedtls_camellia_free( &ctx );
-    return( ret );
+    mbedtls_camellia_free(&ctx);
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ccm.c b/library/ccm.c
index 065eb60..0b02d77 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -51,50 +51,53 @@
 /*
  * Initialize context
  */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
+void mbedtls_ccm_init(mbedtls_ccm_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
+    memset(ctx, 0, sizeof(mbedtls_ccm_context));
 }
 
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
+int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
+                       mbedtls_cipher_id_t cipher,
+                       const unsigned char *key,
+                       unsigned int keybits)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
+    cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
+                                                  MBEDTLS_MODE_ECB);
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    return( 0 );
+    if (cipher_info->block_size != 16) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
+
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+
+    if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+        return ret;
+    }
+
+    if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
  * Free context
  */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
+void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
+    }
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
 }
 
 #define CCM_STATE__CLEAR                0
@@ -107,33 +110,33 @@
 /*
  * Encrypt or decrypt a partial block with CTR
  */
-static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
-                              size_t offset, size_t use_len,
-                              const unsigned char *input,
-                              unsigned char *output )
+static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx,
+                             size_t offset, size_t use_len,
+                             const unsigned char *input,
+                             unsigned char *output)
 {
     size_t olen = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char tmp_buf[16] = {0};
+    unsigned char tmp_buf[16] = { 0 };
 
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
-                                       &olen ) ) != 0 )
-    {
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
+                                     &olen)) != 0) {
         ctx->state |= CCM_STATE__ERROR;
         mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
         return ret;
     }
 
-    mbedtls_xor( output, input, tmp_buf + offset, use_len );
+    mbedtls_xor(output, input, tmp_buf + offset, use_len);
 
     mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
     return ret;
 }
 
-static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
+static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx)
+{
     ctx->state = CCM_STATE__CLEAR;
-    memset( ctx->y, 0, 16);
-    memset( ctx->ctr, 0, 16);
+    memset(ctx->y, 0, 16);
+    memset(ctx->ctr, 0, 16);
 }
 
 static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
@@ -145,21 +148,18 @@
     /* length calculation can be done only after both
      * mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
      */
-    if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET) )
+    if (!(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET)) {
         return 0;
+    }
 
     /* CCM expects non-empty tag.
      * CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
      */
-    if( ctx->tag_len == 0 )
-    {
-        if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-        {
+    if (ctx->tag_len == 0) {
+        if (ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT) {
             ctx->plaintext_len = 0;
-        }
-        else
-        {
-            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        } else {
+            return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
     }
 
@@ -175,37 +175,37 @@
      * 5 .. 3   (t - 2) / 2
      * 2 .. 0   q - 1
      */
-    ctx->y[0] |= ( ctx->add_len > 0 ) << 6;
-    ctx->y[0] |= ( ( ctx->tag_len - 2 ) / 2 ) << 3;
+    ctx->y[0] |= (ctx->add_len > 0) << 6;
+    ctx->y[0] |= ((ctx->tag_len - 2) / 2) << 3;
     ctx->y[0] |= ctx->q - 1;
 
-    for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
-        ctx->y[15-i] = MBEDTLS_BYTE_0( len_left );
+    for (i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8) {
+        ctx->y[15-i] = MBEDTLS_BYTE_0(len_left);
+    }
 
-    if( len_left > 0 )
-    {
+    if (len_left > 0) {
         ctx->state |= CCM_STATE__ERROR;
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /* Start CBC-MAC with first block*/
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
-    {
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
         ctx->state |= CCM_STATE__ERROR;
-        return( ret );
+        return ret;
     }
 
-    return (0);
+    return 0;
 }
 
-int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
-                        int mode,
-                        const unsigned char *iv,
-                        size_t iv_len )
+int mbedtls_ccm_starts(mbedtls_ccm_context *ctx,
+                       int mode,
+                       const unsigned char *iv,
+                       size_t iv_len)
 {
     /* Also implies q is within bounds */
-    if( iv_len < 7 || iv_len > 13 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    if (iv_len < 7 || iv_len > 13) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
     ctx->mode = mode;
     ctx->q = 16 - 1 - (unsigned char) iv_len;
@@ -220,25 +220,25 @@
      * 7 .. 3   0
      * 2 .. 0   q - 1
      */
-    memset( ctx->ctr, 0, 16);
+    memset(ctx->ctr, 0, 16);
     ctx->ctr[0] = ctx->q - 1;
-    memcpy( ctx->ctr + 1, iv, iv_len );
-    memset( ctx->ctr + 1 + iv_len, 0, ctx->q );
+    memcpy(ctx->ctr + 1, iv, iv_len);
+    memset(ctx->ctr + 1 + iv_len, 0, ctx->q);
     ctx->ctr[15] = 1;
 
     /*
      * See ccm_calculate_first_block_if_ready() for block layout description
      */
-    memcpy( ctx->y + 1, iv, iv_len );
+    memcpy(ctx->y + 1, iv, iv_len);
 
     ctx->state |= CCM_STATE__STARTED;
     return ccm_calculate_first_block_if_ready(ctx);
 }
 
-int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
-                             size_t total_ad_len,
-                             size_t plaintext_len,
-                             size_t tag_len )
+int mbedtls_ccm_set_lengths(mbedtls_ccm_context *ctx,
+                            size_t total_ad_len,
+                            size_t plaintext_len,
+                            size_t tag_len)
 {
     /*
      * Check length requirements: SP800-38C A.1
@@ -247,11 +247,13 @@
      *
      * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
      */
-    if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
-    if( total_ad_len >= 0xFF00 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    if (total_ad_len >= 0xFF00) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
     ctx->plaintext_len = plaintext_len;
     ctx->add_len = total_ad_len;
@@ -262,81 +264,72 @@
     return ccm_calculate_first_block_if_ready(ctx);
 }
 
-int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
-                           const unsigned char *add,
-                           size_t add_len )
+int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
+                          const unsigned char *add,
+                          size_t add_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen, use_len, offset;
 
-    if( ctx->state & CCM_STATE__ERROR )
-    {
+    if (ctx->state & CCM_STATE__ERROR) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( add_len > 0 )
-    {
-        if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
-        {
+    if (add_len > 0) {
+        if (ctx->state & CCM_STATE__AUTH_DATA_FINISHED) {
             return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
-        if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) )
-        {
-            if ( add_len > ctx->add_len )
-            {
+        if (!(ctx->state & CCM_STATE__AUTH_DATA_STARTED)) {
+            if (add_len > ctx->add_len) {
                 return MBEDTLS_ERR_CCM_BAD_INPUT;
             }
 
-            ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
-            ctx->y[1] ^= (unsigned char)( ( ctx->add_len      ) & 0xFF );
+            ctx->y[0] ^= (unsigned char) ((ctx->add_len >> 8) & 0xFF);
+            ctx->y[1] ^= (unsigned char) ((ctx->add_len) & 0xFF);
 
             ctx->state |= CCM_STATE__AUTH_DATA_STARTED;
-        }
-        else if ( ctx->processed + add_len > ctx->add_len )
-        {
+        } else if (ctx->processed + add_len > ctx->add_len) {
             return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
-        while( add_len > 0 )
-        {
+        while (add_len > 0) {
             offset = (ctx->processed + 2) % 16; /* account for y[0] and y[1]
                                                  * holding total auth data length */
             use_len = 16 - offset;
 
-            if( use_len > add_len )
+            if (use_len > add_len) {
                 use_len = add_len;
+            }
 
-            mbedtls_xor( ctx->y + offset, ctx->y + offset, add, use_len );
+            mbedtls_xor(ctx->y + offset, ctx->y + offset, add, use_len);
 
             ctx->processed += use_len;
             add_len -= use_len;
             add += use_len;
 
-            if( use_len + offset == 16 || ctx->processed == ctx->add_len )
-            {
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
-                {
+            if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
+                if ((ret =
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
                     ctx->state |= CCM_STATE__ERROR;
-                    return( ret );
+                    return ret;
                 }
             }
         }
 
-        if( ctx->processed == ctx->add_len )
-        {
+        if (ctx->processed == ctx->add_len) {
             ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
             ctx->processed = 0; // prepare for mbedtls_ccm_update()
         }
     }
 
-    return (0);
+    return 0;
 }
 
-int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
-                        const unsigned char *input, size_t input_len,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_len )
+int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
+                       const unsigned char *input, size_t input_len,
+                       unsigned char *output, size_t output_size,
+                       size_t *output_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
@@ -344,88 +337,86 @@
 
     unsigned char local_output[16];
 
-    if( ctx->state & CCM_STATE__ERROR )
-    {
+    if (ctx->state & CCM_STATE__ERROR) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /* Check against plaintext length only if performing operation with
      * authentication
      */
-    if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
-    {
+    if (ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( output_size < input_len )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    if (output_size < input_len) {
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
     *output_len = input_len;
 
     ret = 0;
 
-    while ( input_len > 0 )
-    {
+    while (input_len > 0) {
         offset = ctx->processed % 16;
 
         use_len = 16 - offset;
 
-        if( use_len > input_len )
+        if (use_len > input_len) {
             use_len = input_len;
+        }
 
         ctx->processed += use_len;
 
-        if( ctx->mode == MBEDTLS_CCM_ENCRYPT || \
-            ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
-        {
-            mbedtls_xor( ctx->y + offset, ctx->y + offset, input, use_len );
+        if (ctx->mode == MBEDTLS_CCM_ENCRYPT || \
+            ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT) {
+            mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
 
-            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
-            {
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
-                {
+            if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
+                if ((ret =
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
                     ctx->state |= CCM_STATE__ERROR;
                     goto exit;
                 }
             }
 
-            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, output );
-            if( ret != 0 )
+            ret = mbedtls_ccm_crypt(ctx, offset, use_len, input, output);
+            if (ret != 0) {
                 goto exit;
+            }
         }
 
-        if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
-            ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-        {
+        if (ctx->mode == MBEDTLS_CCM_DECRYPT || \
+            ctx->mode == MBEDTLS_CCM_STAR_DECRYPT) {
             /* Since output may be in shared memory, we cannot be sure that
              * it will contain what we wrote to it. Therefore, we should avoid using
              * it as input to any operations.
              * Write decrypted data to local_output to avoid using output variable as
              * input in the XOR operation for Y.
              */
-            ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output );
-            if( ret != 0 )
+            ret = mbedtls_ccm_crypt(ctx, offset, use_len, input, local_output);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            mbedtls_xor( ctx->y + offset, ctx->y + offset, local_output, use_len );
+            mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len);
 
-            memcpy( output, local_output, use_len );
-            mbedtls_platform_zeroize( local_output, 16 );
+            memcpy(output, local_output, use_len);
+            mbedtls_platform_zeroize(local_output, 16);
 
-            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
-            {
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
-                {
+            if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
+                if ((ret =
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
                     ctx->state |= CCM_STATE__ERROR;
                     goto exit;
                 }
             }
         }
 
-        if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
-        {
-            for( i = 0; i < ctx->q; i++ )
-            if( ++(ctx->ctr)[15-i] != 0 )
-                break;
+        if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
+            for (i = 0; i < ctx->q; i++) {
+                if (++(ctx->ctr)[15-i] != 0) {
+                    break;
+                }
+            }
         }
 
         input_len -= use_len;
@@ -434,167 +425,172 @@
     }
 
 exit:
-    mbedtls_platform_zeroize( local_output, 16 );
+    mbedtls_platform_zeroize(local_output, 16);
 
     return ret;
 }
 
-int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
-                        unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
+                       unsigned char *tag, size_t tag_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
-    if( ctx->state & CCM_STATE__ERROR )
-    {
+    if (ctx->state & CCM_STATE__ERROR) {
         return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
-    if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
-    {
+    if (ctx->add_len > 0 && !(ctx->state & CCM_STATE__AUTH_DATA_FINISHED)) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
-    {
+    if (ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len) {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */
-    for( i = 0; i < ctx->q; i++ )
+    for (i = 0; i < ctx->q; i++) {
         ctx->ctr[15-i] = 0;
+    }
 
-    ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y );
-    if( ret != 0 )
+    ret = mbedtls_ccm_crypt(ctx, 0, 16, ctx->y, ctx->y);
+    if (ret != 0) {
         return ret;
-    if( tag != NULL )
-        memcpy( tag, ctx->y, tag_len );
+    }
+    if (tag != NULL) {
+        memcpy(tag, ctx->y, tag_len);
+    }
     mbedtls_ccm_clear_state(ctx);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Authenticated encryption or decryption
  */
-static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
-                           const unsigned char *iv, size_t iv_len,
-                           const unsigned char *add, size_t add_len,
-                           const unsigned char *input, unsigned char *output,
-                           unsigned char *tag, size_t tag_len )
+static int ccm_auth_crypt(mbedtls_ccm_context *ctx, int mode, size_t length,
+                          const unsigned char *iv, size_t iv_len,
+                          const unsigned char *add, size_t add_len,
+                          const unsigned char *input, unsigned char *output,
+                          unsigned char *tag, size_t tag_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if( ( ret = mbedtls_ccm_starts( ctx, mode, iv, iv_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ccm_starts(ctx, mode, iv, iv_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_set_lengths( ctx, add_len, length, tag_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ccm_set_lengths(ctx, add_len, length, tag_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_update_ad( ctx, add, add_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ccm_update_ad(ctx, add, add_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_update( ctx, input, length,
-                                    output, length, &olen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ccm_update(ctx, input, length,
+                                  output, length, &olen)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_finish( ctx, tag, tag_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ccm_finish(ctx, tag, tag_len)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Authenticated encryption
  */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+                                     const unsigned char *iv, size_t iv_len,
+                                     const unsigned char *add, size_t add_len,
+                                     const unsigned char *input, unsigned char *output,
+                                     unsigned char *tag, size_t tag_len)
 {
-    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
+    return ccm_auth_crypt(ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
+                          add, add_len, input, output, tag, tag_len);
 }
 
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
+                                const unsigned char *iv, size_t iv_len,
+                                const unsigned char *add, size_t add_len,
+                                const unsigned char *input, unsigned char *output,
+                                unsigned char *tag, size_t tag_len)
 {
-    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
+    return ccm_auth_crypt(ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
+                          add, add_len, input, output, tag, tag_len);
 }
 
 /*
  * Authenticated decryption
  */
-static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len)
+static int mbedtls_ccm_compare_tags(const unsigned char *tag1,
+                                    const unsigned char *tag2,
+                                    size_t tag_len)
 {
     unsigned char i;
     int diff;
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
+    for (diff = 0, i = 0; i < tag_len; i++) {
         diff |= tag1[i] ^ tag2[i];
-
-    if( diff != 0 )
-    {
-        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        return MBEDTLS_ERR_CCM_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
-static int ccm_auth_decrypt( mbedtls_ccm_context *ctx, int mode, size_t length,
-                             const unsigned char *iv, size_t iv_len,
-                             const unsigned char *add, size_t add_len,
-                             const unsigned char *input, unsigned char *output,
-                             const unsigned char *tag, size_t tag_len )
+static int ccm_auth_decrypt(mbedtls_ccm_context *ctx, int mode, size_t length,
+                            const unsigned char *iv, size_t iv_len,
+                            const unsigned char *add, size_t add_len,
+                            const unsigned char *input, unsigned char *output,
+                            const unsigned char *tag, size_t tag_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char check_tag[16];
 
-    if( ( ret = ccm_auth_crypt( ctx, mode, length,
-                                iv, iv_len, add, add_len,
-                                input, output, check_tag, tag_len ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = ccm_auth_crypt(ctx, mode, length,
+                              iv, iv_len, add, add_len,
+                              input, output, check_tag, tag_len)) != 0) {
+        return ret;
     }
 
-    if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( ret );
+    if ((ret = mbedtls_ccm_compare_tags(tag, check_tag, tag_len)) != 0) {
+        mbedtls_platform_zeroize(output, length);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+                                  const unsigned char *iv, size_t iv_len,
+                                  const unsigned char *add, size_t add_len,
+                                  const unsigned char *input, unsigned char *output,
+                                  const unsigned char *tag, size_t tag_len)
 {
-    return ccm_auth_decrypt( ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
-                             iv, iv_len, add, add_len,
-                             input, output, tag, tag_len );
+    return ccm_auth_decrypt(ctx, MBEDTLS_CCM_STAR_DECRYPT, length,
+                            iv, iv_len, add, add_len,
+                            input, output, tag, tag_len);
 }
 
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
+int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
+                             const unsigned char *iv, size_t iv_len,
+                             const unsigned char *add, size_t add_len,
+                             const unsigned char *input, unsigned char *output,
+                             const unsigned char *tag, size_t tag_len)
 {
-    return ccm_auth_decrypt( ctx, MBEDTLS_CCM_DECRYPT, length,
-                             iv, iv_len, add, add_len,
-                             input, output, tag, tag_len );
+    return ccm_auth_decrypt(ctx, MBEDTLS_CCM_DECRYPT, length,
+                            iv, iv_len, add, add_len,
+                            input, output, tag, tag_len);
 }
 #endif /* !MBEDTLS_CCM_ALT */
 
@@ -631,7 +627,7 @@
     0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
 };
 
-static const size_t iv_len_test_data [NB_TESTS] = { 7, 8,  12 };
+static const size_t iv_len_test_data[NB_TESTS] = { 7, 8,  12 };
 static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
 static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
 static const size_t tag_len_test_data[NB_TESTS] = { 4, 6,  8  };
@@ -647,7 +643,7 @@
         0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
 };
 
-int mbedtls_ccm_self_test( int verbose )
+int mbedtls_ccm_self_test(int verbose)
 {
     mbedtls_ccm_context ctx;
     /*
@@ -660,70 +656,72 @@
     size_t i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_ccm_init( &ctx );
+    mbedtls_ccm_init(&ctx);
 
-    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
-                            8 * sizeof key_test_data ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM: setup failed" );
-
-        return( 1 );
-    }
-
-    for( i = 0; i < NB_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM-AES #%u: ", (unsigned int) i + 1 );
-
-        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
-        memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
-        memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
-
-        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
-                                           iv_test_data, iv_len_test_data[i],
-                                           ad_test_data, add_len_test_data[i],
-                                           plaintext, ciphertext,
-                                           ciphertext + msg_len_test_data[i],
-                                           tag_len_test_data[i] );
-
-        if( ret != 0 ||
-            memcmp( ciphertext, res_test_data[i],
-                    msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
-
-        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
-                                        iv_test_data, iv_len_test_data[i],
-                                        ad_test_data, add_len_test_data[i],
-                                        ciphertext, plaintext,
-                                        ciphertext + msg_len_test_data[i],
-                                        tag_len_test_data[i] );
-
-        if( ret != 0 ||
-            memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
+    if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
+                           8 * sizeof key_test_data) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("  CCM: setup failed");
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        return 1;
     }
 
-    mbedtls_ccm_free( &ctx );
+    for (i = 0; i < NB_TESTS; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  CCM-AES #%u: ", (unsigned int) i + 1);
+        }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+        memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
+        memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN);
+        memcpy(plaintext, msg_test_data, msg_len_test_data[i]);
 
-    return( 0 );
+        ret = mbedtls_ccm_encrypt_and_tag(&ctx, msg_len_test_data[i],
+                                          iv_test_data, iv_len_test_data[i],
+                                          ad_test_data, add_len_test_data[i],
+                                          plaintext, ciphertext,
+                                          ciphertext + msg_len_test_data[i],
+                                          tag_len_test_data[i]);
+
+        if (ret != 0 ||
+            memcmp(ciphertext, res_test_data[i],
+                   msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
+
+            return 1;
+        }
+        memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
+
+        ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len_test_data[i],
+                                       iv_test_data, iv_len_test_data[i],
+                                       ad_test_data, add_len_test_data[i],
+                                       ciphertext, plaintext,
+                                       ciphertext + msg_len_test_data[i],
+                                       tag_len_test_data[i]);
+
+        if (ret != 0 ||
+            memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
+
+            return 1;
+        }
+
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
+    }
+
+    mbedtls_ccm_free(&ctx);
+
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
+
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/chacha20.c b/library/chacha20.c
index d17c58c..cbb01f4 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -36,12 +36,12 @@
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
-#define ROTL32( value, amount ) \
-    ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
+#define ROTL32(value, amount) \
+    ((uint32_t) ((value) << (amount)) | ((value) >> (32 - (amount))))
 
-#define CHACHA20_CTR_INDEX ( 12U )
+#define CHACHA20_CTR_INDEX (12U)
 
-#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
+#define CHACHA20_BLOCK_SIZE_BYTES (4U * 16U)
 
 /**
  * \brief           ChaCha20 quarter round operation.
@@ -58,31 +58,31 @@
  * \param c         The index of 'c' in the state.
  * \param d         The index of 'd' in the state.
  */
-static inline void chacha20_quarter_round( uint32_t state[16],
-                                           size_t a,
-                                           size_t b,
-                                           size_t c,
-                                           size_t d )
+static inline void chacha20_quarter_round(uint32_t state[16],
+                                          size_t a,
+                                          size_t b,
+                                          size_t c,
+                                          size_t d)
 {
     /* a += b; d ^= a; d <<<= 16; */
     state[a] += state[b];
     state[d] ^= state[a];
-    state[d] = ROTL32( state[d], 16 );
+    state[d] = ROTL32(state[d], 16);
 
     /* c += d; b ^= c; b <<<= 12 */
     state[c] += state[d];
     state[b] ^= state[c];
-    state[b] = ROTL32( state[b], 12 );
+    state[b] = ROTL32(state[b], 12);
 
     /* a += b; d ^= a; d <<<= 8; */
     state[a] += state[b];
     state[d] ^= state[a];
-    state[d] = ROTL32( state[d], 8 );
+    state[d] = ROTL32(state[d], 8);
 
     /* c += d; b ^= c; b <<<= 7; */
     state[c] += state[d];
     state[b] ^= state[c];
-    state[b] = ROTL32( state[b], 7 );
+    state[b] = ROTL32(state[b], 7);
 }
 
 /**
@@ -93,17 +93,17 @@
  *
  * \param state     The ChaCha20 state to update.
  */
-static void chacha20_inner_block( uint32_t state[16] )
+static void chacha20_inner_block(uint32_t state[16])
 {
-    chacha20_quarter_round( state, 0, 4, 8,  12 );
-    chacha20_quarter_round( state, 1, 5, 9,  13 );
-    chacha20_quarter_round( state, 2, 6, 10, 14 );
-    chacha20_quarter_round( state, 3, 7, 11, 15 );
+    chacha20_quarter_round(state, 0, 4, 8,  12);
+    chacha20_quarter_round(state, 1, 5, 9,  13);
+    chacha20_quarter_round(state, 2, 6, 10, 14);
+    chacha20_quarter_round(state, 3, 7, 11, 15);
 
-    chacha20_quarter_round( state, 0, 5, 10, 15 );
-    chacha20_quarter_round( state, 1, 6, 11, 12 );
-    chacha20_quarter_round( state, 2, 7, 8,  13 );
-    chacha20_quarter_round( state, 3, 4, 9,  14 );
+    chacha20_quarter_round(state, 0, 5, 10, 15);
+    chacha20_quarter_round(state, 1, 6, 11, 12);
+    chacha20_quarter_round(state, 2, 7, 8,  13);
+    chacha20_quarter_round(state, 3, 4, 9,  14);
 }
 
 /**
@@ -112,29 +112,30 @@
  * \param initial_state The initial ChaCha20 state (key, nonce, counter).
  * \param keystream     Generated keystream bytes are written to this buffer.
  */
-static void chacha20_block( const uint32_t initial_state[16],
-                            unsigned char keystream[64] )
+static void chacha20_block(const uint32_t initial_state[16],
+                           unsigned char keystream[64])
 {
     uint32_t working_state[16];
     size_t i;
 
-    memcpy( working_state,
-            initial_state,
-            CHACHA20_BLOCK_SIZE_BYTES );
+    memcpy(working_state,
+           initial_state,
+           CHACHA20_BLOCK_SIZE_BYTES);
 
-    for( i = 0U; i < 10U; i++ )
-        chacha20_inner_block( working_state );
+    for (i = 0U; i < 10U; i++) {
+        chacha20_inner_block(working_state);
+    }
 
-    working_state[ 0] += initial_state[ 0];
-    working_state[ 1] += initial_state[ 1];
-    working_state[ 2] += initial_state[ 2];
-    working_state[ 3] += initial_state[ 3];
-    working_state[ 4] += initial_state[ 4];
-    working_state[ 5] += initial_state[ 5];
-    working_state[ 6] += initial_state[ 6];
-    working_state[ 7] += initial_state[ 7];
-    working_state[ 8] += initial_state[ 8];
-    working_state[ 9] += initial_state[ 9];
+    working_state[0] += initial_state[0];
+    working_state[1] += initial_state[1];
+    working_state[2] += initial_state[2];
+    working_state[3] += initial_state[3];
+    working_state[4] += initial_state[4];
+    working_state[5] += initial_state[5];
+    working_state[6] += initial_state[6];
+    working_state[7] += initial_state[7];
+    working_state[8] += initial_state[8];
+    working_state[9] += initial_state[9];
     working_state[10] += initial_state[10];
     working_state[11] += initial_state[11];
     working_state[12] += initial_state[12];
@@ -142,35 +143,33 @@
     working_state[14] += initial_state[14];
     working_state[15] += initial_state[15];
 
-    for( i = 0U; i < 16; i++ )
-    {
+    for (i = 0U; i < 16; i++) {
         size_t offset = i * 4U;
 
         MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
     }
 
-    mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
+    mbedtls_platform_zeroize(working_state, sizeof(working_state));
 }
 
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
+void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx)
 {
-    mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
-    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+    mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));
+    mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));
 
     /* Initially, there's no keystream bytes available */
     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
 }
 
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
+void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
 {
-    if( ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
+    if (ctx != NULL) {
+        mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
     }
 }
 
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
-                            const unsigned char key[32] )
+int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
+                            const unsigned char key[32])
 {
     /* ChaCha20 constants - the string "expand 32-byte k" */
     ctx->state[0] = 0x61707865;
@@ -179,50 +178,49 @@
     ctx->state[3] = 0x6b206574;
 
     /* Set key */
-    ctx->state[4]  = MBEDTLS_GET_UINT32_LE( key, 0 );
-    ctx->state[5]  = MBEDTLS_GET_UINT32_LE( key, 4 );
-    ctx->state[6]  = MBEDTLS_GET_UINT32_LE( key, 8 );
-    ctx->state[7]  = MBEDTLS_GET_UINT32_LE( key, 12 );
-    ctx->state[8]  = MBEDTLS_GET_UINT32_LE( key, 16 );
-    ctx->state[9]  = MBEDTLS_GET_UINT32_LE( key, 20 );
-    ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
-    ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
+    ctx->state[4]  = MBEDTLS_GET_UINT32_LE(key, 0);
+    ctx->state[5]  = MBEDTLS_GET_UINT32_LE(key, 4);
+    ctx->state[6]  = MBEDTLS_GET_UINT32_LE(key, 8);
+    ctx->state[7]  = MBEDTLS_GET_UINT32_LE(key, 12);
+    ctx->state[8]  = MBEDTLS_GET_UINT32_LE(key, 16);
+    ctx->state[9]  = MBEDTLS_GET_UINT32_LE(key, 20);
+    ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);
+    ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
-                             const unsigned char nonce[12],
-                             uint32_t counter )
+int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
+                            const unsigned char nonce[12],
+                            uint32_t counter)
 {
     /* Counter */
     ctx->state[12] = counter;
 
     /* Nonce */
-    ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
-    ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
-    ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
+    ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0);
+    ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4);
+    ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8);
 
-    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+    mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));
 
     /* Initially, there's no keystream bytes available */
     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                              size_t size,
-                              const unsigned char *input,
-                              unsigned char *output )
+int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
+                            size_t size,
+                            const unsigned char *input,
+                            unsigned char *output)
 {
     size_t offset = 0U;
 
     /* Use leftover keystream bytes, if available */
-    while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
-    {
+    while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
         output[offset] = input[offset]
-                       ^ ctx->keystream8[ctx->keystream_bytes_used];
+                         ^ ctx->keystream8[ctx->keystream_bytes_used];
 
         ctx->keystream_bytes_used++;
         offset++;
@@ -230,59 +228,59 @@
     }
 
     /* Process full blocks */
-    while( size >= CHACHA20_BLOCK_SIZE_BYTES )
-    {
+    while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
         /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->state, ctx->keystream8 );
+        chacha20_block(ctx->state, ctx->keystream8);
         ctx->state[CHACHA20_CTR_INDEX]++;
 
-        mbedtls_xor( output + offset, input + offset, ctx->keystream8, 64U );
+        mbedtls_xor(output + offset, input + offset, ctx->keystream8, 64U);
 
         offset += CHACHA20_BLOCK_SIZE_BYTES;
         size   -= CHACHA20_BLOCK_SIZE_BYTES;
     }
 
     /* Last (partial) block */
-    if( size > 0U )
-    {
+    if (size > 0U) {
         /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->state, ctx->keystream8 );
+        chacha20_block(ctx->state, ctx->keystream8);
         ctx->state[CHACHA20_CTR_INDEX]++;
 
-        mbedtls_xor( output + offset, input + offset, ctx->keystream8, size );
+        mbedtls_xor(output + offset, input + offset, ctx->keystream8, size);
 
         ctx->keystream_bytes_used = size;
 
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_chacha20_crypt( const unsigned char key[32],
-                            const unsigned char nonce[12],
-                            uint32_t counter,
-                            size_t data_len,
-                            const unsigned char* input,
-                            unsigned char* output )
+int mbedtls_chacha20_crypt(const unsigned char key[32],
+                           const unsigned char nonce[12],
+                           uint32_t counter,
+                           size_t data_len,
+                           const unsigned char *input,
+                           unsigned char *output)
 {
     mbedtls_chacha20_context ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_chacha20_init( &ctx );
+    mbedtls_chacha20_init(&ctx);
 
-    ret = mbedtls_chacha20_setkey( &ctx, key );
-    if( ret != 0 )
+    ret = mbedtls_chacha20_setkey(&ctx, key);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
-    if( ret != 0 )
+    ret = mbedtls_chacha20_starts(&ctx, nonce, counter);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
+    ret = mbedtls_chacha20_update(&ctx, data_len, input, output);
 
 cleanup:
-    mbedtls_chacha20_free( &ctx );
-    return( ret );
+    mbedtls_chacha20_free(&ctx);
+    return ret;
 }
 
 #endif /* !MBEDTLS_CHACHA20_ALT */
@@ -458,50 +456,52 @@
 /* Make sure no other definition is already present. */
 #undef ASSERT
 
-#define ASSERT( cond, args )            \
+#define ASSERT(cond, args)            \
     do                                  \
     {                                   \
-        if( ! ( cond ) )                \
+        if (!(cond))                \
         {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
+            if (verbose != 0)          \
+            mbedtls_printf args;    \
                                         \
-            return( -1 );               \
+            return -1;               \
         }                               \
     }                                   \
-    while( 0 )
+    while (0)
 
-int mbedtls_chacha20_self_test( int verbose )
+int mbedtls_chacha20_self_test(int verbose)
 {
     unsigned char output[381];
     unsigned i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    for( i = 0U; i < 2U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ChaCha20 test %u ", i );
+    for (i = 0U; i < 2U; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  ChaCha20 test %u ", i);
+        }
 
-        ret = mbedtls_chacha20_crypt( test_keys[i],
-                                      test_nonces[i],
-                                      test_counters[i],
-                                      test_lengths[i],
-                                      test_input[i],
-                                      output );
+        ret = mbedtls_chacha20_crypt(test_keys[i],
+                                     test_nonces[i],
+                                     test_counters[i],
+                                     test_lengths[i],
+                                     test_input[i],
+                                     output);
 
-        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
+        ASSERT(0 == ret, ("error code: %i\n", ret));
 
-        ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
-                ( "failed (output)\n" ) );
+        ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]),
+               ("failed (output)\n"));
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/chachapoly.c b/library/chachapoly.c
index e283853..0124d75 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -32,29 +32,30 @@
 
 #if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
-#define CHACHAPOLY_STATE_INIT       ( 0 )
-#define CHACHAPOLY_STATE_AAD        ( 1 )
-#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
-#define CHACHAPOLY_STATE_FINISHED   ( 3 )
+#define CHACHAPOLY_STATE_INIT       (0)
+#define CHACHAPOLY_STATE_AAD        (1)
+#define CHACHAPOLY_STATE_CIPHERTEXT (2)   /* Encrypting or decrypting */
+#define CHACHAPOLY_STATE_FINISHED   (3)
 
 /**
  * \brief           Adds nul bytes to pad the AAD for Poly1305.
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx)
 {
-    uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
+    uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
     unsigned char zeroes[15];
 
-    if( partial_block_len == 0U )
-        return( 0 );
+    if (partial_block_len == 0U) {
+        return 0;
+    }
 
-    memset( zeroes, 0, sizeof( zeroes ) );
+    memset(zeroes, 0, sizeof(zeroes));
 
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                     zeroes,
-                                     16U - partial_block_len ) );
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx,
+                                   zeroes,
+                                   16U - partial_block_len);
 }
 
 /**
@@ -62,80 +63,83 @@
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx)
 {
-    uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
+    uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
     unsigned char zeroes[15];
 
-    if( partial_block_len == 0U )
-        return( 0 );
+    if (partial_block_len == 0U) {
+        return 0;
+    }
 
-    memset( zeroes, 0, sizeof( zeroes ) );
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                     zeroes,
-                                     16U - partial_block_len ) );
+    memset(zeroes, 0, sizeof(zeroes));
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx,
+                                   zeroes,
+                                   16U - partial_block_len);
 }
 
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
+void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
 {
-    mbedtls_chacha20_init( &ctx->chacha20_ctx );
-    mbedtls_poly1305_init( &ctx->poly1305_ctx );
+    mbedtls_chacha20_init(&ctx->chacha20_ctx);
+    mbedtls_poly1305_init(&ctx->poly1305_ctx);
     ctx->aad_len        = 0U;
     ctx->ciphertext_len = 0U;
     ctx->state          = CHACHAPOLY_STATE_INIT;
     ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
 }
 
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
+void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_chacha20_free( &ctx->chacha20_ctx );
-    mbedtls_poly1305_free( &ctx->poly1305_ctx );
+    mbedtls_chacha20_free(&ctx->chacha20_ctx);
+    mbedtls_poly1305_free(&ctx->poly1305_ctx);
     ctx->aad_len        = 0U;
     ctx->ciphertext_len = 0U;
     ctx->state          = CHACHAPOLY_STATE_INIT;
     ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
 }
 
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
-                               const unsigned char key[32] )
+int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
+                              const unsigned char key[32])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
+    ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
-                               const unsigned char nonce[12],
-                               mbedtls_chachapoly_mode_t mode  )
+int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
+                              const unsigned char nonce[12],
+                              mbedtls_chachapoly_mode_t mode)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char poly1305_key[64];
 
     /* Set counter = 0, will be update to 1 when generating Poly1305 key */
-    ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
-    if( ret != 0 )
+    ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /* Generate the Poly1305 key by getting the ChaCha20 keystream output with
      * counter = 0.  This is the same as encrypting a buffer of zeroes.
      * Only the first 256-bits (32 bytes) of the key is used for Poly1305.
      * The other 256 bits are discarded.
      */
-    memset( poly1305_key, 0, sizeof( poly1305_key ) );
-    ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
-                                      poly1305_key, poly1305_key );
-    if( ret != 0 )
+    memset(poly1305_key, 0, sizeof(poly1305_key));
+    ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
+                                  poly1305_key, poly1305_key);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
+    ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
 
-    if( ret == 0 )
-    {
+    if (ret == 0) {
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
         ctx->state          = CHACHAPOLY_STATE_AAD;
@@ -143,92 +147,91 @@
     }
 
 cleanup:
-    mbedtls_platform_zeroize( poly1305_key, 64U );
-    return( ret );
+    mbedtls_platform_zeroize(poly1305_key, 64U);
+    return ret;
 }
 
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   const unsigned char *aad,
-                                   size_t aad_len )
+int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
+                                  const unsigned char *aad,
+                                  size_t aad_len)
 {
-    if( ctx->state != CHACHAPOLY_STATE_AAD )
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    if (ctx->state != CHACHAPOLY_STATE_AAD) {
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
+    }
 
     ctx->aad_len += aad_len;
 
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
 }
 
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
-                               size_t len,
-                               const unsigned char *input,
-                               unsigned char *output )
+int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
+                              size_t len,
+                              const unsigned char *input,
+                              unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
-        ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
-    {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
+        (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
     }
 
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
-    {
+    if (ctx->state == CHACHAPOLY_STATE_AAD) {
         ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
-        ret = chachapoly_pad_aad( ctx );
-        if( ret != 0 )
-            return( ret );
+        ret = chachapoly_pad_aad(ctx);
+        if (ret != 0) {
+            return ret;
+        }
     }
 
     ctx->ciphertext_len += len;
 
-    if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
-    {
-        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        if( ret != 0 )
-            return( ret );
+    if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
+        ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
+        if (ret != 0) {
+            return ret;
+        }
 
-        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
-        if( ret != 0 )
-            return( ret );
-    }
-    else /* DECRYPT */
-    {
-        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
-        if( ret != 0 )
-            return( ret );
+        ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
+        if (ret != 0) {
+            return ret;
+        }
+    } else { /* DECRYPT */
+        ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
+        if (ret != 0) {
+            return ret;
+        }
 
-        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        if( ret != 0 )
-            return( ret );
+        ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
+        if (ret != 0) {
+            return ret;
+        }
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
-                               unsigned char mac[16] )
+int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
+                              unsigned char mac[16])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char len_block[16];
 
-    if( ctx->state == CHACHAPOLY_STATE_INIT )
-    {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    if (ctx->state == CHACHAPOLY_STATE_INIT) {
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
     }
 
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
-    {
-        ret = chachapoly_pad_aad( ctx );
-        if( ret != 0 )
-            return( ret );
-    }
-    else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
-    {
-        ret = chachapoly_pad_ciphertext( ctx );
-        if( ret != 0 )
-            return( ret );
+    if (ctx->state == CHACHAPOLY_STATE_AAD) {
+        ret = chachapoly_pad_aad(ctx);
+        if (ret != 0) {
+            return ret;
+        }
+    } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
+        ret = chachapoly_pad_ciphertext(ctx);
+        if (ret != 0) {
+            return ret;
+        }
     }
 
     ctx->state = CHACHAPOLY_STATE_FINISHED;
@@ -239,91 +242,94 @@
     MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
     MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
 
-    ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+    ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
 
-    return( ret );
+    return ret;
 }
 
-static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                     mbedtls_chachapoly_mode_t mode,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char *input,
-                                     unsigned char *output,
-                                     unsigned char tag[16] )
+static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
+                                    mbedtls_chachapoly_mode_t mode,
+                                    size_t length,
+                                    const unsigned char nonce[12],
+                                    const unsigned char *aad,
+                                    size_t aad_len,
+                                    const unsigned char *input,
+                                    unsigned char *output,
+                                    unsigned char tag[16])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
-    if( ret != 0 )
+    ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
-    if( ret != 0 )
+    ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_chachapoly_update( ctx, length, input, output );
-    if( ret != 0 )
+    ret = mbedtls_chachapoly_update(ctx, length, input, output);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_chachapoly_finish( ctx, tag );
+    ret = mbedtls_chachapoly_finish(ctx, tag);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                        size_t length,
-                                        const unsigned char nonce[12],
-                                        const unsigned char *aad,
-                                        size_t aad_len,
-                                        const unsigned char *input,
-                                        unsigned char *output,
-                                        unsigned char tag[16] )
+int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
+                                       size_t length,
+                                       const unsigned char nonce[12],
+                                       const unsigned char *aad,
+                                       size_t aad_len,
+                                       const unsigned char *input,
+                                       unsigned char *output,
+                                       unsigned char tag[16])
 {
-    return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                      length, nonce, aad, aad_len,
-                                      input, output, tag ) );
+    return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                    length, nonce, aad, aad_len,
+                                    input, output, tag);
 }
 
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char tag[16],
-                                     const unsigned char *input,
-                                     unsigned char *output )
+int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
+                                    size_t length,
+                                    const unsigned char nonce[12],
+                                    const unsigned char *aad,
+                                    size_t aad_len,
+                                    const unsigned char tag[16],
+                                    const unsigned char *input,
+                                    unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char check_tag[16];
     size_t i;
     int diff;
 
-    if( ( ret = chachapoly_crypt_and_tag( ctx,
-                        MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
-                        aad, aad_len, input, output, check_tag ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = chachapoly_crypt_and_tag(ctx,
+                                        MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
+                                        aad, aad_len, input, output, check_tag)) != 0) {
+        return ret;
     }
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
+    for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
         diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        mbedtls_platform_zeroize(output, length);
+        return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
 #endif /* MBEDTLS_CHACHAPOLY_ALT */
@@ -419,20 +425,20 @@
 /* Make sure no other definition is already present. */
 #undef ASSERT
 
-#define ASSERT( cond, args )            \
+#define ASSERT(cond, args)            \
     do                                  \
     {                                   \
-        if( ! ( cond ) )                \
+        if (!(cond))                \
         {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
+            if (verbose != 0)          \
+            mbedtls_printf args;    \
                                         \
-            return( -1 );               \
+            return -1;               \
         }                               \
     }                                   \
-    while( 0 )
+    while (0)
 
-int mbedtls_chachapoly_self_test( int verbose )
+int mbedtls_chachapoly_self_test(int verbose)
 {
     mbedtls_chachapoly_context ctx;
     unsigned i;
@@ -440,43 +446,45 @@
     unsigned char output[200];
     unsigned char mac[16];
 
-    for( i = 0U; i < 1U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
+    for (i = 0U; i < 1U; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  ChaCha20-Poly1305 test %u ", i);
+        }
 
-        mbedtls_chachapoly_init( &ctx );
+        mbedtls_chachapoly_init(&ctx);
 
-        ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
-        ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
+        ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]);
+        ASSERT(0 == ret, ("setkey() error code: %i\n", ret));
 
-        ret = mbedtls_chachapoly_encrypt_and_tag( &ctx,
-                                                  test_input_len[i],
-                                                  test_nonce[i],
-                                                  test_aad[i],
-                                                  test_aad_len[i],
-                                                  test_input[i],
-                                                  output,
-                                                  mac );
+        ret = mbedtls_chachapoly_encrypt_and_tag(&ctx,
+                                                 test_input_len[i],
+                                                 test_nonce[i],
+                                                 test_aad[i],
+                                                 test_aad_len[i],
+                                                 test_input[i],
+                                                 output,
+                                                 mac);
 
-        ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
+        ASSERT(0 == ret, ("crypt_and_tag() error code: %i\n", ret));
 
-        ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
-                ( "failure (wrong output)\n" ) );
+        ASSERT(0 == memcmp(output, test_output[i], test_input_len[i]),
+               ("failure (wrong output)\n"));
 
-        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ),
-                ( "failure (wrong MAC)\n" ) );
+        ASSERT(0 == memcmp(mac, test_mac[i], 16U),
+               ("failure (wrong MAC)\n"));
 
-        mbedtls_chachapoly_free( &ctx );
+        mbedtls_chachapoly_free(&ctx);
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h
index e60e666..58175e3 100644
--- a/library/check_crypto_config.h
+++ b/library/check_crypto_config.h
@@ -29,57 +29,57 @@
 #define MBEDTLS_CHECK_CRYPTO_CONFIG_H
 
 #if defined(PSA_WANT_ALG_CCM) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
+    !(defined(PSA_WANT_KEY_TYPE_AES) || \
+    defined(PSA_WANT_KEY_TYPE_CAMELLIA))
 #error "PSA_WANT_ALG_CCM defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_CMAC) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
-       defined(PSA_WANT_KEY_TYPE_DES) )
+    !(defined(PSA_WANT_KEY_TYPE_AES) || \
+    defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
+    defined(PSA_WANT_KEY_TYPE_DES))
 #error "PSA_WANT_ALG_CMAC defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
-    !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
 #error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_ECDSA) && \
-    !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
 #error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_GCM) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
+    !(defined(PSA_WANT_KEY_TYPE_AES) || \
+    defined(PSA_WANT_KEY_TYPE_CAMELLIA))
 #error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
 #error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
 #error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_RSA_OAEP) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
 #error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
 #endif
 
 #if defined(PSA_WANT_ALG_RSA_PSS) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
+    !(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
+    defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY))
 #error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
 #endif
 
@@ -89,7 +89,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    !( defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512) )
+    !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512))
 #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
 #endif
 
diff --git a/library/cipher.c b/library/cipher.c
index dffe3ad..81e855d 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -67,128 +67,135 @@
 
 static int supported_init = 0;
 
-const int *mbedtls_cipher_list( void )
+const int *mbedtls_cipher_list(void)
 {
     const mbedtls_cipher_definition_t *def;
     int *type;
 
-    if( ! supported_init )
-    {
+    if (!supported_init) {
         def = mbedtls_cipher_definitions;
         type = mbedtls_cipher_supported;
 
-        while( def->type != 0 )
+        while (def->type != 0) {
             *type++ = (*def++).type;
+        }
 
         *type = 0;
 
         supported_init = 1;
     }
 
-    return( mbedtls_cipher_supported );
+    return mbedtls_cipher_supported;
 }
 
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
-    const mbedtls_cipher_type_t cipher_type )
+    const mbedtls_cipher_type_t cipher_type)
 {
     const mbedtls_cipher_definition_t *def;
 
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->type == cipher_type )
-            return( def->info );
+    for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+        if (def->type == cipher_type) {
+            return def->info;
+        }
+    }
 
-    return( NULL );
+    return NULL;
 }
 
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
-    const char *cipher_name )
+    const char *cipher_name)
 {
     const mbedtls_cipher_definition_t *def;
 
-    if( NULL == cipher_name )
-        return( NULL );
+    if (NULL == cipher_name) {
+        return NULL;
+    }
 
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( !  strcmp( def->info->name, cipher_name ) )
-            return( def->info );
+    for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+        if (!strcmp(def->info->name, cipher_name)) {
+            return def->info;
+        }
+    }
 
-    return( NULL );
+    return NULL;
 }
 
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
     const mbedtls_cipher_id_t cipher_id,
     int key_bitlen,
-    const mbedtls_cipher_mode_t mode )
+    const mbedtls_cipher_mode_t mode)
 {
     const mbedtls_cipher_definition_t *def;
 
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->info->base->cipher == cipher_id &&
+    for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
+        if (def->info->base->cipher == cipher_id &&
             def->info->key_bitlen == (unsigned) key_bitlen &&
-            def->info->mode == mode )
-            return( def->info );
+            def->info->mode == mode) {
+            return def->info;
+        }
+    }
 
-    return( NULL );
+    return NULL;
 }
 
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
+void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+    memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
 }
 
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
+void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        if( ctx->cipher_ctx != NULL )
-        {
+    if (ctx->psa_enabled == 1) {
+        if (ctx->cipher_ctx != NULL) {
             mbedtls_cipher_context_psa * const cipher_psa =
                 (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
 
-            if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
-            {
+            if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) {
                 /* xxx_free() doesn't allow to return failures. */
-                (void) psa_destroy_key( cipher_psa->slot );
+                (void) psa_destroy_key(cipher_psa->slot);
             }
 
-            mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
-            mbedtls_free( cipher_psa );
+            mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa));
+            mbedtls_free(cipher_psa);
         }
 
-        mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+        mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
         return;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_CMAC_C)
-    if( ctx->cmac_ctx )
-    {
-       mbedtls_platform_zeroize( ctx->cmac_ctx,
-                                 sizeof( mbedtls_cmac_context_t ) );
-       mbedtls_free( ctx->cmac_ctx );
+    if (ctx->cmac_ctx) {
+        mbedtls_platform_zeroize(ctx->cmac_ctx,
+                                 sizeof(mbedtls_cmac_context_t));
+        mbedtls_free(ctx->cmac_ctx);
     }
 #endif
 
-    if( ctx->cipher_ctx )
-        ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+    if (ctx->cipher_ctx) {
+        ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx);
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
 }
 
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
-                          const mbedtls_cipher_info_t *cipher_info )
+int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
+                         const mbedtls_cipher_info_t *cipher_info)
 {
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+    memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
 
-    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+    if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) {
+        return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+    }
 
     ctx->cipher_info = cipher_info;
 
@@ -197,106 +204,113 @@
      * Ignore possible errors caused by a cipher mode that doesn't use padding
      */
 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
+    (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7);
 #else
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
+    (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE);
 #endif
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info,
-                              size_t taglen )
+int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
+                             const mbedtls_cipher_info_t *cipher_info,
+                             size_t taglen)
 {
     psa_algorithm_t alg;
     mbedtls_cipher_context_psa *cipher_psa;
 
-    if( NULL == cipher_info || NULL == ctx )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == cipher_info || NULL == ctx) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     /* Check that the underlying cipher mode and cipher type are
      * supported by the underlying PSA Crypto implementation. */
-    alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
-    if( alg == 0 )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen);
+    if (alg == 0) {
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    }
+    if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) {
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    }
 
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+    memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
 
-    cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
-    if( cipher_psa == NULL )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+    cipher_psa = mbedtls_calloc(1, sizeof(mbedtls_cipher_context_psa));
+    if (cipher_psa == NULL) {
+        return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+    }
     cipher_psa->alg  = alg;
     ctx->cipher_ctx  = cipher_psa;
     ctx->cipher_info = cipher_info;
     ctx->psa_enabled = 1;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *key,
-                           int key_bitlen,
-                           const mbedtls_operation_t operation )
+int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
+                          const unsigned char *key,
+                          int key_bitlen,
+                          const mbedtls_operation_t operation)
 {
-    if( operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT )
+    if (operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT) {
         return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         mbedtls_cipher_context_psa * const cipher_psa =
             (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
 
-        size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8;
+        size_t const key_bytelen = ((size_t) key_bitlen + 7) / 8;
 
         psa_status_t status;
         psa_key_type_t key_type;
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
         /* PSA Crypto API only accepts byte-aligned keys. */
-        if( key_bitlen % 8 != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (key_bitlen % 8 != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
         /* Don't allow keys to be set multiple times. */
-        if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
         key_type = mbedtls_psa_translate_cipher_type(
-            ctx->cipher_info->type );
-        if( key_type == 0 )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-        psa_set_key_type( &attributes, key_type );
+            ctx->cipher_info->type);
+        if (key_type == 0) {
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+        }
+        psa_set_key_type(&attributes, key_type);
 
         /* Mbed TLS' cipher layer doesn't enforce the mode of operation
          * (encrypt vs. decrypt): it is possible to setup a key for encryption
          * and use it for AEAD decryption. Until tests relying on this
          * are changed, allow any usage in PSA. */
-        psa_set_key_usage_flags( &attributes,
-                                 /* mbedtls_psa_translate_cipher_operation( operation ); */
-                                 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-        psa_set_key_algorithm( &attributes, cipher_psa->alg );
+        psa_set_key_usage_flags(&attributes,
+                                /* mbedtls_psa_translate_cipher_operation( operation ); */
+                                PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+        psa_set_key_algorithm(&attributes, cipher_psa->alg);
 
-        status = psa_import_key( &attributes, key, key_bytelen,
-                                 &cipher_psa->slot );
-        switch( status )
-        {
+        status = psa_import_key(&attributes, key, key_bytelen,
+                                &cipher_psa->slot);
+        switch (status) {
             case PSA_SUCCESS:
                 break;
             case PSA_ERROR_INSUFFICIENT_MEMORY:
-                return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+                return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
             case PSA_ERROR_NOT_SUPPORTED:
-                return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+                return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
             default:
-                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+                return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         }
         /* Indicate that we own the key slot and need to
          * destroy it in mbedtls_cipher_free(). */
@@ -304,14 +318,13 @@
 
         ctx->key_bitlen = key_bitlen;
         ctx->operation = operation;
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
-        (int) ctx->cipher_info->key_bitlen != key_bitlen )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
+        (int) ctx->cipher_info->key_bitlen != key_bitlen) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
     ctx->key_bitlen = key_bitlen;
@@ -320,302 +333,291 @@
     /*
      * For OFB, CFB and CTR mode always use the encryption key schedule
      */
-    if( MBEDTLS_ENCRYPT == operation ||
+    if (MBEDTLS_ENCRYPT == operation ||
         MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
-    {
-        return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
-                                                         ctx->key_bitlen ) );
+        MBEDTLS_MODE_CTR == ctx->cipher_info->mode) {
+        return ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key,
+                                                       ctx->key_bitlen);
     }
 
-    if( MBEDTLS_DECRYPT == operation )
-        return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
-                                                         ctx->key_bitlen ) );
+    if (MBEDTLS_DECRYPT == operation) {
+        return ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key,
+                                                       ctx->key_bitlen);
+    }
 
-    return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
 }
 
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv,
-                           size_t iv_len )
+int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
+                          const unsigned char *iv,
+                          size_t iv_len)
 {
     size_t actual_iv_size;
 
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* avoid buffer overflow in ctx->iv */
-    if( iv_len > MBEDTLS_MAX_IV_LENGTH )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    if (iv_len > MBEDTLS_MAX_IV_LENGTH) {
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    }
 
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
+    if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) {
         actual_iv_size = iv_len;
-    else
-    {
+    } else {
         actual_iv_size = ctx->cipher_info->iv_size;
 
         /* avoid reading past the end of input buffer */
-        if( actual_iv_size > iv_len )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (actual_iv_size > iv_len) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
     }
 
 #if defined(MBEDTLS_CHACHA20_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
-    {
+    if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) {
         /* Even though the actual_iv_size is overwritten with a correct value
          * of 12 from the cipher info, return an error to indicate that
          * the input iv_len is wrong. */
-        if( iv_len != 12 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (iv_len != 12) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
-        if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
-                                           iv,
-                                           0U ) ) /* Initial counter value */
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (0 != mbedtls_chacha20_starts((mbedtls_chacha20_context *) ctx->cipher_ctx,
+                                         iv,
+                                         0U)) {   /* Initial counter value */
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
     }
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
-         iv_len != 12 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+        iv_len != 12) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 #endif
 #endif
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                    ctx->operation,
-                                    iv, iv_len ) );
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
+        return mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx,
+                                  ctx->operation,
+                                  iv, iv_len);
     }
 #endif
 
 #if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode) {
         int set_lengths_result;
         int ccm_star_mode;
 
         set_lengths_result = mbedtls_ccm_set_lengths(
-                                (mbedtls_ccm_context *) ctx->cipher_ctx,
-                                0, 0, 0 );
-        if( set_lengths_result != 0 )
+            (mbedtls_ccm_context *) ctx->cipher_ctx,
+            0, 0, 0);
+        if (set_lengths_result != 0) {
             return set_lengths_result;
+        }
 
-        if( ctx->operation == MBEDTLS_DECRYPT )
+        if (ctx->operation == MBEDTLS_DECRYPT) {
             ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
-        else if( ctx->operation == MBEDTLS_ENCRYPT )
+        } else if (ctx->operation == MBEDTLS_ENCRYPT) {
             ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
-        else
+        } else {
             return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
-        return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
-                                    ccm_star_mode,
-                                    iv, iv_len ) );
+        return mbedtls_ccm_starts((mbedtls_ccm_context *) ctx->cipher_ctx,
+                                  ccm_star_mode,
+                                  iv, iv_len);
     }
 #endif
 
-    if ( actual_iv_size != 0 )
-    {
-        memcpy( ctx->iv, iv, actual_iv_size );
+    if (actual_iv_size != 0) {
+        memcpy(ctx->iv, iv, actual_iv_size);
         ctx->iv_size = actual_iv_size;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
+int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
 {
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* We don't support resetting PSA-based
          * cipher contexts, yet. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     ctx->unprocessed_len = 0;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len )
+int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
+                             const unsigned char *ad, size_t ad_len)
 {
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        return( mbedtls_gcm_update_ad( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                       ad, ad_len ) );
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
+        return mbedtls_gcm_update_ad((mbedtls_gcm_context *) ctx->cipher_ctx,
+                                     ad, ad_len);
     }
 #endif
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
         int result;
         mbedtls_chachapoly_mode_t mode;
 
-        mode = ( ctx->operation == MBEDTLS_ENCRYPT )
+        mode = (ctx->operation == MBEDTLS_ENCRYPT)
                 ? MBEDTLS_CHACHAPOLY_ENCRYPT
                 : MBEDTLS_CHACHAPOLY_DECRYPT;
 
-        result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                        ctx->iv,
-                                                        mode );
-        if ( result != 0 )
-            return( result );
+        result = mbedtls_chachapoly_starts((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+                                           ctx->iv,
+                                           mode);
+        if (result != 0) {
+            return result;
+        }
 
-        return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                               ad, ad_len ) );
+        return mbedtls_chachapoly_update_aad((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+                                             ad, ad_len);
     }
 #endif
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
-                   size_t ilen, unsigned char *output, size_t *olen )
+int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                          size_t ilen, unsigned char *output, size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t block_size;
 
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     *olen = 0;
-    block_size = mbedtls_cipher_get_block_size( ctx );
-    if ( 0 == block_size )
-    {
-        return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
+    block_size = mbedtls_cipher_get_block_size(ctx);
+    if (0 == block_size) {
+        return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
     }
 
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
-    {
-        if( ilen != block_size )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) {
+        if (ilen != block_size) {
+            return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+        }
 
         *olen = ilen;
 
-        if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
-                    ctx->operation, input, output ) ) )
-        {
-            return( ret );
+        if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx,
+                                                         ctx->operation, input, output))) {
+            return ret;
         }
 
-        return( 0 );
+        return 0;
     }
 
 #if defined(MBEDTLS_GCM_C)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
-    {
-        return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                    input, ilen,
-                                    output, ilen, olen ) );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) {
+        return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx,
+                                  input, ilen,
+                                  output, ilen, olen);
     }
 #endif
 
 #if defined(MBEDTLS_CCM_C)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
-    {
-        return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
-                                    input, ilen,
-                                    output, ilen, olen ) );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG) {
+        return mbedtls_ccm_update((mbedtls_ccm_context *) ctx->cipher_ctx,
+                                  input, ilen,
+                                  output, ilen, olen);
     }
 #endif
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
-    {
+    if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
         *olen = ilen;
-        return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                           ilen, input, output ) );
+        return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx,
+                                         ilen, input, output);
     }
 #endif
 
-    if( input == output &&
-       ( ctx->unprocessed_len != 0 || ilen % block_size ) )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (input == output &&
+        (ctx->unprocessed_len != 0 || ilen % block_size)) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
-    {
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) {
         size_t copy_len = 0;
 
         /*
          * If there is not enough data for a full block, cache it.
          */
-        if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
-                ilen <= block_size - ctx->unprocessed_len ) ||
-            ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
-                ilen < block_size - ctx->unprocessed_len ) ||
-             ( ctx->operation == MBEDTLS_ENCRYPT &&
-                ilen < block_size - ctx->unprocessed_len ) )
-        {
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    ilen );
+        if ((ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
+             ilen <= block_size - ctx->unprocessed_len) ||
+            (ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
+             ilen < block_size - ctx->unprocessed_len) ||
+            (ctx->operation == MBEDTLS_ENCRYPT &&
+             ilen < block_size - ctx->unprocessed_len)) {
+            memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
+                   ilen);
 
             ctx->unprocessed_len += ilen;
-            return( 0 );
+            return 0;
         }
 
         /*
          * Process cached data first
          */
-        if( 0 != ctx->unprocessed_len )
-        {
+        if (0 != ctx->unprocessed_len) {
             copy_len = block_size - ctx->unprocessed_len;
 
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    copy_len );
+            memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
+                   copy_len);
 
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, block_size, ctx->iv,
-                    ctx->unprocessed_data, output ) ) )
-            {
-                return( ret );
+            if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+                                                             ctx->operation, block_size, ctx->iv,
+                                                             ctx->unprocessed_data, output))) {
+                return ret;
             }
 
             *olen += block_size;
@@ -629,22 +631,20 @@
         /*
          * Cache final, incomplete block
          */
-        if( 0 != ilen )
-        {
+        if (0 != ilen) {
             /* Encryption: only cache partial blocks
              * Decryption w/ padding: always keep at least one whole block
              * Decryption w/o padding: only cache partial blocks
              */
             copy_len = ilen % block_size;
-            if( copy_len == 0 &&
+            if (copy_len == 0 &&
                 ctx->operation == MBEDTLS_DECRYPT &&
-                NULL != ctx->add_padding)
-            {
+                NULL != ctx->add_padding) {
                 copy_len = block_size;
             }
 
-            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
-                    copy_len );
+            memcpy(ctx->unprocessed_data, &(input[ilen - copy_len]),
+                   copy_len);
 
             ctx->unprocessed_len += copy_len;
             ilen -= copy_len;
@@ -653,105 +653,96 @@
         /*
          * Process remaining full blocks
          */
-        if( ilen )
-        {
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, ilen, ctx->iv, input, output ) ) )
-            {
-                return( ret );
+        if (ilen) {
+            if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+                                                             ctx->operation, ilen, ctx->iv, input,
+                                                             output))) {
+                return ret;
             }
 
             *olen += ilen;
         }
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
-                ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
-                input, output ) ) )
-        {
-            return( ret );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) {
+        if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx,
+                                                         ctx->operation, ilen,
+                                                         &ctx->unprocessed_len, ctx->iv,
+                                                         input, output))) {
+            return ret;
         }
 
         *olen = ilen;
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx,
-                ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
-        {
-            return( ret );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) {
+        if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx,
+                                                         ilen, &ctx->unprocessed_len, ctx->iv,
+                                                         input, output))) {
+            return ret;
         }
 
         *olen = ilen;
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
-                ilen, &ctx->unprocessed_len, ctx->iv,
-                ctx->unprocessed_data, input, output ) ) )
-        {
-            return( ret );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) {
+        if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx,
+                                                         ilen, &ctx->unprocessed_len, ctx->iv,
+                                                         ctx->unprocessed_data, input, output))) {
+            return ret;
         }
 
         *olen = ilen;
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
-    {
-        if( ctx->unprocessed_len > 0 ) {
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) {
+        if (ctx->unprocessed_len > 0) {
             /* We can only process an entire data unit at a time. */
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         }
 
-        ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx,
-                ctx->operation, ilen, ctx->iv, input, output );
-        if( ret != 0 )
-        {
-            return( ret );
+        ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx,
+                                               ctx->operation, ilen, ctx->iv, input, output);
+        if (ret != 0) {
+            return ret;
         }
 
         *olen = ilen;
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
-                                                    ilen, input, output ) ) )
-        {
-            return( ret );
+    if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) {
+        if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx,
+                                                            ilen, input, output))) {
+            return ret;
         }
 
         *olen = ilen;
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_CIPHER_MODE_STREAM */
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
@@ -759,24 +750,26 @@
 /*
  * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
  */
-static void add_pkcs_padding( unsigned char *output, size_t output_len,
-        size_t data_len )
+static void add_pkcs_padding(unsigned char *output, size_t output_len,
+                             size_t data_len)
 {
     size_t padding_len = output_len - data_len;
     unsigned char i;
 
-    for( i = 0; i < padding_len; i++ )
+    for (i = 0; i < padding_len; i++) {
         output[data_len + i] = (unsigned char) padding_len;
+    }
 }
 
-static int get_pkcs_padding( unsigned char *input, size_t input_len,
-        size_t *data_len )
+static int get_pkcs_padding(unsigned char *input, size_t input_len,
+                            size_t *data_len)
 {
     size_t i, pad_idx;
     unsigned char padding_len, bad = 0;
 
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == input || NULL == data_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     padding_len = input[input_len - 1];
     *data_len = input_len - padding_len;
@@ -788,10 +781,11 @@
     /* The number of bytes checked must be independent of padding_len,
      * so pick input_len, which is usually 8 or 16 (one block) */
     pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len; i++ )
-        bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
+    for (i = 0; i < input_len; i++) {
+        bad |= (input[i] ^ padding_len) * (i >= pad_idx);
+    }
 
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+    return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
 
@@ -799,37 +793,38 @@
 /*
  * One and zeros padding: fill with 80 00 ... 00
  */
-static void add_one_and_zeros_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
+static void add_one_and_zeros_padding(unsigned char *output,
+                                      size_t output_len, size_t data_len)
 {
     size_t padding_len = output_len - data_len;
     unsigned char i = 0;
 
     output[data_len] = 0x80;
-    for( i = 1; i < padding_len; i++ )
+    for (i = 1; i < padding_len; i++) {
         output[data_len + i] = 0x00;
+    }
 }
 
-static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
+static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
+                                     size_t *data_len)
 {
     size_t i;
     unsigned char done = 0, prev_done, bad;
 
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == input || NULL == data_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     bad = 0x80;
     *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
+    for (i = input_len; i > 0; i--) {
         prev_done = done;
-        done |= ( input[i - 1] != 0 );
-        *data_len |= ( i - 1 ) * ( done != prev_done );
-        bad ^= input[i - 1] * ( done != prev_done );
+        done |= (input[i - 1] != 0);
+        *data_len |= (i - 1) * (done != prev_done);
+        bad ^= input[i - 1] * (done != prev_done);
     }
 
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+    return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
 
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
@@ -838,25 +833,27 @@
 /*
  * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
  */
-static void add_zeros_and_len_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
+static void add_zeros_and_len_padding(unsigned char *output,
+                                      size_t output_len, size_t data_len)
 {
     size_t padding_len = output_len - data_len;
     unsigned char i = 0;
 
-    for( i = 1; i < padding_len; i++ )
+    for (i = 1; i < padding_len; i++) {
         output[data_len + i - 1] = 0x00;
+    }
     output[output_len - 1] = (unsigned char) padding_len;
 }
 
-static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
+static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
+                                     size_t *data_len)
 {
     size_t i, pad_idx;
     unsigned char padding_len, bad = 0;
 
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == input || NULL == data_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     padding_len = input[input_len - 1];
     *data_len = input_len - padding_len;
@@ -867,10 +864,11 @@
 
     /* The number of bytes checked must be independent of padding_len */
     pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len - 1; i++ )
-        bad |= input[i] * ( i >= pad_idx );
+    for (i = 0; i < input_len - 1; i++) {
+        bad |= input[i] * (i >= pad_idx);
+    }
 
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+    return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
 
@@ -878,33 +876,34 @@
 /*
  * Zero padding: fill with 00 ... 00
  */
-static void add_zeros_padding( unsigned char *output,
-                               size_t output_len, size_t data_len )
+static void add_zeros_padding(unsigned char *output,
+                              size_t output_len, size_t data_len)
 {
     size_t i;
 
-    for( i = data_len; i < output_len; i++ )
+    for (i = data_len; i < output_len; i++) {
         output[i] = 0x00;
+    }
 }
 
-static int get_zeros_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
+static int get_zeros_padding(unsigned char *input, size_t input_len,
+                             size_t *data_len)
 {
     size_t i;
     unsigned char done = 0, prev_done;
 
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
-        prev_done = done;
-        done |= ( input[i-1] != 0 );
-        *data_len |= i * ( done != prev_done );
+    if (NULL == input || NULL == data_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    *data_len = 0;
+    for (i = input_len; i > 0; i--) {
+        prev_done = done;
+        done |= (input[i-1] != 0);
+        *data_len |= i * (done != prev_done);
+    }
+
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
 
@@ -914,245 +913,240 @@
  * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
  * but a trivial get_padding function
  */
-static int get_no_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
+static int get_no_padding(unsigned char *input, size_t input_len,
+                          size_t *data_len)
 {
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == input || NULL == data_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     *data_len = input_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen )
+int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
+                          unsigned char *output, size_t *olen)
 {
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     *olen = 0;
 
-    if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
+    if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
         MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
         MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
         MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
-    {
-        return( 0 );
+        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) {
+        return 0;
     }
 
-    if ( ( MBEDTLS_CIPHER_CHACHA20          == ctx->cipher_info->type ) ||
-         ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
-    {
-        return( 0 );
+    if ((MBEDTLS_CIPHER_CHACHA20          == ctx->cipher_info->type) ||
+        (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) {
+        return 0;
     }
 
-    if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
-    {
-        if( ctx->unprocessed_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+    if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) {
+        if (ctx->unprocessed_len != 0) {
+            return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+        }
 
-        return( 0 );
+        return 0;
     }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) {
         int ret = 0;
 
-        if( MBEDTLS_ENCRYPT == ctx->operation )
-        {
+        if (MBEDTLS_ENCRYPT == ctx->operation) {
             /* check for 'no padding' mode */
-            if( NULL == ctx->add_padding )
-            {
-                if( 0 != ctx->unprocessed_len )
-                    return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+            if (NULL == ctx->add_padding) {
+                if (0 != ctx->unprocessed_len) {
+                    return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
+                }
 
-                return( 0 );
+                return 0;
             }
 
-            ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
-                    ctx->unprocessed_len );
-        }
-        else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
-        {
+            ctx->add_padding(ctx->unprocessed_data, mbedtls_cipher_get_iv_size(ctx),
+                             ctx->unprocessed_len);
+        } else if (mbedtls_cipher_get_block_size(ctx) != ctx->unprocessed_len) {
             /*
              * For decrypt operations, expect a full block,
              * or an empty block if no padding
              */
-            if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
-                return( 0 );
+            if (NULL == ctx->add_padding && 0 == ctx->unprocessed_len) {
+                return 0;
+            }
 
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+            return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
         }
 
         /* cipher block */
-        if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
-                ctx->unprocessed_data, output ) ) )
-        {
-            return( ret );
+        if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
+                                                         ctx->operation,
+                                                         mbedtls_cipher_get_block_size(ctx),
+                                                         ctx->iv,
+                                                         ctx->unprocessed_data, output))) {
+            return ret;
         }
 
         /* Set output size for decryption */
-        if( MBEDTLS_DECRYPT == ctx->operation )
-            return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
-                                      olen ) );
+        if (MBEDTLS_DECRYPT == ctx->operation) {
+            return ctx->get_padding(output, mbedtls_cipher_get_block_size(ctx),
+                                    olen);
+        }
 
         /* Set output size for encryption */
-        *olen = mbedtls_cipher_get_block_size( ctx );
-        return( 0 );
+        *olen = mbedtls_cipher_get_block_size(ctx);
+        return 0;
     }
 #else
     ((void) output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
-                                     mbedtls_cipher_padding_t mode )
+int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
+                                    mbedtls_cipher_padding_t mode)
 {
-    if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto knows about CBC padding
          * schemes, we currently don't make them
          * accessible through the cipher layer. */
-        if( mode != MBEDTLS_PADDING_NONE )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        if (mode != MBEDTLS_PADDING_NONE) {
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+        }
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    switch( mode )
-    {
+    switch (mode) {
 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    case MBEDTLS_PADDING_PKCS7:
-        ctx->add_padding = add_pkcs_padding;
-        ctx->get_padding = get_pkcs_padding;
-        break;
+        case MBEDTLS_PADDING_PKCS7:
+            ctx->add_padding = add_pkcs_padding;
+            ctx->get_padding = get_pkcs_padding;
+            break;
 #endif
 #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-    case MBEDTLS_PADDING_ONE_AND_ZEROS:
-        ctx->add_padding = add_one_and_zeros_padding;
-        ctx->get_padding = get_one_and_zeros_padding;
-        break;
+        case MBEDTLS_PADDING_ONE_AND_ZEROS:
+            ctx->add_padding = add_one_and_zeros_padding;
+            ctx->get_padding = get_one_and_zeros_padding;
+            break;
 #endif
 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-    case MBEDTLS_PADDING_ZEROS_AND_LEN:
-        ctx->add_padding = add_zeros_and_len_padding;
-        ctx->get_padding = get_zeros_and_len_padding;
-        break;
+        case MBEDTLS_PADDING_ZEROS_AND_LEN:
+            ctx->add_padding = add_zeros_and_len_padding;
+            ctx->get_padding = get_zeros_and_len_padding;
+            break;
 #endif
 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-    case MBEDTLS_PADDING_ZEROS:
-        ctx->add_padding = add_zeros_padding;
-        ctx->get_padding = get_zeros_padding;
-        break;
+        case MBEDTLS_PADDING_ZEROS:
+            ctx->add_padding = add_zeros_padding;
+            ctx->get_padding = get_zeros_padding;
+            break;
 #endif
-    case MBEDTLS_PADDING_NONE:
-        ctx->add_padding = NULL;
-        ctx->get_padding = get_no_padding;
-        break;
+        case MBEDTLS_PADDING_NONE:
+            ctx->add_padding = NULL;
+            ctx->get_padding = get_no_padding;
+            break;
 
-    default:
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        default:
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
+                             unsigned char *tag, size_t tag_len)
 {
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if( MBEDTLS_ENCRYPT != ctx->operation )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (MBEDTLS_ENCRYPT != ctx->operation) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
         size_t output_length;
         /* The code here doesn't yet support alternative implementations
          * that can delay up to a block of output. */
-        return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                    NULL, 0, &output_length,
-                                    tag, tag_len ) );
+        return mbedtls_gcm_finish((mbedtls_gcm_context *) ctx->cipher_ctx,
+                                  NULL, 0, &output_length,
+                                  tag, tag_len);
     }
 #endif
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
         /* Don't allow truncated MAC for Poly1305 */
-        if ( tag_len != 16U )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (tag_len != 16U) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
-        return( mbedtls_chachapoly_finish(
-                    (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) );
+        return mbedtls_chachapoly_finish(
+            (mbedtls_chachapoly_context *) ctx->cipher_ctx, tag);
     }
 #endif
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len )
+int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
+                             const unsigned char *tag, size_t tag_len)
 {
     unsigned char check_tag[16];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx->cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if( MBEDTLS_DECRYPT != ctx->operation )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (MBEDTLS_DECRYPT != ctx->operation) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* While PSA Crypto has an API for multipart
          * operations, we currently don't make it
          * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -1160,26 +1154,24 @@
     ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
         size_t output_length;
         /* The code here doesn't yet support alternative implementations
          * that can delay up to a block of output. */
 
-        if( tag_len > sizeof( check_tag ) )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (tag_len > sizeof(check_tag)) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
-        if( 0 != ( ret = mbedtls_gcm_finish(
-                       (mbedtls_gcm_context *) ctx->cipher_ctx,
-                       NULL, 0, &output_length,
-                       check_tag, tag_len ) ) )
-        {
-            return( ret );
+        if (0 != (ret = mbedtls_gcm_finish(
+                      (mbedtls_gcm_context *) ctx->cipher_ctx,
+                      NULL, 0, &output_length,
+                      check_tag, tag_len))) {
+            return ret;
         }
 
         /* Check the tag in "constant-time" */
-        if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
-        {
+        if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
             goto exit;
         }
@@ -1187,22 +1179,20 @@
 #endif /* MBEDTLS_GCM_C */
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
         /* Don't allow truncated MAC for Poly1305 */
-        if ( tag_len != sizeof( check_tag ) )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (tag_len != sizeof(check_tag)) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
         ret = mbedtls_chachapoly_finish(
-            (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag );
-        if ( ret != 0 )
-        {
-            return( ret );
+            (mbedtls_chachapoly_context *) ctx->cipher_ctx, check_tag);
+        if (ret != 0) {
+            return ret;
         }
 
         /* Check the tag in "constant-time" */
-        if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
-        {
+        if (mbedtls_ct_memcmp(tag, check_tag, tag_len) != 0) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
             goto exit;
         }
@@ -1210,25 +1200,24 @@
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
 exit:
-    mbedtls_platform_zeroize( check_tag, tag_len );
-    return( ret );
+    mbedtls_platform_zeroize(check_tag, tag_len);
+    return ret;
 }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /*
  * Packet-oriented wrapper for non-AEAD modes
  */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen )
+int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t finish_olen;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* As in the non-PSA case, we don't check that
          * a key has been set. If not, the key slot will
          * still be in its default state of 0, which is
@@ -1241,69 +1230,73 @@
         psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
         size_t part_len;
 
-        if( ctx->operation == MBEDTLS_DECRYPT )
-        {
-            status = psa_cipher_decrypt_setup( &cipher_op,
-                                               cipher_psa->slot,
-                                               cipher_psa->alg );
+        if (ctx->operation == MBEDTLS_DECRYPT) {
+            status = psa_cipher_decrypt_setup(&cipher_op,
+                                              cipher_psa->slot,
+                                              cipher_psa->alg);
+        } else if (ctx->operation == MBEDTLS_ENCRYPT) {
+            status = psa_cipher_encrypt_setup(&cipher_op,
+                                              cipher_psa->slot,
+                                              cipher_psa->alg);
+        } else {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
-        else if( ctx->operation == MBEDTLS_ENCRYPT )
-        {
-            status = psa_cipher_encrypt_setup( &cipher_op,
-                                               cipher_psa->slot,
-                                               cipher_psa->alg );
-        }
-        else
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
         /* In the following, we can immediately return on an error,
          * because the PSA Crypto API guarantees that cipher operations
          * are terminated by unsuccessful calls to psa_cipher_update(),
          * and by any call to psa_cipher_finish(). */
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-
-        if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
-        {
-            status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
-            if( status != PSA_SUCCESS )
-                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         }
 
-        status = psa_cipher_update( &cipher_op,
-                                    input, ilen,
-                                    output, ilen, olen );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        if (ctx->cipher_info->mode != MBEDTLS_MODE_ECB) {
+            status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
+            if (status != PSA_SUCCESS) {
+                return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+            }
+        }
 
-        status = psa_cipher_finish( &cipher_op,
-                                    output + *olen, ilen - *olen,
-                                    &part_len );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        status = psa_cipher_update(&cipher_op,
+                                   input, ilen,
+                                   output, ilen, olen);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        }
+
+        status = psa_cipher_finish(&cipher_op,
+                                   output + *olen, ilen - *olen,
+                                   &part_len);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        }
 
         *olen += part_len;
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_cipher_set_iv(ctx, iv, iv_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_cipher_reset(ctx)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_cipher_update( ctx, input, ilen,
-                                       output, olen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_cipher_update(ctx, input, ilen,
+                                     output, olen)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_cipher_finish( ctx, output + *olen,
-                                       &finish_olen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_cipher_finish(ctx, output + *olen,
+                                     &finish_olen)) != 0) {
+        return ret;
+    }
 
     *olen += finish_olen;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
@@ -1311,16 +1304,15 @@
  * Packet-oriented encryption for AEAD modes: internal function used by
  * mbedtls_cipher_auth_encrypt_ext().
  */
-static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len )
+static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
+                                       const unsigned char *iv, size_t iv_len,
+                                       const unsigned char *ad, size_t ad_len,
+                                       const unsigned char *input, size_t ilen,
+                                       unsigned char *output, size_t *olen,
+                                       unsigned char *tag, size_t tag_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* As in the non-PSA case, we don't check that
          * a key has been set. If not, the key slot will
          * still be in its default state of 0, which is
@@ -1333,74 +1325,71 @@
 
         /* PSA Crypto API always writes the authentication tag
          * at the end of the encrypted message. */
-        if( output == NULL || tag != output + ilen )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        if (output == NULL || tag != output + ilen) {
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+        }
 
-        status = psa_aead_encrypt( cipher_psa->slot,
-                                   cipher_psa->alg,
-                                   iv, iv_len,
-                                   ad, ad_len,
-                                   input, ilen,
-                                   output, ilen + tag_len, olen );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        status = psa_aead_encrypt(cipher_psa->slot,
+                                  cipher_psa->alg,
+                                  iv, iv_len,
+                                  ad, ad_len,
+                                  input, ilen,
+                                  output, ilen + tag_len, olen);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        }
 
         *olen -= tag_len;
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
         *olen = ilen;
-        return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
-                                           ilen, iv, iv_len, ad, ad_len,
-                                           input, output, tag_len, tag ) );
+        return mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
+                                         ilen, iv, iv_len, ad, ad_len,
+                                         input, output, tag_len, tag);
     }
 #endif /* MBEDTLS_GCM_C */
 #if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
         *olen = ilen;
-        return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
-                                     iv, iv_len, ad, ad_len, input, output,
-                                     tag, tag_len ) );
+        return mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen,
+                                           iv, iv_len, ad, ad_len, input, output,
+                                           tag, tag_len);
     }
 #endif /* MBEDTLS_CCM_C */
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
         /* ChachaPoly has fixed length nonce and MAC (tag) */
-        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if ((iv_len != ctx->cipher_info->iv_size) ||
+            (tag_len != 16U)) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
         *olen = ilen;
-        return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
-                                ilen, iv, ad, ad_len, input, output, tag ) );
+        return mbedtls_chachapoly_encrypt_and_tag(ctx->cipher_ctx,
+                                                  ilen, iv, ad, ad_len, input, output, tag);
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 
 /*
  * Packet-oriented encryption for AEAD modes: internal function used by
  * mbedtls_cipher_auth_encrypt_ext().
  */
-static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len )
+static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
+                                       const unsigned char *iv, size_t iv_len,
+                                       const unsigned char *ad, size_t ad_len,
+                                       const unsigned char *input, size_t ilen,
+                                       unsigned char *output, size_t *olen,
+                                       const unsigned char *tag, size_t tag_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
+    if (ctx->psa_enabled == 1) {
         /* As in the non-PSA case, we don't check that
          * a key has been set. If not, the key slot will
          * still be in its default state of 0, which is
@@ -1413,80 +1402,81 @@
 
         /* PSA Crypto API always writes the authentication tag
          * at the end of the encrypted message. */
-        if( input == NULL || tag != input + ilen )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        if (input == NULL || tag != input + ilen) {
+            return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+        }
 
-        status = psa_aead_decrypt( cipher_psa->slot,
-                                   cipher_psa->alg,
-                                   iv, iv_len,
-                                   ad, ad_len,
-                                   input, ilen + tag_len,
-                                   output, ilen, olen );
-        if( status == PSA_ERROR_INVALID_SIGNATURE )
-            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
-        else if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        status = psa_aead_decrypt(cipher_psa->slot,
+                                  cipher_psa->alg,
+                                  iv, iv_len,
+                                  ad, ad_len,
+                                  input, ilen + tag_len,
+                                  output, ilen, olen);
+        if (status == PSA_ERROR_INVALID_SIGNATURE) {
+            return MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        } else if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        }
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
         *olen = ilen;
-        ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                tag, tag_len, input, output );
+        ret = mbedtls_gcm_auth_decrypt(ctx->cipher_ctx, ilen,
+                                       iv, iv_len, ad, ad_len,
+                                       tag, tag_len, input, output);
 
-        if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
+        if (ret == MBEDTLS_ERR_GCM_AUTH_FAILED) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
 
-        return( ret );
+        return ret;
     }
 #endif /* MBEDTLS_GCM_C */
 #if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
+    if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
         *olen = ilen;
-        ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                input, output, tag, tag_len );
+        ret = mbedtls_ccm_auth_decrypt(ctx->cipher_ctx, ilen,
+                                       iv, iv_len, ad, ad_len,
+                                       input, output, tag, tag_len);
 
-        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+        if (ret == MBEDTLS_ERR_CCM_AUTH_FAILED) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
 
-        return( ret );
+        return ret;
     }
 #endif /* MBEDTLS_CCM_C */
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
         /* ChachaPoly has fixed length nonce and MAC (tag) */
-        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if ((iv_len != ctx->cipher_info->iv_size) ||
+            (tag_len != 16U)) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
         *olen = ilen;
-        ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, ad, ad_len, tag, input, output );
+        ret = mbedtls_chachapoly_auth_decrypt(ctx->cipher_ctx, ilen,
+                                              iv, ad, ad_len, tag, input, output);
 
-        if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
+        if (ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
 
-        return( ret );
+        return ret;
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
 
@@ -1494,96 +1484,98 @@
 /*
  * Packet-oriented encryption for AEAD/NIST_KW: public function.
  */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len )
+int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
+                                    const unsigned char *iv, size_t iv_len,
+                                    const unsigned char *ad, size_t ad_len,
+                                    const unsigned char *input, size_t ilen,
+                                    unsigned char *output, size_t output_len,
+                                    size_t *olen, size_t tag_len)
 {
 #if defined(MBEDTLS_NIST_KW_C)
-    if(
+    if (
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         ctx->psa_enabled == 0 &&
 #endif
-        ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
-          MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
-    {
-        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
-                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+        (MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+         MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
+        mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
+                                      MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
 
         /* There is no iv, tag or ad associated with KW and KWP,
          * so these length should be 0 as documented. */
-        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (iv_len != 0 || tag_len != 0 || ad_len != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
         (void) iv;
         (void) ad;
 
-        return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen,
-                                      output, olen, output_len ) );
+        return mbedtls_nist_kw_wrap(ctx->cipher_ctx, mode, input, ilen,
+                                    output, olen, output_len);
     }
 #endif /* MBEDTLS_NIST_KW_C */
 
 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
     /* AEAD case: check length before passing on to shared function */
-    if( output_len < ilen + tag_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (output_len < ilen + tag_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
-                                       input, ilen, output, olen,
-                                       output + ilen, tag_len );
+    int ret = mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len,
+                                          input, ilen, output, olen,
+                                          output + ilen, tag_len);
     *olen += tag_len;
-    return( ret );
+    return ret;
 #else
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
 }
 
 /*
  * Packet-oriented decryption for AEAD/NIST_KW: public function.
  */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len )
+int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
+                                    const unsigned char *iv, size_t iv_len,
+                                    const unsigned char *ad, size_t ad_len,
+                                    const unsigned char *input, size_t ilen,
+                                    unsigned char *output, size_t output_len,
+                                    size_t *olen, size_t tag_len)
 {
 #if defined(MBEDTLS_NIST_KW_C)
-    if(
+    if (
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         ctx->psa_enabled == 0 &&
 #endif
-        ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
-          MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
-    {
-        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
-                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
+        (MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
+         MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
+        mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
+                                      MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
 
         /* There is no iv, tag or ad associated with KW and KWP,
          * so these length should be 0 as documented. */
-        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (iv_len != 0 || tag_len != 0 || ad_len != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
 
         (void) iv;
         (void) ad;
 
-        return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen,
-                                        output, olen, output_len ) );
+        return mbedtls_nist_kw_unwrap(ctx->cipher_ctx, mode, input, ilen,
+                                      output, olen, output_len);
     }
 #endif /* MBEDTLS_NIST_KW_C */
 
 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
     /* AEAD case: check length before passing on to shared function */
-    if( ilen < tag_len || output_len < ilen - tag_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ilen < tag_len || output_len < ilen - tag_len) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
-                                         input, ilen - tag_len, output, olen,
-                                         input + ilen - tag_len, tag_len ) );
+    return mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len,
+                                       input, ilen - tag_len, output, olen,
+                                       input + ilen - tag_len, tag_len);
 #else
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
 }
 #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 8e395b3..c99627c 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -72,100 +72,101 @@
 
 #if defined(MBEDTLS_GCM_C)
 /* shared by all GCM ciphers */
-static void *gcm_ctx_alloc( void )
+static void *gcm_ctx_alloc(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
 
-    if( ctx != NULL )
-        mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
+    if (ctx != NULL) {
+        mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void gcm_ctx_free( void *ctx )
+static void gcm_ctx_free(void *ctx)
 {
-    mbedtls_gcm_free( ctx );
-    mbedtls_free( ctx );
+    mbedtls_gcm_free(ctx);
+    mbedtls_free(ctx);
 }
 #endif /* MBEDTLS_GCM_C */
 
 #if defined(MBEDTLS_CCM_C)
 /* shared by all CCM ciphers */
-static void *ccm_ctx_alloc( void )
+static void *ccm_ctx_alloc(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
 
-    if( ctx != NULL )
-        mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
+    if (ctx != NULL) {
+        mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void ccm_ctx_free( void *ctx )
+static void ccm_ctx_free(void *ctx)
 {
-    mbedtls_ccm_free( ctx );
-    mbedtls_free( ctx );
+    mbedtls_ccm_free(ctx);
+    mbedtls_free(ctx);
 }
 #endif /* MBEDTLS_CCM_C */
 
 #if defined(MBEDTLS_AES_C)
 
-static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
+static int aes_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+                              const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
+    return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output);
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int aes_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+                              unsigned char *iv, const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
-                          output );
+    return mbedtls_aes_crypt_cbc((mbedtls_aes_context *) ctx, operation, length, iv, input,
+                                 output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
+static int aes_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+                                 size_t length, size_t *iv_off, unsigned char *iv,
+                                 const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
-                             input, output );
+    return mbedtls_aes_crypt_cfb128((mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
+                                    input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
-static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int aes_crypt_ofb_wrap(void *ctx, size_t length, size_t *iv_off,
+                              unsigned char *iv, const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off,
-                                    iv, input, output );
+    return mbedtls_aes_crypt_ofb((mbedtls_aes_context *) ctx, length, iv_off,
+                                 iv, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
+static int aes_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+                              unsigned char *nonce_counter, unsigned char *stream_block,
+                              const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
-                          stream_block, input, output );
+    return mbedtls_aes_crypt_ctr((mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
+                                 stream_block, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
-                               size_t length,
-                               const unsigned char data_unit[16],
-                               const unsigned char *input,
-                               unsigned char *output )
+static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation,
+                              size_t length,
+                              const unsigned char data_unit[16],
+                              const unsigned char *input,
+                              unsigned char *output)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
     int mode;
 
-    switch( operation )
-    {
+    switch (operation) {
         case MBEDTLS_ENCRYPT:
             mode = MBEDTLS_AES_ENCRYPT;
             break;
@@ -176,39 +177,40 @@
             return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    return mbedtls_aes_crypt_xts( xts_ctx, mode, length,
-                                  data_unit, input, output );
+    return mbedtls_aes_crypt_xts(xts_ctx, mode, length,
+                                 data_unit, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
-static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
-    return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
+    return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen);
 }
 
-static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
-    return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
+    return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen);
 }
 
-static void * aes_ctx_alloc( void )
+static void *aes_ctx_alloc(void)
 {
-    mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
+    mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
 
-    if( aes == NULL )
-        return( NULL );
+    if (aes == NULL) {
+        return NULL;
+    }
 
-    mbedtls_aes_init( aes );
+    mbedtls_aes_init(aes);
 
-    return( aes );
+    return aes;
 }
 
-static void aes_ctx_free( void *ctx )
+static void aes_ctx_free(void *ctx)
 {
-    mbedtls_aes_free( (mbedtls_aes_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_aes_free((mbedtls_aes_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t aes_info = {
@@ -412,39 +414,41 @@
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                    unsigned int key_bitlen )
+static int xts_aes_setkey_enc_wrap(void *ctx, const unsigned char *key,
+                                   unsigned int key_bitlen)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
+    return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen);
 }
 
-static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                    unsigned int key_bitlen )
+static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
+                                   unsigned int key_bitlen)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
+    return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen);
 }
 
-static void *xts_aes_ctx_alloc( void )
+static void *xts_aes_ctx_alloc(void)
 {
-    mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) );
+    mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
 
-    if( xts_ctx != NULL )
-        mbedtls_aes_xts_init( xts_ctx );
+    if (xts_ctx != NULL) {
+        mbedtls_aes_xts_init(xts_ctx);
+    }
 
-    return( xts_ctx );
+    return xts_ctx;
 }
 
-static void xts_aes_ctx_free( void *ctx )
+static void xts_aes_ctx_free(void *ctx)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
 
-    if( xts_ctx == NULL )
+    if (xts_ctx == NULL) {
         return;
+    }
 
-    mbedtls_aes_xts_free( xts_ctx );
-    mbedtls_free( xts_ctx );
+    mbedtls_aes_xts_free(xts_ctx);
+    mbedtls_free(xts_ctx);
 }
 
 static const mbedtls_cipher_base_t xts_aes_info = {
@@ -498,11 +502,11 @@
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 #if defined(MBEDTLS_GCM_C)
-static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
+    return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t gcm_aes_info = {
@@ -567,11 +571,11 @@
 #endif /* MBEDTLS_GCM_C */
 
 #if defined(MBEDTLS_CCM_C)
-static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
+    return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t ccm_aes_info = {
@@ -672,72 +676,73 @@
 
 #if defined(MBEDTLS_CAMELLIA_C)
 
-static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
+static int camellia_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+                                   const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
-                               output );
+    return mbedtls_camellia_crypt_ecb((mbedtls_camellia_context *) ctx, operation, input,
+                                      output);
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
+static int camellia_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
+                                   size_t length, unsigned char *iv,
+                                   const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
-                               input, output );
+    return mbedtls_camellia_crypt_cbc((mbedtls_camellia_context *) ctx, operation, length, iv,
+                                      input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
+static int camellia_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+                                      size_t length, size_t *iv_off, unsigned char *iv,
+                                      const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
-                                  iv_off, iv, input, output );
+    return mbedtls_camellia_crypt_cfb128((mbedtls_camellia_context *) ctx, operation, length,
+                                         iv_off, iv, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
+static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+                                   unsigned char *nonce_counter, unsigned char *stream_block,
+                                   const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
+    return mbedtls_camellia_crypt_ctr((mbedtls_camellia_context *) ctx, length, nc_off,
+                                      nonce_counter, stream_block, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
-static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen)
 {
-    return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+    return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen);
 }
 
-static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen)
 {
-    return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+    return mbedtls_camellia_setkey_enc((mbedtls_camellia_context *) ctx, key, key_bitlen);
 }
 
-static void * camellia_ctx_alloc( void )
+static void *camellia_ctx_alloc(void)
 {
     mbedtls_camellia_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
+    ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
 
-    if( ctx == NULL )
-        return( NULL );
+    if (ctx == NULL) {
+        return NULL;
+    }
 
-    mbedtls_camellia_init( ctx );
+    mbedtls_camellia_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
-static void camellia_ctx_free( void *ctx )
+static void camellia_ctx_free(void *ctx)
 {
-    mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_camellia_free((mbedtls_camellia_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t camellia_info = {
@@ -906,11 +911,11 @@
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_GCM_C)
-static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int gcm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen)
 {
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
+    return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t gcm_camellia_info = {
@@ -975,11 +980,11 @@
 #endif /* MBEDTLS_GCM_C */
 
 #if defined(MBEDTLS_CCM_C)
-static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int ccm_camellia_setkey_wrap(void *ctx, const unsigned char *key,
+                                    unsigned int key_bitlen)
 {
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
+    return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t ccm_camellia_info = {
@@ -1080,73 +1085,74 @@
 
 #if defined(MBEDTLS_ARIA_C)
 
-static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
+static int aria_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+                               const unsigned char *input, unsigned char *output)
 {
     (void) operation;
-    return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
-                               output );
+    return mbedtls_aria_crypt_ecb((mbedtls_aria_context *) ctx, input,
+                                  output);
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
+static int aria_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation,
+                               size_t length, unsigned char *iv,
+                               const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
-                               input, output );
+    return mbedtls_aria_crypt_cbc((mbedtls_aria_context *) ctx, operation, length, iv,
+                                  input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
+static int aria_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation,
+                                  size_t length, size_t *iv_off, unsigned char *iv,
+                                  const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
-                                  iv_off, iv, input, output );
+    return mbedtls_aria_crypt_cfb128((mbedtls_aria_context *) ctx, operation, length,
+                                     iv_off, iv, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
+static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off,
+                               unsigned char *nonce_counter, unsigned char *stream_block,
+                               const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
+    return mbedtls_aria_crypt_ctr((mbedtls_aria_context *) ctx, length, nc_off,
+                                  nonce_counter, stream_block, input, output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
-static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-    return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
+    return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen);
 }
 
-static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-    return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
+    return mbedtls_aria_setkey_enc((mbedtls_aria_context *) ctx, key, key_bitlen);
 }
 
-static void * aria_ctx_alloc( void )
+static void *aria_ctx_alloc(void)
 {
     mbedtls_aria_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
+    ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
 
-    if( ctx == NULL )
-        return( NULL );
+    if (ctx == NULL) {
+        return NULL;
+    }
 
-    mbedtls_aria_init( ctx );
+    mbedtls_aria_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
-static void aria_ctx_free( void *ctx )
+static void aria_ctx_free(void *ctx)
 {
-    mbedtls_aria_free( (mbedtls_aria_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_aria_free((mbedtls_aria_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t aria_info = {
@@ -1315,11 +1321,11 @@
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_GCM_C)
-static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int gcm_aria_setkey_wrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
-                     key, key_bitlen );
+    return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t gcm_aria_info = {
@@ -1384,11 +1390,11 @@
 #endif /* MBEDTLS_GCM_C */
 
 #if defined(MBEDTLS_CCM_C)
-static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
+static int ccm_aria_setkey_wrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
-                     key, key_bitlen );
+    return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+                              key, key_bitlen);
 }
 
 static const mbedtls_cipher_base_t ccm_aria_info = {
@@ -1489,121 +1495,123 @@
 
 #if defined(MBEDTLS_DES_C)
 
-static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
+static int des_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+                              const unsigned char *input, unsigned char *output)
 {
     ((void) operation);
-    return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
+    return mbedtls_des_crypt_ecb((mbedtls_des_context *) ctx, input, output);
 }
 
-static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
+static int des3_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation,
+                               const unsigned char *input, unsigned char *output)
 {
     ((void) operation);
-    return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
+    return mbedtls_des3_crypt_ecb((mbedtls_des3_context *) ctx, input, output);
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int des_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+                              unsigned char *iv, const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
-                          output );
+    return mbedtls_des_crypt_cbc((mbedtls_des_context *) ctx, operation, length, iv, input,
+                                 output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
+static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length,
+                               unsigned char *iv, const unsigned char *input, unsigned char *output)
 {
-    return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
-                           output );
+    return mbedtls_des3_crypt_cbc((mbedtls_des3_context *) ctx, operation, length, iv, input,
+                                  output);
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int des_setkey_dec_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
+    return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key);
 }
 
-static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int des_setkey_enc_wrap(void *ctx, const unsigned char *key,
+                               unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
+    return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key);
 }
 
-static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
+static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
+    return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key);
 }
 
-static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
+static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
+    return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key);
 }
 
-static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
+static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
+    return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key);
 }
 
-static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
+static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen)
 {
     ((void) key_bitlen);
 
-    return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
+    return mbedtls_des3_set3key_enc((mbedtls_des3_context *) ctx, key);
 }
 
-static void * des_ctx_alloc( void )
+static void *des_ctx_alloc(void)
 {
-    mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
+    mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
 
-    if( des == NULL )
-        return( NULL );
+    if (des == NULL) {
+        return NULL;
+    }
 
-    mbedtls_des_init( des );
+    mbedtls_des_init(des);
 
-    return( des );
+    return des;
 }
 
-static void des_ctx_free( void *ctx )
+static void des_ctx_free(void *ctx)
 {
-    mbedtls_des_free( (mbedtls_des_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_des_free((mbedtls_des_context *) ctx);
+    mbedtls_free(ctx);
 }
 
-static void * des3_ctx_alloc( void )
+static void *des3_ctx_alloc(void)
 {
     mbedtls_des3_context *des3;
-    des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
+    des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
 
-    if( des3 == NULL )
-        return( NULL );
+    if (des3 == NULL) {
+        return NULL;
+    }
 
-    mbedtls_des3_init( des3 );
+    mbedtls_des3_init(des3);
 
-    return( des3 );
+    return des3;
 }
 
-static void des3_ctx_free( void *ctx )
+static void des3_ctx_free(void *ctx)
 {
-    mbedtls_des3_free( (mbedtls_des3_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_des3_free((mbedtls_des3_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t des_info = {
@@ -1761,48 +1769,52 @@
 
 #if defined(MBEDTLS_CHACHA20_C)
 
-static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
-                                 unsigned int key_bitlen )
+static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-    if( key_bitlen != 256U )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (key_bitlen != 256U) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int chacha20_stream_wrap( void *ctx,  size_t length,
-                                 const unsigned char *input,
-                                 unsigned char *output )
+static int chacha20_stream_wrap(void *ctx,  size_t length,
+                                const unsigned char *input,
+                                unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_chacha20_update( ctx, length, input, output );
-    if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    ret = mbedtls_chacha20_update(ctx, length, input, output);
+    if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( ret );
+    return ret;
 }
 
-static void * chacha20_ctx_alloc( void )
+static void *chacha20_ctx_alloc(void)
 {
     mbedtls_chacha20_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) );
+    ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
 
-    if( ctx == NULL )
-        return( NULL );
+    if (ctx == NULL) {
+        return NULL;
+    }
 
-    mbedtls_chacha20_init( ctx );
+    mbedtls_chacha20_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
-static void chacha20_ctx_free( void *ctx )
+static void chacha20_ctx_free(void *ctx)
 {
-    mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_chacha20_free((mbedtls_chacha20_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t chacha20_base_info = {
@@ -1845,36 +1857,39 @@
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
 
-static int chachapoly_setkey_wrap( void *ctx,
-                                   const unsigned char *key,
-                                   unsigned int key_bitlen )
+static int chachapoly_setkey_wrap(void *ctx,
+                                  const unsigned char *key,
+                                  unsigned int key_bitlen)
 {
-    if( key_bitlen != 256U )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (key_bitlen != 256U) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static void * chachapoly_ctx_alloc( void )
+static void *chachapoly_ctx_alloc(void)
 {
     mbedtls_chachapoly_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) );
+    ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
 
-    if( ctx == NULL )
-        return( NULL );
+    if (ctx == NULL) {
+        return NULL;
+    }
 
-    mbedtls_chachapoly_init( ctx );
+    mbedtls_chachapoly_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
-static void chachapoly_ctx_free( void *ctx )
+static void chachapoly_ctx_free(void *ctx)
 {
-    mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_chachapoly_free((mbedtls_chachapoly_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 static const mbedtls_cipher_base_t chachapoly_base_info = {
@@ -1916,31 +1931,31 @@
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-static int null_crypt_stream( void *ctx, size_t length,
-                              const unsigned char *input,
-                              unsigned char *output )
+static int null_crypt_stream(void *ctx, size_t length,
+                             const unsigned char *input,
+                             unsigned char *output)
 {
     ((void) ctx);
-    memmove( output, input, length );
-    return( 0 );
+    memmove(output, input, length);
+    return 0;
 }
 
-static int null_setkey( void *ctx, const unsigned char *key,
-                        unsigned int key_bitlen )
+static int null_setkey(void *ctx, const unsigned char *key,
+                       unsigned int key_bitlen)
 {
     ((void) ctx);
     ((void) key);
     ((void) key_bitlen);
 
-    return( 0 );
+    return 0;
 }
 
-static void * null_ctx_alloc( void )
+static void *null_ctx_alloc(void)
 {
-    return( (void *) 1 );
+    return (void *) 1;
 }
 
-static void null_ctx_free( void *ctx )
+static void null_ctx_free(void *ctx)
 {
     ((void) ctx);
 }
@@ -1985,34 +2000,35 @@
 #endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
 
 #if defined(MBEDTLS_NIST_KW_C)
-static void *kw_ctx_alloc( void )
+static void *kw_ctx_alloc(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
 
-    if( ctx != NULL )
-        mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx );
+    if (ctx != NULL) {
+        mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void kw_ctx_free( void *ctx )
+static void kw_ctx_free(void *ctx)
 {
-    mbedtls_nist_kw_free( ctx );
-    mbedtls_free( ctx );
+    mbedtls_nist_kw_free(ctx);
+    mbedtls_free(ctx);
 }
 
-static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int kw_aes_setkey_wrap(void *ctx, const unsigned char *key,
+                              unsigned int key_bitlen)
 {
-    return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
-                                   MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 );
+    return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
+                                  MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1);
 }
 
-static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
+static int kw_aes_setkey_unwrap(void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen)
 {
-   return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
-                                  MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 );
+    return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx,
+                                  MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0);
 }
 
 static const mbedtls_cipher_base_t kw_aes_info = {
@@ -2257,8 +2273,8 @@
     { MBEDTLS_CIPHER_NONE, NULL }
 };
 
-#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) /      \
-                      sizeof(mbedtls_cipher_definitions[0]) )
+#define NUM_CIPHERS (sizeof(mbedtls_cipher_definitions) /      \
+                     sizeof(mbedtls_cipher_definitions[0]))
 int mbedtls_cipher_supported[NUM_CIPHERS];
 
 #endif /* MBEDTLS_CIPHER_C */
diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h
index e27d6af..052cddb 100644
--- a/library/cipher_wrap.h
+++ b/library/cipher_wrap.h
@@ -39,82 +39,79 @@
 /**
  * Base cipher information. The non-mode specific functions and values.
  */
-struct mbedtls_cipher_base_t
-{
+struct mbedtls_cipher_base_t {
     /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
     mbedtls_cipher_id_t cipher;
 
     /** Encrypt using ECB */
-    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
-                     const unsigned char *input, unsigned char *output );
+    int (*ecb_func)(void *ctx, mbedtls_operation_t mode,
+                    const unsigned char *input, unsigned char *output);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
+    int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length,
+                    unsigned char *iv, const unsigned char *input,
+                    unsigned char *output);
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
     /** Encrypt using CFB (Full length) */
-    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
+    int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+                    unsigned char *iv, const unsigned char *input,
+                    unsigned char *output);
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
     /** Encrypt using OFB (Full length) */
-    int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
-                     unsigned char *iv,
-                     const unsigned char *input,
-                     unsigned char *output );
+    int (*ofb_func)(void *ctx, size_t length, size_t *iv_off,
+                    unsigned char *iv,
+                    const unsigned char *input,
+                    unsigned char *output);
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     /** Encrypt using CTR */
-    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
-                     unsigned char *nonce_counter, unsigned char *stream_block,
-                     const unsigned char *input, unsigned char *output );
+    int (*ctr_func)(void *ctx, size_t length, size_t *nc_off,
+                    unsigned char *nonce_counter, unsigned char *stream_block,
+                    const unsigned char *input, unsigned char *output);
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
     /** Encrypt or decrypt using XTS. */
-    int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     const unsigned char data_unit[16],
-                     const unsigned char *input, unsigned char *output );
+    int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length,
+                    const unsigned char data_unit[16],
+                    const unsigned char *input, unsigned char *output);
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     /** Encrypt using STREAM */
-    int (*stream_func)( void *ctx, size_t length,
-                        const unsigned char *input, unsigned char *output );
+    int (*stream_func)(void *ctx, size_t length,
+                       const unsigned char *input, unsigned char *output);
 #endif
 
     /** Set key for encryption purposes */
-    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen );
+    int (*setkey_enc_func)(void *ctx, const unsigned char *key,
+                           unsigned int key_bitlen);
 
     /** Set key for decryption purposes */
-    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen);
+    int (*setkey_dec_func)(void *ctx, const unsigned char *key,
+                           unsigned int key_bitlen);
 
     /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
+    void * (*ctx_alloc_func)(void);
 
     /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
+    void (*ctx_free_func)(void *ctx);
 
 };
 
-typedef struct
-{
+typedef struct {
     mbedtls_cipher_type_t type;
     const mbedtls_cipher_info_t *info;
 } mbedtls_cipher_definition_t;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-typedef enum
-{
+typedef enum {
     MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
     MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
                                   /* use raw key material internally imported */
@@ -127,8 +124,7 @@
                                       /* destroyed when the context is freed. */
 } mbedtls_cipher_psa_key_ownership;
 
-typedef struct
-{
+typedef struct {
     psa_algorithm_t alg;
     mbedtls_svc_key_id_t slot;
     mbedtls_cipher_psa_key_ownership slot_state;
diff --git a/library/cmac.c b/library/cmac.c
index 9870856..7d90ad2 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -63,9 +63,9 @@
  * Input and output MUST NOT point to the same buffer
  * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
  */
-static int cmac_multiply_by_u( unsigned char *output,
-                               const unsigned char *input,
-                               size_t blocksize )
+static int cmac_multiply_by_u(unsigned char *output,
+                              const unsigned char *input,
+                              size_t blocksize)
 {
     const unsigned char R_128 = 0x87;
     const unsigned char R_64 = 0x1B;
@@ -73,21 +73,15 @@
     unsigned char overflow = 0x00;
     int i;
 
-    if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
-    {
+    if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
         R_n = R_128;
-    }
-    else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
-    {
+    } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
         R_n = R_64;
-    }
-    else
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    } else {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    for( i = (int)blocksize - 1; i >= 0; i-- )
-    {
+    for (i = (int) blocksize - 1; i >= 0; i--) {
         output[i] = input[i] << 1 | overflow;
         overflow = input[i] >> 7;
     }
@@ -101,14 +95,14 @@
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    mask = - ( input[0] >> 7 );
+    mask = -(input[0] >> 7);
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
 
-    output[ blocksize - 1 ] ^= R_n & mask;
+    output[blocksize - 1] ^= R_n & mask;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -116,34 +110,37 @@
  *
  * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
  */
-static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
-                                  unsigned char* K1, unsigned char* K2 )
+static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
+                                 unsigned char *K1, unsigned char *K2)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
     size_t olen, block_size;
 
-    mbedtls_platform_zeroize( L, sizeof( L ) );
+    mbedtls_platform_zeroize(L, sizeof(L));
 
     block_size = ctx->cipher_info->block_size;
 
     /* Calculate Ek(0) */
-    if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
+    if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
         goto exit;
+    }
 
     /*
      * Generate K1 and K2
      */
-    if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
+    if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
+    if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_platform_zeroize( L, sizeof( L ) );
+    mbedtls_platform_zeroize(L, sizeof(L));
 
-    return( ret );
+    return ret;
 }
 #endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
 
@@ -155,75 +152,78 @@
  * We can't use the padding option from the cipher layer, as it only works for
  * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
  */
-static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
-                      size_t padded_block_len,
-                      const unsigned char *last_block,
-                      size_t last_block_len )
+static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
+                     size_t padded_block_len,
+                     const unsigned char *last_block,
+                     size_t last_block_len)
 {
     size_t j;
 
-    for( j = 0; j < padded_block_len; j++ )
-    {
-        if( j < last_block_len )
+    for (j = 0; j < padded_block_len; j++) {
+        if (j < last_block_len) {
             padded_block[j] = last_block[j];
-        else if( j == last_block_len )
+        } else if (j == last_block_len) {
             padded_block[j] = 0x80;
-        else
+        } else {
             padded_block[j] = 0x00;
+        }
     }
 }
 
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits )
+int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
+                               const unsigned char *key, size_t keybits)
 {
     mbedtls_cipher_type_t type;
     mbedtls_cmac_context_t *cmac_ctx;
     int retval;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
-                                          MBEDTLS_ENCRYPT ) ) != 0 )
-        return( retval );
+    if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits,
+                                        MBEDTLS_ENCRYPT)) != 0) {
+        return retval;
+    }
 
     type = ctx->cipher_info->type;
 
-    switch( type )
-    {
+    switch (type) {
         case MBEDTLS_CIPHER_AES_128_ECB:
         case MBEDTLS_CIPHER_AES_192_ECB:
         case MBEDTLS_CIPHER_AES_256_ECB:
         case MBEDTLS_CIPHER_DES_EDE3_ECB:
             break;
         default:
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
     /* Allocated and initialise in the cipher context memory for the CMAC
      * context */
-    cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) );
-    if( cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+    cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
+    if (cmac_ctx == NULL) {
+        return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+    }
 
     ctx->cmac_ctx = cmac_ctx;
 
-    mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
+    mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state));
 
     return 0;
 }
 
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen )
+int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
+                               const unsigned char *input, size_t ilen)
 {
-    mbedtls_cmac_context_t* cmac_ctx;
+    mbedtls_cmac_context_t *cmac_ctx;
     unsigned char *state;
     int ret = 0;
     size_t n, j, olen, block_size;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
-        ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
+        ctx->cmac_ctx == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
     block_size = ctx->cipher_info->block_size;
@@ -231,19 +231,17 @@
 
     /* Is there data still to process from the last call, that's greater in
      * size than a block? */
-    if( cmac_ctx->unprocessed_len > 0 &&
-        ilen > block_size - cmac_ctx->unprocessed_len )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                block_size - cmac_ctx->unprocessed_len );
+    if (cmac_ctx->unprocessed_len > 0 &&
+        ilen > block_size - cmac_ctx->unprocessed_len) {
+        memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
+               input,
+               block_size - cmac_ctx->unprocessed_len);
 
-        mbedtls_xor( state, cmac_ctx->unprocessed_block, state, block_size );
+        mbedtls_xor(state, cmac_ctx->unprocessed_block, state, block_size);
 
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-        {
-           goto exit;
+        if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+                                         &olen)) != 0) {
+            goto exit;
         }
 
         input += block_size - cmac_ctx->unprocessed_len;
@@ -252,39 +250,38 @@
     }
 
     /* n is the number of blocks including any final partial block */
-    n = ( ilen + block_size - 1 ) / block_size;
+    n = (ilen + block_size - 1) / block_size;
 
     /* Iterate across the input data in block sized chunks, excluding any
      * final partial or complete block */
-    for( j = 1; j < n; j++ )
-    {
-        mbedtls_xor( state, input, state, block_size );
+    for (j = 1; j < n; j++) {
+        mbedtls_xor(state, input, state, block_size);
 
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-           goto exit;
+        if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+                                         &olen)) != 0) {
+            goto exit;
+        }
 
         ilen -= block_size;
         input += block_size;
     }
 
     /* If there is data left over that wasn't aligned to a block */
-    if( ilen > 0 )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                ilen );
+    if (ilen > 0) {
+        memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
+               input,
+               ilen);
         cmac_ctx->unprocessed_len += ilen;
     }
 
 exit:
-    return( ret );
+    return ret;
 }
 
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output )
+int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
+                               unsigned char *output)
 {
-    mbedtls_cmac_context_t* cmac_ctx;
+    mbedtls_cmac_context_t *cmac_ctx;
     unsigned char *state, *last_block;
     unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
     unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
@@ -292,153 +289,153 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen, block_size;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
-        output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
+        output == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
     block_size = ctx->cipher_info->block_size;
     state = cmac_ctx->state;
 
-    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
-    mbedtls_platform_zeroize( K2, sizeof( K2 ) );
-    cmac_generate_subkeys( ctx, K1, K2 );
+    mbedtls_platform_zeroize(K1, sizeof(K1));
+    mbedtls_platform_zeroize(K2, sizeof(K2));
+    cmac_generate_subkeys(ctx, K1, K2);
 
     last_block = cmac_ctx->unprocessed_block;
 
     /* Calculate last block */
-    if( cmac_ctx->unprocessed_len < block_size )
-    {
-        cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len );
-        mbedtls_xor( M_last, M_last, K2, block_size );
-    }
-    else
-    {
+    if (cmac_ctx->unprocessed_len < block_size) {
+        cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
+        mbedtls_xor(M_last, M_last, K2, block_size);
+    } else {
         /* Last block is complete block */
-        mbedtls_xor( M_last, last_block, K1, block_size );
+        mbedtls_xor(M_last, last_block, K1, block_size);
     }
 
 
-    mbedtls_xor( state, M_last, state, block_size );
-    if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                       &olen ) ) != 0 )
-    {
+    mbedtls_xor(state, M_last, state, block_size);
+    if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
+                                     &olen)) != 0) {
         goto exit;
     }
 
-    memcpy( output, state, block_size );
+    memcpy(output, state, block_size);
 
 exit:
     /* Wipe the generated keys on the stack, and any other transients to avoid
      * side channel leakage */
-    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
-    mbedtls_platform_zeroize( K2, sizeof( K2 ) );
+    mbedtls_platform_zeroize(K1, sizeof(K1));
+    mbedtls_platform_zeroize(K2, sizeof(K2));
 
     cmac_ctx->unprocessed_len = 0;
-    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
-                              sizeof( cmac_ctx->unprocessed_block ) );
+    mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
+                             sizeof(cmac_ctx->unprocessed_block));
 
-    mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
-    return( ret );
+    mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
+    return ret;
 }
 
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
+int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
 {
-    mbedtls_cmac_context_t* cmac_ctx;
+    mbedtls_cmac_context_t *cmac_ctx;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
 
     /* Reset the internal state */
     cmac_ctx->unprocessed_len = 0;
-    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
-                              sizeof( cmac_ctx->unprocessed_block ) );
-    mbedtls_platform_zeroize( cmac_ctx->state,
-                              sizeof( cmac_ctx->state ) );
+    mbedtls_platform_zeroize(cmac_ctx->unprocessed_block,
+                             sizeof(cmac_ctx->unprocessed_block));
+    mbedtls_platform_zeroize(cmac_ctx->state,
+                             sizeof(cmac_ctx->state));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output )
+int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
+                        const unsigned char *key, size_t keylen,
+                        const unsigned char *input, size_t ilen,
+                        unsigned char *output)
 {
     mbedtls_cipher_context_t ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    mbedtls_cipher_init( &ctx );
+    mbedtls_cipher_init(&ctx);
 
-    if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
+    if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen );
-    if( ret != 0 )
+    ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen);
+    if (ret != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_cipher_cmac_update( &ctx, input, ilen );
-    if( ret != 0 )
+    ret = mbedtls_cipher_cmac_update(&ctx, input, ilen);
+    if (ret != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_cipher_cmac_finish( &ctx, output );
+    ret = mbedtls_cipher_cmac_finish(&ctx, output);
 
 exit:
-    mbedtls_cipher_free( &ctx );
+    mbedtls_cipher_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_AES_C)
 /*
  * Implementation of AES-CMAC-PRF-128 defined in RFC 4615
  */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char output[16] )
+int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_length,
+                             const unsigned char *input, size_t in_len,
+                             unsigned char output[16])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
     unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
     unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
 
-    if( key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (key == NULL || input == NULL || output == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
-    if( cipher_info == NULL )
-    {
+    cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
+    if (cipher_info == NULL) {
         /* Failing at this point must be due to a build issue */
         ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         goto exit;
     }
 
-    if( key_length == MBEDTLS_AES_BLOCK_SIZE )
-    {
+    if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
         /* Use key as is */
-        memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
-    }
-    else
-    {
-        memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE );
+        memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
+    } else {
+        memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
 
-        ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key,
-                                   key_length, int_key );
-        if( ret != 0 )
+        ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
+                                  key_length, int_key);
+        if (ret != 0) {
             goto exit;
+        }
     }
 
-    ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len,
-                               output );
+    ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len,
+                              output);
 
 exit:
-    mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
+    mbedtls_platform_zeroize(int_key, sizeof(int_key));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_AES_C */
 
@@ -499,7 +496,8 @@
         0xf9, 0x0b, 0xc1, 0x1e,     0xe4, 0x6d, 0x51, 0x3b
     }
 };
-static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0xbb, 0x1d, 0x69, 0x29,     0xe9, 0x59, 0x37, 0x28,
@@ -540,7 +538,8 @@
         0x7d, 0xcc, 0x87, 0x3b,     0xa9, 0xb5, 0x45, 0x2c
     }
 };
-static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0xd1, 0x7d, 0xdf, 0x46,     0xad, 0xaa, 0xcd, 0xe5,
@@ -582,7 +581,8 @@
         0x5d, 0x35, 0x33, 0x01,     0x0c, 0x42, 0xa0, 0xd9
     }
 };
-static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0x02, 0x89, 0x62, 0xf6,     0x1b, 0x7b, 0xf8, 0x9e,
@@ -634,7 +634,8 @@
         0x1b, 0xa5, 0x96, 0xf4,     0x7b, 0x11, 0x11, 0xb2
     }
 };
-static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+    = {
     {
         /* Sample #1 */
         0x79, 0xce, 0x52, 0xa7,     0xf7, 0x86, 0xa9, 0x60
@@ -651,7 +652,7 @@
         /* Sample #4 */
         0x9c, 0xd3, 0x35, 0x80,     0xf9, 0xb6, 0x4d, 0xfb
     }
-};
+    };
 
 /* CMAC-TDES (Generation) - 3 Key Test Data */
 static const unsigned char des3_3key_key[24] = {
@@ -672,7 +673,8 @@
         0x3a, 0xe9, 0xce, 0x72,     0x66, 0x2f, 0x2d, 0x9b
     }
 };
-static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+    = {
     {
         /* Sample #1 */
         0x7d, 0xb0, 0xd3, 0x7d,     0xf9, 0x36, 0xc5, 0x50
@@ -689,7 +691,7 @@
         /* Sample #4 */
         0x99, 0x42, 0x9b, 0xd0,     0xbF, 0x79, 0x04, 0xe5
     }
-};
+    };
 
 #endif /* MBEDTLS_DES_C */
 
@@ -732,14 +734,14 @@
 };
 #endif /* MBEDTLS_AES_C */
 
-static int cmac_test_subkeys( int verbose,
-                              const char* testname,
-                              const unsigned char* key,
-                              int keybits,
-                              const unsigned char* subkeys,
-                              mbedtls_cipher_type_t cipher_type,
-                              int block_size,
-                              int num_tests )
+static int cmac_test_subkeys(int verbose,
+                             const char *testname,
+                             const unsigned char *key,
+                             int keybits,
+                             const unsigned char *subkeys,
+                             mbedtls_cipher_type_t cipher_type,
+                             int block_size,
+                             int num_tests)
 {
     int i, ret = 0;
     mbedtls_cipher_context_t ctx;
@@ -747,330 +749,321 @@
     unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
     unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
+    cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+    if (cipher_info == NULL) {
         /* Failing at this point must be due to a build issue */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC subkey #%d: ", testname, i + 1 );
+    for (i = 0; i < num_tests; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  %s CMAC subkey #%d: ", testname, i + 1);
+        }
 
-        mbedtls_cipher_init( &ctx );
+        mbedtls_cipher_init(&ctx);
 
-        if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
+        if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("test execution failed\n");
+            }
 
             goto cleanup;
         }
 
-        if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits,
-                                       MBEDTLS_ENCRYPT ) ) != 0 )
-        {
+        if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
+                                         MBEDTLS_ENCRYPT)) != 0) {
             /* When CMAC is implemented by an alternative implementation, or
              * the underlying primitive itself is implemented alternatively,
              * AES-192 may be unavailable. This should not cause the selftest
              * function to fail. */
-            if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
-                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
-                  cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) {
-                if( verbose != 0 )
-                    mbedtls_printf( "skipped\n" );
+            if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
+                 ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
+                cipher_type == MBEDTLS_CIPHER_AES_192_ECB) {
+                if (verbose != 0) {
+                    mbedtls_printf("skipped\n");
+                }
                 goto next_test;
             }
 
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("test execution failed\n");
+            }
 
             goto cleanup;
         }
 
-        ret = cmac_generate_subkeys( &ctx, K1, K2 );
-        if( ret != 0 )
-        {
-           if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        ret = cmac_generate_subkeys(&ctx, K1, K2);
+        if (ret != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             goto cleanup;
         }
 
-        if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0  ||
-            ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        if ((ret = memcmp(K1, subkeys, block_size)) != 0  ||
+            (ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             goto cleanup;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
 
 next_test:
-        mbedtls_cipher_free( &ctx );
+        mbedtls_cipher_free(&ctx);
     }
 
     ret = 0;
     goto exit;
 
 cleanup:
-    mbedtls_cipher_free( &ctx );
+    mbedtls_cipher_free(&ctx);
 
 exit:
-    return( ret );
+    return ret;
 }
 
-static int cmac_test_wth_cipher( int verbose,
-                                 const char* testname,
-                                 const unsigned char* key,
-                                 int keybits,
-                                 const unsigned char* messages,
-                                 const unsigned int message_lengths[4],
-                                 const unsigned char* expected_result,
-                                 mbedtls_cipher_type_t cipher_type,
-                                 int block_size,
-                                 int num_tests )
+static int cmac_test_wth_cipher(int verbose,
+                                const char *testname,
+                                const unsigned char *key,
+                                int keybits,
+                                const unsigned char *messages,
+                                const unsigned int message_lengths[4],
+                                const unsigned char *expected_result,
+                                mbedtls_cipher_type_t cipher_type,
+                                int block_size,
+                                int num_tests)
 {
     const mbedtls_cipher_info_t *cipher_info;
     int i, ret = 0;
     unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
+    cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+    if (cipher_info == NULL) {
         /* Failing at this point must be due to a build issue */
         ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         goto exit;
     }
 
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC #%d: ", testname, i + 1 );
+    for (i = 0; i < num_tests; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  %s CMAC #%d: ", testname, i + 1);
+        }
 
-        if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
-                                         message_lengths[i], output ) ) != 0 )
-        {
+        if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
+                                       message_lengths[i], output)) != 0) {
             /* When CMAC is implemented by an alternative implementation, or
              * the underlying primitive itself is implemented alternatively,
              * AES-192 and/or 3DES may be unavailable. This should not cause
              * the selftest function to fail. */
-            if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
-                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
-                ( cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
-                  cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB ) ) {
-                if( verbose != 0 )
-                    mbedtls_printf( "skipped\n" );
+            if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
+                 ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
+                (cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
+                 cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) {
+                if (verbose != 0) {
+                    mbedtls_printf("skipped\n");
+                }
                 continue;
             }
 
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
             goto exit;
         }
 
-        if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_AES_C)
-static int test_aes128_cmac_prf( int verbose )
+static int test_aes128_cmac_prf(int verbose)
 {
     int i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
 
-    for( i = 0; i < NB_PRF_TESTS; i++ )
-    {
-        mbedtls_printf( "  AES CMAC 128 PRF #%d: ", i );
-        ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
-        if( ret != 0 ||
-            memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
-        {
+    for (i = 0; i < NB_PRF_TESTS; i++) {
+        mbedtls_printf("  AES CMAC 128 PRF #%d: ", i);
+        ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
+        if (ret != 0 ||
+            memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
 
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
-            return( ret );
-        }
-        else if( verbose != 0 )
-        {
-            mbedtls_printf( "passed\n" );
+            return ret;
+        } else if (verbose != 0) {
+            mbedtls_printf("passed\n");
         }
     }
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_AES_C */
 
-int mbedtls_cmac_self_test( int verbose )
+int mbedtls_cmac_self_test(int verbose)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_AES_C)
     /* AES-128 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 128",
-                                   aes_128_key,
-                                   128,
-                                   (const unsigned char*)aes_128_subkeys,
-                                   MBEDTLS_CIPHER_AES_128_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_subkeys(verbose,
+                                 "AES 128",
+                                 aes_128_key,
+                                 128,
+                                 (const unsigned char *) aes_128_subkeys,
+                                 MBEDTLS_CIPHER_AES_128_ECB,
+                                 MBEDTLS_AES_BLOCK_SIZE,
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 128",
-                                      aes_128_key,
-                                      128,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_128_expected_result,
-                                      MBEDTLS_CIPHER_AES_128_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_wth_cipher(verbose,
+                                    "AES 128",
+                                    aes_128_key,
+                                    128,
+                                    test_message,
+                                    aes_message_lengths,
+                                    (const unsigned char *) aes_128_expected_result,
+                                    MBEDTLS_CIPHER_AES_128_ECB,
+                                    MBEDTLS_AES_BLOCK_SIZE,
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
     /* AES-192 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 192",
-                                   aes_192_key,
-                                   192,
-                                   (const unsigned char*)aes_192_subkeys,
-                                   MBEDTLS_CIPHER_AES_192_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_subkeys(verbose,
+                                 "AES 192",
+                                 aes_192_key,
+                                 192,
+                                 (const unsigned char *) aes_192_subkeys,
+                                 MBEDTLS_CIPHER_AES_192_ECB,
+                                 MBEDTLS_AES_BLOCK_SIZE,
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 192",
-                                      aes_192_key,
-                                      192,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_192_expected_result,
-                                      MBEDTLS_CIPHER_AES_192_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_wth_cipher(verbose,
+                                    "AES 192",
+                                    aes_192_key,
+                                    192,
+                                    test_message,
+                                    aes_message_lengths,
+                                    (const unsigned char *) aes_192_expected_result,
+                                    MBEDTLS_CIPHER_AES_192_ECB,
+                                    MBEDTLS_AES_BLOCK_SIZE,
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
     /* AES-256 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 256",
-                                   aes_256_key,
-                                   256,
-                                   (const unsigned char*)aes_256_subkeys,
-                                   MBEDTLS_CIPHER_AES_256_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_subkeys(verbose,
+                                 "AES 256",
+                                 aes_256_key,
+                                 256,
+                                 (const unsigned char *) aes_256_subkeys,
+                                 MBEDTLS_CIPHER_AES_256_ECB,
+                                 MBEDTLS_AES_BLOCK_SIZE,
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
-    if( ( ret = cmac_test_wth_cipher ( verbose,
-                                       "AES 256",
-                                       aes_256_key,
-                                       256,
-                                       test_message,
-                                       aes_message_lengths,
-                                       (const unsigned char*)aes_256_expected_result,
-                                       MBEDTLS_CIPHER_AES_256_ECB,
-                                       MBEDTLS_AES_BLOCK_SIZE,
-                                       NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_wth_cipher(verbose,
+                                    "AES 256",
+                                    aes_256_key,
+                                    256,
+                                    test_message,
+                                    aes_message_lengths,
+                                    (const unsigned char *) aes_256_expected_result,
+                                    MBEDTLS_CIPHER_AES_256_ECB,
+                                    MBEDTLS_AES_BLOCK_SIZE,
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 #endif /* MBEDTLS_AES_C */
 
 #if defined(MBEDTLS_DES_C)
     /* 3DES 2 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 2 key",
-                                   des3_2key_key,
-                                   192,
-                                   (const unsigned char*)des3_2key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_subkeys(verbose,
+                                 "3DES 2 key",
+                                 des3_2key_key,
+                                 192,
+                                 (const unsigned char *) des3_2key_subkeys,
+                                 MBEDTLS_CIPHER_DES_EDE3_ECB,
+                                 MBEDTLS_DES3_BLOCK_SIZE,
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 2 key",
-                                      des3_2key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_2key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_wth_cipher(verbose,
+                                    "3DES 2 key",
+                                    des3_2key_key,
+                                    192,
+                                    test_message,
+                                    des3_message_lengths,
+                                    (const unsigned char *) des3_2key_expected_result,
+                                    MBEDTLS_CIPHER_DES_EDE3_ECB,
+                                    MBEDTLS_DES3_BLOCK_SIZE,
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
     /* 3DES 3 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 3 key",
-                                   des3_3key_key,
-                                   192,
-                                   (const unsigned char*)des3_3key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_subkeys(verbose,
+                                 "3DES 3 key",
+                                 des3_3key_key,
+                                 192,
+                                 (const unsigned char *) des3_3key_subkeys,
+                                 MBEDTLS_CIPHER_DES_EDE3_ECB,
+                                 MBEDTLS_DES3_BLOCK_SIZE,
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 3 key",
-                                      des3_3key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_3key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = cmac_test_wth_cipher(verbose,
+                                    "3DES 3 key",
+                                    des3_3key_key,
+                                    192,
+                                    test_message,
+                                    des3_message_lengths,
+                                    (const unsigned char *) des3_3key_expected_result,
+                                    MBEDTLS_CIPHER_DES_EDE3_ECB,
+                                    MBEDTLS_DES3_BLOCK_SIZE,
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
+        return ret;
     }
 #endif /* MBEDTLS_DES_C */
 
 #if defined(MBEDTLS_AES_C)
-    if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
-        return( ret );
+    if ((ret = test_aes128_cmac_prf(verbose)) != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_AES_C */
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/common.h b/library/common.h
index 9d3b8fe..fd3ddba 100644
--- a/library/common.h
+++ b/library/common.h
@@ -52,16 +52,16 @@
 #endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
-extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const char * file );
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST ) \
-       do { \
-            if( ( ! ( TEST ) ) && ( ( *mbedtls_test_hook_test_fail ) != NULL ) ) \
-            { \
-              ( *mbedtls_test_hook_test_fail )( #TEST, __LINE__, __FILE__ ); \
-            } \
-    } while( 0 )
+extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const char *file);
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST) \
+    do { \
+        if ((!(TEST)) && ((*mbedtls_test_hook_test_fail) != NULL)) \
+        { \
+            (*mbedtls_test_hook_test_fail)( #TEST, __LINE__, __FILE__); \
+        } \
+    } while (0)
 #else
-#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST )
+#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
 #endif /* defined(MBEDTLS_TEST_HOOKS) */
 
 /** Allow library to access its structs' private members.
@@ -87,9 +87,9 @@
  *              buffer is at least \p n + 1.
  */
 static inline unsigned char *mbedtls_buffer_offset(
-    unsigned char *p, size_t n )
+    unsigned char *p, size_t n)
 {
-    return( p == NULL ? NULL : p + n );
+    return p == NULL ? NULL : p + n;
 }
 
 /** Return an offset into a read-only buffer.
@@ -104,9 +104,9 @@
  *              buffer is at least \p n + 1.
  */
 static inline const unsigned char *mbedtls_buffer_offset_const(
-    const unsigned char *p, size_t n )
+    const unsigned char *p, size_t n)
 {
-    return( p == NULL ? NULL : p + n );
+    return p == NULL ? NULL : p + n;
 }
 
 /**
@@ -120,16 +120,14 @@
  * \param   b Pointer to input (buffer of at least \p n bytes)
  * \param   n Number of bytes to process.
  */
-inline void mbedtls_xor( unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n )
+inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n)
 {
     size_t i;
-    for ( i = 0; ( i + 4 ) <= n; i += 4 )
-    {
-        uint32_t x = mbedtls_get_unaligned_uint32( a + i ) ^ mbedtls_get_unaligned_uint32( b + i );
-        mbedtls_put_unaligned_uint32( r + i, x );
+    for (i = 0; (i + 4) <= n; i += 4) {
+        uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
+        mbedtls_put_unaligned_uint32(r + i, x);
     }
-    for ( ; i < n; i++ )
-    {
+    for (; i < n; i++) {
         r[i] = a[i] ^ b[i];
     }
 }
@@ -138,7 +136,7 @@
  *      MSVC support __func__ from visual studio 2015( 1900 )
  *      Use MSVC predefine macro to avoid name check fail.
  */
-#if (defined(_MSC_VER) && ( _MSC_VER <= 1900 ))
+#if (defined(_MSC_VER) && (_MSC_VER <= 1900))
 #define /*no-check-names*/ __func__ __FUNCTION__
 #endif
 
diff --git a/library/constant_time.c b/library/constant_time.c
index 510304e..442eb0e 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -17,7 +17,7 @@
  *  limitations under the License.
  */
 
- /*
+/*
  * The following functions are implemented without using comparison operators, as those
  * might be translated to branches by some compilers on some platforms.
  */
@@ -47,17 +47,16 @@
 
 #include <string.h>
 
-int mbedtls_ct_memcmp( const void *a,
-                       const void *b,
-                       size_t n )
+int mbedtls_ct_memcmp(const void *a,
+                      const void *b,
+                      size_t n)
 {
     size_t i;
     volatile const unsigned char *A = (volatile const unsigned char *) a;
     volatile const unsigned char *B = (volatile const unsigned char *) b;
     volatile unsigned char diff = 0;
 
-    for( i = 0; i < n; i++ )
-    {
+    for (i = 0; i < n; i++) {
         /* Read volatile data in order before computing diff.
          * This avoids IAR compiler warning:
          * 'the order of volatile accesses is undefined ..' */
@@ -65,10 +64,10 @@
         diff |= x ^ y;
     }
 
-    return( (int)diff );
+    return (int) diff;
 }
 
-unsigned mbedtls_ct_uint_mask( unsigned value )
+unsigned mbedtls_ct_uint_mask(unsigned value)
 {
     /* MSVC has a warning about unary minus on unsigned, but this is
      * well-defined and precisely what we want to do here */
@@ -76,7 +75,7 @@
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -84,7 +83,7 @@
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 
-size_t mbedtls_ct_size_mask( size_t value )
+size_t mbedtls_ct_size_mask(size_t value)
 {
     /* MSVC has a warning about unary minus on unsigned integer types,
      * but this is well-defined and precisely what we want to do here. */
@@ -92,7 +91,7 @@
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -102,7 +101,7 @@
 
 #if defined(MBEDTLS_BIGNUM_C)
 
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value)
 {
     /* MSVC has a warning about unary minus on unsigned, but this is
      * well-defined and precisely what we want to do here */
@@ -110,7 +109,7 @@
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -132,25 +131,25 @@
  *
  * \return      All-bits-one if \p x is less than \p y, otherwise zero.
  */
-static size_t mbedtls_ct_size_mask_lt( size_t x,
-                                       size_t y )
+static size_t mbedtls_ct_size_mask_lt(size_t x,
+                                      size_t y)
 {
     /* This has the most significant bit set if and only if x < y */
     const size_t sub = x - y;
 
     /* sub1 = (x < y) ? 1 : 0 */
-    const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
+    const size_t sub1 = sub >> (sizeof(sub) * 8 - 1);
 
     /* mask = (x < y) ? 0xff... : 0x00... */
-    const size_t mask = mbedtls_ct_size_mask( sub1 );
+    const size_t mask = mbedtls_ct_size_mask(sub1);
 
-    return( mask );
+    return mask;
 }
 
-size_t mbedtls_ct_size_mask_ge( size_t x,
-                                size_t y )
+size_t mbedtls_ct_size_mask_ge(size_t x,
+                               size_t y)
 {
-    return( ~mbedtls_ct_size_mask_lt( x, y ) );
+    return ~mbedtls_ct_size_mask_lt(x, y);
 }
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -162,21 +161,21 @@
  * Constant flow with respect to c.
  */
 MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
-                                              unsigned char high,
-                                              unsigned char c )
+unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
+                                             unsigned char high,
+                                             unsigned char c)
 {
     /* low_mask is: 0 if low <= c, 0x...ff if low > c */
-    unsigned low_mask = ( (unsigned) c - low ) >> 8;
+    unsigned low_mask = ((unsigned) c - low) >> 8;
     /* high_mask is: 0 if c <= high, 0x...ff if c > high */
-    unsigned high_mask = ( (unsigned) high - c ) >> 8;
-    return( ~( low_mask | high_mask ) & 0xff );
+    unsigned high_mask = ((unsigned) high - c) >> 8;
+    return ~(low_mask | high_mask) & 0xff;
 }
 
 #endif /* MBEDTLS_BASE64_C */
 
-unsigned mbedtls_ct_size_bool_eq( size_t x,
-                                  size_t y )
+unsigned mbedtls_ct_size_bool_eq(size_t x,
+                                 size_t y)
 {
     /* diff = 0 if x == y, non-zero otherwise */
     const size_t diff = x ^ y;
@@ -189,16 +188,16 @@
 #endif
 
     /* diff_msb's most significant bit is equal to x != y */
-    const size_t diff_msb = ( diff | (size_t) -diff );
+    const size_t diff_msb = (diff | (size_t) -diff);
 
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
 
     /* diff1 = (x != y) ? 1 : 0 */
-    const unsigned diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+    const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
 
-    return( 1 ^ diff1 );
+    return 1 ^ diff1;
 }
 
 #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
@@ -214,19 +213,19 @@
  *
  * \return      1 if \p x greater than \p y, otherwise 0.
  */
-static unsigned mbedtls_ct_size_gt( size_t x,
-                                    size_t y )
+static unsigned mbedtls_ct_size_gt(size_t x,
+                                   size_t y)
 {
     /* Return the sign bit (1 for negative) of (y - x). */
-    return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
+    return (y - x) >> (sizeof(size_t) * 8 - 1);
 }
 
 #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
 
 #if defined(MBEDTLS_BIGNUM_C)
 
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
-                                 const mbedtls_mpi_uint y )
+unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
+                                const mbedtls_mpi_uint y)
 {
     mbedtls_mpi_uint ret;
     mbedtls_mpi_uint cond;
@@ -234,12 +233,12 @@
     /*
      * Check if the most significant bits (MSB) of the operands are different.
      */
-    cond = ( x ^ y );
+    cond = (x ^ y);
     /*
      * If the MSB are the same then the difference x-y will be negative (and
      * have its MSB set to 1 during conversion to unsigned) if and only if x<y.
      */
-    ret = ( x - y ) & ~cond;
+    ret = (x - y) & ~cond;
     /*
      * If the MSB are different, then the operand with the MSB of 1 is the
      * bigger. (That is if y has MSB of 1, then x<y is true and it is false if
@@ -248,19 +247,19 @@
     ret |= y & cond;
 
 
-    ret = ret >> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 );
+    ret = ret >> (sizeof(mbedtls_mpi_uint) * 8 - 1);
 
     return (unsigned) ret;
 }
 
 #endif /* MBEDTLS_BIGNUM_C */
 
-unsigned mbedtls_ct_uint_if( unsigned condition,
-                             unsigned if1,
-                             unsigned if0 )
+unsigned mbedtls_ct_uint_if(unsigned condition,
+                            unsigned if1,
+                            unsigned if0)
 {
-    unsigned mask = mbedtls_ct_uint_mask( condition );
-    return( ( mask & if1 ) | (~mask & if0 ) );
+    unsigned mask = mbedtls_ct_uint_mask(condition);
+    return (mask & if1) | (~mask & if0);
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
@@ -279,9 +278,9 @@
  *
  * \return  \c if1 if \p condition is nonzero, otherwise \c if0.
  * */
-static int mbedtls_ct_cond_select_sign( unsigned char condition,
-                                        int if1,
-                                        int if0 )
+static int mbedtls_ct_cond_select_sign(unsigned char condition,
+                                       int if1,
+                                       int if0)
 {
     /* In order to avoid questions about what we can reasonably assume about
      * the representations of signed integers, move everything to unsigned
@@ -293,16 +292,16 @@
     const unsigned mask = condition << 1;
 
     /* select uif1 or uif0 */
-    unsigned ur = ( uif0 & ~mask ) | ( uif1 & mask );
+    unsigned ur = (uif0 & ~mask) | (uif1 & mask);
 
     /* ur is now 0 or 2, convert back to -1 or +1 */
-    return( (int) ur - 1 );
+    return (int) ur - 1;
 }
 
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
-                                      mbedtls_mpi_uint *dest,
-                                      const mbedtls_mpi_uint *src,
-                                      unsigned char condition )
+void mbedtls_ct_mpi_uint_cond_assign(size_t n,
+                                     mbedtls_mpi_uint *dest,
+                                     const mbedtls_mpi_uint *src,
+                                     unsigned char condition)
 {
     size_t i;
 
@@ -320,43 +319,44 @@
 #pragma warning( pop )
 #endif
 
-    for( i = 0; i < n; i++ )
-        dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
+    for (i = 0; i < n; i++) {
+        dest[i] = (src[i] & mask) | (dest[i] & ~mask);
+    }
 }
 
 #endif /* MBEDTLS_BIGNUM_C */
 
 #if defined(MBEDTLS_BASE64_C)
 
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value)
 {
     unsigned char digit = 0;
     /* For each range of values, if value is in that range, mask digit with
      * the corresponding value. Since value can only be in a single range,
      * only at most one masking will change digit. */
-    digit |= mbedtls_ct_uchar_mask_of_range(  0, 25, value ) & ( 'A' + value );
-    digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, value ) & ( 'a' + value - 26 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, value ) & ( '0' + value - 52 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, value ) & '+';
-    digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, value ) & '/';
-    return( digit );
+    digit |= mbedtls_ct_uchar_mask_of_range(0, 25, value) & ('A' + value);
+    digit |= mbedtls_ct_uchar_mask_of_range(26, 51, value) & ('a' + value - 26);
+    digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
+    digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
+    digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
+    return digit;
 }
 
-signed char mbedtls_ct_base64_dec_value( unsigned char c )
+signed char mbedtls_ct_base64_dec_value(unsigned char c)
 {
     unsigned char val = 0;
     /* For each range of digits, if c is in that range, mask val with
      * the corresponding value. Since c can only be in a single range,
      * only at most one masking will change val. Set val to one plus
      * the desired value so that it stays 0 if c is in none of the ranges. */
-    val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' +  0 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
+    val |= mbedtls_ct_uchar_mask_of_range('A', 'Z', c) & (c - 'A' +  0 + 1);
+    val |= mbedtls_ct_uchar_mask_of_range('a', 'z', c) & (c - 'a' + 26 + 1);
+    val |= mbedtls_ct_uchar_mask_of_range('0', '9', c) & (c - '0' + 52 + 1);
+    val |= mbedtls_ct_uchar_mask_of_range('+', '+', c) & (c - '+' + 62 + 1);
+    val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
     /* At this point, val is 0 if c is an invalid digit and v+1 if c is
      * a digit with the value v. */
-    return( val - 1 );
+    return val - 1;
 }
 
 #endif /* MBEDTLS_BASE64_C */
@@ -379,27 +379,26 @@
  * \param total     Total size of the buffer.
  * \param offset    Offset from which to copy \p total - \p offset bytes.
  */
-static void mbedtls_ct_mem_move_to_left( void *start,
-                                         size_t total,
-                                         size_t offset )
+static void mbedtls_ct_mem_move_to_left(void *start,
+                                        size_t total,
+                                        size_t offset)
 {
     volatile unsigned char *buf = start;
     size_t i, n;
-    if( total == 0 )
+    if (total == 0) {
         return;
-    for( i = 0; i < total; i++ )
-    {
-        unsigned no_op = mbedtls_ct_size_gt( total - offset, i );
+    }
+    for (i = 0; i < total; i++) {
+        unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
         /* The first `total - offset` passes are a no-op. The last
          * `offset` passes shift the data one byte to the left and
          * zero out the last byte. */
-        for( n = 0; n < total - 1; n++ )
-        {
+        for (n = 0; n < total - 1; n++) {
             unsigned char current = buf[n];
             unsigned char next = buf[n+1];
-            buf[n] = mbedtls_ct_uint_if( no_op, current, next );
+            buf[n] = mbedtls_ct_uint_if(no_op, current, next);
         }
-        buf[total-1] = mbedtls_ct_uint_if( no_op, buf[total-1], 0 );
+        buf[total-1] = mbedtls_ct_uint_if(no_op, buf[total-1], 0);
     }
 }
 
@@ -407,56 +406,56 @@
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
-                              const unsigned char *src,
-                              size_t len,
-                              size_t c1,
-                              size_t c2 )
+void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
+                             const unsigned char *src,
+                             size_t len,
+                             size_t c1,
+                             size_t c2)
 {
     /* mask = c1 == c2 ? 0xff : 0x00 */
-    const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 );
-    const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal );
+    const size_t equal = mbedtls_ct_size_bool_eq(c1, c2);
+    const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
 
     /* dest[i] = c1 == c2 ? src[i] : dest[i] */
-    for( size_t i = 0; i < len; i++ )
-        dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
+    for (size_t i = 0; i < len; i++) {
+        dest[i] = (src[i] & mask) | (dest[i] & ~mask);
+    }
 }
 
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
-                               const unsigned char *src,
-                               size_t offset,
-                               size_t offset_min,
-                               size_t offset_max,
-                               size_t len )
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+                              const unsigned char *src,
+                              size_t offset,
+                              size_t offset_min,
+                              size_t offset_max,
+                              size_t len)
 {
     size_t offsetval;
 
-    for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
-    {
-        mbedtls_ct_memcpy_if_eq( dest, src + offsetval, len,
-                                 offsetval, offset );
+    for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
+        mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
+                                offsetval, offset);
     }
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
 #if defined(PSA_WANT_ALG_SHA_384)
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_384 )
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384)
 #elif defined(PSA_WANT_ALG_SHA_256)
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_256 )
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_256)
 #else /* See check_config.h */
-#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_1 )
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_1)
 #endif
 
-int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
-                     psa_algorithm_t mac_alg,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output )
+int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
+                    psa_algorithm_t mac_alg,
+                    const unsigned char *add_data,
+                    size_t add_data_len,
+                    const unsigned char *data,
+                    size_t data_len_secret,
+                    size_t min_data_len,
+                    size_t max_data_len,
+                    unsigned char *output)
 {
     /*
      * This function breaks the HMAC abstraction and uses psa_hash_clone()
@@ -473,10 +472,10 @@
      *
      * Then we only need to compute HASH(okey + inner_hash) and we're done.
      */
-    psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( mac_alg );
-    const size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH(mac_alg);
+    const size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
     unsigned char key_buf[MAX_HASH_BLOCK_LENGTH];
-    const size_t hash_size = PSA_HASH_LENGTH( hash_alg );
+    const size_t hash_size = PSA_HASH_LENGTH(hash_alg);
     psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
     size_t hash_length;
 
@@ -488,90 +487,94 @@
     size_t mac_key_length;
     size_t i;
 
-#define PSA_CHK( func_call )        \
+#define PSA_CHK(func_call)        \
     do {                            \
         status = (func_call);       \
-        if( status != PSA_SUCCESS ) \
-            goto cleanup;           \
-    } while( 0 )
+        if (status != PSA_SUCCESS) \
+        goto cleanup;           \
+    } while (0)
 
     /* Export MAC key
      * We assume key length is always exactly the output size
      * which is never more than the block size, thus we use block_size
      * as the key buffer size.
      */
-    PSA_CHK( psa_export_key( key, key_buf, block_size, &mac_key_length ) );
+    PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length));
 
     /* Calculate ikey */
-    for( i = 0; i < mac_key_length; i++ )
-        key_buf[i] = (unsigned char)( key_buf[i] ^ 0x36 );
-    for(; i < block_size; ++i )
+    for (i = 0; i < mac_key_length; i++) {
+        key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36);
+    }
+    for (; i < block_size; ++i) {
         key_buf[i] = 0x36;
+    }
 
-    PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
+    PSA_CHK(psa_hash_setup(&operation, hash_alg));
 
     /* Now compute inner_hash = HASH(ikey + msg) */
-    PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
-    PSA_CHK( psa_hash_update( &operation, add_data, add_data_len ) );
-    PSA_CHK( psa_hash_update( &operation, data, min_data_len ) );
+    PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
+    PSA_CHK(psa_hash_update(&operation, add_data, add_data_len));
+    PSA_CHK(psa_hash_update(&operation, data, min_data_len));
 
     /* Fill the hash buffer in advance with something that is
      * not a valid hash (barring an attack on the hash and
      * deliberately-crafted input), in case the caller doesn't
      * check the return status properly. */
-    memset( output, '!', hash_size );
+    memset(output, '!', hash_size);
 
     /* For each possible length, compute the hash up to that point */
-    for( offset = min_data_len; offset <= max_data_len; offset++ )
-    {
-        PSA_CHK( psa_hash_clone( &operation, &aux_operation ) );
-        PSA_CHK( psa_hash_finish( &aux_operation, aux_out,
-                                  PSA_HASH_MAX_SIZE, &hash_length ) );
+    for (offset = min_data_len; offset <= max_data_len; offset++) {
+        PSA_CHK(psa_hash_clone(&operation, &aux_operation));
+        PSA_CHK(psa_hash_finish(&aux_operation, aux_out,
+                                PSA_HASH_MAX_SIZE, &hash_length));
         /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
-                                 offset, data_len_secret );
+        mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
+                                offset, data_len_secret);
 
-        if( offset < max_data_len )
-            PSA_CHK( psa_hash_update( &operation, data + offset, 1 ) );
+        if (offset < max_data_len) {
+            PSA_CHK(psa_hash_update(&operation, data + offset, 1));
+        }
     }
 
     /* Abort current operation to prepare for final operation */
-    PSA_CHK( psa_hash_abort( &operation ) );
+    PSA_CHK(psa_hash_abort(&operation));
 
     /* Calculate okey */
-    for( i = 0; i < mac_key_length; i++ )
-        key_buf[i] = (unsigned char)( ( key_buf[i] ^ 0x36 ) ^ 0x5C );
-    for(; i < block_size; ++i )
+    for (i = 0; i < mac_key_length; i++) {
+        key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C);
+    }
+    for (; i < block_size; ++i) {
         key_buf[i] = 0x5C;
+    }
 
     /* Now compute HASH(okey + inner_hash) */
-    PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
-    PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
-    PSA_CHK( psa_hash_update( &operation, output, hash_size ) );
-    PSA_CHK( psa_hash_finish( &operation, output, hash_size, &hash_length ) );
+    PSA_CHK(psa_hash_setup(&operation, hash_alg));
+    PSA_CHK(psa_hash_update(&operation, key_buf, block_size));
+    PSA_CHK(psa_hash_update(&operation, output, hash_size));
+    PSA_CHK(psa_hash_finish(&operation, output, hash_size, &hash_length));
 
 #undef PSA_CHK
 
 cleanup:
-    mbedtls_platform_zeroize( key_buf, MAX_HASH_BLOCK_LENGTH );
-    mbedtls_platform_zeroize( aux_out, PSA_HASH_MAX_SIZE );
+    mbedtls_platform_zeroize(key_buf, MAX_HASH_BLOCK_LENGTH);
+    mbedtls_platform_zeroize(aux_out, PSA_HASH_MAX_SIZE);
 
-    psa_hash_abort( &operation );
-    psa_hash_abort( &aux_operation );
-    return( psa_ssl_status_to_mbedtls( status ) );
+    psa_hash_abort(&operation);
+    psa_hash_abort(&aux_operation);
+    return psa_ssl_status_to_mbedtls(status);
 }
 
 #undef MAX_HASH_BLOCK_LENGTH
 
 #else
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output )
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+                    const unsigned char *add_data,
+                    size_t add_data_len,
+                    const unsigned char *data,
+                    size_t data_len_secret,
+                    size_t min_data_len,
+                    size_t max_data_len,
+                    unsigned char *output)
 {
     /*
      * This function breaks the HMAC abstraction and uses the md_clone()
@@ -587,71 +590,71 @@
      *
      * Then we only need to compute HASH(okey + inner_hash) and we're done.
      */
-    const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
+    const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info);
     /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5,
      * all of which have the same block size except SHA-384. */
     const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
     const unsigned char * const ikey = ctx->hmac_ctx;
     const unsigned char * const okey = ikey + block_size;
-    const size_t hash_size = mbedtls_md_get_size( ctx->md_info );
+    const size_t hash_size = mbedtls_md_get_size(ctx->md_info);
 
     unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
     mbedtls_md_context_t aux;
     size_t offset;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_md_init( &aux );
+    mbedtls_md_init(&aux);
 
-#define MD_CHK( func_call ) \
+#define MD_CHK(func_call) \
     do {                    \
         ret = (func_call);  \
-        if( ret != 0 )      \
-            goto cleanup;   \
-    } while( 0 )
+        if (ret != 0)      \
+        goto cleanup;   \
+    } while (0)
 
-    MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
+    MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0));
 
     /* After hmac_start() of hmac_reset(), ikey has already been hashed,
      * so we can start directly with the message */
-    MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
-    MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
+    MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len));
+    MD_CHK(mbedtls_md_update(ctx, data, min_data_len));
 
     /* Fill the hash buffer in advance with something that is
      * not a valid hash (barring an attack on the hash and
      * deliberately-crafted input), in case the caller doesn't
      * check the return status properly. */
-    memset( output, '!', hash_size );
+    memset(output, '!', hash_size);
 
     /* For each possible length, compute the hash up to that point */
-    for( offset = min_data_len; offset <= max_data_len; offset++ )
-    {
-        MD_CHK( mbedtls_md_clone( &aux, ctx ) );
-        MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
+    for (offset = min_data_len; offset <= max_data_len; offset++) {
+        MD_CHK(mbedtls_md_clone(&aux, ctx));
+        MD_CHK(mbedtls_md_finish(&aux, aux_out));
         /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
-                                 offset, data_len_secret );
+        mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
+                                offset, data_len_secret);
 
-        if( offset < max_data_len )
-            MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
+        if (offset < max_data_len) {
+            MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
+        }
     }
 
     /* The context needs to finish() before it starts() again */
-    MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+    MD_CHK(mbedtls_md_finish(ctx, aux_out));
 
     /* Now compute HASH(okey + inner_hash) */
-    MD_CHK( mbedtls_md_starts( ctx ) );
-    MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
-    MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
-    MD_CHK( mbedtls_md_finish( ctx, output ) );
+    MD_CHK(mbedtls_md_starts(ctx));
+    MD_CHK(mbedtls_md_update(ctx, okey, block_size));
+    MD_CHK(mbedtls_md_update(ctx, output, hash_size));
+    MD_CHK(mbedtls_md_finish(ctx, output));
 
     /* Done, get ready for next time */
-    MD_CHK( mbedtls_md_hmac_reset( ctx ) );
+    MD_CHK(mbedtls_md_hmac_reset(ctx));
 
 #undef MD_CHK
 
 cleanup:
-    mbedtls_md_free( &aux );
-    return( ret );
+    mbedtls_md_free(&aux);
+    return ret;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -659,8 +662,8 @@
 
 #if defined(MBEDTLS_BIGNUM_C)
 
-#define MPI_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
+#define MPI_VALIDATE_RET(cond)                                       \
+    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
 
 /*
  * Conditionally assign X = Y, without leaking information
@@ -674,28 +677,29 @@
  */
 __declspec(noinline)
 #endif
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
-                                  const mbedtls_mpi *Y,
-                                  unsigned char assign )
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
+                                 const mbedtls_mpi *Y,
+                                 unsigned char assign)
 {
     int ret = 0;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
 
     /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
-    mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign );
+    mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(assign);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
 
-    X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s );
+    X->s = mbedtls_ct_cond_select_sign(assign, Y->s, X->s);
 
-    mbedtls_mpi_core_cond_assign( X->p, Y->p, Y->n, assign );
+    mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign);
 
-    for( size_t i = Y->n; i < X->n; i++ )
+    for (size_t i = Y->n; i < X->n; i++) {
         X->p[i] &= ~limb_mask;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -704,37 +708,38 @@
  * Here it is not ok to simply swap the pointers, which would lead to
  * different memory access patterns when X and Y are used afterwards.
  */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
-                                mbedtls_mpi *Y,
-                                unsigned char swap )
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
+                               mbedtls_mpi *Y,
+                               unsigned char swap)
 {
     int ret = 0;
     int s;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
 
-    if( X == Y )
-        return( 0 );
+    if (X == Y) {
+        return 0;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
 
     s = X->s;
-    X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s );
-    Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s );
+    X->s = mbedtls_ct_cond_select_sign(swap, Y->s, X->s);
+    Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
 
-    mbedtls_mpi_core_cond_swap( X->p, Y->p, X->n, swap );
+    mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Compare unsigned values in constant time
  */
-unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A,
-                                 const mbedtls_mpi_uint *B,
-                                 size_t limbs )
+unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
+                                const mbedtls_mpi_uint *B,
+                                size_t limbs)
 {
     unsigned ret, cond, done;
 
@@ -742,8 +747,7 @@
      * their scope. */
     ret = cond = done = 0;
 
-    for( size_t i = limbs; i > 0; i-- )
-    {
+    for (size_t i = limbs; i > 0; i--) {
         /*
          * If B[i - 1] < A[i - 1] then A < B is false and the result must
          * remain 0.
@@ -751,7 +755,7 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_mpi_uint_lt( B[i - 1], A[i - 1] );
+        cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]);
         done |= cond;
 
         /*
@@ -760,8 +764,8 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_mpi_uint_lt( A[i - 1], B[i - 1] );
-        ret |= cond & ( 1 - done );
+        cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]);
+        ret |= cond & (1 - done);
         done |= cond;
     }
 
@@ -770,40 +774,41 @@
      * and leaving the result 0 is correct.
      */
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Compare signed values in constant time
  */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
-                           const mbedtls_mpi *Y,
-                           unsigned *ret )
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
+                          const mbedtls_mpi *Y,
+                          unsigned *ret)
 {
     size_t i;
     /* The value of any of these variables is either 0 or 1 at all times. */
     unsigned cond, done, X_is_negative, Y_is_negative;
 
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-    MPI_VALIDATE_RET( ret != NULL );
+    MPI_VALIDATE_RET(X != NULL);
+    MPI_VALIDATE_RET(Y != NULL);
+    MPI_VALIDATE_RET(ret != NULL);
 
-    if( X->n != Y->n )
+    if (X->n != Y->n) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /*
      * Set sign_N to 1 if N >= 0, 0 if N < 0.
      * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
      */
-    X_is_negative = ( X->s & 2 ) >> 1;
-    Y_is_negative = ( Y->s & 2 ) >> 1;
+    X_is_negative = (X->s & 2) >> 1;
+    Y_is_negative = (Y->s & 2) >> 1;
 
     /*
      * If the signs are different, then the positive operand is the bigger.
      * That is if X is negative (X_is_negative == 1), then X < Y is true and it
      * is false if X is positive (X_is_negative == 0).
      */
-    cond = ( X_is_negative ^ Y_is_negative );
+    cond = (X_is_negative ^ Y_is_negative);
     *ret = cond & X_is_negative;
 
     /*
@@ -812,8 +817,7 @@
      */
     done = cond;
 
-    for( i = X->n; i > 0; i-- )
-    {
+    for (i = X->n; i > 0; i--) {
         /*
          * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
          * X and Y are negative.
@@ -821,8 +825,8 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] );
-        *ret |= cond & ( 1 - done ) & X_is_negative;
+        cond = mbedtls_ct_mpi_uint_lt(Y->p[i - 1], X->p[i - 1]);
+        *ret |= cond & (1 - done) & X_is_negative;
         done |= cond;
 
         /*
@@ -832,23 +836,23 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] );
-        *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
+        cond = mbedtls_ct_mpi_uint_lt(X->p[i - 1], Y->p[i - 1]);
+        *ret |= cond & (1 - done) & (1 - X_is_negative);
         done |= cond;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_BIGNUM_C */
 
 #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
 
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
-                                          size_t ilen,
-                                          unsigned char *output,
-                                          size_t output_max_len,
-                                          size_t *olen )
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
+                                         size_t ilen,
+                                         unsigned char *output,
+                                         size_t output_max_len,
+                                         size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, plaintext_max_size;
@@ -869,7 +873,7 @@
     size_t plaintext_size = 0;
     unsigned output_too_large;
 
-    plaintext_max_size = ( output_max_len > ilen - 11 ) ? ilen - 11
+    plaintext_max_size = (output_max_len > ilen - 11) ? ilen - 11
                                                         : output_max_len;
 
     /* Check and get padding length in constant time and constant
@@ -883,18 +887,17 @@
 
     /* Read the whole buffer. Set pad_done to nonzero if we find
      * the 0x00 byte and remember the padding length in pad_count. */
-    for( i = 2; i < ilen; i++ )
-    {
-        pad_done  |= ((input[i] | (unsigned char)-input[i]) >> 7) ^ 1;
-        pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+    for (i = 2; i < ilen; i++) {
+        pad_done  |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
+        pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
     }
 
 
     /* If pad_done is still zero, there's no data, only unfinished padding. */
-    bad |= mbedtls_ct_uint_if( pad_done, 0, 1 );
+    bad |= mbedtls_ct_uint_if(pad_done, 0, 1);
 
     /* There must be at least 8 bytes of padding. */
-    bad |= mbedtls_ct_size_gt( 8, pad_count );
+    bad |= mbedtls_ct_size_gt(8, pad_count);
 
     /* If the padding is valid, set plaintext_size to the number of
      * remaining bytes after stripping the padding. If the padding
@@ -904,24 +907,24 @@
      * validity through timing. RSA keys are small enough that all the
      * size_t values involved fit in unsigned int. */
     plaintext_size = mbedtls_ct_uint_if(
-                        bad, (unsigned) plaintext_max_size,
-                        (unsigned) ( ilen - pad_count - 3 ) );
+        bad, (unsigned) plaintext_max_size,
+        (unsigned) (ilen - pad_count - 3));
 
     /* Set output_too_large to 0 if the plaintext fits in the output
      * buffer and to 1 otherwise. */
-    output_too_large = mbedtls_ct_size_gt( plaintext_size,
-                                           plaintext_max_size );
+    output_too_large = mbedtls_ct_size_gt(plaintext_size,
+                                          plaintext_max_size);
 
     /* Set ret without branches to avoid timing attacks. Return:
      * - INVALID_PADDING if the padding is bad (bad != 0).
      * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
      *   plaintext does not fit in the output buffer.
      * - 0 if the padding is correct. */
-    ret = - (int) mbedtls_ct_uint_if(
-                    bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
-                    mbedtls_ct_uint_if( output_too_large,
-                                        - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
-                                        0 ) );
+    ret = -(int) mbedtls_ct_uint_if(
+        bad, -MBEDTLS_ERR_RSA_INVALID_PADDING,
+        mbedtls_ct_uint_if(output_too_large,
+                           -MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
+                           0));
 
     /* If the padding is bad or the plaintext is too large, zero the
      * data that we're about to copy to the output buffer.
@@ -929,17 +932,18 @@
      * from the same buffer whether the padding is good or not to
      * avoid leaking the padding validity through overall timing or
      * through memory or cache access patterns. */
-    bad = mbedtls_ct_uint_mask( bad | output_too_large );
-    for( i = 11; i < ilen; i++ )
+    bad = mbedtls_ct_uint_mask(bad | output_too_large);
+    for (i = 11; i < ilen; i++) {
         input[i] &= ~bad;
+    }
 
     /* If the plaintext is too large, truncate it to the buffer size.
      * Copy anyway to avoid revealing the length through timing, because
      * revealing the length is as bad as revealing the padding validity
      * for a Bleichenbacher attack. */
-    plaintext_size = mbedtls_ct_uint_if( output_too_large,
-                                         (unsigned) plaintext_max_size,
-                                         (unsigned) plaintext_size );
+    plaintext_size = mbedtls_ct_uint_if(output_too_large,
+                                        (unsigned) plaintext_max_size,
+                                        (unsigned) plaintext_size);
 
     /* Move the plaintext to the leftmost position where it can start in
      * the working buffer, i.e. make it start plaintext_max_size from
@@ -947,9 +951,9 @@
      * does not depend on the plaintext size. After this move, the
      * starting location of the plaintext is no longer sensitive
      * information. */
-    mbedtls_ct_mem_move_to_left( input + ilen - plaintext_max_size,
-                                 plaintext_max_size,
-                                 plaintext_max_size - plaintext_size );
+    mbedtls_ct_mem_move_to_left(input + ilen - plaintext_max_size,
+                                plaintext_max_size,
+                                plaintext_max_size - plaintext_size);
 
     /* Finally copy the decrypted plaintext plus trailing zeros into the output
      * buffer. If output_max_len is 0, then output may be an invalid pointer
@@ -958,8 +962,9 @@
      * user-provided output buffer), which is independent from plaintext
      * length, validity of padding, success of the decryption, and other
      * secrets. */
-    if( output_max_len != 0 )
-        memcpy( output, input + ilen - plaintext_max_size, plaintext_max_size );
+    if (output_max_len != 0) {
+        memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
+    }
 
     /* Report the amount of data we copied to the output buffer. In case
      * of errors (bad padding or output too large), the value of *olen
@@ -967,7 +972,7 @@
      * to the good case limits the risks of leaking the padding validity. */
     *olen = plaintext_size;
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 1e4a3ab..c4a32c7 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -44,7 +44,7 @@
  *
  * \return          Zero if \p value is zero, otherwise all-bits-one.
  */
-unsigned mbedtls_ct_uint_mask( unsigned value );
+unsigned mbedtls_ct_uint_mask(unsigned value);
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 
@@ -59,7 +59,7 @@
  *
  * \return          Zero if \p value is zero, otherwise all-bits-one.
  */
-size_t mbedtls_ct_size_mask( size_t value );
+size_t mbedtls_ct_size_mask(size_t value);
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
 
@@ -76,7 +76,7 @@
  *
  * \return          Zero if \p value is zero, otherwise all-bits-one.
  */
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value );
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask(mbedtls_mpi_uint value);
 
 #endif /* MBEDTLS_BIGNUM_C */
 
@@ -95,8 +95,8 @@
  * \return      All-bits-one if \p x is greater or equal than \p y,
  *              otherwise zero.
  */
-size_t mbedtls_ct_size_mask_ge( size_t x,
-                                size_t y );
+size_t mbedtls_ct_size_mask_ge(size_t x,
+                               size_t y);
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
 
@@ -111,8 +111,8 @@
  *
  * \return      1 if \p x equals to \p y, otherwise 0.
  */
-unsigned mbedtls_ct_size_bool_eq( size_t x,
-                                  size_t y );
+unsigned mbedtls_ct_size_bool_eq(size_t x,
+                                 size_t y);
 
 #if defined(MBEDTLS_BIGNUM_C)
 
@@ -126,8 +126,8 @@
  *
  * \return      1 if \p x is less than \p y, otherwise 0.
  */
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
-                                 const mbedtls_mpi_uint y );
+unsigned mbedtls_ct_mpi_uint_lt(const mbedtls_mpi_uint x,
+                                const mbedtls_mpi_uint y);
 
 /**
  * \brief          Check if one unsigned MPI is less than another in constant
@@ -144,9 +144,9 @@
  *                 \c 1 if \p A is less than \p B.
  *                 \c 0 if \p A is greater than or equal to \p B.
  */
-unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A,
-                                 const mbedtls_mpi_uint *B,
-                                 size_t limbs);
+unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
+                                const mbedtls_mpi_uint *B,
+                                size_t limbs);
 #endif /* MBEDTLS_BIGNUM_C */
 
 /** Choose between two integer values without branches.
@@ -160,9 +160,9 @@
  *
  * \return  \c if1 if \p condition is nonzero, otherwise \c if0.
  */
-unsigned mbedtls_ct_uint_if( unsigned condition,
-                             unsigned if1,
-                             unsigned if0 );
+unsigned mbedtls_ct_uint_if(unsigned condition,
+                            unsigned if1,
+                            unsigned if0);
 
 #if defined(MBEDTLS_BIGNUM_C)
 
@@ -178,10 +178,10 @@
  *                      initialized MPI.
  * \param condition     Condition to test, must be 0 or 1.
  */
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
-                                      mbedtls_mpi_uint *dest,
-                                      const mbedtls_mpi_uint *src,
-                                      unsigned char condition );
+void mbedtls_ct_mpi_uint_cond_assign(size_t n,
+                                     mbedtls_mpi_uint *dest,
+                                     const mbedtls_mpi_uint *src,
+                                     unsigned char condition);
 
 #endif /* MBEDTLS_BIGNUM_C */
 
@@ -196,7 +196,7 @@
  *
  * \return          A base64 digit converted from \p value.
  */
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value );
+unsigned char mbedtls_ct_base64_enc_char(unsigned char value);
 
 /** Given a Base64 digit, return its value.
  *
@@ -210,7 +210,7 @@
  *
  * \return      The value of the base64 digit \p c.
  */
-signed char mbedtls_ct_base64_dec_value( unsigned char c );
+signed char mbedtls_ct_base64_dec_value(unsigned char c);
 
 #endif /* MBEDTLS_BASE64_C */
 
@@ -227,10 +227,10 @@
  * \param c1        The first value to analyze in the condition.
  * \param c2        The second value to analyze in the condition.
  */
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
-                              const unsigned char *src,
-                              size_t len,
-                              size_t c1, size_t c2 );
+void mbedtls_ct_memcpy_if_eq(unsigned char *dest,
+                             const unsigned char *src,
+                             size_t len,
+                             size_t c1, size_t c2);
 
 /** Copy data from a secret position with constant flow.
  *
@@ -258,12 +258,12 @@
  * \param offset_max    The maximal value of \p offset.
  * \param len           The number of bytes to copy.
  */
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
-                               const unsigned char *src,
-                               size_t offset,
-                               size_t offset_min,
-                               size_t offset_max,
-                               size_t len );
+void mbedtls_ct_memcpy_offset(unsigned char *dest,
+                              const unsigned char *src,
+                              size_t offset,
+                              size_t offset_min,
+                              size_t offset_max,
+                              size_t len);
 
 /** Compute the HMAC of variable-length data with constant flow.
  *
@@ -302,24 +302,24 @@
  *         The hardware accelerator failed.
  */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
-                     psa_algorithm_t alg,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output );
+int mbedtls_ct_hmac(mbedtls_svc_key_id_t key,
+                    psa_algorithm_t alg,
+                    const unsigned char *add_data,
+                    size_t add_data_len,
+                    const unsigned char *data,
+                    size_t data_len_secret,
+                    size_t min_data_len,
+                    size_t max_data_len,
+                    unsigned char *output);
 #else
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output );
+int mbedtls_ct_hmac(mbedtls_md_context_t *ctx,
+                    const unsigned char *add_data,
+                    size_t add_data_len,
+                    const unsigned char *data,
+                    size_t data_len_secret,
+                    size_t min_data_len,
+                    size_t max_data_len,
+                    unsigned char *output);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -352,11 +352,11 @@
  * \return      #MBEDTLS_ERR_RSA_INVALID_PADDING
  *              The input doesn't contain properly formatted padding.
  */
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
-                                          size_t ilen,
-                                          unsigned char *output,
-                                          size_t output_max_len,
-                                          size_t *olen );
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input,
+                                         size_t ilen,
+                                         unsigned char *output,
+                                         size_t output_max_len,
+                                         size_t *olen);
 
 #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
 
diff --git a/library/constant_time_invasive.h b/library/constant_time_invasive.h
index 4620ca1..c176b28 100644
--- a/library/constant_time_invasive.h
+++ b/library/constant_time_invasive.h
@@ -42,9 +42,9 @@
  *
  * \return      All-bits-one if \p low <= \p c <= \p high, otherwise zero.
  */
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
-                                              unsigned char high,
-                                              unsigned char c );
+unsigned char mbedtls_ct_uchar_mask_of_range(unsigned char low,
+                                             unsigned char high,
+                                             unsigned char c);
 
 #endif /* MBEDTLS_TEST_HOOKS */
 
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index f5c5e7b..13fa6d4 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -41,10 +41,10 @@
 /*
  * CTR_DRBG context initialization
  */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
+void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
-    mbedtls_aes_init( &ctx->aes_ctx );
+    memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));
+    mbedtls_aes_init(&ctx->aes_ctx);
     /* Indicate that the entropy nonce length is not set explicitly.
      * See mbedtls_ctr_drbg_set_nonce_len(). */
     ctx->reseed_counter = -1;
@@ -56,50 +56,55 @@
  *  This function resets CTR_DRBG context to the state immediately
  *  after initial call of mbedtls_ctr_drbg_init().
  */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
+void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
     /* The mutex is initialized iff f_entropy is set. */
-    if( ctx->f_entropy != NULL )
-        mbedtls_mutex_free( &ctx->mutex );
+    if (ctx->f_entropy != NULL) {
+        mbedtls_mutex_free(&ctx->mutex);
+    }
 #endif
-    mbedtls_aes_free( &ctx->aes_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
+    mbedtls_aes_free(&ctx->aes_ctx);
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
     ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
     ctx->reseed_counter = -1;
 }
 
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
-                                                 int resistance )
+void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
+                                                int resistance)
 {
     ctx->prediction_resistance = resistance;
 }
 
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
-                                       size_t len )
+void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
+                                      size_t len)
 {
     ctx->entropy_len = len;
 }
 
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
-                                    size_t len )
+int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,
+                                   size_t len)
 {
     /* If mbedtls_ctr_drbg_seed() has already been called, it's
      * too late. Return the error code that's closest to making sense. */
-    if( ctx->f_entropy != NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+    if (ctx->f_entropy != NULL) {
+        return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
+    }
 
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 #if SIZE_MAX > INT_MAX
     /* This shouldn't be an issue because
      * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
      * configuration, but make sure anyway. */
-    if( len > INT_MAX )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (len > INT_MAX) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 #endif
 
     /* For backward compatibility with Mbed TLS <= 2.19, store the
@@ -107,17 +112,17 @@
      * used until after the initial seeding. */
     /* Due to the capping of len above, the value fits in an int. */
     ctx->reseed_counter = (int) len;
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
-                                           int interval )
+void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
+                                          int interval)
 {
     ctx->reseed_interval = interval;
 }
 
-static int block_cipher_df( unsigned char *output,
-                            const unsigned char *data, size_t data_len )
+static int block_cipher_df(unsigned char *output,
+                           const unsigned char *data, size_t data_len)
 {
     unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
                       MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
@@ -131,12 +136,13 @@
     int i, j;
     size_t buf_len, use_len;
 
-    if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
-    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
-            MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
-    mbedtls_aes_init( &aes_ctx );
+    memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
+           MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
+    mbedtls_aes_init(&aes_ctx);
 
     /*
      * Construct IV (16 bytes) and S in buffer
@@ -146,47 +152,44 @@
      *     (Total is padded to a multiple of 16-bytes with zeroes)
      */
     p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
+    MBEDTLS_PUT_UINT32_BE(data_len, p, 0);
     p += 4 + 3;
     *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
-    memcpy( p, data, data_len );
+    memcpy(p, data, data_len);
     p[data_len] = 0x80;
 
     buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
 
-    for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
+    for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) {
         key[i] = i;
+    }
 
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
+    if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
         goto exit;
     }
 
     /*
      * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
      */
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
         p = buf;
-        memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
         use_len = buf_len;
 
-        while( use_len > 0 )
-        {
-            mbedtls_xor( chain, chain, p, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        while (use_len > 0) {
+            mbedtls_xor(chain, chain, p, MBEDTLS_CTR_DRBG_BLOCKSIZE);
             p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-            use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
+            use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
                        MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
 
-            if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                               chain, chain ) ) != 0 )
-            {
+            if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                             chain, chain)) != 0) {
                 goto exit;
             }
         }
 
-        memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE);
 
         /*
          * Update IV
@@ -197,42 +200,38 @@
     /*
      * Do final encryption with reduced data
      */
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
+    if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
         goto exit;
     }
     iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
     p = output;
 
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           iv, iv ) ) != 0 )
-        {
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
+        if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                         iv, iv)) != 0) {
             goto exit;
         }
-        memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
         p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
     }
 exit:
-    mbedtls_aes_free( &aes_ctx );
+    mbedtls_aes_free(&aes_ctx);
     /*
-    * tidy up the stack
-    */
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-    mbedtls_platform_zeroize( chain, sizeof( chain ) );
-    if( 0 != ret )
-    {
+     * tidy up the stack
+     */
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    mbedtls_platform_zeroize(tmp, sizeof(tmp));
+    mbedtls_platform_zeroize(key, sizeof(key));
+    mbedtls_platform_zeroize(chain, sizeof(chain));
+    if (0 != ret) {
         /*
-        * wipe partial seed from memory
-        */
-        mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
+         * wipe partial seed from memory
+         */
+        mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN);
     }
 
-    return( ret );
+    return ret;
 }
 
 /* CTR_DRBG_Update (SP 800-90A &sect;10.2.1.2)
@@ -243,54 +242,54 @@
  *   ctx->aes_ctx = Key
  *   ctx->counter = V
  */
-static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
-                          const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
+static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
+                                    const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN])
 {
     unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
     unsigned char *p = tmp;
     int i, j;
     int ret = 0;
 
-    memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+    memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
 
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
         /*
          * Increase counter
          */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
+        for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
+            if (++ctx->counter[i - 1] != 0) {
                 break;
+            }
+        }
 
         /*
          * Crypt counter block
          */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, p ) ) != 0 )
-        {
+        if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                         ctx->counter, p)) != 0) {
             goto exit;
         }
 
         p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
     }
 
-    for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
+    for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
         tmp[i] ^= data[i];
+    }
 
     /*
      * Update key and counter
      */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
+    if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
         goto exit;
     }
-    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
-            MBEDTLS_CTR_DRBG_BLOCKSIZE );
+    memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
+           MBEDTLS_CTR_DRBG_BLOCKSIZE);
 
 exit:
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( ret );
+    mbedtls_platform_zeroize(tmp, sizeof(tmp));
+    return ret;
 }
 
 /* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@@ -305,24 +304,27 @@
  * and with outputs
  *   ctx = initial_working_state
  */
-int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                                 const unsigned char *additional,
-                                 size_t add_len )
+int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
+                            const unsigned char *additional,
+                            size_t add_len)
 {
     unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( add_len == 0 )
-        return( 0 );
+    if (add_len == 0) {
+        return 0;
+    }
 
-    if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+    if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
         goto exit;
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+    }
+    if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
-    return( ret );
+    mbedtls_platform_zeroize(add_input, sizeof(add_input));
+    return ret;
 }
 
 /* CTR_DRBG_Reseed with derivation function (SP 800-90A &sect;10.2.1.4.2)
@@ -338,66 +340,67 @@
  * and with output
  *   ctx contains new_working_state
  */
-static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
-                                             const unsigned char *additional,
-                                             size_t len,
-                                             size_t nonce_len )
+static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx,
+                                            const unsigned char *additional,
+                                            size_t len,
+                                            size_t nonce_len)
 {
     unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
     size_t seedlen = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-    if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
+    if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
+    if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
-    memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+    memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
 
     /* Gather entropy_len bytes of entropy to seed state. */
-    if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
-    {
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+    if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
+        return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
     }
     seedlen += ctx->entropy_len;
 
     /* Gather entropy for a nonce if requested. */
-    if( nonce_len != 0 )
-    {
-        if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
-        {
-            return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+    if (nonce_len != 0) {
+        if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
+            return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
         }
         seedlen += nonce_len;
     }
 
     /* Add additional data if provided. */
-    if( additional != NULL && len != 0 )
-    {
-        memcpy( seed + seedlen, additional, len );
+    if (additional != NULL && len != 0) {
+        memcpy(seed + seedlen, additional, len);
         seedlen += len;
     }
 
     /* Reduce to 384 bits. */
-    if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
+    if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) {
         goto exit;
+    }
 
     /* Update state. */
-    if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
+    if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {
         goto exit;
+    }
     ctx->reseed_counter = 1;
 
 exit:
-    mbedtls_platform_zeroize( seed, sizeof( seed ) );
-    return( ret );
+    mbedtls_platform_zeroize(seed, sizeof(seed));
+    return ret;
 }
 
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                             const unsigned char *additional, size_t len )
+int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
+                            const unsigned char *additional, size_t len)
 {
-    return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
+    return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);
 }
 
 /* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
@@ -405,12 +408,13 @@
  * size and entropy length. If there is enough entropy in the initial
  * call to the entropy function to serve as both the entropy input and
  * the nonce, don't make a second call to get a nonce. */
-static size_t good_nonce_len( size_t entropy_len )
+static size_t good_nonce_len(size_t entropy_len)
 {
-    if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
-        return( 0 );
-    else
-        return( ( entropy_len + 1 ) / 2 );
+    if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) {
+        return 0;
+    } else {
+        return (entropy_len + 1) / 2;
+    }
 }
 
 /* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@@ -424,50 +428,49 @@
  * and with outputs
  *   ctx = initial_working_state
  */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                           int (*f_entropy)(void *, unsigned char *, size_t),
-                           void *p_entropy,
-                           const unsigned char *custom,
-                           size_t len )
+int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
+                          int (*f_entropy)(void *, unsigned char *, size_t),
+                          void *p_entropy,
+                          const unsigned char *custom,
+                          size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
     size_t nonce_len;
 
-    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
+    memset(key, 0, MBEDTLS_CTR_DRBG_KEYSIZE);
 
     /* The mutex is initialized iff f_entropy is set. */
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 
     ctx->f_entropy = f_entropy;
     ctx->p_entropy = p_entropy;
 
-    if( ctx->entropy_len == 0 )
+    if (ctx->entropy_len == 0) {
         ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+    }
     /* ctx->reseed_counter contains the desired amount of entropy to
      * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
      * If it's -1, indicating that the entropy nonce length was not set
      * explicitly, use a sufficiently large nonce for security. */
-    nonce_len = ( ctx->reseed_counter >= 0 ?
-                  (size_t) ctx->reseed_counter :
-                  good_nonce_len( ctx->entropy_len ) );
+    nonce_len = (ctx->reseed_counter >= 0 ?
+                 (size_t) ctx->reseed_counter :
+                 good_nonce_len(ctx->entropy_len));
 
     /* Initialize with an empty key. */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
+        return ret;
     }
 
     /* Do the initial seeding. */
-    if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len,
-                                                  nonce_len ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
+                                                nonce_len)) != 0) {
+        return ret;
     }
-    return( 0 );
+    return 0;
 }
 
 /* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
@@ -489,9 +492,9 @@
  *   returned_bits = output[:output_len]
  *   ctx contains new_working_state
  */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len )
+int mbedtls_ctr_drbg_random_with_add(void *p_rng,
+                                     unsigned char *output, size_t output_len,
+                                     const unsigned char *additional, size_t add_len)
 {
     int ret = 0;
     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
@@ -501,165 +504,169 @@
     int i;
     size_t use_len;
 
-    if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
+    if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
+        return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG;
+    }
 
-    if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
-    memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+    memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
 
-    if( ctx->reseed_counter > ctx->reseed_interval ||
-        ctx->prediction_resistance )
-    {
-        if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-        {
-            return( ret );
+    if (ctx->reseed_counter > ctx->reseed_interval ||
+        ctx->prediction_resistance) {
+        if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
+            return ret;
         }
         add_len = 0;
     }
 
-    if( add_len > 0 )
-    {
-        if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+    if (add_len > 0) {
+        if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
             goto exit;
-        if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+        }
+        if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
             goto exit;
+        }
     }
 
-    while( output_len > 0 )
-    {
+    while (output_len > 0) {
         /*
          * Increase counter
          */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
+        for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
+            if (++ctx->counter[i - 1] != 0) {
                 break;
+            }
+        }
 
         /*
          * Crypt counter block
          */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, tmp ) ) != 0 )
-        {
+        if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
+                                         ctx->counter, tmp)) != 0) {
             goto exit;
         }
 
-        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
+        use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE)
             ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
         /*
          * Copy random block to destination
          */
-        memcpy( p, tmp, use_len );
+        memcpy(p, tmp, use_len);
         p += use_len;
         output_len -= use_len;
     }
 
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+    if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
         goto exit;
+    }
 
     ctx->reseed_counter++;
 
 exit:
-    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( ret );
+    mbedtls_platform_zeroize(add_input, sizeof(add_input));
+    mbedtls_platform_zeroize(tmp, sizeof(tmp));
+    return ret;
 }
 
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
-                             size_t output_len )
+int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
+                            size_t output_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
+    ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
-                                      const char *path )
+int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
+                                     const char *path)
 {
     int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
     FILE *f;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
 
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+    if ((f = fopen(path, "wb")) == NULL) {
+        return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
-                                         MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
+    if ((ret = mbedtls_ctr_drbg_random(ctx, buf,
+                                       MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) {
         goto exit;
-
-    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
-        MBEDTLS_CTR_DRBG_MAX_INPUT )
-    {
-        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
     }
-    else
-    {
+
+    if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
+        MBEDTLS_CTR_DRBG_MAX_INPUT) {
+        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    } else {
         ret = 0;
     }
 
 exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    fclose( f );
-    return( ret );
+    fclose(f);
+    return ret;
 }
 
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
-                                       const char *path )
+int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
+                                      const char *path)
 {
     int ret = 0;
     FILE *f = NULL;
     size_t n;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
     unsigned char c;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    n = fread( buf, 1, sizeof( buf ), f );
-    if( fread( &c, 1, 1, f ) != 0 )
-    {
+    n = fread(buf, 1, sizeof(buf), f);
+    if (fread(&c, 1, 1, f) != 0) {
         ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
         goto exit;
     }
-    if( n == 0 || ferror( f ) )
-    {
+    if (n == 0 || ferror(f)) {
         ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
         goto exit;
     }
-    fclose( f );
+    fclose(f);
     f = NULL;
 
-    ret = mbedtls_ctr_drbg_update( ctx, buf, n );
+    ret = mbedtls_ctr_drbg_update(ctx, buf, n);
 
 exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    if( f != NULL )
-        fclose( f );
-    if( ret != 0 )
-        return( ret );
-    return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    if (f != NULL) {
+        fclose(f);
+    }
+    if (ret != 0) {
+        return ret;
+    }
+    return mbedtls_ctr_drbg_write_seed_file(ctx, path);
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -690,192 +697,197 @@
 
 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
 static const unsigned char entropy_source_pr[] =
-    { 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
-      0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
-      0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
-      0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
-      0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
-      0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
-      0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
+{ 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
+  0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
+  0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
+  0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
+  0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
+  0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
+  0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
 
 static const unsigned char entropy_source_nopr[] =
-    { 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
-      0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
-      0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
-      0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
-      0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
+{ 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
+  0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
+  0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
+  0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
+  0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
 
 static const unsigned char pers_pr[] =
-    { 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
-      0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
+{ 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
+  0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
 
 static const unsigned char pers_nopr[] =
-    { 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
-      0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
+{ 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
+  0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
 
 static const unsigned char result_pr[] =
-    { 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
-      0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
-      0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
-      0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
-      0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
-      0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
-      0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
-      0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
+{ 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
+  0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
+  0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
+  0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
+  0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
+  0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
+  0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
+  0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
 
 static const unsigned char result_nopr[] =
-    { 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
-      0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
-      0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
-      0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
-      0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
-      0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
-      0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
-      0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
+{ 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
+  0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
+  0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
+  0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
+  0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
+  0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
+  0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
+  0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
 #else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
 
 static const unsigned char entropy_source_pr[] =
-    { 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
-      0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
-      0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
-      0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
-      0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15,
-      0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45,
-      0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8,
-      0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c,
-      0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3,
-      0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce,
-      0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
-      0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
-      0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
-      0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
+{ 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
+  0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
+  0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
+  0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
+  0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15,
+  0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45,
+  0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8,
+  0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c,
+  0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3,
+  0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce,
+  0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
+  0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
+  0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
+  0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
 
 static const unsigned char entropy_source_nopr[] =
-    { 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
-      0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
-      0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
-      0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
-      0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2,
-      0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1,
-      0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
-      0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
-      0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
-      0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
+{ 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
+  0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
+  0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
+  0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
+  0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2,
+  0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1,
+  0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
+  0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
+  0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
+  0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
 
 static const unsigned char pers_pr[] =
-    { 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
-      0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
-      0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
-      0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
+{ 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
+  0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
+  0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
+  0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
 
 static const unsigned char pers_nopr[] =
-    { 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
-      0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
-      0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
-      0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
+{ 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
+  0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
+  0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
+  0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
 
 static const unsigned char result_pr[] =
-    { 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
-      0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
-      0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
-      0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
-      0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
-      0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
-      0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
-      0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
+{ 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
+  0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
+  0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
+  0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
+  0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
+  0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
+  0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
+  0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
 
 static const unsigned char result_nopr[] =
-    { 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
-      0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
-      0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
-      0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
-      0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
-      0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
-      0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
-      0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
+{ 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
+  0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
+  0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
+  0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
+  0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
+  0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
+  0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
+  0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
 #endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
 
 static size_t test_offset;
-static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
-                                       size_t len )
+static int ctr_drbg_self_test_entropy(void *data, unsigned char *buf,
+                                      size_t len)
 {
     const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
+    memcpy(buf, p + test_offset, len);
     test_offset += len;
-    return( 0 );
+    return 0;
 }
 
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
+#define CHK(c)    if ((c) != 0)                          \
+    {                                       \
+        if (verbose != 0)                  \
+        mbedtls_printf("failed\n");  \
+        return 1;                        \
+    }
 
 #define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
 
 /*
  * Checkup routine
  */
-int mbedtls_ctr_drbg_self_test( int verbose )
+int mbedtls_ctr_drbg_self_test(int verbose)
 {
     mbedtls_ctr_drbg_context ctx;
-    unsigned char buf[ sizeof( result_pr ) ];
+    unsigned char buf[sizeof(result_pr)];
 
-    mbedtls_ctr_drbg_init( &ctx );
+    mbedtls_ctr_drbg_init(&ctx);
 
     /*
      * Based on a NIST CTR_DRBG test vector (PR = True)
      */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = TRUE) : " );
+    if (verbose != 0) {
+        mbedtls_printf("  CTR_DRBG (PR = TRUE) : ");
+    }
 
     test_offset = 0;
-    mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE );
-    mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
-    CHK( mbedtls_ctr_drbg_seed( &ctx,
-                                ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_pr,
-                                pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
-    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) );
-    CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) );
+    mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
+    mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);
+    CHK(mbedtls_ctr_drbg_seed(&ctx,
+                              ctr_drbg_self_test_entropy,
+                              (void *) entropy_source_pr,
+                              pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE));
+    mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON);
+    CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));
+    CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_pr)));
+    CHK(memcmp(buf, result_pr, sizeof(result_pr)));
 
-    mbedtls_ctr_drbg_free( &ctx );
+    mbedtls_ctr_drbg_free(&ctx);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
     /*
      * Based on a NIST CTR_DRBG test vector (PR = FALSE)
      */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = FALSE): " );
+    if (verbose != 0) {
+        mbedtls_printf("  CTR_DRBG (PR = FALSE): ");
+    }
 
-    mbedtls_ctr_drbg_init( &ctx );
+    mbedtls_ctr_drbg_init(&ctx);
 
     test_offset = 0;
-    mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
-    mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
-    CHK( mbedtls_ctr_drbg_seed( &ctx,
-                                ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_nopr,
-                                pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
-    CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) );
-    CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) );
+    mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
+    mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);
+    CHK(mbedtls_ctr_drbg_seed(&ctx,
+                              ctr_drbg_self_test_entropy,
+                              (void *) entropy_source_nopr,
+                              pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE));
+    CHK(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0));
+    CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));
+    CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_nopr)));
+    CHK(memcmp(buf, result_nopr, sizeof(result_nopr)));
 
-    mbedtls_ctr_drbg_free( &ctx );
+    mbedtls_ctr_drbg_free(&ctx);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-            mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/library/debug.c b/library/debug.c
index 78ce9ce..12559af 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -34,7 +34,7 @@
 
 static int debug_threshold = 0;
 
-void mbedtls_debug_set_threshold( int threshold )
+void mbedtls_debug_set_threshold(int threshold)
 {
     debug_threshold = threshold;
 }
@@ -42,9 +42,9 @@
 /*
  * All calls to f_dbg must be made via this function
  */
-static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
-                                    const char *file, int line,
-                                    const char *str )
+static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level,
+                                   const char *file, int line,
+                                   const char *str)
 {
     /*
      * If in a threaded environment, we need a thread identifier.
@@ -53,54 +53,51 @@
      */
 #if defined(MBEDTLS_THREADING_C)
     char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
-    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
+    mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *) ssl, str);
+    ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr);
 #else
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+    ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str);
 #endif
 }
 
 MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... )
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *format, ...)
 {
     va_list argp;
     char str[DEBUG_BUF_SIZE];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
-    va_start( argp, format );
-    ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-    va_end( argp );
+    va_start(argp, format);
+    ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
+    va_end(argp);
 
-    if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
-    {
+    if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
         str[ret]     = '\n';
         str[ret + 1] = '\0';
     }
 
-    debug_send_line( ssl, level, file, line, str );
+    debug_send_line(ssl, level, file, line, str);
 }
 
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret )
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, int ret)
 {
     char str[DEBUG_BUF_SIZE];
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
@@ -109,246 +106,232 @@
      * the logs would be quickly flooded with WANT_READ, so ignore that.
      * Don't ignore WANT_WRITE however, since it is usually rare.
      */
-    if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+    if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
         return;
+    }
 
-    mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
-              text, ret, (unsigned int) -ret );
+    mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n",
+                     text, ret, (unsigned int) -ret);
 
-    debug_send_line( ssl, level, file, line, str );
+    debug_send_line(ssl, level, file, line, str);
 }
 
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len )
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line, const char *text,
+                             const unsigned char *buf, size_t len)
 {
     char str[DEBUG_BUF_SIZE];
     char txt[17];
     size_t i, idx = 0;
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
-    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
-              text, (unsigned int) len );
+    mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n",
+                     text, (unsigned int) len);
 
-    debug_send_line( ssl, level, file, line, str );
+    debug_send_line(ssl, level, file, line, str);
 
     idx = 0;
-    memset( txt, 0, sizeof( txt ) );
-    for( i = 0; i < len; i++ )
-    {
-        if( i >= 4096 )
+    memset(txt, 0, sizeof(txt));
+    for (i = 0; i < len; i++) {
+        if (i >= 4096) {
             break;
+        }
 
-        if( i % 16 == 0 )
-        {
-            if( i > 0 )
-            {
-                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-                debug_send_line( ssl, level, file, line, str );
+        if (i % 16 == 0) {
+            if (i > 0) {
+                mbedtls_snprintf(str + idx, sizeof(str) - idx, "  %s\n", txt);
+                debug_send_line(ssl, level, file, line, str);
 
                 idx = 0;
-                memset( txt, 0, sizeof( txt ) );
+                memset(txt, 0, sizeof(txt));
             }
 
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
-                             (unsigned int) i );
+            idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ",
+                                    (unsigned int) i);
 
         }
 
-        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x",
-                         (unsigned int) buf[i] );
-        txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
+        idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x",
+                                (unsigned int) buf[i]);
+        txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
     }
 
-    if( len > 0 )
-    {
-        for( /* i = i */; i % 16 != 0; i++ )
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "   " );
+    if (len > 0) {
+        for (/* i = i */; i % 16 != 0; i++) {
+            idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "   ");
+        }
 
-        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-        debug_send_line( ssl, level, file, line, str );
+        mbedtls_snprintf(str + idx, sizeof(str) - idx, "  %s\n", txt);
+        debug_send_line(ssl, level, file, line, str);
     }
 }
 
 #if defined(MBEDTLS_ECP_C)
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X )
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_ecp_point *X)
 {
     char str[DEBUG_BUF_SIZE];
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
-    mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
+    mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
+    mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X);
 
-    mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y );
+    mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
+    mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y);
 }
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X )
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_mpi *X)
 {
     char str[DEBUG_BUF_SIZE];
     size_t bitlen;
     size_t idx = 0;
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
         NULL == X                ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
-    bitlen = mbedtls_mpi_bitlen( X );
+    bitlen = mbedtls_mpi_bitlen(X);
 
-    mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
-                      text, (unsigned) bitlen );
-    debug_send_line( ssl, level, file, line, str );
+    mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
+                     text, (unsigned) bitlen);
+    debug_send_line(ssl, level, file, line, str);
 
-    if( bitlen == 0 )
-    {
+    if (bitlen == 0) {
         str[0] = ' '; str[1] = '0'; str[2] = '0';
         idx = 3;
-    }
-    else
-    {
+    } else {
         int n;
-        for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
-        {
-            size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
-            size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
+        for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
+            size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
+            size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
             unsigned char octet =
-                ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
-            mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
+                (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
+            mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
             idx += 3;
             /* Wrap lines after 16 octets that each take 3 columns */
-            if( idx >= 3 * 16 )
-            {
-                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-                debug_send_line( ssl, level, file, line, str );
+            if (idx >= 3 * 16) {
+                mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+                debug_send_line(ssl, level, file, line, str);
                 idx = 0;
             }
         }
     }
 
-    if( idx != 0 )
-    {
-        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-        debug_send_line( ssl, level, file, line, str );
+    if (idx != 0) {
+        mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+        debug_send_line(ssl, level, file, line, str);
     }
 }
 #endif /* MBEDTLS_BIGNUM_C */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
-static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
-                            const char *file, int line,
-                            const char *text, const mbedtls_pk_context *pk )
+static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
+                           const char *file, int line,
+                           const char *text, const mbedtls_pk_context *pk)
 {
     size_t i;
     mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
     char name[16];
 
-    memset( items, 0, sizeof( items ) );
+    memset(items, 0, sizeof(items));
 
-    if( mbedtls_pk_debug( pk, items ) != 0 )
-    {
-        debug_send_line( ssl, level, file, line,
-                          "invalid PK context\n" );
+    if (mbedtls_pk_debug(pk, items) != 0) {
+        debug_send_line(ssl, level, file, line,
+                        "invalid PK context\n");
         return;
     }
 
-    for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
-    {
-        if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
+    for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
+        if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
             return;
+        }
 
-        mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
-        name[sizeof( name ) - 1] = '\0';
+        mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
+        name[sizeof(name) - 1] = '\0';
 
-        if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
-            mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value );
-        else
+        if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
+            mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
+        } else
 #if defined(MBEDTLS_ECP_C)
-        if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
-            mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
-        else
+        if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
+            mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
+        } else
 #endif
-            debug_send_line( ssl, level, file, line,
-                              "should not happen\n" );
+        { debug_send_line(ssl, level, file, line,
+                          "should not happen\n"); }
     }
 }
 
-static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
-                                      const char *file, int line, const char *text )
+static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level,
+                                     const char *file, int line, const char *text)
 {
     char str[DEBUG_BUF_SIZE];
     const char *start, *cur;
 
     start = text;
-    for( cur = text; *cur != '\0'; cur++ )
-    {
-        if( *cur == '\n' )
-        {
+    for (cur = text; *cur != '\0'; cur++) {
+        if (*cur == '\n') {
             size_t len = cur - start + 1;
-            if( len > DEBUG_BUF_SIZE - 1 )
+            if (len > DEBUG_BUF_SIZE - 1) {
                 len = DEBUG_BUF_SIZE - 1;
+            }
 
-            memcpy( str, start, len );
+            memcpy(str, start, len);
             str[len] = '\0';
 
-            debug_send_line( ssl, level, file, line, str );
+            debug_send_line(ssl, level, file, line, str);
 
             start = cur + 1;
         }
     }
 }
 
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt )
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_x509_crt *crt)
 {
     char str[DEBUG_BUF_SIZE];
     int i = 0;
 
-    if( NULL == ssl              ||
+    if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
         NULL == crt              ||
-        level > debug_threshold )
-    {
+        level > debug_threshold) {
         return;
     }
 
-    while( crt != NULL )
-    {
+    while (crt != NULL) {
         char buf[1024];
 
-        mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
-        debug_send_line( ssl, level, file, line, str );
+        mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
+        debug_send_line(ssl, level, file, line, str);
 
-        mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
-        debug_print_line_by_line( ssl, level, file, line, buf );
+        mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+        debug_print_line_by_line(ssl, level, file, line, buf);
 
-        debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
+        debug_print_pk(ssl, level, file, line, "crt->", &crt->pk);
 
         crt = crt->next;
     }
@@ -356,50 +339,48 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */
 
 #if defined(MBEDTLS_ECDH_C)
-static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
-                                                int level, const char *file,
-                                                int line,
-                                                const mbedtls_ecdh_context *ecdh,
-                                                mbedtls_debug_ecdh_attr attr )
+static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl,
+                                               int level, const char *file,
+                                               int line,
+                                               const mbedtls_ecdh_context *ecdh,
+                                               mbedtls_debug_ecdh_attr attr)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    const mbedtls_ecdh_context* ctx = ecdh;
+    const mbedtls_ecdh_context *ctx = ecdh;
 #else
-    const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
+    const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
 #endif
 
-    switch( attr )
-    {
+    switch (attr) {
         case MBEDTLS_DEBUG_ECDH_Q:
-            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
-                                     &ctx->Q );
+            mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
+                                    &ctx->Q);
             break;
         case MBEDTLS_DEBUG_ECDH_QP:
-            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
-                                     &ctx->Qp );
+            mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp",
+                                    &ctx->Qp);
             break;
         case MBEDTLS_DEBUG_ECDH_Z:
-            mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
-                                     &ctx->z );
+            mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z",
+                                    &ctx->z);
             break;
         default:
             break;
     }
 }
 
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
-                                const char *file, int line,
-                                const mbedtls_ecdh_context *ecdh,
-                                mbedtls_debug_ecdh_attr attr )
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
+                               const char *file, int line,
+                               const mbedtls_ecdh_context *ecdh,
+                               mbedtls_debug_ecdh_attr attr)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
+    mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
 #else
-    switch( ecdh->var )
-    {
+    switch (ecdh->var) {
         default:
-            mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
-                                                attr );
+            mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
+                                               attr);
     }
 #endif
 }
diff --git a/library/des.c b/library/des.c
index c56d4d4..eaddf28 100644
--- a/library/des.c
+++ b/library/des.c
@@ -222,7 +222,7 @@
 /*
  * Initial Permutation macro
  */
-#define DES_IP(X,Y)                                                       \
+#define DES_IP(X, Y)                                                       \
     do                                                                    \
     {                                                                     \
         T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
@@ -232,12 +232,12 @@
         (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF;                    \
         T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T;                 \
         (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF;                    \
-    } while( 0 )
+    } while (0)
 
 /*
  * Final Permutation macro
  */
-#define DES_FP(X,Y)                                                       \
+#define DES_FP(X, Y)                                                       \
     do                                                                    \
     {                                                                     \
         (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF;                    \
@@ -247,90 +247,103 @@
         T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
         T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
         T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
-    } while( 0 )
+    } while (0)
 
 /*
  * DES round macro
  */
-#define DES_ROUND(X,Y)                              \
+#define DES_ROUND(X, Y)                              \
     do                                              \
     {                                               \
         T = *SK++ ^ (X);                            \
-        (Y) ^= SB8[ (T      ) & 0x3F ] ^            \
-               SB6[ (T >>  8) & 0x3F ] ^            \
-               SB4[ (T >> 16) & 0x3F ] ^            \
-               SB2[ (T >> 24) & 0x3F ];             \
+        (Y) ^= SB8[(T) & 0x3F] ^            \
+               SB6[(T >>  8) & 0x3F] ^            \
+               SB4[(T >> 16) & 0x3F] ^            \
+               SB2[(T >> 24) & 0x3F];             \
                                                     \
         T = *SK++ ^ (((X) << 28) | ((X) >> 4));     \
-        (Y) ^= SB7[ (T      ) & 0x3F ] ^            \
-               SB5[ (T >>  8) & 0x3F ] ^            \
-               SB3[ (T >> 16) & 0x3F ] ^            \
-               SB1[ (T >> 24) & 0x3F ];             \
-    } while( 0 )
+        (Y) ^= SB7[(T) & 0x3F] ^            \
+               SB5[(T >>  8) & 0x3F] ^            \
+               SB3[(T >> 16) & 0x3F] ^            \
+               SB1[(T >> 24) & 0x3F];             \
+    } while (0)
 
-#define SWAP(a,b)                                       \
+#define SWAP(a, b)                                       \
     do                                                  \
     {                                                   \
         uint32_t t = (a); (a) = (b); (b) = t; t = 0;    \
-    } while( 0 )
+    } while (0)
 
-void mbedtls_des_init( mbedtls_des_context *ctx )
+void mbedtls_des_init(mbedtls_des_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_des_context ) );
+    memset(ctx, 0, sizeof(mbedtls_des_context));
 }
 
-void mbedtls_des_free( mbedtls_des_context *ctx )
+void mbedtls_des_free(mbedtls_des_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
 }
 
-void mbedtls_des3_init( mbedtls_des3_context *ctx )
+void mbedtls_des3_init(mbedtls_des3_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_des3_context ) );
+    memset(ctx, 0, sizeof(mbedtls_des3_context));
 }
 
-void mbedtls_des3_free( mbedtls_des3_context *ctx )
+void mbedtls_des3_free(mbedtls_des3_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
 }
 
 static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
-        11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
-        47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
-        82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
-        115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
-        143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
-        171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
-        199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
-        227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
-        254 };
+                                                     11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
+                                                     35, 37, 38, 41, 42, 44,
+                                                     47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
+                                                     70, 73, 74, 76, 79, 81,
+                                                     82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
+                                                     104, 107, 109, 110, 112,
+                                                     115, 117, 118, 121, 122, 124, 127, 128, 131,
+                                                     133, 134, 137, 138, 140,
+                                                     143, 145, 146, 148, 151, 152, 155, 157, 158,
+                                                     161, 162, 164, 167, 168,
+                                                     171, 173, 174, 176, 179, 181, 182, 185, 186,
+                                                     188, 191, 193, 194, 196,
+                                                     199, 200, 203, 205, 206, 208, 211, 213, 214,
+                                                     217, 218, 220, 223, 224,
+                                                     227, 229, 230, 233, 234, 236, 239, 241, 242,
+                                                     244, 247, 248, 251, 253,
+                                                     254 };
 
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
 
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
         key[i] = odd_parity_table[key[i] / 2];
+    }
 }
 
 /*
  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
  */
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
 
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
-        if( key[i] != odd_parity_table[key[i] / 2] )
-            return( 1 );
+    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
+        if (key[i] != odd_parity_table[key[i] / 2]) {
+            return 1;
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -377,41 +390,43 @@
     { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
 };
 
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
 
-    for( i = 0; i < WEAK_KEY_COUNT; i++ )
-        if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
-            return( 1 );
+    for (i = 0; i < WEAK_KEY_COUNT; i++) {
+        if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
+            return 1;
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DES_SETKEY_ALT)
-void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
     uint32_t X, Y, T;
 
-    X = MBEDTLS_GET_UINT32_BE( key, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( key, 4 );
+    X = MBEDTLS_GET_UINT32_BE(key, 0);
+    Y = MBEDTLS_GET_UINT32_BE(key, 4);
 
     /*
      * Permuted Choice 1
      */
     T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
-    T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
+    T =  ((Y) ^ X) & 0x10101010;  X ^= T; Y ^= (T);
 
-    X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
-        | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
-        | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
-        | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
+    X =   (LHs[(X) & 0xF] << 3) | (LHs[(X >>  8) & 0xF] << 2)
+        | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF])
+        | (LHs[(X >>  5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF] << 6)
+        | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF] << 4);
 
-    Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
-        | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
-        | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
-        | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
+    Y =   (RHs[(Y >>  1) & 0xF] << 3) | (RHs[(Y >>  9) & 0xF] << 2)
+        | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF])
+        | (RHs[(Y >>  4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF] << 6)
+        | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF] << 4);
 
     X &= 0x0FFFFFFF;
     Y &= 0x0FFFFFFF;
@@ -419,15 +434,11 @@
     /*
      * calculate subkeys
      */
-    for( i = 0; i < 16; i++ )
-    {
-        if( i < 2 || i == 8 || i == 15 )
-        {
+    for (i = 0; i < 16; i++) {
+        if (i < 2 || i == 8 || i == 15) {
             X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
             Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
-        }
-        else
-        {
+        } else {
             X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
             Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
         }
@@ -439,7 +450,7 @@
                 | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
                 | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
                 | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
-                | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
+                | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100)
                 | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
                 | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
                 | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
@@ -452,7 +463,7 @@
                 | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
                 | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
                 | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
-                | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
+                | ((Y) & 0x00000200) | ((Y <<  7) & 0x00000100)
                 | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
                 | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
     }
@@ -462,52 +473,50 @@
 /*
  * DES key schedule (56-bit, encryption)
  */
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
-    mbedtls_des_setkey( ctx->sk, key );
+    mbedtls_des_setkey(ctx->sk, key);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * DES key schedule (56-bit, decryption)
  */
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
 
-    mbedtls_des_setkey( ctx->sk, key );
+    mbedtls_des_setkey(ctx->sk, key);
 
-    for( i = 0; i < 16; i += 2 )
-    {
-        SWAP( ctx->sk[i    ], ctx->sk[30 - i] );
-        SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
+    for (i = 0; i < 16; i += 2) {
+        SWAP(ctx->sk[i], ctx->sk[30 - i]);
+        SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
     }
 
-    return( 0 );
+    return 0;
 }
 
-static void des3_set2key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
+static void des3_set2key(uint32_t esk[96],
+                         uint32_t dsk[96],
+                         const unsigned char key[MBEDTLS_DES_KEY_SIZE*2])
 {
     int i;
 
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key + 8 );
+    mbedtls_des_setkey(esk, key);
+    mbedtls_des_setkey(dsk + 32, key + 8);
 
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[30 - i];
+    for (i = 0; i < 32; i += 2) {
+        dsk[i] = esk[30 - i];
         dsk[i +  1] = esk[31 - i];
 
         esk[i + 32] = dsk[62 - i];
         esk[i + 33] = dsk[63 - i];
 
-        esk[i + 64] = esk[i    ];
+        esk[i + 64] = esk[i];
         esk[i + 65] = esk[i + 1];
 
-        dsk[i + 64] = dsk[i    ];
+        dsk[i + 64] = dsk[i];
         dsk[i + 65] = dsk[i + 1];
     }
 }
@@ -515,44 +524,43 @@
 /*
  * Triple-DES key schedule (112-bit, encryption)
  */
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
 {
     uint32_t sk[96];
 
-    des3_set2key( ctx->sk, sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
+    des3_set2key(ctx->sk, sk, key);
+    mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Triple-DES key schedule (112-bit, decryption)
  */
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2])
 {
     uint32_t sk[96];
 
-    des3_set2key( sk, ctx->sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
+    des3_set2key(sk, ctx->sk, key);
+    mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
-static void des3_set3key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[24] )
+static void des3_set3key(uint32_t esk[96],
+                         uint32_t dsk[96],
+                         const unsigned char key[24])
 {
     int i;
 
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key +  8 );
-    mbedtls_des_setkey( esk + 64, key + 16 );
+    mbedtls_des_setkey(esk, key);
+    mbedtls_des_setkey(dsk + 32, key +  8);
+    mbedtls_des_setkey(esk + 64, key + 16);
 
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[94 - i];
+    for (i = 0; i < 32; i += 2) {
+        dsk[i] = esk[94 - i];
         dsk[i +  1] = esk[95 - i];
 
         esk[i + 32] = dsk[62 - i];
@@ -566,61 +574,60 @@
 /*
  * Triple-DES key schedule (168-bit, encryption)
  */
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
 {
     uint32_t sk[96];
 
-    des3_set3key( ctx->sk, sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
+    des3_set3key(ctx->sk, sk, key);
+    mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Triple-DES key schedule (168-bit, decryption)
  */
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3])
 {
     uint32_t sk[96];
 
-    des3_set3key( sk, ctx->sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
+    des3_set3key(sk, ctx->sk, key);
+    mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * DES-ECB block encryption/decryption
  */
 #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] )
+int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
+                          const unsigned char input[8],
+                          unsigned char output[8])
 {
     int i;
     uint32_t X, Y, T, *SK;
 
     SK = ctx->sk;
 
-    X = MBEDTLS_GET_UINT32_BE( input, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
+    X = MBEDTLS_GET_UINT32_BE(input, 0);
+    Y = MBEDTLS_GET_UINT32_BE(input, 4);
 
-    DES_IP( X, Y );
+    DES_IP(X, Y);
 
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
+    for (i = 0; i < 8; i++) {
+        DES_ROUND(Y, X);
+        DES_ROUND(X, Y);
     }
 
-    DES_FP( Y, X );
+    DES_FP(Y, X);
 
-    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
+    MBEDTLS_PUT_UINT32_BE(Y, output, 0);
+    MBEDTLS_PUT_UINT32_BE(X, output, 4);
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
 
@@ -628,47 +635,45 @@
 /*
  * DES-CBC buffer encryption/decryption
  */
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output )
+int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
+                          int mode,
+                          size_t length,
+                          unsigned char iv[8],
+                          const unsigned char *input,
+                          unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+    if (length % 8) {
+        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            mbedtls_xor( output, input, iv, 8 );
+    if (mode == MBEDTLS_DES_ENCRYPT) {
+        while (length > 0) {
+            mbedtls_xor(output, input, iv, 8);
 
-            ret = mbedtls_des_crypt_ecb( ctx, output, output );
-            if( ret != 0 )
+            ret = mbedtls_des_crypt_ecb(ctx, output, output);
+            if (ret != 0) {
                 goto exit;
-            memcpy( iv, output, 8 );
+            }
+            memcpy(iv, output, 8);
 
             input  += 8;
             output += 8;
             length -= 8;
         }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            ret = mbedtls_des_crypt_ecb( ctx, input, output );
-            if( ret != 0 )
+    } else { /* MBEDTLS_DES_DECRYPT */
+        while (length > 0) {
+            memcpy(temp, input, 8);
+            ret = mbedtls_des_crypt_ecb(ctx, input, output);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            mbedtls_xor( output, output, iv, 8 );
+            mbedtls_xor(output, output, iv, 8);
 
-            memcpy( iv, temp, 8 );
+            memcpy(iv, temp, 8);
 
             input  += 8;
             output += 8;
@@ -678,7 +683,7 @@
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -686,44 +691,41 @@
  * 3DES-ECB block encryption/decryption
  */
 #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] )
+int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
+                           const unsigned char input[8],
+                           unsigned char output[8])
 {
     int i;
     uint32_t X, Y, T, *SK;
 
     SK = ctx->sk;
 
-    X = MBEDTLS_GET_UINT32_BE( input, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
+    X = MBEDTLS_GET_UINT32_BE(input, 0);
+    Y = MBEDTLS_GET_UINT32_BE(input, 4);
 
-    DES_IP( X, Y );
+    DES_IP(X, Y);
 
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
+    for (i = 0; i < 8; i++) {
+        DES_ROUND(Y, X);
+        DES_ROUND(X, Y);
     }
 
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( X, Y );
-        DES_ROUND( Y, X );
+    for (i = 0; i < 8; i++) {
+        DES_ROUND(X, Y);
+        DES_ROUND(Y, X);
     }
 
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
+    for (i = 0; i < 8; i++) {
+        DES_ROUND(Y, X);
+        DES_ROUND(X, Y);
     }
 
-    DES_FP( Y, X );
+    DES_FP(Y, X);
 
-    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
+    MBEDTLS_PUT_UINT32_BE(Y, output, 0);
+    MBEDTLS_PUT_UINT32_BE(X, output, 4);
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
 
@@ -731,47 +733,45 @@
 /*
  * 3DES-CBC buffer encryption/decryption
  */
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output )
+int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[8],
+                           const unsigned char *input,
+                           unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+    if (length % 8) {
+        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            mbedtls_xor( output, input, iv, 8 );
+    if (mode == MBEDTLS_DES_ENCRYPT) {
+        while (length > 0) {
+            mbedtls_xor(output, input, iv, 8);
 
-            ret = mbedtls_des3_crypt_ecb( ctx, output, output );
-            if( ret != 0 )
+            ret = mbedtls_des3_crypt_ecb(ctx, output, output);
+            if (ret != 0) {
                 goto exit;
-            memcpy( iv, output, 8 );
+            }
+            memcpy(iv, output, 8);
 
             input  += 8;
             output += 8;
             length -= 8;
         }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            ret = mbedtls_des3_crypt_ecb( ctx, input, output );
-            if( ret != 0 )
+    } else { /* MBEDTLS_DES_DECRYPT */
+        while (length > 0) {
+            memcpy(temp, input, 8);
+            ret = mbedtls_des3_crypt_ecb(ctx, input, output);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            mbedtls_xor( output, output, iv, 8 );
+            mbedtls_xor(output, output, iv, 8);
 
-            memcpy( iv, temp, 8 );
+            memcpy(iv, temp, 8);
 
             input  += 8;
             output += 8;
@@ -781,7 +781,7 @@
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -843,7 +843,7 @@
 /*
  * Checkup routine
  */
-int mbedtls_des_self_test( int verbose )
+int mbedtls_des_self_test(int verbose)
 {
     int i, j, u, v, ret = 0;
     mbedtls_des_context ctx;
@@ -854,194 +854,199 @@
     unsigned char iv[8];
 #endif
 
-    mbedtls_des_init( &ctx );
-    mbedtls_des3_init( &ctx3 );
+    mbedtls_des_init(&ctx);
+    mbedtls_des3_init(&ctx3);
     /*
      * ECB mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
+        if (verbose != 0) {
+            mbedtls_printf("  DES%c-ECB-%3d (%s): ",
+                           (u == 0) ? ' ' : '3', 56 + u * 56,
+                           (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
         }
-        if( ret != 0 )
+
+        memcpy(buf, des3_test_buf, 8);
+
+        switch (i) {
+            case 0:
+                ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
+                break;
+
+            case 1:
+                ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
+                break;
+
+            case 2:
+                ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
+                break;
+
+            case 3:
+                ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
+                break;
+
+            case 4:
+                ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
+                break;
+
+            case 5:
+                ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
+                break;
+
+            default:
+                return 1;
+        }
+        if (ret != 0) {
             goto exit;
-
-        for( j = 0; j < 100; j++ )
-        {
-            if( u == 0 )
-                ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
-            else
-                ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
-            if( ret != 0 )
-                goto exit;
         }
 
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        for (j = 0; j < 100; j++) {
+            if (u == 0) {
+                ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
+            } else {
+                ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
+            }
+            if (ret != 0) {
+                goto exit;
+            }
+        }
+
+        if ((v == MBEDTLS_DES_DECRYPT &&
+             memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
+            (v != MBEDTLS_DES_DECRYPT &&
+             memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /*
      * CBC mode
      */
-    for( i = 0; i < 6; i++ )
-    {
+    for (i = 0; i < 6; i++) {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  des3_test_iv,  8 );
-        memcpy( prv, des3_test_iv,  8 );
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
+        if (verbose != 0) {
+            mbedtls_printf("  DES%c-CBC-%3d (%s): ",
+                           (u == 0) ? ' ' : '3', 56 + u * 56,
+                           (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
         }
-        if( ret != 0 )
+
+        memcpy(iv,  des3_test_iv,  8);
+        memcpy(prv, des3_test_iv,  8);
+        memcpy(buf, des3_test_buf, 8);
+
+        switch (i) {
+            case 0:
+                ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
+                break;
+
+            case 1:
+                ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys);
+                break;
+
+            case 2:
+                ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys);
+                break;
+
+            case 3:
+                ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys);
+                break;
+
+            case 4:
+                ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys);
+                break;
+
+            case 5:
+                ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys);
+                break;
+
+            default:
+                return 1;
+        }
+        if (ret != 0) {
             goto exit;
-
-        if( v == MBEDTLS_DES_DECRYPT )
-        {
-            for( j = 0; j < 100; j++ )
-            {
-                if( u == 0 )
-                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-                if( ret != 0 )
-                    goto exit;
-            }
         }
-        else
-        {
-            for( j = 0; j < 100; j++ )
-            {
+
+        if (v == MBEDTLS_DES_DECRYPT) {
+            for (j = 0; j < 100; j++) {
+                if (u == 0) {
+                    ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
+                } else {
+                    ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
+                }
+                if (ret != 0) {
+                    goto exit;
+                }
+            }
+        } else {
+            for (j = 0; j < 100; j++) {
                 unsigned char tmp[8];
 
-                if( u == 0 )
-                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-                if( ret != 0 )
+                if (u == 0) {
+                    ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
+                } else {
+                    ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
+                }
+                if (ret != 0) {
                     goto exit;
+                }
 
-                memcpy( tmp, prv, 8 );
-                memcpy( prv, buf, 8 );
-                memcpy( buf, tmp, 8 );
+                memcpy(tmp, prv, 8);
+                memcpy(prv, buf, 8);
+                memcpy(buf, tmp, 8);
             }
 
-            memcpy( buf, prv, 8 );
+            memcpy(buf, prv, 8);
         }
 
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        if ((v == MBEDTLS_DES_DECRYPT &&
+             memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
+            (v != MBEDTLS_DES_DECRYPT &&
+             memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 exit:
-    mbedtls_des_free( &ctx );
-    mbedtls_des3_free( &ctx3 );
+    mbedtls_des_free(&ctx);
+    mbedtls_des3_free(&ctx3);
 
-    if( ret != 0 )
+    if (ret != 0) {
         ret = 1;
-    return( ret );
+    }
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/dhm.c b/library/dhm.c
index 6ee5402..94137a2 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -50,27 +50,30 @@
 /*
  * helper to validate the mbedtls_mpi size and import it
  */
-static int dhm_read_bignum( mbedtls_mpi *X,
-                            unsigned char **p,
-                            const unsigned char *end )
+static int dhm_read_bignum(mbedtls_mpi *X,
+                           unsigned char **p,
+                           const unsigned char *end)
 {
     int ret, n;
 
-    if( end - *p < 2 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if (end - *p < 2) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    n = ( (*p)[0] << 8 ) | (*p)[1];
+    n = ((*p)[0] << 8) | (*p)[1];
     (*p) += 2;
 
-    if( (int)( end - *p ) < n )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if ((int) (end - *p) < n) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
+    if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret);
+    }
 
     (*p) += n;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -85,48 +88,46 @@
  *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
  *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
  */
-static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
+static int dhm_check_range(const mbedtls_mpi *param, const mbedtls_mpi *P)
 {
     mbedtls_mpi U;
     int ret = 0;
 
-    mbedtls_mpi_init( &U );
+    mbedtls_mpi_init(&U);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
 
-    if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
-        mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
-    {
+    if (mbedtls_mpi_cmp_int(param, 2) < 0 ||
+        mbedtls_mpi_cmp_mpi(param, &U) > 0) {
         ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
 
 cleanup:
-    mbedtls_mpi_free( &U );
-    return( ret );
+    mbedtls_mpi_free(&U);
+    return ret;
 }
 
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
+void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
+    memset(ctx, 0, sizeof(mbedtls_dhm_context));
 }
 
-size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
+size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
 {
-    return( mbedtls_mpi_bitlen( &ctx->P ) );
+    return mbedtls_mpi_bitlen(&ctx->P);
 }
 
-size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
+size_t mbedtls_dhm_get_len(const mbedtls_dhm_context *ctx)
 {
-    return( mbedtls_mpi_size( &ctx->P ) );
+    return mbedtls_mpi_size(&ctx->P);
 }
 
-int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
-                           mbedtls_dhm_parameter param,
-                           mbedtls_mpi *dest )
+int mbedtls_dhm_get_value(const mbedtls_dhm_context *ctx,
+                          mbedtls_dhm_parameter param,
+                          mbedtls_mpi *dest)
 {
     const mbedtls_mpi *src = NULL;
-    switch( param )
-    {
+    switch (param) {
         case MBEDTLS_DHM_PARAM_P:
             src = &ctx->P;
             break;
@@ -146,191 +147,202 @@
             src = &ctx->K;
             break;
         default:
-            return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
-    return( mbedtls_mpi_copy( dest, src ) );
+    return mbedtls_mpi_copy(dest, src);
 }
 
 /*
  * Parse the ServerKeyExchange parameters
  */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                     unsigned char **p,
-                     const unsigned char *end )
+int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
+                            unsigned char **p,
+                            const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
-        return( ret );
+    if ((ret = dhm_read_bignum(&ctx->P,  p, end)) != 0 ||
+        (ret = dhm_read_bignum(&ctx->G,  p, end)) != 0 ||
+        (ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
+    if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Pick a random R in the range [2, M-2] for blinding or key generation.
  */
-static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int dhm_random_below(mbedtls_mpi *R, const mbedtls_mpi *M,
+                            int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_random(R, 3, M, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
-static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng)
 {
     int ret = 0;
 
-    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-    if( x_size < 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
+    if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
-    else
-    {
+    if (x_size < 0) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
+
+    if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
+    } else {
         /* Generate X as large as possible ( <= P - 2 ) */
-        ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
-        if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-            return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
-        if( ret != 0 )
-            return( ret );
+        ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng);
+        if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
+            return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED;
+        }
+        if (ret != 0) {
+            return ret;
+        }
     }
 
     /*
      * Calculate GX = G^X mod P
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
-                          &ctx->P , &ctx->RP ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
+                                        &ctx->P, &ctx->RP));
 
-    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
-        return( ret );
+    if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) {
+        return ret;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Setup and write the ServerKeyExchange parameters
  */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size,
+                            unsigned char *output, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     int ret;
     size_t n1, n2, n3;
     unsigned char *p;
 
-    ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
-    if( ret != 0 )
+    ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /*
      * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
      * not required". We omit leading zeros for compactness.
      */
-#define DHM_MPI_EXPORT( X, n )                                          \
+#define DHM_MPI_EXPORT(X, n)                                          \
     do {                                                                \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ),               \
-                                                   p + 2,               \
-                                                   ( n ) ) );           \
-        *p++ = MBEDTLS_BYTE_1( n );                                     \
-        *p++ = MBEDTLS_BYTE_0( n );                                     \
-        p += ( n );                                                     \
-    } while( 0 )
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((X),               \
+                                                 p + 2,               \
+                                                 (n)));           \
+        *p++ = MBEDTLS_BYTE_1(n);                                     \
+        *p++ = MBEDTLS_BYTE_0(n);                                     \
+        p += (n);                                                     \
+    } while (0)
 
-    n1 = mbedtls_mpi_size( &ctx->P  );
-    n2 = mbedtls_mpi_size( &ctx->G  );
-    n3 = mbedtls_mpi_size( &ctx->GX );
+    n1 = mbedtls_mpi_size(&ctx->P);
+    n2 = mbedtls_mpi_size(&ctx->G);
+    n3 = mbedtls_mpi_size(&ctx->GX);
 
     p = output;
-    DHM_MPI_EXPORT( &ctx->P , n1 );
-    DHM_MPI_EXPORT( &ctx->G , n2 );
-    DHM_MPI_EXPORT( &ctx->GX, n3 );
+    DHM_MPI_EXPORT(&ctx->P, n1);
+    DHM_MPI_EXPORT(&ctx->G, n2);
+    DHM_MPI_EXPORT(&ctx->GX, n3);
 
     *olen = p - output;
 
 cleanup:
-    if( ret != 0 && ret > -128 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
-    return( ret );
+    if (ret != 0 && ret > -128) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret);
+    }
+    return ret;
 }
 
 /*
  * Set prime modulus and generator
  */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G )
+int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
+                          const mbedtls_mpi *P,
+                          const mbedtls_mpi *G)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
+    if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
+        (ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Import the peer's public value G^Y
  */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen )
+int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
+                            const unsigned char *input, size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if (ilen < 1 || ilen > mbedtls_dhm_get_len(ctx)) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
+    if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Create own private value X and export G^X
  */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size,
+                            unsigned char *output, size_t olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     int ret;
 
-    if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if (olen < 1 || olen > mbedtls_dhm_get_len(ctx)) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
-    if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
-        return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
-    if( ret != 0 )
+    ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
+    if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) {
+        return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED;
+    }
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));
 
 cleanup:
-    if( ret != 0 && ret > -128 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret );
-    return( ret );
+    if (ret != 0 && ret > -128) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret);
+    }
+    return ret;
 }
 
 
@@ -340,40 +352,38 @@
  *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
  *  Berlin Heidelberg, 1996. p. 104-113.
  */
-static int dhm_update_blinding( mbedtls_dhm_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int dhm_update_blinding(mbedtls_dhm_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret;
     mbedtls_mpi R;
 
-    mbedtls_mpi_init( &R );
+    mbedtls_mpi_init(&R);
 
     /*
      * Don't use any blinding the first time a particular X is used,
      * but remember it to use blinding next time.
      */
-    if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
+    if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
 
-        return( 0 );
+        return 0;
     }
 
     /*
      * Ok, we need blinding. Can we re-use existing values?
      * If yes, just update them by squaring them.
      */
-    if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
+    if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
 
-        return( 0 );
+        return 0;
     }
 
     /*
@@ -381,103 +391,108 @@
      */
 
     /* Vi = random( 2, P-2 ) */
-    MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(dhm_random_below(&ctx->Vi, &ctx->P, f_rng, p_rng));
 
     /* Vf = Vi^-X mod P
      * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod),
      * then elevate to the Xth power. */
-    MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+    MBEDTLS_MPI_CHK(dhm_random_below(&R, &ctx->P, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vi, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->Vf, &ctx->Vf, &ctx->P));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP));
 
 cleanup:
-    mbedtls_mpi_free( &R );
+    mbedtls_mpi_free(&R);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Derive and export the shared secret (G^Y)^X mod P
  */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
+                            unsigned char *output, size_t output_size, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi GYb;
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( output_size < mbedtls_dhm_get_len( ctx ) )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+    if (output_size < mbedtls_dhm_get_len(ctx)) {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
+    if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
+        return ret;
+    }
 
-    mbedtls_mpi_init( &GYb );
+    mbedtls_mpi_init(&GYb);
 
     /* Blind peer's value */
-    MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
+    MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));
 
     /* Do modular exponentiation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
-                          &ctx->P, &ctx->RP ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X,
+                                        &ctx->P, &ctx->RP));
 
     /* Unblind secret value */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));
 
     /* Output the secret without any leading zero byte. This is mandatory
      * for TLS per RFC 5246 §8.1.2. */
-    *olen = mbedtls_mpi_size( &ctx->K );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
+    *olen = mbedtls_mpi_size(&ctx->K);
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->K, output, *olen));
 
 cleanup:
-    mbedtls_mpi_free( &GYb );
+    mbedtls_mpi_free(&GYb);
 
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Free the components of a DHM key
  */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
+void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_mpi_free( &ctx->pX );
-    mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->Vi );
-    mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->K  );
-    mbedtls_mpi_free( &ctx->GY );
-    mbedtls_mpi_free( &ctx->GX );
-    mbedtls_mpi_free( &ctx->X  );
-    mbedtls_mpi_free( &ctx->G  );
-    mbedtls_mpi_free( &ctx->P  );
+    mbedtls_mpi_free(&ctx->pX);
+    mbedtls_mpi_free(&ctx->Vf);
+    mbedtls_mpi_free(&ctx->Vi);
+    mbedtls_mpi_free(&ctx->RP);
+    mbedtls_mpi_free(&ctx->K);
+    mbedtls_mpi_free(&ctx->GY);
+    mbedtls_mpi_free(&ctx->GX);
+    mbedtls_mpi_free(&ctx->X);
+    mbedtls_mpi_free(&ctx->G);
+    mbedtls_mpi_free(&ctx->P);
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_dhm_context));
 }
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 /*
  * Parse DHM parameters
  */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                   size_t dhminlen )
+int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                          size_t dhminlen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -487,28 +502,28 @@
 #endif /* MBEDTLS_PEM_PARSE_C */
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
+    mbedtls_pem_init(&pem);
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
+    if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN DH PARAMETERS-----",
-                               "-----END DH PARAMETERS-----",
-                               dhmin, NULL, 0, &dhminlen );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN DH PARAMETERS-----",
+                                      "-----END DH PARAMETERS-----",
+                                      dhmin, NULL, 0, &dhminlen);
+    }
 
-    if( ret == 0 )
-    {
+    if (ret == 0) {
         /*
          * Was PEM encoded
          */
         dhminlen = pem.buflen;
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
         goto exit;
+    }
 
-    p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
+    p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
 #else
     p = (unsigned char *) dhmin;
 #endif /* MBEDTLS_PEM_PARSE_C */
@@ -521,39 +536,34 @@
      *      privateValueLength INTEGER OPTIONAL
      *  }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
         goto exit;
     }
 
     end = p + len;
 
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P  ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+    if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
+        (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
         goto exit;
     }
 
-    if( p != end )
-    {
+    if (p != end) {
         /* This might be the optional privateValueLength.
          * If so, we can cleanly discard it */
         mbedtls_mpi rec;
-        mbedtls_mpi_init( &rec );
-        ret = mbedtls_asn1_get_mpi( &p, end, &rec );
-        mbedtls_mpi_free( &rec );
-        if ( ret != 0 )
-        {
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
+        mbedtls_mpi_init(&rec);
+        ret = mbedtls_asn1_get_mpi(&p, end, &rec);
+        mbedtls_mpi_free(&rec);
+        if (ret != 0) {
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
             goto exit;
         }
-        if ( p != end )
-        {
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+        if (p != end) {
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT,
+                                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
             goto exit;
         }
     }
@@ -562,12 +572,13 @@
 
 exit:
 #if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_free( &pem );
+    mbedtls_pem_free(&pem);
 #endif
-    if( ret != 0 )
-        mbedtls_dhm_free( dhm );
+    if (ret != 0) {
+        mbedtls_dhm_free(dhm);
+    }
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_FS_IO)
@@ -578,70 +589,70 @@
  * A terminating null byte is always appended. It is included in the announced
  * length only if the data looks like it is PEM encoded.
  */
-static int load_file( const char *path, unsigned char **buf, size_t *n )
+static int load_file(const char *path, unsigned char **buf, size_t *n)
 {
     FILE *f;
     long size;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
+    }
     /* The data loaded here is public, so don't bother disabling buffering. */
 
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+    fseek(f, 0, SEEK_END);
+    if ((size = ftell(f)) == -1) {
+        fclose(f);
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
     }
-    fseek( f, 0, SEEK_SET );
+    fseek(f, 0, SEEK_SET);
 
     *n = (size_t) size;
 
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
+    if (*n + 1 == 0 ||
+        (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+        fclose(f);
+        return MBEDTLS_ERR_DHM_ALLOC_FAILED;
     }
 
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
+    if (fread(*buf, 1, *n, f) != *n) {
+        fclose(f);
 
-        mbedtls_platform_zeroize( *buf, *n + 1 );
-        mbedtls_free( *buf );
+        mbedtls_platform_zeroize(*buf, *n + 1);
+        mbedtls_free(*buf);
 
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
     }
 
-    fclose( f );
+    fclose(f);
 
     (*buf)[*n] = '\0';
 
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+    if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
         ++*n;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Load and parse DHM parameters
  */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
+int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
+    ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 #endif /* MBEDTLS_ASN1_PARSE_C */
@@ -651,60 +662,63 @@
 
 #if defined(MBEDTLS_PEM_PARSE_C)
 static const char mbedtls_test_dhm_params[] =
-"-----BEGIN DH PARAMETERS-----\r\n"
-"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
-"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
-"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
-"-----END DH PARAMETERS-----\r\n";
+    "-----BEGIN DH PARAMETERS-----\r\n"
+    "MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
+    "1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
+    "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
+    "-----END DH PARAMETERS-----\r\n";
 #else /* MBEDTLS_PEM_PARSE_C */
 static const char mbedtls_test_dhm_params[] = {
-  0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
-  0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
-  0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
-  0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
-  0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
-  0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
-  0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
-  0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
-  0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
-  0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
-  0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
-  0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
+    0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
+    0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
+    0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
+    0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
+    0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
+    0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
+    0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
+    0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
+    0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
+    0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
+    0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
+    0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
+};
 #endif /* MBEDTLS_PEM_PARSE_C */
 
-static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
+static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
 
 /*
  * Checkup routine
  */
-int mbedtls_dhm_self_test( int verbose )
+int mbedtls_dhm_self_test(int verbose)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_dhm_context dhm;
 
-    mbedtls_dhm_init( &dhm );
+    mbedtls_dhm_init(&dhm);
 
-    if( verbose != 0 )
-        mbedtls_printf( "  DHM parameter load: " );
+    if (verbose != 0) {
+        mbedtls_printf("  DHM parameter load: ");
+    }
 
-    if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
-                    (const unsigned char *) mbedtls_test_dhm_params,
-                    mbedtls_test_dhm_params_len ) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if ((ret = mbedtls_dhm_parse_dhm(&dhm,
+                                     (const unsigned char *) mbedtls_test_dhm_params,
+                                     mbedtls_test_dhm_params_len)) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto exit;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n\n");
+    }
 
 exit:
-    mbedtls_dhm_free( &dhm );
+    mbedtls_dhm_free(&dhm);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ecdh.c b/library/ecdh.c
index c9c2e06..b529af5 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -39,20 +39,20 @@
 #endif
 
 static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
-    const mbedtls_ecdh_context *ctx )
+    const mbedtls_ecdh_context *ctx)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ctx->grp.id );
+    return ctx->grp.id;
 #else
-    return( ctx->grp_id );
+    return ctx->grp_id;
 #endif
 }
 
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
+int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid)
 {
     /* At this time, all groups support ECDH. */
     (void) gid;
-    return( 1 );
+    return 1;
 }
 
 #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@@ -63,37 +63,38 @@
  * the output parameter 'd' across continuation calls. This would not be
  * acceptable for a public function but is OK here as we control call sites.
  */
-static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
-                    mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecdh_gen_public_restartable(mbedtls_ecp_group *grp,
+                                       mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                                       int (*f_rng)(void *, unsigned char *, size_t),
+                                       void *p_rng,
+                                       mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     int restarting = 0;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
+    restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
 #endif
     /* If multiplication is in progress, we already generated a privkey */
-    if( !restarting )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
+    if (!restarting) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
-                                                  f_rng, p_rng, rs_ctx ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
+                                                f_rng, p_rng, rs_ctx));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate public key
  */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
-    return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
+    return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
 
@@ -101,73 +102,72 @@
 /*
  * Compute shared secret (SEC1 3.3.1)
  */
-static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
-                         mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecdh_compute_shared_restartable(mbedtls_ecp_group *grp,
+                                           mbedtls_mpi *z,
+                                           const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                                           int (*f_rng)(void *, unsigned char *, size_t),
+                                           void *p_rng,
+                                           mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point P;
 
-    mbedtls_ecp_point_init( &P );
+    mbedtls_ecp_point_init(&P);
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q,
-                                                  f_rng, p_rng, rs_ctx ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
+                                                f_rng, p_rng, rs_ctx));
 
-    if( mbedtls_ecp_is_zero( &P ) )
-    {
+    if (mbedtls_ecp_is_zero(&P)) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(z, &P.X));
 
 cleanup:
-    mbedtls_ecp_point_free( &P );
+    mbedtls_ecp_point_free(&P);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Compute shared secret (SEC1 3.3.1)
  */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng )
+int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                                const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng)
 {
-    return( ecdh_compute_shared_restartable( grp, z, Q, d,
-                                             f_rng, p_rng, NULL ) );
+    return ecdh_compute_shared_restartable(grp, z, Q, d,
+                                           f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
 
-static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
+static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx)
 {
-    mbedtls_ecp_group_init( &ctx->grp );
-    mbedtls_mpi_init( &ctx->d  );
-    mbedtls_ecp_point_init( &ctx->Q   );
-    mbedtls_ecp_point_init( &ctx->Qp  );
-    mbedtls_mpi_init( &ctx->z  );
+    mbedtls_ecp_group_init(&ctx->grp);
+    mbedtls_mpi_init(&ctx->d);
+    mbedtls_ecp_point_init(&ctx->Q);
+    mbedtls_ecp_point_init(&ctx->Qp);
+    mbedtls_mpi_init(&ctx->z);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_init( &ctx->rs );
+    mbedtls_ecp_restart_init(&ctx->rs);
 #endif
 }
 
 /*
  * Initialize context
  */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    ecdh_init_internal( ctx );
-    mbedtls_ecp_point_init( &ctx->Vi  );
-    mbedtls_ecp_point_init( &ctx->Vf  );
-    mbedtls_mpi_init( &ctx->_d );
+    ecdh_init_internal(ctx);
+    mbedtls_ecp_point_init(&ctx->Vi);
+    mbedtls_ecp_point_init(&ctx->Vf);
+    mbedtls_mpi_init(&ctx->_d);
 #else
-    memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
+    memset(ctx, 0, sizeof(mbedtls_ecdh_context));
 
     ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
 #endif
@@ -177,57 +177,55 @@
 #endif
 }
 
-static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
-                                mbedtls_ecp_group_id grp_id )
+static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx,
+                               mbedtls_ecp_group_id grp_id)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
+    if (ret != 0) {
+        return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Setup context
  */
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
+int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_setup_internal( ctx, grp_id ) );
+    return ecdh_setup_internal(ctx, grp_id);
 #else
-    switch( grp_id )
-    {
+    switch (grp_id) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECP_DP_CURVE25519:
             ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
             ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
             ctx->grp_id = grp_id;
-            return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
+            return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id);
 #endif
         default:
             ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
             ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
             ctx->grp_id = grp_id;
-            ecdh_init_internal( &ctx->ctx.mbed_ecdh );
-            return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+            ecdh_init_internal(&ctx->ctx.mbed_ecdh);
+            return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id);
     }
 #endif
 }
 
-static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
+static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx)
 {
-    mbedtls_ecp_group_free( &ctx->grp );
-    mbedtls_mpi_free( &ctx->d  );
-    mbedtls_ecp_point_free( &ctx->Q   );
-    mbedtls_ecp_point_free( &ctx->Qp  );
-    mbedtls_mpi_free( &ctx->z  );
+    mbedtls_ecp_group_free(&ctx->grp);
+    mbedtls_mpi_free(&ctx->d);
+    mbedtls_ecp_point_free(&ctx->Q);
+    mbedtls_ecp_point_free(&ctx->Qp);
+    mbedtls_mpi_free(&ctx->z);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_free( &ctx->rs );
+    mbedtls_ecp_restart_free(&ctx->rs);
 #endif
 }
 
@@ -235,7 +233,7 @@
 /*
  * Enable restartable operations for context
  */
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx)
 {
     ctx->restart_enabled = 1;
 }
@@ -244,26 +242,26 @@
 /*
  * Free context
  */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
+void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_ecp_point_free( &ctx->Vi );
-    mbedtls_ecp_point_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->_d );
-    ecdh_free_internal( ctx );
+    mbedtls_ecp_point_free(&ctx->Vi);
+    mbedtls_ecp_point_free(&ctx->Vf);
+    mbedtls_mpi_free(&ctx->_d);
+    ecdh_free_internal(ctx);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            mbedtls_everest_free( &ctx->ctx.everest_ecdh );
+            mbedtls_everest_free(&ctx->ctx.everest_ecdh);
             break;
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            ecdh_free_internal( &ctx->ctx.mbed_ecdh );
+            ecdh_free_internal(&ctx->ctx.mbed_ecdh);
             break;
         default:
             break;
@@ -275,14 +273,14 @@
 #endif
 }
 
-static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, int point_format,
-                                      unsigned char *buf, size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
+static int ecdh_make_params_internal(mbedtls_ecdh_context_mbed *ctx,
+                                     size_t *olen, int point_format,
+                                     unsigned char *buf, size_t blen,
+                                     int (*f_rng)(void *,
+                                                  unsigned char *,
+                                                  size_t),
+                                     void *p_rng,
+                                     int restart_enabled)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t grp_len, pt_len;
@@ -290,40 +288,46 @@
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (ctx->grp.pbits == 0) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
 
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
-        return( ret );
+    if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
+                                           f_rng, p_rng, rs_ctx)) != 0) {
+        return ret;
+    }
 #else
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
+                                       f_rng, p_rng)) != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
-                                             blen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
+                                           blen)) != 0) {
+        return ret;
+    }
 
     buf += grp_len;
     blen -= grp_len;
 
-    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
-                                             &pt_len, buf, blen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
+                                           &pt_len, buf, blen)) != 0) {
+        return ret;
+    }
 
     *olen = grp_len + pt_len;
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -333,10 +337,10 @@
  *          ECPoint         public;
  *      } ServerECDHParams;
  */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
+                             unsigned char *buf, size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int restart_enabled = 0;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -346,33 +350,32 @@
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
+    return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
+                                     f_rng, p_rng, restart_enabled);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+            return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
-                                               ctx->point_format, buf, blen,
-                                               f_rng, p_rng,
-                                               restart_enabled ) );
+            return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
+                                             ctx->point_format, buf, blen,
+                                             f_rng, p_rng,
+                                             restart_enabled);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
 
-static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      const unsigned char **buf,
-                                      const unsigned char *end )
+static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx,
+                                     const unsigned char **buf,
+                                     const unsigned char *end)
 {
-    return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
-                                        end - *buf ) );
+    return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
+                                      end - *buf);
 }
 
 /*
@@ -382,155 +385,162 @@
  *          ECPoint         public;
  *      } ServerECDHParams;
  */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                              const unsigned char **buf,
-                              const unsigned char *end )
+int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
+                             const unsigned char **buf,
+                             const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group_id grp_id;
-    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
-            != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
+        != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_params_internal( ctx, buf, end ) );
+    return ecdh_read_params_internal(ctx, buf, end);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
-                                                 buf, end) );
+            return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
+                                               buf, end);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
-                                               buf, end ) );
+            return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
+                                             buf, end);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
 
-static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                     const mbedtls_ecp_keypair *key,
-                                     mbedtls_ecdh_side side )
+static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx,
+                                    const mbedtls_ecp_keypair *key,
+                                    mbedtls_ecdh_side side)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* If it's not our key, just import the public part as Qp */
-    if( side == MBEDTLS_ECDH_THEIRS )
-        return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
+    if (side == MBEDTLS_ECDH_THEIRS) {
+        return mbedtls_ecp_copy(&ctx->Qp, &key->Q);
+    }
 
     /* Our key: import public (as Q) and private parts */
-    if( side != MBEDTLS_ECDH_OURS )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (side != MBEDTLS_ECDH_OURS) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
+        (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Get parameters from a keypair
  */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
-                             const mbedtls_ecp_keypair *key,
-                             mbedtls_ecdh_side side )
+int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
+                            const mbedtls_ecp_keypair *key,
+                            mbedtls_ecdh_side side)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
-    {
+    if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
         /* This is the first call to get_params(). Set up the context
          * for use with the group. */
-        if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
-            return( ret );
-    }
-    else
-    {
+        if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) {
+            return ret;
+        }
+    } else {
         /* This is not the first call to get_params(). Check that the
          * current key's group is the same as the context's, which was set
          * from the first key's group. */
-        if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) {
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        }
     }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_get_params_internal( ctx, key, side ) );
+    return ecdh_get_params_internal(ctx, key, side);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
         {
             mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
-                                                   MBEDTLS_EVEREST_ECDH_OURS :
-                                                   MBEDTLS_EVEREST_ECDH_THEIRS;
-            return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
-                                                key, s) );
+                                          MBEDTLS_EVEREST_ECDH_OURS :
+                                          MBEDTLS_EVEREST_ECDH_THEIRS;
+            return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
+                                              key, s);
         }
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
-                                              key, side ) );
+            return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
+                                            key, side);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
 
-static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, int point_format,
-                                      unsigned char *buf, size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
+static int ecdh_make_public_internal(mbedtls_ecdh_context_mbed *ctx,
+                                     size_t *olen, int point_format,
+                                     unsigned char *buf, size_t blen,
+                                     int (*f_rng)(void *,
+                                                  unsigned char *,
+                                                  size_t),
+                                     void *p_rng,
+                                     int restart_enabled)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (ctx->grp.pbits == 0) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
-        return( ret );
+    if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
+                                           f_rng, p_rng, rs_ctx)) != 0) {
+        return ret;
+    }
 #else
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
+                                       f_rng, p_rng)) != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
-                                        buf, blen );
+    return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
+                                       buf, blen);
 }
 
 /*
  * Setup and export the client public value
  */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
+                             unsigned char *buf, size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int restart_enabled = 0;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -538,125 +548,127 @@
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
+    return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
+                                     f_rng, p_rng, restart_enabled);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+            return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
-                                               ctx->point_format, buf, blen,
-                                               f_rng, p_rng,
-                                               restart_enabled ) );
+            return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
+                                             ctx->point_format, buf, blen,
+                                             f_rng, p_rng,
+                                             restart_enabled);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
 
-static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      const unsigned char *buf, size_t blen )
+static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx,
+                                     const unsigned char *buf, size_t blen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
 
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
-                                            blen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
+                                          blen)) != 0) {
+        return ret;
+    }
 
-    if( (size_t)( p - buf ) != blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if ((size_t) (p - buf) != blen) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse and import the client's public value
  */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                              const unsigned char *buf, size_t blen )
+int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
+                             const unsigned char *buf, size_t blen)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_public_internal( ctx, buf, blen ) );
+    return ecdh_read_public_internal(ctx, buf, blen);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
-                                                 buf, blen ) );
+            return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
+                                               buf, blen);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
-                                                       buf, blen ) );
+            return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
+                                             buf, blen);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
 
-static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, unsigned char *buf,
-                                      size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
+static int ecdh_calc_secret_internal(mbedtls_ecdh_context_mbed *ctx,
+                                     size_t *olen, unsigned char *buf,
+                                     size_t blen,
+                                     int (*f_rng)(void *,
+                                                  unsigned char *,
+                                                  size_t),
+                                     void *p_rng,
+                                     int restart_enabled)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx == NULL || ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->grp.pbits == 0) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
-                                                 &ctx->d, f_rng, p_rng,
-                                                 rs_ctx ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
+                                               &ctx->d, f_rng, p_rng,
+                                               rs_ctx)) != 0) {
+        return ret;
     }
 #else
-    if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp,
-                                             &ctx->d, f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
+                                           &ctx->d, f_rng, p_rng)) != 0) {
+        return ret;
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    if( mbedtls_mpi_size( &ctx->z ) > blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (mbedtls_mpi_size(&ctx->z) > blen) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
+    *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
 
-    if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
+    if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
+    }
 
-    return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
+    return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
 }
 
 /*
  * Derive and export the shared secret
  */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
+                             unsigned char *buf, size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int restart_enabled = 0;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -664,22 +676,21 @@
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
-                                       restart_enabled ) );
+    return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
+                                     restart_enabled);
 #else
-    switch( ctx->var )
-    {
+    switch (ctx->var) {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+            return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
-                                               blen, f_rng, p_rng,
-                                               restart_enabled ) );
+            return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
+                                             blen, f_rng, p_rng,
+                                             restart_enabled);
         default:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }
diff --git a/library/ecdsa.c b/library/ecdsa.c
index c58e331..3ddb82b 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -46,8 +46,7 @@
 /*
  * Sub-context for ecdsa_verify()
  */
-struct mbedtls_ecdsa_restart_ver
-{
+struct mbedtls_ecdsa_restart_ver {
     mbedtls_mpi u1, u2;     /* intermediate values  */
     enum {                  /* what to do next?     */
         ecdsa_ver_init = 0, /* getting started      */
@@ -58,32 +57,32 @@
 /*
  * Init verify restart sub-context
  */
-static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
+static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx)
 {
-    mbedtls_mpi_init( &ctx->u1 );
-    mbedtls_mpi_init( &ctx->u2 );
+    mbedtls_mpi_init(&ctx->u1);
+    mbedtls_mpi_init(&ctx->u2);
     ctx->state = ecdsa_ver_init;
 }
 
 /*
  * Free the components of a verify restart sub-context
  */
-static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
+static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_mpi_free( &ctx->u1 );
-    mbedtls_mpi_free( &ctx->u2 );
+    mbedtls_mpi_free(&ctx->u1);
+    mbedtls_mpi_free(&ctx->u2);
 
-    ecdsa_restart_ver_init( ctx );
+    ecdsa_restart_ver_init(ctx);
 }
 
 /*
  * Sub-context for ecdsa_sign()
  */
-struct mbedtls_ecdsa_restart_sig
-{
+struct mbedtls_ecdsa_restart_sig {
     int sign_tries;
     int key_tries;
     mbedtls_mpi k;          /* per-signature random */
@@ -98,33 +97,33 @@
 /*
  * Init verify sign sub-context
  */
-static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
+static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx)
 {
     ctx->sign_tries = 0;
     ctx->key_tries = 0;
-    mbedtls_mpi_init( &ctx->k );
-    mbedtls_mpi_init( &ctx->r );
+    mbedtls_mpi_init(&ctx->k);
+    mbedtls_mpi_init(&ctx->r);
     ctx->state = ecdsa_sig_init;
 }
 
 /*
  * Free the components of a sign restart sub-context
  */
-static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
+static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_mpi_free( &ctx->k );
-    mbedtls_mpi_free( &ctx->r );
+    mbedtls_mpi_free(&ctx->k);
+    mbedtls_mpi_free(&ctx->r);
 }
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /*
  * Sub-context for ecdsa_sign_det()
  */
-struct mbedtls_ecdsa_restart_det
-{
+struct mbedtls_ecdsa_restart_det {
     mbedtls_hmac_drbg_context rng_ctx;  /* DRBG state   */
     enum {                      /* what to do next?     */
         ecdsa_det_init = 0,     /* getting started      */
@@ -135,73 +134,74 @@
 /*
  * Init verify sign_det sub-context
  */
-static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
+static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx)
 {
-    mbedtls_hmac_drbg_init( &ctx->rng_ctx );
+    mbedtls_hmac_drbg_init(&ctx->rng_ctx);
     ctx->state = ecdsa_det_init;
 }
 
 /*
  * Free the components of a sign_det restart sub-context
  */
-static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
+static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_hmac_drbg_free( &ctx->rng_ctx );
+    mbedtls_hmac_drbg_free(&ctx->rng_ctx);
 
-    ecdsa_restart_det_init( ctx );
+    ecdsa_restart_det_init(ctx);
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
-#define ECDSA_RS_ECP    ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
+#define ECDSA_RS_ECP    (rs_ctx == NULL ? NULL : &rs_ctx->ecp)
 
 /* Utility macro for checking and updating ops budget */
-#define ECDSA_BUDGET( ops )   \
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
+#define ECDSA_BUDGET(ops)   \
+    MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, ECDSA_RS_ECP, ops));
 
 /* Call this when entering a function that needs its own sub-context */
-#define ECDSA_RS_ENTER( SUB )   do {                                 \
-    /* reset ops count for this call if top-level */                 \
-    if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 )                 \
+#define ECDSA_RS_ENTER(SUB)   do {                                 \
+        /* reset ops count for this call if top-level */                 \
+        if (rs_ctx != NULL && rs_ctx->ecp.depth++ == 0)                 \
         rs_ctx->ecp.ops_done = 0;                                    \
                                                                      \
-    /* set up our own sub-context if needed */                       \
-    if( mbedtls_ecp_restart_is_enabled() &&                          \
-        rs_ctx != NULL && rs_ctx->SUB == NULL )                      \
-    {                                                                \
-        rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) );   \
-        if( rs_ctx->SUB == NULL )                                    \
-            return( MBEDTLS_ERR_ECP_ALLOC_FAILED );                  \
-                                                                     \
-        ecdsa_restart_## SUB ##_init( rs_ctx->SUB );                 \
-    }                                                                \
-} while( 0 )
+        /* set up our own sub-context if needed */                       \
+        if (mbedtls_ecp_restart_is_enabled() &&                          \
+            rs_ctx != NULL && rs_ctx->SUB == NULL)                      \
+        {                                                                \
+            rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB));   \
+            if (rs_ctx->SUB == NULL)                                    \
+            return MBEDTLS_ERR_ECP_ALLOC_FAILED;                  \
+                                                                   \
+            ecdsa_restart_## SUB ##_init(rs_ctx->SUB);                 \
+        }                                                                \
+} while (0)
 
 /* Call this when leaving a function that needs its own sub-context */
-#define ECDSA_RS_LEAVE( SUB )   do {                                 \
-    /* clear our sub-context when not in progress (done or error) */ \
-    if( rs_ctx != NULL && rs_ctx->SUB != NULL &&                     \
-        ret != MBEDTLS_ERR_ECP_IN_PROGRESS )                         \
-    {                                                                \
-        ecdsa_restart_## SUB ##_free( rs_ctx->SUB );                 \
-        mbedtls_free( rs_ctx->SUB );                                 \
-        rs_ctx->SUB = NULL;                                          \
-    }                                                                \
+#define ECDSA_RS_LEAVE(SUB)   do {                                 \
+        /* clear our sub-context when not in progress (done or error) */ \
+        if (rs_ctx != NULL && rs_ctx->SUB != NULL &&                     \
+            ret != MBEDTLS_ERR_ECP_IN_PROGRESS)                         \
+        {                                                                \
+            ecdsa_restart_## SUB ##_free(rs_ctx->SUB);                 \
+            mbedtls_free(rs_ctx->SUB);                                 \
+            rs_ctx->SUB = NULL;                                          \
+        }                                                                \
                                                                      \
-    if( rs_ctx != NULL )                                             \
+        if (rs_ctx != NULL)                                             \
         rs_ctx->ecp.depth--;                                         \
-} while( 0 )
+} while (0)
 
 #else /* MBEDTLS_ECP_RESTARTABLE */
 
 #define ECDSA_RS_ECP    NULL
 
-#define ECDSA_BUDGET( ops )   /* no-op; for compatibility */
+#define ECDSA_BUDGET(ops)     /* no-op; for compatibility */
 
-#define ECDSA_RS_ENTER( SUB )   (void) rs_ctx
-#define ECDSA_RS_LEAVE( SUB )   (void) rs_ctx
+#define ECDSA_RS_ENTER(SUB)   (void) rs_ctx
+#define ECDSA_RS_LEAVE(SUB)   (void) rs_ctx
 
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
@@ -212,23 +212,25 @@
  * Derive a suitable integer for group grp from a buffer of length len
  * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
  */
-static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
-                       const unsigned char *buf, size_t blen )
+static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,
+                      const unsigned char *buf, size_t blen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n_size = ( grp->nbits + 7 ) / 8;
+    size_t n_size = (grp->nbits + 7) / 8;
     size_t use_size = blen > n_size ? n_size : blen;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) );
-    if( use_size * 8 > grp->nbits )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size));
+    if (use_size * 8 > grp->nbits) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));
+    }
 
     /* While at it, reduce modulo N */
-    if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) );
+    if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
 
@@ -237,13 +239,13 @@
  * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
  * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
  */
-static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
-                mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                int (*f_rng_blind)(void *, unsigned char *, size_t),
-                void *p_rng_blind,
-                mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_sign_restartable(mbedtls_ecp_group *grp,
+                                  mbedtls_mpi *r, mbedtls_mpi *s,
+                                  const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                                  int (*f_rng_blind)(void *, unsigned char *, size_t),
+                                  void *p_rng_blind,
+                                  mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
     int ret, key_tries, sign_tries;
     int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries;
@@ -252,21 +254,22 @@
     mbedtls_mpi *pk = &k, *pr = r;
 
     /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* Make sure d is in range 1..n-1 */
-    if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+    if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
+    mbedtls_ecp_point_init(&R);
+    mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t);
 
-    ECDSA_RS_ENTER( sig );
+    ECDSA_RS_ENTER(sig);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->sig != NULL) {
         /* redirect to our context */
         p_sign_tries = &rs_ctx->sig->sign_tries;
         p_key_tries = &rs_ctx->sig->key_tries;
@@ -274,18 +277,18 @@
         pr = &rs_ctx->sig->r;
 
         /* jump to current step */
-        if( rs_ctx->sig->state == ecdsa_sig_mul )
+        if (rs_ctx->sig->state == ecdsa_sig_mul) {
             goto mul;
-        if( rs_ctx->sig->state == ecdsa_sig_modn )
+        }
+        if (rs_ctx->sig->state == ecdsa_sig_modn) {
             goto modn;
+        }
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     *p_sign_tries = 0;
-    do
-    {
-        if( (*p_sign_tries)++ > 10 )
-        {
+    do {
+        if ((*p_sign_tries)++ > 10) {
             ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
             goto cleanup;
         }
@@ -295,33 +298,32 @@
          * and set r = xR mod n
          */
         *p_key_tries = 0;
-        do
-        {
-            if( (*p_key_tries)++ > 10 )
-            {
+        do {
+            if ((*p_key_tries)++ > 10) {
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
 
-            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
+            MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( rs_ctx != NULL && rs_ctx->sig != NULL )
+            if (rs_ctx != NULL && rs_ctx->sig != NULL) {
                 rs_ctx->sig->state = ecdsa_sig_mul;
+            }
 
 mul:
 #endif
-            MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
-                                                          f_rng_blind,
-                                                          p_rng_blind,
-                                                          ECDSA_RS_ECP ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
-        }
-        while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
+            MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G,
+                                                        f_rng_blind,
+                                                        p_rng_blind,
+                                                        ECDSA_RS_ECP));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
+        } while (mbedtls_mpi_cmp_int(pr, 0) == 0);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && rs_ctx->sig != NULL )
+        if (rs_ctx != NULL && rs_ctx->sig != NULL) {
             rs_ctx->sig->state = ecdsa_sig_modn;
+        }
 
 modn:
 #endif
@@ -329,72 +331,71 @@
          * Accounting for everything up to the end of the loop
          * (step 6, but checking now avoids saving e and t)
          */
-        ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 );
+        ECDSA_BUDGET(MBEDTLS_ECP_OPS_INV + 4);
 
         /*
          * Step 5: derive MPI from hashed message
          */
-        MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+        MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));
 
         /*
          * Generate a random value to blind inv_mod in next step,
          * avoiding a potential timing leak.
          */
-        MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng_blind,
-                                                  p_rng_blind ) );
+        MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind,
+                                                p_rng_blind));
 
         /*
          * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
          */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
-    }
-    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, pr, d));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&e, &e, s));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&e, &e, &t));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pk, pk, &t));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
+    } while (mbedtls_mpi_cmp_int(s, 0) == 0);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
-        mbedtls_mpi_copy( r, pr );
+    if (rs_ctx != NULL && rs_ctx->sig != NULL) {
+        mbedtls_mpi_copy(r, pr);
+    }
 #endif
 
 cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
+    mbedtls_ecp_point_free(&R);
+    mbedtls_mpi_free(&k); mbedtls_mpi_free(&e); mbedtls_mpi_free(&t);
 
-    ECDSA_RS_LEAVE( sig );
+    ECDSA_RS_LEAVE(sig);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
 {
-    switch( gid )
-    {
+    switch (gid) {
 #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
         case MBEDTLS_ECP_DP_CURVE25519: return 0;
 #endif
 #ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
         case MBEDTLS_ECP_DP_CURVE448: return 0;
 #endif
-    default: return 1;
+        default: return 1;
     }
 }
 
 /*
  * Compute ECDSA signature of a hashed message
  */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                       const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                       int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     /* Use the same RNG for both blinding and ephemeral key generation */
-    return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
-                                    f_rng, p_rng, f_rng, p_rng, NULL ) );
+    return ecdsa_sign_restartable(grp, r, s, d, buf, blen,
+                                  f_rng, p_rng, f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDSA_SIGN_ALT */
 
@@ -405,87 +406,89 @@
  * note:    The f_rng_blind parameter must not be NULL.
  *
  */
-static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
-                    mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg,
-                    int (*f_rng_blind)(void *, unsigned char *, size_t),
-                    void *p_rng_blind,
-                    mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
+                                      mbedtls_mpi *r, mbedtls_mpi *s,
+                                      const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                                      mbedtls_md_type_t md_alg,
+                                      int (*f_rng_blind)(void *, unsigned char *, size_t),
+                                      void *p_rng_blind,
+                                      mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_hmac_drbg_context rng_ctx;
     mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
     unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
-    size_t grp_len = ( grp->nbits + 7 ) / 8;
+    size_t grp_len = (grp->nbits + 7) / 8;
     const mbedtls_md_info_t *md_info;
     mbedtls_mpi h;
 
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_init( &h );
-    mbedtls_hmac_drbg_init( &rng_ctx );
+    mbedtls_mpi_init(&h);
+    mbedtls_hmac_drbg_init(&rng_ctx);
 
-    ECDSA_RS_ENTER( det );
+    ECDSA_RS_ENTER(det);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->det != NULL) {
         /* redirect to our context */
         p_rng = &rs_ctx->det->rng_ctx;
 
         /* jump to current step */
-        if( rs_ctx->det->state == ecdsa_det_sign )
+        if (rs_ctx->det->state == ecdsa_det_sign) {
             goto sign;
+        }
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
-    mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len));
+    MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len));
+    mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
+    if (rs_ctx != NULL && rs_ctx->det != NULL) {
         rs_ctx->det->state = ecdsa_det_sign;
+    }
 
 sign:
 #endif
 #if defined(MBEDTLS_ECDSA_SIGN_ALT)
     (void) f_rng_blind;
     (void) p_rng_blind;
-    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
-                              mbedtls_hmac_drbg_random, p_rng );
+    ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,
+                             mbedtls_hmac_drbg_random, p_rng);
 #else
-    ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
-                                  mbedtls_hmac_drbg_random, p_rng,
-                                  f_rng_blind, p_rng_blind, rs_ctx );
+    ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen,
+                                 mbedtls_hmac_drbg_random, p_rng,
+                                 f_rng_blind, p_rng_blind, rs_ctx);
 #endif /* MBEDTLS_ECDSA_SIGN_ALT */
 
 cleanup:
-    mbedtls_hmac_drbg_free( &rng_ctx );
-    mbedtls_mpi_free( &h );
+    mbedtls_hmac_drbg_free(&rng_ctx);
+    mbedtls_mpi_free(&h);
 
-    ECDSA_RS_LEAVE( det );
+    ECDSA_RS_LEAVE(det);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Deterministic signature wrapper
  */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                                mbedtls_mpi *s, const mbedtls_mpi *d,
-                                const unsigned char *buf, size_t blen,
-                                mbedtls_md_type_t md_alg,
-                                int (*f_rng_blind)(void *, unsigned char *,
-                                                   size_t),
-                                void *p_rng_blind )
+int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
+                               mbedtls_mpi *s, const mbedtls_mpi *d,
+                               const unsigned char *buf, size_t blen,
+                               mbedtls_md_type_t md_alg,
+                               int (*f_rng_blind)(void *, unsigned char *,
+                                                  size_t),
+                               void *p_rng_blind)
 {
-    return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
-                                        f_rng_blind, p_rng_blind, NULL ) );
+    return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
+                                      f_rng_blind, p_rng_blind, NULL);
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
@@ -494,46 +497,46 @@
  * Verify ECDSA signature of hashed message (SEC1 4.1.4)
  * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
  */
-static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
-                                     const unsigned char *buf, size_t blen,
-                                     const mbedtls_ecp_point *Q,
-                                     const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                     mbedtls_ecdsa_restart_ctx *rs_ctx )
+static int ecdsa_verify_restartable(mbedtls_ecp_group *grp,
+                                    const unsigned char *buf, size_t blen,
+                                    const mbedtls_ecp_point *Q,
+                                    const mbedtls_mpi *r, const mbedtls_mpi *s,
+                                    mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi e, s_inv, u1, u2;
     mbedtls_ecp_point R;
     mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
 
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
-    mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
+    mbedtls_ecp_point_init(&R);
+    mbedtls_mpi_init(&e); mbedtls_mpi_init(&s_inv);
+    mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
 
     /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    ECDSA_RS_ENTER( ver );
+    ECDSA_RS_ENTER(ver);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->ver != NULL) {
         /* redirect to our context */
         pu1 = &rs_ctx->ver->u1;
         pu2 = &rs_ctx->ver->u2;
 
         /* jump to current step */
-        if( rs_ctx->ver->state == ecdsa_ver_muladd )
+        if (rs_ctx->ver->state == ecdsa_ver_muladd) {
             goto muladd;
+        }
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     /*
      * Step 1: make sure r and s are in range 1..n-1
      */
-    if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 ||
-        mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
-    {
+    if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
+        mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -541,35 +544,35 @@
     /*
      * Step 3: derive MPI from hashed message
      */
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+    MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));
 
     /*
      * Step 4: u1 = e / s mod n, u2 = r / s mod n
      */
-    ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 );
+    ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
+    if (rs_ctx != NULL && rs_ctx->ver != NULL) {
         rs_ctx->ver->state = ecdsa_ver_muladd;
+    }
 
 muladd:
 #endif
     /*
      * Step 5: R = u1 G + u2 Q
      */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp,
-                     &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
+                                                   &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
 
-    if( mbedtls_ecp_is_zero( &R ) )
-    {
+    if (mbedtls_ecp_is_zero(&R)) {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -578,262 +581,265 @@
      * Step 6: convert xR to an integer (no-op)
      * Step 7: reduce xR mod n (gives v)
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N));
 
     /*
      * Step 8: check if v (that is, R.X) is equal to r
      */
-    if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
-    {
+    if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
 
 cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
-    mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+    mbedtls_ecp_point_free(&R);
+    mbedtls_mpi_free(&e); mbedtls_mpi_free(&s_inv);
+    mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2);
 
-    ECDSA_RS_LEAVE( ver );
+    ECDSA_RS_LEAVE(ver);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Verify ECDSA signature of hashed message
  */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                          const unsigned char *buf, size_t blen,
-                          const mbedtls_ecp_point *Q,
-                          const mbedtls_mpi *r,
-                          const mbedtls_mpi *s)
+int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
+                         const unsigned char *buf, size_t blen,
+                         const mbedtls_ecp_point *Q,
+                         const mbedtls_mpi *r,
+                         const mbedtls_mpi *s)
 {
-    return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
+    return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
 }
 #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
 
 /*
  * Convert a signature (given by context) to ASN.1
  */
-static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                    unsigned char *sig, size_t sig_size,
-                                    size_t *slen )
+static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,
+                                   unsigned char *sig, size_t sig_size,
+                                   size_t *slen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
-    unsigned char *p = buf + sizeof( buf );
+    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = { 0 };
+    unsigned char *p = buf + sizeof(buf);
     size_t len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    if( len > sig_size )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (len > sig_size) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    memcpy( sig, p, len );
+    memcpy(sig, p, len);
     *slen = len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Compute and write signature
  */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t sig_size, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           mbedtls_ecdsa_restart_ctx *rs_ctx )
+int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                              mbedtls_md_type_t md_alg,
+                                              const unsigned char *hash, size_t hlen,
+                                              unsigned char *sig, size_t sig_size, size_t *slen,
+                                              int (*f_rng)(void *, unsigned char *, size_t),
+                                              void *p_rng,
+                                              mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi r, s;
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d,
-                                                 hash, hlen, md_alg, f_rng,
-                                                 p_rng, rs_ctx ) );
+    MBEDTLS_MPI_CHK(ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d,
+                                               hash, hlen, md_alg, f_rng,
+                                               p_rng, rs_ctx));
 #else
     (void) md_alg;
 
 #if defined(MBEDTLS_ECDSA_SIGN_ALT)
     (void) rs_ctx;
 
-    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
-                         hash, hlen, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d,
+                                       hash, hlen, f_rng, p_rng));
 #else
     /* Use the same RNG for both blinding and ephemeral key generation */
-    MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d,
-                                             hash, hlen, f_rng, p_rng, f_rng,
-                                             p_rng, rs_ctx ) );
+    MBEDTLS_MPI_CHK(ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d,
+                                           hash, hlen, f_rng, p_rng, f_rng,
+                                           p_rng, rs_ctx));
 #endif /* MBEDTLS_ECDSA_SIGN_ALT */
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
-    MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, sig_size, slen ) );
+    MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, sig_size, slen));
 
 cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Compute and write signature
  */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
-                                 mbedtls_md_type_t md_alg,
-                                 const unsigned char *hash, size_t hlen,
-                                 unsigned char *sig, size_t sig_size, size_t *slen,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
+int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  const unsigned char *hash, size_t hlen,
+                                  unsigned char *sig, size_t sig_size, size_t *slen,
+                                  int (*f_rng)(void *, unsigned char *, size_t),
+                                  void *p_rng)
 {
-    return( mbedtls_ecdsa_write_signature_restartable(
-                ctx, md_alg, hash, hlen, sig, sig_size, slen,
-                f_rng, p_rng, NULL ) );
+    return mbedtls_ecdsa_write_signature_restartable(
+        ctx, md_alg, hash, hlen, sig, sig_size, slen,
+        f_rng, p_rng, NULL);
 }
 
 /*
  * Read and check signature
  */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen )
+int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+                                 const unsigned char *hash, size_t hlen,
+                                 const unsigned char *sig, size_t slen)
 {
-    return( mbedtls_ecdsa_read_signature_restartable(
-                ctx, hash, hlen, sig, slen, NULL ) );
+    return mbedtls_ecdsa_read_signature_restartable(
+        ctx, hash, hlen, sig, slen, NULL);
 }
 
 /*
  * Restartable read and check signature
  */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen,
-                          mbedtls_ecdsa_restart_ctx *rs_ctx )
+int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                             const unsigned char *hash, size_t hlen,
+                                             const unsigned char *sig, size_t slen,
+                                             mbedtls_ecdsa_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = (unsigned char *) sig;
     const unsigned char *end = sig + slen;
     size_t len;
     mbedtls_mpi r, s;
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
         ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    if( p + len != end )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (p + len != end) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
         goto cleanup;
     }
 
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
-    {
+    if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
+        (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
         ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 #if defined(MBEDTLS_ECDSA_VERIFY_ALT)
     (void) rs_ctx;
 
-    if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
-                                      &ctx->Q, &r, &s ) ) != 0 )
+    if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
+                                    &ctx->Q, &r, &s)) != 0) {
         goto cleanup;
+    }
 #else
-    if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen,
-                              &ctx->Q, &r, &s, rs_ctx ) ) != 0 )
+    if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen,
+                                        &ctx->Q, &r, &s, rs_ctx)) != 0) {
         goto cleanup;
+    }
 #endif /* MBEDTLS_ECDSA_VERIFY_ALT */
 
     /* At this point we know that the buffer starts with a valid signature.
      * Return 0 if the buffer just contains the signature, and a specific
      * error code if the valid signature is followed by more data. */
-    if( p != end )
+    if (p != end) {
         ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
+    }
 
 cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
 
-    return( ret );
+    return ret;
 }
 
 #if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
 /*
  * Generate key pair
  */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = 0;
-    ret = mbedtls_ecp_group_load( &ctx->grp, gid );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ecp_group_load(&ctx->grp, gid);
+    if (ret != 0) {
+        return ret;
+    }
 
-   return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
-                                    &ctx->Q, f_rng, p_rng ) );
+    return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,
+                                   &ctx->Q, f_rng, p_rng);
 }
 #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
 
 /*
  * Set context from an mbedtls_ecp_keypair
  */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
+int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
-        ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
-    {
-        mbedtls_ecdsa_free( ctx );
+    if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
+        (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
+        (ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
+        mbedtls_ecdsa_free(ctx);
     }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Initialize context
  */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
+void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx)
 {
-    mbedtls_ecp_keypair_init( ctx );
+    mbedtls_ecp_keypair_init(ctx);
 }
 
 /*
  * Free context
  */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
+void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_ecp_keypair_free( ctx );
+    mbedtls_ecp_keypair_free(ctx);
 }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /*
  * Initialize a restart context
  */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
+void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx)
 {
-    mbedtls_ecp_restart_init( &ctx->ecp );
+    mbedtls_ecp_restart_init(&ctx->ecp);
 
     ctx->ver = NULL;
     ctx->sig = NULL;
@@ -845,24 +851,25 @@
 /*
  * Free the components of a restart context
  */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
+void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_ecp_restart_free( &ctx->ecp );
+    mbedtls_ecp_restart_free(&ctx->ecp);
 
-    ecdsa_restart_ver_free( ctx->ver );
-    mbedtls_free( ctx->ver );
+    ecdsa_restart_ver_free(ctx->ver);
+    mbedtls_free(ctx->ver);
     ctx->ver = NULL;
 
-    ecdsa_restart_sig_free( ctx->sig );
-    mbedtls_free( ctx->sig );
+    ecdsa_restart_sig_free(ctx->sig);
+    mbedtls_free(ctx->sig);
     ctx->sig = NULL;
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    ecdsa_restart_det_free( ctx->det );
-    mbedtls_free( ctx->det );
+    ecdsa_restart_det_free(ctx->det);
+    mbedtls_free(ctx->det);
     ctx->det = NULL;
 #endif
 }
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 289255a..1a683d5 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -51,244 +51,251 @@
     "server"
 };
 
-#define ID_MINE     ( ecjpake_id[ ctx->role ] )
-#define ID_PEER     ( ecjpake_id[ 1 - ctx->role ] )
+#define ID_MINE     (ecjpake_id[ctx->role])
+#define ID_PEER     (ecjpake_id[1 - ctx->role])
 
 /**
-  * Helper to Compute a hash from md_type
-  */
-static int mbedtls_ecjpake_compute_hash( mbedtls_md_type_t md_type,
-                                    const unsigned char *input, size_t ilen,
-                                    unsigned char *output )
+ * Helper to Compute a hash from md_type
+ */
+static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type,
+                                        const unsigned char *input, size_t ilen,
+                                        unsigned char *output)
 {
 #if defined(MBEDTLS_MD_C)
-    return( mbedtls_md( mbedtls_md_info_from_type( md_type ),
-                        input, ilen, output ) );
+    return mbedtls_md(mbedtls_md_info_from_type(md_type),
+                      input, ilen, output);
 #else
-    psa_algorithm_t alg = mbedtls_psa_translate_md( md_type );
+    psa_algorithm_t alg = mbedtls_psa_translate_md(md_type);
     psa_status_t status;
-    size_t out_size = PSA_HASH_LENGTH( alg );
+    size_t out_size = PSA_HASH_LENGTH(alg);
     size_t out_len;
 
-    status = psa_hash_compute( alg, input, ilen, output, out_size, &out_len );
+    status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
 /*
  * Initialize context
  */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
+void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
 {
     ctx->md_type = MBEDTLS_MD_NONE;
-    mbedtls_ecp_group_init( &ctx->grp );
+    mbedtls_ecp_group_init(&ctx->grp);
     ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
 
-    mbedtls_ecp_point_init( &ctx->Xm1 );
-    mbedtls_ecp_point_init( &ctx->Xm2 );
-    mbedtls_ecp_point_init( &ctx->Xp1 );
-    mbedtls_ecp_point_init( &ctx->Xp2 );
-    mbedtls_ecp_point_init( &ctx->Xp  );
+    mbedtls_ecp_point_init(&ctx->Xm1);
+    mbedtls_ecp_point_init(&ctx->Xm2);
+    mbedtls_ecp_point_init(&ctx->Xp1);
+    mbedtls_ecp_point_init(&ctx->Xp2);
+    mbedtls_ecp_point_init(&ctx->Xp);
 
-    mbedtls_mpi_init( &ctx->xm1 );
-    mbedtls_mpi_init( &ctx->xm2 );
-    mbedtls_mpi_init( &ctx->s   );
+    mbedtls_mpi_init(&ctx->xm1);
+    mbedtls_mpi_init(&ctx->xm2);
+    mbedtls_mpi_init(&ctx->s);
 }
 
 /*
  * Free context
  */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
+void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     ctx->md_type = MBEDTLS_MD_NONE;
-    mbedtls_ecp_group_free( &ctx->grp );
+    mbedtls_ecp_group_free(&ctx->grp);
 
-    mbedtls_ecp_point_free( &ctx->Xm1 );
-    mbedtls_ecp_point_free( &ctx->Xm2 );
-    mbedtls_ecp_point_free( &ctx->Xp1 );
-    mbedtls_ecp_point_free( &ctx->Xp2 );
-    mbedtls_ecp_point_free( &ctx->Xp  );
+    mbedtls_ecp_point_free(&ctx->Xm1);
+    mbedtls_ecp_point_free(&ctx->Xm2);
+    mbedtls_ecp_point_free(&ctx->Xp1);
+    mbedtls_ecp_point_free(&ctx->Xp2);
+    mbedtls_ecp_point_free(&ctx->Xp);
 
-    mbedtls_mpi_free( &ctx->xm1 );
-    mbedtls_mpi_free( &ctx->xm2 );
-    mbedtls_mpi_free( &ctx->s   );
+    mbedtls_mpi_free(&ctx->xm1);
+    mbedtls_mpi_free(&ctx->xm2);
+    mbedtls_mpi_free(&ctx->s);
 }
 
 /*
  * Setup context
  */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len )
+int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
+                          mbedtls_ecjpake_role role,
+                          mbedtls_md_type_t hash,
+                          mbedtls_ecp_group_id curve,
+                          const unsigned char *secret,
+                          size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     ctx->role = role;
 
 #if defined(MBEDTLS_MD_C)
-    if( ( mbedtls_md_info_from_type( hash ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+    if ((mbedtls_md_info_from_type(hash)) == NULL) {
+        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
+    }
 #else
-    if( mbedtls_psa_translate_md( hash ) == MBEDTLS_MD_NONE )
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+    if (mbedtls_psa_translate_md(hash) == MBEDTLS_MD_NONE) {
+        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
+    }
 #endif
 
     ctx->md_type = hash;
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
 
 cleanup:
-    if( ret != 0 )
-        mbedtls_ecjpake_free( ctx );
+    if (ret != 0) {
+        mbedtls_ecjpake_free(ctx);
+    }
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
-                                      int point_format )
+int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
+                                     int point_format)
 {
-    switch( point_format )
-    {
+    switch (point_format) {
         case MBEDTLS_ECP_PF_UNCOMPRESSED:
         case MBEDTLS_ECP_PF_COMPRESSED:
             ctx->point_format = point_format;
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 }
 
 /*
  * Check if context is ready for use
  */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
+int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
 {
-    if( ctx->md_type == MBEDTLS_MD_NONE ||
+    if (ctx->md_type == MBEDTLS_MD_NONE ||
         ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
-        ctx->s.p == NULL )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        ctx->s.p == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Write a point plus its length to a buffer
  */
-static int ecjpake_write_len_point( unsigned char **p,
-                                    const unsigned char *end,
-                                    const mbedtls_ecp_group *grp,
-                                    const int pf,
-                                    const mbedtls_ecp_point *P )
+static int ecjpake_write_len_point(unsigned char **p,
+                                   const unsigned char *end,
+                                   const mbedtls_ecp_group *grp,
+                                   const int pf,
+                                   const mbedtls_ecp_point *P)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
     /* Need at least 4 for length plus 1 for point */
-    if( end < *p || end - *p < 5 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (end < *p || end - *p < 5) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    ret = mbedtls_ecp_point_write_binary( grp, P, pf,
-                                          &len, *p + 4, end - ( *p + 4 ) );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ecp_point_write_binary(grp, P, pf,
+                                         &len, *p + 4, end - (*p + 4));
+    if (ret != 0) {
+        return ret;
+    }
 
-    MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
+    MBEDTLS_PUT_UINT32_BE(len, *p, 0);
 
     *p += 4 + len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Size of the temporary buffer for ecjpake_hash:
  * 3 EC points plus their length, plus ID and its length (4 + 6 bytes)
  */
-#define ECJPAKE_HASH_BUF_LEN    ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 )
+#define ECJPAKE_HASH_BUF_LEN    (3 * (4 + MBEDTLS_ECP_MAX_PT_LEN) + 4 + 6)
 
 /*
  * Compute hash for ZKP (7.4.2.2.2.1)
  */
-static int ecjpake_hash( const mbedtls_md_type_t md_type,
-                         const mbedtls_ecp_group *grp,
-                         const int pf,
-                         const mbedtls_ecp_point *G,
-                         const mbedtls_ecp_point *V,
-                         const mbedtls_ecp_point *X,
-                         const char *id,
-                         mbedtls_mpi *h )
+static int ecjpake_hash(const mbedtls_md_type_t md_type,
+                        const mbedtls_ecp_group *grp,
+                        const int pf,
+                        const mbedtls_ecp_point *G,
+                        const mbedtls_ecp_point *V,
+                        const mbedtls_ecp_point *X,
+                        const char *id,
+                        mbedtls_mpi *h)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char buf[ECJPAKE_HASH_BUF_LEN];
     unsigned char *p = buf;
-    const unsigned char *end = buf + sizeof( buf );
-    const size_t id_len = strlen( id );
+    const unsigned char *end = buf + sizeof(buf);
+    const size_t id_len = strlen(id);
     unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
 
     /* Write things to temporary buffer */
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) );
+    MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
+    MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V));
+    MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X));
 
-    if( end - p < 4 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (end - p < 4) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
+    MBEDTLS_PUT_UINT32_BE(id_len, p, 0);
     p += 4;
 
-    if( end < p || (size_t)( end - p ) < id_len )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (end < p || (size_t) (end - p) < id_len) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    memcpy( p, id, id_len );
+    memcpy(p, id, id_len);
     p += id_len;
 
     /* Compute hash */
-    MBEDTLS_MPI_CHK( mbedtls_ecjpake_compute_hash( md_type,
-                                                   buf, p - buf, hash ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(md_type,
+                                                 buf, p - buf, hash));
 
     /* Turn it into an integer mod n */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
-                                    mbedtls_hash_info_get_size( md_type ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash,
+                                            mbedtls_hash_info_get_size(md_type)));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
  */
-static int ecjpake_zkp_read( const mbedtls_md_type_t md_type,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             const mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
+static int ecjpake_zkp_read(const mbedtls_md_type_t md_type,
+                            const mbedtls_ecp_group *grp,
+                            const int pf,
+                            const mbedtls_ecp_point *G,
+                            const mbedtls_ecp_point *X,
+                            const char *id,
+                            const unsigned char **p,
+                            const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point V, VV;
     mbedtls_mpi r, h;
     size_t r_len;
 
-    mbedtls_ecp_point_init( &V );
-    mbedtls_ecp_point_init( &VV );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &h );
+    mbedtls_ecp_point_init(&V);
+    mbedtls_ecp_point_init(&VV);
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&h);
 
     /*
      * struct {
@@ -296,64 +303,62 @@
      *     opaque r<1..2^8-1>;
      * } ECSchnorrZKP;
      */
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (end < *p) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
 
-    if( end < *p || (size_t)( end - *p ) < 1 )
-    {
+    if (end < *p || (size_t) (end - *p) < 1) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
     r_len = *(*p)++;
 
-    if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
-    {
+    if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, *p, r_len));
     *p += r_len;
 
     /*
      * Verification
      */
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_type, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
-                     &VV, &h, X, &r, G ) );
+    MBEDTLS_MPI_CHK(ecjpake_hash(md_type, grp, pf, G, &V, X, id, &h));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
+                                       &VV, &h, X, &r, G));
 
-    if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
-    {
+    if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
 
 cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_ecp_point_free( &VV );
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &h );
+    mbedtls_ecp_point_free(&V);
+    mbedtls_ecp_point_free(&VV);
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&h);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
  */
-static int ecjpake_zkp_write( const mbedtls_md_type_t md_type,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              const mbedtls_mpi *x,
-                              const mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+static int ecjpake_zkp_write(const mbedtls_md_type_t md_type,
+                             const mbedtls_ecp_group *grp,
+                             const int pf,
+                             const mbedtls_ecp_point *G,
+                             const mbedtls_mpi *x,
+                             const mbedtls_ecp_point *X,
+                             const char *id,
+                             unsigned char **p,
+                             const unsigned char *end,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point V;
@@ -361,62 +366,63 @@
     mbedtls_mpi h; /* later recycled to hold r */
     size_t len;
 
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (end < *p) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    mbedtls_ecp_point_init( &V );
-    mbedtls_mpi_init( &v );
-    mbedtls_mpi_init( &h );
+    mbedtls_ecp_point_init(&V);
+    mbedtls_mpi_init(&v);
+    mbedtls_mpi_init(&h);
 
     /* Compute signature */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,
-                                                   G, &v, &V, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_type, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */
+    MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp,
+                                                 G, &v, &V, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(ecjpake_hash(md_type, grp, pf, G, &V, X, id, &h));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&h, &h, x));     /* x*h */
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&h, &v, &h));     /* v - x*h */
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&h, &h, &grp->N));     /* r */
 
     /* Write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,
-                pf, &len, *p, end - *p ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V,
+                                                pf, &len, *p, end - *p));
     *p += len;
 
-    len = mbedtls_mpi_size( &h ); /* actually r */
-    if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
-    {
+    len = mbedtls_mpi_size(&h);   /* actually r */
+    if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) {
         ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         goto cleanup;
     }
 
-    *(*p)++ = MBEDTLS_BYTE_0( len );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
+    *(*p)++ = MBEDTLS_BYTE_0(len);
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, *p, len));     /* r */
     *p += len;
 
 cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_mpi_free( &v );
-    mbedtls_mpi_free( &h );
+    mbedtls_ecp_point_free(&V);
+    mbedtls_mpi_free(&v);
+    mbedtls_mpi_free(&h);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
  * Output: verified public key X
  */
-static int ecjpake_kkp_read( const mbedtls_md_type_t md_type,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
+static int ecjpake_kkp_read(const mbedtls_md_type_t md_type,
+                            const mbedtls_ecp_group *grp,
+                            const int pf,
+                            const mbedtls_ecp_point *G,
+                            mbedtls_ecp_point *X,
+                            const char *id,
+                            const unsigned char **p,
+                            const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (end < *p) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * struct {
@@ -424,69 +430,69 @@
      *     ECSchnorrZKP zkp;
      * } ECJPAKEKeyKP;
      */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );
-    if( mbedtls_ecp_is_zero( X ) )
-    {
+    MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
+    if (mbedtls_ecp_is_zero(X)) {
         ret = MBEDTLS_ERR_ECP_INVALID_KEY;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_type, grp, pf, G, X, id, p, end ) );
+    MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_type, grp, pf, G, X, id, p, end));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate an ECJPAKEKeyKP
  * Output: the serialized structure, plus private/public key pair
  */
-static int ecjpake_kkp_write( const mbedtls_md_type_t md_type,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_mpi *x,
-                              mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
+static int ecjpake_kkp_write(const mbedtls_md_type_t md_type,
+                             const mbedtls_ecp_group *grp,
+                             const int pf,
+                             const mbedtls_ecp_point *G,
+                             mbedtls_mpi *x,
+                             mbedtls_ecp_point *X,
+                             const char *id,
+                             unsigned char **p,
+                             const unsigned char *end,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (end < *p) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     /* Generate key (7.4.2.3.1) and write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,
-                                                   f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,
-                pf, &len, *p, end - *p ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
+                                                 f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X,
+                                                pf, &len, *p, end - *p));
     *p += len;
 
     /* Generate and write proof */
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_type, grp, pf, G, x, X, id,
-                                        p, end, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecjpake_zkp_write(md_type, grp, pf, G, x, X, id,
+                                      p, end, f_rng, p_rng));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
  * Outputs: verified peer public keys Xa, Xb
  */
-static int ecjpake_kkpp_read( const mbedtls_md_type_t md_type,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_ecp_point *Xa,
-                              mbedtls_ecp_point *Xb,
-                              const char *id,
-                              const unsigned char *buf,
-                              size_t len )
+static int ecjpake_kkpp_read(const mbedtls_md_type_t md_type,
+                             const mbedtls_ecp_group *grp,
+                             const int pf,
+                             const mbedtls_ecp_point *G,
+                             mbedtls_ecp_point *Xa,
+                             mbedtls_ecp_point *Xb,
+                             const char *id,
+                             const unsigned char *buf,
+                             size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -497,106 +503,107 @@
      *     ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];
      * } ECJPAKEKeyKPPairList;
      */
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_type, grp, pf, G, Xa, id, &p, end ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_type, grp, pf, G, Xb, id, &p, end ) );
+    MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_type, grp, pf, G, Xa, id, &p, end));
+    MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_type, grp, pf, G, Xb, id, &p, end));
 
-    if( p != end )
+    if (p != end) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate a ECJPAKEKeyKPPairList
  * Outputs: the serialized structure, plus two private/public key pairs
  */
-static int ecjpake_kkpp_write( const mbedtls_md_type_t md_type,
-                               const mbedtls_ecp_group *grp,
-                               const int pf,
-                               const mbedtls_ecp_point *G,
-                               mbedtls_mpi *xm1,
-                               mbedtls_ecp_point *Xa,
-                               mbedtls_mpi *xm2,
-                               mbedtls_ecp_point *Xb,
-                               const char *id,
-                               unsigned char *buf,
-                               size_t len,
-                               size_t *olen,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+static int ecjpake_kkpp_write(const mbedtls_md_type_t md_type,
+                              const mbedtls_ecp_group *grp,
+                              const int pf,
+                              const mbedtls_ecp_point *G,
+                              mbedtls_mpi *xm1,
+                              mbedtls_ecp_point *Xa,
+                              mbedtls_mpi *xm2,
+                              mbedtls_ecp_point *Xb,
+                              const char *id,
+                              unsigned char *buf,
+                              size_t len,
+                              size_t *olen,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
     const unsigned char *end = buf + len;
 
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_type, grp, pf, G, xm1, Xa, id,
-                &p, end, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_type, grp, pf, G, xm2, Xb, id,
-                &p, end, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_type, grp, pf, G, xm1, Xa, id,
+                                      &p, end, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_type, grp, pf, G, xm2, Xb, id,
+                                      &p, end, f_rng, p_rng));
 
     *olen = p - buf;
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Read and process the first round message
  */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len )
+int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
+                                   const unsigned char *buf,
+                                   size_t len)
 {
-    return( ecjpake_kkpp_read( ctx->md_type, &ctx->grp, ctx->point_format,
-                               &ctx->grp.G,
-                               &ctx->Xp1, &ctx->Xp2, ID_PEER,
-                               buf, len ) );
+    return ecjpake_kkpp_read(ctx->md_type, &ctx->grp, ctx->point_format,
+                             &ctx->grp.G,
+                             &ctx->Xp1, &ctx->Xp2, ID_PEER,
+                             buf, len);
 }
 
 /*
  * Generate and write the first round message
  */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
+                                    unsigned char *buf, size_t len, size_t *olen,
+                                    int (*f_rng)(void *, unsigned char *, size_t),
+                                    void *p_rng)
 {
-    return( ecjpake_kkpp_write( ctx->md_type, &ctx->grp, ctx->point_format,
-                                &ctx->grp.G,
-                                &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
-                                ID_MINE, buf, len, olen, f_rng, p_rng ) );
+    return ecjpake_kkpp_write(ctx->md_type, &ctx->grp, ctx->point_format,
+                              &ctx->grp.G,
+                              &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
+                              ID_MINE, buf, len, olen, f_rng, p_rng);
 }
 
 /*
  * Compute the sum of three points R = A + B + C
  */
-static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                             const mbedtls_ecp_point *A,
-                             const mbedtls_ecp_point *B,
-                             const mbedtls_ecp_point *C )
+static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                            const mbedtls_ecp_point *A,
+                            const mbedtls_ecp_point *B,
+                            const mbedtls_ecp_point *C)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi one;
 
-    mbedtls_mpi_init( &one );
+    mbedtls_mpi_init(&one);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, A, &one, B));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, R, &one, C));
 
 cleanup:
-    mbedtls_mpi_free( &one );
+    mbedtls_mpi_free(&one);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)
  */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                            const unsigned char *buf,
-                                            size_t len )
+int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
+                                   const unsigned char *buf,
+                                   size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -604,8 +611,8 @@
     mbedtls_ecp_group grp;
     mbedtls_ecp_point G;    /* C: GB, S: GA */
 
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &G );
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_ecp_point_init(&G);
 
     /*
      * Server: GA = X3  + X4  + X1      (7.4.2.6.1)
@@ -613,8 +620,8 @@
      * Unified: G = Xm1 + Xm2 + Xp1
      * We need that before parsing in order to check Xp as we read it
      */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );
+    MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
+                                     &ctx->Xm1, &ctx->Xm2, &ctx->Xp1));
 
     /*
      * struct {
@@ -622,71 +629,68 @@
      *     ECJPAKEKeyKP ecjpake_key_kp;
      * } Client/ServerECJPAKEParams;
      */
-    if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );
-        if( grp.id != ctx->grp.id )
-        {
+    if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
+        if (grp.id != ctx->grp.id) {
             ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
             goto cleanup;
         }
     }
 
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_type, &ctx->grp,
-                            ctx->point_format,
-                            &G, &ctx->Xp, ID_PEER, &p, end ) );
+    MBEDTLS_MPI_CHK(ecjpake_kkp_read(ctx->md_type, &ctx->grp,
+                                     ctx->point_format,
+                                     &G, &ctx->Xp, ID_PEER, &p, end));
 
-    if( p != end )
-    {
+    if (p != end) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
 cleanup:
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &G );
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_ecp_point_free(&G);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Compute R = +/- X * S mod N, taking care not to leak S
  */
-static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
-                               const mbedtls_mpi *X,
-                               const mbedtls_mpi *S,
-                               const mbedtls_mpi *N,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+static int ecjpake_mul_secret(mbedtls_mpi *R, int sign,
+                              const mbedtls_mpi *X,
+                              const mbedtls_mpi *S,
+                              const mbedtls_mpi *N,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi b; /* Blinding value, then s + N * blinding */
 
-    mbedtls_mpi_init( &b );
+    mbedtls_mpi_init(&b);
 
     /* b = s + rnd-128-bit * N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&b, 16, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&b, &b, N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&b, &b, S));
 
     /* R = sign * X * b mod N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(R, X, &b));
     R->s *= sign;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(R, R, N));
 
 cleanup:
-    mbedtls_mpi_free( &b );
+    mbedtls_mpi_free(&b);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)
  */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
+                                    unsigned char *buf, size_t len, size_t *olen,
+                                    int (*f_rng)(void *, unsigned char *, size_t),
+                                    void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point G;    /* C: GA, S: GB */
@@ -696,9 +700,9 @@
     const unsigned char *end = buf + len;
     size_t ec_len;
 
-    mbedtls_ecp_point_init( &G );
-    mbedtls_ecp_point_init( &Xm );
-    mbedtls_mpi_init( &xm );
+    mbedtls_ecp_point_init(&G);
+    mbedtls_ecp_point_init(&Xm);
+    mbedtls_mpi_init(&xm);
 
     /*
      * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)
@@ -707,11 +711,11 @@
      * Server:  GB = X3  + X1  + X2  | xs = x4  * s | Xs = xs * GB
      * Unified: G  = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G
      */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
+                                     &ctx->Xp1, &ctx->Xp2, &ctx->Xm1));
+    MBEDTLS_MPI_CHK(ecjpake_mul_secret(&xm, 1, &ctx->xm2, &ctx->s,
+                                       &ctx->grp.N, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &Xm, &xm, &G, f_rng, p_rng));
 
     /*
      * Now write things out
@@ -721,133 +725,134 @@
      *     ECJPAKEKeyKP ecjpake_key_kp;
      * } Client/ServerECJPAKEParams;
      */
-    if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
-    {
-        if( end < p )
-        {
+    if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
+        if (end < p) {
             ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
             goto cleanup;
         }
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,
-                                                      p, end - p ) );
+        MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len,
+                                                    p, end - p));
         p += ec_len;
     }
 
-    if( end < p )
-    {
+    if (end < p) {
         ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         goto cleanup;
     }
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,
-                     ctx->point_format, &ec_len, p, end - p ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm,
+                                                ctx->point_format, &ec_len, p, end - p));
     p += ec_len;
 
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_type, &ctx->grp,
-                                        ctx->point_format,
-                                        &G, &xm, &Xm, ID_MINE,
-                                        &p, end, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_type, &ctx->grp,
+                                      ctx->point_format,
+                                      &G, &xm, &Xm, ID_MINE,
+                                      &p, end, f_rng, p_rng));
 
     *olen = p - buf;
 
 cleanup:
-    mbedtls_ecp_point_free( &G );
-    mbedtls_ecp_point_free( &Xm );
-    mbedtls_mpi_free( &xm );
+    mbedtls_ecp_point_free(&G);
+    mbedtls_ecp_point_free(&Xm);
+    mbedtls_mpi_free(&xm);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Derive PMS (7.4.2.7 / 7.4.2.8)
  */
-static int mbedtls_ecjpake_derive_k( mbedtls_ecjpake_context *ctx,
-                                mbedtls_ecp_point *K,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng )
+static int mbedtls_ecjpake_derive_k(mbedtls_ecjpake_context *ctx,
+                                    mbedtls_ecp_point *K,
+                                    int (*f_rng)(void *, unsigned char *, size_t),
+                                    void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi m_xm2_s, one;
 
-    mbedtls_mpi_init( &m_xm2_s );
-    mbedtls_mpi_init( &one );
+    mbedtls_mpi_init(&m_xm2_s);
+    mbedtls_mpi_init(&one);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1));
 
     /*
      * Client:  K = ( Xs - X4  * x2  * s ) * x2
      * Server:  K = ( Xc - X2  * x4  * s ) * x4
      * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2
      */
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, K,
-                                         &one, &ctx->Xp,
-                                         &m_xm2_s, &ctx->Xp2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, K, &ctx->xm2, K,
-                                      f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecjpake_mul_secret(&m_xm2_s, -1, &ctx->xm2, &ctx->s,
+                                       &ctx->grp.N, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(&ctx->grp, K,
+                                       &one, &ctx->Xp,
+                                       &m_xm2_s, &ctx->Xp2));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, K, &ctx->xm2, K,
+                                    f_rng, p_rng));
 
 cleanup:
-    mbedtls_mpi_free( &m_xm2_s );
-    mbedtls_mpi_free( &one );
+    mbedtls_mpi_free(&m_xm2_s);
+    mbedtls_mpi_free(&one);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
+                                  unsigned char *buf, size_t len, size_t *olen,
+                                  int (*f_rng)(void *, unsigned char *, size_t),
+                                  void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point K;
     unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
     size_t x_bytes;
 
-    *olen = mbedtls_hash_info_get_size( ctx->md_type );
-    if( len < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    *olen = mbedtls_hash_info_get_size(ctx->md_type);
+    if (len < *olen) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
-    mbedtls_ecp_point_init( &K );
+    mbedtls_ecp_point_init(&K);
 
     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
-    if( ret )
+    if (ret) {
         goto cleanup;
+    }
 
     /* PMS = SHA-256( K.X ) */
-    x_bytes = ( ctx->grp.pbits + 7 ) / 8;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecjpake_compute_hash( ctx->md_type,
-                                                   kx, x_bytes, buf ) );
+    x_bytes = (ctx->grp.pbits + 7) / 8;
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K.X, kx, x_bytes));
+    MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(ctx->md_type,
+                                                 kx, x_bytes, buf));
 
 cleanup:
-    mbedtls_ecp_point_free( &K );
+    mbedtls_ecp_point_free(&K);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ecjpake_write_shared_key( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
+int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx,
+                                     unsigned char *buf, size_t len, size_t *olen,
+                                     int (*f_rng)(void *, unsigned char *, size_t),
+                                     void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point K;
 
-    mbedtls_ecp_point_init( &K );
+    mbedtls_ecp_point_init(&K);
 
     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
-    if( ret )
+    if (ret) {
         goto cleanup;
+    }
 
-    ret = mbedtls_ecp_point_write_binary( &ctx->grp, &K, ctx->point_format,
-                                          olen, buf, len );
-    if( ret != 0 )
+    ret = mbedtls_ecp_point_write_binary(&ctx->grp, &K, ctx->point_format,
+                                         olen, buf, len);
+    if (ret != 0) {
         goto cleanup;
+    }
 
 cleanup:
-    mbedtls_ecp_point_free( &K );
+    mbedtls_ecp_point_free(&K);
 
-    return( ret );
+    return ret;
 }
 
 #undef ID_MINE
@@ -861,10 +866,10 @@
 
 #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
     !defined(MBEDTLS_SHA256_C)
-int mbedtls_ecjpake_self_test( int verbose )
+int mbedtls_ecjpake_self_test(int verbose)
 {
     (void) verbose;
-    return( 0 );
+    return 0;
 }
 #else
 
@@ -1017,75 +1022,73 @@
  * except we only use the low byte as the output. See
  * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
  */
-static int self_test_rng( void *ctx, unsigned char *out, size_t len )
+static int self_test_rng(void *ctx, unsigned char *out, size_t len)
 {
     static uint32_t state = 42;
 
     (void) ctx;
 
-    for( size_t i = 0; i < len; i++ )
-    {
+    for (size_t i = 0; i < len; i++) {
         state = state * 1664525u + 1013904223u;
         out[i] = (unsigned char) state;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Load my private keys and generate the corresponding public keys */
-static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
-                              const unsigned char *xm1, size_t len1,
-                              const unsigned char *xm2, size_t len2 )
+static int ecjpake_test_load(mbedtls_ecjpake_context *ctx,
+                             const unsigned char *xm1, size_t len1,
+                             const unsigned char *xm2, size_t len2)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
-                                      &ctx->grp.G, self_test_rng, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
-                                      &ctx->grp.G, self_test_rng, NULL ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len2));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm1, &ctx->xm1,
+                                    &ctx->grp.G, self_test_rng, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm2, &ctx->xm2,
+                                    &ctx->grp.G, self_test_rng, NULL));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
 
 /* For tests we don't need a secure RNG;
  * use the LGC from Numerical Recipes for simplicity */
-static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
+static int ecjpake_lgc(void *p, unsigned char *out, size_t len)
 {
     static uint32_t x = 42;
     (void) p;
 
-    while( len > 0 )
-    {
+    while (len > 0) {
         size_t use_len = len > 4 ? 4 : len;
         x = 1664525 * x + 1013904223;
-        memcpy( out, &x, use_len );
+        memcpy(out, &x, use_len);
         out += use_len;
         len -= use_len;
     }
 
-    return( 0 );
+    return 0;
 }
 
-#define TEST_ASSERT( x )    \
+#define TEST_ASSERT(x)    \
     do {                    \
-        if( x )             \
-            ret = 0;        \
+        if (x)             \
+        ret = 0;        \
         else                \
         {                   \
             ret = 1;        \
             goto cleanup;   \
         }                   \
-    } while( 0 )
+    } while (0)
 
 /*
  * Checkup routine
  */
-int mbedtls_ecjpake_self_test( int verbose )
+int mbedtls_ecjpake_self_test(int verbose)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecjpake_context cli;
@@ -1093,59 +1096,63 @@
     unsigned char buf[512], pms[32];
     size_t len, pmslen;
 
-    mbedtls_ecjpake_init( &cli );
-    mbedtls_ecjpake_init( &srv );
+    mbedtls_ecjpake_init(&cli);
+    mbedtls_ecjpake_init(&srv);
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #0 (setup): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECJPAKE test #0 (setup): ");
+    }
 
-    TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT,
+                                      MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+                                      ecjpake_test_password,
+                                      sizeof(ecjpake_test_password)) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_setup(&srv, MBEDTLS_ECJPAKE_SERVER,
+                                      MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+                                      ecjpake_test_password,
+                                      sizeof(ecjpake_test_password)) == 0);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #1 (random handshake): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECJPAKE test #1 (random handshake): ");
+    }
 
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli,
+                                                buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, buf, len) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_round_one(&srv,
+                                                buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, buf, len) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_round_two(&srv,
+                                                buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, buf, len) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli,
+                                              pms, sizeof(pms), &pmslen, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_round_two(&cli,
+                                                buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, buf, len) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv,
+                                              buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( len == pmslen );
-    TEST_ASSERT( memcmp( buf, pms, len ) == 0 );
+    TEST_ASSERT(len == pmslen);
+    TEST_ASSERT(memcmp(buf, pms, len) == 0);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
 #if !defined(MBEDTLS_ECJPAKE_ALT)
     /* 'reference handshake' tests can only be run against implementations
@@ -1153,86 +1160,89 @@
      * are generated. This is only the case for the internal mbed TLS
      * implementation, so these tests are skipped in case the internal
      * implementation is swapped out for an alternative one. */
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECJPAKE test #2 (reference handshake): ");
+    }
 
     /* Simulate generation of round one */
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,
-                ecjpake_test_x1, sizeof( ecjpake_test_x1 ),
-                ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );
+    MBEDTLS_MPI_CHK(ecjpake_test_load(&cli,
+                                      ecjpake_test_x1, sizeof(ecjpake_test_x1),
+                                      ecjpake_test_x2, sizeof(ecjpake_test_x2)));
 
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,
-                ecjpake_test_x3, sizeof( ecjpake_test_x3 ),
-                ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );
+    MBEDTLS_MPI_CHK(ecjpake_test_load(&srv,
+                                      ecjpake_test_x3, sizeof(ecjpake_test_x3),
+                                      ecjpake_test_x4, sizeof(ecjpake_test_x4)));
 
     /* Read round one */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,
-                                    ecjpake_test_cli_one,
-                            sizeof( ecjpake_test_cli_one ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv,
+                                               ecjpake_test_cli_one,
+                                               sizeof(ecjpake_test_cli_one)) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,
-                                    ecjpake_test_srv_one,
-                            sizeof( ecjpake_test_srv_one ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli,
+                                               ecjpake_test_srv_one,
+                                               sizeof(ecjpake_test_srv_one)) == 0);
 
     /* Skip generation of round two, read round two */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,
-                                    ecjpake_test_srv_two,
-                            sizeof( ecjpake_test_srv_two ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli,
+                                               ecjpake_test_srv_two,
+                                               sizeof(ecjpake_test_srv_two)) == 0);
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,
-                                    ecjpake_test_cli_two,
-                            sizeof( ecjpake_test_cli_two ) ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv,
+                                               ecjpake_test_cli_two,
+                                               sizeof(ecjpake_test_cli_two)) == 0);
 
     /* Server derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv,
+                                              buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+    TEST_ASSERT(len == sizeof(ecjpake_test_pms));
+    TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
 
     /* Server derives K as unsigned binary data */
-    TEST_ASSERT( mbedtls_ecjpake_write_shared_key( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_shared_key(&srv,
+                                                 buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( len == sizeof( ecjpake_test_shared_key ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_shared_key, len ) == 0 );
+    TEST_ASSERT(len == sizeof(ecjpake_test_shared_key));
+    TEST_ASSERT(memcmp(buf, ecjpake_test_shared_key, len) == 0);
 
-    memset( buf, 0, len ); /* Avoid interferences with next step */
+    memset(buf, 0, len);   /* Avoid interferences with next step */
 
     /* Client derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli,
+                                              buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+    TEST_ASSERT(len == sizeof(ecjpake_test_pms));
+    TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0);
 
     /* Client derives K as unsigned binary data */
-    TEST_ASSERT( mbedtls_ecjpake_write_shared_key( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+    TEST_ASSERT(mbedtls_ecjpake_write_shared_key(&cli,
+                                                 buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
 
-    TEST_ASSERT( len == sizeof( ecjpake_test_shared_key ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_shared_key, len ) == 0 );
+    TEST_ASSERT(len == sizeof(ecjpake_test_shared_key));
+    TEST_ASSERT(memcmp(buf, ecjpake_test_shared_key, len) == 0);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
 
 cleanup:
-    mbedtls_ecjpake_free( &cli );
-    mbedtls_ecjpake_free( &srv );
+    mbedtls_ecjpake_free(&cli);
+    mbedtls_ecjpake_free(&srv);
 
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (ret != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #undef TEST_ASSERT
diff --git a/library/ecp.c b/library/ecp.c
index b6ed60a..d9d5425 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -112,7 +112,7 @@
 /*
  * Set ecp_max_ops
  */
-void mbedtls_ecp_set_max_ops( unsigned max_ops )
+void mbedtls_ecp_set_max_ops(unsigned max_ops)
 {
     ecp_max_ops = max_ops;
 }
@@ -120,16 +120,15 @@
 /*
  * Check if restart is enabled
  */
-int mbedtls_ecp_restart_is_enabled( void )
+int mbedtls_ecp_restart_is_enabled(void)
 {
-    return( ecp_max_ops != 0 );
+    return ecp_max_ops != 0;
 }
 
 /*
  * Restart sub-context for ecp_mul_comb()
  */
-struct mbedtls_ecp_restart_mul
-{
+struct mbedtls_ecp_restart_mul {
     mbedtls_ecp_point R;    /* current intermediate result                  */
     size_t i;               /* current index in various loops, 0 outside    */
     mbedtls_ecp_point *T;   /* table for precomputed points                 */
@@ -148,9 +147,9 @@
 /*
  * Init restart_mul sub-context
  */
-static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx )
+static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx *ctx)
 {
-    mbedtls_ecp_point_init( &ctx->R );
+    mbedtls_ecp_point_init(&ctx->R);
     ctx->i = 0;
     ctx->T = NULL;
     ctx->T_size = 0;
@@ -160,30 +159,30 @@
 /*
  * Free the components of a restart_mul sub-context
  */
-static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx )
+static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx *ctx)
 {
     unsigned char i;
 
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
-
-    mbedtls_ecp_point_free( &ctx->R );
-
-    if( ctx->T != NULL )
-    {
-        for( i = 0; i < ctx->T_size; i++ )
-            mbedtls_ecp_point_free( ctx->T + i );
-        mbedtls_free( ctx->T );
     }
 
-    ecp_restart_rsm_init( ctx );
+    mbedtls_ecp_point_free(&ctx->R);
+
+    if (ctx->T != NULL) {
+        for (i = 0; i < ctx->T_size; i++) {
+            mbedtls_ecp_point_free(ctx->T + i);
+        }
+        mbedtls_free(ctx->T);
+    }
+
+    ecp_restart_rsm_init(ctx);
 }
 
 /*
  * Restart context for ecp_muladd()
  */
-struct mbedtls_ecp_restart_muladd
-{
+struct mbedtls_ecp_restart_muladd {
     mbedtls_ecp_point mP;       /* mP value                             */
     mbedtls_ecp_point R;        /* R intermediate result                */
     enum {                      /* what should we do next?              */
@@ -197,31 +196,32 @@
 /*
  * Init restart_muladd sub-context
  */
-static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx )
+static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx *ctx)
 {
-    mbedtls_ecp_point_init( &ctx->mP );
-    mbedtls_ecp_point_init( &ctx->R );
+    mbedtls_ecp_point_init(&ctx->mP);
+    mbedtls_ecp_point_init(&ctx->R);
     ctx->state = ecp_rsma_mul1;
 }
 
 /*
  * Free the components of a restart_muladd sub-context
  */
-static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx )
+static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_ecp_point_free( &ctx->mP );
-    mbedtls_ecp_point_free( &ctx->R );
+    mbedtls_ecp_point_free(&ctx->mP);
+    mbedtls_ecp_point_free(&ctx->R);
 
-    ecp_restart_ma_init( ctx );
+    ecp_restart_ma_init(ctx);
 }
 
 /*
  * Initialize a restart context
  */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
+void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx)
 {
     ctx->ops_done = 0;
     ctx->depth = 0;
@@ -232,104 +232,106 @@
 /*
  * Free the components of a restart context
  */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
+void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    ecp_restart_rsm_free( ctx->rsm );
-    mbedtls_free( ctx->rsm );
+    ecp_restart_rsm_free(ctx->rsm);
+    mbedtls_free(ctx->rsm);
 
-    ecp_restart_ma_free( ctx->ma );
-    mbedtls_free( ctx->ma );
+    ecp_restart_ma_free(ctx->ma);
+    mbedtls_free(ctx->ma);
 
-    mbedtls_ecp_restart_init( ctx );
+    mbedtls_ecp_restart_init(ctx);
 }
 
 /*
  * Check if we can do the next step
  */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
-                              mbedtls_ecp_restart_ctx *rs_ctx,
-                              unsigned ops )
+int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
+                             mbedtls_ecp_restart_ctx *rs_ctx,
+                             unsigned ops)
 {
-    if( rs_ctx != NULL && ecp_max_ops != 0 )
-    {
+    if (rs_ctx != NULL && ecp_max_ops != 0) {
         /* scale depending on curve size: the chosen reference is 256-bit,
          * and multiplication is quadratic. Round to the closest integer. */
-        if( grp->pbits >= 512 )
+        if (grp->pbits >= 512) {
             ops *= 4;
-        else if( grp->pbits >= 384 )
+        } else if (grp->pbits >= 384) {
             ops *= 2;
+        }
 
         /* Avoid infinite loops: always allow first step.
          * Because of that, however, it's not generally true
          * that ops_done <= ecp_max_ops, so the check
          * ops_done > ecp_max_ops below is mandatory. */
-        if( ( rs_ctx->ops_done != 0 ) &&
-            ( rs_ctx->ops_done > ecp_max_ops ||
-              ops > ecp_max_ops - rs_ctx->ops_done ) )
-        {
-            return( MBEDTLS_ERR_ECP_IN_PROGRESS );
+        if ((rs_ctx->ops_done != 0) &&
+            (rs_ctx->ops_done > ecp_max_ops ||
+             ops > ecp_max_ops - rs_ctx->ops_done)) {
+            return MBEDTLS_ERR_ECP_IN_PROGRESS;
         }
 
         /* update running count */
         rs_ctx->ops_done += ops;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Call this when entering a function that needs its own sub-context */
-#define ECP_RS_ENTER( SUB )   do {                                      \
-    /* reset ops count for this call if top-level */                    \
-    if( rs_ctx != NULL && rs_ctx->depth++ == 0 )                        \
+#define ECP_RS_ENTER(SUB)   do {                                      \
+        /* reset ops count for this call if top-level */                    \
+        if (rs_ctx != NULL && rs_ctx->depth++ == 0)                        \
         rs_ctx->ops_done = 0;                                           \
                                                                         \
-    /* set up our own sub-context if needed */                          \
-    if( mbedtls_ecp_restart_is_enabled() &&                             \
-        rs_ctx != NULL && rs_ctx->SUB == NULL )                         \
-    {                                                                   \
-        rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) );      \
-        if( rs_ctx->SUB == NULL )                                       \
-            return( MBEDTLS_ERR_ECP_ALLOC_FAILED );                     \
-                                                                        \
-        ecp_restart_## SUB ##_init( rs_ctx->SUB );                      \
-    }                                                                   \
-} while( 0 )
+        /* set up our own sub-context if needed */                          \
+        if (mbedtls_ecp_restart_is_enabled() &&                             \
+            rs_ctx != NULL && rs_ctx->SUB == NULL)                         \
+        {                                                                   \
+            rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB));      \
+            if (rs_ctx->SUB == NULL)                                       \
+            return MBEDTLS_ERR_ECP_ALLOC_FAILED;                     \
+                                                                      \
+            ecp_restart_## SUB ##_init(rs_ctx->SUB);                      \
+        }                                                                   \
+} while (0)
 
 /* Call this when leaving a function that needs its own sub-context */
-#define ECP_RS_LEAVE( SUB )   do {                                      \
-    /* clear our sub-context when not in progress (done or error) */    \
-    if( rs_ctx != NULL && rs_ctx->SUB != NULL &&                        \
-        ret != MBEDTLS_ERR_ECP_IN_PROGRESS )                            \
-    {                                                                   \
-        ecp_restart_## SUB ##_free( rs_ctx->SUB );                      \
-        mbedtls_free( rs_ctx->SUB );                                    \
-        rs_ctx->SUB = NULL;                                             \
-    }                                                                   \
+#define ECP_RS_LEAVE(SUB)   do {                                      \
+        /* clear our sub-context when not in progress (done or error) */    \
+        if (rs_ctx != NULL && rs_ctx->SUB != NULL &&                        \
+            ret != MBEDTLS_ERR_ECP_IN_PROGRESS)                            \
+        {                                                                   \
+            ecp_restart_## SUB ##_free(rs_ctx->SUB);                      \
+            mbedtls_free(rs_ctx->SUB);                                    \
+            rs_ctx->SUB = NULL;                                             \
+        }                                                                   \
                                                                         \
-    if( rs_ctx != NULL )                                                \
+        if (rs_ctx != NULL)                                                \
         rs_ctx->depth--;                                                \
-} while( 0 )
+} while (0)
 
 #else /* MBEDTLS_ECP_RESTARTABLE */
 
-#define ECP_RS_ENTER( sub )     (void) rs_ctx;
-#define ECP_RS_LEAVE( sub )     (void) rs_ctx;
+#define ECP_RS_ENTER(sub)     (void) rs_ctx;
+#define ECP_RS_LEAVE(sub)     (void) rs_ctx;
 
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-static void mpi_init_many( mbedtls_mpi *arr, size_t size )
+static void mpi_init_many(mbedtls_mpi *arr, size_t size)
 {
-    while( size-- )
-        mbedtls_mpi_init( arr++ );
+    while (size--) {
+        mbedtls_mpi_init(arr++);
+    }
 }
 
-static void mpi_free_many( mbedtls_mpi *arr, size_t size )
+static void mpi_free_many(mbedtls_mpi *arr, size_t size)
 {
-    while( size-- )
-        mbedtls_mpi_free( arr++ );
+    while (size--) {
+        mbedtls_mpi_free(arr++);
+    }
 }
 
 /*
@@ -388,35 +390,33 @@
     { MBEDTLS_ECP_DP_NONE,          0,     0,      NULL                },
 };
 
-#define ECP_NB_CURVES   sizeof( ecp_supported_curves ) /    \
-                        sizeof( ecp_supported_curves[0] )
+#define ECP_NB_CURVES   sizeof(ecp_supported_curves) /    \
+    sizeof(ecp_supported_curves[0])
 
 static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
 
 /*
  * List of supported curves and associated info
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void)
 {
-    return( ecp_supported_curves );
+    return ecp_supported_curves;
 }
 
 /*
  * List of supported curves, group ID only
  */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void )
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void)
 {
     static int init_done = 0;
 
-    if( ! init_done )
-    {
+    if (!init_done) {
         size_t i = 0;
         const mbedtls_ecp_curve_info *curve_info;
 
-        for( curve_info = mbedtls_ecp_curve_list();
+        for (curve_info = mbedtls_ecp_curve_list();
              curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-             curve_info++ )
-        {
+             curve_info++) {
             ecp_supported_grp_id[i++] = curve_info->grp_id;
         }
         ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
@@ -424,101 +424,104 @@
         init_done = 1;
     }
 
-    return( ecp_supported_grp_id );
+    return ecp_supported_grp_id;
 }
 
 /*
  * Get the curve info for the internal identifier
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
 {
     const mbedtls_ecp_curve_info *curve_info;
 
-    for( curve_info = mbedtls_ecp_curve_list();
+    for (curve_info = mbedtls_ecp_curve_list();
          curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->grp_id == grp_id )
-            return( curve_info );
+         curve_info++) {
+        if (curve_info->grp_id == grp_id) {
+            return curve_info;
+        }
     }
 
-    return( NULL );
+    return NULL;
 }
 
 /*
  * Get the curve info from the TLS identifier
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
 {
     const mbedtls_ecp_curve_info *curve_info;
 
-    for( curve_info = mbedtls_ecp_curve_list();
+    for (curve_info = mbedtls_ecp_curve_list();
          curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->tls_id == tls_id )
-            return( curve_info );
+         curve_info++) {
+        if (curve_info->tls_id == tls_id) {
+            return curve_info;
+        }
     }
 
-    return( NULL );
+    return NULL;
 }
 
 /*
  * Get the curve info from the name
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name )
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name)
 {
     const mbedtls_ecp_curve_info *curve_info;
 
-    if( name == NULL )
-        return( NULL );
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( strcmp( curve_info->name, name ) == 0 )
-            return( curve_info );
+    if (name == NULL) {
+        return NULL;
     }
 
-    return( NULL );
+    for (curve_info = mbedtls_ecp_curve_list();
+         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         curve_info++) {
+        if (strcmp(curve_info->name, name) == 0) {
+            return curve_info;
+        }
+    }
+
+    return NULL;
 }
 
 /*
  * Get the type of a curve
  */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
+mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp)
 {
-    if( grp->G.X.p == NULL )
-        return( MBEDTLS_ECP_TYPE_NONE );
+    if (grp->G.X.p == NULL) {
+        return MBEDTLS_ECP_TYPE_NONE;
+    }
 
-    if( grp->G.Y.p == NULL )
-        return( MBEDTLS_ECP_TYPE_MONTGOMERY );
-    else
-        return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+    if (grp->G.Y.p == NULL) {
+        return MBEDTLS_ECP_TYPE_MONTGOMERY;
+    } else {
+        return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS;
+    }
 }
 
 /*
  * Initialize (the components of) a point
  */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
+void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
 {
-    mbedtls_mpi_init( &pt->X );
-    mbedtls_mpi_init( &pt->Y );
-    mbedtls_mpi_init( &pt->Z );
+    mbedtls_mpi_init(&pt->X);
+    mbedtls_mpi_init(&pt->Y);
+    mbedtls_mpi_init(&pt->Z);
 }
 
 /*
  * Initialize (the components of) a group
  */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
+void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
 {
     grp->id = MBEDTLS_ECP_DP_NONE;
-    mbedtls_mpi_init( &grp->P );
-    mbedtls_mpi_init( &grp->A );
-    mbedtls_mpi_init( &grp->B );
-    mbedtls_ecp_point_init( &grp->G );
-    mbedtls_mpi_init( &grp->N );
+    mbedtls_mpi_init(&grp->P);
+    mbedtls_mpi_init(&grp->A);
+    mbedtls_mpi_init(&grp->B);
+    mbedtls_ecp_point_init(&grp->G);
+    mbedtls_mpi_init(&grp->N);
     grp->pbits = 0;
     grp->nbits = 0;
     grp->h = 0;
@@ -533,30 +536,32 @@
 /*
  * Initialize (the components of) a key pair
  */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
+void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
 {
-    mbedtls_ecp_group_init( &key->grp );
-    mbedtls_mpi_init( &key->d );
-    mbedtls_ecp_point_init( &key->Q );
+    mbedtls_ecp_group_init(&key->grp);
+    mbedtls_mpi_init(&key->d);
+    mbedtls_ecp_point_init(&key->Q);
 }
 
 /*
  * Unallocate (the components of) a point
  */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt )
+void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
 {
-    if( pt == NULL )
+    if (pt == NULL) {
         return;
+    }
 
-    mbedtls_mpi_free( &( pt->X ) );
-    mbedtls_mpi_free( &( pt->Y ) );
-    mbedtls_mpi_free( &( pt->Z ) );
+    mbedtls_mpi_free(&(pt->X));
+    mbedtls_mpi_free(&(pt->Y));
+    mbedtls_mpi_free(&(pt->Z));
 }
 
 /*
  * Check that the comb table (grp->T) is static initialized.
  */
-static int ecp_group_is_static_comb_table( const mbedtls_ecp_group *grp ) {
+static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp)
+{
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
     return grp->T != NULL && grp->T_size == 0;
 #else
@@ -568,268 +573,268 @@
 /*
  * Unallocate (the components of) a group
  */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
+void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
 {
     size_t i;
 
-    if( grp == NULL )
+    if (grp == NULL) {
         return;
-
-    if( grp->h != 1 )
-    {
-        mbedtls_mpi_free( &grp->P );
-        mbedtls_mpi_free( &grp->A );
-        mbedtls_mpi_free( &grp->B );
-        mbedtls_ecp_point_free( &grp->G );
-        mbedtls_mpi_free( &grp->N );
     }
 
-    if( !ecp_group_is_static_comb_table(grp) && grp->T != NULL )
-    {
-        for( i = 0; i < grp->T_size; i++ )
-            mbedtls_ecp_point_free( &grp->T[i] );
-        mbedtls_free( grp->T );
+    if (grp->h != 1) {
+        mbedtls_mpi_free(&grp->P);
+        mbedtls_mpi_free(&grp->A);
+        mbedtls_mpi_free(&grp->B);
+        mbedtls_ecp_point_free(&grp->G);
+        mbedtls_mpi_free(&grp->N);
     }
 
-    mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
+    if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) {
+        for (i = 0; i < grp->T_size; i++) {
+            mbedtls_ecp_point_free(&grp->T[i]);
+        }
+        mbedtls_free(grp->T);
+    }
+
+    mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group));
 }
 
 /*
  * Unallocate (the components of) a key pair
  */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
+void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
 {
-    if( key == NULL )
+    if (key == NULL) {
         return;
+    }
 
-    mbedtls_ecp_group_free( &key->grp );
-    mbedtls_mpi_free( &key->d );
-    mbedtls_ecp_point_free( &key->Q );
+    mbedtls_ecp_group_free(&key->grp);
+    mbedtls_mpi_free(&key->d);
+    mbedtls_ecp_point_free(&key->Q);
 }
 
 /*
  * Copy the contents of a point
  */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Copy the contents of a group object
  */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
+int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
 {
-    return( mbedtls_ecp_group_load( dst, src->id ) );
+    return mbedtls_ecp_group_load(dst, src->id);
 }
 
 /*
  * Set point to zero
  */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
+int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Tell if a point is zero
  */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
+int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
 {
-    return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
+    return mbedtls_mpi_cmp_int(&pt->Z, 0) == 0;
 }
 
 /*
  * Compare two points lazily
  */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q )
+int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
+                          const mbedtls_ecp_point *Q)
 {
-    if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
-    {
-        return( 0 );
+    if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 &&
+        mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 &&
+        mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) {
+        return 0;
     }
 
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 }
 
 /*
  * Import a non-zero point from ASCII strings
  */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y )
+int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix,
+                                  const char *x, const char *y)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
  */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
-                                    const mbedtls_ecp_point *P,
-                                    int format, size_t *olen,
-                                    unsigned char *buf, size_t buflen )
+int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
+                                   const mbedtls_ecp_point *P,
+                                   int format, size_t *olen,
+                                   unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     size_t plen;
-    if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
-        format != MBEDTLS_ECP_PF_COMPRESSED )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+        format != MBEDTLS_ECP_PF_COMPRESSED) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    plen = mbedtls_mpi_size( &grp->P );
+    plen = mbedtls_mpi_size(&grp->P);
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
     (void) format; /* Montgomery curves always use the same point format */
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
         *olen = plen;
-        if( buflen < *olen )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        if (buflen < *olen) {
+            return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+        }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen));
     }
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
         /*
          * Common case: P == 0
          */
-        if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-        {
-            if( buflen < 1 )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) {
+            if (buflen < 1) {
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            }
 
             buf[0] = 0x00;
             *olen = 1;
 
-            return( 0 );
+            return 0;
         }
 
-        if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
-        {
+        if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) {
             *olen = 2 * plen + 1;
 
-            if( buflen < *olen )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+            if (buflen < *olen) {
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            }
 
             buf[0] = 0x04;
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
-        }
-        else if( format == MBEDTLS_ECP_PF_COMPRESSED )
-        {
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen));
+        } else if (format == MBEDTLS_ECP_PF_COMPRESSED) {
             *olen = plen + 1;
 
-            if( buflen < *olen )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+            if (buflen < *olen) {
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            }
 
-            buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+            buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0);
+            MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen));
         }
     }
 #endif
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-static int mbedtls_ecp_sw_derive_y( const mbedtls_ecp_group *grp,
-                                    const mbedtls_mpi *X,
-                                    mbedtls_mpi *Y,
-                                    int parity_bit );
+static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
+                                   const mbedtls_mpi *X,
+                                   mbedtls_mpi *Y,
+                                   int parity_bit);
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
 /*
  * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
  */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *pt,
-                                   const unsigned char *buf, size_t ilen )
+int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
+                                  mbedtls_ecp_point *pt,
+                                  const unsigned char *buf, size_t ilen)
 {
     int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     size_t plen;
-    if( ilen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (ilen < 1) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    plen = mbedtls_mpi_size( &grp->P );
+    plen = mbedtls_mpi_size(&grp->P);
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        if( plen != ilen )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        if (plen != ilen) {
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
-        mbedtls_mpi_free( &pt->Y );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen));
+        mbedtls_mpi_free(&pt->Y);
 
-        if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
+        if (grp->id == MBEDTLS_ECP_DP_CURVE25519) {
             /* Set most significant bit to 0 as prescribed in RFC7748 §5 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0));
+        }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1));
     }
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        if( buf[0] == 0x00 )
-        {
-            if( ilen == 1 )
-                return( mbedtls_ecp_set_zero( pt ) );
-            else
-                return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        if (buf[0] == 0x00) {
+            if (ilen == 1) {
+                return mbedtls_ecp_set_zero(pt);
+            } else {
+                return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+            }
         }
 
-        if( ilen < 1 + plen )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        if (ilen < 1 + plen) {
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1));
 
-        if( buf[0] == 0x04 )
-        {
+        if (buf[0] == 0x04) {
             /* format == MBEDTLS_ECP_PF_UNCOMPRESSED */
-            if( ilen != 1 + plen * 2 )
-                return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-            return( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
-        }
-        else if( buf[0] == 0x02 || buf[0] == 0x03 )
-        {
+            if (ilen != 1 + plen * 2) {
+                return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+            }
+            return mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen);
+        } else if (buf[0] == 0x02 || buf[0] == 0x03) {
             /* format == MBEDTLS_ECP_PF_COMPRESSED */
-            if( ilen != 1 + plen )
-                return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-            return( mbedtls_ecp_sw_derive_y( grp, &pt->X, &pt->Y,
-                                             ( buf[0] & 1 ) ) );
+            if (ilen != 1 + plen) {
+                return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+            }
+            return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y,
+                                           (buf[0] & 1));
+        } else {
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         }
-        else
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
     }
 #endif
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -838,21 +843,23 @@
  *          opaque point <1..2^8-1>;
  *      } ECPoint;
  */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *pt,
-                                const unsigned char **buf, size_t buf_len )
+int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
+                               mbedtls_ecp_point *pt,
+                               const unsigned char **buf, size_t buf_len)
 {
     unsigned char data_len;
     const unsigned char *buf_start;
     /*
      * We must have at least two bytes (1 for length, at least one for data)
      */
-    if( buf_len < 2 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (buf_len < 2) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     data_len = *(*buf)++;
-    if( data_len < 1 || data_len > buf_len - 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (data_len < 1 || data_len > buf_len - 1) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * Save buffer start for read_binary and update buf
@@ -860,7 +867,7 @@
     buf_start = *buf;
     *buf += data_len;
 
-    return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
+    return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len);
 }
 
 /*
@@ -869,24 +876,27 @@
  *          opaque point <1..2^8-1>;
  *      } ECPoint;
  */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
-                         int format, size_t *olen,
-                         unsigned char *buf, size_t blen )
+int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                                int format, size_t *olen,
+                                unsigned char *buf, size_t blen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
-        format != MBEDTLS_ECP_PF_COMPRESSED )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+        format != MBEDTLS_ECP_PF_COMPRESSED) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * buffer length must be at least one, for our length byte
      */
-    if( blen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (blen < 1) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format,
-                    olen, buf + 1, blen - 1) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format,
+                                              olen, buf + 1, blen - 1)) != 0) {
+        return ret;
+    }
 
     /*
      * write length to the first byte and update total length
@@ -894,43 +904,46 @@
     buf[0] = (unsigned char) *olen;
     ++*olen;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Set a group from an ECParameters record (RFC 4492)
  */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
-                                const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
+                               const unsigned char **buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group_id grp_id;
-    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
+        return ret;
+    }
 
-    return( mbedtls_ecp_group_load( grp, grp_id ) );
+    return mbedtls_ecp_group_load(grp, grp_id);
 }
 
 /*
  * Read a group id from an ECParameters record (RFC 4492) and convert it to
  * mbedtls_ecp_group_id.
  */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
-                                   const unsigned char **buf, size_t len )
+int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
+                                  const unsigned char **buf, size_t len)
 {
     uint16_t tls_id;
     const mbedtls_ecp_curve_info *curve_info;
     /*
      * We expect at least three bytes (see below)
      */
-    if( len < 3 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (len < 3) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * First byte is curve_type; only named_curve is handled
      */
-    if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * Next two bytes are the namedcurve value
@@ -939,30 +952,33 @@
     tls_id <<= 8;
     tls_id |= *(*buf)++;
 
-    if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) {
+        return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+    }
 
     *grp = curve_info->grp_id;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Write the ECParameters record corresponding to a group (RFC 4492)
  */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
-                         unsigned char *buf, size_t blen )
+int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen,
+                                unsigned char *buf, size_t blen)
 {
     const mbedtls_ecp_curve_info *curve_info;
-    if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * We are going to write 3 bytes (see below)
      */
     *olen = 3;
-    if( blen < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (blen < *olen) {
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     /*
      * First byte is curve_type, always named_curve
@@ -972,9 +988,9 @@
     /*
      * Next two bytes are the namedcurve value
      */
-    MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, buf, 0);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -983,32 +999,34 @@
  *
  * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf.
  */
-static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
+static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( grp->modp == NULL )
-        return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
-
-    /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
-        mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (grp->modp == NULL) {
+        return mbedtls_mpi_mod_mpi(N, N, &grp->P);
     }
 
-    MBEDTLS_MPI_CHK( grp->modp( N ) );
+    /* N->s < 0 is a much faster test, which fails only if N is 0 */
+    if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) ||
+        mbedtls_mpi_bitlen(N) > 2 * grp->pbits) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
+
+    MBEDTLS_MPI_CHK(grp->modp(N));
 
     /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
+    while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P));
+    }
 
-    while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
+    while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) {
         /* we known P, N and the result are positive */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P));
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -1030,52 +1048,52 @@
 #define INC_MUL_COUNT
 #endif
 
-#define MOD_MUL( N )                                                    \
+#define MOD_MUL(N)                                                    \
     do                                                                  \
     {                                                                   \
-        MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) );                       \
+        MBEDTLS_MPI_CHK(ecp_modp(&(N), grp));                       \
         INC_MUL_COUNT                                                   \
-    } while( 0 )
+    } while (0)
 
-static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
+static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp,
+                                      mbedtls_mpi *X,
+                                      const mbedtls_mpi *A,
+                                      const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) );
-    MOD_MUL( *X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B));
+    MOD_MUL(*X);
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
  * N->s < 0 is a very fast test, which fails only if N is 0
  */
-#define MOD_SUB( N )                                                          \
+#define MOD_SUB(N)                                                          \
     do {                                                                      \
-        while( (N)->s < 0 && mbedtls_mpi_cmp_int( (N), 0 ) != 0 )             \
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( (N), (N), &grp->P ) );      \
-    } while( 0 )
+        while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0)             \
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P));      \
+    } while (0)
 
-#if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
-      !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-         defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
-         defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) ) || \
-    ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
-      !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-         defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) )
-static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
+#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
+    !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+    defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
+    defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \
+    (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
+    !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+    defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)))
+static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp,
+                                      mbedtls_mpi *X,
+                                      const mbedtls_mpi *A,
+                                      const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
-    MOD_SUB( X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B));
+    MOD_SUB(X);
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */
 
@@ -1084,66 +1102,67 @@
  * We known P, N and the result are positive, so sub_abs is correct, and
  * a bit faster.
  */
-#define MOD_ADD( N )                                                   \
-    while( mbedtls_mpi_cmp_mpi( (N), &grp->P ) >= 0 )                  \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( (N), (N), &grp->P ) )
+#define MOD_ADD(N)                                                   \
+    while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0)                  \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P))
 
-static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
+static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp,
+                                      mbedtls_mpi *X,
+                                      const mbedtls_mpi *A,
+                                      const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
-    MOD_ADD( X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B));
+    MOD_ADD(X);
 cleanup:
-    return( ret );
+    return ret;
 }
 
-static inline int mbedtls_mpi_mul_int_mod( const mbedtls_ecp_group *grp,
-                                           mbedtls_mpi *X,
-                                           const mbedtls_mpi *A,
-                                           mbedtls_mpi_uint c )
+static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp,
+                                          mbedtls_mpi *X,
+                                          const mbedtls_mpi *A,
+                                          mbedtls_mpi_uint c)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( X, A, c ) );
-    MOD_ADD( X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(X, A, c));
+    MOD_ADD(X);
 cleanup:
-    return( ret );
+    return ret;
 }
 
-static inline int mbedtls_mpi_sub_int_mod( const mbedtls_ecp_group *grp,
-                                           mbedtls_mpi *X,
-                                           const mbedtls_mpi *A,
-                                           mbedtls_mpi_uint c )
+static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp,
+                                          mbedtls_mpi *X,
+                                          const mbedtls_mpi *A,
+                                          mbedtls_mpi_uint c)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, A, c ) );
-    MOD_SUB( X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, A, c));
+    MOD_SUB(X);
 cleanup:
-    return( ret );
+    return ret;
 }
 
-#define MPI_ECP_SUB_INT( X, A, c )             \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int_mod( grp, X, A, c ) )
+#define MPI_ECP_SUB_INT(X, A, c)             \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
-    !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-       defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
-       defined(MBEDTLS_ECP_ADD_MIXED_ALT) )
-static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp,
-                                           mbedtls_mpi *X,
-                                           size_t count )
+    !(defined(MBEDTLS_ECP_NO_FALLBACK) && \
+    defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
+    defined(MBEDTLS_ECP_ADD_MIXED_ALT))
+static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp,
+                                          mbedtls_mpi *X,
+                                          size_t count)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
-    MOD_ADD( X );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count));
+    MOD_ADD(X);
 cleanup:
-    return( ret );
+    return ret;
 }
-#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
+#endif \
+    /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
 
 /*
  * Macro wrappers around ECP modular arithmetic
@@ -1151,64 +1170,64 @@
  * Currently, these wrappers are defined via the bignum module.
  */
 
-#define MPI_ECP_ADD( X, A, B )                                                  \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, X, A, B ) )
+#define MPI_ECP_ADD(X, A, B)                                                  \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B))
 
-#define MPI_ECP_SUB( X, A, B )                                                  \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, X, A, B ) )
+#define MPI_ECP_SUB(X, A, B)                                                  \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B))
 
-#define MPI_ECP_MUL( X, A, B )                                                  \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, X, A, B ) )
+#define MPI_ECP_MUL(X, A, B)                                                  \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B))
 
-#define MPI_ECP_SQR( X, A )                                                     \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, X, A, A ) )
+#define MPI_ECP_SQR(X, A)                                                     \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A))
 
-#define MPI_ECP_MUL_INT( X, A, c )                                              \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int_mod( grp, X, A, c ) )
+#define MPI_ECP_MUL_INT(X, A, c)                                              \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c))
 
-#define MPI_ECP_INV( dst, src )                                                 \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( (dst), (src), &grp->P ) )
+#define MPI_ECP_INV(dst, src)                                                 \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P))
 
-#define MPI_ECP_MOV( X, A )                                                     \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) )
+#define MPI_ECP_MOV(X, A)                                                     \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A))
 
-#define MPI_ECP_SHIFT_L( X, count )                                             \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, X, count ) )
+#define MPI_ECP_SHIFT_L(X, count)                                             \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count))
 
-#define MPI_ECP_LSET( X, c )                                                    \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, c ) )
+#define MPI_ECP_LSET(X, c)                                                    \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, c))
 
-#define MPI_ECP_CMP_INT( X, c )                                                 \
-    mbedtls_mpi_cmp_int( X, c )
+#define MPI_ECP_CMP_INT(X, c)                                                 \
+    mbedtls_mpi_cmp_int(X, c)
 
-#define MPI_ECP_CMP( X, Y )                                                     \
-    mbedtls_mpi_cmp_mpi( X, Y )
+#define MPI_ECP_CMP(X, Y)                                                     \
+    mbedtls_mpi_cmp_mpi(X, Y)
 
 /* Needs f_rng, p_rng to be defined. */
-#define MPI_ECP_RAND( X )                                                       \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_random( (X), 2, &grp->P, f_rng, p_rng ) )
+#define MPI_ECP_RAND(X)                                                       \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng))
 
 /* Conditional negation
  * Needs grp and a temporary MPI tmp to be defined. */
-#define MPI_ECP_COND_NEG( X, cond )                                        \
+#define MPI_ECP_COND_NEG(X, cond)                                        \
     do                                                                     \
     {                                                                      \
-        unsigned char nonzero = mbedtls_mpi_cmp_int( (X), 0 ) != 0;        \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &tmp, &grp->P, (X) ) );      \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( (X), &tmp,          \
-                                                       nonzero & cond ) ); \
-    } while( 0 )
+        unsigned char nonzero = mbedtls_mpi_cmp_int((X), 0) != 0;        \
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X)));      \
+        MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), &tmp,          \
+                                                     nonzero & cond)); \
+    } while (0)
 
-#define MPI_ECP_NEG( X ) MPI_ECP_COND_NEG( (X), 1 )
+#define MPI_ECP_NEG(X) MPI_ECP_COND_NEG((X), 1)
 
-#define MPI_ECP_VALID( X )                      \
-    ( (X)->p != NULL )
+#define MPI_ECP_VALID(X)                      \
+    ((X)->p != NULL)
 
-#define MPI_ECP_COND_ASSIGN( X, Y, cond )       \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( (X), (Y), (cond) ) )
+#define MPI_ECP_COND_ASSIGN(X, Y, cond)       \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), (Y), (cond)))
 
-#define MPI_ECP_COND_SWAP( X, Y, cond )       \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( (X), (Y), (cond) ) )
+#define MPI_ECP_COND_SWAP(X, Y, cond)       \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap((X), (Y), (cond)))
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
 
@@ -1216,39 +1235,36 @@
  * Computes the right-hand side of the Short Weierstrass equation
  * RHS = X^3 + A X + B
  */
-static int ecp_sw_rhs( const mbedtls_ecp_group *grp,
-                       mbedtls_mpi *rhs,
-                       const mbedtls_mpi *X )
+static int ecp_sw_rhs(const mbedtls_ecp_group *grp,
+                      mbedtls_mpi *rhs,
+                      const mbedtls_mpi *X)
 {
     int ret;
 
     /* Compute X^3 + A X + B as X (X^2 + A) + B */
-    MPI_ECP_SQR( rhs, X );
+    MPI_ECP_SQR(rhs, X);
 
     /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
-        MPI_ECP_SUB_INT( rhs, rhs, 3 );
-    }
-    else
-    {
-        MPI_ECP_ADD( rhs, rhs, &grp->A );
+    if (grp->A.p == NULL) {
+        MPI_ECP_SUB_INT(rhs, rhs, 3);
+    } else {
+        MPI_ECP_ADD(rhs, rhs, &grp->A);
     }
 
-    MPI_ECP_MUL( rhs, rhs, X  );
-    MPI_ECP_ADD( rhs, rhs, &grp->B );
+    MPI_ECP_MUL(rhs, rhs, X);
+    MPI_ECP_ADD(rhs, rhs, &grp->B);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Derive Y from X and a parity bit
  */
-static int mbedtls_ecp_sw_derive_y( const mbedtls_ecp_group *grp,
-                                    const mbedtls_mpi *X,
-                                    mbedtls_mpi *Y,
-                                    int parity_bit )
+static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
+                                   const mbedtls_mpi *X,
+                                   mbedtls_mpi *Y,
+                                   int parity_bit)
 {
     /* w = y^2 = x^3 + ax + b
      * y = sqrt(w) = w^((p+1)/4) mod p   (for prime p where p = 3 mod 4)
@@ -1259,36 +1275,38 @@
      */
 
     /* Check prerequisite p = 3 mod 4 */
-    if( mbedtls_mpi_get_bit( &grp->P, 0 ) != 1 ||
-        mbedtls_mpi_get_bit( &grp->P, 1 ) != 1 )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 ||
+        mbedtls_mpi_get_bit(&grp->P, 1) != 1) {
+        return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+    }
 
     int ret;
     mbedtls_mpi exp;
-    mbedtls_mpi_init( &exp );
+    mbedtls_mpi_init(&exp);
 
     /* use Y to store intermediate result, actually w above */
-    MBEDTLS_MPI_CHK( ecp_sw_rhs( grp, Y, X ) );
+    MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X));
 
     /* w = y^2 */ /* Y contains y^2 intermediate result */
     /* exp = ((p+1)/4) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &exp, &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &exp, 2 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&exp, 2));
     /* sqrt(w) = w^((p+1)/4) mod p   (for prime p where p = 3 mod 4) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( Y, Y /*y^2*/, &exp, &grp->P, NULL ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL));
 
     /* check parity bit match or else invert Y */
     /* This quick inversion implementation is valid because Y != 0 for all
      * Short Weierstrass curves supported by mbedtls, as each supported curve
      * has an order that is a large prime, so each supported curve does not
      * have any point of order 2, and a point with Y == 0 would be of order 2 */
-    if( mbedtls_mpi_get_bit( Y, 0 ) != parity_bit )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( Y, &grp->P, Y ) );
+    if (mbedtls_mpi_get_bit(Y, 0) != parity_bit) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y));
+    }
 
 cleanup:
 
-    mbedtls_mpi_free( &exp );
-    return( ret );
+    mbedtls_mpi_free(&exp);
+    return ret;
 }
 
 /*
@@ -1303,36 +1321,38 @@
  * Normalize jacobian coordinates so that Z == 0 || Z == 1  (GECC 3.2.1)
  * Cost: 1N := 1I + 3M + 1S
  */
-static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
+static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt)
 {
-    if( MPI_ECP_CMP_INT( &pt->Z, 0 ) == 0 )
-        return( 0 );
+    if (MPI_ECP_CMP_INT(&pt->Z, 0) == 0) {
+        return 0;
+    }
 
 #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_jac( grp, pt ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_normalize_jac(grp, pt);
+    }
 #endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi T;
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
-    MPI_ECP_INV( &T,       &pt->Z );          /* T   <-          1 / Z   */
-    MPI_ECP_MUL( &pt->Y,   &pt->Y,     &T );  /* Y'  <- Y*T    = Y / Z   */
-    MPI_ECP_SQR( &T,       &T             );  /* T   <- T^2    = 1 / Z^2 */
-    MPI_ECP_MUL( &pt->X,   &pt->X,     &T );  /* X   <- X  * T = X / Z^2 */
-    MPI_ECP_MUL( &pt->Y,   &pt->Y,     &T );  /* Y'' <- Y' * T = Y / Z^3 */
+    MPI_ECP_INV(&T,       &pt->Z);            /* T   <-          1 / Z   */
+    MPI_ECP_MUL(&pt->Y,   &pt->Y,     &T);    /* Y'  <- Y*T    = Y / Z   */
+    MPI_ECP_SQR(&T,       &T);                /* T   <- T^2    = 1 / Z^2 */
+    MPI_ECP_MUL(&pt->X,   &pt->X,     &T);    /* X   <- X  * T = X / Z^2 */
+    MPI_ECP_MUL(&pt->Y,   &pt->Y,     &T);    /* Y'' <- Y' * T = Y / Z^3 */
 
-    MPI_ECP_LSET( &pt->Z, 1 );
+    MPI_ECP_LSET(&pt->Z, 1);
 
 cleanup:
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */
 }
 
@@ -1347,46 +1367,47 @@
  *
  * Cost: 1N(t) := 1I + (6t - 3)M + 1S
  */
-static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *T[], size_t T_size )
+static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp,
+                                  mbedtls_ecp_point *T[], size_t T_size)
 {
-    if( T_size < 2 )
-        return( ecp_normalize_jac( grp, *T ) );
+    if (T_size < 2) {
+        return ecp_normalize_jac(grp, *T);
+    }
 
 #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size);
+    }
 #endif
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
     mbedtls_mpi *c, t;
 
-    if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
+    if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) {
+        return MBEDTLS_ERR_ECP_ALLOC_FAILED;
+    }
 
-    mbedtls_mpi_init( &t );
+    mbedtls_mpi_init(&t);
 
-    mpi_init_many( c, T_size );
+    mpi_init_many(c, T_size);
     /*
      * c[i] = Z_0 * ... * Z_i,   i = 0,..,n := T_size-1
      */
-    MPI_ECP_MOV( &c[0], &T[0]->Z );
-    for( i = 1; i < T_size; i++ )
-    {
-        MPI_ECP_MUL( &c[i], &c[i-1], &T[i]->Z );
+    MPI_ECP_MOV(&c[0], &T[0]->Z);
+    for (i = 1; i < T_size; i++) {
+        MPI_ECP_MUL(&c[i], &c[i-1], &T[i]->Z);
     }
 
     /*
      * c[n] = 1 / (Z_0 * ... * Z_n) mod P
      */
-    MPI_ECP_INV( &c[T_size-1], &c[T_size-1] );
+    MPI_ECP_INV(&c[T_size-1], &c[T_size-1]);
 
-    for( i = T_size - 1; ; i-- )
-    {
+    for (i = T_size - 1;; i--) {
         /* At the start of iteration i (note that i decrements), we have
          * - c[j] = Z_0 * .... * Z_j        for j  < i,
          * - c[j] = 1 / (Z_0 * .... * Z_j)  for j == i,
@@ -1399,22 +1420,19 @@
          * c[0] = 1 / Z_0.
          */
 
-        if( i > 0 )
-        {
+        if (i > 0) {
             /* Compute 1/Z_i and establish invariant for the next iteration. */
-            MPI_ECP_MUL( &t,      &c[i], &c[i-1]  );
-            MPI_ECP_MUL( &c[i-1], &c[i], &T[i]->Z );
-        }
-        else
-        {
-            MPI_ECP_MOV( &t, &c[0] );
+            MPI_ECP_MUL(&t,      &c[i], &c[i-1]);
+            MPI_ECP_MUL(&c[i-1], &c[i], &T[i]->Z);
+        } else {
+            MPI_ECP_MOV(&t, &c[0]);
         }
 
         /* Now t holds 1 / Z_i; normalize as in ecp_normalize_jac() */
-        MPI_ECP_MUL( &T[i]->Y, &T[i]->Y, &t );
-        MPI_ECP_SQR( &t,       &t           );
-        MPI_ECP_MUL( &T[i]->X, &T[i]->X, &t );
-        MPI_ECP_MUL( &T[i]->Y, &T[i]->Y, &t );
+        MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t);
+        MPI_ECP_SQR(&t,       &t);
+        MPI_ECP_MUL(&T[i]->X, &T[i]->X, &t);
+        MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t);
 
         /*
          * Post-precessing: reclaim some memory by shrinking coordinates
@@ -1422,22 +1440,23 @@
          * - shrinking other coordinates, but still keeping the same number of
          *   limbs as P, as otherwise it will too likely be regrown too fast.
          */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n));
 
-        MPI_ECP_LSET( &T[i]->Z, 1 );
+        MPI_ECP_LSET(&T[i]->Z, 1);
 
-        if( i == 0 )
+        if (i == 0) {
             break;
+        }
     }
 
 cleanup:
 
-    mbedtls_mpi_free( &t );
-    mpi_free_many( c, T_size );
-    mbedtls_free( c );
+    mbedtls_mpi_free(&t);
+    mpi_free_many(c, T_size);
+    mbedtls_free(c);
 
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */
 }
 
@@ -1445,19 +1464,19 @@
  * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak.
  * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid
  */
-static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
-                            mbedtls_ecp_point *Q,
-                            unsigned char inv )
+static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp,
+                               mbedtls_ecp_point *Q,
+                               unsigned char inv)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi tmp;
-    mbedtls_mpi_init( &tmp );
+    mbedtls_mpi_init(&tmp);
 
-    MPI_ECP_COND_NEG( &Q->Y, inv );
+    MPI_ECP_COND_NEG(&Q->Y, inv);
 
 cleanup:
-    mbedtls_mpi_free( &tmp );
-    return( ret );
+    mbedtls_mpi_free(&tmp);
+    return ret;
 }
 
 /*
@@ -1474,83 +1493,80 @@
  *             4M + 4S          (A == -3)
  *             3M + 6S + 1a     otherwise
  */
-static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                           const mbedtls_ecp_point *P,
-                           mbedtls_mpi tmp[4] )
+static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                          const mbedtls_ecp_point *P,
+                          mbedtls_mpi tmp[4])
 {
 #if defined(MBEDTLS_SELF_TEST)
     dbl_count++;
 #endif
 
 #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_double_jac( grp, R, P ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_double_jac(grp, R, P);
+    }
 #endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
+    if (grp->A.p == NULL) {
         /* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */
-        MPI_ECP_SQR(     &tmp[1],  &P->Z                );
-        MPI_ECP_ADD(     &tmp[2],  &P->X,  &tmp[1]      );
-        MPI_ECP_SUB(     &tmp[3],  &P->X,  &tmp[1]      );
-        MPI_ECP_MUL(     &tmp[1],  &tmp[2],     &tmp[3] );
-        MPI_ECP_MUL_INT( &tmp[0],  &tmp[1],     3       );
-    }
-    else
-    {
+        MPI_ECP_SQR(&tmp[1],  &P->Z);
+        MPI_ECP_ADD(&tmp[2],  &P->X,  &tmp[1]);
+        MPI_ECP_SUB(&tmp[3],  &P->X,  &tmp[1]);
+        MPI_ECP_MUL(&tmp[1],  &tmp[2],     &tmp[3]);
+        MPI_ECP_MUL_INT(&tmp[0],  &tmp[1],     3);
+    } else {
         /* tmp[0] <- M = 3.X^2 + A.Z^4 */
-        MPI_ECP_SQR(     &tmp[1],  &P->X  );
-        MPI_ECP_MUL_INT( &tmp[0],  &tmp[1],  3 );
+        MPI_ECP_SQR(&tmp[1],  &P->X);
+        MPI_ECP_MUL_INT(&tmp[0],  &tmp[1],  3);
 
         /* Optimize away for "koblitz" curves with A = 0 */
-        if( MPI_ECP_CMP_INT( &grp->A, 0 ) != 0 )
-        {
+        if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) {
             /* M += A.Z^4 */
-            MPI_ECP_SQR( &tmp[1],  &P->Z                );
-            MPI_ECP_SQR( &tmp[2],  &tmp[1]              );
-            MPI_ECP_MUL( &tmp[1],  &tmp[2],     &grp->A );
-            MPI_ECP_ADD( &tmp[0],  &tmp[0],     &tmp[1] );
+            MPI_ECP_SQR(&tmp[1],  &P->Z);
+            MPI_ECP_SQR(&tmp[2],  &tmp[1]);
+            MPI_ECP_MUL(&tmp[1],  &tmp[2],     &grp->A);
+            MPI_ECP_ADD(&tmp[0],  &tmp[0],     &tmp[1]);
         }
     }
 
     /* tmp[1] <- S = 4.X.Y^2 */
-    MPI_ECP_SQR(     &tmp[2],  &P->Y     );
-    MPI_ECP_SHIFT_L( &tmp[2],  1         );
-    MPI_ECP_MUL(     &tmp[1],  &P->X, &tmp[2] );
-    MPI_ECP_SHIFT_L( &tmp[1],  1         );
+    MPI_ECP_SQR(&tmp[2],  &P->Y);
+    MPI_ECP_SHIFT_L(&tmp[2],  1);
+    MPI_ECP_MUL(&tmp[1],  &P->X, &tmp[2]);
+    MPI_ECP_SHIFT_L(&tmp[1],  1);
 
     /* tmp[3] <- U = 8.Y^4 */
-    MPI_ECP_SQR(     &tmp[3],  &tmp[2] );
-    MPI_ECP_SHIFT_L( &tmp[3],  1       );
+    MPI_ECP_SQR(&tmp[3],  &tmp[2]);
+    MPI_ECP_SHIFT_L(&tmp[3],  1);
 
     /* tmp[2] <- T = M^2 - 2.S */
-    MPI_ECP_SQR( &tmp[2],  &tmp[0]     );
-    MPI_ECP_SUB( &tmp[2],  &tmp[2], &tmp[1] );
-    MPI_ECP_SUB( &tmp[2],  &tmp[2], &tmp[1] );
+    MPI_ECP_SQR(&tmp[2],  &tmp[0]);
+    MPI_ECP_SUB(&tmp[2],  &tmp[2], &tmp[1]);
+    MPI_ECP_SUB(&tmp[2],  &tmp[2], &tmp[1]);
 
     /* tmp[1] <- S = M(S - T) - U */
-    MPI_ECP_SUB( &tmp[1],  &tmp[1],     &tmp[2] );
-    MPI_ECP_MUL( &tmp[1],  &tmp[1],     &tmp[0] );
-    MPI_ECP_SUB( &tmp[1],  &tmp[1],     &tmp[3] );
+    MPI_ECP_SUB(&tmp[1],  &tmp[1],     &tmp[2]);
+    MPI_ECP_MUL(&tmp[1],  &tmp[1],     &tmp[0]);
+    MPI_ECP_SUB(&tmp[1],  &tmp[1],     &tmp[3]);
 
     /* tmp[3] <- U = 2.Y.Z */
-    MPI_ECP_MUL(     &tmp[3],  &P->Y,  &P->Z   );
-    MPI_ECP_SHIFT_L( &tmp[3],  1               );
+    MPI_ECP_MUL(&tmp[3],  &P->Y,  &P->Z);
+    MPI_ECP_SHIFT_L(&tmp[3],  1);
 
     /* Store results */
-    MPI_ECP_MOV( &R->X, &tmp[2] );
-    MPI_ECP_MOV( &R->Y, &tmp[1] );
-    MPI_ECP_MOV( &R->Z, &tmp[3] );
+    MPI_ECP_MOV(&R->X, &tmp[2]);
+    MPI_ECP_MOV(&R->Y, &tmp[1]);
+    MPI_ECP_MOV(&R->Z, &tmp[3]);
 
 cleanup:
 
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */
 }
 
@@ -1574,21 +1590,22 @@
  *
  * Cost: 1A := 8M + 3S
  */
-static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                          const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
-                          mbedtls_mpi tmp[4] )
+static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                         const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
+                         mbedtls_mpi tmp[4])
 {
 #if defined(MBEDTLS_SELF_TEST)
     add_count++;
 #endif
 
 #if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_add_mixed(grp, R, P, Q);
+    }
 #endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -1599,68 +1616,68 @@
     mbedtls_mpi * const Y = &R->Y;
     mbedtls_mpi * const Z = &R->Z;
 
-    if( !MPI_ECP_VALID( &Q->Z ) )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (!MPI_ECP_VALID(&Q->Z)) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * Trivial cases: P == 0 or Q == 0 (case 1)
      */
-    if( MPI_ECP_CMP_INT( &P->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, Q ) );
+    if (MPI_ECP_CMP_INT(&P->Z, 0) == 0) {
+        return mbedtls_ecp_copy(R, Q);
+    }
 
-    if( MPI_ECP_CMP_INT( &Q->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, P ) );
+    if (MPI_ECP_CMP_INT(&Q->Z, 0) == 0) {
+        return mbedtls_ecp_copy(R, P);
+    }
 
     /*
      * Make sure Q coordinates are normalized
      */
-    if( MPI_ECP_CMP_INT( &Q->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (MPI_ECP_CMP_INT(&Q->Z, 1) != 0) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    MPI_ECP_SQR( &tmp[0], &P->Z         );
-    MPI_ECP_MUL( &tmp[1], &tmp[0], &P->Z );
-    MPI_ECP_MUL( &tmp[0], &tmp[0], &Q->X );
-    MPI_ECP_MUL( &tmp[1], &tmp[1], &Q->Y );
-    MPI_ECP_SUB( &tmp[0], &tmp[0], &P->X );
-    MPI_ECP_SUB( &tmp[1], &tmp[1], &P->Y );
+    MPI_ECP_SQR(&tmp[0], &P->Z);
+    MPI_ECP_MUL(&tmp[1], &tmp[0], &P->Z);
+    MPI_ECP_MUL(&tmp[0], &tmp[0], &Q->X);
+    MPI_ECP_MUL(&tmp[1], &tmp[1], &Q->Y);
+    MPI_ECP_SUB(&tmp[0], &tmp[0], &P->X);
+    MPI_ECP_SUB(&tmp[1], &tmp[1], &P->Y);
 
     /* Special cases (2) and (3) */
-    if( MPI_ECP_CMP_INT( &tmp[0], 0 ) == 0 )
-    {
-        if( MPI_ECP_CMP_INT( &tmp[1], 0 ) == 0 )
-        {
-            ret = ecp_double_jac( grp, R, P, tmp );
+    if (MPI_ECP_CMP_INT(&tmp[0], 0) == 0) {
+        if (MPI_ECP_CMP_INT(&tmp[1], 0) == 0) {
+            ret = ecp_double_jac(grp, R, P, tmp);
             goto cleanup;
-        }
-        else
-        {
-            ret = mbedtls_ecp_set_zero( R );
+        } else {
+            ret = mbedtls_ecp_set_zero(R);
             goto cleanup;
         }
     }
 
     /* {P,Q}->Z no longer used, so OK to write to Z even if there's aliasing. */
-    MPI_ECP_MUL( Z,        &P->Z,    &tmp[0] );
-    MPI_ECP_SQR( &tmp[2],  &tmp[0]           );
-    MPI_ECP_MUL( &tmp[3],  &tmp[2],  &tmp[0] );
-    MPI_ECP_MUL( &tmp[2],  &tmp[2],  &P->X   );
+    MPI_ECP_MUL(Z,        &P->Z,    &tmp[0]);
+    MPI_ECP_SQR(&tmp[2],  &tmp[0]);
+    MPI_ECP_MUL(&tmp[3],  &tmp[2],  &tmp[0]);
+    MPI_ECP_MUL(&tmp[2],  &tmp[2],  &P->X);
 
-    MPI_ECP_MOV( &tmp[0], &tmp[2] );
-    MPI_ECP_SHIFT_L( &tmp[0], 1 );
+    MPI_ECP_MOV(&tmp[0], &tmp[2]);
+    MPI_ECP_SHIFT_L(&tmp[0], 1);
 
     /* {P,Q}->X no longer used, so OK to write to X even if there's aliasing. */
-    MPI_ECP_SQR( X,        &tmp[1]           );
-    MPI_ECP_SUB( X,        X,        &tmp[0] );
-    MPI_ECP_SUB( X,        X,        &tmp[3] );
-    MPI_ECP_SUB( &tmp[2],  &tmp[2],  X       );
-    MPI_ECP_MUL( &tmp[2],  &tmp[2],  &tmp[1] );
-    MPI_ECP_MUL( &tmp[3],  &tmp[3],  &P->Y   );
+    MPI_ECP_SQR(X,        &tmp[1]);
+    MPI_ECP_SUB(X,        X,        &tmp[0]);
+    MPI_ECP_SUB(X,        X,        &tmp[3]);
+    MPI_ECP_SUB(&tmp[2],  &tmp[2],  X);
+    MPI_ECP_MUL(&tmp[2],  &tmp[2],  &tmp[1]);
+    MPI_ECP_MUL(&tmp[3],  &tmp[3],  &P->Y);
     /* {P,Q}->Y no longer used, so OK to write to Y even if there's aliasing. */
-    MPI_ECP_SUB( Y,     &tmp[2],     &tmp[3] );
+    MPI_ECP_SUB(Y,     &tmp[2],     &tmp[3]);
 
 cleanup:
 
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */
 }
 
@@ -1671,44 +1688,46 @@
  *
  * This countermeasure was first suggested in [2].
  */
-static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng);
+    }
 #endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi l;
 
-    mbedtls_mpi_init( &l );
+    mbedtls_mpi_init(&l);
 
     /* Generate l such that 1 < l < p */
-    MPI_ECP_RAND( &l );
+    MPI_ECP_RAND(&l);
 
     /* Z' = l * Z */
-    MPI_ECP_MUL( &pt->Z,   &pt->Z,     &l );
+    MPI_ECP_MUL(&pt->Z,   &pt->Z,     &l);
 
     /* Y' = l * Y */
-    MPI_ECP_MUL( &pt->Y,   &pt->Y,     &l );
+    MPI_ECP_MUL(&pt->Y,   &pt->Y,     &l);
 
     /* X' = l^2 * X */
-    MPI_ECP_SQR( &l,       &l             );
-    MPI_ECP_MUL( &pt->X,   &pt->X,     &l );
+    MPI_ECP_SQR(&l,       &l);
+    MPI_ECP_MUL(&pt->X,   &pt->X,     &l);
 
     /* Y'' = l^2 * Y' = l^3 * Y */
-    MPI_ECP_MUL( &pt->Y,   &pt->Y,     &l );
+    MPI_ECP_MUL(&pt->Y,   &pt->Y,     &l);
 
 cleanup:
-    mbedtls_mpi_free( &l );
+    mbedtls_mpi_free(&l);
 
-    if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+    if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
         ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-    return( ret );
+    }
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */
 }
 
@@ -1720,10 +1739,10 @@
 #endif
 
 /* d = ceil( n / w ) */
-#define COMB_MAX_D      ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2
+#define COMB_MAX_D      (MBEDTLS_ECP_MAX_BITS + 1) / 2
 
 /* number of precomputed points */
-#define COMB_MAX_PRE    ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+#define COMB_MAX_PRE    (1 << (MBEDTLS_ECP_WINDOW_SIZE - 1))
 
 /*
  * Compute the representation of m that will be used with our comb method.
@@ -1772,32 +1791,33 @@
  * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
  *   (the result will be incorrect if these assumptions are not satisfied)
  */
-static void ecp_comb_recode_core( unsigned char x[], size_t d,
-                                  unsigned char w, const mbedtls_mpi *m )
+static void ecp_comb_recode_core(unsigned char x[], size_t d,
+                                 unsigned char w, const mbedtls_mpi *m)
 {
     size_t i, j;
     unsigned char c, cc, adjust;
 
-    memset( x, 0, d+1 );
+    memset(x, 0, d+1);
 
     /* First get the classical comb values (except for x_d = 0) */
-    for( i = 0; i < d; i++ )
-        for( j = 0; j < w; j++ )
-            x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j;
+    for (i = 0; i < d; i++) {
+        for (j = 0; j < w; j++) {
+            x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j;
+        }
+    }
 
     /* Now make sure x_1 .. x_d are odd */
     c = 0;
-    for( i = 1; i <= d; i++ )
-    {
+    for (i = 1; i <= d; i++) {
         /* Add carry and update it */
         cc   = x[i] & c;
         x[i] = x[i] ^ c;
         c = cc;
 
         /* Adjust if needed, avoiding branches */
-        adjust = 1 - ( x[i] & 0x01 );
-        c   |= x[i] & ( x[i-1] * adjust );
-        x[i] = x[i] ^ ( x[i-1] * adjust );
+        adjust = 1 - (x[i] & 0x01);
+        c   |= x[i] & (x[i-1] * adjust);
+        x[i] = x[i] ^ (x[i-1] * adjust);
         x[i-1] |= adjust << 7;
     }
 }
@@ -1836,40 +1856,42 @@
  * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order
  * to minimize maximum blocking time.
  */
-static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
-                                unsigned char w, size_t d,
-                                mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_precompute_comb(const mbedtls_ecp_group *grp,
+                               mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
+                               unsigned char w, size_t d,
+                               mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
     size_t j = 0;
-    const unsigned char T_size = 1U << ( w - 1 );
-    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1] = {NULL};
+    const unsigned char T_size = 1U << (w - 1);
+    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1] = { NULL };
 
     mbedtls_mpi tmp[4];
 
-    mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
-        if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
+        if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) {
             goto dbl;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
+        }
+        if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) {
             goto norm_dbl;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_add )
+        }
+        if (rs_ctx->rsm->state == ecp_rsm_pre_add) {
             goto add;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
+        }
+        if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) {
             goto norm_add;
+        }
     }
 #else
     (void) rs_ctx;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         rs_ctx->rsm->state = ecp_rsm_pre_dbl;
 
         /* initial state for the loop */
@@ -1882,31 +1904,32 @@
      * Set T[0] = P and
      * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
      */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) {
         j = rs_ctx->rsm->i;
-    else
+    } else
 #endif
-        j = 0;
+    j = 0;
 
-    for( ; j < d * ( w - 1 ); j++ )
-    {
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL );
+    for (; j < d * (w - 1); j++) {
+        MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL);
 
-        i = 1U << ( j / d );
+        i = 1U << (j / d);
         cur = T + i;
 
-        if( j % d == 0 )
-            MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
+        if (j % d == 0) {
+            MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1)));
+        }
 
-        MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur, tmp ) );
+        MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp));
     }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl;
+    }
 
 norm_dbl:
 #endif
@@ -1918,16 +1941,18 @@
      *
      */
     j = 0;
-    for( i = 1; i < T_size; i <<= 1 )
+    for (i = 1; i < T_size; i <<= 1) {
         TT[j++] = T + i;
+    }
 
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+    MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2);
 
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+    MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         rs_ctx->rsm->state = ecp_rsm_pre_add;
+    }
 
 add:
 #endif
@@ -1935,18 +1960,19 @@
      * Compute the remaining ones using the minimal number of additions
      * Be careful to update T[2^l] only after using it!
      */
-    MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD );
+    MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD);
 
-    for( i = 1; i < T_size; i <<= 1 )
-    {
+    for (i = 1; i < T_size; i <<= 1) {
         j = i;
-        while( j-- )
-            MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i], tmp ) );
+        while (j--) {
+            MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp));
+        }
     }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         rs_ctx->rsm->state = ecp_rsm_pre_norm_add;
+    }
 
 norm_add:
 #endif
@@ -1955,35 +1981,37 @@
      * still need the auxiliary array for homogeneity with the previous
      * call. Also, skip T[0] which is already normalised, being a copy of P.
      */
-    for( j = 0; j + 1 < T_size; j++ )
+    for (j = 0; j + 1 < T_size; j++) {
         TT[j] = T + j + 1;
+    }
 
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
+    MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2);
 
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
+    MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
 
     /* Free Z coordinate (=1 after normalization) to save RAM.
      * This makes T[i] invalid as mbedtls_ecp_points, but this is OK
      * since from this point onwards, they are only accessed indirectly
      * via the getter function ecp_select_comb() which does set the
      * target's Z coordinate to 1. */
-    for( i = 0; i < T_size; i++ )
-        mbedtls_mpi_free( &T[i].Z );
+    for (i = 0; i < T_size; i++) {
+        mbedtls_mpi_free(&T[i].Z);
+    }
 
 cleanup:
 
-    mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-    {
-        if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+        ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
+        if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) {
             rs_ctx->rsm->i = j;
+        }
     }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -1991,30 +2019,29 @@
  *
  * See ecp_comb_recode_core() for background
  */
-static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                            const mbedtls_ecp_point T[], unsigned char T_size,
-                            unsigned char i )
+static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                           const mbedtls_ecp_point T[], unsigned char T_size,
+                           unsigned char i)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char ii, j;
 
     /* Ignore the "sign" bit and scale down */
-    ii =  ( i & 0x7Fu ) >> 1;
+    ii =  (i & 0x7Fu) >> 1;
 
     /* Read the whole table to thwart cache-based timing attacks */
-    for( j = 0; j < T_size; j++ )
-    {
-        MPI_ECP_COND_ASSIGN( &R->X, &T[j].X, j == ii );
-        MPI_ECP_COND_ASSIGN( &R->Y, &T[j].Y, j == ii );
+    for (j = 0; j < T_size; j++) {
+        MPI_ECP_COND_ASSIGN(&R->X, &T[j].X, j == ii);
+        MPI_ECP_COND_ASSIGN(&R->Y, &T[j].Y, j == ii);
     }
 
     /* Safely invert result if i is "negative" */
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
+    MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7));
 
-    MPI_ECP_LSET( &R->Z, 1 );
+    MPI_ECP_LSET(&R->Z, 1);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2023,74 +2050,70 @@
  *
  * Cost: d A + d D + 1 R
  */
-static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                              const mbedtls_ecp_point T[], unsigned char T_size,
-                              const unsigned char x[], size_t d,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng,
-                              mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                             const mbedtls_ecp_point T[], unsigned char T_size,
+                             const unsigned char x[], size_t d,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng,
+                             mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point Txi;
     mbedtls_mpi tmp[4];
     size_t i;
 
-    mbedtls_ecp_point_init( &Txi );
-    mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mbedtls_ecp_point_init(&Txi);
+    mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
 #if !defined(MBEDTLS_ECP_RESTARTABLE)
     (void) rs_ctx;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        rs_ctx->rsm->state != ecp_rsm_comb_core )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+        rs_ctx->rsm->state != ecp_rsm_comb_core) {
         rs_ctx->rsm->i = 0;
         rs_ctx->rsm->state = ecp_rsm_comb_core;
     }
 
     /* new 'if' instead of nested for the sake of the 'else' branch */
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) {
         /* restore current index (R already pointing to rs_ctx->rsm->R) */
         i = rs_ctx->rsm->i;
-    }
-    else
+    } else
 #endif
     {
         /* Start with a non-zero point and randomize its coordinates */
         i = d;
-        MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
-        if( f_rng != 0 )
-            MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i]));
+        if (f_rng != 0) {
+            MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng));
+        }
     }
 
-    while( i != 0 )
-    {
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD );
+    while (i != 0) {
+        MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD);
         --i;
 
-        MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R, tmp ) );
-        MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) );
-        MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi, tmp ) );
+        MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp));
+        MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i]));
+        MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp));
     }
 
 cleanup:
 
-    mbedtls_ecp_point_free( &Txi );
-    mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mbedtls_ecp_point_free(&Txi);
+    mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL &&
+        ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
         rs_ctx->rsm->i = i;
         /* no need to save R, already pointing to rs_ctx->rsm->R */
     }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2105,39 +2128,40 @@
  *
  * See ecp_comb_recode_core() for background.
  */
-static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
-                                   const mbedtls_mpi *m,
-                                   unsigned char k[COMB_MAX_D + 1],
-                                   size_t d,
-                                   unsigned char w,
-                                   unsigned char *parity_trick )
+static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp,
+                                  const mbedtls_mpi *m,
+                                  unsigned char k[COMB_MAX_D + 1],
+                                  size_t d,
+                                  unsigned char w,
+                                  unsigned char *parity_trick)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi M, mm;
 
-    mbedtls_mpi_init( &M );
-    mbedtls_mpi_init( &mm );
+    mbedtls_mpi_init(&M);
+    mbedtls_mpi_init(&mm);
 
     /* N is always odd (see above), just make extra sure */
-    if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* do we need the parity trick? */
-    *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 );
+    *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0);
 
     /* execute parity fix in constant time */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick));
 
     /* actual scalar recoding */
-    ecp_comb_recode_core( k, d, w, &M );
+    ecp_comb_recode_core(k, d, w, &M);
 
 cleanup:
-    mbedtls_mpi_free( &mm );
-    mbedtls_mpi_free( &M );
+    mbedtls_mpi_free(&mm);
+    mbedtls_mpi_free(&M);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2147,16 +2171,16 @@
  * Scalar recoding may use a parity trick that makes us compute -m * P,
  * if that is the case we'll need to recover m * P at the end.
  */
-static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *R,
-                                const mbedtls_mpi *m,
-                                const mbedtls_ecp_point *T,
-                                unsigned char T_size,
-                                unsigned char w,
-                                size_t d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng,
-                                mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp,
+                                      mbedtls_ecp_point *R,
+                                      const mbedtls_mpi *m,
+                                      const mbedtls_ecp_point *T,
+                                      unsigned char T_size,
+                                      unsigned char w,
+                                      size_t d,
+                                      int (*f_rng)(void *, unsigned char *, size_t),
+                                      void *p_rng,
+                                      mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char parity_trick;
@@ -2164,27 +2188,28 @@
     mbedtls_ecp_point *RR = R;
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         RR = &rs_ctx->rsm->R;
 
-        if( rs_ctx->rsm->state == ecp_rsm_final_norm )
+        if (rs_ctx->rsm->state == ecp_rsm_final_norm) {
             goto final_norm;
+        }
     }
 #endif
 
-    MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w,
-                                            &parity_trick ) );
-    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d,
-                                        f_rng, p_rng, rs_ctx ) );
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
+    MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w,
+                                           &parity_trick));
+    MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d,
+                                      f_rng, p_rng, rs_ctx));
+    MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
         rs_ctx->rsm->state = ecp_rsm_final_norm;
+    }
 
 final_norm:
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
+    MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV);
 #endif
     /*
      * Knowledge of the jacobian coordinates may leak the last few bits of the
@@ -2197,25 +2222,27 @@
      *
      * Avoid the leak by randomizing coordinates before we normalize them.
      */
-    if( f_rng != 0 )
-        MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
+    if (f_rng != 0) {
+        MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng));
+    }
 
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
+    MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) );
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR));
+    }
 #endif
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Pick window size based on curve size and whether we optimize for base point
  */
-static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
-                                           unsigned char p_eq_g )
+static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp,
+                                          unsigned char p_eq_g)
 {
     unsigned char w;
 
@@ -2231,8 +2258,9 @@
      * Just adding one avoids upping the cost of the first mul too much,
      * and the memory cost too.
      */
-    if( p_eq_g )
+    if (p_eq_g) {
         w++;
+    }
 
     /*
      * If static comb table may not be used (!p_eq_g) or static comb table does
@@ -2243,14 +2271,16 @@
      * static comb table, because the size of static comb table is fixed when
      * it is generated.
      */
-#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
-    if( (!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE )
+#if (MBEDTLS_ECP_WINDOW_SIZE < 6)
+    if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) {
         w = MBEDTLS_ECP_WINDOW_SIZE;
+    }
 #endif
-    if( w >= grp->nbits )
+    if (w >= grp->nbits) {
         w = 2;
+    }
 
-    return( w );
+    return w;
 }
 
 /*
@@ -2266,11 +2296,11 @@
  *
  * See comments on ecp_comb_recode_core() regarding the computation strategy.
  */
-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                         const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng,
+                        mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char w, p_eq_g, i;
@@ -2278,33 +2308,30 @@
     unsigned char T_size = 0, T_ok = 0;
     mbedtls_ecp_point *T = NULL;
 
-    ECP_RS_ENTER( rsm );
+    ECP_RS_ENTER(rsm);
 
     /* Is P the base point ? */
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
-    p_eq_g = ( MPI_ECP_CMP( &P->Y, &grp->G.Y ) == 0 &&
-               MPI_ECP_CMP( &P->X, &grp->G.X ) == 0 );
+    p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 &&
+              MPI_ECP_CMP(&P->X, &grp->G.X) == 0);
 #else
     p_eq_g = 0;
 #endif
 
     /* Pick window size and deduce related sizes */
-    w = ecp_pick_window_size( grp, p_eq_g );
-    T_size = 1U << ( w - 1 );
-    d = ( grp->nbits + w - 1 ) / w;
+    w = ecp_pick_window_size(grp, p_eq_g);
+    T_size = 1U << (w - 1);
+    d = (grp->nbits + w - 1) / w;
 
     /* Pre-computed table: do we have it already for the base point? */
-    if( p_eq_g && grp->T != NULL )
-    {
+    if (p_eq_g && grp->T != NULL) {
         /* second pointer to the same table, will be deleted on exit */
         T = grp->T;
         T_ok = 1;
-    }
-    else
+    } else
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     /* Pre-computed table: do we have one in progress? complete? */
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) {
         /* transfer ownership of T from rsm to local function */
         T = rs_ctx->rsm->T;
         rs_ctx->rsm->T = NULL;
@@ -2312,31 +2339,28 @@
 
         /* This effectively jumps to the call to mul_comb_after_precomp() */
         T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core;
-    }
-    else
+    } else
 #endif
     /* Allocate table if we didn't have any */
     {
-        T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) );
-        if( T == NULL )
-        {
+        T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point));
+        if (T == NULL) {
             ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
             goto cleanup;
         }
 
-        for( i = 0; i < T_size; i++ )
-            mbedtls_ecp_point_init( &T[i] );
+        for (i = 0; i < T_size; i++) {
+            mbedtls_ecp_point_init(&T[i]);
+        }
 
         T_ok = 0;
     }
 
     /* Compute table (or finish computing it) if not done already */
-    if( !T_ok )
-    {
-        MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) );
+    if (!T_ok) {
+        MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx));
 
-        if( p_eq_g )
-        {
+        if (p_eq_g) {
             /* almost transfer ownership of T to the group, but keep a copy of
              * the pointer to use for calling the next function more easily */
             grp->T = T;
@@ -2345,20 +2369,20 @@
     }
 
     /* Actual comb multiplication using precomputed points */
-    MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m,
-                                                 T, T_size, w, d,
-                                                 f_rng, p_rng, rs_ctx ) );
+    MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m,
+                                               T, T_size, w, d,
+                                               f_rng, p_rng, rs_ctx));
 
 cleanup:
 
     /* does T belong to the group? */
-    if( T == grp->T )
+    if (T == grp->T) {
         T = NULL;
+    }
 
     /* does T belong to the restart context? */
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) {
         /* transfer ownership of T from local function to rsm */
         rs_ctx->rsm->T_size = T_size;
         rs_ctx->rsm->T = T;
@@ -2367,26 +2391,28 @@
 #endif
 
     /* did T belong to us? then let's destroy it! */
-    if( T != NULL )
-    {
-        for( i = 0; i < T_size; i++ )
-            mbedtls_ecp_point_free( &T[i] );
-        mbedtls_free( T );
+    if (T != NULL) {
+        for (i = 0; i < T_size; i++) {
+            mbedtls_ecp_point_free(&T[i]);
+        }
+        mbedtls_free(T);
     }
 
     /* prevent caller from using invalid value */
-    int should_free_R = ( ret != 0 );
+    int should_free_R = (ret != 0);
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     /* don't free R while in progress in case R == P */
-    if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+    if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
         should_free_R = 0;
+    }
 #endif
-    if( should_free_R )
-        mbedtls_ecp_point_free( R );
+    if (should_free_R) {
+        mbedtls_ecp_point_free(R);
+    }
 
-    ECP_RS_LEAVE( rsm );
+    ECP_RS_LEAVE(rsm);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -2404,23 +2430,24 @@
  * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1
  * Cost: 1M + 1I
  */
-static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
+static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P)
 {
 #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_mxz( grp, P ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_normalize_mxz(grp, P);
+    }
 #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_ECP_INV( &P->Z, &P->Z );
-    MPI_ECP_MUL( &P->X, &P->X, &P->Z );
-    MPI_ECP_LSET( &P->Z, 1 );
+    MPI_ECP_INV(&P->Z, &P->Z);
+    MPI_ECP_MUL(&P->X, &P->X, &P->Z);
+    MPI_ECP_LSET(&P->Z, 1);
 
 cleanup:
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */
 }
 
@@ -2432,33 +2459,35 @@
  * This countermeasure was first suggested in [2].
  * Cost: 2M
  */
-static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
 #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng);
+    }
 #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi l;
-    mbedtls_mpi_init( &l );
+    mbedtls_mpi_init(&l);
 
     /* Generate l such that 1 < l < p */
-    MPI_ECP_RAND( &l );
+    MPI_ECP_RAND(&l);
 
-    MPI_ECP_MUL( &P->X, &P->X, &l );
-    MPI_ECP_MUL( &P->Z, &P->Z, &l );
+    MPI_ECP_MUL(&P->X, &P->X, &l);
+    MPI_ECP_MUL(&P->Z, &P->Z, &l);
 
 cleanup:
-    mbedtls_mpi_free( &l );
+    mbedtls_mpi_free(&l);
 
-    if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+    if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
         ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-    return( ret );
+    }
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */
 }
 
@@ -2477,44 +2506,45 @@
  *
  * Cost: 5M + 4S
  */
-static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-                               mbedtls_ecp_point *R, mbedtls_ecp_point *S,
-                               const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
-                               const mbedtls_mpi *d,
-                               mbedtls_mpi T[4] )
+static int ecp_double_add_mxz(const mbedtls_ecp_group *grp,
+                              mbedtls_ecp_point *R, mbedtls_ecp_point *S,
+                              const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
+                              const mbedtls_mpi *d,
+                              mbedtls_mpi T[4])
 {
 #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) );
+    if (mbedtls_internal_ecp_grp_capable(grp)) {
+        return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d);
+    }
 #endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MPI_ECP_ADD( &T[0], &P->X,   &P->Z ); /* Pp := PX + PZ                    */
-    MPI_ECP_SUB( &T[1], &P->X,   &P->Z ); /* Pm := PX - PZ                    */
-    MPI_ECP_ADD( &T[2], &Q->X,   &Q->Z ); /* Qp := QX + XZ                    */
-    MPI_ECP_SUB( &T[3], &Q->X,   &Q->Z ); /* Qm := QX - QZ                    */
-    MPI_ECP_MUL( &T[3], &T[3],   &T[0] ); /* Qm * Pp                          */
-    MPI_ECP_MUL( &T[2], &T[2],   &T[1] ); /* Qp * Pm                          */
-    MPI_ECP_SQR( &T[0], &T[0]          ); /* Pp^2                             */
-    MPI_ECP_SQR( &T[1], &T[1]          ); /* Pm^2                             */
-    MPI_ECP_MUL( &R->X, &T[0],   &T[1] ); /* Pp^2 * Pm^2                      */
-    MPI_ECP_SUB( &T[0], &T[0],   &T[1] ); /* Pp^2 - Pm^2                      */
-    MPI_ECP_MUL( &R->Z, &grp->A, &T[0] ); /* A * (Pp^2 - Pm^2)                */
-    MPI_ECP_ADD( &R->Z, &T[1],   &R->Z ); /* [ A * (Pp^2-Pm^2) ] + Pm^2       */
-    MPI_ECP_ADD( &S->X, &T[3],   &T[2] ); /* Qm*Pp + Qp*Pm                    */
-    MPI_ECP_SQR( &S->X, &S->X          ); /* (Qm*Pp + Qp*Pm)^2                */
-    MPI_ECP_SUB( &S->Z, &T[3],   &T[2] ); /* Qm*Pp - Qp*Pm                    */
-    MPI_ECP_SQR( &S->Z, &S->Z          ); /* (Qm*Pp - Qp*Pm)^2                */
-    MPI_ECP_MUL( &S->Z, d,       &S->Z ); /* d * ( Qm*Pp - Qp*Pm )^2          */
-    MPI_ECP_MUL( &R->Z, &T[0],   &R->Z ); /* [A*(Pp^2-Pm^2)+Pm^2]*(Pp^2-Pm^2) */
+    MPI_ECP_ADD(&T[0], &P->X,   &P->Z);   /* Pp := PX + PZ                    */
+    MPI_ECP_SUB(&T[1], &P->X,   &P->Z);   /* Pm := PX - PZ                    */
+    MPI_ECP_ADD(&T[2], &Q->X,   &Q->Z);   /* Qp := QX + XZ                    */
+    MPI_ECP_SUB(&T[3], &Q->X,   &Q->Z);   /* Qm := QX - QZ                    */
+    MPI_ECP_MUL(&T[3], &T[3],   &T[0]);   /* Qm * Pp                          */
+    MPI_ECP_MUL(&T[2], &T[2],   &T[1]);   /* Qp * Pm                          */
+    MPI_ECP_SQR(&T[0], &T[0]);            /* Pp^2                             */
+    MPI_ECP_SQR(&T[1], &T[1]);            /* Pm^2                             */
+    MPI_ECP_MUL(&R->X, &T[0],   &T[1]);   /* Pp^2 * Pm^2                      */
+    MPI_ECP_SUB(&T[0], &T[0],   &T[1]);   /* Pp^2 - Pm^2                      */
+    MPI_ECP_MUL(&R->Z, &grp->A, &T[0]);   /* A * (Pp^2 - Pm^2)                */
+    MPI_ECP_ADD(&R->Z, &T[1],   &R->Z);   /* [ A * (Pp^2-Pm^2) ] + Pm^2       */
+    MPI_ECP_ADD(&S->X, &T[3],   &T[2]);   /* Qm*Pp + Qp*Pm                    */
+    MPI_ECP_SQR(&S->X, &S->X);            /* (Qm*Pp + Qp*Pm)^2                */
+    MPI_ECP_SUB(&S->Z, &T[3],   &T[2]);   /* Qm*Pp - Qp*Pm                    */
+    MPI_ECP_SQR(&S->Z, &S->Z);            /* (Qm*Pp - Qp*Pm)^2                */
+    MPI_ECP_MUL(&S->Z, d,       &S->Z);   /* d * ( Qm*Pp - Qp*Pm )^2          */
+    MPI_ECP_MUL(&R->Z, &T[0],   &R->Z);   /* [A*(Pp^2-Pm^2)+Pm^2]*(Pp^2-Pm^2) */
 
 cleanup:
 
-    return( ret );
+    return ret;
 #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */
 }
 
@@ -2522,10 +2552,10 @@
  * Multiplication with Montgomery ladder in x/z coordinates,
  * for curves in Montgomery form
  */
-static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng )
+static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                       const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
@@ -2533,33 +2563,33 @@
     mbedtls_ecp_point RP;
     mbedtls_mpi PX;
     mbedtls_mpi tmp[4];
-    mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+    mbedtls_ecp_point_init(&RP); mbedtls_mpi_init(&PX);
 
-    mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* Save PX and read from P before writing to R, in case P == R */
-    MPI_ECP_MOV( &PX, &P->X );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
+    MPI_ECP_MOV(&PX, &P->X);
+    MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P));
 
     /* Set R to zero in modified x/z coordinates */
-    MPI_ECP_LSET( &R->X, 1 );
-    MPI_ECP_LSET( &R->Z, 0 );
-    mbedtls_mpi_free( &R->Y );
+    MPI_ECP_LSET(&R->X, 1);
+    MPI_ECP_LSET(&R->Z, 0);
+    mbedtls_mpi_free(&R->Y);
 
     /* RP.X might be slightly larger than P, so reduce it */
-    MOD_ADD( &RP.X );
+    MOD_ADD(&RP.X);
 
     /* Randomize coordinates of the starting point */
-    MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng));
 
     /* Loop invariant: R = result so far, RP = R + P */
     i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
-    while( i-- > 0 )
-    {
-        b = mbedtls_mpi_get_bit( m, i );
+    while (i-- > 0) {
+        b = mbedtls_mpi_get_bit(m, i);
         /*
          *  if (b) R = 2R + P else R = 2R,
          * which is:
@@ -2567,11 +2597,11 @@
          *  else   double_add( R, RP, R, RP )
          * but using safe conditional swaps to avoid leaks
          */
-        MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
-        MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
-        MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX, tmp ) );
-        MPI_ECP_COND_SWAP( &R->X, &RP.X, b );
-        MPI_ECP_COND_SWAP( &R->Z, &RP.Z, b );
+        MPI_ECP_COND_SWAP(&R->X, &RP.X, b);
+        MPI_ECP_COND_SWAP(&R->Z, &RP.Z, b);
+        MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp));
+        MPI_ECP_COND_SWAP(&R->X, &RP.X, b);
+        MPI_ECP_COND_SWAP(&R->Z, &RP.Z, b);
     }
 
     /*
@@ -2585,14 +2615,14 @@
      *
      * Avoid the leak by randomizing coordinates before we normalize them.
      */
-    MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
+    MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R));
 
 cleanup:
-    mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
+    mbedtls_ecp_point_free(&RP); mbedtls_mpi_free(&PX);
 
-    mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
-    return( ret );
+    mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
+    return ret;
 }
 
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
@@ -2603,10 +2633,10 @@
  * This internal function can be called without an RNG in case where we know
  * the inputs are not sensitive.
  */
-static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_ecp_restart_ctx *rs_ctx )
+static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                                        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                                        mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
@@ -2615,79 +2645,85 @@
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     /* reset ops count for this call if top-level */
-    if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
+    if (rs_ctx != NULL && rs_ctx->depth++ == 0) {
         rs_ctx->ops_done = 0;
+    }
 #else
     (void) rs_ctx;
 #endif
 
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+    if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
+        MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
+    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
     int restarting = 0;
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
+    restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
 #endif
     /* skip argument check when restarting */
-    if( !restarting )
-    {
+    if (!restarting) {
         /* check_privkey is free */
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
+        MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK);
 
         /* Common sanity checks */
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m));
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
     }
 
     ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng));
+    }
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx));
+    }
 #endif
 
 cleanup:
 
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( is_grp_capable )
-        mbedtls_internal_ecp_free( grp );
+    if (is_grp_capable) {
+        mbedtls_internal_ecp_free(grp);
+    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL )
+    if (rs_ctx != NULL) {
         rs_ctx->depth--;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Restartable multiplication R = m * P
  */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_ecp_restart_ctx *rs_ctx )
+int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                                const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                                mbedtls_ecp_restart_ctx *rs_ctx)
 {
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    return( ecp_mul_restartable_internal( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
+    return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx);
 }
 
 /*
  * Multiplication R = m * P
  */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                    const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
+    return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL);
 }
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
@@ -2695,35 +2731,37 @@
  * Check that an affine point is valid as a public key,
  * short weierstrass curves (SEC1 3.2.3.1)
  */
-static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi YY, RHS;
 
     /* pt coordinates must be normalized for our checks */
-    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
-        mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+    if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 ||
+        mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 ||
+        mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 ||
+        mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) {
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
-    mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS );
+    mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS);
 
     /*
      * YY = Y^2
      * RHS = X^3 + A X + B
      */
-    MPI_ECP_SQR( &YY,  &pt->Y );
-    MBEDTLS_MPI_CHK( ecp_sw_rhs( grp, &RHS, &pt->X ) );
+    MPI_ECP_SQR(&YY,  &pt->Y);
+    MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X));
 
-    if( MPI_ECP_CMP( &YY, &RHS ) != 0 )
+    if (MPI_ECP_CMP(&YY, &RHS) != 0) {
         ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
 cleanup:
 
-    mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS );
+    mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
@@ -2732,42 +2770,35 @@
  * R = m * P with shortcuts for m == 0, m == 1 and m == -1
  * NOT constant-time - ONLY for short Weierstrass!
  */
-static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
-                                      mbedtls_ecp_point *R,
-                                      const mbedtls_mpi *m,
-                                      const mbedtls_ecp_point *P,
-                                      mbedtls_ecp_restart_ctx *rs_ctx )
+static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp,
+                                     mbedtls_ecp_point *R,
+                                     const mbedtls_mpi *m,
+                                     const mbedtls_ecp_point *P,
+                                     mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi tmp;
-    mbedtls_mpi_init( &tmp );
+    mbedtls_mpi_init(&tmp);
 
-    if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
-    }
-    else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-    }
-    else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-        MPI_ECP_NEG( &R->Y );
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( ecp_mul_restartable_internal( grp, R, m, P,
-                                                       NULL, NULL, rs_ctx ) );
+    if (mbedtls_mpi_cmp_int(m, 0) == 0) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+        MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R));
+    } else if (mbedtls_mpi_cmp_int(m, 1) == 0) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+        MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P));
+    } else if (mbedtls_mpi_cmp_int(m, -1) == 0) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
+        MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P));
+        MPI_ECP_NEG(&R->Y);
+    } else {
+        MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P,
+                                                     NULL, NULL, rs_ctx));
     }
 
 cleanup:
-    mbedtls_mpi_free( &tmp );
+    mbedtls_mpi_free(&tmp);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2775,10 +2806,10 @@
  * NOT constant-time
  */
 int mbedtls_ecp_muladd_restartable(
-             mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
-             mbedtls_ecp_restart_ctx *rs_ctx )
+    mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+    const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+    const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
+    mbedtls_ecp_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point mP;
@@ -2788,98 +2819,107 @@
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
     char is_grp_capable = 0;
 #endif
-    if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+    }
 
-    mbedtls_ecp_point_init( &mP );
-    mpi_init_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mbedtls_ecp_point_init(&mP);
+    mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
-    ECP_RS_ENTER( ma );
+    ECP_RS_ENTER(ma);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->ma != NULL) {
         /* redirect intermediate results to restart context */
         pmP = &rs_ctx->ma->mP;
         pR  = &rs_ctx->ma->R;
 
         /* jump to next operation */
-        if( rs_ctx->ma->state == ecp_rsma_mul2 )
+        if (rs_ctx->ma->state == ecp_rsma_mul2) {
             goto mul2;
-        if( rs_ctx->ma->state == ecp_rsma_add )
+        }
+        if (rs_ctx->ma->state == ecp_rsma_add) {
             goto add;
-        if( rs_ctx->ma->state == ecp_rsma_norm )
+        }
+        if (rs_ctx->ma->state == ecp_rsma_norm) {
             goto norm;
+        }
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx));
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
+    if (rs_ctx != NULL && rs_ctx->ma != NULL) {
         rs_ctx->ma->state = ecp_rsma_mul2;
+    }
 
 mul2:
 #endif
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR,  n, Q, rs_ctx ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR,  n, Q, rs_ctx));
 
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+    if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
+        MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
+    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
+    if (rs_ctx != NULL && rs_ctx->ma != NULL) {
         rs_ctx->ma->state = ecp_rsma_add;
+    }
 
 add:
 #endif
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD );
-    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR, tmp ) );
+    MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD);
+    MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp));
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
+    if (rs_ctx != NULL && rs_ctx->ma != NULL) {
         rs_ctx->ma->state = ecp_rsma_norm;
+    }
 
 norm:
 #endif
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
+    MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV);
+    MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
+    if (rs_ctx != NULL && rs_ctx->ma != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR));
+    }
 #endif
 
 cleanup:
 
-    mpi_free_many( tmp, sizeof( tmp ) / sizeof( mbedtls_mpi ) );
+    mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi));
 
 #if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( is_grp_capable )
-        mbedtls_internal_ecp_free( grp );
+    if (is_grp_capable) {
+        mbedtls_internal_ecp_free(grp);
+    }
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
-    mbedtls_ecp_point_free( &mP );
+    mbedtls_ecp_point_free(&mP);
 
-    ECP_RS_LEAVE( ma );
+    ECP_RS_LEAVE(ma);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Linear combination
  * NOT constant-time
  */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
+int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                       const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                       const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
 {
-    return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
+    return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL);
 }
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) }
 #define ECP_MPI_INIT_ARRAY(x)   \
     ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
 /*
@@ -2888,21 +2928,21 @@
  * See ecp_check_pubkey_x25519().
  */
 static const mbedtls_mpi_uint x25519_bad_point_1[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00),
 };
 static const mbedtls_mpi_uint x25519_bad_point_2[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57),
 };
 static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(
-        x25519_bad_point_1 );
+    x25519_bad_point_1);
 static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
-        x25519_bad_point_2 );
+    x25519_bad_point_2);
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
 /*
@@ -2911,40 +2951,37 @@
  * https://eprint.iacr.org/2017/806.pdf
  * Those points are never sent by an honest peer.
  */
-static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P,
-                                    const mbedtls_ecp_group_id grp_id )
+static int ecp_check_bad_points_mx(const mbedtls_mpi *X, const mbedtls_mpi *P,
+                                   const mbedtls_ecp_group_id grp_id)
 {
     int ret;
     mbedtls_mpi XmP;
 
-    mbedtls_mpi_init( &XmP );
+    mbedtls_mpi_init(&XmP);
 
     /* Reduce X mod P so that we only need to check values less than P.
      * We know X < 2^256 so we can proceed by subtraction. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) );
-    while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X));
+    while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P));
+    }
 
     /* Check against the known bad values that are less than P. For Curve448
      * these are 0, 1 and -1. For Curve25519 we check the values less than P
      * from the following list: https://cr.yp.to/ecdh.html#validate */
-    if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */
-    {
+    if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) {  /* takes care of 0 and 1 */
         ret = MBEDTLS_ERR_ECP_INVALID_KEY;
         goto cleanup;
     }
 
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
-    {
-        if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 )
-        {
+    if (grp_id == MBEDTLS_ECP_DP_CURVE25519) {
+        if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) {
             ret = MBEDTLS_ERR_ECP_INVALID_KEY;
             goto cleanup;
         }
 
-        if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 )
-        {
+        if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) {
             ret = MBEDTLS_ERR_ECP_INVALID_KEY;
             goto cleanup;
         }
@@ -2954,9 +2991,8 @@
 #endif
 
     /* Final check: check if XmP + 1 is P (final because it changes XmP!) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) );
-    if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 )
-    {
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1));
+    if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) {
         ret = MBEDTLS_ERR_ECP_INVALID_KEY;
         goto cleanup;
     }
@@ -2964,96 +3000,102 @@
     ret = 0;
 
 cleanup:
-    mbedtls_mpi_free( &XmP );
+    mbedtls_mpi_free(&XmP);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Check validity of a public key for Montgomery curves with x-only schemes
  */
-static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
 {
     /* [Curve25519 p. 5] Just check X is the correct number of bytes */
     /* Allow any public value, if it's too big then we'll just reduce it mod p
      * (RFC 7748 sec. 5 para. 3). */
-    if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+    if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) {
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
     /* Implicit in all standards (as they don't consider negative numbers):
      * X must be non-negative. This is normally ensured by the way it's
      * encoded for transmission, but let's be extra sure. */
-    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+    if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) {
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
-    return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) );
+    return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id);
 }
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
 /*
  * Check that a point is valid as a public key
  */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
-                              const mbedtls_ecp_point *pt )
+int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
+                             const mbedtls_ecp_point *pt)
 {
     /* Must use affine coordinates */
-    if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+    if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) {
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return( ecp_check_pubkey_mx( grp, pt ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        return ecp_check_pubkey_mx(grp, pt);
+    }
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( ecp_check_pubkey_sw( grp, pt ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        return ecp_check_pubkey_sw(grp, pt);
+    }
 #endif
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 }
 
 /*
  * Check that an mbedtls_mpi is valid as a private key
  */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
-                               const mbedtls_mpi *d )
+int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
+                              const mbedtls_mpi *d)
 {
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
         /* see RFC 7748 sec. 5 para. 5 */
-        if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
-            mbedtls_mpi_get_bit( d, 1 ) != 0 ||
-            mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        if (mbedtls_mpi_get_bit(d, 0) != 0 ||
+            mbedtls_mpi_get_bit(d, 1) != 0 ||
+            mbedtls_mpi_bitlen(d) - 1 != grp->nbits) {  /* mbedtls_mpi_bitlen is one-based! */
+            return MBEDTLS_ERR_ECP_INVALID_KEY;
+        }
 
         /* see [Curve25519] page 5 */
-        if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) {
+            return MBEDTLS_ERR_ECP_INVALID_KEY;
+        }
 
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
         /* see SEC1 3.2 */
-        if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
-            mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-        else
-            return( 0 );
+        if (mbedtls_mpi_cmp_int(d, 1) < 0 ||
+            mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
+            return MBEDTLS_ERR_ECP_INVALID_KEY;
+        } else {
+            return 0;
+        }
     }
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 }
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
 MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
-                                mbedtls_mpi *d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng )
+int mbedtls_ecp_gen_privkey_mx(size_t high_bit,
+                               mbedtls_mpi *d,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng)
 {
     int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     size_t n_random_bytes = high_bit / 8 + 1;
@@ -3062,38 +3104,36 @@
     /* Generate a (high_bit+1)-bit random number by generating just enough
      * random bytes, then shifting out extra bits from the top (necessary
      * when (high_bit+1) is not a multiple of 8). */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes,
-                                              f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_random_bytes,
+                                            f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_random_bytes - high_bit - 1));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, high_bit, 1));
 
     /* Make sure the last two bits are unset for Curve448, three bits for
        Curve25519 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
-    if( high_bit == 254 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0));
+    if (high_bit == 254) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0));
     }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
 static int mbedtls_ecp_gen_privkey_sw(
     const mbedtls_mpi *N, mbedtls_mpi *d,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng );
-    switch( ret )
-    {
+    int ret = mbedtls_mpi_random(d, 1, N, f_rng, p_rng);
+    switch (ret) {
         case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+            return MBEDTLS_ERR_ECP_RANDOM_FAILED;
         default:
-            return( ret );
+            return ret;
     }
 }
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -3101,63 +3141,66 @@
 /*
  * Generate a private key
  */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
-                     mbedtls_mpi *d,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
+                            mbedtls_mpi *d,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng);
+    }
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) );
+    if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng);
+    }
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
 }
 
 /*
  * Generate a keypair with configurable base point
  */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
+int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
+                                 const mbedtls_ecp_point *G,
+                                 mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Generate key pair, wrapper for conventional base point
  */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
-                             mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
+int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
+                            mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
-    return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
+    return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng);
 }
 
 /*
  * Generate a keypair, prettier wrapper
  */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
+        return ret;
+    }
 
-    return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
+    return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
 }
 
 #define ECP_CURVE25519_KEY_SIZE 32
@@ -3165,118 +3208,114 @@
 /*
  * Read a private key.
  */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                          const unsigned char *buf, size_t buflen )
+int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                         const unsigned char *buf, size_t buflen)
 {
     int ret = 0;
 
-    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
+        return ret;
+    }
 
     ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
+    if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
         /*
          * Mask the key as mandated by RFC7748 for Curve25519 and Curve448.
          */
-        if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
-        {
-            if( buflen != ECP_CURVE25519_KEY_SIZE )
-                return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        if (grp_id == MBEDTLS_ECP_DP_CURVE25519) {
+            if (buflen != ECP_CURVE25519_KEY_SIZE) {
+                return MBEDTLS_ERR_ECP_INVALID_KEY;
+            }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen));
 
             /* Set the three least significant bits to 0 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0));
 
             /* Set the most significant bit to 0 */
             MBEDTLS_MPI_CHK(
-                    mbedtls_mpi_set_bit( &key->d,
-                                         ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
-                    );
+                mbedtls_mpi_set_bit(&key->d,
+                                    ECP_CURVE25519_KEY_SIZE * 8 - 1, 0)
+                );
 
             /* Set the second most significant bit to 1 */
             MBEDTLS_MPI_CHK(
-                    mbedtls_mpi_set_bit( &key->d,
-                                         ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
-                    );
-        }
-        else if( grp_id == MBEDTLS_ECP_DP_CURVE448 )
-        {
-            if( buflen != ECP_CURVE448_KEY_SIZE )
-                return( MBEDTLS_ERR_ECP_INVALID_KEY );
+                mbedtls_mpi_set_bit(&key->d,
+                                    ECP_CURVE25519_KEY_SIZE * 8 - 2, 1)
+                );
+        } else if (grp_id == MBEDTLS_ECP_DP_CURVE448) {
+            if (buflen != ECP_CURVE448_KEY_SIZE) {
+                return MBEDTLS_ERR_ECP_INVALID_KEY;
+            }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen));
 
             /* Set the two least significant bits to 0 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0));
 
             /* Set the most significant bit to 1 */
             MBEDTLS_MPI_CHK(
-                    mbedtls_mpi_set_bit( &key->d,
-                                         ECP_CURVE448_KEY_SIZE * 8 - 1, 1 )
-                    );
+                mbedtls_mpi_set_bit(&key->d,
+                                    ECP_CURVE448_KEY_SIZE * 8 - 1, 1)
+                );
         }
     }
 
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
+    if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
 
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
     }
 
 #endif
 cleanup:
 
-    if( ret != 0 )
-        mbedtls_mpi_free( &key->d );
+    if (ret != 0) {
+        mbedtls_mpi_free(&key->d);
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Write a private key.
  */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
-                           unsigned char *buf, size_t buflen )
+int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+                          unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 )
-        {
-            if( buflen < ECP_CURVE25519_KEY_SIZE )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+    if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+        if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) {
+            if (buflen < ECP_CURVE25519_KEY_SIZE) {
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            }
 
+        } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) {
+            if (buflen < ECP_CURVE448_KEY_SIZE) {
+                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            }
         }
-        else if( key->grp.id == MBEDTLS_ECP_DP_CURVE448 )
-        {
-            if( buflen < ECP_CURVE448_KEY_SIZE )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-        }
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen));
     }
 #endif
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) );
+    if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen));
     }
 
 #endif
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 
@@ -3284,43 +3323,41 @@
  * Check a public-private key pair
  */
 int mbedtls_ecp_check_pub_priv(
-        const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+    const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_point Q;
     mbedtls_ecp_group grp;
-    if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
+    if (pub->grp.id == MBEDTLS_ECP_DP_NONE ||
         pub->grp.id != prv->grp.id ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) ||
+        mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) ||
+        mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 
-    mbedtls_ecp_point_init( &Q );
-    mbedtls_ecp_group_init( &grp );
+    mbedtls_ecp_point_init(&Q);
+    mbedtls_ecp_group_init(&grp);
 
     /* mbedtls_ecp_mul() needs a non-const group... */
-    mbedtls_ecp_group_copy( &grp, &prv->grp );
+    mbedtls_ecp_group_copy(&grp, &prv->grp);
 
     /* Also checks d is valid */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng));
 
-    if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
-    {
+    if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) ||
+        mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) ||
+        mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
 cleanup:
-    mbedtls_ecp_point_free( &Q );
-    mbedtls_ecp_group_free( &grp );
+    mbedtls_ecp_point_free(&Q);
+    mbedtls_ecp_group_free(&grp);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -3331,14 +3368,17 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_ecp_group_copy( grp, &key->grp ) ) != 0 )
+    if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) {
         return ret;
+    }
 
-    if( ( ret = mbedtls_mpi_copy( d, &key->d ) ) != 0 )
+    if ((ret = mbedtls_mpi_copy(d, &key->d)) != 0) {
         return ret;
+    }
 
-    if( ( ret = mbedtls_ecp_copy( Q, &key->Q ) ) != 0 )
+    if ((ret = mbedtls_ecp_copy(Q, &key->Q)) != 0) {
         return ret;
+    }
 
     return 0;
 }
@@ -3352,44 +3392,42 @@
  * except we only use the low byte as the output. See
  * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
  */
-static int self_test_rng( void *ctx, unsigned char *out, size_t len )
+static int self_test_rng(void *ctx, unsigned char *out, size_t len)
 {
     static uint32_t state = 42;
 
     (void) ctx;
 
-    for( size_t i = 0; i < len; i++ )
-    {
+    for (size_t i = 0; i < len; i++) {
         state = state * 1664525u + 1013904223u;
         out[i] = (unsigned char) state;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Adjust the exponent to be a valid private point for the specified curve.
  * This is sometimes necessary because we use a single set of exponents
  * for all curves but the validity of values depends on the curve. */
-static int self_test_adjust_exponent( const mbedtls_ecp_group *grp,
-                                      mbedtls_mpi *m )
+static int self_test_adjust_exponent(const mbedtls_ecp_group *grp,
+                                     mbedtls_mpi *m)
 {
     int ret = 0;
-    switch( grp->id )
-    {
-        /* If Curve25519 is available, then that's what we use for the
-         * Montgomery test, so we don't need the adjustment code. */
-#if ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+    switch (grp->id) {
+    /* If Curve25519 is available, then that's what we use for the
+     * Montgomery test, so we don't need the adjustment code. */
+#if !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
         case MBEDTLS_ECP_DP_CURVE448:
             /* Move highest bit from 254 to N-1. Setting bit N-1 is
              * necessary to enforce the highest-bit-set constraint. */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, 254, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1));
             /* Copy second-highest bit from 253 to N-2. This is not
              * necessary but improves the test variety a bit. */
             MBEDTLS_MPI_CHK(
-                mbedtls_mpi_set_bit( m, grp->nbits - 1,
-                                     mbedtls_mpi_get_bit( m, 253 ) ) );
+                mbedtls_mpi_set_bit(m, grp->nbits - 1,
+                                    mbedtls_mpi_get_bit(m, 253)));
             break;
 #endif
 #endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */
@@ -3400,18 +3438,18 @@
             goto cleanup;
     }
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /* Calculate R = m.P for each m in exponents. Check that the number of
  * basic operations doesn't depend on the value of m. */
-static int self_test_point( int verbose,
-                            mbedtls_ecp_group *grp,
-                            mbedtls_ecp_point *R,
-                            mbedtls_mpi *m,
-                            const mbedtls_ecp_point *P,
-                            const char *const *exponents,
-                            size_t n_exponents )
+static int self_test_point(int verbose,
+                           mbedtls_ecp_group *grp,
+                           mbedtls_ecp_point *R,
+                           mbedtls_mpi *m,
+                           const mbedtls_ecp_point *P,
+                           const char *const *exponents,
+                           size_t n_exponents)
 {
     int ret = 0;
     size_t i = 0;
@@ -3420,12 +3458,11 @@
     dbl_count = 0;
     mul_count = 0;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) );
-    MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0]));
+    MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL));
 
-    for( i = 1; i < n_exponents; i++ )
-    {
+    for (i = 1; i < n_exponents; i++) {
         add_c_prev = add_count;
         dbl_c_prev = dbl_count;
         mul_c_prev = mul_count;
@@ -3433,34 +3470,33 @@
         dbl_count = 0;
         mul_count = 0;
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) );
-        MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i]));
+        MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
+        MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL));
 
-        if( add_count != add_c_prev ||
+        if (add_count != add_c_prev ||
             dbl_count != dbl_c_prev ||
-            mul_count != mul_c_prev )
-        {
+            mul_count != mul_c_prev) {
             ret = 1;
             break;
         }
     }
 
 cleanup:
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed (%u)\n", (unsigned int) i );
-        else
-            mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        if (ret != 0) {
+            mbedtls_printf("failed (%u)\n", (unsigned int) i);
+        } else {
+            mbedtls_printf("passed\n");
+        }
     }
-    return( ret );
+    return ret;
 }
 
 /*
  * Checkup routine
  */
-int mbedtls_ecp_self_test( int verbose )
+int mbedtls_ecp_self_test(int verbose)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group grp;
@@ -3496,77 +3532,85 @@
     };
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &R );
-    mbedtls_ecp_point_init( &P );
-    mbedtls_mpi_init( &m );
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_ecp_point_init(&R);
+    mbedtls_ecp_point_init(&P);
+    mbedtls_mpi_init(&m);
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
     /* Use secp192r1 if available, or any available curve */
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1));
 #else
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id));
 #endif
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP SW test #1 (constant op_count, base point G): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECP SW test #1 (constant op_count, base point G): ");
+    }
     /* Do a dummy multiplication first to trigger precomputation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, self_test_rng, NULL ) );
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &grp.G,
-                           sw_exponents,
-                           sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
-    if( ret != 0 )
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2));
+    MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL));
+    ret = self_test_point(verbose,
+                          &grp, &R, &m, &grp.G,
+                          sw_exponents,
+                          sizeof(sw_exponents) / sizeof(sw_exponents[0]));
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP SW test #2 (constant op_count, other point): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECP SW test #2 (constant op_count, other point): ");
+    }
     /* We computed P = 2G last time, use it */
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &P,
-                           sw_exponents,
-                           sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
-    if( ret != 0 )
+    ret = self_test_point(verbose,
+                          &grp, &R, &m, &P,
+                          sw_exponents,
+                          sizeof(sw_exponents) / sizeof(sw_exponents[0]));
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &R );
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_ecp_point_free(&R);
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP Montgomery test (constant op_count): " );
+    if (verbose != 0) {
+        mbedtls_printf("  ECP Montgomery test (constant op_count): ");
+    }
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519));
 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448));
 #else
 #error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test"
 #endif
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &grp.G,
-                           m_exponents,
-                           sizeof( m_exponents ) / sizeof( m_exponents[0] ));
-    if( ret != 0 )
+    ret = self_test_point(verbose,
+                          &grp, &R, &m, &grp.G,
+                          m_exponents,
+                          sizeof(m_exponents) / sizeof(m_exponents[0]));
+    if (ret != 0) {
         goto cleanup;
+    }
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
 cleanup:
 
-    if( ret < 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
+    if (ret < 0 && verbose != 0) {
+        mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret);
+    }
 
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &R );
-    mbedtls_ecp_point_free( &P );
-    mbedtls_mpi_free( &m );
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_ecp_point_free(&R);
+    mbedtls_ecp_point_free(&P);
+    mbedtls_mpi_free(&m);
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 5cd2828..e62dcea 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -34,20 +34,20 @@
 #if !defined(MBEDTLS_ECP_ALT)
 
 /* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
+#define ECP_VALIDATE_RET(cond)    \
+    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
+#define ECP_VALIDATE(cond)        \
+    MBEDTLS_INTERNAL_VALIDATE(cond)
 
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) }
 
 #define ECP_MPI_INIT_ARRAY(x)   \
     ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
 
 #define ECP_POINT_INIT_XY_Z0(x, y) { \
-    ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) }
+        ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) }
 #define ECP_POINT_INIT_XY_Z1(x, y) { \
-    ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) }
+        ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) }
 
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
     defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
@@ -62,7 +62,7 @@
     defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
 /* For these curves, we build the group parameters dynamically. */
 #define ECP_LOAD_GROUP
-static mbedtls_mpi_uint mpi_one[] = {1};
+static mbedtls_mpi_uint mpi_one[] = { 1 };
 #endif
 
 /*
@@ -75,190 +75,190 @@
  */
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
 static const mbedtls_mpi_uint secp192r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp192r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64),
 };
 static const mbedtls_mpi_uint secp192r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
 };
 static const mbedtls_mpi_uint secp192r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
 };
 static const mbedtls_mpi_uint secp192r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp192r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
 };
 static const mbedtls_mpi_uint secp192r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
 };
 static const mbedtls_mpi_uint secp192r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED),
 };
 static const mbedtls_mpi_uint secp192r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E),
 };
 static const mbedtls_mpi_uint secp192r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E),
 };
 static const mbedtls_mpi_uint secp192r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14),
 };
 static const mbedtls_mpi_uint secp192r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2),
 };
 static const mbedtls_mpi_uint secp192r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB),
 };
 static const mbedtls_mpi_uint secp192r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7),
 };
 static const mbedtls_mpi_uint secp192r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2),
 };
 static const mbedtls_mpi_uint secp192r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62),
 };
 static const mbedtls_mpi_uint secp192r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC),
 };
 static const mbedtls_mpi_uint secp192r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F),
 };
 static const mbedtls_mpi_uint secp192r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55),
 };
 static const mbedtls_mpi_uint secp192r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF),
 };
 static const mbedtls_mpi_uint secp192r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31),
 };
 static const mbedtls_mpi_uint secp192r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC),
 };
 static const mbedtls_mpi_uint secp192r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83),
 };
 static const mbedtls_mpi_uint secp192r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98),
 };
 static const mbedtls_mpi_uint secp192r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5),
 };
 static const mbedtls_mpi_uint secp192r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD),
 };
 static const mbedtls_mpi_uint secp192r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F),
 };
 static const mbedtls_mpi_uint secp192r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD),
 };
 static const mbedtls_mpi_uint secp192r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A),
 };
 static const mbedtls_mpi_uint secp192r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66),
 };
 static const mbedtls_mpi_uint secp192r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7),
 };
 static const mbedtls_mpi_uint secp192r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45),
 };
 static const mbedtls_mpi_uint secp192r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71),
 };
 static const mbedtls_mpi_uint secp192r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC),
 };
 static const mbedtls_mpi_uint secp192r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2),
 };
 static const mbedtls_mpi_uint secp192r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48),
 };
 static const mbedtls_mpi_uint secp192r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C),
 };
 static const mbedtls_ecp_point secp192r1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y),
@@ -288,227 +288,227 @@
  */
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
 static const mbedtls_mpi_uint secp224r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4),
 };
 static const mbedtls_mpi_uint secp224r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7),
 };
 static const mbedtls_mpi_uint secp224r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD),
 };
 static const mbedtls_mpi_uint secp224r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
 };
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp224r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_ecp_point secp224r1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y),
@@ -538,227 +538,227 @@
  */
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
 static const mbedtls_mpi_uint secp256r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp256r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A),
 };
 static const mbedtls_mpi_uint secp256r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
 };
 static const mbedtls_mpi_uint secp256r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
 };
 static const mbedtls_mpi_uint secp256r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp256r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
 };
 static const mbedtls_mpi_uint secp256r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
 };
 static const mbedtls_mpi_uint secp256r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C),
 };
 static const mbedtls_mpi_uint secp256r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4),
 };
 static const mbedtls_mpi_uint secp256r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6),
 };
 static const mbedtls_mpi_uint secp256r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20),
 };
 static const mbedtls_mpi_uint secp256r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62),
 };
 static const mbedtls_mpi_uint secp256r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7),
 };
 static const mbedtls_mpi_uint secp256r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00),
 };
 static const mbedtls_mpi_uint secp256r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03),
 };
 static const mbedtls_mpi_uint secp256r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C),
 };
 static const mbedtls_mpi_uint secp256r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3),
 };
 static const mbedtls_mpi_uint secp256r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED),
 };
 static const mbedtls_mpi_uint secp256r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3),
 };
 static const mbedtls_mpi_uint secp256r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95),
 };
 static const mbedtls_mpi_uint secp256r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68),
 };
 static const mbedtls_mpi_uint secp256r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54),
 };
 static const mbedtls_mpi_uint secp256r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6),
 };
 static const mbedtls_mpi_uint secp256r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE),
 };
 static const mbedtls_mpi_uint secp256r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4),
 };
 static const mbedtls_mpi_uint secp256r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86),
 };
 static const mbedtls_mpi_uint secp256r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16),
 };
 static const mbedtls_mpi_uint secp256r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18),
 };
 static const mbedtls_mpi_uint secp256r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C),
 };
 static const mbedtls_mpi_uint secp256r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6),
 };
 static const mbedtls_mpi_uint secp256r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF),
 };
 static const mbedtls_mpi_uint secp256r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E),
 };
 static const mbedtls_mpi_uint secp256r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44),
 };
 static const mbedtls_mpi_uint secp256r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4),
 };
 static const mbedtls_mpi_uint secp256r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7),
 };
 static const mbedtls_mpi_uint secp256r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82),
 };
 static const mbedtls_mpi_uint secp256r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43),
 };
 static const mbedtls_ecp_point secp256r1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y),
@@ -789,557 +789,557 @@
  */
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
 static const mbedtls_mpi_uint secp384r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp384r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3),
 };
 static const mbedtls_mpi_uint secp384r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
 };
 static const mbedtls_mpi_uint secp384r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
 };
 static const mbedtls_mpi_uint secp384r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp384r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
 };
 static const mbedtls_mpi_uint secp384r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
 };
 static const mbedtls_mpi_uint secp384r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD),
 };
 static const mbedtls_mpi_uint secp384r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23),
 };
 static const mbedtls_mpi_uint secp384r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE),
 };
 static const mbedtls_mpi_uint secp384r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3),
 };
 static const mbedtls_mpi_uint secp384r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD),
 };
 static const mbedtls_mpi_uint secp384r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F),
 };
 static const mbedtls_mpi_uint secp384r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA),
 };
 static const mbedtls_mpi_uint secp384r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48),
 };
 static const mbedtls_mpi_uint secp384r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A),
 };
 static const mbedtls_mpi_uint secp384r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08),
 };
 static const mbedtls_mpi_uint secp384r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F),
 };
 static const mbedtls_mpi_uint secp384r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74),
 };
 static const mbedtls_mpi_uint secp384r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03),
 };
 static const mbedtls_mpi_uint secp384r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB),
 };
 static const mbedtls_mpi_uint secp384r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF),
 };
 static const mbedtls_mpi_uint secp384r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97),
 };
 static const mbedtls_mpi_uint secp384r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71),
 };
 static const mbedtls_mpi_uint secp384r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5),
 };
 static const mbedtls_mpi_uint secp384r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91),
 };
 static const mbedtls_mpi_uint secp384r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5),
 };
 static const mbedtls_mpi_uint secp384r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15),
 };
 static const mbedtls_mpi_uint secp384r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98),
 };
 static const mbedtls_mpi_uint secp384r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F),
 };
 static const mbedtls_mpi_uint secp384r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10),
 };
 static const mbedtls_mpi_uint secp384r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1),
 };
 static const mbedtls_mpi_uint secp384r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0),
 };
 static const mbedtls_mpi_uint secp384r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC),
 };
 static const mbedtls_mpi_uint secp384r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6),
 };
 static const mbedtls_mpi_uint secp384r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A),
 };
 static const mbedtls_mpi_uint secp384r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53),
 };
 static const mbedtls_mpi_uint secp384r1_T_16_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC),
 };
 static const mbedtls_mpi_uint secp384r1_T_16_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85),
 };
 static const mbedtls_mpi_uint secp384r1_T_17_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23),
 };
 static const mbedtls_mpi_uint secp384r1_T_17_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3),
 };
 static const mbedtls_mpi_uint secp384r1_T_18_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6),
 };
 static const mbedtls_mpi_uint secp384r1_T_18_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67),
 };
 static const mbedtls_mpi_uint secp384r1_T_19_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC),
 };
 static const mbedtls_mpi_uint secp384r1_T_19_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA),
 };
 static const mbedtls_mpi_uint secp384r1_T_20_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE),
 };
 static const mbedtls_mpi_uint secp384r1_T_20_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05),
 };
 static const mbedtls_mpi_uint secp384r1_T_21_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA),
 };
 static const mbedtls_mpi_uint secp384r1_T_21_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF),
 };
 static const mbedtls_mpi_uint secp384r1_T_22_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63),
 };
 static const mbedtls_mpi_uint secp384r1_T_22_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1),
 };
 static const mbedtls_mpi_uint secp384r1_T_23_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D),
 };
 static const mbedtls_mpi_uint secp384r1_T_23_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D),
 };
 static const mbedtls_mpi_uint secp384r1_T_24_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF),
 };
 static const mbedtls_mpi_uint secp384r1_T_24_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71),
 };
 static const mbedtls_mpi_uint secp384r1_T_25_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B),
 };
 static const mbedtls_mpi_uint secp384r1_T_25_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F),
 };
 static const mbedtls_mpi_uint secp384r1_T_26_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E),
 };
 static const mbedtls_mpi_uint secp384r1_T_26_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2),
 };
 static const mbedtls_mpi_uint secp384r1_T_27_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7),
 };
 static const mbedtls_mpi_uint secp384r1_T_27_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21),
 };
 static const mbedtls_mpi_uint secp384r1_T_28_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6),
 };
 static const mbedtls_mpi_uint secp384r1_T_28_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E),
 };
 static const mbedtls_mpi_uint secp384r1_T_29_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6),
 };
 static const mbedtls_mpi_uint secp384r1_T_29_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42),
 };
 static const mbedtls_mpi_uint secp384r1_T_30_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12),
 };
 static const mbedtls_mpi_uint secp384r1_T_30_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77),
 };
 static const mbedtls_mpi_uint secp384r1_T_31_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B),
 };
 static const mbedtls_mpi_uint secp384r1_T_31_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41),
 };
 static const mbedtls_ecp_point secp384r1_T[32] = {
     ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y),
@@ -1386,764 +1386,764 @@
  */
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
 static const mbedtls_mpi_uint secp521r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
 };
 static const mbedtls_mpi_uint secp521r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01),
 };
 static const mbedtls_mpi_uint secp521r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
 };
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp521r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_16_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_16_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_17_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_17_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_18_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_18_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_19_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_19_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_20_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_20_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_21_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_21_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_22_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_22_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_23_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_23_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_24_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_24_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_25_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_25_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_26_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_26_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_27_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_27_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_28_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_28_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_29_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_29_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_30_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_30_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_31_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp521r1_T_31_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_ecp_point secp521r1_T[32] = {
     ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y),
@@ -2186,192 +2186,192 @@
 
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
 static const mbedtls_mpi_uint secp192k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp192k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp192k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00),
 };
 static const mbedtls_mpi_uint secp192k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
 };
 static const mbedtls_mpi_uint secp192k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
 };
 static const mbedtls_mpi_uint secp192k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp192k1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
 };
 static const mbedtls_mpi_uint secp192k1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
 };
 static const mbedtls_mpi_uint secp192k1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E),
 };
 static const mbedtls_mpi_uint secp192k1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7),
 };
 static const mbedtls_mpi_uint secp192k1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28),
 };
 static const mbedtls_mpi_uint secp192k1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4),
 };
 static const mbedtls_mpi_uint secp192k1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C),
 };
 static const mbedtls_mpi_uint secp192k1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A),
 };
 static const mbedtls_mpi_uint secp192k1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF),
 };
 static const mbedtls_mpi_uint secp192k1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F),
 };
 static const mbedtls_mpi_uint secp192k1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9),
 };
 static const mbedtls_mpi_uint secp192k1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D),
 };
 static const mbedtls_mpi_uint secp192k1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5),
 };
 static const mbedtls_mpi_uint secp192k1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B),
 };
 static const mbedtls_mpi_uint secp192k1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC),
 };
 static const mbedtls_mpi_uint secp192k1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E),
 };
 static const mbedtls_mpi_uint secp192k1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82),
 };
 static const mbedtls_mpi_uint secp192k1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22),
 };
 static const mbedtls_mpi_uint secp192k1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05),
 };
 static const mbedtls_mpi_uint secp192k1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96),
 };
 static const mbedtls_mpi_uint secp192k1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D),
 };
 static const mbedtls_mpi_uint secp192k1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D),
 };
 static const mbedtls_mpi_uint secp192k1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67),
 };
 static const mbedtls_mpi_uint secp192k1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C),
 };
 static const mbedtls_mpi_uint secp192k1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF),
 };
 static const mbedtls_mpi_uint secp192k1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD),
 };
 static const mbedtls_mpi_uint secp192k1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8),
 };
 static const mbedtls_mpi_uint secp192k1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9),
 };
 static const mbedtls_mpi_uint secp192k1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76),
 };
 static const mbedtls_mpi_uint secp192k1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35),
 };
 static const mbedtls_mpi_uint secp192k1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63),
 };
 static const mbedtls_mpi_uint secp192k1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8),
 };
 static const mbedtls_ecp_point secp192k1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y),
@@ -2399,228 +2399,228 @@
 
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
 static const mbedtls_mpi_uint secp224k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp224k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1),
 };
 static const mbedtls_mpi_uint secp224k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E),
 };
 static const mbedtls_mpi_uint secp224k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp224k1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp224k1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00),
 };
 static const mbedtls_ecp_point secp224k1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y),
@@ -2647,228 +2647,228 @@
 
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
 static const mbedtls_mpi_uint secp256k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 static const mbedtls_mpi_uint secp256k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
 };
 static const mbedtls_mpi_uint secp256k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00),
 };
 static const mbedtls_mpi_uint secp256k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
 };
 static const mbedtls_mpi_uint secp256k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
 };
 static const mbedtls_mpi_uint secp256k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint secp256k1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
 };
 static const mbedtls_mpi_uint secp256k1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
 };
 static const mbedtls_mpi_uint secp256k1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0),
 };
 static const mbedtls_mpi_uint secp256k1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC),
 };
 static const mbedtls_mpi_uint secp256k1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF),
 };
 static const mbedtls_mpi_uint secp256k1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4),
 };
 static const mbedtls_mpi_uint secp256k1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54),
 };
 static const mbedtls_mpi_uint secp256k1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE),
 };
 static const mbedtls_mpi_uint secp256k1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E),
 };
 static const mbedtls_mpi_uint secp256k1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0),
 };
 static const mbedtls_mpi_uint secp256k1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B),
 };
 static const mbedtls_mpi_uint secp256k1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1),
 };
 static const mbedtls_mpi_uint secp256k1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15),
 };
 static const mbedtls_mpi_uint secp256k1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05),
 };
 static const mbedtls_mpi_uint secp256k1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72),
 };
 static const mbedtls_mpi_uint secp256k1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22),
 };
 static const mbedtls_mpi_uint secp256k1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16),
 };
 static const mbedtls_mpi_uint secp256k1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E),
 };
 static const mbedtls_mpi_uint secp256k1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E),
 };
 static const mbedtls_mpi_uint secp256k1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D),
 };
 static const mbedtls_mpi_uint secp256k1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0),
 };
 static const mbedtls_mpi_uint secp256k1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01),
 };
 static const mbedtls_mpi_uint secp256k1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12),
 };
 static const mbedtls_mpi_uint secp256k1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25),
 };
 static const mbedtls_mpi_uint secp256k1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B),
 };
 static const mbedtls_mpi_uint secp256k1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B),
 };
 static const mbedtls_mpi_uint secp256k1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64),
 };
 static const mbedtls_mpi_uint secp256k1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F),
 };
 static const mbedtls_mpi_uint secp256k1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07),
 };
 static const mbedtls_mpi_uint secp256k1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9),
 };
 static const mbedtls_mpi_uint secp256k1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89),
 };
 static const mbedtls_mpi_uint secp256k1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB),
 };
 static const mbedtls_ecp_point secp256k1_T[16] = {
     ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y),
@@ -2898,234 +2898,234 @@
  */
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
 static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98),
 };
 static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F),
 };
 static const mbedtls_ecp_point brainpoolP256r1_T[16] = {
     ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y),
@@ -3156,566 +3156,566 @@
  */
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
 static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F),
 };
 static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F),
 };
 static const mbedtls_ecp_point brainpoolP384r1_T[32] = {
     ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y),
@@ -3762,706 +3762,706 @@
  */
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
 static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
 };
 
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
 static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34),
 };
 static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42 ),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9),
+    MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4),
+    MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42),
 };
 static const mbedtls_ecp_point brainpoolP512r1_T[32] = {
     ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y),
@@ -4507,17 +4507,17 @@
  * Create an MPI from embedded constants
  * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
  */
-static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
+static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
 {
     X->s = 1;
-    X->n = len / sizeof( mbedtls_mpi_uint );
+    X->n = len / sizeof(mbedtls_mpi_uint);
     X->p = (mbedtls_mpi_uint *) p;
 }
 
 /*
  * Set an MPI to static value 1
  */
-static inline void ecp_mpi_set1( mbedtls_mpi *X )
+static inline void ecp_mpi_set1(mbedtls_mpi *X)
 {
     X->s = 1;
     X->n = 1;
@@ -4527,27 +4527,28 @@
 /*
  * Make group available from embedded constants
  */
-static int ecp_group_load( mbedtls_ecp_group *grp,
-                           const mbedtls_mpi_uint *p,  size_t plen,
-                           const mbedtls_mpi_uint *a,  size_t alen,
-                           const mbedtls_mpi_uint *b,  size_t blen,
-                           const mbedtls_mpi_uint *gx, size_t gxlen,
-                           const mbedtls_mpi_uint *gy, size_t gylen,
-                           const mbedtls_mpi_uint *n,  size_t nlen,
-                           const mbedtls_ecp_point *T)
+static int ecp_group_load(mbedtls_ecp_group *grp,
+                          const mbedtls_mpi_uint *p,  size_t plen,
+                          const mbedtls_mpi_uint *a,  size_t alen,
+                          const mbedtls_mpi_uint *b,  size_t blen,
+                          const mbedtls_mpi_uint *gx, size_t gxlen,
+                          const mbedtls_mpi_uint *gy, size_t gylen,
+                          const mbedtls_mpi_uint *n,  size_t nlen,
+                          const mbedtls_ecp_point *T)
 {
-    ecp_mpi_load( &grp->P, p, plen );
-    if( a != NULL )
-        ecp_mpi_load( &grp->A, a, alen );
-    ecp_mpi_load( &grp->B, b, blen );
-    ecp_mpi_load( &grp->N, n, nlen );
+    ecp_mpi_load(&grp->P, p, plen);
+    if (a != NULL) {
+        ecp_mpi_load(&grp->A, a, alen);
+    }
+    ecp_mpi_load(&grp->B, b, blen);
+    ecp_mpi_load(&grp->N, n, nlen);
 
-    ecp_mpi_load( &grp->G.X, gx, gxlen );
-    ecp_mpi_load( &grp->G.Y, gy, gylen );
-    ecp_mpi_set1( &grp->G.Z );
+    ecp_mpi_load(&grp->G.X, gx, gxlen);
+    ecp_mpi_load(&grp->G.Y, gy, gylen);
+    ecp_mpi_set1(&grp->G.Z);
 
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+    grp->pbits = mbedtls_mpi_bitlen(&grp->P);
+    grp->nbits = mbedtls_mpi_bitlen(&grp->N);
 
     grp->h = 1;
 
@@ -4557,70 +4558,70 @@
      */
     grp->T_size = 0;
 
-    return( 0 );
+    return 0;
 }
 #endif /* ECP_LOAD_GROUP */
 
 #if defined(MBEDTLS_ECP_NIST_OPTIM)
 /* Forward declarations */
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static int ecp_mod_p192( mbedtls_mpi * );
+static int ecp_mod_p192(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static int ecp_mod_p224( mbedtls_mpi * );
+static int ecp_mod_p224(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static int ecp_mod_p256( mbedtls_mpi * );
+static int ecp_mod_p256(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static int ecp_mod_p384( mbedtls_mpi * );
+static int ecp_mod_p384(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static int ecp_mod_p521( mbedtls_mpi * );
+static int ecp_mod_p521(mbedtls_mpi *);
 #endif
 
-#define NIST_MODP( P )      grp->modp = ecp_mod_ ## P;
+#define NIST_MODP(P)      grp->modp = ecp_mod_ ## P;
 #else
-#define NIST_MODP( P )
+#define NIST_MODP(P)
 #endif /* MBEDTLS_ECP_NIST_OPTIM */
 
 /* Additional forward declarations */
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-static int ecp_mod_p255( mbedtls_mpi * );
+static int ecp_mod_p255(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-static int ecp_mod_p448( mbedtls_mpi * );
+static int ecp_mod_p448(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static int ecp_mod_p192k1( mbedtls_mpi * );
+static int ecp_mod_p192k1(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static int ecp_mod_p224k1( mbedtls_mpi * );
+static int ecp_mod_p224k1(mbedtls_mpi *);
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static int ecp_mod_p256k1( mbedtls_mpi * );
+static int ecp_mod_p256k1(mbedtls_mpi *);
 #endif
 
 #if defined(ECP_LOAD_GROUP)
-#define LOAD_GROUP_A( G )   ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            G ## _a,  sizeof( G ## _a  ),   \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ),   \
-                            G ## _T                         \
-                            )
+#define LOAD_GROUP_A(G)   ecp_group_load(grp,            \
+                                         G ## _p,  sizeof(G ## _p),   \
+                                         G ## _a,  sizeof(G ## _a),   \
+                                         G ## _b,  sizeof(G ## _b),   \
+                                         G ## _gx, sizeof(G ## _gx),   \
+                                         G ## _gy, sizeof(G ## _gy),   \
+                                         G ## _n,  sizeof(G ## _n),   \
+                                         G ## _T                         \
+                                         )
 
-#define LOAD_GROUP( G )     ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            NULL,     0,                    \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ),   \
-                            G ## _T                         \
-                            )
+#define LOAD_GROUP(G)     ecp_group_load(grp,            \
+                                         G ## _p,  sizeof(G ## _p),   \
+                                         NULL,     0,                    \
+                                         G ## _b,  sizeof(G ## _b),   \
+                                         G ## _gx, sizeof(G ## _gx),   \
+                                         G ## _gy, sizeof(G ## _gy),   \
+                                         G ## _n,  sizeof(G ## _n),   \
+                                         G ## _T                         \
+                                         )
 #endif /* ECP_LOAD_GROUP */
 
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
@@ -4634,38 +4635,39 @@
 /*
  * Specialized function for creating the Curve25519 group
  */
-static int ecp_use_curve25519( mbedtls_ecp_group *grp )
+static int ecp_use_curve25519(mbedtls_ecp_group *grp)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Actually ( A + 2 ) / 4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24));
 
     /* P = 2^255 - 19 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19));
+    grp->pbits = mbedtls_mpi_bitlen(&grp->P);
 
     /* N = 2^252 + 27742317777372353535851937790883648493 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
-                     curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N,
+                                            curve25519_part_of_n, sizeof(curve25519_part_of_n)));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1));
 
     /* Y intentionally not set, since we use x/z coordinates.
      * This is used as a marker to identify Montgomery curves! */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
-    mbedtls_mpi_free( &grp->G.Y );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
+    mbedtls_mpi_free(&grp->G.Y);
 
     /* Actually, the required msb for private keys */
     grp->nbits = 254;
 
 cleanup:
-    if( ret != 0 )
-        mbedtls_ecp_group_free( grp );
+    if (ret != 0) {
+        mbedtls_ecp_group_free(grp);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
@@ -4682,140 +4684,140 @@
 /*
  * Specialized function for creating the Curve448 group
  */
-static int ecp_use_curve448( mbedtls_ecp_group *grp )
+static int ecp_use_curve448(mbedtls_ecp_group *grp)
 {
     mbedtls_mpi Ns;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_mpi_init( &Ns );
+    mbedtls_mpi_init(&Ns);
 
     /* Actually ( A + 2 ) / 4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24));
 
     /* P = 2^448 - 2^224 - 1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
+    grp->pbits = mbedtls_mpi_bitlen(&grp->P);
 
     /* Y intentionally not set, since we use x/z coordinates.
      * This is used as a marker to identify Montgomery curves! */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
-    mbedtls_mpi_free( &grp->G.Y );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
+    mbedtls_mpi_free(&grp->G.Y);
 
     /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
-                        curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns,
+                                            curve448_part_of_n, sizeof(curve448_part_of_n)));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns));
 
     /* Actually, the required msb for private keys */
     grp->nbits = 447;
 
 cleanup:
-    mbedtls_mpi_free( &Ns );
-    if( ret != 0 )
-        mbedtls_ecp_group_free( grp );
+    mbedtls_mpi_free(&Ns);
+    if (ret != 0) {
+        mbedtls_ecp_group_free(grp);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
 /*
  * Set a group using well-known domain parameters
  */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
+int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
 {
-    ECP_VALIDATE_RET( grp != NULL );
-    mbedtls_ecp_group_free( grp );
+    ECP_VALIDATE_RET(grp != NULL);
+    mbedtls_ecp_group_free(grp);
 
-    mbedtls_ecp_group_init( grp );
+    mbedtls_ecp_group_init(grp);
 
     grp->id = id;
 
-    switch( id )
-    {
+    switch (id) {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP192R1:
-            NIST_MODP( p192 );
-            return( LOAD_GROUP( secp192r1 ) );
+            NIST_MODP(p192);
+            return LOAD_GROUP(secp192r1);
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP224R1:
-            NIST_MODP( p224 );
-            return( LOAD_GROUP( secp224r1 ) );
+            NIST_MODP(p224);
+            return LOAD_GROUP(secp224r1);
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP256R1:
-            NIST_MODP( p256 );
-            return( LOAD_GROUP( secp256r1 ) );
+            NIST_MODP(p256);
+            return LOAD_GROUP(secp256r1);
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP384R1:
-            NIST_MODP( p384 );
-            return( LOAD_GROUP( secp384r1 ) );
+            NIST_MODP(p384);
+            return LOAD_GROUP(secp384r1);
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP521R1:
-            NIST_MODP( p521 );
-            return( LOAD_GROUP( secp521r1 ) );
+            NIST_MODP(p521);
+            return LOAD_GROUP(secp521r1);
 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP192K1:
             grp->modp = ecp_mod_p192k1;
-            return( LOAD_GROUP_A( secp192k1 ) );
+            return LOAD_GROUP_A(secp192k1);
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP224K1:
             grp->modp = ecp_mod_p224k1;
-            return( LOAD_GROUP_A( secp224k1 ) );
+            return LOAD_GROUP_A(secp224k1);
 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP256K1:
             grp->modp = ecp_mod_p256k1;
-            return( LOAD_GROUP_A( secp256k1 ) );
+            return LOAD_GROUP_A(secp256k1);
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
         case MBEDTLS_ECP_DP_BP256R1:
-            return( LOAD_GROUP_A( brainpoolP256r1 ) );
+            return LOAD_GROUP_A(brainpoolP256r1);
 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
         case MBEDTLS_ECP_DP_BP384R1:
-            return( LOAD_GROUP_A( brainpoolP384r1 ) );
+            return LOAD_GROUP_A(brainpoolP384r1);
 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
         case MBEDTLS_ECP_DP_BP512R1:
-            return( LOAD_GROUP_A( brainpoolP512r1 ) );
+            return LOAD_GROUP_A(brainpoolP512r1);
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
         case MBEDTLS_ECP_DP_CURVE25519:
             grp->modp = ecp_mod_p255;
-            return( ecp_use_curve25519( grp ) );
+            return ecp_use_curve25519(grp);
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
         case MBEDTLS_ECP_DP_CURVE448:
             grp->modp = ecp_mod_p448;
-            return( ecp_use_curve448( grp ) );
+            return ecp_use_curve448(grp);
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
         default:
             grp->id = MBEDTLS_ECP_DP_NONE;
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     }
 }
 
@@ -4844,56 +4846,54 @@
  */
 
 /* Add 64-bit chunks (dst += src) and update carry */
-static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
+static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry)
 {
     unsigned char i;
     mbedtls_mpi_uint c = 0;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
-    {
-        *dst += c;      c  = ( *dst < c );
-        *dst += *src;   c += ( *dst < *src );
+    for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
+        *dst += c;      c  = (*dst < c);
+        *dst += *src;   c += (*dst < *src);
     }
     *carry += c;
 }
 
 /* Add carry to a 64-bit chunk and update carry */
-static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
+static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
 {
     unsigned char i;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
-    {
+    for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
         *dst += *carry;
-        *carry  = ( *dst < *carry );
+        *carry  = (*dst < *carry);
     }
 }
 
-#define WIDTH       8 / sizeof( mbedtls_mpi_uint )
-#define A( i )      N->p + (i) * WIDTH
-#define ADD( i )    add64( p, A( i ), &c )
-#define NEXT        p += WIDTH; carry64( p, &c )
-#define LAST        p += WIDTH; *p = c; while( ++p < end ) *p = 0
+#define WIDTH       8 / sizeof(mbedtls_mpi_uint)
+#define A(i)      N->p + (i) * WIDTH
+#define ADD(i)    add64(p, A(i), &c)
+#define NEXT        p += WIDTH; carry64(p, &c)
+#define LAST        p += WIDTH; *p = c; while (++p < end) *p = 0
 
 /*
  * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
  */
-static int ecp_mod_p192( mbedtls_mpi *N )
+static int ecp_mod_p192(mbedtls_mpi *N)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi_uint c = 0;
     mbedtls_mpi_uint *p, *end;
 
     /* Make sure we have enough blocks so that A(5) is legal */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH));
 
     p = N->p;
     end = p + N->n;
 
-    ADD( 3 ); ADD( 5 );             NEXT; // A0 += A3 + A5
-    ADD( 3 ); ADD( 4 ); ADD( 5 );   NEXT; // A1 += A3 + A4 + A5
-    ADD( 4 ); ADD( 5 );             LAST; // A2 += A4 + A5
+    ADD(3); ADD(5);             NEXT;     // A0 += A3 + A5
+    ADD(3); ADD(4); ADD(5);   NEXT;       // A1 += A3 + A4 + A5
+    ADD(4); ADD(5);             LAST;     // A2 += A4 + A5
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #undef WIDTH
@@ -4922,21 +4922,21 @@
  *
  * While at it, also define the size of N in terms of 32-bit chunks.
  */
-#define LOAD32      cur = A( i );
+#define LOAD32      cur = A(i);
 
 #if defined(MBEDTLS_HAVE_INT32)  /* 32 bit */
 
 #define MAX32       N->n
-#define A( j )      N->p[j]
+#define A(j)      N->p[j]
 #define STORE32     N->p[i] = cur;
 
 #else                               /* 64-bit */
 
 #define MAX32       N->n * 2
-#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
-                         (uint32_t)( N->p[(j)/2] )
+#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \
+    (uint32_t) (N->p[(j)/2])
 #define STORE32                                   \
-    if( i % 2 ) {                                 \
+    if (i % 2) {                                 \
         N->p[i/2] &= 0x00000000FFFFFFFF;          \
         N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32;        \
     } else {                                      \
@@ -4949,101 +4949,101 @@
 /*
  * Helpers for addition and subtraction of chunks, with signed carry.
  */
-static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
+static inline void add32(uint32_t *dst, uint32_t src, signed char *carry)
 {
     *dst += src;
-    *carry += ( *dst < src );
+    *carry += (*dst < src);
 }
 
-static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
+static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry)
 {
-    *carry -= ( *dst < src );
+    *carry -= (*dst < src);
     *dst -= src;
 }
 
-#define ADD( j )    add32( &cur, A( j ), &c );
-#define SUB( j )    sub32( &cur, A( j ), &c );
+#define ADD(j)    add32(&cur, A(j), &c);
+#define SUB(j)    sub32(&cur, A(j), &c);
 
 /*
  * Helpers for the main 'loop'
  */
-#define INIT( b )                                                       \
+#define INIT(b)                                                       \
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;                    \
     signed char c = 0, cc;                                              \
     uint32_t cur;                                                       \
     size_t i = 0, bits = (b);                                           \
     /* N is the size of the product of two b-bit numbers, plus one */   \
     /* limb for fix_negative */                                         \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) );      \
+    MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1));      \
     LOAD32;
 
 #define NEXT                    \
     STORE32; i++; LOAD32;       \
     cc = c; c = 0;              \
-    if( cc < 0 )                \
-        sub32( &cur, -cc, &c ); \
+    if (cc < 0)                \
+    sub32(&cur, -cc, &c); \
     else                        \
-        add32( &cur, cc, &c );  \
+    add32(&cur, cc, &c);  \
 
 #define LAST                                    \
     STORE32; i++;                               \
     cur = c > 0 ? c : 0; STORE32;               \
-    cur = 0; while( ++i < MAX32 ) { STORE32; }  \
-    if( c < 0 ) mbedtls_ecp_fix_negative( N, c, bits );
+    cur = 0; while (++i < MAX32) { STORE32; }  \
+    if (c < 0) mbedtls_ecp_fix_negative(N, c, bits);
 
 /*
  * If the result is negative, we get it in the form
  * c * 2^bits + N, with c negative and N positive shorter than 'bits'
  */
 MBEDTLS_STATIC_TESTABLE
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
+void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits)
 {
     size_t i;
 
     /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
      * set the absolute value to 0xfff...fff - N. There is no carry
      * since we're subtracting from all-bits-one.  */
-    for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
-    {
-        N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
+    for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
+        N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
     }
     /* Add 1, taking care of the carry. */
     i = 0;
-    do
+    do {
         ++N->p[i];
-    while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
+    } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
     /* Invert the sign.
      * Now N = N0 - 2^bits where N0 is the initial value of N. */
     N->s = -1;
 
     /* Add |c| * 2^bits to the absolute value. Since c and N are
-    * negative, this adds c * 2^bits. */
+     * negative, this adds c * 2^bits. */
     mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
 #if defined(MBEDTLS_HAVE_INT64)
-    if( bits == 224 )
+    if (bits == 224) {
         msw <<= 32;
+    }
 #endif
-    N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw;
+    N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
 }
 
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
 /*
  * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
  */
-static int ecp_mod_p224( mbedtls_mpi *N )
+static int ecp_mod_p224(mbedtls_mpi *N)
 {
-    INIT( 224 );
+    INIT(224);
 
-    SUB(  7 ); SUB( 11 );               NEXT; // A0 += -A7 - A11
-    SUB(  8 ); SUB( 12 );               NEXT; // A1 += -A8 - A12
-    SUB(  9 ); SUB( 13 );               NEXT; // A2 += -A9 - A13
-    SUB( 10 ); ADD(  7 ); ADD( 11 );    NEXT; // A3 += -A10 + A7 + A11
-    SUB( 11 ); ADD(  8 ); ADD( 12 );    NEXT; // A4 += -A11 + A8 + A12
-    SUB( 12 ); ADD(  9 ); ADD( 13 );    NEXT; // A5 += -A12 + A9 + A13
-    SUB( 13 ); ADD( 10 );               LAST; // A6 += -A13 + A10
+    SUB(7); SUB(11);               NEXT;      // A0 += -A7 - A11
+    SUB(8); SUB(12);               NEXT;      // A1 += -A8 - A12
+    SUB(9); SUB(13);               NEXT;      // A2 += -A9 - A13
+    SUB(10); ADD(7); ADD(11);    NEXT;        // A3 += -A10 + A7 + A11
+    SUB(11); ADD(8); ADD(12);    NEXT;        // A4 += -A11 + A8 + A12
+    SUB(12); ADD(9); ADD(13);    NEXT;        // A5 += -A12 + A9 + A13
+    SUB(13); ADD(10);               LAST;     // A6 += -A13 + A10
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 
@@ -5051,36 +5051,36 @@
 /*
  * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
  */
-static int ecp_mod_p256( mbedtls_mpi *N )
+static int ecp_mod_p256(mbedtls_mpi *N)
 {
-    INIT( 256 );
+    INIT(256);
 
-    ADD(  8 ); ADD(  9 );
-    SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 );             NEXT; // A0
+    ADD(8); ADD(9);
+    SUB(11); SUB(12); SUB(13); SUB(14);             NEXT;         // A0
 
-    ADD(  9 ); ADD( 10 );
-    SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 );             NEXT; // A1
+    ADD(9); ADD(10);
+    SUB(12); SUB(13); SUB(14); SUB(15);             NEXT;         // A1
 
-    ADD( 10 ); ADD( 11 );
-    SUB( 13 ); SUB( 14 ); SUB( 15 );                        NEXT; // A2
+    ADD(10); ADD(11);
+    SUB(13); SUB(14); SUB(15);                        NEXT;       // A2
 
-    ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
-    SUB( 15 ); SUB(  8 ); SUB(  9 );                        NEXT; // A3
+    ADD(11); ADD(11); ADD(12); ADD(12); ADD(13);
+    SUB(15); SUB(8); SUB(9);                        NEXT;         // A3
 
-    ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
-    SUB(  9 ); SUB( 10 );                                   NEXT; // A4
+    ADD(12); ADD(12); ADD(13); ADD(13); ADD(14);
+    SUB(9); SUB(10);                                   NEXT;      // A4
 
-    ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
-    SUB( 10 ); SUB( 11 );                                   NEXT; // A5
+    ADD(13); ADD(13); ADD(14); ADD(14); ADD(15);
+    SUB(10); SUB(11);                                   NEXT;     // A5
 
-    ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
-    SUB(  8 ); SUB(  9 );                                   NEXT; // A6
+    ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13);
+    SUB(8); SUB(9);                                   NEXT;       // A6
 
-    ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
-    SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 );             LAST; // A7
+    ADD(15); ADD(15); ADD(15); ADD(8);
+    SUB(10); SUB(11); SUB(12); SUB(13);             LAST;         // A7
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 
@@ -5088,48 +5088,48 @@
 /*
  * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
  */
-static int ecp_mod_p384( mbedtls_mpi *N )
+static int ecp_mod_p384(mbedtls_mpi *N)
 {
-    INIT( 384 );
+    INIT(384);
 
-    ADD( 12 ); ADD( 21 ); ADD( 20 );
-    SUB( 23 );                                              NEXT; // A0
+    ADD(12); ADD(21); ADD(20);
+    SUB(23);                                              NEXT;   // A0
 
-    ADD( 13 ); ADD( 22 ); ADD( 23 );
-    SUB( 12 ); SUB( 20 );                                   NEXT; // A2
+    ADD(13); ADD(22); ADD(23);
+    SUB(12); SUB(20);                                   NEXT;     // A2
 
-    ADD( 14 ); ADD( 23 );
-    SUB( 13 ); SUB( 21 );                                   NEXT; // A2
+    ADD(14); ADD(23);
+    SUB(13); SUB(21);                                   NEXT;     // A2
 
-    ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
-    SUB( 14 ); SUB( 22 ); SUB( 23 );                        NEXT; // A3
+    ADD(15); ADD(12); ADD(20); ADD(21);
+    SUB(14); SUB(22); SUB(23);                        NEXT;       // A3
 
-    ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
-    SUB( 15 ); SUB( 23 ); SUB( 23 );                        NEXT; // A4
+    ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22);
+    SUB(15); SUB(23); SUB(23);                        NEXT;       // A4
 
-    ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
-    SUB( 16 );                                              NEXT; // A5
+    ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23);
+    SUB(16);                                              NEXT;   // A5
 
-    ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
-    SUB( 17 );                                              NEXT; // A6
+    ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22);
+    SUB(17);                                              NEXT;   // A6
 
-    ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
-    SUB( 18 );                                              NEXT; // A7
+    ADD(19); ADD(16); ADD(15); ADD(23);
+    SUB(18);                                              NEXT;   // A7
 
-    ADD( 20 ); ADD( 17 ); ADD( 16 );
-    SUB( 19 );                                              NEXT; // A8
+    ADD(20); ADD(17); ADD(16);
+    SUB(19);                                              NEXT;   // A8
 
-    ADD( 21 ); ADD( 18 ); ADD( 17 );
-    SUB( 20 );                                              NEXT; // A9
+    ADD(21); ADD(18); ADD(17);
+    SUB(20);                                              NEXT;   // A9
 
-    ADD( 22 ); ADD( 19 ); ADD( 18 );
-    SUB( 21 );                                              NEXT; // A10
+    ADD(22); ADD(19); ADD(18);
+    SUB(21);                                              NEXT;   // A10
 
-    ADD( 23 ); ADD( 20 ); ADD( 19 );
-    SUB( 22 );                                              LAST; // A11
+    ADD(23); ADD(20); ADD(19);
+    SUB(22);                                              LAST;   // A11
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
@@ -5152,7 +5152,7 @@
  */
 
 /* Size of p521 in terms of mbedtls_mpi_uint */
-#define P521_WIDTH      ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+#define P521_WIDTH      (521 / 8 / sizeof(mbedtls_mpi_uint) + 1)
 
 /* Bits to keep in the most significant mbedtls_mpi_uint */
 #define P521_MASK       0x01FF
@@ -5161,7 +5161,7 @@
  * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
  * Write N as A1 + 2^521 A0, return A0 + A1
  */
-static int ecp_mod_p521( mbedtls_mpi *N )
+static int ecp_mod_p521(mbedtls_mpi *N)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
@@ -5171,28 +5171,31 @@
      * we need to hold bits 513 to 1056, which is 34 limbs, that is
      * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
 
-    if( N->n < P521_WIDTH )
-        return( 0 );
+    if (N->n < P521_WIDTH) {
+        return 0;
+    }
 
     /* M = A1 */
     M.s = 1;
-    M.n = N->n - ( P521_WIDTH - 1 );
-    if( M.n > P521_WIDTH + 1 )
+    M.n = N->n - (P521_WIDTH - 1);
+    if (M.n > P521_WIDTH + 1) {
         M.n = P521_WIDTH + 1;
+    }
     M.p = Mp;
-    memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
+    memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
 
     /* N = A0 */
     N->p[P521_WIDTH - 1] &= P521_MASK;
-    for( i = P521_WIDTH; i < N->n; i++ )
+    for (i = P521_WIDTH; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #undef P521_WIDTH
@@ -5204,47 +5207,49 @@
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
 
 /* Size of p255 in terms of mbedtls_mpi_uint */
-#define P255_WIDTH      ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+#define P255_WIDTH      (255 / 8 / sizeof(mbedtls_mpi_uint) + 1)
 
 /*
  * Fast quasi-reduction modulo p255 = 2^255 - 19
  * Write N as A0 + 2^256 A1, return A0 + 38 * A1
  */
-static int ecp_mod_p255( mbedtls_mpi *N )
+static int ecp_mod_p255(mbedtls_mpi *N)
 {
     mbedtls_mpi_uint Mp[P255_WIDTH];
 
     /* Helper references for top part of N */
     mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
     const size_t NT_n = N->n - P255_WIDTH;
-    if( N->n <= P255_WIDTH )
-        return( 0 );
-    if( NT_n > P255_WIDTH )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (N->n <= P255_WIDTH) {
+        return 0;
+    }
+    if (NT_n > P255_WIDTH) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* Split N as N + 2^256 M */
-    memcpy( Mp,   NT_p, sizeof( mbedtls_mpi_uint ) * NT_n );
-    memset( NT_p, 0,    sizeof( mbedtls_mpi_uint ) * NT_n );
+    memcpy(Mp,   NT_p, sizeof(mbedtls_mpi_uint) * NT_n);
+    memset(NT_p, 0,    sizeof(mbedtls_mpi_uint) * NT_n);
 
     /* N = A0 + 38 * A1 */
-    mbedtls_mpi_core_mla( N->p, P255_WIDTH + 1,
-                          Mp, NT_n,
-                          38 );
+    mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1,
+                         Mp, NT_n,
+                         38);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
 
 /* Size of p448 in terms of mbedtls_mpi_uint */
-#define P448_WIDTH      ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
+#define P448_WIDTH      (448 / 8 / sizeof(mbedtls_mpi_uint))
 
 /* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
-#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
-#define P224_WIDTH_MIN   ( 28 / sizeof( mbedtls_mpi_uint ) )
-#define P224_WIDTH_MAX   DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
-#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
+#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y))
+#define P224_WIDTH_MIN   (28 / sizeof(mbedtls_mpi_uint))
+#define P224_WIDTH_MAX   DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint))
+#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224)
 
 /*
  * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
@@ -5257,52 +5262,57 @@
  * but for 64-bit targets it should use half the number of operations if we do
  * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
  */
-static int ecp_mod_p448( mbedtls_mpi *N )
+static int ecp_mod_p448(mbedtls_mpi *N)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
     mbedtls_mpi M, Q;
     mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
 
-    if( N->n <= P448_WIDTH )
-        return( 0 );
+    if (N->n <= P448_WIDTH) {
+        return 0;
+    }
 
     /* M = A1 */
     M.s = 1;
-    M.n = N->n - ( P448_WIDTH );
-    if( M.n > P448_WIDTH )
+    M.n = N->n - (P448_WIDTH);
+    if (M.n > P448_WIDTH) {
         /* Shouldn't be called with N larger than 2^896! */
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
     M.p = Mp;
-    memset( Mp, 0, sizeof( Mp ) );
-    memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
+    memset(Mp, 0, sizeof(Mp));
+    memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
 
     /* N = A0 */
-    for( i = P448_WIDTH; i < N->n; i++ )
+    for (i = P448_WIDTH; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N += A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
 
     /* Q = B1, N += B1 */
     Q = M;
     Q.p = Qp;
-    memcpy( Qp, Mp, sizeof( Qp ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
+    memcpy(Qp, Mp, sizeof(Qp));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
 
     /* M = (B0 + B1) * 2^224, N += M */
-    if( sizeof( mbedtls_mpi_uint ) > 4 )
-        Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
-    for( i = P224_WIDTH_MAX; i < M.n; ++i )
+    if (sizeof(mbedtls_mpi_uint) > 4) {
+        Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
+    }
+    for (i = P224_WIDTH_MAX; i < M.n; ++i) {
         Mp[i] = 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
+    }
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
     M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
@@ -5316,18 +5326,19 @@
  * Write N as A0 + 2^224 A1, return A0 + R * A1.
  * Actually do two passes, since R is big.
  */
-#define P_KOBLITZ_MAX   ( 256 / 8 / sizeof( mbedtls_mpi_uint ) )  // Max limbs in P
-#define P_KOBLITZ_R     ( 8 / sizeof( mbedtls_mpi_uint ) )        // Limbs in R
-static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
-                                   size_t adjust, size_t shift, mbedtls_mpi_uint mask )
+#define P_KOBLITZ_MAX   (256 / 8 / sizeof(mbedtls_mpi_uint))      // Max limbs in P
+#define P_KOBLITZ_R     (8 / sizeof(mbedtls_mpi_uint))            // Limbs in R
+static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
+                                  size_t adjust, size_t shift, mbedtls_mpi_uint mask)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
     mbedtls_mpi M, R;
     mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
 
-    if( N->n < p_limbs )
-        return( 0 );
+    if (N->n < p_limbs) {
+        return 0;
+    }
 
     /* Init R */
     R.s = 1;
@@ -5339,49 +5350,57 @@
     M.p = Mp;
 
     /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
+    M.n = N->n - (p_limbs - adjust);
+    if (M.n > p_limbs + adjust) {
         M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+    }
+    memset(Mp, 0, sizeof Mp);
+    memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+    if (shift != 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+    }
     M.n += R.n; /* Make room for multiplication by R */
 
     /* N = A0 */
-    if( mask != 0 )
+    if (mask != 0) {
         N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
+    }
+    for (i = p_limbs; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
 
     /* Second pass */
 
     /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
+    M.n = N->n - (p_limbs - adjust);
+    if (M.n > p_limbs + adjust) {
         M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+    }
+    memset(Mp, 0, sizeof Mp);
+    memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+    if (shift != 0) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+    }
     M.n += R.n; /* Make room for multiplication by R */
 
     /* N = A0 */
-    if( mask != 0 )
+    if (mask != 0) {
         N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
+    }
+    for (i = p_limbs; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
           MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
@@ -5392,14 +5411,15 @@
  * Fast quasi-reduction modulo p192k1 = 2^192 - R,
  * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
  */
-static int ecp_mod_p192k1( mbedtls_mpi *N )
+static int ecp_mod_p192k1(mbedtls_mpi *N)
 {
     static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
+        MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
+                                  0x00)
+    };
 
-    return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
+    return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+                           0);
 }
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 
@@ -5408,17 +5428,18 @@
  * Fast quasi-reduction modulo p224k1 = 2^224 - R,
  * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
  */
-static int ecp_mod_p224k1( mbedtls_mpi *N )
+static int ecp_mod_p224k1(mbedtls_mpi *N)
 {
     static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
+        MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
+                                  0x00)
+    };
 
 #if defined(MBEDTLS_HAVE_INT64)
-    return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
+    return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
 #else
-    return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
+    return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+                           0);
 #endif
 }
 
@@ -5429,13 +5450,14 @@
  * Fast quasi-reduction modulo p256k1 = 2^256 - R,
  * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
  */
-static int ecp_mod_p256k1( mbedtls_mpi *N )
+static int ecp_mod_p256k1(mbedtls_mpi *N)
 {
     static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
-    return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
+        MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
+                                  0x00)
+    };
+    return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+                           0);
 }
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 
diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h
index a7544aa..f663d67 100644
--- a/library/ecp_internal_alt.h
+++ b/library/ecp_internal_alt.h
@@ -72,7 +72,7 @@
  *
  * \return          Non-zero if successful.
  */
-unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
+unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group *grp);
 
 /**
  * \brief           Initialise the Elliptic Curve Point module extension.
@@ -89,7 +89,7 @@
  *
  * \return          0 if successful.
  */
-int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
+int mbedtls_internal_ecp_init(const mbedtls_ecp_group *grp);
 
 /**
  * \brief           Frees and deallocates the Elliptic Curve Point module
@@ -97,7 +97,7 @@
  *
  * \param grp       The pointer to the group the module was initialised for.
  */
-void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
+void mbedtls_internal_ecp_free(const mbedtls_ecp_group *grp);
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
 
@@ -117,9 +117,11 @@
  *
  * \return          0 if successful.
  */
-int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
+int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp,
+                                       mbedtls_ecp_point *pt, int (*f_rng)(void *,
+                                                                           unsigned char *,
+                                                                           size_t),
+                                       void *p_rng);
 #endif
 
 #if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
@@ -162,9 +164,9 @@
  *
  * \return          0 if successful.
  */
-int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q );
+int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group *grp,
+                                   mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
+                                   const mbedtls_ecp_point *Q);
 #endif
 
 /**
@@ -187,8 +189,8 @@
  * \return          0 if successful.
  */
 #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
+int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group *grp,
+                                    mbedtls_ecp_point *R, const mbedtls_ecp_point *P);
 #endif
 
 /**
@@ -217,8 +219,8 @@
  *                      an error if one of the points is zero.
  */
 #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *T[], size_t t_len );
+int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group *grp,
+                                            mbedtls_ecp_point *T[], size_t t_len);
 #endif
 
 /**
@@ -235,8 +237,8 @@
  * \return          0 if successful.
  */
 #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt );
+int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group *grp,
+                                       mbedtls_ecp_point *pt);
 #endif
 
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -244,9 +246,12 @@
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
 
 #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
+int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp,
+                                        mbedtls_ecp_point *R,
+                                        mbedtls_ecp_point *S,
+                                        const mbedtls_ecp_point *P,
+                                        const mbedtls_ecp_point *Q,
+                                        const mbedtls_mpi *d);
 #endif
 
 /**
@@ -265,9 +270,11 @@
  * \return          0 if successful
  */
 #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
+int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp,
+                                       mbedtls_ecp_point *P, int (*f_rng)(void *,
+                                                                          unsigned char *,
+                                                                          size_t),
+                                       void *p_rng);
 #endif
 
 /**
@@ -281,8 +288,8 @@
  * \return          0 if successful
  */
 #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P );
+int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group *grp,
+                                       mbedtls_ecp_point *P);
 #endif
 
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
@@ -290,4 +297,3 @@
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
 #endif /* ecp_internal_alt.h */
-
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 71c7702..18815be 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -44,7 +44,7 @@
  * Behavior:
  * Set N to c * 2^bits + old_value_of_N.
  */
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
+void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits);
 #endif
 
 #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
@@ -69,10 +69,10 @@
  * \return          \c 0 on success.
  * \return          \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
  */
-int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
-                                mbedtls_mpi *d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng );
+int mbedtls_ecp_gen_privkey_mx(size_t n_bits,
+                               mbedtls_mpi *d,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng);
 
 #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
 
diff --git a/library/entropy.c b/library/entropy.c
index 545fd9d..7e25f28 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -39,20 +39,20 @@
 
 #define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */
 
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
+void mbedtls_entropy_init(mbedtls_entropy_context *ctx)
 {
     ctx->source_count = 0;
-    memset( ctx->source, 0, sizeof( ctx->source ) );
+    memset(ctx->source, 0, sizeof(ctx->source));
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 
     ctx->accumulator_started = 0;
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_init( &ctx->accumulator );
+    mbedtls_sha512_init(&ctx->accumulator);
 #else
-    mbedtls_sha256_init( &ctx->accumulator );
+    mbedtls_sha256_init(&ctx->accumulator);
 #endif
 
     /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
@@ -60,61 +60,62 @@
 
 #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-    mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_PLATFORM,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+    mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL,
+                               MBEDTLS_ENTROPY_MIN_PLATFORM,
+                               MBEDTLS_ENTROPY_SOURCE_STRONG);
 #endif
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_HARDWARE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+    mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL,
+                               MBEDTLS_ENTROPY_MIN_HARDWARE,
+                               MBEDTLS_ENTROPY_SOURCE_STRONG);
 #endif
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
-    mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
-                                MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+    mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL,
+                               MBEDTLS_ENTROPY_BLOCK_SIZE,
+                               MBEDTLS_ENTROPY_SOURCE_STRONG);
     ctx->initial_entropy_run = 0;
 #endif
 #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
 }
 
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
+void mbedtls_entropy_free(mbedtls_entropy_context *ctx)
 {
     /* If the context was already free, don't call free() again.
      * This is important for mutexes which don't allow double-free. */
-    if( ctx->accumulator_started == -1 )
+    if (ctx->accumulator_started == -1) {
         return;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
+    mbedtls_mutex_free(&ctx->mutex);
 #endif
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_free( &ctx->accumulator );
+    mbedtls_sha512_free(&ctx->accumulator);
 #else
-    mbedtls_sha256_free( &ctx->accumulator );
+    mbedtls_sha256_free(&ctx->accumulator);
 #endif
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     ctx->initial_entropy_run = 0;
 #endif
     ctx->source_count = 0;
-    mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
+    mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source));
     ctx->accumulator_started = -1;
 }
 
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong )
+int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
+                               mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                               size_t threshold, int strong)
 {
     int idx, ret = 0;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
     idx = ctx->source_count;
-    if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
-    {
+    if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
         ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
         goto exit;
     }
@@ -128,18 +129,19 @@
 
 exit:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Entropy accumulator update
  */
-static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id,
-                           const unsigned char *data, size_t len )
+static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id,
+                          const unsigned char *data, size_t len)
 {
     unsigned char header[2];
     unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -147,14 +149,15 @@
     const unsigned char *p = data;
     int ret = 0;
 
-    if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
+    if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-        if( ( ret = mbedtls_sha512( data, len, tmp, 0 ) ) != 0 )
+        if ((ret = mbedtls_sha512(data, len, tmp, 0)) != 0) {
             goto cleanup;
+        }
 #else
-        if( ( ret = mbedtls_sha256( data, len, tmp, 0 ) ) != 0 )
+        if ((ret = mbedtls_sha256(data, len, tmp, 0)) != 0) {
             goto cleanup;
+        }
 #endif
         p = tmp;
         use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
@@ -169,55 +172,61 @@
      * gather entropy eventually execute this code.
      */
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
+    if (ctx->accumulator_started == 0 &&
+        (ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) {
         goto cleanup;
-    else
+    } else {
         ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha512_update( &ctx->accumulator, header, 2 ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha512_update(&ctx->accumulator, header, 2)) != 0) {
         goto cleanup;
-    ret = mbedtls_sha512_update( &ctx->accumulator, p, use_len );
+    }
+    ret = mbedtls_sha512_update(&ctx->accumulator, p, use_len);
 #else
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
+    if (ctx->accumulator_started == 0 &&
+        (ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) {
         goto cleanup;
-    else
+    } else {
         ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha256_update( &ctx->accumulator, header, 2 ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha256_update(&ctx->accumulator, header, 2)) != 0) {
         goto cleanup;
-    ret = mbedtls_sha256_update( &ctx->accumulator, p, use_len );
+    }
+    ret = mbedtls_sha256_update(&ctx->accumulator, p, use_len);
 #endif
 
 cleanup:
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_platform_zeroize(tmp, sizeof(tmp));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len )
+int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
+                                  const unsigned char *data, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len );
+    ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Run through the different sources to add entropy to our accumulator
  */
-static int entropy_gather_internal( mbedtls_entropy_context *ctx )
+static int entropy_gather_internal(mbedtls_entropy_context *ctx)
 {
     int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     int i;
@@ -225,121 +234,125 @@
     unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
     size_t olen;
 
-    if( ctx->source_count == 0 )
-        return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
+    if (ctx->source_count == 0) {
+        return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
+    }
 
     /*
      * Run through our entropy sources
      */
-    for( i = 0; i < ctx->source_count; i++ )
-    {
-        if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+    for (i = 0; i < ctx->source_count; i++) {
+        if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
             have_one_strong = 1;
+        }
 
         olen = 0;
-        if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
-                        buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
-        {
+        if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
+                                           buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
             goto cleanup;
         }
 
         /*
          * Add if we actually gathered something
          */
-        if( olen > 0 )
-        {
-            if( ( ret = entropy_update( ctx, (unsigned char) i,
-                                        buf, olen ) ) != 0 )
-                return( ret );
+        if (olen > 0) {
+            if ((ret = entropy_update(ctx, (unsigned char) i,
+                                      buf, olen)) != 0) {
+                return ret;
+            }
             ctx->source[i].size += olen;
         }
     }
 
-    if( have_one_strong == 0 )
+    if (have_one_strong == 0) {
         ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
+    }
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Thread-safe wrapper for entropy_gather_internal()
  */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
+int mbedtls_entropy_gather(mbedtls_entropy_context *ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    ret = entropy_gather_internal( ctx );
+    ret = entropy_gather_internal(ctx);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
+int mbedtls_entropy_func(void *data, unsigned char *output, size_t len)
 {
     int ret, count = 0, i, thresholds_reached;
     size_t strong_size;
     mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
-    if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     /* Update the NV entropy seed before generating any entropy for outside
      * use.
      */
-    if( ctx->initial_entropy_run == 0 )
-    {
+    if (ctx->initial_entropy_run == 0) {
         ctx->initial_entropy_run = 1;
-        if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) {
+            return ret;
+        }
     }
 #endif
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
     /*
      * Always gather extra entropy before a call
      */
-    do
-    {
-        if( count++ > ENTROPY_MAX_LOOP )
-        {
+    do {
+        if (count++ > ENTROPY_MAX_LOOP) {
             ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
             goto exit;
         }
 
-        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
+        if ((ret = entropy_gather_internal(ctx)) != 0) {
             goto exit;
+        }
 
         thresholds_reached = 1;
         strong_size = 0;
-        for( i = 0; i < ctx->source_count; i++ )
-        {
-            if( ctx->source[i].size < ctx->source[i].threshold )
+        for (i = 0; i < ctx->source_count; i++) {
+            if (ctx->source[i].size < ctx->source[i].threshold) {
                 thresholds_reached = 0;
-            if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+            }
+            if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
                 strong_size += ctx->source[i].size;
+            }
         }
-    }
-    while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
+    } while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
 
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
     /*
@@ -347,112 +360,121 @@
      * in a previous call to entropy_update(). If this is not guaranteed, the
      * code below will fail.
      */
-    if( ( ret = mbedtls_sha512_finish( &ctx->accumulator, buf ) ) != 0 )
+    if ((ret = mbedtls_sha512_finish(&ctx->accumulator, buf)) != 0) {
         goto exit;
+    }
 
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    mbedtls_sha512_free( &ctx->accumulator );
-    mbedtls_sha512_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
+    mbedtls_sha512_free(&ctx->accumulator);
+    mbedtls_sha512_init(&ctx->accumulator);
+    if ((ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_sha512_update( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha512_update(&ctx->accumulator, buf,
+                                     MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
         goto exit;
+    }
 
     /*
      * Perform second SHA-512 on entropy
      */
-    if( ( ret = mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
+    if ((ret = mbedtls_sha512(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+                              buf, 0)) != 0) {
         goto exit;
+    }
 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-    if( ( ret = mbedtls_sha256_finish( &ctx->accumulator, buf ) ) != 0 )
+    if ((ret = mbedtls_sha256_finish(&ctx->accumulator, buf)) != 0) {
         goto exit;
+    }
 
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    mbedtls_sha256_free( &ctx->accumulator );
-    mbedtls_sha256_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
+    mbedtls_sha256_free(&ctx->accumulator);
+    mbedtls_sha256_init(&ctx->accumulator);
+    if ((ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_sha256_update( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha256_update(&ctx->accumulator, buf,
+                                     MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
         goto exit;
+    }
 
     /*
      * Perform second SHA-256 on entropy
      */
-    if( ( ret = mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
+    if ((ret = mbedtls_sha256(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+                              buf, 0)) != 0) {
         goto exit;
+    }
 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
 
-    for( i = 0; i < ctx->source_count; i++ )
+    for (i = 0; i < ctx->source_count; i++) {
         ctx->source[i].size = 0;
+    }
 
-    memcpy( output, buf, len );
+    memcpy(output, buf, len);
 
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
+int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx)
 {
     int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
     /* Read new seed  and write it to NV */
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
+        return ret;
+    }
 
-    if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+    if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
 
     /* Manually update the remaining stream with a separator value to diverge */
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-    ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
+    ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
+int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     FILE *f = NULL;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-    {
+    if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
         ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
         goto exit;
     }
 
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-    {
+    if ((f = fopen(path, "wb")) == NULL) {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
         goto exit;
     }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
+    if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
         goto exit;
     }
@@ -460,47 +482,52 @@
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    if( f != NULL )
-        fclose( f );
+    if (f != NULL) {
+        fclose(f);
+    }
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
+int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path)
 {
     int ret = 0;
     FILE *f;
     size_t n;
-    unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
+    unsigned char buf[MBEDTLS_ENTROPY_MAX_SEED_SIZE];
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
+    fseek(f, 0, SEEK_END);
+    n = (size_t) ftell(f);
+    fseek(f, 0, SEEK_SET);
 
-    if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
+    if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {
         n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
+    }
 
-    if( fread( buf, 1, n, f ) != n )
+    if (fread(buf, 1, n, f) != n) {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    else
-        ret = mbedtls_entropy_update_manual( ctx, buf, n );
+    } else {
+        ret = mbedtls_entropy_update_manual(ctx, buf, n);
+    }
 
-    fclose( f );
+    fclose(f);
 
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    if( ret != 0 )
-        return( ret );
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( mbedtls_entropy_write_seed_file( ctx, path ) );
+    return mbedtls_entropy_write_seed_file(ctx, path);
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -508,59 +535,57 @@
 /*
  * Dummy source function
  */
-static int entropy_dummy_source( void *data, unsigned char *output,
-                                 size_t len, size_t *olen )
+static int entropy_dummy_source(void *data, unsigned char *output,
+                                size_t len, size_t *olen)
 {
     ((void) data);
 
-    memset( output, 0x2a, len );
+    memset(output, 0x2a, len);
     *olen = len;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
 
-static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
+static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len)
 {
     int ret = 0;
     size_t entropy_len = 0;
     size_t olen = 0;
     size_t attempts = buf_len;
 
-    while( attempts > 0 && entropy_len < buf_len )
-    {
-        if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len,
-            buf_len - entropy_len, &olen ) ) != 0 )
-            return( ret );
+    while (attempts > 0 && entropy_len < buf_len) {
+        if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
+                                         buf_len - entropy_len, &olen)) != 0) {
+            return ret;
+        }
 
         entropy_len += olen;
         attempts--;
     }
 
-    if( entropy_len < buf_len )
-    {
+    if (entropy_len < buf_len) {
         ret = 1;
     }
 
-    return( ret );
+    return ret;
 }
 
 
-static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf,
-                                                        size_t buf_len )
+static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf,
+                                                       size_t buf_len)
 {
-    unsigned char set= 0xFF;
+    unsigned char set = 0xFF;
     unsigned char unset = 0x00;
     size_t i;
 
-    for( i = 0; i < buf_len; i++ )
-    {
+    for (i = 0; i < buf_len; i++) {
         set &= buf[i];
         unset |= buf[i];
     }
 
-    return( set == 0xFF || unset == 0x00 );
+    return set == 0xFF || unset == 0x00;
 }
 
 /*
@@ -574,45 +599,50 @@
  *    are not equal.
  *  - The error code returned by the entropy source is not an error.
  */
-int mbedtls_entropy_source_self_test( int verbose )
+int mbedtls_entropy_source_self_test(int verbose)
 {
     int ret = 0;
-    unsigned char buf0[2 * sizeof( unsigned long long int )];
-    unsigned char buf1[2 * sizeof( unsigned long long int )];
+    unsigned char buf0[2 * sizeof(unsigned long long int)];
+    unsigned char buf1[2 * sizeof(unsigned long long int)];
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY_BIAS test: " );
+    if (verbose != 0) {
+        mbedtls_printf("  ENTROPY_BIAS test: ");
+    }
 
-    memset( buf0, 0x00, sizeof( buf0 ) );
-    memset( buf1, 0x00, sizeof( buf1 ) );
+    memset(buf0, 0x00, sizeof(buf0));
+    memset(buf1, 0x00, sizeof(buf1));
 
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
+    }
+    if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) {
         goto cleanup;
+    }
 
     /* Make sure that the returned values are not all 0 or 1 */
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
+    }
+    if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) {
         goto cleanup;
+    }
 
     /* Make sure that the entropy source is not returning values in a
      * pattern */
-    ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0;
+    ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
 
 cleanup:
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        if (ret != 0) {
+            mbedtls_printf("failed\n");
+        } else {
+            mbedtls_printf("passed\n");
+        }
 
-        mbedtls_printf( "\n" );
+        mbedtls_printf("\n");
     }
 
-    return( ret != 0 );
+    return ret != 0;
 }
 
 #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
@@ -622,7 +652,7 @@
  * test that the functions don't cause errors and write the correct
  * amount of data to buffers.
  */
-int mbedtls_entropy_self_test( int verbose )
+int mbedtls_entropy_self_test(int verbose)
 {
     int ret = 1;
     mbedtls_entropy_context ctx;
@@ -630,22 +660,26 @@
     unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
     size_t i, j;
 
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY test: " );
+    if (verbose != 0) {
+        mbedtls_printf("  ENTROPY test: ");
+    }
 
-    mbedtls_entropy_init( &ctx );
+    mbedtls_entropy_init(&ctx);
 
     /* First do a gather to make sure we have default sources */
-    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
+    if ((ret = mbedtls_entropy_gather(&ctx)) != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
-                                      MBEDTLS_ENTROPY_SOURCE_WEAK );
-    if( ret != 0 )
+    ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16,
+                                     MBEDTLS_ENTROPY_SOURCE_WEAK);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
+    if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
         goto cleanup;
+    }
 
     /*
      * To test that mbedtls_entropy_func writes correct number of bytes:
@@ -655,43 +689,43 @@
      *   each of the 32 or 64 bytes to be non-zero has a false failure rate
      *   of at most 2^(-58) which is acceptable.
      */
-    for( i = 0; i < 8; i++ )
-    {
-        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
+    for (i = 0; i < 8; i++) {
+        if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) {
             goto cleanup;
+        }
 
-        for( j = 0; j < sizeof( buf ); j++ )
+        for (j = 0; j < sizeof(buf); j++) {
             acc[j] |= buf[j];
+        }
     }
 
-    for( j = 0; j < sizeof( buf ); j++ )
-    {
-        if( acc[j] == 0 )
-        {
+    for (j = 0; j < sizeof(buf); j++) {
+        if (acc[j] == 0) {
             ret = 1;
             goto cleanup;
         }
     }
 
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test(0)) != 0) {
         goto cleanup;
+    }
 #endif
 
 cleanup:
-    mbedtls_entropy_free( &ctx );
+    mbedtls_entropy_free(&ctx);
 
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        if (ret != 0) {
+            mbedtls_printf("failed\n");
+        } else {
+            mbedtls_printf("passed\n");
+        }
 
-        mbedtls_printf( "\n" );
+        mbedtls_printf("\n");
     }
 
-    return( ret != 0 );
+    return ret != 0;
 }
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 2df9bbe..b5024c8 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -42,7 +42,8 @@
 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
     !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
     !defined(__HAIKU__) && !defined(__midipix__)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
+#error \
+    "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
 #endif
 
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -53,29 +54,27 @@
 #include <windows.h>
 #include <wincrypt.h>
 
-int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
-                           size_t *olen )
+int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
+                                  size_t *olen)
 {
     HCRYPTPROV provider;
     ((void) data);
     *olen = 0;
 
-    if( CryptAcquireContext( &provider, NULL, NULL,
-                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
-    {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    if (CryptAcquireContext(&provider, NULL, NULL,
+                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
-    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
-    {
-        CryptReleaseContext( provider, 0 );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
+        CryptReleaseContext(provider, 0);
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
-    CryptReleaseContext( provider, 0 );
+    CryptReleaseContext(provider, 0);
     *olen = len;
 
-    return( 0 );
+    return 0;
 }
 #else /* _WIN32 && !EFIX64 && !EFI32 */
 
@@ -91,15 +90,15 @@
 #define HAVE_GETRANDOM
 #include <errno.h>
 
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
 {
     /* MemSan cannot understand that the syscall writes to the buffer */
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
-    memset( buf, 0, buflen );
+    memset(buf, 0, buflen);
 #endif
 #endif
-    return( syscall( SYS_getrandom, buf, buflen, flags ) );
+    return syscall(SYS_getrandom, buf, buflen, flags);
 }
 #endif /* SYS_getrandom */
 #endif /* __linux__ || __midipix__ */
@@ -111,9 +110,9 @@
 #include <errno.h>
 #include <sys/random.h>
 #define HAVE_GETRANDOM
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags)
 {
-    return getrandom( buf, buflen, flags );
+    return getrandom(buf, buflen, flags);
 }
 #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
           (__DragonFly__ && __DragonFly_version >= 500700) */
@@ -133,7 +132,7 @@
 #if defined(KERN_ARND)
 #define HAVE_SYSCTL_ARND
 
-static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
+static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen)
 {
     int name[2];
     size_t len;
@@ -141,23 +140,23 @@
     name[0] = CTL_KERN;
     name[1] = KERN_ARND;
 
-    while( buflen > 0 )
-    {
+    while (buflen > 0) {
         len = buflen > 256 ? 256 : buflen;
-        if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
-            return( -1 );
+        if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
+            return -1;
+        }
         buflen -= len;
         buf += len;
     }
-    return( 0 );
+    return 0;
 }
 #endif /* KERN_ARND */
 #endif /* __FreeBSD__ || __NetBSD__ */
 
 #include <stdio.h>
 
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen )
+int mbedtls_platform_entropy_poll(void *data,
+                                  unsigned char *output, size_t len, size_t *olen)
 {
     FILE *file;
     size_t read_len;
@@ -165,14 +164,13 @@
     ((void) data);
 
 #if defined(HAVE_GETRANDOM)
-    ret = getrandom_wrapper( output, len, 0 );
-    if( ret >= 0 )
-    {
+    ret = getrandom_wrapper(output, len, 0);
+    if (ret >= 0) {
         *olen = ret;
-        return( 0 );
+        return 0;
+    } else if (errno != ENOSYS) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
-    else if( errno != ENOSYS )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
     /* Fall through if the system call isn't known. */
 #else
     ((void) ret);
@@ -181,57 +179,60 @@
 #if defined(HAVE_SYSCTL_ARND)
     ((void) file);
     ((void) read_len);
-    if( sysctl_arnd_wrapper( output, len ) == -1 )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    if (sysctl_arnd_wrapper(output, len) == -1) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
     *olen = len;
-    return( 0 );
+    return 0;
 #else
 
     *olen = 0;
 
-    file = fopen( "/dev/urandom", "rb" );
-    if( file == NULL )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( file, NULL );
-
-    read_len = fread( output, 1, len, file );
-    if( read_len != len )
-    {
-        fclose( file );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    file = fopen("/dev/urandom", "rb");
+    if (file == NULL) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
-    fclose( file );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf(file, NULL);
+
+    read_len = fread(output, 1, len, file);
+    if (read_len != len) {
+        fclose(file);
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
+
+    fclose(file);
     *olen = len;
 
-    return( 0 );
+    return 0;
 #endif /* HAVE_SYSCTL_ARND */
 }
 #endif /* _WIN32 && !EFIX64 && !EFI32 */
 #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen )
+int mbedtls_nv_seed_poll(void *data,
+                         unsigned char *output, size_t len, size_t *olen)
 {
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
     size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
     ((void) data);
 
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
-    if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-      return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 
-    if( len < use_len )
-      use_len = len;
+    if (len < use_len) {
+        use_len = len;
+    }
 
-    memcpy( output, buf, use_len );
+    memcpy(output, buf, use_len);
     *olen = use_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index aef1a09..3cfd4a4 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -42,8 +42,8 @@
 /**
  * \brief           Platform-specific entropy poll callback
  */
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
+int mbedtls_platform_entropy_poll(void *data,
+                                  unsigned char *output, size_t len, size_t *olen);
 #endif
 
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
@@ -55,8 +55,8 @@
  *
  * \note            This must accept NULL as its first argument.
  */
-int mbedtls_hardware_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
+int mbedtls_hardware_poll(void *data,
+                          unsigned char *output, size_t len, size_t *olen);
 #endif
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
@@ -65,8 +65,8 @@
  *
  * \note            This must accept NULL as its first argument.
  */
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen );
+int mbedtls_nv_seed_poll(void *data,
+                         unsigned char *output, size_t len, size_t *olen);
 #endif
 
 #ifdef __cplusplus
diff --git a/library/gcm.c b/library/gcm.c
index 0178b5b..6d4495f 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -47,9 +47,9 @@
 /*
  * Initialize a context
  */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
+void mbedtls_gcm_init(mbedtls_gcm_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
+    memset(ctx, 0, sizeof(mbedtls_gcm_context));
 }
 
 /*
@@ -60,7 +60,7 @@
  * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
  * corresponds to P^127.
  */
-static int gcm_gen_table( mbedtls_gcm_context *ctx )
+static int gcm_gen_table(mbedtls_gcm_context *ctx)
 {
     int ret, i, j;
     uint64_t hi, lo;
@@ -68,17 +68,18 @@
     unsigned char h[16];
     size_t olen = 0;
 
-    memset( h, 0, 16 );
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
-        return( ret );
+    memset(h, 0, 16);
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
+        return ret;
+    }
 
     /* pack h as two 64-bits ints, big-endian */
-    hi = MBEDTLS_GET_UINT32_BE( h,  0  );
-    lo = MBEDTLS_GET_UINT32_BE( h,  4  );
+    hi = MBEDTLS_GET_UINT32_BE(h,  0);
+    lo = MBEDTLS_GET_UINT32_BE(h,  4);
     vh = (uint64_t) hi << 32 | lo;
 
-    hi = MBEDTLS_GET_UINT32_BE( h,  8  );
-    lo = MBEDTLS_GET_UINT32_BE( h,  12 );
+    hi = MBEDTLS_GET_UINT32_BE(h,  8);
+    lo = MBEDTLS_GET_UINT32_BE(h,  12);
     vl = (uint64_t) hi << 32 | lo;
 
     /* 8 = 1000 corresponds to 1 in GF(2^128) */
@@ -87,73 +88,75 @@
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     /* With CLMUL support, we need only h, not the rest of the table */
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
-        return( 0 );
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
+        return 0;
+    }
 #endif
 
     /* 0 corresponds to 0 in GF(2^128) */
     ctx->HH[0] = 0;
     ctx->HL[0] = 0;
 
-    for( i = 4; i > 0; i >>= 1 )
-    {
-        uint32_t T = ( vl & 1 ) * 0xe1000000U;
-        vl  = ( vh << 63 ) | ( vl >> 1 );
-        vh  = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
+    for (i = 4; i > 0; i >>= 1) {
+        uint32_t T = (vl & 1) * 0xe1000000U;
+        vl  = (vh << 63) | (vl >> 1);
+        vh  = (vh >> 1) ^ ((uint64_t) T << 32);
 
         ctx->HL[i] = vl;
         ctx->HH[i] = vh;
     }
 
-    for( i = 2; i <= 8; i *= 2 )
-    {
+    for (i = 2; i <= 8; i *= 2) {
         uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
         vh = *HiH;
         vl = *HiL;
-        for( j = 1; j < i; j++ )
-        {
+        for (j = 1; j < i; j++) {
             HiH[j] = vh ^ ctx->HH[j];
             HiL[j] = vl ^ ctx->HL[j];
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
+int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
+                       mbedtls_cipher_id_t cipher,
+                       const unsigned char *key,
+                       unsigned int keybits)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    if( keybits != 128 && keybits != 192 && keybits != 256 )
+    if (keybits != 128 && keybits != 192 && keybits != 256) {
         return MBEDTLS_ERR_GCM_BAD_INPUT;
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
     }
 
-    if( ( ret = gcm_gen_table( ctx ) ) != 0 )
-        return( ret );
+    cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
+                                                  MBEDTLS_MODE_ECB);
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
-    return( 0 );
+    if (cipher_info->block_size != 16) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+
+    if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+        return ret;
+    }
+
+    if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        return ret;
+    }
+
+    if ((ret = gcm_gen_table(ctx)) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
@@ -173,23 +176,23 @@
  * Sets output to x times H using the precomputed tables.
  * x and output are seen as elements of GF(2^128) as in [MGV].
  */
-static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
-                      unsigned char output[16] )
+static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
+                     unsigned char output[16])
 {
     int i = 0;
     unsigned char lo, hi, rem;
     uint64_t zh, zl;
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
         unsigned char h[16];
 
-        MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HH[8],       h,  4 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HL[8],       h, 12 );
+        MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h,  0);
+        MBEDTLS_PUT_UINT32_BE(ctx->HH[8],       h,  4);
+        MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h,  8);
+        MBEDTLS_PUT_UINT32_BE(ctx->HL[8],       h, 12);
 
-        mbedtls_aesni_gcm_mult( output, x, h );
+        mbedtls_aesni_gcm_mult(output, x, h);
         return;
     }
 #endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
@@ -199,16 +202,14 @@
     zh = ctx->HH[lo];
     zl = ctx->HL[lo];
 
-    for( i = 15; i >= 0; i-- )
-    {
+    for (i = 15; i >= 0; i--) {
         lo = x[i] & 0xf;
-        hi = ( x[i] >> 4 ) & 0xf;
+        hi = (x[i] >> 4) & 0xf;
 
-        if( i != 15 )
-        {
+        if (i != 15) {
             rem = (unsigned char) zl & 0xf;
-            zl = ( zh << 60 ) | ( zl >> 4 );
-            zh = ( zh >> 4 );
+            zl = (zh << 60) | (zl >> 4);
+            zh = (zh >> 4);
             zh ^= (uint64_t) last4[rem] << 48;
             zh ^= ctx->HH[lo];
             zl ^= ctx->HL[lo];
@@ -216,22 +217,22 @@
         }
 
         rem = (unsigned char) zl & 0xf;
-        zl = ( zh << 60 ) | ( zl >> 4 );
-        zh = ( zh >> 4 );
+        zl = (zh << 60) | (zl >> 4);
+        zh = (zh >> 4);
         zh ^= (uint64_t) last4[rem] << 48;
         zh ^= ctx->HH[hi];
         zl ^= ctx->HL[hi];
     }
 
-    MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
-    MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
-    MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
+    MBEDTLS_PUT_UINT32_BE(zh >> 32, output, 0);
+    MBEDTLS_PUT_UINT32_BE(zh, output, 4);
+    MBEDTLS_PUT_UINT32_BE(zl >> 32, output, 8);
+    MBEDTLS_PUT_UINT32_BE(zl, output, 12);
 }
 
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                        int mode,
-                        const unsigned char *iv, size_t iv_len )
+int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
+                       int mode,
+                       const unsigned char *iv, size_t iv_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char work_buf[16];
@@ -241,52 +242,48 @@
 
     /* IV is limited to 2^64 bits, so 2^61 bytes */
     /* IV is not allowed to be zero length */
-    if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    if (iv_len == 0 || (uint64_t) iv_len >> 61 != 0) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
-    memset( ctx->y, 0x00, sizeof(ctx->y) );
-    memset( ctx->buf, 0x00, sizeof(ctx->buf) );
+    memset(ctx->y, 0x00, sizeof(ctx->y));
+    memset(ctx->buf, 0x00, sizeof(ctx->buf));
 
     ctx->mode = mode;
     ctx->len = 0;
     ctx->add_len = 0;
 
-    if( iv_len == 12 )
-    {
-        memcpy( ctx->y, iv, iv_len );
+    if (iv_len == 12) {
+        memcpy(ctx->y, iv, iv_len);
         ctx->y[15] = 1;
-    }
-    else
-    {
-        memset( work_buf, 0x00, 16 );
-        iv_bits = (uint64_t)iv_len * 8;
-        MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 );
+    } else {
+        memset(work_buf, 0x00, 16);
+        iv_bits = (uint64_t) iv_len * 8;
+        MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8);
 
         p = iv;
-        while( iv_len > 0 )
-        {
-            use_len = ( iv_len < 16 ) ? iv_len : 16;
+        while (iv_len > 0) {
+            use_len = (iv_len < 16) ? iv_len : 16;
 
-            mbedtls_xor( ctx->y, ctx->y, p, use_len );
+            mbedtls_xor(ctx->y, ctx->y, p, use_len);
 
-            gcm_mult( ctx, ctx->y, ctx->y );
+            gcm_mult(ctx, ctx->y, ctx->y);
 
             iv_len -= use_len;
             p += use_len;
         }
 
-        mbedtls_xor( ctx->y, ctx->y, work_buf, 16);
+        mbedtls_xor(ctx->y, ctx->y, work_buf, 16);
 
-        gcm_mult( ctx, ctx->y, ctx->y );
+        gcm_mult(ctx, ctx->y, ctx->y);
     }
 
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16,
-                                       ctx->base_ectr, &olen ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
+                                     ctx->base_ectr, &olen)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /**
@@ -306,29 +303,31 @@
  *     * len > 0 && len % 16 == 0:      the authentication tag is correct if
  *                                      the data ends now.
  */
-int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
-                           const unsigned char *add, size_t add_len )
+int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
+                          const unsigned char *add, size_t add_len)
 {
     const unsigned char *p;
     size_t use_len, offset;
 
     /* IV is limited to 2^64 bits, so 2^61 bytes */
-    if( (uint64_t) add_len >> 61 != 0 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    if ((uint64_t) add_len >> 61 != 0) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     offset = ctx->add_len % 16;
     p = add;
 
-    if( offset != 0 )
-    {
+    if (offset != 0) {
         use_len = 16 - offset;
-        if( use_len > add_len )
+        if (use_len > add_len) {
             use_len = add_len;
+        }
 
-        mbedtls_xor( ctx->buf + offset, ctx->buf + offset, p, use_len );
+        mbedtls_xor(ctx->buf + offset, ctx->buf + offset, p, use_len);
 
-        if( offset + use_len == 16 )
-            gcm_mult( ctx, ctx->buf, ctx->buf );
+        if (offset + use_len == 16) {
+            gcm_mult(ctx, ctx->buf, ctx->buf);
+        }
 
         ctx->add_len += use_len;
         add_len -= use_len;
@@ -337,110 +336,114 @@
 
     ctx->add_len += add_len;
 
-    while( add_len >= 16 )
-    {
-        mbedtls_xor( ctx->buf, ctx->buf, p, 16 );
+    while (add_len >= 16) {
+        mbedtls_xor(ctx->buf, ctx->buf, p, 16);
 
-        gcm_mult( ctx, ctx->buf, ctx->buf );
+        gcm_mult(ctx, ctx->buf, ctx->buf);
 
         add_len -= 16;
         p += 16;
     }
 
-    if( add_len > 0 )
-    {
-        mbedtls_xor( ctx->buf, ctx->buf, p, add_len );
+    if (add_len > 0) {
+        mbedtls_xor(ctx->buf, ctx->buf, p, add_len);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Increment the counter. */
-static void gcm_incr( unsigned char y[16] )
+static void gcm_incr(unsigned char y[16])
 {
     size_t i;
-    for( i = 16; i > 12; i-- )
-        if( ++y[i - 1] != 0 )
+    for (i = 16; i > 12; i--) {
+        if (++y[i - 1] != 0) {
             break;
+        }
+    }
 }
 
 /* Calculate and apply the encryption mask. Process use_len bytes of data,
  * starting at position offset in the mask block. */
-static int gcm_mask( mbedtls_gcm_context *ctx,
-                     unsigned char ectr[16],
-                     size_t offset, size_t use_len,
-                     const unsigned char *input,
-                     unsigned char *output )
+static int gcm_mask(mbedtls_gcm_context *ctx,
+                    unsigned char ectr[16],
+                    size_t offset, size_t use_len,
+                    const unsigned char *input,
+                    unsigned char *output)
 {
     size_t olen = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
-                                       &olen ) ) != 0 )
-    {
-        mbedtls_platform_zeroize( ectr, 16 );
-        return( ret );
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
+                                     &olen)) != 0) {
+        mbedtls_platform_zeroize(ectr, 16);
+        return ret;
     }
 
-    if( ctx->mode == MBEDTLS_GCM_DECRYPT )
-        mbedtls_xor( ctx->buf + offset, ctx->buf + offset, input, use_len );
-    mbedtls_xor( output, ectr + offset, input, use_len );
-    if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
-        mbedtls_xor( ctx->buf + offset, ctx->buf + offset, output, use_len );
+    if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
+        mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len);
+    }
+    mbedtls_xor(output, ectr + offset, input, use_len);
+    if (ctx->mode == MBEDTLS_GCM_ENCRYPT) {
+        mbedtls_xor(ctx->buf + offset, ctx->buf + offset, output, use_len);
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                        const unsigned char *input, size_t input_length,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_length )
+int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
+                       const unsigned char *input, size_t input_length,
+                       unsigned char *output, size_t output_size,
+                       size_t *output_length)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = input;
     unsigned char *out_p = output;
     size_t offset;
-    unsigned char ectr[16] = {0};
+    unsigned char ectr[16] = { 0 };
 
-    if( output_size < input_length )
-        return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
+    if (output_size < input_length) {
+        return MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL;
+    }
     *output_length = input_length;
 
     /* Exit early if input_length==0 so that we don't do any pointer arithmetic
      * on a potentially null pointer.
      * Returning early also means that the last partial block of AD remains
      * untouched for mbedtls_gcm_finish */
-    if( input_length == 0 )
-        return( 0 );
+    if (input_length == 0) {
+        return 0;
+    }
 
-    if( output > input && (size_t) ( output - input ) < input_length )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    if (output > input && (size_t) (output - input) < input_length) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
      * Also check for possible overflow */
-    if( ctx->len + input_length < ctx->len ||
-        (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull )
-    {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    if (ctx->len + input_length < ctx->len ||
+        (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
     }
 
-    if( ctx->len == 0 && ctx->add_len % 16 != 0 )
-    {
-        gcm_mult( ctx, ctx->buf, ctx->buf );
+    if (ctx->len == 0 && ctx->add_len % 16 != 0) {
+        gcm_mult(ctx, ctx->buf, ctx->buf);
     }
 
     offset = ctx->len % 16;
-    if( offset != 0 )
-    {
+    if (offset != 0) {
         size_t use_len = 16 - offset;
-        if( use_len > input_length )
+        if (use_len > input_length) {
             use_len = input_length;
+        }
 
-        if( ( ret = gcm_mask( ctx, ectr, offset, use_len, p, out_p ) ) != 0 )
-            return( ret );
+        if ((ret = gcm_mask(ctx, ectr, offset, use_len, p, out_p)) != 0) {
+            return ret;
+        }
 
-        if( offset + use_len == 16 )
-            gcm_mult( ctx, ctx->buf, ctx->buf );
+        if (offset + use_len == 16) {
+            gcm_mult(ctx, ctx->buf, ctx->buf);
+        }
 
         ctx->len += use_len;
         input_length -= use_len;
@@ -450,34 +453,34 @@
 
     ctx->len += input_length;
 
-    while( input_length >= 16 )
-    {
-        gcm_incr( ctx->y );
-        if( ( ret = gcm_mask( ctx, ectr, 0, 16, p, out_p ) ) != 0 )
-            return( ret );
+    while (input_length >= 16) {
+        gcm_incr(ctx->y);
+        if ((ret = gcm_mask(ctx, ectr, 0, 16, p, out_p)) != 0) {
+            return ret;
+        }
 
-        gcm_mult( ctx, ctx->buf, ctx->buf );
+        gcm_mult(ctx, ctx->buf, ctx->buf);
 
         input_length -= 16;
         p += 16;
         out_p += 16;
     }
 
-    if( input_length > 0 )
-    {
-        gcm_incr( ctx->y );
-        if( ( ret = gcm_mask( ctx, ectr, 0, input_length, p, out_p ) ) != 0 )
-            return( ret );
+    if (input_length > 0) {
+        gcm_incr(ctx->y);
+        if ((ret = gcm_mask(ctx, ectr, 0, input_length, p, out_p)) != 0) {
+            return ret;
+        }
     }
 
-    mbedtls_platform_zeroize( ectr, sizeof( ectr ) );
-    return( 0 );
+    mbedtls_platform_zeroize(ectr, sizeof(ectr));
+    return 0;
 }
 
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_length,
-                        unsigned char *tag, size_t tag_len )
+int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
+                       unsigned char *output, size_t output_size,
+                       size_t *output_length,
+                       unsigned char *tag, size_t tag_len)
 {
     unsigned char work_buf[16];
     uint64_t orig_len;
@@ -492,111 +495,115 @@
     orig_len = ctx->len * 8;
     orig_add_len = ctx->add_len * 8;
 
-    if( ctx->len == 0 && ctx->add_len % 16 != 0 )
-    {
-        gcm_mult( ctx, ctx->buf, ctx->buf );
+    if (ctx->len == 0 && ctx->add_len % 16 != 0) {
+        gcm_mult(ctx, ctx->buf, ctx->buf);
     }
 
-    if( tag_len > 16 || tag_len < 4 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    if( ctx->len % 16 != 0 )
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-    memcpy( tag, ctx->base_ectr, tag_len );
-
-    if( orig_len || orig_add_len )
-    {
-        memset( work_buf, 0x00, 16 );
-
-        MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
-
-        mbedtls_xor( ctx->buf, ctx->buf, work_buf, 16 );
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        mbedtls_xor( tag, tag, ctx->buf, tag_len );
+    if (tag_len > 16 || tag_len < 4) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
     }
 
-    return( 0 );
+    if (ctx->len % 16 != 0) {
+        gcm_mult(ctx, ctx->buf, ctx->buf);
+    }
+
+    memcpy(tag, ctx->base_ectr, tag_len);
+
+    if (orig_len || orig_add_len) {
+        memset(work_buf, 0x00, 16);
+
+        MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0);
+        MBEDTLS_PUT_UINT32_BE((orig_add_len), work_buf, 4);
+        MBEDTLS_PUT_UINT32_BE((orig_len     >> 32), work_buf, 8);
+        MBEDTLS_PUT_UINT32_BE((orig_len), work_buf, 12);
+
+        mbedtls_xor(ctx->buf, ctx->buf, work_buf, 16);
+
+        gcm_mult(ctx, ctx->buf, ctx->buf);
+
+        mbedtls_xor(tag, tag, ctx->buf, tag_len);
+    }
+
+    return 0;
 }
 
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag )
+int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
+                              int mode,
+                              size_t length,
+                              const unsigned char *iv,
+                              size_t iv_len,
+                              const unsigned char *add,
+                              size_t add_len,
+                              const unsigned char *input,
+                              unsigned char *output,
+                              size_t tag_len,
+                              unsigned char *tag)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_gcm_update_ad( ctx, add, add_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_gcm_update_ad(ctx, add, add_len)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_gcm_update( ctx, input, length,
-                                    output, length, &olen ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_gcm_update(ctx, input, length,
+                                  output, length, &olen)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_gcm_finish( ctx, NULL, 0, &olen, tag, tag_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_gcm_finish(ctx, NULL, 0, &olen, tag, tag_len)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output )
+int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
+                             size_t length,
+                             const unsigned char *iv,
+                             size_t iv_len,
+                             const unsigned char *add,
+                             size_t add_len,
+                             const unsigned char *tag,
+                             size_t tag_len,
+                             const unsigned char *input,
+                             unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char check_tag[16];
     size_t i;
     int diff;
 
-    if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
-                                   iv, iv_len, add, add_len,
-                                   input, output, tag_len, check_tag ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
+                                         iv, iv_len, add, add_len,
+                                         input, output, tag_len, check_tag)) != 0) {
+        return ret;
     }
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
+    for (diff = 0, i = 0; i < tag_len; i++) {
         diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        mbedtls_platform_zeroize(output, length);
+        return MBEDTLS_ERR_GCM_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
+void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
+    }
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
 }
 
 #endif /* !MBEDTLS_GCM_ALT */
@@ -610,7 +617,7 @@
 #define MAX_TESTS   6
 
 static const int key_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
+{ 0, 0, 1, 1, 1, 1 };
 
 static const unsigned char key_test_data[MAX_TESTS][32] =
 {
@@ -625,10 +632,10 @@
 };
 
 static const size_t iv_len_test_data[MAX_TESTS] =
-    { 12, 12, 12, 12, 8, 60 };
+{ 12, 12, 12, 12, 8, 60 };
 
 static const int iv_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 2 };
+{ 0, 0, 1, 1, 1, 2 };
 
 static const unsigned char iv_test_data[MAX_TESTS][64] =
 {
@@ -647,10 +654,10 @@
 };
 
 static const size_t add_len_test_data[MAX_TESTS] =
-    { 0, 0, 0, 20, 20, 20 };
+{ 0, 0, 0, 20, 20, 20 };
 
 static const int add_index_test_data[MAX_TESTS] =
-    { 0, 0, 0, 1, 1, 1 };
+{ 0, 0, 0, 1, 1, 1 };
 
 static const unsigned char additional_test_data[MAX_TESTS][64] =
 {
@@ -661,10 +668,10 @@
 };
 
 static const size_t pt_len_test_data[MAX_TESTS] =
-    { 0, 16, 64, 60, 60, 60 };
+{ 0, 16, 64, 60, 60, 60 };
 
 static const int pt_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
+{ 0, 0, 1, 1, 1, 1 };
 
 static const unsigned char pt_test_data[MAX_TESTS][64] =
 {
@@ -829,7 +836,7 @@
       0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
 };
 
-int mbedtls_gcm_self_test( int verbose )
+int mbedtls_gcm_self_test(int verbose)
 {
     mbedtls_gcm_context ctx;
     unsigned char buf[64];
@@ -838,267 +845,283 @@
     mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
     size_t olen;
 
-    for( j = 0; j < 3; j++ )
-    {
+    for (j = 0; j < 3; j++) {
         int key_len = 128 + 64 * j;
 
-        for( i = 0; i < MAX_TESTS; i++ )
-        {
-            mbedtls_gcm_init( &ctx );
+        for (i = 0; i < MAX_TESTS; i++) {
+            mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "enc" );
+            if (verbose != 0) {
+                mbedtls_printf("  AES-GCM-%3d #%d (%s): ",
+                               key_len, i, "enc");
+            }
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
+            ret = mbedtls_gcm_setkey(&ctx, cipher,
+                                     key_test_data[key_index_test_data[i]],
+                                     key_len);
             /*
              * AES-192 is an optional feature that may be unavailable when
              * there is an alternative underlying implementation i.e. when
              * MBEDTLS_AES_ALT is defined.
              */
-            if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
-            {
-                mbedtls_printf( "skipped\n" );
+            if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
+                mbedtls_printf("skipped\n");
                 break;
-            }
-            else if( ret != 0 )
-            {
+            } else if (ret != 0) {
                 goto exit;
             }
 
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                pt_len_test_data[i],
-                                iv_test_data[iv_index_test_data[i]],
-                                iv_len_test_data[i],
-                                additional_test_data[add_index_test_data[i]],
-                                add_len_test_data[i],
-                                pt_test_data[pt_index_test_data[i]],
-                                buf, 16, tag_buf );
+            ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT,
+                                            pt_len_test_data[i],
+                                            iv_test_data[iv_index_test_data[i]],
+                                            iv_len_test_data[i],
+                                            additional_test_data[add_index_test_data[i]],
+                                            add_len_test_data[i],
+                                            pt_test_data[pt_index_test_data[i]],
+                                            buf, 16, tag_buf);
 #if defined(MBEDTLS_GCM_ALT)
             /* Allow alternative implementations to only support 12-byte nonces. */
-            if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
-                iv_len_test_data[i] != 12 )
-            {
-                mbedtls_printf( "skipped\n" );
+            if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
+                iv_len_test_data[i] != 12) {
+                mbedtls_printf("skipped\n");
                 break;
             }
 #endif /* defined(MBEDTLS_GCM_ALT) */
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if ( memcmp( buf, ct_test_data[j * 6 + i],
-                         pt_len_test_data[i] ) != 0 ||
-                 memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
+            if (memcmp(buf, ct_test_data[j * 6 + i],
+                       pt_len_test_data[i]) != 0 ||
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
                 ret = 1;
                 goto exit;
             }
 
-            mbedtls_gcm_free( &ctx );
+            mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("passed\n");
+            }
 
-            mbedtls_gcm_init( &ctx );
+            mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "dec" );
+            if (verbose != 0) {
+                mbedtls_printf("  AES-GCM-%3d #%d (%s): ",
+                               key_len, i, "dec");
+            }
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
+            ret = mbedtls_gcm_setkey(&ctx, cipher,
+                                     key_test_data[key_index_test_data[i]],
+                                     key_len);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
-                                pt_len_test_data[i],
-                                iv_test_data[iv_index_test_data[i]],
-                                iv_len_test_data[i],
-                                additional_test_data[add_index_test_data[i]],
-                                add_len_test_data[i],
-                                ct_test_data[j * 6 + i], buf, 16, tag_buf );
+            ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT,
+                                            pt_len_test_data[i],
+                                            iv_test_data[iv_index_test_data[i]],
+                                            iv_len_test_data[i],
+                                            additional_test_data[add_index_test_data[i]],
+                                            add_len_test_data[i],
+                                            ct_test_data[j * 6 + i], buf, 16, tag_buf);
 
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
+            if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
+                       pt_len_test_data[i]) != 0 ||
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
                 ret = 1;
                 goto exit;
             }
 
-            mbedtls_gcm_free( &ctx );
+            mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("passed\n");
+            }
 
-            mbedtls_gcm_init( &ctx );
+            mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "enc" );
+            if (verbose != 0) {
+                mbedtls_printf("  AES-GCM-%3d #%d split (%s): ",
+                               key_len, i, "enc");
+            }
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
+            ret = mbedtls_gcm_setkey(&ctx, cipher,
+                                     key_test_data[key_index_test_data[i]],
+                                     key_len);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                      iv_test_data[iv_index_test_data[i]],
-                                      iv_len_test_data[i] );
-            if( ret != 0 )
+            ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT,
+                                     iv_test_data[iv_index_test_data[i]],
+                                     iv_len_test_data[i]);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            ret = mbedtls_gcm_update_ad( &ctx,
-                              additional_test_data[add_index_test_data[i]],
-                              add_len_test_data[i] );
-            if( ret != 0 )
+            ret = mbedtls_gcm_update_ad(&ctx,
+                                        additional_test_data[add_index_test_data[i]],
+                                        add_len_test_data[i]);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( pt_len_test_data[i] > 32 )
-            {
+            if (pt_len_test_data[i] > 32) {
                 size_t rest_len = pt_len_test_data[i] - 32;
-                ret = mbedtls_gcm_update( &ctx,
-                                          pt_test_data[pt_index_test_data[i]],
-                                          32,
-                                          buf, sizeof( buf ), &olen );
-                if( ret != 0 )
+                ret = mbedtls_gcm_update(&ctx,
+                                         pt_test_data[pt_index_test_data[i]],
+                                         32,
+                                         buf, sizeof(buf), &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != 32 )
+                }
+                if (olen != 32) {
                     goto exit;
+                }
 
-                ret = mbedtls_gcm_update( &ctx,
-                                          pt_test_data[pt_index_test_data[i]] + 32,
-                                          rest_len,
-                                          buf + 32, sizeof( buf ) - 32, &olen );
-                if( ret != 0 )
+                ret = mbedtls_gcm_update(&ctx,
+                                         pt_test_data[pt_index_test_data[i]] + 32,
+                                         rest_len,
+                                         buf + 32, sizeof(buf) - 32, &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != rest_len )
+                }
+                if (olen != rest_len) {
                     goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx,
-                                          pt_test_data[pt_index_test_data[i]],
-                                          pt_len_test_data[i],
-                                          buf, sizeof( buf ), &olen );
-                if( ret != 0 )
+                }
+            } else {
+                ret = mbedtls_gcm_update(&ctx,
+                                         pt_test_data[pt_index_test_data[i]],
+                                         pt_len_test_data[i],
+                                         buf, sizeof(buf), &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != pt_len_test_data[i] )
+                }
+                if (olen != pt_len_test_data[i]) {
                     goto exit;
+                }
             }
 
-            ret = mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 );
-            if( ret != 0 )
+            ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( memcmp( buf, ct_test_data[j * 6 + i],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
+            if (memcmp(buf, ct_test_data[j * 6 + i],
+                       pt_len_test_data[i]) != 0 ||
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
                 ret = 1;
                 goto exit;
             }
 
-            mbedtls_gcm_free( &ctx );
+            mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("passed\n");
+            }
 
-            mbedtls_gcm_init( &ctx );
+            mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "dec" );
+            if (verbose != 0) {
+                mbedtls_printf("  AES-GCM-%3d #%d split (%s): ",
+                               key_len, i, "dec");
+            }
 
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
+            ret = mbedtls_gcm_setkey(&ctx, cipher,
+                                     key_test_data[key_index_test_data[i]],
+                                     key_len);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
-                                      iv_test_data[iv_index_test_data[i]],
-                                      iv_len_test_data[i] );
-            if( ret != 0 )
+            ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT,
+                                     iv_test_data[iv_index_test_data[i]],
+                                     iv_len_test_data[i]);
+            if (ret != 0) {
                 goto exit;
-            ret = mbedtls_gcm_update_ad( &ctx,
-                              additional_test_data[add_index_test_data[i]],
-                              add_len_test_data[i] );
-            if( ret != 0 )
+            }
+            ret = mbedtls_gcm_update_ad(&ctx,
+                                        additional_test_data[add_index_test_data[i]],
+                                        add_len_test_data[i]);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( pt_len_test_data[i] > 32 )
-            {
+            if (pt_len_test_data[i] > 32) {
                 size_t rest_len = pt_len_test_data[i] - 32;
-                ret = mbedtls_gcm_update( &ctx,
-                                          ct_test_data[j * 6 + i], 32,
-                                          buf, sizeof( buf ), &olen );
-                if( ret != 0 )
+                ret = mbedtls_gcm_update(&ctx,
+                                         ct_test_data[j * 6 + i], 32,
+                                         buf, sizeof(buf), &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != 32 )
+                }
+                if (olen != 32) {
                     goto exit;
+                }
 
-                ret = mbedtls_gcm_update( &ctx,
-                                          ct_test_data[j * 6 + i] + 32,
-                                          rest_len,
-                                          buf + 32, sizeof( buf ) - 32, &olen );
-                if( ret != 0 )
+                ret = mbedtls_gcm_update(&ctx,
+                                         ct_test_data[j * 6 + i] + 32,
+                                         rest_len,
+                                         buf + 32, sizeof(buf) - 32, &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != rest_len )
+                }
+                if (olen != rest_len) {
                     goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx,
-                                          ct_test_data[j * 6 + i],
-                                          pt_len_test_data[i],
-                                          buf, sizeof( buf ), &olen );
-                if( ret != 0 )
+                }
+            } else {
+                ret = mbedtls_gcm_update(&ctx,
+                                         ct_test_data[j * 6 + i],
+                                         pt_len_test_data[i],
+                                         buf, sizeof(buf), &olen);
+                if (ret != 0) {
                     goto exit;
-                if( olen != pt_len_test_data[i] )
+                }
+                if (olen != pt_len_test_data[i]) {
                     goto exit;
+                }
             }
 
-            ret = mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 );
-            if( ret != 0 )
+            ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16);
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
+            if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
+                       pt_len_test_data[i]) != 0 ||
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
                 ret = 1;
                 goto exit;
             }
 
-            mbedtls_gcm_free( &ctx );
+            mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
+            if (verbose != 0) {
+                mbedtls_printf("passed\n");
+            }
         }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
     ret = 0;
 
 exit:
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-        mbedtls_gcm_free( &ctx );
+    if (ret != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
+        mbedtls_gcm_free(&ctx);
     }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/hash_info.c b/library/hash_info.c
index cd7d70e..f8b41a5 100644
--- a/library/hash_info.c
+++ b/library/hash_info.c
@@ -24,8 +24,7 @@
 #include "mbedtls/legacy_or_psa.h"
 #include "mbedtls/error.h"
 
-typedef struct
-{
+typedef struct {
     psa_algorithm_t psa_alg;
     mbedtls_md_type_t md_type;
     unsigned char size;
@@ -58,12 +57,11 @@
 };
 
 /* Get size from MD type */
-unsigned char mbedtls_hash_info_get_size( mbedtls_md_type_t md_type )
+unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type)
 {
     const hash_entry *entry = hash_table;
-    while( entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
-    {
+    while (entry->md_type != MBEDTLS_MD_NONE &&
+           entry->md_type != md_type) {
         entry++;
     }
 
@@ -71,12 +69,11 @@
 }
 
 /* Get block size from MD type */
-unsigned char mbedtls_hash_info_get_block_size( mbedtls_md_type_t md_type )
+unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type)
 {
     const hash_entry *entry = hash_table;
-    while( entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
-    {
+    while (entry->md_type != MBEDTLS_MD_NONE &&
+           entry->md_type != md_type) {
         entry++;
     }
 
@@ -84,12 +81,11 @@
 }
 
 /* Get PSA from MD */
-psa_algorithm_t mbedtls_hash_info_psa_from_md( mbedtls_md_type_t md_type )
+psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type)
 {
     const hash_entry *entry = hash_table;
-    while( entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
-    {
+    while (entry->md_type != MBEDTLS_MD_NONE &&
+           entry->md_type != md_type) {
         entry++;
     }
 
@@ -97,31 +93,29 @@
 }
 
 /* Get MD from PSA */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa( psa_algorithm_t psa_alg )
+mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg)
 {
     const hash_entry *entry = hash_table;
-    while( entry->md_type != MBEDTLS_MD_NONE &&
-           entry->psa_alg != psa_alg )
-    {
+    while (entry->md_type != MBEDTLS_MD_NONE &&
+           entry->psa_alg != psa_alg) {
         entry++;
     }
 
     return entry->md_type;
 }
 
-int mbedtls_md_error_from_psa( psa_status_t status )
+int mbedtls_md_error_from_psa(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_SUCCESS:
-            return( 0 );
+            return 0;
         case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
         case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+            return MBEDTLS_ERR_MD_ALLOC_FAILED;
         default:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }
diff --git a/library/hash_info.h b/library/hash_info.h
index 1b7b46c..47da934 100644
--- a/library/hash_info.h
+++ b/library/hash_info.h
@@ -41,11 +41,11 @@
  */
 #if defined(MBEDTLS_MD_C) && ( \
     !defined(MBEDTLS_PSA_CRYPTO_C) || \
-    MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE )
+    MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE)
 #define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
 #elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
     !defined(MBEDTLS_MD_C) || \
-    PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE )
+    PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE)
 #define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
 #endif
 
@@ -57,7 +57,7 @@
  *
  * \return          The output length in bytes, or 0 if not known.
  */
-unsigned char mbedtls_hash_info_get_size( mbedtls_md_type_t md_type );
+unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type);
 
 /** Get the block size of the given hash type from its MD type.
  *
@@ -68,7 +68,7 @@
  *
  * \return          The block size in bytes, or 0 if not known.
  */
-unsigned char mbedtls_hash_info_get_block_size( mbedtls_md_type_t md_type );
+unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type);
 
 /** Get the PSA alg from the MD type.
  *
@@ -77,7 +77,7 @@
  * \return          The corresponding PSA algorithm identifier,
  *                  or PSA_ALG_NONE if not known.
  */
-psa_algorithm_t mbedtls_hash_info_psa_from_md( mbedtls_md_type_t md_type );
+psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type);
 
 /** Get the MD type alg from the PSA algorithm identifier.
  *
@@ -86,7 +86,7 @@
  * \return          The corresponding MD type,
  *                  or MBEDTLS_MD_NONE if not known.
  */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa( psa_algorithm_t psa_alg );
+mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
 
 /** Convert PSA status to MD error code.
  *
@@ -94,6 +94,6 @@
  *
  * \return          The corresponding MD error code,
  */
-int mbedtls_md_error_from_psa( psa_status_t status );
+int mbedtls_md_error_from_psa(psa_status_t status);
 
 #endif /* MBEDTLS_HASH_INFO_H */
diff --git a/library/hkdf.c b/library/hkdf.c
index 5013729..a3f071e 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -25,47 +25,43 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
-                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
-                  const unsigned char *info, size_t info_len,
-                  unsigned char *okm, size_t okm_len )
+int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
+                 size_t salt_len, const unsigned char *ikm, size_t ikm_len,
+                 const unsigned char *info, size_t info_len,
+                 unsigned char *okm, size_t okm_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char prk[MBEDTLS_MD_MAX_SIZE];
 
-    ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );
+    ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);
 
-    if( ret == 0 )
-    {
-        ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ),
-                                   info, info_len, okm, okm_len );
+    if (ret == 0) {
+        ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
+                                  info, info_len, okm, okm_len);
     }
 
-    mbedtls_platform_zeroize( prk, sizeof( prk ) );
+    mbedtls_platform_zeroize(prk, sizeof(prk));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
-                          const unsigned char *salt, size_t salt_len,
-                          const unsigned char *ikm, size_t ikm_len,
-                          unsigned char *prk )
+int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
+                         const unsigned char *salt, size_t salt_len,
+                         const unsigned char *ikm, size_t ikm_len,
+                         unsigned char *prk)
 {
     unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
 
-    if( salt == NULL )
-    {
+    if (salt == NULL) {
         size_t hash_len;
 
-        if( salt_len != 0 )
-        {
+        if (salt_len != 0) {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }
 
-        hash_len = mbedtls_md_get_size( md );
+        hash_len = mbedtls_md_get_size(md);
 
-        if( hash_len == 0 )
-        {
+        if (hash_len == 0) {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }
 
@@ -73,12 +69,12 @@
         salt_len = hash_len;
     }
 
-    return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
+    return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
 }
 
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
-                         size_t prk_len, const unsigned char *info,
-                         size_t info_len, unsigned char *okm, size_t okm_len )
+int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
+                        size_t prk_len, const unsigned char *info,
+                        size_t info_len, unsigned char *okm, size_t okm_len)
 {
     size_t hash_len;
     size_t where = 0;
@@ -89,28 +85,24 @@
     mbedtls_md_context_t ctx;
     unsigned char t[MBEDTLS_MD_MAX_SIZE];
 
-    if( okm == NULL )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+    if (okm == NULL) {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }
 
-    hash_len = mbedtls_md_get_size( md );
+    hash_len = mbedtls_md_get_size(md);
 
-    if( prk_len < hash_len || hash_len == 0 )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+    if (prk_len < hash_len || hash_len == 0) {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }
 
-    if( info == NULL )
-    {
+    if (info == NULL) {
         info = (const unsigned char *) "";
         info_len = 0;
     }
 
     n = okm_len / hash_len;
 
-    if( okm_len % hash_len != 0 )
-    {
+    if (okm_len % hash_len != 0) {
         n++;
     }
 
@@ -118,72 +110,64 @@
      * Per RFC 5869 Section 2.3, okm_len must not exceed
      * 255 times the hash length
      */
-    if( n > 255 )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
+    if (n > 255) {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }
 
-    mbedtls_md_init( &ctx );
+    mbedtls_md_init(&ctx);
 
-    if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
-    {
+    if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
         goto exit;
     }
 
-    memset( t, 0, hash_len );
+    memset(t, 0, hash_len);
 
     /*
      * Compute T = T(1) | T(2) | T(3) | ... | T(N)
      * Where T(N) is defined in RFC 5869 Section 2.3
      */
-    for( i = 1; i <= n; i++ )
-    {
+    for (i = 1; i <= n; i++) {
         size_t num_to_copy;
         unsigned char c = i & 0xff;
 
-        ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );
-        if( ret != 0 )
-        {
+        ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
+        if (ret != 0) {
             goto exit;
         }
 
-        ret = mbedtls_md_hmac_update( &ctx, t, t_len );
-        if( ret != 0 )
-        {
+        ret = mbedtls_md_hmac_update(&ctx, t, t_len);
+        if (ret != 0) {
             goto exit;
         }
 
-        ret = mbedtls_md_hmac_update( &ctx, info, info_len );
-        if( ret != 0 )
-        {
+        ret = mbedtls_md_hmac_update(&ctx, info, info_len);
+        if (ret != 0) {
             goto exit;
         }
 
         /* The constant concatenated to the end of each T(n) is a single octet.
          * */
-        ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
-        if( ret != 0 )
-        {
+        ret = mbedtls_md_hmac_update(&ctx, &c, 1);
+        if (ret != 0) {
             goto exit;
         }
 
-        ret = mbedtls_md_hmac_finish( &ctx, t );
-        if( ret != 0 )
-        {
+        ret = mbedtls_md_hmac_finish(&ctx, t);
+        if (ret != 0) {
             goto exit;
         }
 
         num_to_copy = i != n ? hash_len : okm_len - where;
-        memcpy( okm + where, t, num_to_copy );
+        memcpy(okm + where, t, num_to_copy);
         where += hash_len;
         t_len = hash_len;
     }
 
 exit:
-    mbedtls_md_free( &ctx );
-    mbedtls_platform_zeroize( t, sizeof( t ) );
+    mbedtls_md_free(&ctx);
+    mbedtls_platform_zeroize(t, sizeof(t));
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_HKDF_C */
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 6bc679d..b157302 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -42,9 +42,9 @@
 /*
  * HMAC_DRBG context initialization
  */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
+void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
+    memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context));
 
     ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
 }
@@ -52,65 +52,72 @@
 /*
  * HMAC_DRBG update, using optional additional data (10.1.2.2)
  */
-int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                                  const unsigned char *additional,
-                                  size_t add_len )
+int mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
+                             const unsigned char *additional,
+                             size_t add_len)
 {
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
-    unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
+    size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
+    unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1;
     unsigned char sep[1];
     unsigned char K[MBEDTLS_MD_MAX_SIZE];
     int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
 
-    for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
-    {
+    for (sep[0] = 0; sep[0] < rounds; sep[0]++) {
         /* Step 1 or 4 */
-        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            sep, 1 ) ) != 0 )
-            goto exit;
-        if( rounds == 2 )
-        {
-            if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                                additional, add_len ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
             goto exit;
         }
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+                                          ctx->V, md_len)) != 0) {
             goto exit;
+        }
+        if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+                                          sep, 1)) != 0) {
+            goto exit;
+        }
+        if (rounds == 2) {
+            if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+                                              additional, add_len)) != 0) {
+                goto exit;
+            }
+        }
+        if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, K)) != 0) {
+            goto exit;
+        }
 
         /* Step 2 or 5 */
-        if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, K, md_len)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+                                          ctx->V, md_len)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {
             goto exit;
+        }
     }
 
 exit:
-    mbedtls_platform_zeroize( K, sizeof( K ) );
-    return( ret );
+    mbedtls_platform_zeroize(K, sizeof(K));
+    return ret;
 }
 
 /*
  * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
  */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len )
+int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
+                               const mbedtls_md_info_t *md_info,
+                               const unsigned char *data, size_t data_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 
     /*
@@ -118,15 +125,17 @@
      * Use the V memory location, which is currently all 0, to initialize the
      * MD context with an all-zero key. Then set V to its initial value.
      */
-    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
-                                        mbedtls_md_get_size( md_info ) ) ) != 0 )
-        return( ret );
-    memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
+    if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V,
+                                      mbedtls_md_get_size(md_info))) != 0) {
+        return ret;
+    }
+    memset(ctx->V, 0x01, mbedtls_md_get_size(md_info));
 
-    if( ( ret = mbedtls_hmac_drbg_update( ctx, data, data_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_hmac_drbg_update(ctx, data, data_len)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -134,9 +143,9 @@
  * Comments starting with arabic numbers refer to section 10.1.2.4
  * of SP800-90A, while roman numbers refer to section 9.2.
  */
-static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
-                                  const unsigned char *additional, size_t len,
-                                  int use_nonce )
+static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx,
+                                 const unsigned char *additional, size_t len,
+                                 int use_nonce)
 {
     unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
     size_t seedlen = 0;
@@ -145,33 +154,31 @@
     {
         size_t total_entropy_len;
 
-        if( use_nonce == 0 )
+        if (use_nonce == 0) {
             total_entropy_len = ctx->entropy_len;
-        else
+        } else {
             total_entropy_len = ctx->entropy_len * 3 / 2;
+        }
 
         /* III. Check input length */
-        if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
-            total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
-        {
-            return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+        if (len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
+            total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) {
+            return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
         }
     }
 
-    memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+    memset(seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT);
 
     /* IV. Gather entropy_len bytes of entropy for the seed */
-    if( ( ret = ctx->f_entropy( ctx->p_entropy,
-                                seed, ctx->entropy_len ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+    if ((ret = ctx->f_entropy(ctx->p_entropy,
+                              seed, ctx->entropy_len)) != 0) {
+        return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;
     }
     seedlen += ctx->entropy_len;
 
     /* For initial seeding, allow adding of nonce generated
      * from the entropy source. See Sect 8.6.7 in SP800-90A. */
-    if( use_nonce )
-    {
+    if (use_nonce) {
         /* Note: We don't merge the two calls to f_entropy() in order
          *       to avoid requesting too much entropy from f_entropy()
          *       at once. Specifically, if the underlying digest is not
@@ -179,11 +186,10 @@
          *       is larger than the maximum of 32 Bytes that our own
          *       entropy source implementation can emit in a single
          *       call in configurations disabling SHA-512. */
-        if( ( ret = ctx->f_entropy( ctx->p_entropy,
-                                    seed + seedlen,
-                                    ctx->entropy_len / 2 ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+        if ((ret = ctx->f_entropy(ctx->p_entropy,
+                                  seed + seedlen,
+                                  ctx->entropy_len / 2)) != 0) {
+            return MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED;
         }
 
         seedlen += ctx->entropy_len / 2;
@@ -191,32 +197,32 @@
 
 
     /* 1. Concatenate entropy and additional data if any */
-    if( additional != NULL && len != 0 )
-    {
-        memcpy( seed + seedlen, additional, len );
+    if (additional != NULL && len != 0) {
+        memcpy(seed + seedlen, additional, len);
         seedlen += len;
     }
 
     /* 2. Update state */
-    if( ( ret = mbedtls_hmac_drbg_update( ctx, seed, seedlen ) ) != 0 )
+    if ((ret = mbedtls_hmac_drbg_update(ctx, seed, seedlen)) != 0) {
         goto exit;
+    }
 
     /* 3. Reset reseed_counter */
     ctx->reseed_counter = 1;
 
 exit:
     /* 4. Done */
-    mbedtls_platform_zeroize( seed, seedlen );
-    return( ret );
+    mbedtls_platform_zeroize(seed, seedlen);
+    return ret;
 }
 
 /*
  * HMAC_DRBG reseeding: 10.1.2.4 + 9.2
  */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len )
+int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
+                             const unsigned char *additional, size_t len)
 {
-    return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) );
+    return hmac_drbg_reseed_core(ctx, additional, len, 0);
 }
 
 /*
@@ -225,40 +231,41 @@
  * The nonce is not passed as a separate parameter but extracted
  * from the entropy source as suggested in 8.6.7.
  */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len )
+int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
+                           const mbedtls_md_info_t *md_info,
+                           int (*f_entropy)(void *, unsigned char *, size_t),
+                           void *p_entropy,
+                           const unsigned char *custom,
+                           size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t md_size;
 
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {
+        return ret;
+    }
 
     /* The mutex is initialized iff the md context is set up. */
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 
-    md_size = mbedtls_md_get_size( md_info );
+    md_size = mbedtls_md_get_size(md_info);
 
     /*
      * Set initial working state.
      * Use the V memory location, which is currently all 0, to initialize the
      * MD context with an all-zero key. Then set V to its initial value.
      */
-    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
-        return( ret );
-    memset( ctx->V, 0x01, md_size );
+    if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, md_size)) != 0) {
+        return ret;
+    }
+    memset(ctx->V, 0x01, md_size);
 
     ctx->f_entropy = f_entropy;
     ctx->p_entropy = p_entropy;
 
-    if( ctx->entropy_len == 0 )
-    {
+    if (ctx->entropy_len == 0) {
         /*
          * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
          * each hash function, then according to SP800-90A rev1 10.1 table 2,
@@ -271,20 +278,19 @@
                            32;  /* better (256+) -> 256 bits */
     }
 
-    if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
-                                       1 /* add nonce */ ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = hmac_drbg_reseed_core(ctx, custom, len,
+                                     1 /* add nonce */)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Set prediction resistance
  */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance )
+void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
+                                                 int resistance)
 {
     ctx->prediction_resistance = resistance;
 }
@@ -292,7 +298,7 @@
 /*
  * Set entropy length grabbed for seeding
  */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
+void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len)
 {
     ctx->entropy_len = len;
 }
@@ -300,7 +306,7 @@
 /*
  * Set reseed interval
  */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
+void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval)
 {
     ctx->reseed_interval = interval;
 }
@@ -309,134 +315,144 @@
  * HMAC_DRBG random function with optional additional data:
  * 10.1.2.5 (arabic) + 9.3 (Roman)
  */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t out_len,
-                               const unsigned char *additional, size_t add_len )
+int mbedtls_hmac_drbg_random_with_add(void *p_rng,
+                                      unsigned char *output, size_t out_len,
+                                      const unsigned char *additional, size_t add_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
+    size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);
     size_t left = out_len;
     unsigned char *out = output;
 
     /* II. Check request length */
-    if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
+    if (out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST) {
+        return MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG;
+    }
 
     /* III. Check input length */
-    if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+    if (add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT) {
+        return MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
+    }
 
     /* 1. (aka VII and IX) Check reseed counter and PR */
-    if( ctx->f_entropy != NULL && /* For no-reseeding instances */
-        ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
-          ctx->reseed_counter > ctx->reseed_interval ) )
-    {
-        if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-            return( ret );
+    if (ctx->f_entropy != NULL && /* For no-reseeding instances */
+        (ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
+         ctx->reseed_counter > ctx->reseed_interval)) {
+        if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0) {
+            return ret;
+        }
 
         add_len = 0; /* VII.4 */
     }
 
     /* 2. Use additional data if any */
-    if( additional != NULL && add_len != 0 )
-    {
-        if( ( ret = mbedtls_hmac_drbg_update( ctx,
-                                                  additional, add_len ) ) != 0 )
+    if (additional != NULL && add_len != 0) {
+        if ((ret = mbedtls_hmac_drbg_update(ctx,
+                                            additional, add_len)) != 0) {
             goto exit;
+        }
     }
 
     /* 3, 4, 5. Generate bytes */
-    while( left != 0 )
-    {
+    while (left != 0) {
         size_t use_len = left > md_len ? md_len : left;
 
-        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,
+                                          ctx->V, md_len)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {
             goto exit;
+        }
 
-        memcpy( out, ctx->V, use_len );
+        memcpy(out, ctx->V, use_len);
         out += use_len;
         left -= use_len;
     }
 
     /* 6. Update */
-    if( ( ret = mbedtls_hmac_drbg_update( ctx,
-                                              additional, add_len ) ) != 0 )
+    if ((ret = mbedtls_hmac_drbg_update(ctx,
+                                        additional, add_len)) != 0) {
         goto exit;
+    }
 
     /* 7. Update reseed counter */
     ctx->reseed_counter++;
 
 exit:
     /* 8. Done */
-    return( ret );
+    return ret;
 }
 
 /*
  * HMAC_DRBG random function
  */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
+int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
+    ret = mbedtls_hmac_drbg_random_with_add(ctx, output, out_len, NULL, 0);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  *  This function resets HMAC_DRBG context to the state immediately
  *  after initial call of mbedtls_hmac_drbg_init().
  */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
+void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
     /* The mutex is initialized iff the md context is set up. */
-    if( ctx->md_ctx.md_info != NULL )
-        mbedtls_mutex_free( &ctx->mutex );
+    if (ctx->md_ctx.md_info != NULL) {
+        mbedtls_mutex_free(&ctx->mutex);
+    }
 #endif
-    mbedtls_md_free( &ctx->md_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
+    mbedtls_md_free(&ctx->md_ctx);
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_hmac_drbg_context));
     ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
 }
 
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     FILE *f;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+    unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT];
 
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+    if ((f = fopen(path, "wb")) == NULL) {
+        return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
+    if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0) {
         goto exit;
+    }
 
-    if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
-    {
+    if (fwrite(buf, 1, sizeof(buf), f) != sizeof(buf)) {
         ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
         goto exit;
     }
@@ -444,49 +460,50 @@
     ret = 0;
 
 exit:
-    fclose( f );
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    fclose(f);
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)
 {
     int ret = 0;
     FILE *f = NULL;
     size_t n;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+    unsigned char buf[MBEDTLS_HMAC_DRBG_MAX_INPUT];
     unsigned char c;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    n = fread( buf, 1, sizeof( buf ), f );
-    if( fread( &c, 1, 1, f ) != 0 )
-    {
+    n = fread(buf, 1, sizeof(buf), f);
+    if (fread(&c, 1, 1, f) != 0) {
         ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
         goto exit;
     }
-    if( n == 0 || ferror( f ) )
-    {
+    if (n == 0 || ferror(f)) {
         ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
         goto exit;
     }
-    fclose( f );
+    fclose(f);
     f = NULL;
 
-    ret = mbedtls_hmac_drbg_update( ctx, buf, n );
+    ret = mbedtls_hmac_drbg_update(ctx, buf, n);
 
 exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    if( f != NULL )
-        fclose( f );
-    if( ret != 0 )
-        return( ret );
-    return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    if (f != NULL) {
+        fclose(f);
+    }
+    if (ret != 0) {
+        return ret;
+    }
+    return mbedtls_hmac_drbg_write_seed_file(ctx, path);
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -495,10 +512,10 @@
 
 #if !defined(MBEDTLS_SHA1_C)
 /* Dummy checkup routine */
-int mbedtls_hmac_drbg_self_test( int verbose )
+int mbedtls_hmac_drbg_self_test(int verbose)
 {
     (void) verbose;
-    return( 0 );
+    return 0;
 }
 #else
 
@@ -510,7 +527,8 @@
     0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
     0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
     0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
-    0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
+    0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4
+};
 static const unsigned char result_pr[OUTPUT_LEN] = {
     0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
     0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
@@ -518,14 +536,16 @@
     0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
     0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
     0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
-    0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
+    0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44
+};
 
 /* From a NIST PR=false test vector */
 static const unsigned char entropy_nopr[] = {
     0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
     0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
     0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
-    0xe9, 0x9d, 0xfe, 0xdf };
+    0xe9, 0x9d, 0xfe, 0xdf
+};
 static const unsigned char result_nopr[OUTPUT_LEN] = {
     0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
     0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
@@ -533,85 +553,91 @@
     0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
     0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
     0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
-    0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
+    0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7
+};
 
 /* "Entropy" from buffer */
 static size_t test_offset;
-static int hmac_drbg_self_test_entropy( void *data,
-                                        unsigned char *buf, size_t len )
+static int hmac_drbg_self_test_entropy(void *data,
+                                       unsigned char *buf, size_t len)
 {
     const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
+    memcpy(buf, p + test_offset, len);
     test_offset += len;
-    return( 0 );
+    return 0;
 }
 
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
+#define CHK(c)    if ((c) != 0)                          \
+    {                                       \
+        if (verbose != 0)                  \
+        mbedtls_printf("failed\n");  \
+        return 1;                        \
+    }
 
 /*
  * Checkup routine for HMAC_DRBG with SHA-1
  */
-int mbedtls_hmac_drbg_self_test( int verbose )
+int mbedtls_hmac_drbg_self_test(int verbose)
 {
     mbedtls_hmac_drbg_context ctx;
     unsigned char buf[OUTPUT_LEN];
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
 
-    mbedtls_hmac_drbg_init( &ctx );
+    mbedtls_hmac_drbg_init(&ctx);
 
     /*
      * PR = True
      */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = True) : " );
+    if (verbose != 0) {
+        mbedtls_printf("  HMAC_DRBG (PR = True) : ");
+    }
 
     test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_pr,
-                         NULL, 0 ) );
-    mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
+    CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,
+                               hmac_drbg_self_test_entropy, (void *) entropy_pr,
+                               NULL, 0));
+    mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);
+    CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+    CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+    CHK(memcmp(buf, result_pr, OUTPUT_LEN));
+    mbedtls_hmac_drbg_free(&ctx);
 
-    mbedtls_hmac_drbg_free( &ctx );
+    mbedtls_hmac_drbg_free(&ctx);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
     /*
      * PR = False
      */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = False) : " );
+    if (verbose != 0) {
+        mbedtls_printf("  HMAC_DRBG (PR = False) : ");
+    }
 
-    mbedtls_hmac_drbg_init( &ctx );
+    mbedtls_hmac_drbg_init(&ctx);
 
     test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_nopr,
-                         NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
+    CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,
+                               hmac_drbg_self_test_entropy, (void *) entropy_nopr,
+                               NULL, 0));
+    CHK(mbedtls_hmac_drbg_reseed(&ctx, NULL, 0));
+    CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+    CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));
+    CHK(memcmp(buf, result_nopr, OUTPUT_LEN));
+    mbedtls_hmac_drbg_free(&ctx);
 
-    mbedtls_hmac_drbg_free( &ctx );
+    mbedtls_hmac_drbg_free(&ctx);
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SHA1_C */
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/lmots.c b/library/lmots.c
index 788063c..c6b45ed 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -63,36 +63,34 @@
 #define DIGIT_MAX_VALUE        ((1u << W_WINTERNITZ_PARAMETER) - 1u)
 
 #define D_CONST_LEN            (2)
-static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80};
-static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81};
+static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = { 0x80, 0x80 };
+static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = { 0x81, 0x81 };
 
 #if defined(MBEDTLS_TEST_HOOKS)
-int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * ) = NULL;
+int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *) = NULL;
 #endif /* defined(MBEDTLS_TEST_HOOKS) */
 
-void mbedtls_lms_unsigned_int_to_network_bytes( unsigned int val, size_t len,
-                                                unsigned char *bytes )
+void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
+                                               unsigned char *bytes)
 {
     size_t idx;
 
-    for ( idx = 0; idx < len; idx++ )
-    {
-        bytes[idx] = ( val >> ( ( len - 1 - idx ) * 8 ) ) & 0xFF;
+    for (idx = 0; idx < len; idx++) {
+        bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF;
     }
 }
 
-unsigned int mbedtls_lms_network_bytes_to_unsigned_int( size_t len,
-                                                        const unsigned char *bytes )
+unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
+                                                       const unsigned char *bytes)
 {
     size_t idx;
     unsigned int val = 0;
 
-    for ( idx = 0; idx < len; idx++ )
-    {
-        val |= ( ( unsigned int )bytes[idx] ) << (8 * ( len - 1 - idx ) );
+    for (idx = 0; idx < len; idx++) {
+        val |= ((unsigned int) bytes[idx]) << (8 * (len - 1 - idx));
     }
 
-    return ( val );
+    return val;
 }
 
 /* Calculate the checksum digits that are appended to the end of the LMOTS digit
@@ -106,18 +104,17 @@
  *                      this does not contain a checksum, it is the same
  *                      size as a hash output.
  */
-static unsigned short lmots_checksum_calculate( const mbedtls_lmots_parameters_t *params,
-                                                const unsigned char* digest )
+static unsigned short lmots_checksum_calculate(const mbedtls_lmots_parameters_t *params,
+                                               const unsigned char *digest)
 {
     size_t idx;
     unsigned sum = 0;
 
-    for ( idx = 0; idx < MBEDTLS_LMOTS_N_HASH_LEN(params->type); idx++ )
-    {
+    for (idx = 0; idx < MBEDTLS_LMOTS_N_HASH_LEN(params->type); idx++) {
         sum += DIGIT_MAX_VALUE - digest[idx];
     }
 
-    return ( sum );
+    return sum;
 }
 
 /* Create the string of digest digits (in the base determined by the Winternitz
@@ -143,58 +140,65 @@
  *                      MBEDTLS_LMOTS_SHA256_N32_W8, this means it is of
  *                      size P bytes).
  */
-static int create_digit_array_with_checksum( const mbedtls_lmots_parameters_t *params,
-                                             const unsigned char *msg,
-                                             size_t msg_len,
-                                             const unsigned char *C_random_value,
-                                             unsigned char *out )
+static int create_digit_array_with_checksum(const mbedtls_lmots_parameters_t *params,
+                                            const unsigned char *msg,
+                                            size_t msg_len,
+                                            const unsigned char *C_random_value,
+                                            unsigned char *out)
 {
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t output_hash_len;
     unsigned short checksum;
 
-    status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, params->I_key_identifier,
-                              MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, params->I_key_identifier,
+                             MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, params->q_leaf_identifier,
-                              MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, params->q_leaf_identifier,
+                             MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, D_MESSAGE_CONSTANT_BYTES, D_CONST_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, D_MESSAGE_CONSTANT_BYTES, D_CONST_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, C_random_value,
-                              MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(params->type) );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, C_random_value,
+                             MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(params->type));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, msg, msg_len );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, msg, msg_len);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_finish( &op, out,
-                              MBEDTLS_LMOTS_N_HASH_LEN(params->type),
-                              &output_hash_len );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&op, out,
+                             MBEDTLS_LMOTS_N_HASH_LEN(params->type),
+                             &output_hash_len);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    checksum = lmots_checksum_calculate( params, out );
-    mbedtls_lms_unsigned_int_to_network_bytes( checksum, CHECKSUM_LEN,
-            out + MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+    checksum = lmots_checksum_calculate(params, out);
+    mbedtls_lms_unsigned_int_to_network_bytes(checksum, CHECKSUM_LEN,
+                                              out + MBEDTLS_LMOTS_N_HASH_LEN(params->type));
 
 exit:
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
 /* Hash each element of the string of digits (+ checksum), producing a hash
@@ -226,11 +230,11 @@
  *                      MBEDTLS_LMOTS_SHA256_N32_W8, this is of size 32 *
  *                      34.
  */
-static int hash_digit_array( const mbedtls_lmots_parameters_t *params,
-                             const unsigned char *x_digit_array,
-                             const unsigned char *hash_idx_min_values,
-                             const unsigned char *hash_idx_max_values,
-                             unsigned char *output )
+static int hash_digit_array(const mbedtls_lmots_parameters_t *params,
+                            const unsigned char *x_digit_array,
+                            const unsigned char *hash_idx_min_values,
+                            const unsigned char *hash_idx_max_values,
+                            unsigned char *output)
 {
     unsigned int i_digit_idx;
     unsigned char i_digit_idx_bytes[I_DIGIT_IDX_LEN];
@@ -243,76 +247,81 @@
     size_t output_hash_len;
     unsigned char tmp_hash[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
 
-    for ( i_digit_idx = 0;
-          i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type);
-          i_digit_idx++ )
-    {
+    for (i_digit_idx = 0;
+         i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type);
+         i_digit_idx++) {
 
-        memcpy( tmp_hash,
-                &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
-                MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+        memcpy(tmp_hash,
+               &x_digit_array[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
+               MBEDTLS_LMOTS_N_HASH_LEN(params->type));
 
         j_hash_idx_min = hash_idx_min_values != NULL ?
-                hash_idx_min_values[i_digit_idx] : 0;
+                         hash_idx_min_values[i_digit_idx] : 0;
         j_hash_idx_max = hash_idx_max_values != NULL ?
-                hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE;
+                         hash_idx_max_values[i_digit_idx] : DIGIT_MAX_VALUE;
 
-        for ( j_hash_idx = j_hash_idx_min;
-              j_hash_idx < j_hash_idx_max;
-              j_hash_idx++ )
-        {
-            status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-            if( status != PSA_SUCCESS )
+        for (j_hash_idx = j_hash_idx_min;
+             j_hash_idx < j_hash_idx_max;
+             j_hash_idx++) {
+            status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            status = psa_hash_update( &op,
-                                      params->I_key_identifier,
-                                      MBEDTLS_LMOTS_I_KEY_ID_LEN );
-            if( status != PSA_SUCCESS )
+            status = psa_hash_update(&op,
+                                     params->I_key_identifier,
+                                     MBEDTLS_LMOTS_I_KEY_ID_LEN);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            status = psa_hash_update( &op,
-                                      params->q_leaf_identifier,
-                                      MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
-            if( status != PSA_SUCCESS )
+            status = psa_hash_update(&op,
+                                     params->q_leaf_identifier,
+                                     MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx,
-                                                       I_DIGIT_IDX_LEN,
-                                                       i_digit_idx_bytes );
-            status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
-            if( status != PSA_SUCCESS )
+            mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx,
+                                                      I_DIGIT_IDX_LEN,
+                                                      i_digit_idx_bytes);
+            status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            mbedtls_lms_unsigned_int_to_network_bytes( j_hash_idx,
-                                                       J_HASH_IDX_LEN,
-                                                       j_hash_idx_bytes );
-            status = psa_hash_update( &op, j_hash_idx_bytes, J_HASH_IDX_LEN );
-            if( status != PSA_SUCCESS )
+            mbedtls_lms_unsigned_int_to_network_bytes(j_hash_idx,
+                                                      J_HASH_IDX_LEN,
+                                                      j_hash_idx_bytes);
+            status = psa_hash_update(&op, j_hash_idx_bytes, J_HASH_IDX_LEN);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            status = psa_hash_update( &op, tmp_hash,
-                                      MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
-            if( status != PSA_SUCCESS )
+            status = psa_hash_update(&op, tmp_hash,
+                                     MBEDTLS_LMOTS_N_HASH_LEN(params->type));
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            status = psa_hash_finish( &op, tmp_hash, sizeof( tmp_hash ),
-                                      &output_hash_len );
-            if( status != PSA_SUCCESS )
+            status = psa_hash_finish(&op, tmp_hash, sizeof(tmp_hash),
+                                     &output_hash_len);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
-            psa_hash_abort( &op );
+            psa_hash_abort(&op);
         }
 
-        memcpy( &output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
-                tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
+        memcpy(&output[i_digit_idx * MBEDTLS_LMOTS_N_HASH_LEN(params->type)],
+               tmp_hash, MBEDTLS_LMOTS_N_HASH_LEN(params->type));
     }
 
 exit:
-    psa_hash_abort( &op );
-    mbedtls_platform_zeroize( tmp_hash, sizeof( tmp_hash ) );
+    psa_hash_abort(&op);
+    mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash));
 
-    return( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
 /* Combine the hashes of the digit array into a public key. This is used in
@@ -330,276 +339,265 @@
  *                   case this is being run as part of signature
  *                   verification), in the form of a hash output.
  */
-static int public_key_from_hashed_digit_array( const mbedtls_lmots_parameters_t *params,
-                                               const unsigned char *y_hashed_digits,
-                                               unsigned char *pub_key )
+static int public_key_from_hashed_digit_array(const mbedtls_lmots_parameters_t *params,
+                                              const unsigned char *y_hashed_digits,
+                                              unsigned char *pub_key)
 {
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t output_hash_len;
 
-    status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op,
-                              params->I_key_identifier,
-                              MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op,
+                             params->I_key_identifier,
+                             MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, params->q_leaf_identifier,
-                              MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, params->q_leaf_identifier,
+                             MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, D_PUBLIC_CONSTANT_BYTES, D_CONST_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, D_PUBLIC_CONSTANT_BYTES, D_CONST_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, y_hashed_digits,
-                              MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type) *
-                              MBEDTLS_LMOTS_N_HASH_LEN(params->type) );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, y_hashed_digits,
+                             MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(params->type) *
+                             MBEDTLS_LMOTS_N_HASH_LEN(params->type));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_finish( &op, pub_key,
-                              MBEDTLS_LMOTS_N_HASH_LEN(params->type),
-                              &output_hash_len );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&op, pub_key,
+                             MBEDTLS_LMOTS_N_HASH_LEN(params->type),
+                             &output_hash_len);
+    if (status != PSA_SUCCESS) {
 
 exit:
-    psa_hash_abort( &op );
+        psa_hash_abort(&op);
+    }
 
-    return( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
-int mbedtls_lms_error_from_psa( psa_status_t status )
+int mbedtls_lms_error_from_psa(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_SUCCESS:
-            return( 0 );
+            return 0;
         case PSA_ERROR_HARDWARE_FAILURE:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
+            return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
         case PSA_ERROR_BUFFER_TOO_SMALL:
-            return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+            return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
         default:
-            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     }
 }
 
-void mbedtls_lmots_public_init( mbedtls_lmots_public_t *ctx )
+void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
 {
-    memset( ctx, 0, sizeof( *ctx ) ) ;
+    memset(ctx, 0, sizeof(*ctx));
 }
 
-void mbedtls_lmots_public_free( mbedtls_lmots_public_t *ctx )
+void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( *ctx ) ) ;
+    mbedtls_platform_zeroize(ctx, sizeof(*ctx));
 }
 
-int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
-                                 const unsigned char *key, size_t key_len )
+int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx,
+                                    const unsigned char *key, size_t key_len)
 {
-    if( key_len < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (key_len < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
     ctx->params.type =
-        mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
-                key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+        mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+                                                  key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
 
-    if( key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    memcpy( ctx->params.I_key_identifier,
-            key + PUBLIC_KEY_I_KEY_ID_OFFSET,
-            MBEDTLS_LMOTS_I_KEY_ID_LEN );
+    memcpy(ctx->params.I_key_identifier,
+           key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+           MBEDTLS_LMOTS_I_KEY_ID_LEN);
 
-    memcpy( ctx->params.q_leaf_identifier,
-            key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
-            MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
+    memcpy(ctx->params.q_leaf_identifier,
+           key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
+           MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
 
-    memcpy( ctx->public_key,
-            key + PUBLIC_KEY_KEY_HASH_OFFSET,
-            MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+    memcpy(ctx->public_key,
+           key + PUBLIC_KEY_KEY_HASH_OFFSET,
+           MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
 
     ctx->have_public_key = 1;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx,
-                                     unsigned char *key, size_t key_size,
-                                     size_t *key_len )
+int mbedtls_lmots_export_public_key(const mbedtls_lmots_public_t *ctx,
+                                    unsigned char *key, size_t key_size,
+                                    size_t *key_len)
 {
-    if( key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+    if (key_size < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
     }
 
-    if( ! ctx->have_public_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_public_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
-                                               MBEDTLS_LMOTS_TYPE_LEN,
-                                               key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+    mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
+                                              MBEDTLS_LMOTS_TYPE_LEN,
+                                              key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
 
-    memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET,
-            ctx->params.I_key_identifier,
-            MBEDTLS_LMOTS_I_KEY_ID_LEN );
+    memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+           ctx->params.I_key_identifier,
+           MBEDTLS_LMOTS_I_KEY_ID_LEN);
 
-    memcpy( key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
-            ctx->params.q_leaf_identifier,
-            MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
+    memcpy(key + PUBLIC_KEY_Q_LEAF_ID_OFFSET,
+           ctx->params.q_leaf_identifier,
+           MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
 
-    memcpy( key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key,
-            MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+    memcpy(key + PUBLIC_KEY_KEY_HASH_OFFSET, ctx->public_key,
+           MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
 
-    if( key_len != NULL )
-    {
+    if (key_len != NULL) {
         *key_len = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type);
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters_t *params,
-                                                  const unsigned char  *msg,
-                                                  size_t msg_size,
-                                                  const unsigned char *sig,
-                                                  size_t sig_size,
-                                                  unsigned char *out,
-                                                  size_t out_size,
-                                                  size_t *out_len )
+int mbedtls_lmots_calculate_public_key_candidate(const mbedtls_lmots_parameters_t *params,
+                                                 const unsigned char  *msg,
+                                                 size_t msg_size,
+                                                 const unsigned char *sig,
+                                                 size_t sig_size,
+                                                 unsigned char *out,
+                                                 size_t out_size,
+                                                 size_t *out_len)
 {
     unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX];
     unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( msg == NULL && msg_size != 0 )
-    {
-        return ( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (msg == NULL && msg_size != 0) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( sig_size != MBEDTLS_LMOTS_SIG_LEN(params->type) ||
-         out_size < MBEDTLS_LMOTS_N_HASH_LEN(params->type) )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (sig_size != MBEDTLS_LMOTS_SIG_LEN(params->type) ||
+        out_size < MBEDTLS_LMOTS_N_HASH_LEN(params->type)) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    ret = create_digit_array_with_checksum( params, msg, msg_size,
-                                            sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET,
-                                            tmp_digit_array );
-    if( ret )
-    {
-        return ( ret );
+    ret = create_digit_array_with_checksum(params, msg, msg_size,
+                                           sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET,
+                                           tmp_digit_array);
+    if (ret) {
+        return ret;
     }
 
-    ret = hash_digit_array( params,
-                            sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type),
-                            tmp_digit_array, NULL, ( unsigned char * )y_hashed_digits );
-    if( ret )
-    {
-        return ( ret );
+    ret = hash_digit_array(params,
+                           sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(params->type),
+                           tmp_digit_array, NULL, (unsigned char *) y_hashed_digits);
+    if (ret) {
+        return ret;
     }
 
-    ret = public_key_from_hashed_digit_array( params,
-                                              ( unsigned char * )y_hashed_digits,
-                                              out );
-    if( ret )
-    {
-        return ( ret );
+    ret = public_key_from_hashed_digit_array(params,
+                                             (unsigned char *) y_hashed_digits,
+                                             out);
+    if (ret) {
+        return ret;
     }
 
-    if( out_len != NULL )
-    {
+    if (out_len != NULL) {
         *out_len = MBEDTLS_LMOTS_N_HASH_LEN(params->type);
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
-                          const unsigned char *msg, size_t msg_size,
-                          const unsigned char *sig, size_t sig_size )
+int mbedtls_lmots_verify(const mbedtls_lmots_public_t *ctx,
+                         const unsigned char *msg, size_t msg_size,
+                         const unsigned char *sig, size_t sig_size)
 {
     unsigned char Kc_public_key_candidate[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( msg == NULL && msg_size != 0 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (msg == NULL && msg_size != 0) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( !ctx->have_public_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_public_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->params.type != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (sig_size < MBEDTLS_LMOTS_SIG_TYPE_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
-         sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET ) != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+                                                  sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) !=
+        MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    ret = mbedtls_lmots_calculate_public_key_candidate( &ctx->params,
-                                                        msg, msg_size, sig, sig_size,
-                                                        Kc_public_key_candidate,
-                                                        MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
-                                                        NULL );
-    if( ret )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    ret = mbedtls_lmots_calculate_public_key_candidate(&ctx->params,
+                                                       msg, msg_size, sig, sig_size,
+                                                       Kc_public_key_candidate,
+                                                       MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
+                                                       NULL);
+    if (ret) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( memcmp( &Kc_public_key_candidate, ctx->public_key,
-                 sizeof( ctx->public_key ) ) )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (memcmp(&Kc_public_key_candidate, ctx->public_key,
+               sizeof(ctx->public_key))) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_LMS_PRIVATE)
 
-void mbedtls_lmots_private_init( mbedtls_lmots_private_t *ctx )
+void mbedtls_lmots_private_init(mbedtls_lmots_private_t *ctx)
 {
-    memset( ctx, 0, sizeof( *ctx ) ) ;
+    memset(ctx, 0, sizeof(*ctx));
 }
 
-void mbedtls_lmots_private_free( mbedtls_lmots_private_t *ctx )
+void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( *ctx ) ) ;
+    mbedtls_platform_zeroize(ctx,
+                             sizeof(*ctx));
 }
 
-int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx,
-                                        mbedtls_lmots_algorithm_type_t type,
-                                        const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
-                                        uint32_t q_leaf_identifier,
-                                        const unsigned char *seed,
-                                        size_t seed_size )
+int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx,
+                                       mbedtls_lmots_algorithm_type_t type,
+                                       const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
+                                       uint32_t q_leaf_identifier,
+                                       const unsigned char *seed,
+                                       size_t seed_size)
 {
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -608,124 +606,125 @@
     unsigned char i_digit_idx_bytes[2];
     unsigned char const_bytes[1];
 
-    if( ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( type != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (type != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
     ctx->params.type = type;
 
-    memcpy( ctx->params.I_key_identifier,
-            I_key_identifier,
-            sizeof( ctx->params.I_key_identifier ) );
+    memcpy(ctx->params.I_key_identifier,
+           I_key_identifier,
+           sizeof(ctx->params.I_key_identifier));
 
-    mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier,
-                                               MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
-                                               ctx->params.q_leaf_identifier );
+    mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
+                                              MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
+                                              ctx->params.q_leaf_identifier);
 
-    mbedtls_lms_unsigned_int_to_network_bytes( 0xFF, sizeof( const_bytes ),
-                                               const_bytes );
+    mbedtls_lms_unsigned_int_to_network_bytes(0xFF, sizeof(const_bytes),
+                                              const_bytes);
 
-    for ( i_digit_idx = 0;
-          i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type);
-          i_digit_idx++ )
-    {
-        status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-        if( status != PSA_SUCCESS )
+    for (i_digit_idx = 0;
+         i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type);
+         i_digit_idx++) {
+        status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_hash_update( &op,
-                               ctx->params.I_key_identifier,
-                               sizeof( ctx->params.I_key_identifier ) );
-        if( status != PSA_SUCCESS )
+        status = psa_hash_update(&op,
+                                 ctx->params.I_key_identifier,
+                                 sizeof(ctx->params.I_key_identifier));
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_hash_update( &op,
-                                  ctx->params.q_leaf_identifier,
-                                  MBEDTLS_LMOTS_Q_LEAF_ID_LEN );
-        if( status != PSA_SUCCESS )
+        status = psa_hash_update(&op,
+                                 ctx->params.q_leaf_identifier,
+                                 MBEDTLS_LMOTS_Q_LEAF_ID_LEN);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        mbedtls_lms_unsigned_int_to_network_bytes( i_digit_idx, I_DIGIT_IDX_LEN,
-                                                   i_digit_idx_bytes );
-        status = psa_hash_update( &op, i_digit_idx_bytes, I_DIGIT_IDX_LEN );
-        if( status != PSA_SUCCESS )
+        mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx, I_DIGIT_IDX_LEN,
+                                                  i_digit_idx_bytes);
+        status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_hash_update( &op, const_bytes, sizeof( const_bytes ) );
-        if( status != PSA_SUCCESS )
+        status = psa_hash_update(&op, const_bytes, sizeof(const_bytes));
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_hash_update( &op, seed, seed_size );
-        if( status != PSA_SUCCESS )
+        status = psa_hash_update(&op, seed, seed_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_hash_finish( &op,
-                                  ctx->private_key[i_digit_idx],
-                                  MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
-                                  &output_hash_len );
-        if( status != PSA_SUCCESS )
+        status = psa_hash_finish(&op,
+                                 ctx->private_key[i_digit_idx],
+                                 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type),
+                                 &output_hash_len);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        psa_hash_abort( &op );
+        psa_hash_abort(&op);
     }
 
     ctx->have_private_key = 1;
 
 exit:
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return ( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
-int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
-                                        const mbedtls_lmots_private_t *priv_ctx )
+int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,
+                                       const mbedtls_lmots_private_t *priv_ctx)
 {
     unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Check that a private key is loaded */
-    if( !priv_ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!priv_ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    ret = hash_digit_array( &priv_ctx->params,
-                            ( unsigned char * )priv_ctx->private_key, NULL,
-                            NULL, ( unsigned char * )y_hashed_digits );
-    if( ret )
-    {
+    ret = hash_digit_array(&priv_ctx->params,
+                           (unsigned char *) priv_ctx->private_key, NULL,
+                           NULL, (unsigned char *) y_hashed_digits);
+    if (ret) {
         goto exit;
     }
 
-    ret = public_key_from_hashed_digit_array( &priv_ctx->params,
-                                              ( unsigned char * )y_hashed_digits,
-                                              ctx->public_key );
-    if( ret )
-    {
+    ret = public_key_from_hashed_digit_array(&priv_ctx->params,
+                                             (unsigned char *) y_hashed_digits,
+                                             ctx->public_key);
+    if (ret) {
         goto exit;
     }
 
-    memcpy( &ctx->params, &priv_ctx->params,
-            sizeof( ctx->params ) );
+    memcpy(&ctx->params, &priv_ctx->params,
+           sizeof(ctx->params));
 
     ctx->have_public_key = 1;
 
 exit:
-    mbedtls_platform_zeroize( y_hashed_digits, sizeof( y_hashed_digits ) );
+    mbedtls_platform_zeroize(y_hashed_digits, sizeof(y_hashed_digits));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng, const unsigned char *msg, size_t msg_size,
-                        unsigned char *sig, size_t sig_size, size_t* sig_len )
+int mbedtls_lmots_sign(mbedtls_lmots_private_t *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng, const unsigned char *msg, size_t msg_size,
+                       unsigned char *sig, size_t sig_size, size_t *sig_len)
 {
     unsigned char tmp_digit_array[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX];
     /* Create a temporary buffer to prepare the signature in. This allows us to
@@ -739,58 +738,52 @@
     unsigned char tmp_c_random[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( msg == NULL && msg_size != 0 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (msg == NULL && msg_size != 0) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( sig_size < MBEDTLS_LMOTS_SIG_LEN(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+    if (sig_size < MBEDTLS_LMOTS_SIG_LEN(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
     }
 
     /* Check that a private key is loaded */
-    if( !ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    ret = f_rng( p_rng, tmp_c_random,
-                 MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
-    if( ret )
-    {
-        return( ret );
+    ret = f_rng(p_rng, tmp_c_random,
+                MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
+    if (ret) {
+        return ret;
     }
 
-    ret = create_digit_array_with_checksum( &ctx->params,
-                                            msg, msg_size,
-                                            tmp_c_random,
-                                            tmp_digit_array );
-    if( ret )
-    {
+    ret = create_digit_array_with_checksum(&ctx->params,
+                                           msg, msg_size,
+                                           tmp_c_random,
+                                           tmp_digit_array);
+    if (ret) {
         goto exit;
     }
 
-    ret = hash_digit_array( &ctx->params, ( unsigned char * )ctx->private_key,
-                            NULL, tmp_digit_array, ( unsigned char * )tmp_sig );
-    if( ret )
-    {
+    ret = hash_digit_array(&ctx->params, (unsigned char *) ctx->private_key,
+                           NULL, tmp_digit_array, (unsigned char *) tmp_sig);
+    if (ret) {
         goto exit;
     }
 
-    mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
-                                               MBEDTLS_LMOTS_TYPE_LEN,
-                                               sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
+    mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
+                                              MBEDTLS_LMOTS_TYPE_LEN,
+                                              sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET);
 
     /* Test hook to check if sig is being written to before we invalidate the
      * private key.
      */
 #if defined(MBEDTLS_TEST_HOOKS)
-    if( mbedtls_lmots_sign_private_key_invalidated_hook != NULL )
-    {
-        ret = ( *mbedtls_lmots_sign_private_key_invalidated_hook )( sig );
-        if( ret != 0 )
-            return( ret );
+    if (mbedtls_lmots_sign_private_key_invalidated_hook != NULL) {
+        ret = (*mbedtls_lmots_sign_private_key_invalidated_hook)(sig);
+        if (ret != 0) {
+            return ret;
+        }
     }
 #endif /* defined(MBEDTLS_TEST_HOOKS) */
 
@@ -798,28 +791,27 @@
      * key can't be reused.
      */
     ctx->have_private_key = 0;
-    mbedtls_platform_zeroize( ctx->private_key,
-                              sizeof( ctx->private_key ) );
+    mbedtls_platform_zeroize(ctx->private_key,
+                             sizeof(ctx->private_key));
 
-    memcpy( sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
-            MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type) );
+    memcpy(sig + MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET, tmp_c_random,
+           MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(ctx->params.type));
 
-    memcpy( sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(ctx->params.type), tmp_sig,
-            MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type)
-            * MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type) );
+    memcpy(sig + MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(ctx->params.type), tmp_sig,
+           MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type)
+           * MBEDTLS_LMOTS_N_HASH_LEN(ctx->params.type));
 
-    if( sig_len != NULL )
-    {
+    if (sig_len != NULL) {
         *sig_len = MBEDTLS_LMOTS_SIG_LEN(ctx->params.type);
     }
 
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( tmp_digit_array, sizeof( tmp_digit_array ) );
-    mbedtls_platform_zeroize( tmp_sig, sizeof( tmp_sig ) );
+    mbedtls_platform_zeroize(tmp_digit_array, sizeof(tmp_digit_array));
+    mbedtls_platform_zeroize(tmp_sig, sizeof(tmp_sig));
 
-    return ( ret );
+    return ret;
 }
 
 #endif /* defined(MBEDTLS_LMS_PRIVATE) */
diff --git a/library/lmots.h b/library/lmots.h
index 022dcf3..deeeace 100644
--- a/library/lmots.h
+++ b/library/lmots.h
@@ -53,7 +53,7 @@
 
 
 #if defined(MBEDTLS_TEST_HOOKS)
-extern int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * );
+extern int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *);
 #endif /* defined(MBEDTLS_TEST_HOOKS) */
 
 /**
@@ -64,8 +64,8 @@
  * \param len                The length of the string.
  * \param bytes              The string to output into.
  */
-void mbedtls_lms_unsigned_int_to_network_bytes( unsigned int val, size_t len,
-                                                unsigned char *bytes );
+void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
+                                               unsigned char *bytes);
 
 /**
  * \brief                    This function converts a network-byte-order
@@ -76,8 +76,8 @@
  *
  * \return                   The corresponding LMS error code.
  */
-unsigned int mbedtls_lms_network_bytes_to_unsigned_int( size_t len,
-                                                        const unsigned char *bytes );
+unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
+                                                       const unsigned char *bytes);
 
 /**
  * \brief                    This function converts a \ref psa_status_t to a
@@ -87,7 +87,7 @@
  *
  * \return                   The corresponding LMS error code.
  */
-int mbedtls_lms_error_from_psa( psa_status_t status );
+int mbedtls_lms_error_from_psa(psa_status_t status);
 
 
 /**
@@ -96,7 +96,7 @@
  * \param ctx                The uninitialized LMOTS context that will then be
  *                           initialized.
  */
-void mbedtls_lmots_public_init( mbedtls_lmots_public_t *ctx );
+void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx);
 
 /**
  * \brief                    This function uninitializes a public LMOTS context
@@ -104,7 +104,7 @@
  * \param ctx                The initialized LMOTS context that will then be
  *                           uninitialized.
  */
-void mbedtls_lmots_public_free( mbedtls_lmots_public_t *ctx );
+void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx);
 
 /**
  * \brief                    This function imports an LMOTS public key into a
@@ -124,8 +124,8 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_import_public_key( mbedtls_lmots_public_t *ctx,
-                                     const unsigned char *key, size_t key_size );
+int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx,
+                                    const unsigned char *key, size_t key_size);
 
 /**
  * \brief                    This function exports an LMOTS public key from a
@@ -146,9 +146,9 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx,
-                                     unsigned char *key, size_t key_size,
-                                     size_t *key_len );
+int mbedtls_lmots_export_public_key(const mbedtls_lmots_public_t *ctx,
+                                    unsigned char *key, size_t key_size,
+                                    size_t *key_len);
 
 /**
  * \brief                    This function creates a candidate public key from
@@ -175,14 +175,14 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters_t *params,
-                                                  const unsigned char *msg,
-                                                  size_t msg_size,
-                                                  const unsigned char *sig,
-                                                  size_t sig_size,
-                                                  unsigned char *out,
-                                                  size_t out_size,
-                                                  size_t *out_len );
+int mbedtls_lmots_calculate_public_key_candidate(const mbedtls_lmots_parameters_t *params,
+                                                 const unsigned char *msg,
+                                                 size_t msg_size,
+                                                 const unsigned char *sig,
+                                                 size_t sig_size,
+                                                 unsigned char *out,
+                                                 size_t out_size,
+                                                 size_t *out_len);
 
 /**
  * \brief                    This function verifies a LMOTS signature, using a
@@ -209,10 +209,10 @@
  * \return         \c 0 on successful verification.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
-                          const unsigned char *msg,
-                          size_t msg_size, const unsigned char *sig,
-                          size_t sig_size );
+int mbedtls_lmots_verify(const mbedtls_lmots_public_t *ctx,
+                         const unsigned char *msg,
+                         size_t msg_size, const unsigned char *sig,
+                         size_t sig_size);
 
 #if defined(MBEDTLS_LMS_PRIVATE)
 
@@ -222,7 +222,7 @@
  * \param ctx                The uninitialized LMOTS context that will then be
  *                           initialized.
  */
-void mbedtls_lmots_private_init( mbedtls_lmots_private_t *ctx );
+void mbedtls_lmots_private_init(mbedtls_lmots_private_t *ctx);
 
 /**
  * \brief                    This function uninitializes a private LMOTS context
@@ -230,7 +230,7 @@
  * \param ctx                The initialized LMOTS context that will then be
  *                           uninitialized.
  */
-void mbedtls_lmots_private_free( mbedtls_lmots_private_t *ctx );
+void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx);
 
 /**
  * \brief                    This function calculates an LMOTS private key, and
@@ -256,12 +256,12 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx,
-                                        mbedtls_lmots_algorithm_type_t type,
-                                        const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
-                                        uint32_t q_leaf_identifier,
-                                        const unsigned char *seed,
-                                        size_t seed_size );
+int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx,
+                                       mbedtls_lmots_algorithm_type_t type,
+                                       const unsigned char I_key_identifier[MBEDTLS_LMOTS_I_KEY_ID_LEN],
+                                       uint32_t q_leaf_identifier,
+                                       const unsigned char *seed,
+                                       size_t seed_size);
 
 /**
  * \brief                    This function generates an LMOTS public key from a
@@ -277,8 +277,8 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
-                                        const mbedtls_lmots_private_t *priv_ctx );
+int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,
+                                       const mbedtls_lmots_private_t *priv_ctx);
 
 /**
  * \brief                    This function creates a LMOTS signature, using a
@@ -308,10 +308,10 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng, const unsigned char *msg, size_t msg_size,
-                        unsigned char *sig, size_t sig_size, size_t* sig_len );
+int mbedtls_lmots_sign(mbedtls_lmots_private_t *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng, const unsigned char *msg, size_t msg_size,
+                       unsigned char *sig, size_t sig_size, size_t *sig_len);
 
 #endif /* defined(MBEDTLS_LMS_PRIVATE) */
 
diff --git a/library/lms.c b/library/lms.c
index 78c7d26..76bcc19 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -70,8 +70,8 @@
 #define MERKLE_TREE_INTERNAL_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type))
 
 #define D_CONST_LEN           (2)
-static const unsigned char D_LEAF_CONSTANT_BYTES[D_CONST_LEN] = {0x82, 0x82};
-static const unsigned char D_INTR_CONSTANT_BYTES[D_CONST_LEN] = {0x83, 0x83};
+static const unsigned char D_LEAF_CONSTANT_BYTES[D_CONST_LEN] = { 0x82, 0x82 };
+static const unsigned char D_INTR_CONSTANT_BYTES[D_CONST_LEN] = { 0x83, 0x83 };
 
 
 /* Calculate the value of a leaf node of the Merkle tree (which is a hash of a
@@ -92,49 +92,55 @@
  *
  *  out                 The output node value, which is a hash output.
  */
-static int create_merkle_leaf_value( const mbedtls_lms_parameters_t *params,
-                                     unsigned char *pub_key,
-                                     unsigned int r_node_idx,
-                                     unsigned char *out )
+static int create_merkle_leaf_value(const mbedtls_lms_parameters_t *params,
+                                    unsigned char *pub_key,
+                                    unsigned int r_node_idx,
+                                    unsigned char *out)
 {
     psa_hash_operation_t op;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t output_hash_len;
     unsigned char r_node_idx_bytes[4];
 
-    op = psa_hash_operation_init( );
-    status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-    if( status != PSA_SUCCESS )
+    op = psa_hash_operation_init();
+    status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, params->I_key_identifier,
-                              MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, params->I_key_identifier,
+                             MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    mbedtls_lms_unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes );
-    status = psa_hash_update( &op, r_node_idx_bytes, 4 );
-    if( status != PSA_SUCCESS )
+    mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes);
+    status = psa_hash_update(&op, r_node_idx_bytes, 4);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, D_LEAF_CONSTANT_BYTES, D_CONST_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, D_LEAF_CONSTANT_BYTES, D_CONST_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, pub_key,
-                              MBEDTLS_LMOTS_N_HASH_LEN(params->otstype) );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, pub_key,
+                             MBEDTLS_LMOTS_N_HASH_LEN(params->otstype));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_finish( &op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type),
-                              &output_hash_len );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type),
+                             &output_hash_len);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 exit:
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return ( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
 /* Calculate the value of an internal node of the Merkle tree (which is a hash
@@ -159,143 +165,144 @@
  *
  *  out                 The output node value, which is a hash output.
  */
-static int create_merkle_internal_value( const mbedtls_lms_parameters_t *params,
-                                         const unsigned char *left_node,
-                                         const unsigned char *right_node,
-                                         unsigned int r_node_idx,
-                                         unsigned char *out )
+static int create_merkle_internal_value(const mbedtls_lms_parameters_t *params,
+                                        const unsigned char *left_node,
+                                        const unsigned char *right_node,
+                                        unsigned int r_node_idx,
+                                        unsigned char *out)
 {
     psa_hash_operation_t op;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t output_hash_len;
     unsigned char r_node_idx_bytes[4];
 
-    op = psa_hash_operation_init( );
-    status = psa_hash_setup( &op, PSA_ALG_SHA_256 );
-    if( status != PSA_SUCCESS )
+    op = psa_hash_operation_init();
+    status = psa_hash_setup(&op, PSA_ALG_SHA_256);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, params->I_key_identifier,
-                              MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, params->I_key_identifier,
+                             MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    mbedtls_lms_unsigned_int_to_network_bytes( r_node_idx, 4, r_node_idx_bytes );
-    status = psa_hash_update( &op, r_node_idx_bytes, 4 );
-    if( status != PSA_SUCCESS )
+    mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes);
+    status = psa_hash_update(&op, r_node_idx_bytes, 4);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, D_INTR_CONSTANT_BYTES, D_CONST_LEN );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, D_INTR_CONSTANT_BYTES, D_CONST_LEN);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, left_node,
-                              MBEDTLS_LMS_M_NODE_BYTES(params->type) );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, left_node,
+                             MBEDTLS_LMS_M_NODE_BYTES(params->type));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &op, right_node,
-                              MBEDTLS_LMS_M_NODE_BYTES(params->type) );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&op, right_node,
+                             MBEDTLS_LMS_M_NODE_BYTES(params->type));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_finish( &op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type),
-                           &output_hash_len );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&op, out, MBEDTLS_LMS_M_NODE_BYTES(params->type),
+                             &output_hash_len);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 exit:
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return( mbedtls_lms_error_from_psa( status ) );
+    return mbedtls_lms_error_from_psa(status);
 }
 
-void mbedtls_lms_public_init( mbedtls_lms_public_t *ctx )
+void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
 {
-    memset( ctx, 0, sizeof( *ctx ) ) ;
+    memset(ctx, 0, sizeof(*ctx));
 }
 
-void mbedtls_lms_public_free( mbedtls_lms_public_t *ctx )
+void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( *ctx ) );
+    mbedtls_platform_zeroize(ctx, sizeof(*ctx));
 }
 
-int mbedtls_lms_import_public_key( mbedtls_lms_public_t *ctx,
-                               const unsigned char *key, size_t key_size )
+int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx,
+                                  const unsigned char *key, size_t key_size)
 {
     mbedtls_lms_algorithm_type_t type;
     mbedtls_lmots_algorithm_type_t otstype;
 
-    type = mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN,
-            key + PUBLIC_KEY_TYPE_OFFSET );
-    if( type != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    type = mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMS_TYPE_LEN,
+                                                     key + PUBLIC_KEY_TYPE_OFFSET);
+    if (type != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
     ctx->params.type = type;
 
-    if( key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (key_size != MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    otstype = mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
-            key + PUBLIC_KEY_OTSTYPE_OFFSET );
-    if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    otstype = mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+                                                        key + PUBLIC_KEY_OTSTYPE_OFFSET);
+    if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
     ctx->params.otstype = otstype;
 
-    memcpy( ctx->params.I_key_identifier,
-            key + PUBLIC_KEY_I_KEY_ID_OFFSET,
-            MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    memcpy( ctx->T_1_pub_key, key + PUBLIC_KEY_ROOT_NODE_OFFSET,
-            MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) );
+    memcpy(ctx->params.I_key_identifier,
+           key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+           MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    memcpy(ctx->T_1_pub_key, key + PUBLIC_KEY_ROOT_NODE_OFFSET,
+           MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type));
 
     ctx->have_public_key = 1;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx,
-                                   unsigned char *key,
-                                   size_t key_size, size_t *key_len )
+int mbedtls_lms_export_public_key(const mbedtls_lms_public_t *ctx,
+                                  unsigned char *key,
+                                  size_t key_size, size_t *key_len)
 {
-    if( key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+    if (key_size < MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
     }
 
-    if( ! ctx->have_public_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_public_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
     mbedtls_lms_unsigned_int_to_network_bytes(
-            ctx->params.type,
-            MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET );
-    mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.otstype,
-                                   MBEDTLS_LMOTS_TYPE_LEN,
-                                   key + PUBLIC_KEY_OTSTYPE_OFFSET );
-    memcpy( key + PUBLIC_KEY_I_KEY_ID_OFFSET,
-            ctx->params.I_key_identifier,
-            MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    memcpy( key +PUBLIC_KEY_ROOT_NODE_OFFSET,
-            ctx->T_1_pub_key,
-            MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type) );
+        ctx->params.type,
+        MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET);
+    mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.otstype,
+                                              MBEDTLS_LMOTS_TYPE_LEN,
+                                              key + PUBLIC_KEY_OTSTYPE_OFFSET);
+    memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET,
+           ctx->params.I_key_identifier,
+           MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    memcpy(key +PUBLIC_KEY_ROOT_NODE_OFFSET,
+           ctx->T_1_pub_key,
+           MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type));
 
-    if( key_len != NULL )
-    {
+    if (key_len != NULL) {
         *key_len = MBEDTLS_LMS_PUBLIC_KEY_LEN(ctx->params.type);
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
-                        const unsigned char *msg, size_t msg_size,
-                        const unsigned char *sig, size_t sig_size )
+int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx,
+                       const unsigned char *msg, size_t msg_size,
+                       const unsigned char *sig, size_t sig_size)
 {
     unsigned int q_leaf_identifier;
     unsigned char Kc_candidate_ots_pub_key[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
@@ -303,124 +310,114 @@
     unsigned int height;
     unsigned int curr_node_id;
     unsigned int parent_node_id;
-    const unsigned char* left_node;
-    const unsigned char* right_node;
+    const unsigned char *left_node;
+    const unsigned char *right_node;
     mbedtls_lmots_parameters_t ots_params;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ! ctx->have_public_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_public_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->params.type
-        != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->params.type
+        != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->params.otstype
-        != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->params.otstype
+        != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (sig_size != MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( sig_size < SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_TYPE_LEN )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (sig_size < SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_TYPE_LEN) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
-            sig + SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET )
-        != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN,
+                                                  sig + SIG_OTS_SIG_OFFSET +
+                                                  MBEDTLS_LMOTS_SIG_TYPE_OFFSET)
+        != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( sig_size < SIG_TYPE_OFFSET(ctx->params.otstype) + MBEDTLS_LMS_TYPE_LEN )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (sig_size < SIG_TYPE_OFFSET(ctx->params.otstype) + MBEDTLS_LMS_TYPE_LEN) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    if( mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMS_TYPE_LEN,
-            sig + SIG_TYPE_OFFSET(ctx->params.otstype))
-        != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMS_TYPE_LEN,
+                                                  sig + SIG_TYPE_OFFSET(ctx->params.otstype))
+        != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
 
     q_leaf_identifier = mbedtls_lms_network_bytes_to_unsigned_int(
-            MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + SIG_Q_LEAF_ID_OFFSET );
+        MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + SIG_Q_LEAF_ID_OFFSET);
 
-    if( q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    memcpy( ots_params.I_key_identifier,
-            ctx->params.I_key_identifier,
-            MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier,
+    memcpy(ots_params.I_key_identifier,
+           ctx->params.I_key_identifier,
+           MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
                                               MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
-                                              ots_params.q_leaf_identifier );
+                                              ots_params.q_leaf_identifier);
     ots_params.type = ctx->params.otstype;
 
-    ret = mbedtls_lmots_calculate_public_key_candidate( &ots_params, msg,
-            msg_size, sig + SIG_OTS_SIG_OFFSET,
-            MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype), Kc_candidate_ots_pub_key,
-            sizeof( Kc_candidate_ots_pub_key ), NULL );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    ret = mbedtls_lmots_calculate_public_key_candidate(&ots_params,
+                                                       msg,
+                                                       msg_size,
+                                                       sig + SIG_OTS_SIG_OFFSET,
+                                                       MBEDTLS_LMOTS_SIG_LEN(ctx->params.otstype),
+                                                       Kc_candidate_ots_pub_key,
+                                                       sizeof(Kc_candidate_ots_pub_key),
+                                                       NULL);
+    if (ret != 0) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
     create_merkle_leaf_value(
-            &ctx->params,
-            Kc_candidate_ots_pub_key,
-            MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
-            Tc_candidate_root_node );
+        &ctx->params,
+        Kc_candidate_ots_pub_key,
+        MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
+        Tc_candidate_root_node);
 
     curr_node_id = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) +
                    q_leaf_identifier;
 
-    for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
-         height++ )
-    {
+    for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
+         height++) {
         parent_node_id = curr_node_id / 2;
 
         /* Left/right node ordering matters for the hash */
-        if( curr_node_id & 1 )
-        {
+        if (curr_node_id & 1) {
             left_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) +
                         height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
             right_node = Tc_candidate_root_node;
-        }
-        else
-        {
+        } else {
             left_node = Tc_candidate_root_node;
             right_node = sig + SIG_PATH_OFFSET(ctx->params.otstype) +
                          height * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
         }
 
-        create_merkle_internal_value( &ctx->params, left_node, right_node,
-                                      parent_node_id, Tc_candidate_root_node);
+        create_merkle_internal_value(&ctx->params, left_node, right_node,
+                                     parent_node_id, Tc_candidate_root_node);
 
         curr_node_id /= 2;
     }
 
-    if( memcmp( Tc_candidate_root_node, ctx->T_1_pub_key,
-                MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)) )
-    {
-        return( MBEDTLS_ERR_LMS_VERIFY_FAILED );
+    if (memcmp(Tc_candidate_root_node, ctx->T_1_pub_key,
+               MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type))) {
+        return MBEDTLS_ERR_LMS_VERIFY_FAILED;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_LMS_PRIVATE)
@@ -439,47 +436,48 @@
  *                      because the Merkle tree root is 1-indexed, the 0
  *                      index tree node is never used.
  */
-static int calculate_merkle_tree( const mbedtls_lms_private_t *ctx,
-                                  unsigned char *tree )
+static int calculate_merkle_tree(const mbedtls_lms_private_t *ctx,
+                                 unsigned char *tree)
 {
     unsigned int priv_key_idx;
     unsigned int r_node_idx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* First create the leaf nodes, in ascending order */
-    for( priv_key_idx = 0;
+    for (priv_key_idx = 0;
          priv_key_idx < MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type);
-         priv_key_idx++ )
-    {
+         priv_key_idx++) {
         r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + priv_key_idx;
 
-        ret = create_merkle_leaf_value( &ctx->params,
-                ctx->ots_public_keys[priv_key_idx].public_key, r_node_idx,
-                &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] );
-        if( ret != 0 )
-        {
-            return( ret );
+        ret = create_merkle_leaf_value(&ctx->params,
+                                       ctx->ots_public_keys[priv_key_idx].public_key,
+                                       r_node_idx,
+                                       &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(
+                                                 ctx->params.type)]);
+        if (ret != 0) {
+            return ret;
         }
     }
 
     /* Then the internal nodes, in reverse order so that we can guarantee the
      * parent has been created */
-    for( r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) - 1;
+    for (r_node_idx = MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) - 1;
          r_node_idx > 0;
-         r_node_idx-- )
-    {
-        ret = create_merkle_internal_value( &ctx->params,
-                &tree[( r_node_idx * 2 ) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
-                &tree[( r_node_idx * 2 + 1 ) * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
-                r_node_idx,
-                &tree[r_node_idx * MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)] );
-        if( ret != 0 )
-        {
-            return( ret );
+         r_node_idx--) {
+        ret = create_merkle_internal_value(&ctx->params,
+                                           &tree[(r_node_idx * 2) *
+                                                 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
+                                           &tree[(r_node_idx * 2 + 1) *
+                                                 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)],
+                                           r_node_idx,
+                                           &tree[r_node_idx *
+                                                 MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type)]);
+        if (ret != 0) {
+            return ret;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Calculate a path from a leaf node of the Merkle tree to the root of the tree,
@@ -494,9 +492,9 @@
  *
  *  path                The output path, which is H hash outputs.
  */
-static int get_merkle_path( mbedtls_lms_private_t *ctx,
-                            unsigned int leaf_node_id,
-                            unsigned char *path )
+static int get_merkle_path(mbedtls_lms_private_t *ctx,
+                           unsigned int leaf_node_id,
+                           unsigned char *path)
 {
     const size_t node_bytes = MBEDTLS_LMS_M_NODE_BYTES(ctx->params.type);
     unsigned int curr_node_id = leaf_node_id;
@@ -505,254 +503,229 @@
     unsigned int height;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    tree = mbedtls_calloc( MERKLE_TREE_NODE_AM(ctx->params.type),
-        node_bytes );
-    if ( tree == NULL )
-    {
+    tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(ctx->params.type),
+                          node_bytes);
+    if (tree == NULL) {
         return MBEDTLS_ERR_LMS_ALLOC_FAILED;
     }
 
-    ret = calculate_merkle_tree( ctx, tree );
-    if( ret != 0 )
-    {
+    ret = calculate_merkle_tree(ctx, tree);
+    if (ret != 0) {
         goto exit;
     }
 
-    for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
-         height++ )
-    {
+    for (height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
+         height++) {
         adjacent_node_id = curr_node_id ^ 1;
 
-        memcpy( &path[height * node_bytes],
-                &tree[adjacent_node_id * node_bytes], node_bytes );
+        memcpy(&path[height * node_bytes],
+               &tree[adjacent_node_id * node_bytes], node_bytes);
 
-        curr_node_id >>=1;
+        curr_node_id >>= 1;
     }
 
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( tree, node_bytes *
-        MERKLE_TREE_NODE_AM(ctx->params.type) );
-    mbedtls_free ( tree );
+    mbedtls_platform_zeroize(tree, node_bytes *
+                             MERKLE_TREE_NODE_AM(ctx->params.type));
+    mbedtls_free(tree);
 
-    return( ret );
+    return ret;
 }
 
-void mbedtls_lms_private_init( mbedtls_lms_private_t *ctx )
+void mbedtls_lms_private_init(mbedtls_lms_private_t *ctx)
 {
-    memset( ctx, 0, sizeof( *ctx ) ) ;
+    memset(ctx, 0, sizeof(*ctx));
 }
 
-void mbedtls_lms_private_free( mbedtls_lms_private_t *ctx )
+void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx)
 {
     unsigned int idx;
 
-    if( ctx->have_private_key )
-    {
-        if( ctx->ots_private_keys != NULL )
-        {
-            for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ )
-            {
-                mbedtls_lmots_private_free( &ctx->ots_private_keys[idx] );
+    if (ctx->have_private_key) {
+        if (ctx->ots_private_keys != NULL) {
+            for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
+                mbedtls_lmots_private_free(&ctx->ots_private_keys[idx]);
             }
         }
 
-        if( ctx->ots_public_keys != NULL )
-        {
-        for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ )
-            {
-                mbedtls_lmots_public_free( &ctx->ots_public_keys[idx] );
+        if (ctx->ots_public_keys != NULL) {
+            for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
+                mbedtls_lmots_public_free(&ctx->ots_public_keys[idx]);
             }
         }
 
-        mbedtls_free( ctx->ots_private_keys );
-        mbedtls_free( ctx->ots_public_keys );
+        mbedtls_free(ctx->ots_private_keys);
+        mbedtls_free(ctx->ots_public_keys);
     }
 
-    mbedtls_platform_zeroize( ctx, sizeof( *ctx ) );
+    mbedtls_platform_zeroize(ctx, sizeof(*ctx));
 }
 
 
-int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
-                                      mbedtls_lms_algorithm_type_t type,
-                                      mbedtls_lmots_algorithm_type_t otstype,
-                                      int (*f_rng)(void *, unsigned char *, size_t),
-                                      void* p_rng, const unsigned char *seed,
-                                      size_t seed_size )
+int mbedtls_lms_generate_private_key(mbedtls_lms_private_t *ctx,
+                                     mbedtls_lms_algorithm_type_t type,
+                                     mbedtls_lmots_algorithm_type_t otstype,
+                                     int (*f_rng)(void *, unsigned char *, size_t),
+                                     void *p_rng, const unsigned char *seed,
+                                     size_t seed_size)
 {
     unsigned int idx = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( type != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (type != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( otstype != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
     ctx->params.type = type;
     ctx->params.otstype = otstype;
     ctx->have_private_key = 1;
 
-    ret = f_rng( p_rng,
-                 ctx->params.I_key_identifier,
-                 MBEDTLS_LMOTS_I_KEY_ID_LEN );
-    if( ret != 0 )
-    {
+    ret = f_rng(p_rng,
+                ctx->params.I_key_identifier,
+                MBEDTLS_LMOTS_I_KEY_ID_LEN);
+    if (ret != 0) {
         goto exit;
     }
 
     /* Requires a cast to size_t to avoid an implicit cast warning on certain
      * platforms (particularly Windows) */
-    ctx->ots_private_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
-                                            sizeof( *ctx->ots_private_keys ) );
-    if( ctx->ots_private_keys == NULL )
-    {
+    ctx->ots_private_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
+                                           sizeof(*ctx->ots_private_keys));
+    if (ctx->ots_private_keys == NULL) {
         ret = MBEDTLS_ERR_LMS_ALLOC_FAILED;
         goto exit;
     }
 
     /* Requires a cast to size_t to avoid an implicit cast warning on certain
      * platforms (particularly Windows) */
-    ctx->ots_public_keys = mbedtls_calloc( ( size_t )MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
-                                           sizeof( *ctx->ots_public_keys ) );
-    if( ctx->ots_public_keys == NULL )
-    {
+    ctx->ots_public_keys = mbedtls_calloc((size_t) MERKLE_TREE_LEAF_NODE_AM(ctx->params.type),
+                                          sizeof(*ctx->ots_public_keys));
+    if (ctx->ots_public_keys == NULL) {
         ret = MBEDTLS_ERR_LMS_ALLOC_FAILED;
         goto exit;
     }
 
-    for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ )
-    {
-        mbedtls_lmots_private_init( &ctx->ots_private_keys[idx] );
-        mbedtls_lmots_public_init( &ctx->ots_public_keys[idx] );
+    for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
+        mbedtls_lmots_private_init(&ctx->ots_private_keys[idx]);
+        mbedtls_lmots_public_init(&ctx->ots_public_keys[idx]);
     }
 
 
-    for( idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++ )
-    {
-        ret = mbedtls_lmots_generate_private_key( &ctx->ots_private_keys[idx],
-                                                  otstype,
-                                                  ctx->params.I_key_identifier,
-                                                  idx, seed, seed_size );
-        if( ret != 0 )
+    for (idx = 0; idx < MERKLE_TREE_LEAF_NODE_AM(ctx->params.type); idx++) {
+        ret = mbedtls_lmots_generate_private_key(&ctx->ots_private_keys[idx],
+                                                 otstype,
+                                                 ctx->params.I_key_identifier,
+                                                 idx, seed, seed_size);
+        if (ret != 0) {
             goto exit;
+        }
 
-        ret = mbedtls_lmots_calculate_public_key( &ctx->ots_public_keys[idx],
-                                                  &ctx->ots_private_keys[idx] );
-        if( ret != 0 )
+        ret = mbedtls_lmots_calculate_public_key(&ctx->ots_public_keys[idx],
+                                                 &ctx->ots_private_keys[idx]);
+        if (ret != 0) {
             goto exit;
+        }
     }
 
     ctx->q_next_usable_key = 0;
 
 exit:
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         mbedtls_lms_private_free(ctx);
     }
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
-                                      const mbedtls_lms_private_t *priv_ctx )
+int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx,
+                                     const mbedtls_lms_private_t *priv_ctx)
 {
     const size_t node_bytes = MBEDTLS_LMS_M_NODE_BYTES(priv_ctx->params.type);
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *tree = NULL;
 
-    if( ! priv_ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!priv_ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( priv_ctx->params.type
-        != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (priv_ctx->params.type
+        != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( priv_ctx->params.otstype
-        != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (priv_ctx->params.otstype
+        != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    tree = mbedtls_calloc( MERKLE_TREE_NODE_AM(priv_ctx->params.type),
-        node_bytes );
-    if ( tree == NULL )
-    {
+    tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(priv_ctx->params.type),
+                          node_bytes);
+    if (tree == NULL) {
         return MBEDTLS_ERR_LMS_ALLOC_FAILED;
     }
 
-    memcpy( &ctx->params, &priv_ctx->params,
-            sizeof( mbedtls_lmots_parameters_t ) );
+    memcpy(&ctx->params, &priv_ctx->params,
+           sizeof(mbedtls_lmots_parameters_t));
 
-    ret = calculate_merkle_tree( priv_ctx, tree );
-    if( ret != 0 )
-    {
+    ret = calculate_merkle_tree(priv_ctx, tree);
+    if (ret != 0) {
         goto exit;
     }
 
     /* Root node is always at position 1, due to 1-based indexing */
-    memcpy( ctx->T_1_pub_key, &tree[node_bytes], node_bytes );
+    memcpy(ctx->T_1_pub_key, &tree[node_bytes], node_bytes);
 
     ctx->have_public_key = 1;
 
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( tree, node_bytes *
-        MERKLE_TREE_NODE_AM(priv_ctx->params.type) );
-    mbedtls_free ( tree );
+    mbedtls_platform_zeroize(tree, node_bytes *
+                             MERKLE_TREE_NODE_AM(priv_ctx->params.type));
+    mbedtls_free(tree);
 
-    return( ret );
+    return ret;
 }
 
 
-int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void* p_rng, const unsigned char *msg,
-                      unsigned int msg_size, unsigned char *sig, size_t sig_size,
-                      size_t *sig_len )
+int mbedtls_lms_sign(mbedtls_lms_private_t *ctx,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng, const unsigned char *msg,
+                     unsigned int msg_size, unsigned char *sig, size_t sig_size,
+                     size_t *sig_len)
 {
     uint32_t q_leaf_identifier;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ! ctx->have_private_key )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (!ctx->have_private_key) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( sig_size < MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) )
-    {
-        return( MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
+    if (sig_size < MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)) {
+        return MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL;
     }
 
-    if( ctx->params.type != MBEDTLS_LMS_SHA256_M32_H10 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->params.type != MBEDTLS_LMS_SHA256_M32_H10) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->params.otstype
-        != MBEDTLS_LMOTS_SHA256_N32_W8 )
-    {
-        return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (ctx->params.otstype
+        != MBEDTLS_LMOTS_SHA256_N32_W8) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    if( ctx->q_next_usable_key >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type) )
-    {
-        return( MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS );
+    if (ctx->q_next_usable_key >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) {
+        return MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS;
     }
 
 
@@ -762,44 +735,44 @@
      */
     ctx->q_next_usable_key += 1;
 
-    if ( MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)
-         < SIG_OTS_SIG_OFFSET )
-    {
-        return ( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
+    if (MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype)
+        < SIG_OTS_SIG_OFFSET) {
+        return MBEDTLS_ERR_LMS_BAD_INPUT_DATA;
     }
 
-    ret = mbedtls_lmots_sign( &ctx->ots_private_keys[q_leaf_identifier],
-                              f_rng, p_rng, msg, msg_size,
-                              sig + SIG_OTS_SIG_OFFSET,
-                              MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype) - SIG_OTS_SIG_OFFSET,
-                              NULL );
-    if( ret != 0 )
-    {
-        return( ret );
+    ret = mbedtls_lmots_sign(&ctx->ots_private_keys[q_leaf_identifier],
+                             f_rng,
+                             p_rng,
+                             msg,
+                             msg_size,
+                             sig + SIG_OTS_SIG_OFFSET,
+                             MBEDTLS_LMS_SIG_LEN(ctx->params.type,
+                                                 ctx->params.otstype) - SIG_OTS_SIG_OFFSET,
+                             NULL);
+    if (ret != 0) {
+        return ret;
     }
 
-    mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
-            MBEDTLS_LMS_TYPE_LEN,
-            sig + SIG_TYPE_OFFSET(ctx->params.otstype) );
-    mbedtls_lms_unsigned_int_to_network_bytes( q_leaf_identifier,
-            MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
-            sig + SIG_Q_LEAF_ID_OFFSET );
+    mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type,
+                                              MBEDTLS_LMS_TYPE_LEN,
+                                              sig + SIG_TYPE_OFFSET(ctx->params.otstype));
+    mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier,
+                                              MBEDTLS_LMOTS_Q_LEAF_ID_LEN,
+                                              sig + SIG_Q_LEAF_ID_OFFSET);
 
-    ret = get_merkle_path( ctx,
-            MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
-            sig + SIG_PATH_OFFSET(ctx->params.otstype) );
-    if( ret != 0 )
-    {
-        return( ret );
+    ret = get_merkle_path(ctx,
+                          MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier,
+                          sig + SIG_PATH_OFFSET(ctx->params.otstype));
+    if (ret != 0) {
+        return ret;
     }
 
-    if( sig_len != NULL )
-    {
+    if (sig_len != NULL) {
         *sig_len = MBEDTLS_LMS_SIG_LEN(ctx->params.type, ctx->params.otstype);
     }
 
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* defined(MBEDTLS_LMS_PRIVATE) */
diff --git a/library/md.c b/library/md.c
index 9c161a5..a729878 100644
--- a/library/md.c
+++ b/library/md.c
@@ -113,479 +113,481 @@
 static const int supported_digests[] = {
 
 #if defined(MBEDTLS_SHA512_C)
-        MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_SHA512,
 #endif
 
 #if defined(MBEDTLS_SHA384_C)
-        MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA384,
 #endif
 
 #if defined(MBEDTLS_SHA256_C)
-        MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA256,
 #endif
 #if defined(MBEDTLS_SHA224_C)
-        MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA224,
 #endif
 
 #if defined(MBEDTLS_SHA1_C)
-        MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA1,
 #endif
 
 #if defined(MBEDTLS_RIPEMD160_C)
-        MBEDTLS_MD_RIPEMD160,
+    MBEDTLS_MD_RIPEMD160,
 #endif
 
 #if defined(MBEDTLS_MD5_C)
-        MBEDTLS_MD_MD5,
+    MBEDTLS_MD_MD5,
 #endif
 
-        MBEDTLS_MD_NONE
+    MBEDTLS_MD_NONE
 };
 
-const int *mbedtls_md_list( void )
+const int *mbedtls_md_list(void)
 {
-    return( supported_digests );
+    return supported_digests;
 }
 
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
+const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name)
 {
-    if( NULL == md_name )
-        return( NULL );
+    if (NULL == md_name) {
+        return NULL;
+    }
 
     /* Get the appropriate digest information */
 #if defined(MBEDTLS_MD5_C)
-    if( !strcmp( "MD5", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
+    if (!strcmp("MD5", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
+    }
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
-    if( !strcmp( "RIPEMD160", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
+    if (!strcmp("RIPEMD160", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160);
+    }
 #endif
 #if defined(MBEDTLS_SHA1_C)
-    if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+    if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
+    }
 #endif
 #if defined(MBEDTLS_SHA224_C)
-    if( !strcmp( "SHA224", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
+    if (!strcmp("SHA224", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224);
+    }
 #endif
 #if defined(MBEDTLS_SHA256_C)
-    if( !strcmp( "SHA256", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
+    if (!strcmp("SHA256", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+    }
 #endif
 #if defined(MBEDTLS_SHA384_C)
-    if( !strcmp( "SHA384", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
+    if (!strcmp("SHA384", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
+    }
 #endif
 #if defined(MBEDTLS_SHA512_C)
-    if( !strcmp( "SHA512", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
+    if (!strcmp("SHA512", md_name)) {
+        return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+    }
 #endif
-    return( NULL );
+    return NULL;
 }
 
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
+const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
 {
-    switch( md_type )
-    {
+    switch (md_type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( &mbedtls_md5_info );
+            return &mbedtls_md5_info;
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( &mbedtls_ripemd160_info );
+            return &mbedtls_ripemd160_info;
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( &mbedtls_sha1_info );
+            return &mbedtls_sha1_info;
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( &mbedtls_sha224_info );
+            return &mbedtls_sha224_info;
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( &mbedtls_sha256_info );
+            return &mbedtls_sha256_info;
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( &mbedtls_sha384_info );
+            return &mbedtls_sha384_info;
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( &mbedtls_sha512_info );
+            return &mbedtls_sha512_info;
 #endif
         default:
-            return( NULL );
+            return NULL;
     }
 }
 
 const mbedtls_md_info_t *mbedtls_md_info_from_ctx(
-                                            const mbedtls_md_context_t *ctx )
+    const mbedtls_md_context_t *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return NULL;
+    }
 
-    return( ctx->MBEDTLS_PRIVATE(md_info) );
+    return ctx->MBEDTLS_PRIVATE(md_info);
 }
 
-void mbedtls_md_init( mbedtls_md_context_t *ctx )
+void mbedtls_md_init(mbedtls_md_context_t *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
+    memset(ctx, 0, sizeof(mbedtls_md_context_t));
 }
 
-void mbedtls_md_free( mbedtls_md_context_t *ctx )
+void mbedtls_md_free(mbedtls_md_context_t *ctx)
 {
-    if( ctx == NULL || ctx->md_info == NULL )
+    if (ctx == NULL || ctx->md_info == NULL) {
         return;
+    }
 
-    if( ctx->md_ctx != NULL )
-    {
-        switch( ctx->md_info->type )
-        {
+    if (ctx->md_ctx != NULL) {
+        switch (ctx->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
             case MBEDTLS_MD_MD5:
-                mbedtls_md5_free( ctx->md_ctx );
+                mbedtls_md5_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
             case MBEDTLS_MD_RIPEMD160:
-                mbedtls_ripemd160_free( ctx->md_ctx );
+                mbedtls_ripemd160_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_SHA1_C)
             case MBEDTLS_MD_SHA1:
-                mbedtls_sha1_free( ctx->md_ctx );
+                mbedtls_sha1_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_SHA224_C)
             case MBEDTLS_MD_SHA224:
-                mbedtls_sha256_free( ctx->md_ctx );
+                mbedtls_sha256_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_SHA256_C)
             case MBEDTLS_MD_SHA256:
-                mbedtls_sha256_free( ctx->md_ctx );
+                mbedtls_sha256_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_SHA384_C)
             case MBEDTLS_MD_SHA384:
-                mbedtls_sha512_free( ctx->md_ctx );
+                mbedtls_sha512_free(ctx->md_ctx);
                 break;
 #endif
 #if defined(MBEDTLS_SHA512_C)
             case MBEDTLS_MD_SHA512:
-                mbedtls_sha512_free( ctx->md_ctx );
+                mbedtls_sha512_free(ctx->md_ctx);
                 break;
 #endif
             default:
                 /* Shouldn't happen */
                 break;
         }
-        mbedtls_free( ctx->md_ctx );
+        mbedtls_free(ctx->md_ctx);
     }
 
-    if( ctx->hmac_ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx->hmac_ctx,
-                                  2 * ctx->md_info->block_size );
-        mbedtls_free( ctx->hmac_ctx );
+    if (ctx->hmac_ctx != NULL) {
+        mbedtls_platform_zeroize(ctx->hmac_ctx,
+                                 2 * ctx->md_info->block_size);
+        mbedtls_free(ctx->hmac_ctx);
     }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t));
 }
 
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src )
+int mbedtls_md_clone(mbedtls_md_context_t *dst,
+                     const mbedtls_md_context_t *src)
 {
-    if( dst == NULL || dst->md_info == NULL ||
+    if (dst == NULL || dst->md_info == NULL ||
         src == NULL || src->md_info == NULL ||
-        dst->md_info != src->md_info )
-    {
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+        dst->md_info != src->md_info) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 
-    switch( src->md_info->type )
-    {
+    switch (src->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            mbedtls_md5_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_md5_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            mbedtls_ripemd160_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            mbedtls_sha1_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_sha1_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_sha256_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
+            mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    return 0;
 }
 
-#define ALLOC( type )                                                   \
+#define ALLOC(type)                                                   \
     do {                                                                \
-        ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
-        if( ctx->md_ctx == NULL )                                       \
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );                      \
-        mbedtls_##type##_init( ctx->md_ctx );                           \
+        ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \
+        if (ctx->md_ctx == NULL)                                       \
+        return MBEDTLS_ERR_MD_ALLOC_FAILED;                      \
+        mbedtls_##type##_init(ctx->md_ctx);                           \
     }                                                                   \
-    while( 0 )
+    while (0)
 
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
+int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
 {
-    if( md_info == NULL || ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (md_info == NULL || ctx == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
     ctx->md_info = md_info;
     ctx->md_ctx = NULL;
     ctx->hmac_ctx = NULL;
 
-    switch( md_info->type )
-    {
+    switch (md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            ALLOC( md5 );
+            ALLOC(md5);
             break;
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            ALLOC( ripemd160 );
+            ALLOC(ripemd160);
             break;
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            ALLOC( sha1 );
+            ALLOC(sha1);
             break;
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            ALLOC( sha256 );
+            ALLOC(sha256);
             break;
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            ALLOC( sha256 );
+            ALLOC(sha256);
             break;
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            ALLOC( sha512 );
+            ALLOC(sha512);
             break;
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            ALLOC( sha512 );
+            ALLOC(sha512);
             break;
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 
-    if( hmac != 0 )
-    {
-        ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
-        if( ctx->hmac_ctx == NULL )
-        {
-            mbedtls_md_free( ctx );
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+    if (hmac != 0) {
+        ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size);
+        if (ctx->hmac_ctx == NULL) {
+            mbedtls_md_free(ctx);
+            return MBEDTLS_ERR_MD_ALLOC_FAILED;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #undef ALLOC
 
-int mbedtls_md_starts( mbedtls_md_context_t *ctx )
+int mbedtls_md_starts(mbedtls_md_context_t *ctx)
 {
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->md_info->type )
-    {
+    switch (ctx->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_starts( ctx->md_ctx ) );
+            return mbedtls_md5_starts(ctx->md_ctx);
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_starts( ctx->md_ctx ) );
+            return mbedtls_ripemd160_starts(ctx->md_ctx);
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_starts( ctx->md_ctx ) );
+            return mbedtls_sha1_starts(ctx->md_ctx);
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256_starts( ctx->md_ctx, 1 ) );
+            return mbedtls_sha256_starts(ctx->md_ctx, 1);
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_starts( ctx->md_ctx, 0 ) );
+            return mbedtls_sha256_starts(ctx->md_ctx, 0);
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512_starts( ctx->md_ctx, 1 ) );
+            return mbedtls_sha512_starts(ctx->md_ctx, 1);
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) );
+            return mbedtls_sha512_starts(ctx->md_ctx, 0);
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 }
 
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
 {
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->md_info->type )
-    {
+    switch (ctx->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_md5_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_sha1_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_sha256_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
+            return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 }
 
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
 {
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->md_info->type )
-    {
+    switch (ctx->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_finish( ctx->md_ctx, output ) );
+            return mbedtls_md5_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_finish( ctx->md_ctx, output ) );
+            return mbedtls_ripemd160_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_finish( ctx->md_ctx, output ) );
+            return mbedtls_sha1_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
+            return mbedtls_sha256_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
+            return mbedtls_sha256_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
+            return mbedtls_sha512_finish(ctx->md_ctx, output);
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
+            return mbedtls_sha512_finish(ctx->md_ctx, output);
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 }
 
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-            unsigned char *output )
+int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+               unsigned char *output)
 {
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    switch( md_info->type )
-    {
+    switch (md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( mbedtls_md5( input, ilen, output ) );
+            return mbedtls_md5(input, ilen, output);
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160( input, ilen, output ) );
+            return mbedtls_ripemd160(input, ilen, output);
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1( input, ilen, output ) );
+            return mbedtls_sha1(input, ilen, output);
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256( input, ilen, output, 1 ) );
+            return mbedtls_sha256(input, ilen, output, 1);
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256( input, ilen, output, 0 ) );
+            return mbedtls_sha256(input, ilen, output, 0);
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512( input, ilen, output, 1 ) );
+            return mbedtls_sha512(input, ilen, output, 1);
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512( input, ilen, output, 0 ) );
+            return mbedtls_sha512(input, ilen, output, 0);
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 }
 
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
+int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     FILE *f;
@@ -593,58 +595,68 @@
     mbedtls_md_context_t ctx;
     unsigned char buf[1024];
 
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_MD_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    mbedtls_md_init( &ctx );
+    mbedtls_md_init(&ctx);
 
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+    if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
         goto cleanup;
+    }
 
-    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
+    if ((ret = mbedtls_md_starts(&ctx)) != 0) {
         goto cleanup;
+    }
 
-    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
-        if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 )
+    while ((n = fread(buf, 1, sizeof(buf), f)) > 0) {
+        if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) {
             goto cleanup;
+        }
+    }
 
-    if( ferror( f ) != 0 )
+    if (ferror(f) != 0) {
         ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
-    else
-        ret = mbedtls_md_finish( &ctx, output );
+    } else {
+        ret = mbedtls_md_finish(&ctx, output);
+    }
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    fclose( f );
-    mbedtls_md_free( &ctx );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    fclose(f);
+    mbedtls_md_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
+int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char sum[MBEDTLS_MD_MAX_SIZE];
     unsigned char *ipad, *opad;
 
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    if( keylen > (size_t) ctx->md_info->block_size )
-    {
-        if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
+    if (keylen > (size_t) ctx->md_info->block_size) {
+        if ((ret = mbedtls_md_starts(ctx)) != 0) {
             goto cleanup;
-        if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) {
             goto cleanup;
-        if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_finish(ctx, sum)) != 0) {
             goto cleanup;
+        }
 
         keylen = ctx->md_info->size;
         key = sum;
@@ -653,160 +665,178 @@
     ipad = (unsigned char *) ctx->hmac_ctx;
     opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
 
-    memset( ipad, 0x36, ctx->md_info->block_size );
-    memset( opad, 0x5C, ctx->md_info->block_size );
+    memset(ipad, 0x36, ctx->md_info->block_size);
+    memset(opad, 0x5C, ctx->md_info->block_size);
 
-    mbedtls_xor( ipad, ipad, key, keylen );
-    mbedtls_xor( opad, opad, key, keylen );
+    mbedtls_xor(ipad, ipad, key, keylen);
+    mbedtls_xor(opad, opad, key, keylen);
 
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
+    if ((ret = mbedtls_md_starts(ctx)) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_md_update( ctx, ipad,
-                                   ctx->md_info->block_size ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_update(ctx, ipad,
+                                 ctx->md_info->block_size)) != 0) {
         goto cleanup;
+    }
 
 cleanup:
-    mbedtls_platform_zeroize( sum, sizeof( sum ) );
+    mbedtls_platform_zeroize(sum, sizeof(sum));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
 {
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    return( mbedtls_md_update( ctx, input, ilen ) );
+    return mbedtls_md_update(ctx, input, ilen);
 }
 
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
     unsigned char *opad;
 
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
     opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
 
-    if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_update( ctx, opad,
-                                   ctx->md_info->block_size ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_update( ctx, tmp,
-                                   ctx->md_info->size ) ) != 0 )
-        return( ret );
-    return( mbedtls_md_finish( ctx, output ) );
+    if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) {
+        return ret;
+    }
+    if ((ret = mbedtls_md_starts(ctx)) != 0) {
+        return ret;
+    }
+    if ((ret = mbedtls_md_update(ctx, opad,
+                                 ctx->md_info->block_size)) != 0) {
+        return ret;
+    }
+    if ((ret = mbedtls_md_update(ctx, tmp,
+                                 ctx->md_info->size)) != 0) {
+        return ret;
+    }
+    return mbedtls_md_finish(ctx, output);
 }
 
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
+int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *ipad;
 
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
     ipad = (unsigned char *) ctx->hmac_ctx;
 
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-        return( ret );
-    return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) );
+    if ((ret = mbedtls_md_starts(ctx)) != 0) {
+        return ret;
+    }
+    return mbedtls_md_update(ctx, ipad, ctx->md_info->block_size);
 }
 
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
-                     const unsigned char *key, size_t keylen,
-                     const unsigned char *input, size_t ilen,
-                     unsigned char *output )
+int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
+                    const unsigned char *key, size_t keylen,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output)
 {
     mbedtls_md_context_t ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    mbedtls_md_init( &ctx );
+    mbedtls_md_init(&ctx);
 
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
+    if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) {
         goto cleanup;
+    }
 
-    if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
+    if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
         goto cleanup;
+    }
 
 cleanup:
-    mbedtls_md_free( &ctx );
+    mbedtls_md_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
+int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data)
 {
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->md_info == NULL) {
+        return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->md_info->type )
-    {
+    switch (ctx->md_info->type) {
 #if defined(MBEDTLS_MD5_C)
         case MBEDTLS_MD_MD5:
-            return( mbedtls_internal_md5_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_md5_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
         case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_internal_ripemd160_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_ripemd160_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_SHA1_C)
         case MBEDTLS_MD_SHA1:
-            return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_sha1_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
-            return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_sha256_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
-            return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_sha256_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
-            return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_sha512_process(ctx->md_ctx, data);
 #endif
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
-            return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
+            return mbedtls_internal_sha512_process(ctx->md_ctx, data);
 #endif
         default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
     }
 }
 
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
+unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
 {
-    if( md_info == NULL )
-        return( 0 );
+    if (md_info == NULL) {
+        return 0;
+    }
 
     return md_info->size;
 }
 
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
+mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
 {
-    if( md_info == NULL )
-        return( MBEDTLS_MD_NONE );
+    if (md_info == NULL) {
+        return MBEDTLS_MD_NONE;
+    }
 
     return md_info->type;
 }
 
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
+const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info)
 {
-    if( md_info == NULL )
-        return( NULL );
+    if (md_info == NULL) {
+        return NULL;
+    }
 
     return md_info->name;
 }
diff --git a/library/md5.c b/library/md5.c
index f7a225c..138a320 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -36,21 +36,22 @@
 
 #if !defined(MBEDTLS_MD5_ALT)
 
-void mbedtls_md5_init( mbedtls_md5_context *ctx )
+void mbedtls_md5_init(mbedtls_md5_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_md5_context ) );
+    memset(ctx, 0, sizeof(mbedtls_md5_context));
 }
 
-void mbedtls_md5_free( mbedtls_md5_context *ctx )
+void mbedtls_md5_free(mbedtls_md5_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context));
 }
 
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src )
+void mbedtls_md5_clone(mbedtls_md5_context *dst,
+                       const mbedtls_md5_context *src)
 {
     *dst = *src;
 }
@@ -58,7 +59,7 @@
 /*
  * MD5 context setup
  */
-int mbedtls_md5_starts( mbedtls_md5_context *ctx )
+int mbedtls_md5_starts(mbedtls_md5_context *ctx)
 {
     ctx->total[0] = 0;
     ctx->total[1] = 0;
@@ -68,131 +69,130 @@
     ctx->state[2] = 0x98BADCFE;
     ctx->state[3] = 0x10325476;
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_MD5_PROCESS_ALT)
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] )
+int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
+                                 const unsigned char data[64])
 {
-    struct
-    {
+    struct {
         uint32_t X[16], A, B, C, D;
     } local;
 
-    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
-    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
-    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
-    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
-    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
-    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
-    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
-    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
-    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
-    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
-    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
-    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
-    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
-    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
-    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
-    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
+    local.X[0] = MBEDTLS_GET_UINT32_LE(data,  0);
+    local.X[1] = MBEDTLS_GET_UINT32_LE(data,  4);
+    local.X[2] = MBEDTLS_GET_UINT32_LE(data,  8);
+    local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
+    local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
+    local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
+    local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
+    local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
+    local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
+    local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
+    local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
+    local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
+    local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
+    local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
+    local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
+    local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
 
-#define S(x,n)                                                          \
-    ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
+#define S(x, n)                                                          \
+    (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
 
-#define P(a,b,c,d,k,s,t)                                                \
+#define P(a, b, c, d, k, s, t)                                                \
     do                                                                  \
     {                                                                   \
-        (a) += F((b),(c),(d)) + local.X[(k)] + (t);                     \
-        (a) = S((a),(s)) + (b);                                         \
-    } while( 0 )
+        (a) += F((b), (c), (d)) + local.X[(k)] + (t);                     \
+        (a) = S((a), (s)) + (b);                                         \
+    } while (0)
 
     local.A = ctx->state[0];
     local.B = ctx->state[1];
     local.C = ctx->state[2];
     local.D = ctx->state[3];
 
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 
-    P( local.A, local.B, local.C, local.D,  0,  7, 0xD76AA478 );
-    P( local.D, local.A, local.B, local.C,  1, 12, 0xE8C7B756 );
-    P( local.C, local.D, local.A, local.B,  2, 17, 0x242070DB );
-    P( local.B, local.C, local.D, local.A,  3, 22, 0xC1BDCEEE );
-    P( local.A, local.B, local.C, local.D,  4,  7, 0xF57C0FAF );
-    P( local.D, local.A, local.B, local.C,  5, 12, 0x4787C62A );
-    P( local.C, local.D, local.A, local.B,  6, 17, 0xA8304613 );
-    P( local.B, local.C, local.D, local.A,  7, 22, 0xFD469501 );
-    P( local.A, local.B, local.C, local.D,  8,  7, 0x698098D8 );
-    P( local.D, local.A, local.B, local.C,  9, 12, 0x8B44F7AF );
-    P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 );
-    P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE );
-    P( local.A, local.B, local.C, local.D, 12,  7, 0x6B901122 );
-    P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 );
-    P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E );
-    P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 );
+    P(local.A, local.B, local.C, local.D,  0,  7, 0xD76AA478);
+    P(local.D, local.A, local.B, local.C,  1, 12, 0xE8C7B756);
+    P(local.C, local.D, local.A, local.B,  2, 17, 0x242070DB);
+    P(local.B, local.C, local.D, local.A,  3, 22, 0xC1BDCEEE);
+    P(local.A, local.B, local.C, local.D,  4,  7, 0xF57C0FAF);
+    P(local.D, local.A, local.B, local.C,  5, 12, 0x4787C62A);
+    P(local.C, local.D, local.A, local.B,  6, 17, 0xA8304613);
+    P(local.B, local.C, local.D, local.A,  7, 22, 0xFD469501);
+    P(local.A, local.B, local.C, local.D,  8,  7, 0x698098D8);
+    P(local.D, local.A, local.B, local.C,  9, 12, 0x8B44F7AF);
+    P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1);
+    P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE);
+    P(local.A, local.B, local.C, local.D, 12,  7, 0x6B901122);
+    P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193);
+    P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E);
+    P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821);
 
 #undef F
 
-#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
+#define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
 
-    P( local.A, local.B, local.C, local.D,  1,  5, 0xF61E2562 );
-    P( local.D, local.A, local.B, local.C,  6,  9, 0xC040B340 );
-    P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 );
-    P( local.B, local.C, local.D, local.A,  0, 20, 0xE9B6C7AA );
-    P( local.A, local.B, local.C, local.D,  5,  5, 0xD62F105D );
-    P( local.D, local.A, local.B, local.C, 10,  9, 0x02441453 );
-    P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 );
-    P( local.B, local.C, local.D, local.A,  4, 20, 0xE7D3FBC8 );
-    P( local.A, local.B, local.C, local.D,  9,  5, 0x21E1CDE6 );
-    P( local.D, local.A, local.B, local.C, 14,  9, 0xC33707D6 );
-    P( local.C, local.D, local.A, local.B,  3, 14, 0xF4D50D87 );
-    P( local.B, local.C, local.D, local.A,  8, 20, 0x455A14ED );
-    P( local.A, local.B, local.C, local.D, 13,  5, 0xA9E3E905 );
-    P( local.D, local.A, local.B, local.C,  2,  9, 0xFCEFA3F8 );
-    P( local.C, local.D, local.A, local.B,  7, 14, 0x676F02D9 );
-    P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A );
+    P(local.A, local.B, local.C, local.D,  1,  5, 0xF61E2562);
+    P(local.D, local.A, local.B, local.C,  6,  9, 0xC040B340);
+    P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51);
+    P(local.B, local.C, local.D, local.A,  0, 20, 0xE9B6C7AA);
+    P(local.A, local.B, local.C, local.D,  5,  5, 0xD62F105D);
+    P(local.D, local.A, local.B, local.C, 10,  9, 0x02441453);
+    P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681);
+    P(local.B, local.C, local.D, local.A,  4, 20, 0xE7D3FBC8);
+    P(local.A, local.B, local.C, local.D,  9,  5, 0x21E1CDE6);
+    P(local.D, local.A, local.B, local.C, 14,  9, 0xC33707D6);
+    P(local.C, local.D, local.A, local.B,  3, 14, 0xF4D50D87);
+    P(local.B, local.C, local.D, local.A,  8, 20, 0x455A14ED);
+    P(local.A, local.B, local.C, local.D, 13,  5, 0xA9E3E905);
+    P(local.D, local.A, local.B, local.C,  2,  9, 0xFCEFA3F8);
+    P(local.C, local.D, local.A, local.B,  7, 14, 0x676F02D9);
+    P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A);
 
 #undef F
 
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
 
-    P( local.A, local.B, local.C, local.D,  5,  4, 0xFFFA3942 );
-    P( local.D, local.A, local.B, local.C,  8, 11, 0x8771F681 );
-    P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 );
-    P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C );
-    P( local.A, local.B, local.C, local.D,  1,  4, 0xA4BEEA44 );
-    P( local.D, local.A, local.B, local.C,  4, 11, 0x4BDECFA9 );
-    P( local.C, local.D, local.A, local.B,  7, 16, 0xF6BB4B60 );
-    P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 );
-    P( local.A, local.B, local.C, local.D, 13,  4, 0x289B7EC6 );
-    P( local.D, local.A, local.B, local.C,  0, 11, 0xEAA127FA );
-    P( local.C, local.D, local.A, local.B,  3, 16, 0xD4EF3085 );
-    P( local.B, local.C, local.D, local.A,  6, 23, 0x04881D05 );
-    P( local.A, local.B, local.C, local.D,  9,  4, 0xD9D4D039 );
-    P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 );
-    P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 );
-    P( local.B, local.C, local.D, local.A,  2, 23, 0xC4AC5665 );
+    P(local.A, local.B, local.C, local.D,  5,  4, 0xFFFA3942);
+    P(local.D, local.A, local.B, local.C,  8, 11, 0x8771F681);
+    P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122);
+    P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C);
+    P(local.A, local.B, local.C, local.D,  1,  4, 0xA4BEEA44);
+    P(local.D, local.A, local.B, local.C,  4, 11, 0x4BDECFA9);
+    P(local.C, local.D, local.A, local.B,  7, 16, 0xF6BB4B60);
+    P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70);
+    P(local.A, local.B, local.C, local.D, 13,  4, 0x289B7EC6);
+    P(local.D, local.A, local.B, local.C,  0, 11, 0xEAA127FA);
+    P(local.C, local.D, local.A, local.B,  3, 16, 0xD4EF3085);
+    P(local.B, local.C, local.D, local.A,  6, 23, 0x04881D05);
+    P(local.A, local.B, local.C, local.D,  9,  4, 0xD9D4D039);
+    P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5);
+    P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8);
+    P(local.B, local.C, local.D, local.A,  2, 23, 0xC4AC5665);
 
 #undef F
 
-#define F(x,y,z) ((y) ^ ((x) | ~(z)))
+#define F(x, y, z) ((y) ^ ((x) | ~(z)))
 
-    P( local.A, local.B, local.C, local.D,  0,  6, 0xF4292244 );
-    P( local.D, local.A, local.B, local.C,  7, 10, 0x432AFF97 );
-    P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 );
-    P( local.B, local.C, local.D, local.A,  5, 21, 0xFC93A039 );
-    P( local.A, local.B, local.C, local.D, 12,  6, 0x655B59C3 );
-    P( local.D, local.A, local.B, local.C,  3, 10, 0x8F0CCC92 );
-    P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D );
-    P( local.B, local.C, local.D, local.A,  1, 21, 0x85845DD1 );
-    P( local.A, local.B, local.C, local.D,  8,  6, 0x6FA87E4F );
-    P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 );
-    P( local.C, local.D, local.A, local.B,  6, 15, 0xA3014314 );
-    P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 );
-    P( local.A, local.B, local.C, local.D,  4,  6, 0xF7537E82 );
-    P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 );
-    P( local.C, local.D, local.A, local.B,  2, 15, 0x2AD7D2BB );
-    P( local.B, local.C, local.D, local.A,  9, 21, 0xEB86D391 );
+    P(local.A, local.B, local.C, local.D,  0,  6, 0xF4292244);
+    P(local.D, local.A, local.B, local.C,  7, 10, 0x432AFF97);
+    P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7);
+    P(local.B, local.C, local.D, local.A,  5, 21, 0xFC93A039);
+    P(local.A, local.B, local.C, local.D, 12,  6, 0x655B59C3);
+    P(local.D, local.A, local.B, local.C,  3, 10, 0x8F0CCC92);
+    P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D);
+    P(local.B, local.C, local.D, local.A,  1, 21, 0x85845DD1);
+    P(local.A, local.B, local.C, local.D,  8,  6, 0x6FA87E4F);
+    P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0);
+    P(local.C, local.D, local.A, local.B,  6, 15, 0xA3014314);
+    P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1);
+    P(local.A, local.B, local.C, local.D,  4,  6, 0xF7537E82);
+    P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235);
+    P(local.C, local.D, local.A, local.B,  2, 15, 0x2AD7D2BB);
+    P(local.B, local.C, local.D, local.A,  9, 21, 0xEB86D391);
 
 #undef F
 
@@ -202,9 +202,9 @@
     ctx->state[3] += local.D;
 
     /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
+    mbedtls_platform_zeroize(&local, sizeof(local));
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_MD5_PROCESS_ALT */
@@ -212,16 +212,17 @@
 /*
  * MD5 process buffer
  */
-int mbedtls_md5_update( mbedtls_md5_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
+int mbedtls_md5_update(mbedtls_md5_context *ctx,
+                       const unsigned char *input,
+                       size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t fill;
     uint32_t left;
 
-    if( ilen == 0 )
-        return( 0 );
+    if (ilen == 0) {
+        return 0;
+    }
 
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
@@ -229,42 +230,42 @@
     ctx->total[0] += (uint32_t) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
-    if( ctx->total[0] < (uint32_t) ilen )
+    if (ctx->total[0] < (uint32_t) ilen) {
         ctx->total[1]++;
+    }
 
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+    if (left && ilen >= fill) {
+        memcpy((void *) (ctx->buffer + left), input, fill);
+        if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
         left = 0;
     }
 
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )
-            return( ret );
+    while (ilen >= 64) {
+        if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) {
+            return ret;
+        }
 
         input += 64;
         ilen  -= 64;
     }
 
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    if (ilen > 0) {
+        memcpy((void *) (ctx->buffer + left), input, ilen);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * MD5 final digest
  */
-int mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                            unsigned char output[16] )
+int mbedtls_md5_finish(mbedtls_md5_context *ctx,
+                       unsigned char output[16])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t used;
@@ -277,44 +278,43 @@
 
     ctx->buffer[used++] = 0x80;
 
-    if( used <= 56 )
-    {
+    if (used <= 56) {
         /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
+        memset(ctx->buffer + used, 0, 56 - used);
+    } else {
         /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 64 - used );
+        memset(ctx->buffer + used, 0, 64 - used);
 
-        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
-        memset( ctx->buffer, 0, 56 );
+        memset(ctx->buffer, 0, 56);
     }
 
     /*
      * Add message length
      */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
+    high = (ctx->total[0] >> 29)
+           | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
 
-    MBEDTLS_PUT_UINT32_LE( low,  ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_LE(low,  ctx->buffer, 56);
+    MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
 
-    if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
+        return ret;
+    }
 
     /*
      * Output final state
      */
-    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
+    MBEDTLS_PUT_UINT32_LE(ctx->state[0], output,  0);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[1], output,  4);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[2], output,  8);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_MD5_ALT */
@@ -322,28 +322,31 @@
 /*
  * output = MD5( input buffer )
  */
-int mbedtls_md5( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
+int mbedtls_md5(const unsigned char *input,
+                size_t ilen,
+                unsigned char output[16])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md5_context ctx;
 
-    mbedtls_md5_init( &ctx );
+    mbedtls_md5_init(&ctx);
 
-    if( ( ret = mbedtls_md5_starts( &ctx ) ) != 0 )
+    if ((ret = mbedtls_md5_starts(&ctx)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_md5_update( &ctx, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_md5_update(&ctx, input, ilen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_md5_finish( &ctx, output ) ) != 0 )
+    if ((ret = mbedtls_md5_finish(&ctx, output)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_md5_free( &ctx );
+    mbedtls_md5_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -387,40 +390,43 @@
 /*
  * Checkup routine
  */
-int mbedtls_md5_self_test( int verbose )
+int mbedtls_md5_self_test(int verbose)
 {
     int i, ret = 0;
     unsigned char md5sum[16];
 
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD5 test #%d: ", i + 1 );
+    for (i = 0; i < 7; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  MD5 test #%d: ", i + 1);
+        }
 
-        ret = mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
-        if( ret != 0 )
+        ret = mbedtls_md5(md5_test_buf[i], md5_test_buflen[i], md5sum);
+        if (ret != 0) {
             goto fail;
+        }
 
-        if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
-        {
+        if (memcmp(md5sum, md5_test_sum[i], 16) != 0) {
             ret = 1;
             goto fail;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 
 fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/md_wrap.h b/library/md_wrap.h
index 90c7957..cd539b5 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -38,10 +38,9 @@
  * Message digest information.
  * Allows message digest functions to be called in a generic way.
  */
-struct mbedtls_md_info_t
-{
+struct mbedtls_md_info_t {
     /** Name of the message digest */
-    const char * name;
+    const char *name;
 
     /** Digest identifier */
     mbedtls_md_type_t type;
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 61432d8..e5052ce 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -42,8 +42,7 @@
 #define MAX_BT 20
 
 typedef struct _memory_header memory_header;
-struct _memory_header
-{
+struct _memory_header {
     size_t          magic1;
     size_t          size;
     size_t          alloc;
@@ -58,8 +57,7 @@
     size_t          magic2;
 };
 
-typedef struct
-{
+typedef struct {
     unsigned char   *buf;
     size_t          len;
     memory_header   *first;
@@ -82,146 +80,135 @@
 static buffer_alloc_ctx heap;
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
-static void debug_header( memory_header *hdr )
+static void debug_header(memory_header *hdr)
 {
 #if defined(MBEDTLS_MEMORY_BACKTRACE)
     size_t i;
 #endif
 
-    mbedtls_fprintf( stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
-                              "ALLOC(%zu), SIZE(%10zu)\n",
-                      (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
-                      hdr->alloc, hdr->size );
-    mbedtls_fprintf( stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
-                      (size_t) hdr->prev_free, (size_t) hdr->next_free );
+    mbedtls_fprintf(stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
+                            "ALLOC(%zu), SIZE(%10zu)\n",
+                    (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
+                    hdr->alloc, hdr->size);
+    mbedtls_fprintf(stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
+                    (size_t) hdr->prev_free, (size_t) hdr->next_free);
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE)
-    mbedtls_fprintf( stderr, "TRACE: \n" );
-    for( i = 0; i < hdr->trace_count; i++ )
-        mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] );
-    mbedtls_fprintf( stderr, "\n" );
+    mbedtls_fprintf(stderr, "TRACE: \n");
+    for (i = 0; i < hdr->trace_count; i++) {
+        mbedtls_fprintf(stderr, "%s\n", hdr->trace[i]);
+    }
+    mbedtls_fprintf(stderr, "\n");
 #endif
 }
 
-static void debug_chain( void )
+static void debug_chain(void)
 {
     memory_header *cur = heap.first;
 
-    mbedtls_fprintf( stderr, "\nBlock list\n" );
-    while( cur != NULL )
-    {
-        debug_header( cur );
+    mbedtls_fprintf(stderr, "\nBlock list\n");
+    while (cur != NULL) {
+        debug_header(cur);
         cur = cur->next;
     }
 
-    mbedtls_fprintf( stderr, "Free list\n" );
+    mbedtls_fprintf(stderr, "Free list\n");
     cur = heap.first_free;
 
-    while( cur != NULL )
-    {
-        debug_header( cur );
+    while (cur != NULL) {
+        debug_header(cur);
         cur = cur->next_free;
     }
 }
 #endif /* MBEDTLS_MEMORY_DEBUG */
 
-static int verify_header( memory_header *hdr )
+static int verify_header(memory_header *hdr)
 {
-    if( hdr->magic1 != MAGIC1 )
-    {
+    if (hdr->magic1 != MAGIC1) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
+        mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    if( hdr->magic2 != MAGIC2 )
-    {
+    if (hdr->magic2 != MAGIC2) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
+        mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    if( hdr->alloc > 1 )
-    {
+    if (hdr->alloc > 1) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" );
+        mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    if( hdr->prev != NULL && hdr->prev == hdr->next )
-    {
+    if (hdr->prev != NULL && hdr->prev == hdr->next) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev == next\n" );
+        mbedtls_fprintf(stderr, "FATAL: prev == next\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
-    {
+    if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" );
+        mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    return( 0 );
+    return 0;
 }
 
-static int verify_chain( void )
+static int verify_chain(void)
 {
     memory_header *prv = heap.first, *cur;
 
-    if( prv == NULL || verify_header( prv ) != 0 )
-    {
+    if (prv == NULL || verify_header(prv) != 0) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification of first header "
-                                  "failed\n" );
+        mbedtls_fprintf(stderr, "FATAL: verification of first header "
+                                "failed\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
-    if( heap.first->prev != NULL )
-    {
+    if (heap.first->prev != NULL) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                  "first->prev != NULL\n" );
+        mbedtls_fprintf(stderr, "FATAL: verification failed: "
+                                "first->prev != NULL\n");
 #endif
-        return( 1 );
+        return 1;
     }
 
     cur = heap.first->next;
 
-    while( cur != NULL )
-    {
-        if( verify_header( cur ) != 0 )
-        {
+    while (cur != NULL) {
+        if (verify_header(cur) != 0) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification of header "
-                                      "failed\n" );
+            mbedtls_fprintf(stderr, "FATAL: verification of header "
+                                    "failed\n");
 #endif
-            return( 1 );
+            return 1;
         }
 
-        if( cur->prev != prv )
-        {
+        if (cur->prev != prv) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                      "cur->prev != prv\n" );
+            mbedtls_fprintf(stderr, "FATAL: verification failed: "
+                                    "cur->prev != prv\n");
 #endif
-            return( 1 );
+            return 1;
         }
 
         prv = cur;
         cur = cur->next;
     }
 
-    return( 0 );
+    return 0;
 }
 
-static void *buffer_alloc_calloc( size_t n, size_t size )
+static void *buffer_alloc_calloc(size_t n, size_t size)
 {
     memory_header *new, *cur = heap.first_free;
     unsigned char *p;
@@ -232,42 +219,43 @@
     size_t trace_cnt;
 #endif
 
-    if( heap.buf == NULL || heap.first == NULL )
-        return( NULL );
+    if (heap.buf == NULL || heap.first == NULL) {
+        return NULL;
+    }
 
     original_len = len = n * size;
 
-    if( n == 0 || size == 0 || len / n != size )
-        return( NULL );
-    else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-        return( NULL );
+    if (n == 0 || size == 0 || len / n != size) {
+        return NULL;
+    } else if (len > (size_t) -MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
+        return NULL;
+    }
 
-    if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
+    if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
         len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
         len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
     }
 
     // Find block that fits
     //
-    while( cur != NULL )
-    {
-        if( cur->size >= len )
+    while (cur != NULL) {
+        if (cur->size >= len) {
             break;
+        }
 
         cur = cur->next_free;
     }
 
-    if( cur == NULL )
-        return( NULL );
+    if (cur == NULL) {
+        return NULL;
+    }
 
-    if( cur->alloc != 0 )
-    {
+    if (cur->alloc != 0) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated "
-                                  "data\n" );
+        mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated "
+                                "data\n");
 #endif
-        mbedtls_exit( 1 );
+        mbedtls_exit(1);
     }
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
@@ -276,45 +264,48 @@
 
     // Found location, split block if > memory_header + 4 room left
     //
-    if( cur->size - len < sizeof(memory_header) +
-                          MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
+    if (cur->size - len < sizeof(memory_header) +
+        MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
         cur->alloc = 1;
 
         // Remove from free_list
         //
-        if( cur->prev_free != NULL )
+        if (cur->prev_free != NULL) {
             cur->prev_free->next_free = cur->next_free;
-        else
+        } else {
             heap.first_free = cur->next_free;
+        }
 
-        if( cur->next_free != NULL )
+        if (cur->next_free != NULL) {
             cur->next_free->prev_free = cur->prev_free;
+        }
 
         cur->prev_free = NULL;
         cur->next_free = NULL;
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
         heap.total_used += cur->size;
-        if( heap.total_used > heap.maximum_used )
+        if (heap.total_used > heap.maximum_used) {
             heap.maximum_used = heap.total_used;
+        }
 #endif
 #if defined(MBEDTLS_MEMORY_BACKTRACE)
-        trace_cnt = backtrace( trace_buffer, MAX_BT );
-        cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+        trace_cnt = backtrace(trace_buffer, MAX_BT);
+        cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
         cur->trace_count = trace_cnt;
 #endif
 
-        if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-            mbedtls_exit( 1 );
+        if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
+            mbedtls_exit(1);
+        }
 
-        ret = (unsigned char *) cur + sizeof( memory_header );
-        memset( ret, 0, original_len );
+        ret = (unsigned char *) cur + sizeof(memory_header);
+        memset(ret, 0, original_len);
 
-        return( ret );
+        return ret;
     }
 
-    p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
+    p = ((unsigned char *) cur) + sizeof(memory_header) + len;
     new = (memory_header *) p;
 
     new->size = cur->size - len - sizeof(memory_header);
@@ -328,20 +319,23 @@
     new->magic1 = MAGIC1;
     new->magic2 = MAGIC2;
 
-    if( new->next != NULL )
+    if (new->next != NULL) {
         new->next->prev = new;
+    }
 
     // Replace cur with new in free_list
     //
     new->prev_free = cur->prev_free;
     new->next_free = cur->next_free;
-    if( new->prev_free != NULL )
+    if (new->prev_free != NULL) {
         new->prev_free->next_free = new;
-    else
+    } else {
         heap.first_free = new;
+    }
 
-    if( new->next_free != NULL )
+    if (new->next_free != NULL) {
         new->next_free->prev_free = new;
+    }
 
     cur->alloc = 1;
     cur->size = len;
@@ -351,57 +345,60 @@
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
     heap.header_count++;
-    if( heap.header_count > heap.maximum_header_count )
+    if (heap.header_count > heap.maximum_header_count) {
         heap.maximum_header_count = heap.header_count;
+    }
     heap.total_used += cur->size;
-    if( heap.total_used > heap.maximum_used )
+    if (heap.total_used > heap.maximum_used) {
         heap.maximum_used = heap.total_used;
+    }
 #endif
 #if defined(MBEDTLS_MEMORY_BACKTRACE)
-    trace_cnt = backtrace( trace_buffer, MAX_BT );
-    cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+    trace_cnt = backtrace(trace_buffer, MAX_BT);
+    cur->trace = backtrace_symbols(trace_buffer, trace_cnt);
     cur->trace_count = trace_cnt;
 #endif
 
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
+    if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) {
+        mbedtls_exit(1);
+    }
 
-    ret = (unsigned char *) cur + sizeof( memory_header );
-    memset( ret, 0, original_len );
+    ret = (unsigned char *) cur + sizeof(memory_header);
+    memset(ret, 0, original_len);
 
-    return( ret );
+    return ret;
 }
 
-static void buffer_alloc_free( void *ptr )
+static void buffer_alloc_free(void *ptr)
 {
     memory_header *hdr, *old = NULL;
     unsigned char *p = (unsigned char *) ptr;
 
-    if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
+    if (ptr == NULL || heap.buf == NULL || heap.first == NULL) {
         return;
+    }
 
-    if( p < heap.buf || p >= heap.buf + heap.len )
-    {
+    if (p < heap.buf || p >= heap.buf + heap.len) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
-                                  "space\n" );
+        mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed "
+                                "space\n");
 #endif
-        mbedtls_exit( 1 );
+        mbedtls_exit(1);
     }
 
     p -= sizeof(memory_header);
     hdr = (memory_header *) p;
 
-    if( verify_header( hdr ) != 0 )
-        mbedtls_exit( 1 );
+    if (verify_header(hdr) != 0) {
+        mbedtls_exit(1);
+    }
 
-    if( hdr->alloc != 1 )
-    {
+    if (hdr->alloc != 1) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated "
-                                  "data\n" );
+        mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated "
+                                "data\n");
 #endif
-        mbedtls_exit( 1 );
+        mbedtls_exit(1);
     }
 
     hdr->alloc = 0;
@@ -412,15 +409,14 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE)
-    free( hdr->trace );
+    free(hdr->trace);
     hdr->trace = NULL;
     hdr->trace_count = 0;
 #endif
 
     // Regroup with block before
     //
-    if( hdr->prev != NULL && hdr->prev->alloc == 0 )
-    {
+    if (hdr->prev != NULL && hdr->prev->alloc == 0) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
         heap.header_count--;
 #endif
@@ -429,16 +425,16 @@
         old = hdr;
         hdr = hdr->prev;
 
-        if( hdr->next != NULL )
+        if (hdr->next != NULL) {
             hdr->next->prev = hdr;
+        }
 
-        memset( old, 0, sizeof(memory_header) );
+        memset(old, 0, sizeof(memory_header));
     }
 
     // Regroup with block after
     //
-    if( hdr->next != NULL && hdr->next->alloc == 0 )
-    {
+    if (hdr->next != NULL && hdr->next->alloc == 0) {
 #if defined(MBEDTLS_MEMORY_DEBUG)
         heap.header_count--;
 #endif
@@ -446,101 +442,103 @@
         old = hdr->next;
         hdr->next = hdr->next->next;
 
-        if( hdr->prev_free != NULL || hdr->next_free != NULL )
-        {
-            if( hdr->prev_free != NULL )
+        if (hdr->prev_free != NULL || hdr->next_free != NULL) {
+            if (hdr->prev_free != NULL) {
                 hdr->prev_free->next_free = hdr->next_free;
-            else
+            } else {
                 heap.first_free = hdr->next_free;
+            }
 
-            if( hdr->next_free != NULL )
+            if (hdr->next_free != NULL) {
                 hdr->next_free->prev_free = hdr->prev_free;
+            }
         }
 
         hdr->prev_free = old->prev_free;
         hdr->next_free = old->next_free;
 
-        if( hdr->prev_free != NULL )
+        if (hdr->prev_free != NULL) {
             hdr->prev_free->next_free = hdr;
-        else
+        } else {
             heap.first_free = hdr;
+        }
 
-        if( hdr->next_free != NULL )
+        if (hdr->next_free != NULL) {
             hdr->next_free->prev_free = hdr;
+        }
 
-        if( hdr->next != NULL )
+        if (hdr->next != NULL) {
             hdr->next->prev = hdr;
+        }
 
-        memset( old, 0, sizeof(memory_header) );
+        memset(old, 0, sizeof(memory_header));
     }
 
     // Prepend to free_list if we have not merged
     // (Does not have to stay in same order as prev / next list)
     //
-    if( old == NULL )
-    {
+    if (old == NULL) {
         hdr->next_free = heap.first_free;
-        if( heap.first_free != NULL )
+        if (heap.first_free != NULL) {
             heap.first_free->prev_free = hdr;
+        }
         heap.first_free = hdr;
     }
 
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
+    if ((heap.verify & MBEDTLS_MEMORY_VERIFY_FREE) && verify_chain() != 0) {
+        mbedtls_exit(1);
+    }
 }
 
-void mbedtls_memory_buffer_set_verify( int verify )
+void mbedtls_memory_buffer_set_verify(int verify)
 {
     heap.verify = verify;
 }
 
-int mbedtls_memory_buffer_alloc_verify( void )
+int mbedtls_memory_buffer_alloc_verify(void)
 {
     return verify_chain();
 }
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
-void mbedtls_memory_buffer_alloc_status( void )
+void mbedtls_memory_buffer_alloc_status(void)
 {
-    mbedtls_fprintf( stderr,
-                      "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
-                      "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
-                      heap.header_count, heap.total_used,
-                      heap.maximum_header_count, heap.maximum_used,
-                      heap.maximum_header_count * sizeof( memory_header )
-                      + heap.maximum_used,
-                      heap.alloc_count, heap.free_count );
+    mbedtls_fprintf(stderr,
+                    "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
+                    "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
+                    heap.header_count, heap.total_used,
+                    heap.maximum_header_count, heap.maximum_used,
+                    heap.maximum_header_count * sizeof(memory_header)
+                    + heap.maximum_used,
+                    heap.alloc_count, heap.free_count);
 
-    if( heap.first->next == NULL )
-    {
-        mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
-    }
-    else
-    {
-        mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
+    if (heap.first->next == NULL) {
+        mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n");
+    } else {
+        mbedtls_fprintf(stderr, "Memory currently allocated:\n");
         debug_chain();
     }
 }
 
-void mbedtls_memory_buffer_alloc_count_get( size_t *alloc_count, size_t *free_count )
+void mbedtls_memory_buffer_alloc_count_get(size_t *alloc_count, size_t *free_count)
 {
     *alloc_count = heap.alloc_count;
     *free_count = heap.free_count;
 }
 
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
+void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks)
 {
     *max_used   = heap.maximum_used;
     *max_blocks = heap.maximum_header_count;
 }
 
-void mbedtls_memory_buffer_alloc_max_reset( void )
+void mbedtls_memory_buffer_alloc_max_reset(void)
 {
     heap.maximum_used = 0;
     heap.maximum_header_count = 0;
 }
 
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
+void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks)
 {
     *cur_used   = heap.total_used;
     *cur_blocks = heap.header_count;
@@ -548,202 +546,211 @@
 #endif /* MBEDTLS_MEMORY_DEBUG */
 
 #if defined(MBEDTLS_THREADING_C)
-static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
+static void *buffer_alloc_calloc_mutexed(size_t n, size_t size)
 {
     void *buf;
-    if( mbedtls_mutex_lock( &heap.mutex ) != 0 )
-        return( NULL );
-    buf = buffer_alloc_calloc( n, size );
-    if( mbedtls_mutex_unlock( &heap.mutex ) )
-        return( NULL );
-    return( buf );
+    if (mbedtls_mutex_lock(&heap.mutex) != 0) {
+        return NULL;
+    }
+    buf = buffer_alloc_calloc(n, size);
+    if (mbedtls_mutex_unlock(&heap.mutex)) {
+        return NULL;
+    }
+    return buf;
 }
 
-static void buffer_alloc_free_mutexed( void *ptr )
+static void buffer_alloc_free_mutexed(void *ptr)
 {
     /* We have no good option here, but corrupting the heap seems
      * worse than losing memory. */
-    if( mbedtls_mutex_lock( &heap.mutex ) )
+    if (mbedtls_mutex_lock(&heap.mutex)) {
         return;
-    buffer_alloc_free( ptr );
-    (void) mbedtls_mutex_unlock( &heap.mutex );
+    }
+    buffer_alloc_free(ptr);
+    (void) mbedtls_mutex_unlock(&heap.mutex);
 }
 #endif /* MBEDTLS_THREADING_C */
 
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
+void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len)
 {
-    memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
+    memset(&heap, 0, sizeof(buffer_alloc_ctx));
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &heap.mutex );
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed,
-                              buffer_alloc_free_mutexed );
+    mbedtls_mutex_init(&heap.mutex);
+    mbedtls_platform_set_calloc_free(buffer_alloc_calloc_mutexed,
+                                     buffer_alloc_free_mutexed);
 #else
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
+    mbedtls_platform_set_calloc_free(buffer_alloc_calloc, buffer_alloc_free);
 #endif
 
-    if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+    if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
         return;
-    else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
+    } else if ((size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) {
         /* Adjust len first since buf is used in the computation */
         len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+               - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
         buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+               - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
     }
 
-    memset( buf, 0, len );
+    memset(buf, 0, len);
 
     heap.buf = buf;
     heap.len = len;
 
-    heap.first = (memory_header *)buf;
-    heap.first->size = len - sizeof( memory_header );
+    heap.first = (memory_header *) buf;
+    heap.first->size = len - sizeof(memory_header);
     heap.first->magic1 = MAGIC1;
     heap.first->magic2 = MAGIC2;
     heap.first_free = heap.first;
 }
 
-void mbedtls_memory_buffer_alloc_free( void )
+void mbedtls_memory_buffer_alloc_free(void)
 {
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &heap.mutex );
+    mbedtls_mutex_free(&heap.mutex);
 #endif
-    mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
+    mbedtls_platform_zeroize(&heap, sizeof(buffer_alloc_ctx));
 }
 
 #if defined(MBEDTLS_SELF_TEST)
-static int check_pointer( void *p )
+static int check_pointer(void *p)
 {
-    if( p == NULL )
-        return( -1 );
+    if (p == NULL) {
+        return -1;
+    }
 
-    if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
-        return( -1 );
+    if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) {
+        return -1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int check_all_free( void )
+static int check_all_free(void)
 {
-    if(
+    if (
 #if defined(MBEDTLS_MEMORY_DEBUG)
         heap.total_used != 0 ||
 #endif
         heap.first != heap.first_free ||
-        (void *) heap.first != (void *) heap.buf )
-    {
-        return( -1 );
+        (void *) heap.first != (void *) heap.buf) {
+        return -1;
     }
 
-    return( 0 );
+    return 0;
 }
 
-#define TEST_ASSERT( condition )            \
-    if( ! (condition) )                     \
+#define TEST_ASSERT(condition)            \
+    if (!(condition))                     \
     {                                       \
-        if( verbose != 0 )                  \
-            mbedtls_printf( "failed\n" );  \
+        if (verbose != 0)                  \
+        mbedtls_printf("failed\n");  \
                                             \
         ret = 1;                            \
         goto cleanup;                       \
     }
 
-int mbedtls_memory_buffer_alloc_self_test( int verbose )
+int mbedtls_memory_buffer_alloc_self_test(int verbose)
 {
     unsigned char buf[1024];
     unsigned char *p, *q, *r, *end;
     int ret = 0;
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #1 (basic alloc-free cycle): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MBA test #1 (basic alloc-free cycle): ");
+    }
 
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+    mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
 
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
+    p = mbedtls_calloc(1, 1);
+    q = mbedtls_calloc(1, 128);
+    r = mbedtls_calloc(1, 16);
 
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
+    TEST_ASSERT(check_pointer(p) == 0 &&
+                check_pointer(q) == 0 &&
+                check_pointer(r) == 0);
 
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
+    mbedtls_free(r);
+    mbedtls_free(q);
+    mbedtls_free(p);
 
-    TEST_ASSERT( check_all_free( ) == 0 );
+    TEST_ASSERT(check_all_free() == 0);
 
     /* Memorize end to compare with the next test */
     end = heap.buf + heap.len;
 
-    mbedtls_memory_buffer_alloc_free( );
+    mbedtls_memory_buffer_alloc_free();
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #2 (buf not aligned): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MBA test #2 (buf not aligned): ");
+    }
 
-    mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
+    mbedtls_memory_buffer_alloc_init(buf + 1, sizeof(buf) - 1);
 
-    TEST_ASSERT( heap.buf + heap.len == end );
+    TEST_ASSERT(heap.buf + heap.len == end);
 
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
+    p = mbedtls_calloc(1, 1);
+    q = mbedtls_calloc(1, 128);
+    r = mbedtls_calloc(1, 16);
 
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
+    TEST_ASSERT(check_pointer(p) == 0 &&
+                check_pointer(q) == 0 &&
+                check_pointer(r) == 0);
 
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
+    mbedtls_free(r);
+    mbedtls_free(q);
+    mbedtls_free(p);
 
-    TEST_ASSERT( check_all_free( ) == 0 );
+    TEST_ASSERT(check_all_free() == 0);
 
-    mbedtls_memory_buffer_alloc_free( );
+    mbedtls_memory_buffer_alloc_free();
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #3 (full): " );
+    if (verbose != 0) {
+        mbedtls_printf("  MBA test #3 (full): ");
+    }
 
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+    mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
 
-    p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) );
+    p = mbedtls_calloc(1, sizeof(buf) - sizeof(memory_header));
 
-    TEST_ASSERT( check_pointer( p ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+    TEST_ASSERT(check_pointer(p) == 0);
+    TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);
 
-    mbedtls_free( p );
+    mbedtls_free(p);
 
-    p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
-    q = mbedtls_calloc( 1, 16 );
+    p = mbedtls_calloc(1, sizeof(buf) - 2 * sizeof(memory_header) - 16);
+    q = mbedtls_calloc(1, 16);
 
-    TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+    TEST_ASSERT(check_pointer(p) == 0 && check_pointer(q) == 0);
+    TEST_ASSERT(mbedtls_calloc(1, 1) == NULL);
 
-    mbedtls_free( q );
+    mbedtls_free(q);
 
-    TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL );
+    TEST_ASSERT(mbedtls_calloc(1, 17) == NULL);
 
-    mbedtls_free( p );
+    mbedtls_free(p);
 
-    TEST_ASSERT( check_all_free( ) == 0 );
+    TEST_ASSERT(check_all_free() == 0);
 
-    mbedtls_memory_buffer_alloc_free( );
+    mbedtls_memory_buffer_alloc_free();
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
 cleanup:
-    mbedtls_memory_buffer_alloc_free( );
+    mbedtls_memory_buffer_alloc_free();
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/library/mps_common.h b/library/mps_common.h
index 668876c..4a10176 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -99,41 +99,41 @@
 
 #if defined(MBEDTLS_MPS_STATE_VALIDATION)
 
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )                         \
+#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string)                         \
     do                                                                         \
     {                                                                          \
-        if( !(cond) )                                                          \
+        if (!(cond))                                                          \
         {                                                                      \
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );         \
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED );  \
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string);         \
+            MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED);  \
         }                                                                      \
-    } while( 0 )
+    } while (0)
 
 #else /* MBEDTLS_MPS_STATE_VALIDATION */
 
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )           \
+#define MBEDTLS_MPS_STATE_VALIDATE_RAW(cond, string)           \
     do                                                           \
     {                                                            \
-        ( cond );                                                \
-    } while( 0 )
+        (cond);                                                \
+    } while (0)
 
 #endif /* MBEDTLS_MPS_STATE_VALIDATION */
 
 #if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS)
 
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string )                          \
+#define MBEDTLS_MPS_ASSERT_RAW(cond, string)                          \
     do                                                                  \
     {                                                                   \
-        if( !(cond) )                                                   \
+        if (!(cond))                                                   \
         {                                                               \
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );  \
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR, string);  \
+            MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_INTERNAL_ERROR); \
         }                                                               \
-    } while( 0 )
+    } while (0)
 
 #else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
 
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 )
+#define MBEDTLS_MPS_ASSERT_RAW(cond, string) do {} while (0)
 
 #endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
 
@@ -169,7 +169,7 @@
  *
  */
 typedef size_t mbedtls_mps_stored_size_t;
-#define MBEDTLS_MPS_STORED_SIZE_MAX  ( (mbedtls_mps_stored_size_t) -1 )
+#define MBEDTLS_MPS_STORED_SIZE_MAX  ((mbedtls_mps_stored_size_t) -1)
 
 /** \brief The type of buffer sizes and offsets used in the MPS API
  *         and implementation.
@@ -183,7 +183,7 @@
  *         so almost 10%.
  */
 typedef size_t mbedtls_mps_size_t;
-#define MBEDTLS_MPS_SIZE_MAX  ( (mbedtls_mps_size_t) -1 )
+#define MBEDTLS_MPS_SIZE_MAX  ((mbedtls_mps_size_t) -1)
 
 #if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX
 #error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
diff --git a/library/mps_error.h b/library/mps_error.h
index f78d9a0..15570d2 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -45,14 +45,14 @@
  */
 
 #ifndef MBEDTLS_MPS_ERR_BASE
-#define MBEDTLS_MPS_ERR_BASE ( 0 )
+#define MBEDTLS_MPS_ERR_BASE (0)
 #endif
 
 #define MBEDTLS_MPS_MAKE_ERROR(code) \
-    ( -( MBEDTLS_MPS_ERR_BASE | (code) ) )
+    (-(MBEDTLS_MPS_ERR_BASE | (code)))
 
-#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED  MBEDTLS_MPS_MAKE_ERROR( 0x1 )
-#define MBEDTLS_ERR_MPS_INTERNAL_ERROR        MBEDTLS_MPS_MAKE_ERROR( 0x2 )
+#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED  MBEDTLS_MPS_MAKE_ERROR(0x1)
+#define MBEDTLS_ERR_MPS_INTERNAL_ERROR        MBEDTLS_MPS_MAKE_ERROR(0x2)
 
 /* \} name SECTION: MPS general error codes */
 
@@ -63,40 +63,40 @@
  */
 
 #ifndef MBEDTLS_MPS_READER_ERR_BASE
-#define MBEDTLS_MPS_READER_ERR_BASE ( 1 << 8 )
+#define MBEDTLS_MPS_READER_ERR_BASE (1 << 8)
 #endif
 
 #define MBEDTLS_MPS_READER_MAKE_ERROR(code) \
-    ( -( MBEDTLS_MPS_READER_ERR_BASE | (code) ) )
+    (-(MBEDTLS_MPS_READER_ERR_BASE | (code)))
 
 /*! An attempt to reclaim the data buffer from a reader failed because
  *  the user hasn't yet read and committed all of it. */
-#define MBEDTLS_ERR_MPS_READER_DATA_LEFT             MBEDTLS_MPS_READER_MAKE_ERROR( 0x1 )
+#define MBEDTLS_ERR_MPS_READER_DATA_LEFT             MBEDTLS_MPS_READER_MAKE_ERROR(0x1)
 
 /*! An invalid argument was passed to the reader. */
-#define MBEDTLS_ERR_MPS_READER_INVALID_ARG           MBEDTLS_MPS_READER_MAKE_ERROR( 0x2 )
+#define MBEDTLS_ERR_MPS_READER_INVALID_ARG           MBEDTLS_MPS_READER_MAKE_ERROR(0x2)
 
 /*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed()
  *  after pausing failed because the provided data is not sufficient to serve the
  *  read requests that led to the pausing. */
-#define MBEDTLS_ERR_MPS_READER_NEED_MORE             MBEDTLS_MPS_READER_MAKE_ERROR( 0x3 )
+#define MBEDTLS_ERR_MPS_READER_NEED_MORE             MBEDTLS_MPS_READER_MAKE_ERROR(0x3)
 
 /*! A get request failed because not enough data is available in the reader. */
-#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA           MBEDTLS_MPS_READER_MAKE_ERROR( 0x4 )
+#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA           MBEDTLS_MPS_READER_MAKE_ERROR(0x4)
 
 /*!< A get request after pausing and reactivating the reader failed because
  *   the request is not in line with the request made prior to pausing. The user
  *   must not change it's 'strategy' after pausing and reactivating a reader. */
-#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR( 0x5 )
+#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR(0x5)
 
 /*! An attempt to reclaim the data buffer from a reader failed because the reader
  *  has no accumulator it can use to backup the data that hasn't been processed. */
-#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR      MBEDTLS_MPS_READER_MAKE_ERROR( 0x6 )
+#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR      MBEDTLS_MPS_READER_MAKE_ERROR(0x6)
 
 /*! An attempt to reclaim the data buffer from a reader failed because the
  *  accumulator passed to the reader is not large enough to hold both the
  *  data that hasn't been processed and the excess of the last read-request. */
-#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR( 0x7 )
+#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR(0x7)
 
 /* \} name SECTION: MPS Reader error codes */
 
diff --git a/library/mps_reader.c b/library/mps_reader.c
index df97b6c..dc2a91c 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -67,54 +67,56 @@
  */
 
 static inline int mps_reader_is_accumulating(
-    mbedtls_mps_reader const *rd )
+    mbedtls_mps_reader const *rd)
 {
     mbedtls_mps_size_t acc_remaining;
-    if( rd->acc == NULL )
-        return( 0 );
+    if (rd->acc == NULL) {
+        return 0;
+    }
 
     acc_remaining = rd->acc_share.acc_remaining;
-    return( acc_remaining > 0 );
+    return acc_remaining > 0;
 }
 
 static inline int mps_reader_is_producing(
-    mbedtls_mps_reader const *rd )
+    mbedtls_mps_reader const *rd)
 {
     unsigned char *frag = rd->frag;
-    return( frag == NULL );
+    return frag == NULL;
 }
 
 static inline int mps_reader_is_consuming(
-    mbedtls_mps_reader const *rd )
+    mbedtls_mps_reader const *rd)
 {
-    return( !mps_reader_is_producing( rd ) );
+    return !mps_reader_is_producing(rd);
 }
 
 static inline mbedtls_mps_size_t mps_reader_get_fragment_offset(
-    mbedtls_mps_reader const *rd )
+    mbedtls_mps_reader const *rd)
 {
     unsigned char *acc = rd->acc;
     mbedtls_mps_size_t frag_offset;
 
-    if( acc == NULL )
-        return( 0 );
+    if (acc == NULL) {
+        return 0;
+    }
 
     frag_offset = rd->acc_share.frag_offset;
-    return( frag_offset );
+    return frag_offset;
 }
 
 static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator(
-    mbedtls_mps_reader const *rd )
+    mbedtls_mps_reader const *rd)
 {
     mbedtls_mps_size_t frag_offset, end;
 
-    frag_offset = mps_reader_get_fragment_offset( rd );
+    frag_offset = mps_reader_get_fragment_offset(rd);
     end = rd->end;
 
-    return( end < frag_offset );
+    return end < frag_offset;
 }
 
-static inline void mps_reader_zero( mbedtls_mps_reader *rd )
+static inline void mps_reader_zero(mbedtls_mps_reader *rd)
 {
     /* A plain memset() would likely be more efficient,
      * but the current way of zeroing makes it harder
@@ -123,56 +125,56 @@
      * doesn't require reasoning about structs being
      * interpreted as unstructured binary blobs. */
     static mbedtls_mps_reader const zero =
-        { .frag          = NULL,
-          .frag_len      = 0,
-          .commit        = 0,
-          .end           = 0,
-          .pending       = 0,
-          .acc           = NULL,
-          .acc_len       = 0,
-          .acc_available = 0,
-          .acc_share     = { .acc_remaining = 0 }
-        };
+    { .frag          = NULL,
+      .frag_len      = 0,
+      .commit        = 0,
+      .end           = 0,
+      .pending       = 0,
+      .acc           = NULL,
+      .acc_len       = 0,
+      .acc_available = 0,
+      .acc_share     = { .acc_remaining = 0 } };
     *rd = zero;
 }
 
-int mbedtls_mps_reader_init( mbedtls_mps_reader *rd,
-                             unsigned char *acc,
-                             mbedtls_mps_size_t acc_len )
+int mbedtls_mps_reader_init(mbedtls_mps_reader *rd,
+                            unsigned char *acc,
+                            mbedtls_mps_size_t acc_len)
 {
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_init" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Accumulator size: %u bytes", (unsigned) acc_len );
-    mps_reader_zero( rd );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_init");
+    MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                      "* Accumulator size: %u bytes", (unsigned) acc_len);
+    mps_reader_zero(rd);
     rd->acc = acc;
     rd->acc_len = acc_len;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
-int mbedtls_mps_reader_free( mbedtls_mps_reader *rd )
+int mbedtls_mps_reader_free(mbedtls_mps_reader *rd)
 {
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_free" );
-    mps_reader_zero( rd );
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_free");
+    mps_reader_zero(rd);
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd,
-                             unsigned char *new_frag,
-                             mbedtls_mps_size_t new_frag_len )
+int mbedtls_mps_reader_feed(mbedtls_mps_reader *rd,
+                            unsigned char *new_frag,
+                            mbedtls_mps_size_t new_frag_len)
 {
     mbedtls_mps_size_t copy_to_acc;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_feed" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Fragment length: %u bytes", (unsigned) new_frag_len );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_feed");
+    MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                      "* Fragment length: %u bytes", (unsigned) new_frag_len);
 
-    if( new_frag == NULL )
-        MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_INVALID_ARG );
+    if (new_frag == NULL) {
+        MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_INVALID_ARG);
+    }
 
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_producing( rd ),
-        "mbedtls_mps_reader_feed() requires reader to be in producing mode" );
+    MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_producing(
+                                       rd),
+                                   "mbedtls_mps_reader_feed() requires reader to be in producing mode");
 
-    if( mps_reader_is_accumulating( rd ) )
-    {
+    if (mps_reader_is_accumulating(rd)) {
         unsigned char *acc    = rd->acc;
         mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining;
         mbedtls_mps_size_t acc_available = rd->acc_available;
@@ -181,39 +183,38 @@
         acc += acc_available;
 
         copy_to_acc = acc_remaining;
-        if( copy_to_acc > new_frag_len )
+        if (copy_to_acc > new_frag_len) {
             copy_to_acc = new_frag_len;
+        }
 
         /* Copy new contents to accumulator. */
-        memcpy( acc, new_frag, copy_to_acc );
+        memcpy(acc, new_frag, copy_to_acc);
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                "Copy new data of size %u of %u into accumulator at offset %u",
-                (unsigned) copy_to_acc, (unsigned) new_frag_len, (unsigned) acc_available );
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Copy new data of size %u of %u into accumulator at offset %u",
+                          (unsigned) copy_to_acc, (unsigned) new_frag_len,
+                          (unsigned) acc_available);
 
         /* Check if, with the new fragment, we have enough data. */
         acc_remaining -= copy_to_acc;
-        if( acc_remaining > 0 )
-        {
+        if (acc_remaining > 0) {
             /* We need to accumulate more data. Stay in producing mode. */
             acc_available += copy_to_acc;
             rd->acc_share.acc_remaining = acc_remaining;
             rd->acc_available = acc_available;
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_NEED_MORE );
+            MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_NEED_MORE);
         }
 
         /* We have filled the accumulator: Move to consuming mode. */
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Enough data available to serve user request" );
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Enough data available to serve user request");
 
         /* Remember overlap of accumulator and fragment. */
         rd->acc_share.frag_offset = acc_available;
         acc_available += copy_to_acc;
         rd->acc_available = acc_available;
-    }
-    else /* Not accumulating */
-    {
+    } else { /* Not accumulating */
         rd->acc_share.frag_offset = 0;
     }
 
@@ -221,30 +222,30 @@
     rd->frag_len = new_frag_len;
     rd->commit = 0;
     rd->end = 0;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
 
-int mbedtls_mps_reader_get( mbedtls_mps_reader *rd,
-                            mbedtls_mps_size_t desired,
-                            unsigned char **buffer,
-                            mbedtls_mps_size_t *buflen )
+int mbedtls_mps_reader_get(mbedtls_mps_reader *rd,
+                           mbedtls_mps_size_t desired,
+                           unsigned char **buffer,
+                           mbedtls_mps_size_t *buflen)
 {
     unsigned char *frag;
     mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_get" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Bytes requested: %u", (unsigned) desired );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_get");
+    MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                      "* Bytes requested: %u", (unsigned) desired);
 
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-          "mbedtls_mps_reader_get() requires reader to be in consuming mode" );
+    MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+                                       rd),
+                                   "mbedtls_mps_reader_get() requires reader to be in consuming mode");
 
     end = rd->end;
-    frag_offset = mps_reader_get_fragment_offset( rd );
+    frag_offset = mps_reader_get_fragment_offset(rd);
 
     /* Check if we're still serving from the accumulator. */
-    if( mps_reader_serving_from_accumulator( rd ) )
-    {
+    if (mps_reader_serving_from_accumulator(rd)) {
         /* Illustration of supported and unsupported cases:
          *
          * - Allowed #1
@@ -310,14 +311,12 @@
 
         unsigned char *acc;
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Serve the request from the accumulator" );
-        if( frag_offset - end < desired )
-        {
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Serve the request from the accumulator");
+        if (frag_offset - end < desired) {
             mbedtls_mps_size_t acc_available;
             acc_available = rd->acc_available;
-            if( acc_available - end != desired )
-            {
+            if (acc_available - end != desired) {
                 /* It might be possible to serve some of these situations by
                  * making additional space in the accumulator, removing those
                  * parts that have already been committed.
@@ -329,7 +328,7 @@
                  * the library, this check is a good opportunity to
                  * validate this. */
                 MBEDTLS_MPS_TRACE_RETURN(
-                    MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
+                    MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
             }
         }
 
@@ -337,19 +336,20 @@
         acc += end;
 
         *buffer = acc;
-        if( buflen != NULL )
+        if (buflen != NULL) {
             *buflen = desired;
+        }
 
         end += desired;
         rd->end = end;
         rd->pending = 0;
 
-        MBEDTLS_MPS_TRACE_RETURN( 0 );
+        MBEDTLS_MPS_TRACE_RETURN(0);
     }
 
     /* Attempt to serve the request from the current fragment */
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Serve the request from the current fragment." );
+    MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                      "Serve the request from the current fragment.");
 
     frag_len = rd->frag_len;
     frag_fetched = end - frag_offset; /* The amount of data from the current
@@ -358,23 +358,20 @@
     frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */
 
     /* Check if we can serve the read request from the fragment. */
-    if( frag_remaining < desired )
-    {
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "There's not enough data in the current fragment "
-                           "to serve the request." );
+    if (frag_remaining < desired) {
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "There's not enough data in the current fragment "
+                          "to serve the request.");
         /* There's not enough data in the current fragment,
          * so either just RETURN what we have or fail. */
-        if( buflen == NULL )
-        {
-            if( frag_remaining > 0 )
-            {
+        if (buflen == NULL) {
+            if (frag_remaining > 0) {
                 rd->pending = desired - frag_remaining;
-                MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Remember to collect %u bytes before re-opening",
-                       (unsigned) rd->pending );
+                MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                                  "Remember to collect %u bytes before re-opening",
+                                  (unsigned) rd->pending);
             }
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+            MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
         }
 
         desired = frag_remaining;
@@ -387,41 +384,45 @@
     frag += frag_fetched;
 
     *buffer = frag;
-    if( buflen != NULL )
+    if (buflen != NULL) {
         *buflen = desired;
+    }
 
     end += desired;
     rd->end = end;
     rd->pending = 0;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *rd )
+int mbedtls_mps_reader_commit(mbedtls_mps_reader *rd)
 {
     mbedtls_mps_size_t end;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_commit" );
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-       "mbedtls_mps_reader_commit() requires reader to be in consuming mode" );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_commit");
+    MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+                                       rd),
+                                   "mbedtls_mps_reader_commit() requires reader to be in consuming mode");
 
     end = rd->end;
     rd->commit = end;
 
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
-                                int *paused )
+int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *rd,
+                               int *paused)
 {
     unsigned char *frag, *acc;
     mbedtls_mps_size_t pending, commit;
     mbedtls_mps_size_t acc_len, frag_offset, frag_len;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_reclaim" );
+    MBEDTLS_MPS_TRACE_INIT("mbedtls_mps_reader_reclaim");
 
-    if( paused != NULL )
+    if (paused != NULL) {
         *paused = 0;
+    }
 
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-       "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode" );
+    MBEDTLS_MPS_STATE_VALIDATE_RAW(mps_reader_is_consuming(
+                                       rd),
+                                   "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode");
 
     frag     = rd->frag;
     acc      = rd->acc;
@@ -429,30 +430,26 @@
     commit   = rd->commit;
     frag_len = rd->frag_len;
 
-    frag_offset = mps_reader_get_fragment_offset( rd );
+    frag_offset = mps_reader_get_fragment_offset(rd);
 
-    if( pending == 0 )
-    {
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "No unsatisfied read-request has been logged." );
+    if (pending == 0) {
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "No unsatisfied read-request has been logged.");
 
         /* Check if there's data left to be consumed. */
-        if( commit < frag_offset || commit - frag_offset < frag_len )
-        {
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                               "There is data left to be consumed." );
+        if (commit < frag_offset || commit - frag_offset < frag_len) {
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                              "There is data left to be consumed.");
             rd->end = commit;
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_DATA_LEFT );
+            MBEDTLS_MPS_TRACE_RETURN(MBEDTLS_ERR_MPS_READER_DATA_LEFT);
         }
 
         rd->acc_available = 0;
         rd->acc_share.acc_remaining = 0;
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Fragment has been fully processed and committed." );
-    }
-    else
-    {
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Fragment has been fully processed and committed.");
+    } else {
         int overflow;
 
         mbedtls_mps_size_t acc_backup_offset;
@@ -463,31 +460,27 @@
         mbedtls_mps_size_t backup_len;
         mbedtls_mps_size_t acc_len_needed;
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-               "There has been an unsatisfied read with %u bytes overhead.",
-               (unsigned) pending );
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "There has been an unsatisfied read with %u bytes overhead.",
+                          (unsigned) pending);
 
-        if( acc == NULL )
-        {
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                               "No accumulator present" );
+        if (acc == NULL) {
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                              "No accumulator present");
             MBEDTLS_MPS_TRACE_RETURN(
-                MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR );
+                MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
         }
         acc_len = rd->acc_len;
 
         /* Check if the upper layer has already fetched
          * and committed the contents of the accumulator. */
-        if( commit < frag_offset )
-        {
+        if (commit < frag_offset) {
             /* No, accumulator is still being processed. */
             frag_backup_offset = 0;
             frag_backup_len = frag_len;
             acc_backup_offset = commit;
             acc_backup_len = frag_offset - commit;
-        }
-        else
-        {
+        } else {
             /* Yes, the accumulator is already processed. */
             frag_backup_offset = commit - frag_offset;
             frag_backup_len = frag_len - frag_backup_offset;
@@ -499,47 +492,47 @@
         acc_len_needed = backup_len + pending;
 
         overflow  = 0;
-        overflow |= ( backup_len     < acc_backup_len );
-        overflow |= ( acc_len_needed < backup_len );
+        overflow |= (backup_len     < acc_backup_len);
+        overflow |= (acc_len_needed < backup_len);
 
-        if( overflow || acc_len < acc_len_needed )
-        {
+        if (overflow || acc_len < acc_len_needed) {
             /* Except for the different return code, we behave as if
              * there hadn't been a call to mbedtls_mps_reader_get()
              * since the last commit. */
             rd->end = commit;
             rd->pending = 0;
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "The accumulator is too small to handle the backup." );
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "* Size: %u", (unsigned) acc_len );
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "* Needed: %u (%u + %u)",
-                               (unsigned) acc_len_needed,
-                               (unsigned) backup_len, (unsigned) pending );
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+                              "The accumulator is too small to handle the backup.");
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+                              "* Size: %u", (unsigned) acc_len);
+            MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_ERROR,
+                              "* Needed: %u (%u + %u)",
+                              (unsigned) acc_len_needed,
+                              (unsigned) backup_len, (unsigned) pending);
             MBEDTLS_MPS_TRACE_RETURN(
-                MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+                MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
         }
 
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                         "Fragment backup: %u", (unsigned) frag_backup_len );
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                         "Accumulator backup: %u", (unsigned) acc_backup_len );
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Fragment backup: %u", (unsigned) frag_backup_len);
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                          "Accumulator backup: %u", (unsigned) acc_backup_len);
 
         /* Move uncommitted parts from the accumulator to the front
          * of the accumulator. */
-        memmove( acc, acc + acc_backup_offset, acc_backup_len );
+        memmove(acc, acc + acc_backup_offset, acc_backup_len);
 
         /* Copy uncommitted parts of the current fragment to the
          * accumulator. */
-        memcpy( acc + acc_backup_len,
-                frag + frag_backup_offset, frag_backup_len );
+        memcpy(acc + acc_backup_len,
+               frag + frag_backup_offset, frag_backup_len);
 
         rd->acc_available = backup_len;
         rd->acc_share.acc_remaining = pending;
 
-        if( paused != NULL )
+        if (paused != NULL) {
             *paused = 1;
+        }
     }
 
     rd->frag     = NULL;
@@ -549,11 +542,11 @@
     rd->end     = 0;
     rd->pending = 0;
 
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Final state: aa %u, al %u, ar %u",
-                       (unsigned) rd->acc_available, (unsigned) rd->acc_len,
-                       (unsigned) rd->acc_share.acc_remaining );
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
+    MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_COMMENT,
+                      "Final state: aa %u, al %u, ar %u",
+                      (unsigned) rd->acc_available, (unsigned) rd->acc_len,
+                      (unsigned) rd->acc_share.acc_remaining);
+    MBEDTLS_MPS_TRACE_RETURN(0);
 }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/mps_reader.h b/library/mps_reader.h
index 427c1bd..bff6705 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -134,8 +134,7 @@
  * Structure definitions
  */
 
-struct mbedtls_mps_reader
-{
+struct mbedtls_mps_reader {
     unsigned char *frag;  /*!< The fragment of incoming data managed by
                            *   the reader; it is provided to the reader
                            *   through mbedtls_mps_reader_feed(). The reader
@@ -146,46 +145,46 @@
                            *   The reader is in consuming mode if
                            *   and only if \c frag is not \c NULL.          */
     mbedtls_mps_stored_size_t frag_len;
-                          /*!< The length of the current fragment.
-                           *   Must be 0 if \c frag == \c NULL.             */
+    /*!< The length of the current fragment.
+     *   Must be 0 if \c frag == \c NULL.             */
     mbedtls_mps_stored_size_t commit;
-                          /*!< The offset of the last commit, relative
-                           *   to the first byte in the fragment, if
-                           *   no accumulator is present. If an accumulator
-                           *   is present, it is viewed as a prefix to the
-                           *   current fragment, and this variable contains
-                           *   an offset from the beginning of the accumulator.
-                           *
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
+    /*!< The offset of the last commit, relative
+     *   to the first byte in the fragment, if
+     *   no accumulator is present. If an accumulator
+     *   is present, it is viewed as a prefix to the
+     *   current fragment, and this variable contains
+     *   an offset from the beginning of the accumulator.
+     *
+     *   This is only used when the reader is in
+     *   consuming mode, i.e. \c frag != \c NULL;
+     *   otherwise, its value is \c 0.                */
     mbedtls_mps_stored_size_t end;
-                          /*!< The offset of the end of the last chunk
-                           *   passed to the user through a call to
-                           *   mbedtls_mps_reader_get(), relative to the first
-                           *   byte in the fragment, if no accumulator is
-                           *   present. If an accumulator is present, it is
-                           *   viewed as a prefix to the current fragment, and
-                           *   this variable contains an offset from the
-                           *   beginning of the accumulator.
-                           *
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
+    /*!< The offset of the end of the last chunk
+     *   passed to the user through a call to
+     *   mbedtls_mps_reader_get(), relative to the first
+     *   byte in the fragment, if no accumulator is
+     *   present. If an accumulator is present, it is
+     *   viewed as a prefix to the current fragment, and
+     *   this variable contains an offset from the
+     *   beginning of the accumulator.
+     *
+     *   This is only used when the reader is in
+     *   consuming mode, i.e. \c frag != \c NULL;
+     *   otherwise, its value is \c 0.                */
     mbedtls_mps_stored_size_t pending;
-                          /*!< The amount of incoming data missing on the
-                           *   last call to mbedtls_mps_reader_get().
-                           *   In particular, it is \c 0 if the last call
-                           *   was successful.
-                           *   If a reader is reclaimed after an
-                           *   unsuccessful call to mbedtls_mps_reader_get(),
-                           *   this variable is used to have the reader
-                           *   remember how much data should be accumulated
-                           *   so that the call to mbedtls_mps_reader_get()
-                           *   succeeds next time.
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
+    /*!< The amount of incoming data missing on the
+     *   last call to mbedtls_mps_reader_get().
+     *   In particular, it is \c 0 if the last call
+     *   was successful.
+     *   If a reader is reclaimed after an
+     *   unsuccessful call to mbedtls_mps_reader_get(),
+     *   this variable is used to have the reader
+     *   remember how much data should be accumulated
+     *   so that the call to mbedtls_mps_reader_get()
+     *   succeeds next time.
+     *   This is only used when the reader is in
+     *   consuming mode, i.e. \c frag != \c NULL;
+     *   otherwise, its value is \c 0.                */
 
     /* The accumulator is only needed if we need to be able to pause
      * the reader. A few bytes could be saved by moving this to a
@@ -195,32 +194,31 @@
                            *   data if a read-request via mbedtls_mps_reader_get()
                            *   cannot be served from the current fragment.   */
     mbedtls_mps_stored_size_t acc_len;
-                           /*!< The total size of the accumulator.           */
+    /*!< The total size of the accumulator.           */
     mbedtls_mps_stored_size_t acc_available;
-                          /*!< The number of bytes currently gathered in
-                           *   the accumulator. This is both used in
-                           *   producing and in consuming mode:
-                           *   While producing, it is increased until
-                           *   it reaches the value of \c acc_remaining below.
-                           *   While consuming, it is used to judge if a
-                           *   get request can be served from the
-                           *   accumulator or not.
-                           *   Must not be larger than \c acc_len.           */
-    union
-    {
+    /*!< The number of bytes currently gathered in
+     *   the accumulator. This is both used in
+     *   producing and in consuming mode:
+     *   While producing, it is increased until
+     *   it reaches the value of \c acc_remaining below.
+     *   While consuming, it is used to judge if a
+     *   get request can be served from the
+     *   accumulator or not.
+     *   Must not be larger than \c acc_len.           */
+    union {
         mbedtls_mps_stored_size_t acc_remaining;
-                              /*!< This indicates the amount of data still
-                               *   to be gathered in the accumulator. It is
-                               *   only used in producing mode.
-                               *   Must be at most acc_len - acc_available.  */
+        /*!< This indicates the amount of data still
+         *   to be gathered in the accumulator. It is
+         *   only used in producing mode.
+         *   Must be at most acc_len - acc_available.  */
         mbedtls_mps_stored_size_t frag_offset;
-                              /*!< If an accumulator is present and in use, this
-                               *   field indicates the offset of the current
-                               *   fragment from the beginning of the
-                               *   accumulator. If no accumulator is present
-                               *   or the accumulator is not in use, this is \c 0.
-                               *   It is only used in consuming mode.
-                               *   Must not be larger than \c acc_available. */
+        /*!< If an accumulator is present and in use, this
+         *   field indicates the offset of the current
+         *   fragment from the beginning of the
+         *   accumulator. If no accumulator is present
+         *   or the accumulator is not in use, this is \c 0.
+         *   It is only used in consuming mode.
+         *   Must not be larger than \c acc_available. */
     } acc_share;
 };
 
@@ -254,9 +252,9 @@
  * \return          \c 0 on success.
  * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
  */
-int mbedtls_mps_reader_init( mbedtls_mps_reader *reader,
-                             unsigned char *acc,
-                             mbedtls_mps_size_t acc_len );
+int mbedtls_mps_reader_init(mbedtls_mps_reader *reader,
+                            unsigned char *acc,
+                            mbedtls_mps_size_t acc_len);
 
 /**
  * \brief           Free a reader object
@@ -266,7 +264,7 @@
  * \return          \c 0 on success.
  * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
  */
-int mbedtls_mps_reader_free( mbedtls_mps_reader *reader );
+int mbedtls_mps_reader_free(mbedtls_mps_reader *reader);
 
 /**
  * \brief           Pass chunk of data for the reader to manage.
@@ -291,9 +289,9 @@
  * \return          Another negative \c MBEDTLS_ERR_READER_XXX error code on
  *                  different kinds of failures.
  */
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *reader,
-                             unsigned char *buf,
-                             mbedtls_mps_size_t buflen );
+int mbedtls_mps_reader_feed(mbedtls_mps_reader *reader,
+                            unsigned char *buf,
+                            mbedtls_mps_size_t buflen);
 
 /**
  * \brief           Reclaim reader's access to the current input buffer.
@@ -310,8 +308,8 @@
  * \return          \c 0 on success.
  * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
  */
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *reader,
-                                int *paused );
+int mbedtls_mps_reader_reclaim(mbedtls_mps_reader *reader,
+                               int *paused);
 
 /*
  * Usage API (Upper layer)
@@ -353,10 +351,10 @@
  *                  address as buflen and checking \c *buflen == \c desired
  *                  afterwards.
  */
-int mbedtls_mps_reader_get( mbedtls_mps_reader *reader,
-                            mbedtls_mps_size_t desired,
-                            unsigned char **buffer,
-                            mbedtls_mps_size_t *buflen );
+int mbedtls_mps_reader_get(mbedtls_mps_reader *reader,
+                           mbedtls_mps_size_t desired,
+                           unsigned char **buffer,
+                           mbedtls_mps_size_t *buflen);
 
 /**
  * \brief         Mark data obtained from mbedtls_mps_reader_get() as processed.
@@ -377,6 +375,6 @@
  * \return        A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
  *
  */
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *reader );
+int mbedtls_mps_reader_commit(mbedtls_mps_reader *reader);
 
 #endif /* MBEDTLS_READER_H */
diff --git a/library/mps_trace.c b/library/mps_trace.c
index e8b4e1b..9ba1f85 100644
--- a/library/mps_trace.c
+++ b/library/mps_trace.c
@@ -41,7 +41,7 @@
 #define color_cyan     "\x1B[1;36m"
 #define color_white    "\x1B[1;37m"
 
-static char const * colors[] =
+static char const *colors[] =
 {
     color_default,
     color_green,
@@ -54,19 +54,18 @@
 
 #define MPS_TRACE_BUF_SIZE 100
 
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... )
+void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...)
 {
     int ret;
     char str[MPS_TRACE_BUF_SIZE];
     va_list argp;
-    va_start( argp, format );
-    ret = mbedtls_vsnprintf( str, MPS_TRACE_BUF_SIZE, format, argp );
-    va_end( argp );
+    va_start(argp, format);
+    ret = mbedtls_vsnprintf(str, MPS_TRACE_BUF_SIZE, format, argp);
+    va_end(argp);
 
-    if( ret >= 0 && ret < MPS_TRACE_BUF_SIZE )
-    {
+    if (ret >= 0 && ret < MPS_TRACE_BUF_SIZE) {
         str[ret] = '\0';
-        mbedtls_printf( "[%d|L%d]: %s\n", id, line, str );
+        mbedtls_printf("[%d|L%d]: %s\n", id, line, str);
     }
 }
 
@@ -83,39 +82,39 @@
     trace_depth++;
 }
 
-void mbedtls_mps_trace_color( int id )
+void mbedtls_mps_trace_color(int id)
 {
-    if( id > (int) ( sizeof( colors ) / sizeof( *colors ) ) )
+    if (id > (int) (sizeof(colors) / sizeof(*colors))) {
         return;
-    printf( "%s", colors[ id ] );
+    }
+    printf("%s", colors[id]);
 }
 
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty )
+void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty)
 {
-    if( level > 0 )
-    {
-        while( --level )
-            printf( "|  " );
+    if (level > 0) {
+        while (--level) {
+            printf("|  ");
+        }
 
-        printf( "|  " );
+        printf("|  ");
     }
 
-    switch( ty )
-    {
+    switch (ty) {
         case MBEDTLS_MPS_TRACE_TYPE_COMMENT:
-            mbedtls_printf( "@ " );
+            mbedtls_printf("@ ");
             break;
 
         case MBEDTLS_MPS_TRACE_TYPE_CALL:
-            mbedtls_printf( "+--> " );
+            mbedtls_printf("+--> ");
             break;
 
         case MBEDTLS_MPS_TRACE_TYPE_ERROR:
-            mbedtls_printf( "E " );
+            mbedtls_printf("E ");
             break;
 
         case MBEDTLS_MPS_TRACE_TYPE_RETURN:
-            mbedtls_printf( "< " );
+            mbedtls_printf("< ");
             break;
 
         default:
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 820a1b6..6f0455f 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -52,8 +52,7 @@
  * rest of this file.
  */
 
-typedef enum
-{
+typedef enum {
     MBEDTLS_MPS_TRACE_TYPE_COMMENT,
     MBEDTLS_MPS_TRACE_TYPE_CALL,
     MBEDTLS_MPS_TRACE_TYPE_ERROR,
@@ -68,101 +67,101 @@
 #define MBEDTLS_MPS_TRACE_BIT_READER  6
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0
 #endif
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0
 #endif
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0
 #endif
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4 )
+#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0
 #endif
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_READER)
-#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER )
+#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_READER 0
 #endif
 
 #if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER)
-#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER )
+#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER)
 #else
 #define MBEDTLS_MPS_TRACE_MASK_WRITER 0
 #endif
 
-#define MBEDTLS_MPS_TRACE_MASK ( MBEDTLS_MPS_TRACE_MASK_LAYER_1 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_2 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_3 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_4 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_READER  |       \
-                                 MBEDTLS_MPS_TRACE_MASK_WRITER )
+#define MBEDTLS_MPS_TRACE_MASK (MBEDTLS_MPS_TRACE_MASK_LAYER_1 |       \
+                                MBEDTLS_MPS_TRACE_MASK_LAYER_2 |       \
+                                MBEDTLS_MPS_TRACE_MASK_LAYER_3 |       \
+                                MBEDTLS_MPS_TRACE_MASK_LAYER_4 |       \
+                                MBEDTLS_MPS_TRACE_MASK_READER  |       \
+                                MBEDTLS_MPS_TRACE_MASK_WRITER)
 
 /* We have to avoid globals because E-ACSL chokes on them...
  * Wrap everything in stub functions. */
-int  mbedtls_mps_trace_get_depth( void );
-void mbedtls_mps_trace_inc_depth( void );
-void mbedtls_mps_trace_dec_depth( void );
+int  mbedtls_mps_trace_get_depth(void);
+void mbedtls_mps_trace_inc_depth(void);
+void mbedtls_mps_trace_dec_depth(void);
 
-void mbedtls_mps_trace_color( int id );
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty );
+void mbedtls_mps_trace_color(int id);
+void mbedtls_mps_trace_indent(int level, mbedtls_mps_trace_type ty);
 
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... );
+void mbedtls_mps_trace_print_msg(int id, int line, const char *format, ...);
 
-#define MBEDTLS_MPS_TRACE( type, ... )                                              \
+#define MBEDTLS_MPS_TRACE(type, ...)                                              \
     do {                                                                            \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) )         \
-            break;                                                                  \
-        mbedtls_mps_trace_indent( mbedtls_mps_trace_get_depth(), type );            \
-        mbedtls_mps_trace_color( mbedtls_mps_trace_id );                            \
-        mbedtls_mps_trace_print_msg( mbedtls_mps_trace_id, __LINE__, __VA_ARGS__ ); \
-        mbedtls_mps_trace_color( 0 );                                               \
-    } while( 0 )
+        if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id)))         \
+        break;                                                                  \
+        mbedtls_mps_trace_indent(mbedtls_mps_trace_get_depth(), type);            \
+        mbedtls_mps_trace_color(mbedtls_mps_trace_id);                            \
+        mbedtls_mps_trace_print_msg(mbedtls_mps_trace_id, __LINE__, __VA_ARGS__); \
+        mbedtls_mps_trace_color(0);                                               \
+    } while (0)
 
-#define MBEDTLS_MPS_TRACE_INIT( ... )                                         \
+#define MBEDTLS_MPS_TRACE_INIT(...)                                         \
     do {                                                                      \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) )   \
-            break;                                                            \
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__ );        \
+        if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id)))   \
+        break;                                                            \
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__);        \
         mbedtls_mps_trace_inc_depth();                                        \
-    } while( 0 )
+    } while (0)
 
-#define MBEDTLS_MPS_TRACE_END( val )                                        \
+#define MBEDTLS_MPS_TRACE_END(val)                                        \
     do {                                                                    \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \
-            break;                                                          \
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)",    \
-               (int) (val), -((unsigned)(val)) );                           \
+        if (!(MBEDTLS_MPS_TRACE_MASK & (1u << mbedtls_mps_trace_id))) \
+        break;                                                          \
+        MBEDTLS_MPS_TRACE(MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)",    \
+                          (int) (val), -((unsigned) (val)));                           \
         mbedtls_mps_trace_dec_depth();                                      \
-    } while( 0 )
+    } while (0)
 
-#define MBEDTLS_MPS_TRACE_RETURN( val )         \
+#define MBEDTLS_MPS_TRACE_RETURN(val)         \
     do {                                        \
         /* Breaks tail recursion. */            \
         int ret__ = val;                        \
-        MBEDTLS_MPS_TRACE_END( ret__ );         \
-        return( ret__ );                        \
-    } while( 0 )
+        MBEDTLS_MPS_TRACE_END(ret__);         \
+        return ret__;                        \
+    } while (0)
 
 #else /* MBEDTLS_MPS_TRACE */
 
-#define MBEDTLS_MPS_TRACE( type, ... ) do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_INIT( ... )  do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_END          do { } while( 0 )
+#define MBEDTLS_MPS_TRACE(type, ...) do { } while (0)
+#define MBEDTLS_MPS_TRACE_INIT(...)  do { } while (0)
+#define MBEDTLS_MPS_TRACE_END          do { } while (0)
 
-#define MBEDTLS_MPS_TRACE_RETURN( val ) return( val );
+#define MBEDTLS_MPS_TRACE_RETURN(val) return val;
 
 #endif /* MBEDTLS_MPS_TRACE */
 
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 637b9f8..e63d08b 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -47,7 +47,7 @@
 #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
 
-#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
+#define IS_EINTR(ret) ((ret) == WSAEINTR)
 
 #if !defined(_WIN32_WINNT)
 /* Enables getaddrinfo() & Co */
@@ -70,8 +70,8 @@
 #endif
 #endif /* _MSC_VER */
 
-#define read(fd,buf,len)        recv( fd, (char*)( buf ), (int)( len ), 0 )
-#define write(fd,buf,len)       send( fd, (char*)( buf ), (int)( len ), 0 )
+#define read(fd, buf, len)        recv(fd, (char *) (buf), (int) (len), 0)
+#define write(fd, buf, len)       send(fd, (char *) (buf), (int) (len), 0)
 #define close(fd)               closesocket(fd)
 
 static int wsa_init_done = 0;
@@ -89,7 +89,7 @@
 #include <netdb.h>
 #include <errno.h>
 
-#define IS_EINTR( ret ) ( ( ret ) == EINTR )
+#define IS_EINTR(ret) ((ret) == EINTR)
 
 #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
 
@@ -112,25 +112,25 @@
 /*
  * Prepare for using the sockets interface
  */
-static int net_prepare( void )
+static int net_prepare(void)
 {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
     WSADATA wsaData;
 
-    if( wsa_init_done == 0 )
-    {
-        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+    if (wsa_init_done == 0) {
+        if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) {
+            return MBEDTLS_ERR_NET_SOCKET_FAILED;
+        }
 
         wsa_init_done = 1;
     }
 #else
 #if !defined(EFIX64) && !defined(EFI32)
-    signal( SIGPIPE, SIG_IGN );
+    signal(SIGPIPE, SIG_IGN);
 #endif
 #endif
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -138,10 +138,11 @@
  * If for_select != 0, check whether the file descriptor is within the range
  * allowed for fd_set used for the FD_xxx macros and the select() function.
  */
-static int check_fd( int fd, int for_select )
+static int check_fd(int fd, int for_select)
 {
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    if (fd < 0) {
+        return MBEDTLS_ERR_NET_INVALID_CONTEXT;
+    }
 
 #if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
@@ -151,17 +152,18 @@
      * that are strictly less than FD_SETSIZE. This is a limitation of the
      * fd_set type. Error out early, because attempting to call FD_SET on a
      * large file descriptor is a buffer overflow on typical platforms. */
-    if( for_select && fd >= FD_SETSIZE )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
+    if (for_select && fd >= FD_SETSIZE) {
+        return MBEDTLS_ERR_NET_POLL_FAILED;
+    }
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Initialize a context
  */
-void mbedtls_net_init( mbedtls_net_context *ctx )
+void mbedtls_net_init(mbedtls_net_context *ctx)
 {
     ctx->fd = -1;
 }
@@ -169,107 +171,103 @@
 /*
  * Initiate a TCP connection with host:port and the given protocol
  */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
-                         const char *port, int proto )
+int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host,
+                        const char *port, int proto)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     struct addrinfo hints, *addr_list, *cur;
 
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
+    if ((ret = net_prepare()) != 0) {
+        return ret;
+    }
 
     /* Do name resolution with both IPv6 and IPv4 */
-    memset( &hints, 0, sizeof( hints ) );
+    memset(&hints, 0, sizeof(hints));
     hints.ai_family = AF_UNSPEC;
     hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
     hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
 
-    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+    if (getaddrinfo(host, port, &hints, &addr_list) != 0) {
+        return MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    }
 
     /* Try the sockaddrs until a connection succeeds */
     ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
+    for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+        ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
+                               cur->ai_protocol);
+        if (ctx->fd < 0) {
             ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
             continue;
         }
 
-        if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
-        {
+        if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) {
             ret = 0;
             break;
         }
 
-        close( ctx->fd );
+        close(ctx->fd);
         ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
     }
 
-    freeaddrinfo( addr_list );
+    freeaddrinfo(addr_list);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Create a listening socket on bind_ip:port
  */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
+int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto)
 {
     int n, ret;
     struct addrinfo hints, *addr_list, *cur;
 
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
+    if ((ret = net_prepare()) != 0) {
+        return ret;
+    }
 
     /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
-    memset( &hints, 0, sizeof( hints ) );
+    memset(&hints, 0, sizeof(hints));
     hints.ai_family = AF_UNSPEC;
     hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
     hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-    if( bind_ip == NULL )
+    if (bind_ip == NULL) {
         hints.ai_flags = AI_PASSIVE;
+    }
 
-    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+    if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) {
+        return MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    }
 
     /* Try the sockaddrs until a binding succeeds */
     ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
+    for (cur = addr_list; cur != NULL; cur = cur->ai_next) {
+        ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype,
+                               cur->ai_protocol);
+        if (ctx->fd < 0) {
             ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
             continue;
         }
 
         n = 1;
-        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &n, sizeof( n ) ) != 0 )
-        {
-            close( ctx->fd );
+        if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+                       (const char *) &n, sizeof(n)) != 0) {
+            close(ctx->fd);
             ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
             continue;
         }
 
-        if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
-        {
-            close( ctx->fd );
+        if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
+            close(ctx->fd);
             ret = MBEDTLS_ERR_NET_BIND_FAILED;
             continue;
         }
 
         /* Listen only makes sense for TCP */
-        if( proto == MBEDTLS_NET_PROTO_TCP )
-        {
-            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
-            {
-                close( ctx->fd );
+        if (proto == MBEDTLS_NET_PROTO_TCP) {
+            if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
+                close(ctx->fd);
                 ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
                 continue;
             }
@@ -280,22 +278,22 @@
         break;
     }
 
-    freeaddrinfo( addr_list );
+    freeaddrinfo(addr_list);
 
-    return( ret );
+    return ret;
 
 }
 
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
 /*
  * Check if the requested operation would be blocking on a non-blocking socket
  * and thus 'failed' with a negative return value.
  */
-static int net_would_block( const mbedtls_net_context *ctx )
+static int net_would_block(const mbedtls_net_context *ctx)
 {
     ((void) ctx);
-    return( WSAGetLastError() == WSAEWOULDBLOCK );
+    return WSAGetLastError() == WSAEWOULDBLOCK;
 }
 #else
 /*
@@ -304,39 +302,37 @@
  *
  * Note: on a blocking socket this function always returns 0!
  */
-static int net_would_block( const mbedtls_net_context *ctx )
+static int net_would_block(const mbedtls_net_context *ctx)
 {
     int err = errno;
 
     /*
      * Never return 'WOULD BLOCK' on a blocking socket
      */
-    if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
-    {
+    if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) {
         errno = err;
-        return( 0 );
+        return 0;
     }
 
-    switch( errno = err )
-    {
+    switch (errno = err) {
 #if defined EAGAIN
         case EAGAIN:
 #endif
 #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
         case EWOULDBLOCK:
 #endif
-            return( 1 );
+    return 1;
     }
-    return( 0 );
+    return 0;
 }
 #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
 
 /*
  * Accept a connection from a remote client
  */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len )
+int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
+                       mbedtls_net_context *client_ctx,
+                       void *client_ip, size_t buf_size, size_t *ip_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int type;
@@ -346,132 +342,123 @@
 #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
     defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
     defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)
-    socklen_t n = (socklen_t) sizeof( client_addr );
-    socklen_t type_len = (socklen_t) sizeof( type );
+    socklen_t n = (socklen_t) sizeof(client_addr);
+    socklen_t type_len = (socklen_t) sizeof(type);
 #else
-    int n = (int) sizeof( client_addr );
-    int type_len = (int) sizeof( type );
+    int n = (int) sizeof(client_addr);
+    int type_len = (int) sizeof(type);
 #endif
 
     /* Is this a TCP or UDP socket? */
-    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
-                    (void *) &type, &type_len ) != 0 ||
-        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
-    {
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+    if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE,
+                   (void *) &type, &type_len) != 0 ||
+        (type != SOCK_STREAM && type != SOCK_DGRAM)) {
+        return MBEDTLS_ERR_NET_ACCEPT_FAILED;
     }
 
-    if( type == SOCK_STREAM )
-    {
+    if (type == SOCK_STREAM) {
         /* TCP: actual accept() */
-        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
-                                             (struct sockaddr *) &client_addr, &n );
-    }
-    else
-    {
+        ret = client_ctx->fd = (int) accept(bind_ctx->fd,
+                                            (struct sockaddr *) &client_addr, &n);
+    } else {
         /* UDP: wait for a message, but keep it in the queue */
         char buf[1] = { 0 };
 
-        ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
-                        (struct sockaddr *) &client_addr, &n );
+        ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK,
+                             (struct sockaddr *) &client_addr, &n);
 
 #if defined(_WIN32)
-        if( ret == SOCKET_ERROR &&
-            WSAGetLastError() == WSAEMSGSIZE )
-        {
+        if (ret == SOCKET_ERROR &&
+            WSAGetLastError() == WSAEMSGSIZE) {
             /* We know buf is too small, thanks, just peeking here */
             ret = 0;
         }
 #endif
     }
 
-    if( ret < 0 )
-    {
-        if( net_would_block( bind_ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
+    if (ret < 0) {
+        if (net_would_block(bind_ctx) != 0) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
 
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+        return MBEDTLS_ERR_NET_ACCEPT_FAILED;
     }
 
     /* UDP: hijack the listening socket to communicate with the client,
      * then bind a new socket to accept new connections */
-    if( type != SOCK_STREAM )
-    {
+    if (type != SOCK_STREAM) {
         struct sockaddr_storage local_addr;
         int one = 1;
 
-        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
-            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+        if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) {
+            return MBEDTLS_ERR_NET_ACCEPT_FAILED;
+        }
 
         client_ctx->fd = bind_ctx->fd;
         bind_ctx->fd   = -1; /* In case we exit early */
 
-        n = sizeof( struct sockaddr_storage );
-        if( getsockname( client_ctx->fd,
-                         (struct sockaddr *) &local_addr, &n ) != 0 ||
-            ( bind_ctx->fd = (int) socket( local_addr.ss_family,
-                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
-            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &one, sizeof( one ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+        n = sizeof(struct sockaddr_storage);
+        if (getsockname(client_ctx->fd,
+                        (struct sockaddr *) &local_addr, &n) != 0 ||
+            (bind_ctx->fd = (int) socket(local_addr.ss_family,
+                                         SOCK_DGRAM, IPPROTO_UDP)) < 0 ||
+            setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+                       (const char *) &one, sizeof(one)) != 0) {
+            return MBEDTLS_ERR_NET_SOCKET_FAILED;
         }
 
-        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_BIND_FAILED );
+        if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) {
+            return MBEDTLS_ERR_NET_BIND_FAILED;
         }
     }
 
-    if( client_ip != NULL )
-    {
-        if( client_addr.ss_family == AF_INET )
-        {
+    if (client_ip != NULL) {
+        if (client_addr.ss_family == AF_INET) {
             struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
-            *ip_len = sizeof( addr4->sin_addr.s_addr );
+            *ip_len = sizeof(addr4->sin_addr.s_addr);
 
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+            if (buf_size < *ip_len) {
+                return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
+            }
 
-            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
-        }
-        else
-        {
+            memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len);
+        } else {
             struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
-            *ip_len = sizeof( addr6->sin6_addr.s6_addr );
+            *ip_len = sizeof(addr6->sin6_addr.s6_addr);
 
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+            if (buf_size < *ip_len) {
+                return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL;
+            }
 
-            memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
+            memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Set the socket blocking or non-blocking
  */
-int mbedtls_net_set_block( mbedtls_net_context *ctx )
+int mbedtls_net_set_block(mbedtls_net_context *ctx)
 {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
     u_long n = 0;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+    return ioctlsocket(ctx->fd, FIONBIO, &n);
 #else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) );
+    return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK);
 #endif
 }
 
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
+int mbedtls_net_set_nonblock(mbedtls_net_context *ctx)
 {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
     !defined(EFI32)
     u_long n = 1;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+    return ioctlsocket(ctx->fd, FIONBIO, &n);
 #else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) );
+    return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK);
 #endif
 }
 
@@ -479,7 +466,7 @@
  * Check if data is available on the socket
  */
 
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
+int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     struct timeval tv;
@@ -489,207 +476,220 @@
 
     int fd = ctx->fd;
 
-    ret = check_fd( fd, 1 );
-    if( ret != 0 )
-        return( ret );
+    ret = check_fd(fd, 1);
+    if (ret != 0) {
+        return ret;
+    }
 
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
     /* Ensure that memory sanitizers consider read_fds and write_fds as
      * initialized even on platforms such as Glibc/x86_64 where FD_ZERO
      * is implemented in assembly. */
-    memset( &read_fds, 0, sizeof( read_fds ) );
-    memset( &write_fds, 0, sizeof( write_fds ) );
+    memset(&read_fds, 0, sizeof(read_fds));
+    memset(&write_fds, 0, sizeof(write_fds));
 #endif
 #endif
 
-    FD_ZERO( &read_fds );
-    if( rw & MBEDTLS_NET_POLL_READ )
-    {
+    FD_ZERO(&read_fds);
+    if (rw & MBEDTLS_NET_POLL_READ) {
         rw &= ~MBEDTLS_NET_POLL_READ;
-        FD_SET( fd, &read_fds );
+        FD_SET(fd, &read_fds);
     }
 
-    FD_ZERO( &write_fds );
-    if( rw & MBEDTLS_NET_POLL_WRITE )
-    {
+    FD_ZERO(&write_fds);
+    if (rw & MBEDTLS_NET_POLL_WRITE) {
         rw &= ~MBEDTLS_NET_POLL_WRITE;
-        FD_SET( fd, &write_fds );
+        FD_SET(fd, &write_fds);
     }
 
-    if( rw != 0 )
-        return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
+    if (rw != 0) {
+        return MBEDTLS_ERR_NET_BAD_INPUT_DATA;
+    }
 
     tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
+    tv.tv_usec = (timeout % 1000) * 1000;
 
-    do
-    {
-        ret = select( fd + 1, &read_fds, &write_fds, NULL,
-                      timeout == (uint32_t) -1 ? NULL : &tv );
+    do {
+        ret = select(fd + 1, &read_fds, &write_fds, NULL,
+                     timeout == (uint32_t) -1 ? NULL : &tv);
+    } while (IS_EINTR(ret));
+
+    if (ret < 0) {
+        return MBEDTLS_ERR_NET_POLL_FAILED;
     }
-    while( IS_EINTR( ret ) );
-
-    if( ret < 0 )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
 
     ret = 0;
-    if( FD_ISSET( fd, &read_fds ) )
+    if (FD_ISSET(fd, &read_fds)) {
         ret |= MBEDTLS_NET_POLL_READ;
-    if( FD_ISSET( fd, &write_fds ) )
+    }
+    if (FD_ISSET(fd, &write_fds)) {
         ret |= MBEDTLS_NET_POLL_WRITE;
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Portable usleep helper
  */
-void mbedtls_net_usleep( unsigned long usec )
+void mbedtls_net_usleep(unsigned long usec)
 {
 #if defined(_WIN32)
-    Sleep( ( usec + 999 ) / 1000 );
+    Sleep((usec + 999) / 1000);
 #else
     struct timeval tv;
     tv.tv_sec  = usec / 1000000;
 #if defined(__unix__) || defined(__unix) || \
-    ( defined(__APPLE__) && defined(__MACH__) )
+    (defined(__APPLE__) && defined(__MACH__))
     tv.tv_usec = (suseconds_t) usec % 1000000;
 #else
     tv.tv_usec = usec % 1000000;
 #endif
-    select( 0, NULL, NULL, NULL, &tv );
+    select(0, NULL, NULL, NULL, &tv);
 #endif
 }
 
 /*
  * Read at most 'len' characters
  */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
+int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int fd = ((mbedtls_net_context *) ctx)->fd;
 
-    ret = check_fd( fd, 0 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = (int) read( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
+    ret = check_fd(fd, 0);
+    if (ret != 0) {
+        return ret;
     }
 
-    return( ret );
+    ret = (int) read(fd, buf, len);
+
+    if (ret < 0) {
+        if (net_would_block(ctx) != 0) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+        !defined(EFI32)
+        if (WSAGetLastError() == WSAECONNRESET) {
+            return MBEDTLS_ERR_NET_CONN_RESET;
+        }
+#else
+        if (errno == EPIPE || errno == ECONNRESET) {
+            return MBEDTLS_ERR_NET_CONN_RESET;
+        }
+
+        if (errno == EINTR) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
+#endif
+
+        return MBEDTLS_ERR_NET_RECV_FAILED;
+    }
+
+    return ret;
 }
 
 /*
  * Read at most 'len' characters, blocking for at most 'timeout' ms
  */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
-                              size_t len, uint32_t timeout )
+int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf,
+                             size_t len, uint32_t timeout)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     struct timeval tv;
     fd_set read_fds;
     int fd = ((mbedtls_net_context *) ctx)->fd;
 
-    ret = check_fd( fd, 1 );
-    if( ret != 0 )
-        return( ret );
+    ret = check_fd(fd, 1);
+    if (ret != 0) {
+        return ret;
+    }
 
-    FD_ZERO( &read_fds );
-    FD_SET( fd, &read_fds );
+    FD_ZERO(&read_fds);
+    FD_SET(fd, &read_fds);
 
     tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
+    tv.tv_usec = (timeout % 1000) * 1000;
 
-    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
+    ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv);
 
     /* Zero fds ready means we timed out */
-    if( ret == 0 )
-        return( MBEDTLS_ERR_SSL_TIMEOUT );
+    if (ret == 0) {
+        return MBEDTLS_ERR_SSL_TIMEOUT;
+    }
 
-    if( ret < 0 )
-    {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAEINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
+    if (ret < 0) {
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+        !defined(EFI32)
+        if (WSAGetLastError() == WSAEINTR) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
 #else
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
+        if (errno == EINTR) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
 #endif
 
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
+        return MBEDTLS_ERR_NET_RECV_FAILED;
     }
 
     /* This call will not block */
-    return( mbedtls_net_recv( ctx, buf, len ) );
+    return mbedtls_net_recv(ctx, buf, len);
 }
 
 /*
  * Write at most 'len' characters
  */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
+int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int fd = ((mbedtls_net_context *) ctx)->fd;
 
-    ret = check_fd( fd, 0 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = (int) write( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-#endif
-
-        return( MBEDTLS_ERR_NET_SEND_FAILED );
+    ret = check_fd(fd, 0);
+    if (ret != 0) {
+        return ret;
     }
 
-    return( ret );
+    ret = (int) write(fd, buf, len);
+
+    if (ret < 0) {
+        if (net_would_block(ctx) != 0) {
+            return MBEDTLS_ERR_SSL_WANT_WRITE;
+        }
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+        !defined(EFI32)
+        if (WSAGetLastError() == WSAECONNRESET) {
+            return MBEDTLS_ERR_NET_CONN_RESET;
+        }
+#else
+        if (errno == EPIPE || errno == ECONNRESET) {
+            return MBEDTLS_ERR_NET_CONN_RESET;
+        }
+
+        if (errno == EINTR) {
+            return MBEDTLS_ERR_SSL_WANT_WRITE;
+        }
+#endif
+
+        return MBEDTLS_ERR_NET_SEND_FAILED;
+    }
+
+    return ret;
 }
 
 /*
  * Close the connection
  */
-void mbedtls_net_close( mbedtls_net_context *ctx )
+void mbedtls_net_close(mbedtls_net_context *ctx)
 {
-    if( ctx->fd == -1 )
+    if (ctx->fd == -1) {
         return;
+    }
 
-    close( ctx->fd );
+    close(ctx->fd);
 
     ctx->fd = -1;
 }
@@ -697,13 +697,14 @@
 /*
  * Gracefully close the connection
  */
-void mbedtls_net_free( mbedtls_net_context *ctx )
+void mbedtls_net_free(mbedtls_net_context *ctx)
 {
-    if( ctx->fd == -1 )
+    if (ctx->fd == -1) {
         return;
+    }
 
-    shutdown( ctx->fd, 2 );
-    close( ctx->fd );
+    shutdown(ctx->fd, 2);
+    close(ctx->fd);
 
     ctx->fd = -1;
 }
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 495c23d..5817bf4 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -47,35 +47,37 @@
 #define MIN_SEMIBLOCKS_COUNT   3
 
 /*! The 64-bit default integrity check value (ICV) for KW mode. */
-static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
+static const unsigned char NIST_KW_ICV1[] = { 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6 };
 /*! The 32-bit default integrity check value (ICV) for KWP mode. */
-static const  unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
+static const  unsigned char NIST_KW_ICV2[] = { 0xA6, 0x59, 0x59, 0xA6 };
 
 /*
  * Initialize context
  */
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx )
+void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) );
+    memset(ctx, 0, sizeof(mbedtls_nist_kw_context));
 }
 
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
-                            mbedtls_cipher_id_t cipher,
-                            const unsigned char *key,
-                            unsigned int keybits,
-                            const int is_wrap )
+int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
+                           mbedtls_cipher_id_t cipher,
+                           const unsigned char *key,
+                           unsigned int keybits,
+                           const int is_wrap)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher,
-                                                   keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    cipher_info = mbedtls_cipher_info_from_values(cipher,
+                                                  keybits,
+                                                  MBEDTLS_MODE_ECB);
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (cipher_info->block_size != 16) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     /*
      * SP 800-38F currently defines AES cipher as the only block cipher allowed:
@@ -86,44 +88,44 @@
      *  Currently we don't support other 128 bit block ciphers for key wrapping,
      *  such as Camellia and Aria.
      */
-    if( cipher != MBEDTLS_CIPHER_ID_AES )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                                       is_wrap ? MBEDTLS_ENCRYPT :
-                                                 MBEDTLS_DECRYPT )
-                                                                   ) != 0 )
-    {
-        return( ret );
+    if (cipher != MBEDTLS_CIPHER_ID_AES) {
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 
-    return( 0 );
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+
+    if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
+        return ret;
+    }
+
+    if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+                                     is_wrap ? MBEDTLS_ENCRYPT :
+                                     MBEDTLS_DECRYPT)
+         ) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
  * Free context
  */
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
+void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx)
 {
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) );
+    mbedtls_cipher_free(&ctx->cipher_ctx);
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context));
 }
 
 /*
  * Helper function for Xoring the uint64_t "t" with the encrypted A.
  * Defined in NIST SP 800-38F section 6.1
  */
-static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
+static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t)
 {
     size_t i = 0;
-    for( i = 0; i < sizeof( t ); i++ )
-    {
-        A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
+    for (i = 0; i < sizeof(t); i++) {
+        A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff;
     }
 }
 
@@ -131,10 +133,10 @@
  * KW-AE as defined in SP 800-38F section 6.2
  * KWP-AE as defined in SP 800-38F section 6.3
  */
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
-                          mbedtls_nist_kw_mode_t mode,
-                          const unsigned char *input, size_t in_len,
-                          unsigned char *output, size_t *out_len, size_t out_size )
+int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
+                         mbedtls_nist_kw_mode_t mode,
+                         const unsigned char *input, size_t in_len,
+                         unsigned char *output, size_t *out_len, size_t out_size)
 {
     int ret = 0;
     size_t semiblocks = 0;
@@ -148,106 +150,96 @@
     /*
      * Generate the String to work on
      */
-    if( mode == MBEDTLS_KW_MODE_KW )
-    {
-        if( out_size < in_len + KW_SEMIBLOCK_LENGTH )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (mode == MBEDTLS_KW_MODE_KW) {
+        if (out_size < in_len + KW_SEMIBLOCK_LENGTH) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
         /*
          * According to SP 800-38F Table 1, the plaintext length for KW
          * must be between 2 to 2^54-1 semiblocks inclusive.
          */
-        if( in_len < 16 ||
+        if (in_len < 16 ||
 #if SIZE_MAX > 0x1FFFFFFFFFFFFF8
             in_len > 0x1FFFFFFFFFFFFF8 ||
 #endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            in_len % KW_SEMIBLOCK_LENGTH != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
-        memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH );
-        memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len );
-    }
-    else
-    {
-        if( in_len % 8 != 0 )
-        {
-            padlen = ( 8 - ( in_len % 8 ) );
+        memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH);
+        memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len);
+    } else {
+        if (in_len % 8 != 0) {
+            padlen = (8 - (in_len % 8));
         }
 
-        if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
         /*
          * According to SP 800-38F Table 1, the plaintext length for KWP
          * must be between 1 and 2^32-1 octets inclusive.
          */
-        if( in_len < 1
+        if (in_len < 1
 #if SIZE_MAX > 0xFFFFFFFF
             || in_len > 0xFFFFFFFF
 #endif
-          )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            ) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
-        memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
-        MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
-                       KW_SEMIBLOCK_LENGTH / 2 );
+        memcpy(output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2);
+        MBEDTLS_PUT_UINT32_BE((in_len & 0xffffffff), output,
+                              KW_SEMIBLOCK_LENGTH / 2);
 
-        memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
-        memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen );
+        memcpy(output + KW_SEMIBLOCK_LENGTH, input, in_len);
+        memset(output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen);
     }
-    semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1;
+    semiblocks = ((in_len + padlen) / KW_SEMIBLOCK_LENGTH) + 1;
 
-    s = 6 * ( semiblocks - 1 );
+    s = 6 * (semiblocks - 1);
 
-    if( mode == MBEDTLS_KW_MODE_KWP
-        && in_len <= KW_SEMIBLOCK_LENGTH )
-    {
-        memcpy( inbuff, output, 16 );
-        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                     inbuff, 16, output, &olen );
-        if( ret != 0 )
+    if (mode == MBEDTLS_KW_MODE_KWP
+        && in_len <= KW_SEMIBLOCK_LENGTH) {
+        memcpy(inbuff, output, 16);
+        ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+                                    inbuff, 16, output, &olen);
+        if (ret != 0) {
             goto cleanup;
-    }
-    else
-    {
+        }
+    } else {
         unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
         unsigned char *A = output;
 
         /*
          * Do the wrapping function W, as defined in RFC 3394 section 2.2.1
          */
-        if( semiblocks < MIN_SEMIBLOCKS_COUNT )
-        {
+        if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
             ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
             goto cleanup;
         }
 
         /* Calculate intermediate values */
-        for( t = 1; t <= s; t++ )
-        {
-            memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
-            memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH );
+        for (t = 1; t <= s; t++) {
+            memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
+            memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH);
 
-            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                         inbuff, 16, outbuff, &olen );
-            if( ret != 0 )
+            ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+                                        inbuff, 16, outbuff, &olen);
+            if (ret != 0) {
                 goto cleanup;
+            }
 
-            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
-            calc_a_xor_t( A, t );
+            memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
+            calc_a_xor_t(A, t);
 
-            memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+            memcpy(R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
             R2 += KW_SEMIBLOCK_LENGTH;
-            if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) )
+            if (R2 >= output + (semiblocks * KW_SEMIBLOCK_LENGTH)) {
                 R2 = output + KW_SEMIBLOCK_LENGTH;
+            }
         }
     }
 
@@ -255,14 +247,13 @@
 
 cleanup:
 
-    if( ret != 0)
-    {
-        memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH );
+    if (ret != 0) {
+        memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH);
     }
-    mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
-    mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
+    mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2);
+    mbedtls_platform_zeroize(outbuff, KW_SEMIBLOCK_LENGTH * 2);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -273,13 +264,13 @@
  * 3. Minimal number of semiblocks is 3.
  * 4. A is a buffer to hold the first semiblock of the input buffer.
  */
-static int unwrap( mbedtls_nist_kw_context *ctx,
-                   const unsigned char *input, size_t semiblocks,
-                   unsigned char A[KW_SEMIBLOCK_LENGTH],
-                   unsigned char *output, size_t* out_len )
+static int unwrap(mbedtls_nist_kw_context *ctx,
+                  const unsigned char *input, size_t semiblocks,
+                  unsigned char A[KW_SEMIBLOCK_LENGTH],
+                  unsigned char *output, size_t *out_len)
 {
     int ret = 0;
-    const size_t s = 6 * ( semiblocks - 1 );
+    const size_t s = 6 * (semiblocks - 1);
     size_t olen;
     uint64_t t = 0;
     unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
@@ -287,58 +278,59 @@
     unsigned char *R = NULL;
     *out_len = 0;
 
-    if( semiblocks < MIN_SEMIBLOCKS_COUNT )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (semiblocks < MIN_SEMIBLOCKS_COUNT) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    memcpy( A, input, KW_SEMIBLOCK_LENGTH );
-    memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
-    R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+    memcpy(A, input, KW_SEMIBLOCK_LENGTH);
+    memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);
+    R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;
 
     /* Calculate intermediate values */
-    for( t = s; t >= 1; t-- )
-    {
-        calc_a_xor_t( A, t );
+    for (t = s; t >= 1; t--) {
+        calc_a_xor_t(A, t);
 
-        memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
-        memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH );
+        memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH);
+        memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH);
 
-        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                     inbuff, 16, outbuff, &olen );
-        if( ret != 0 )
+        ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+                                    inbuff, 16, outbuff, &olen);
+        if (ret != 0) {
             goto cleanup;
+        }
 
-        memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
+        memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
 
         /* Set R as LSB64 of outbuff */
-        memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+        memcpy(R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
 
-        if( R == output )
-            R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
-        else
+        if (R == output) {
+            R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH;
+        } else {
             R -= KW_SEMIBLOCK_LENGTH;
+        }
     }
 
-    *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH;
+    *out_len = (semiblocks - 1) * KW_SEMIBLOCK_LENGTH;
 
 cleanup:
-    if( ret != 0)
-        memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
-    mbedtls_platform_zeroize( inbuff, sizeof( inbuff )  );
-    mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+    if (ret != 0) {
+        memset(output, 0, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH);
+    }
+    mbedtls_platform_zeroize(inbuff, sizeof(inbuff));
+    mbedtls_platform_zeroize(outbuff, sizeof(outbuff));
 
-    return( ret );
+    return ret;
 }
 
 /*
  * KW-AD as defined in SP 800-38F section 6.2
  * KWP-AD as defined in SP 800-38F section 6.3
  */
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
-                            mbedtls_nist_kw_mode_t mode,
-                            const unsigned char *input, size_t in_len,
-                            unsigned char *output, size_t *out_len, size_t out_size )
+int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
+                           mbedtls_nist_kw_mode_t mode,
+                           const unsigned char *input, size_t in_len,
+                           unsigned char *output, size_t *out_len, size_t out_size)
 {
     int ret = 0;
     size_t i, olen;
@@ -346,89 +338,81 @@
     unsigned char diff, bad_padding = 0;
 
     *out_len = 0;
-    if( out_size < in_len - KW_SEMIBLOCK_LENGTH )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (out_size < in_len - KW_SEMIBLOCK_LENGTH) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    if( mode == MBEDTLS_KW_MODE_KW )
-    {
+    if (mode == MBEDTLS_KW_MODE_KW) {
         /*
          * According to SP 800-38F Table 1, the ciphertext length for KW
          * must be between 3 to 2^54 semiblocks inclusive.
          */
-        if( in_len < 24 ||
+        if (in_len < 24 ||
 #if SIZE_MAX > 0x200000000000000
             in_len > 0x200000000000000 ||
 #endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            in_len % KW_SEMIBLOCK_LENGTH != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
-        ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
-                      A, output, out_len );
-        if( ret != 0 )
+        ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+                     A, output, out_len);
+        if (ret != 0) {
             goto cleanup;
+        }
 
         /* Check ICV in "constant-time" */
-        diff = mbedtls_ct_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
+        diff = mbedtls_ct_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH);
 
-        if( diff != 0 )
-        {
+        if (diff != 0) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
             goto cleanup;
         }
 
-    }
-    else if( mode == MBEDTLS_KW_MODE_KWP )
-    {
+    } else if (mode == MBEDTLS_KW_MODE_KWP) {
         size_t padlen = 0;
         uint32_t Plen;
         /*
          * According to SP 800-38F Table 1, the ciphertext length for KWP
          * must be between 2 to 2^29 semiblocks inclusive.
          */
-        if( in_len < KW_SEMIBLOCK_LENGTH * 2 ||
+        if (in_len < KW_SEMIBLOCK_LENGTH * 2 ||
 #if SIZE_MAX > 0x100000000
             in_len > 0x100000000 ||
 #endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return(  MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            in_len % KW_SEMIBLOCK_LENGTH != 0) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
         }
 
-        if( in_len == KW_SEMIBLOCK_LENGTH * 2 )
-        {
+        if (in_len == KW_SEMIBLOCK_LENGTH * 2) {
             unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
-            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                         input, 16, outbuff, &olen );
-            if( ret != 0 )
+            ret = mbedtls_cipher_update(&ctx->cipher_ctx,
+                                        input, 16, outbuff, &olen);
+            if (ret != 0) {
                 goto cleanup;
+            }
 
-            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
-            memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
-            mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+            memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH);
+            memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH);
+            mbedtls_platform_zeroize(outbuff, sizeof(outbuff));
             *out_len = KW_SEMIBLOCK_LENGTH;
-        }
-        else
-        {
+        } else {
             /* in_len >=  KW_SEMIBLOCK_LENGTH * 3 */
-            ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
-                          A, output, out_len );
-            if( ret != 0 )
+            ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+                         A, output, out_len);
+            if (ret != 0) {
                 goto cleanup;
+            }
         }
 
         /* Check ICV in "constant-time" */
-        diff = mbedtls_ct_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
+        diff = mbedtls_ct_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2);
 
-        if( diff != 0 )
-        {
+        if (diff != 0) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
         }
 
-        Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
+        Plen = MBEDTLS_GET_UINT32_BE(A, KW_SEMIBLOCK_LENGTH / 2);
 
         /*
          * Plen is the length of the plaintext, when the input is valid.
@@ -436,51 +420,45 @@
          * larger than 8, because of the type wrap around.
          */
         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        if ( padlen > 7 )
-        {
+        if (padlen > 7) {
             padlen &= 7;
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
         }
 
         /* Check padding in "constant-time" */
-        for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ )
-        {
-             if( i >= KW_SEMIBLOCK_LENGTH - padlen )
-                 diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
-             else
-                 bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+        for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) {
+            if (i >= KW_SEMIBLOCK_LENGTH - padlen) {
+                diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+            } else {
+                bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+            }
         }
 
-        if( diff != 0 )
-        {
+        if (diff != 0) {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
         }
 
-        if( ret != 0 )
-        {
+        if (ret != 0) {
             goto cleanup;
         }
-        memset( output + Plen, 0, padlen );
+        memset(output + Plen, 0, padlen);
         *out_len = Plen;
-    }
-    else
-    {
+    } else {
         ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         goto cleanup;
     }
 
 cleanup:
-    if( ret != 0 )
-    {
-        memset( output, 0, *out_len );
+    if (ret != 0) {
+        memset(output, 0, *out_len);
         *out_len = 0;
     }
 
-    mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
-    mbedtls_platform_zeroize( &diff, sizeof( diff ) );
-    mbedtls_platform_zeroize( A, sizeof( A ) );
+    mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding));
+    mbedtls_platform_zeroize(&diff, sizeof(diff));
+    mbedtls_platform_zeroize(A, sizeof(A));
 
-    return( ret );
+    return ret;
 }
 
 #endif /* !MBEDTLS_NIST_KW_ALT */
@@ -575,130 +553,133 @@
 };
 static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 };
 
-int mbedtls_nist_kw_self_test( int verbose )
+int mbedtls_nist_kw_self_test(int verbose)
 {
     mbedtls_nist_kw_context ctx;
     unsigned char out[48];
     size_t olen;
     int i;
     int ret = 0;
-    mbedtls_nist_kw_init( &ctx );
+    mbedtls_nist_kw_init(&ctx);
 
-    for( i = 0; i < KW_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  KW-AES-%u ", (unsigned int) key_len[i] * 8 );
+    for (i = 0; i < KW_TESTS; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  KW-AES-%u ", (unsigned int) key_len[i] * 8);
+        }
 
-        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                      kw_key[i], key_len[i] * 8, 1 );
-        if( ret != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KW: setup failed " );
+        ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+                                     kw_key[i], key_len[i] * 8, 1);
+        if (ret != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("  KW: setup failed ");
+            }
 
             goto end;
         }
 
-        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
-                                    kw_msg_len[i], out, &olen, sizeof( out ) );
-        if( ret != 0 || kw_out_len[i] != olen ||
-            memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
+        ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
+                                   kw_msg_len[i], out, &olen, sizeof(out));
+        if (ret != 0 || kw_out_len[i] != olen ||
+            memcmp(out, kw_res[i], kw_out_len[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed. ");
+            }
 
             ret = 1;
             goto end;
         }
 
-        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                            kw_key[i], key_len[i] * 8, 0 ) )
-              != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KW: setup failed ");
+        if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+                                          kw_key[i], key_len[i] * 8, 0))
+            != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("  KW: setup failed ");
+            }
 
             goto end;
         }
 
-        ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW,
-                                      out, olen, out, &olen, sizeof( out ) );
+        ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KW,
+                                     out, olen, out, &olen, sizeof(out));
 
-        if( ret != 0 || olen != kw_msg_len[i] ||
-            memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        if (ret != 0 || olen != kw_msg_len[i] ||
+            memcmp(out, kw_msg[i], kw_msg_len[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto end;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( " passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf(" passed\n");
+        }
     }
 
-    for( i = 0; i < KW_TESTS; i++ )
-    {
-        olen = sizeof( out );
-        if( verbose != 0 )
-            mbedtls_printf( "  KWP-AES-%u ", (unsigned int) key_len[i] * 8 );
+    for (i = 0; i < KW_TESTS; i++) {
+        olen = sizeof(out);
+        if (verbose != 0) {
+            mbedtls_printf("  KWP-AES-%u ", (unsigned int) key_len[i] * 8);
+        }
 
-        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
-                                      key_len[i] * 8, 1 );
-        if( ret  != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KWP: setup failed " );
+        ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
+                                     key_len[i] * 8, 1);
+        if (ret  != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("  KWP: setup failed ");
+            }
 
             goto end;
         }
-        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
-                                    kwp_msg_len[i], out, &olen, sizeof( out ) );
+        ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
+                                   kwp_msg_len[i], out, &olen, sizeof(out));
 
-        if( ret != 0 || kwp_out_len[i] != olen ||
-            memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
+        if (ret != 0 || kwp_out_len[i] != olen ||
+            memcmp(out, kwp_res[i], kwp_out_len[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed. ");
+            }
 
             ret = 1;
             goto end;
         }
 
-        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                            kwp_key[i], key_len[i] * 8, 0 ) )
-              != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KWP: setup failed ");
+        if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
+                                          kwp_key[i], key_len[i] * 8, 0))
+            != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("  KWP: setup failed ");
+            }
 
             goto end;
         }
 
-        ret = mbedtls_nist_kw_unwrap(  &ctx, MBEDTLS_KW_MODE_KWP, out,
-                                       olen, out, &olen, sizeof( out ) );
+        ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KWP, out,
+                                     olen, out, &olen, sizeof(out));
 
-        if( ret != 0 || olen != kwp_msg_len[i] ||
-            memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
+        if (ret != 0 || olen != kwp_msg_len[i] ||
+            memcmp(out, kwp_msg[i], kwp_msg_len[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed. ");
+            }
 
             ret = 1;
             goto end;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( " passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf(" passed\n");
+        }
     }
 end:
-    mbedtls_nist_kw_free( &ctx );
+    mbedtls_nist_kw_free(&ctx);
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/oid.c b/library/oid.c
index aa5f69c..049d802 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -54,23 +54,23 @@
  * Macro to generate an internal function for oid_XXX_from_asn1() (used by
  * the other functions)
  */
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST )                    \
-    static const TYPE_T * oid_ ## NAME ## _from_asn1(                   \
-                                      const mbedtls_asn1_buf *oid )     \
+#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST)                    \
+    static const TYPE_T *oid_ ## NAME ## _from_asn1(                   \
+        const mbedtls_asn1_buf *oid)     \
     {                                                                   \
         const TYPE_T *p = (LIST);                                       \
         const mbedtls_oid_descriptor_t *cur =                           \
             (const mbedtls_oid_descriptor_t *) p;                       \
-        if( p == NULL || oid == NULL ) return( NULL );                  \
-        while( cur->asn1 != NULL ) {                                    \
-            if( cur->asn1_len == oid->len &&                            \
-                memcmp( cur->asn1, oid->p, oid->len ) == 0 ) {          \
-                return( p );                                            \
+        if (p == NULL || oid == NULL) return NULL;                  \
+        while (cur->asn1 != NULL) {                                    \
+            if (cur->asn1_len == oid->len &&                            \
+                memcmp(cur->asn1, oid->p, oid->len) == 0) {          \
+                return p;                                            \
             }                                                           \
             p++;                                                        \
             cur = (const mbedtls_oid_descriptor_t *) p;                 \
         }                                                               \
-        return( NULL );                                                 \
+        return NULL;                                                 \
     }
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -79,13 +79,13 @@
  * descriptor of an mbedtls_oid_descriptor_t wrapper.
  */
 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->descriptor.ATTR1;                                    \
-    return( 0 );                                                        \
-}
+    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1)                  \
+    {                                                                       \
+        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);        \
+        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;            \
+        *ATTR1 = data->descriptor.ATTR1;                                    \
+        return 0;                                                        \
+    }
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
 /*
@@ -93,13 +93,13 @@
  * mbedtls_oid_descriptor_t wrapper.
  */
 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->ATTR1;                                               \
-    return( 0 );                                                        \
-}
+    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1)                  \
+    {                                                                       \
+        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);        \
+        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;            \
+        *ATTR1 = data->ATTR1;                                               \
+        return 0;                                                        \
+    }
 
 /*
  * Macro to generate a function for retrieving two attributes from an
@@ -107,34 +107,34 @@
  */
 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1,     \
                          ATTR2_TYPE, ATTR2)                                 \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1,               \
-                                          ATTR2_TYPE * ATTR2 )              \
-{                                                                           \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );            \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );                 \
-    *(ATTR1) = data->ATTR1;                                                 \
-    *(ATTR2) = data->ATTR2;                                                 \
-    return( 0 );                                                            \
-}
+    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1,               \
+                ATTR2_TYPE * ATTR2)              \
+    {                                                                           \
+        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);            \
+        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;                 \
+        *(ATTR1) = data->ATTR1;                                                 \
+        *(ATTR2) = data->ATTR2;                                                 \
+        return 0;                                                            \
+    }
 
 /*
  * Macro to generate a function for retrieving the OID based on a single
  * attribute from a mbedtls_oid_descriptor_t wrapper.
  */
 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1)   \
-int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen )             \
-{                                                                           \
-    const TYPE_T *cur = (LIST);                                             \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == (ATTR1) ) {                                       \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                    \
-}
+    int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen)             \
+    {                                                                           \
+        const TYPE_T *cur = (LIST);                                             \
+        while (cur->descriptor.asn1 != NULL) {                                 \
+            if (cur->ATTR1 == (ATTR1)) {                                       \
+                *oid = cur->descriptor.asn1;                                    \
+                *olen = cur->descriptor.asn1_len;                               \
+                return 0;                                                    \
+            }                                                                   \
+            cur++;                                                              \
+        }                                                                       \
+        return MBEDTLS_ERR_OID_NOT_FOUND;                                    \
+    }
 
 /*
  * Macro to generate a function for retrieving the OID based on two
@@ -142,20 +142,20 @@
  */
 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1,   \
                                 ATTR2_TYPE, ATTR2)                          \
-int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid ,         \
-             size_t *olen )                                                 \
-{                                                                           \
-    const TYPE_T *cur = (LIST);                                             \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) {              \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
-}
+    int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid,         \
+                size_t *olen)                                                 \
+    {                                                                           \
+        const TYPE_T *cur = (LIST);                                             \
+        while (cur->descriptor.asn1 != NULL) {                                 \
+            if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) {              \
+                *oid = cur->descriptor.asn1;                                    \
+                *olen = cur->descriptor.asn1_len;                               \
+                return 0;                                                    \
+            }                                                                   \
+            cur++;                                                              \
+        }                                                                       \
+        return MBEDTLS_ERR_OID_NOT_FOUND;                                   \
+    }
 
 /*
  * For X520 attribute types
@@ -168,83 +168,98 @@
 static const oid_x520_attr_t oid_x520_attr_type[] =
 {
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_CN,          "id-at-commonName",               "Common Name" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_CN,          "id-at-commonName",               "Common Name"),
         "CN",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_COUNTRY,     "id-at-countryName",              "Country" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY,     "id-at-countryName",              "Country"),
         "C",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_LOCALITY,    "id-at-locality",                 "Locality" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY,    "id-at-locality",                 "Locality"),
         "L",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_STATE,       "id-at-state",                    "State" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE,       "id-at-state",                    "State"),
         "ST",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_ORGANIZATION,"id-at-organizationName",         "Organization" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName",
+                       "Organization"),
         "O",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_ORG_UNIT,    "id-at-organizationalUnitName",   "Org Unit" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT,    "id-at-organizationalUnitName",   "Org Unit"),
         "OU",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS9_EMAIL,    "emailAddress",                   "E-mail address" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL,
+                       "emailAddress",
+                       "E-mail address"),
         "emailAddress",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_SERIAL_NUMBER,"id-at-serialNumber",            "Serial number" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER,
+                       "id-at-serialNumber",
+                       "Serial number"),
         "serialNumber",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_ADDRESS,"id-at-postalAddress",          "Postal address" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS,
+                       "id-at-postalAddress",
+                       "Postal address"),
         "postalAddress",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode",               "Postal code" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode",               "Postal code"),
         "postalCode",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_SUR_NAME,    "id-at-surName",                  "Surname" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME,    "id-at-surName",                  "Surname"),
         "SN",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_GIVEN_NAME,  "id-at-givenName",                "Given name" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME,  "id-at-givenName",                "Given name"),
         "GN",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_INITIALS,    "id-at-initials",                 "Initials" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS,    "id-at-initials",                 "Initials"),
         "initials",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_GENERATION_QUALIFIER, "id-at-generationQualifier", "Generation qualifier" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER,
+                       "id-at-generationQualifier",
+                       "Generation qualifier"),
         "generationQualifier",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_TITLE,       "id-at-title",                    "Title" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE,       "id-at-title",                    "Title"),
         "title",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_DN_QUALIFIER,"id-at-dnQualifier",              "Distinguished Name qualifier" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER,
+                       "id-at-dnQualifier",
+                       "Distinguished Name qualifier"),
         "dnQualifier",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_PSEUDONYM,   "id-at-pseudonym",                "Pseudonym" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM,   "id-at-pseudonym",                "Pseudonym"),
         "pseudonym",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_UID,            "id-uid",                         "User Id" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_UID,            "id-uid",                         "User Id"),
         "uid",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent",           "Domain component" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT,
+                       "id-domainComponent",
+                       "Domain component"),
         "DC",
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, "id-at-uniqueIdentifier",    "Unique Identifier" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER,
+                       "id-at-uniqueIdentifier",
+                       "Unique Identifier"),
         "uniqueIdentifier",
     },
     {
@@ -254,7 +269,11 @@
 };
 
 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
-FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
+FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name,
+                 oid_x520_attr_t,
+                 x520_attr,
+                 const char *,
+                 short_name)
 
 /*
  * For X509 extensions
@@ -267,27 +286,37 @@
 static const oid_x509_ext_t oid_x509_ext[] =
 {
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS,    "id-ce-basicConstraints",    "Basic Constraints" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS,
+                       "id-ce-basicConstraints",
+                       "Basic Constraints"),
         MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE,            "id-ce-keyUsage",            "Key Usage" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE,            "id-ce-keyUsage",            "Key Usage"),
         MBEDTLS_OID_X509_EXT_KEY_USAGE,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE,   "id-ce-extKeyUsage",         "Extended Key Usage" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE,
+                       "id-ce-extKeyUsage",
+                       "Extended Key Usage"),
         MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME,     "id-ce-subjectAltName",      "Subject Alt Name" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME,
+                       "id-ce-subjectAltName",
+                       "Subject Alt Name"),
         MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE,         "id-netscape-certtype",      "Netscape Certificate Type" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE,
+                       "id-netscape-certtype",
+                       "Netscape Certificate Type"),
         MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies",  "Certificate Policies" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES,
+                       "id-ce-certificatePolicies",
+                       "Certificate Policies"),
         MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
     },
     {
@@ -302,27 +331,41 @@
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
 {
-    OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH,      "id-kp-serverAuth",      "TLS Web Server Authentication" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_CLIENT_AUTH,      "id-kp-clientAuth",      "TLS Web Client Authentication" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_CODE_SIGNING,     "id-kp-codeSigning",     "Code Signing" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_TIME_STAMPING,    "id-kp-timeStamping",    "Time Stamping" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_OCSP_SIGNING,     "id-kp-OCSPSigning",     "OCSP Signing" ),
-    OID_DESCRIPTOR( MBEDTLS_OID_WISUN_FAN,        "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" ),
+    OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH,
+                   "id-kp-serverAuth",
+                   "TLS Web Server Authentication"),
+    OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH,
+                   "id-kp-clientAuth",
+                   "TLS Web Client Authentication"),
+    OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING,     "id-kp-codeSigning",     "Code Signing"),
+    OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"),
+    OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING,    "id-kp-timeStamping",    "Time Stamping"),
+    OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING,     "id-kp-OCSPSigning",     "OCSP Signing"),
+    OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN,
+                   "id-kp-wisun-fan-device",
+                   "Wi-SUN Alliance Field Area Network (FAN)"),
     NULL_OID_DESCRIPTOR,
 };
 
 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
-FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
+FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage,
+                 mbedtls_oid_descriptor_t,
+                 ext_key_usage,
+                 const char *,
+                 description)
 
 static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
 {
-    OID_DESCRIPTOR( MBEDTLS_OID_ANY_POLICY,      "anyPolicy",       "Any Policy" ),
+    OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY,      "anyPolicy",       "Any Policy"),
     NULL_OID_DESCRIPTOR,
 };
 
 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
-FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
+FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies,
+                 mbedtls_oid_descriptor_t,
+                 certificate_policies,
+                 const char *,
+                 description)
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
 /*
@@ -339,43 +382,47 @@
 #if defined(MBEDTLS_RSA_C)
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5,        "md5WithRSAEncryption",     "RSA with MD5" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5,        "md5WithRSAEncryption",     "RSA with MD5"),
         MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA1,       "sha-1WithRSAEncryption",   "RSA with SHA1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1,       "sha-1WithRSAEncryption",   "RSA with SHA1"),
         MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA224,     "sha224WithRSAEncryption",  "RSA with SHA-224" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224,     "sha224WithRSAEncryption",
+                       "RSA with SHA-224"),
         MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA256,     "sha256WithRSAEncryption",  "RSA with SHA-256" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256,     "sha256WithRSAEncryption",
+                       "RSA with SHA-256"),
         MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA384,     "sha384WithRSAEncryption",  "RSA with SHA-384" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384,     "sha384WithRSAEncryption",
+                       "RSA with SHA-384"),
         MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA512,     "sha512WithRSAEncryption",  "RSA with SHA-512" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512,     "sha512WithRSAEncryption",
+                       "RSA with SHA-512"),
         MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_RSA_SHA_OBS,      "sha-1WithRSAEncryption",   "RSA with SHA1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS,      "sha-1WithRSAEncryption",   "RSA with SHA1"),
         MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
@@ -383,38 +430,38 @@
 #if defined(MBEDTLS_ECDSA_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1,       "ecdsa-with-SHA1",      "ECDSA with SHA1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1,       "ecdsa-with-SHA1",      "ECDSA with SHA1"),
         MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA224,     "ecdsa-with-SHA224",    "ECDSA with SHA224" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224,     "ecdsa-with-SHA224",    "ECDSA with SHA224"),
         MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA256,     "ecdsa-with-SHA256",    "ECDSA with SHA256" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256,     "ecdsa-with-SHA256",    "ECDSA with SHA256"),
         MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA384,     "ecdsa-with-SHA384",    "ECDSA with SHA384" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384,     "ecdsa-with-SHA384",    "ECDSA with SHA384"),
         MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA512,     "ecdsa-with-SHA512",    "ECDSA with SHA512" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512,     "ecdsa-with-SHA512",    "ECDSA with SHA512"),
         MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
 #endif /* MBEDTLS_ECDSA_C */
 #if defined(MBEDTLS_RSA_C)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS,        "RSASSA-PSS",           "RSASSA-PSS" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS,        "RSASSA-PSS",           "RSASSA-PSS"),
         MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
     },
 #endif /* MBEDTLS_RSA_C */
@@ -427,11 +474,27 @@
 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
+FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc,
+                            oid_sig_alg_t,
+                            sig_alg,
+                            const char *,
+                            description)
 #endif
 
-FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
+FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg,
+                 oid_sig_alg_t,
+                 sig_alg,
+                 mbedtls_md_type_t,
+                 md_alg,
+                 mbedtls_pk_type_t,
+                 pk_alg)
+FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg,
+                        oid_sig_alg_t,
+                        oid_sig_alg,
+                        mbedtls_pk_type_t,
+                        pk_alg,
+                        mbedtls_md_type_t,
+                        md_alg)
 
 /*
  * For PublicKeyInfo (PKCS1, RFC 5480)
@@ -444,15 +507,15 @@
 static const oid_pk_alg_t oid_pk_alg[] =
 {
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA,           "rsaEncryption",    "RSA" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA,           "rsaEncryption",    "RSA"),
         MBEDTLS_PK_RSA,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey",   "Generic EC key" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey",   "Generic EC key"),
         MBEDTLS_PK_ECKEY,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH,         "id-ecDH",          "EC key for ECDH" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH,         "id-ecDH",          "EC key for ECDH"),
         MBEDTLS_PK_ECKEY_DH,
     },
     {
@@ -463,7 +526,11 @@
 
 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
+                        oid_pk_alg_t,
+                        oid_pk_alg,
+                        mbedtls_pk_type_t,
+                        pk_alg)
 
 #if defined(MBEDTLS_ECP_C)
 /*
@@ -478,67 +545,67 @@
 {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1",    "secp192r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1",    "secp192r1"),
         MBEDTLS_ECP_DP_SECP192R1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1",    "secp224r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1",    "secp224r1"),
         MBEDTLS_ECP_DP_SECP224R1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1",    "secp256r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1",    "secp256r1"),
         MBEDTLS_ECP_DP_SECP256R1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1",    "secp384r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1",    "secp384r1"),
         MBEDTLS_ECP_DP_SECP384R1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1",    "secp521r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1",    "secp521r1"),
         MBEDTLS_ECP_DP_SECP521R1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1",    "secp192k1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1",    "secp192k1"),
         MBEDTLS_ECP_DP_SECP192K1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1",    "secp224k1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1",    "secp224k1"),
         MBEDTLS_ECP_DP_SECP224K1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1",    "secp256k1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1",    "secp256k1"),
         MBEDTLS_ECP_DP_SECP256K1,
     },
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP256R1,   "brainpoolP256r1","brainpool256r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1,   "brainpoolP256r1", "brainpool256r1"),
         MBEDTLS_ECP_DP_BP256R1,
     },
 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP384R1,   "brainpoolP384r1","brainpool384r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1,   "brainpoolP384r1", "brainpool384r1"),
         MBEDTLS_ECP_DP_BP384R1,
     },
 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP512R1,   "brainpoolP512r1","brainpool512r1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1,   "brainpoolP512r1", "brainpool512r1"),
         MBEDTLS_ECP_DP_BP512R1,
     },
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
@@ -550,7 +617,11 @@
 
 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp,
+                        oid_ecp_grp_t,
+                        oid_ecp_grp,
+                        mbedtls_ecp_group_id,
+                        grp_id)
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_CIPHER_C)
@@ -565,11 +636,11 @@
 static const oid_cipher_alg_t oid_cipher_alg[] =
 {
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DES_CBC,              "desCBC",       "DES-CBC" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC,              "desCBC",       "DES-CBC"),
         MBEDTLS_CIPHER_DES_CBC,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DES_EDE3_CBC,         "des-ede3-cbc", "DES-EDE3-CBC" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC,         "des-ede3-cbc", "DES-EDE3-CBC"),
         MBEDTLS_CIPHER_DES_EDE3_CBC,
     },
     {
@@ -579,7 +650,11 @@
 };
 
 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
+FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg,
+                 oid_cipher_alg_t,
+                 cipher_alg,
+                 mbedtls_cipher_type_t,
+                 cipher_alg)
 #endif /* MBEDTLS_CIPHER_C */
 
 /*
@@ -594,43 +669,43 @@
 {
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5,       "id-md5",       "MD5" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5,       "id-md5",       "MD5"),
         MBEDTLS_MD_MD5,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1,      "id-sha1",      "SHA-1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1,      "id-sha1",      "SHA-1"),
         MBEDTLS_MD_SHA1,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224,    "id-sha224",    "SHA-224" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224,    "id-sha224",    "SHA-224"),
         MBEDTLS_MD_SHA224,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256,    "id-sha256",    "SHA-256" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256,    "id-sha256",    "SHA-256"),
         MBEDTLS_MD_SHA256,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384,    "id-sha384",    "SHA-384" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384,    "id-sha384",    "SHA-384"),
         MBEDTLS_MD_SHA384,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512,    "id-sha512",    "SHA-512" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512,    "id-sha512",    "SHA-512"),
         MBEDTLS_MD_SHA512,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA)
     {
-     OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
         MBEDTLS_MD_RIPEMD160,
     },
 #endif
@@ -642,7 +717,11 @@
 
 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md,
+                        oid_md_alg_t,
+                        oid_md_alg,
+                        mbedtls_md_type_t,
+                        md_alg)
 
 /*
  * For HMAC digestAlgorithm
@@ -656,31 +735,31 @@
 {
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA1,      "hmacSHA1",      "HMAC-SHA-1" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1,      "hmacSHA1",      "HMAC-SHA-1"),
         MBEDTLS_MD_SHA1,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA224,    "hmacSHA224",    "HMAC-SHA-224" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224,    "hmacSHA224",    "HMAC-SHA-224"),
         MBEDTLS_MD_SHA224,
     },
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA256,    "hmacSHA256",    "HMAC-SHA-256" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256,    "hmacSHA256",    "HMAC-SHA-256"),
         MBEDTLS_MD_SHA256,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA384,    "hmacSHA384",    "HMAC-SHA-384" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384,    "hmacSHA384",    "HMAC-SHA-384"),
         MBEDTLS_MD_SHA384,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA512,    "hmacSHA512",    "HMAC-SHA-512" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512,    "hmacSHA512",    "HMAC-SHA-512"),
         MBEDTLS_MD_SHA512,
     },
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
@@ -706,11 +785,15 @@
 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
 {
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC,
+                       "pbeWithSHAAnd3-KeyTripleDES-CBC",
+                       "PBE with SHA1 and 3-Key 3DES"),
         MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE3_CBC,
     },
     {
-        OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" ),
+        OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC,
+                       "pbeWithSHAAnd2-KeyTripleDES-CBC",
+                       "PBE with SHA1 and 2-Key 3DES"),
         MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE_CBC,
     },
     {
@@ -720,21 +803,27 @@
 };
 
 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
-FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
+FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
+                 oid_pkcs12_pbe_alg_t,
+                 pkcs12_pbe_alg,
+                 mbedtls_md_type_t,
+                 md_alg,
+                 mbedtls_cipher_type_t,
+                 cipher_alg)
 #endif /* MBEDTLS_PKCS12_C */
 
 #define OID_SAFE_SNPRINTF                               \
     do {                                                \
-        if( ret < 0 || (size_t) ret >= n )              \
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );    \
-                                                        \
+        if (ret < 0 || (size_t) ret >= n)              \
+        return MBEDTLS_ERR_OID_BUF_TOO_SMALL;    \
+                                                      \
         n -= (size_t) ret;                              \
         p += (size_t) ret;                              \
-    } while( 0 )
+    } while (0)
 
 /* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size,
-                            const mbedtls_asn1_buf *oid )
+int mbedtls_oid_get_numeric_string(char *buf, size_t size,
+                                   const mbedtls_asn1_buf *oid)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, n;
@@ -745,32 +834,30 @@
     n = size;
 
     /* First byte contains first two dots */
-    if( oid->len > 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
+    if (oid->len > 0) {
+        ret = mbedtls_snprintf(p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40);
         OID_SAFE_SNPRINTF;
     }
 
     value = 0;
-    for( i = 1; i < oid->len; i++ )
-    {
+    for (i = 1; i < oid->len; i++) {
         /* Prevent overflow in value. */
-        if( ( ( value << 7 ) >> 7 ) != value )
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
+        if (((value << 7) >> 7) != value) {
+            return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+        }
 
         value <<= 7;
         value += oid->p[i] & 0x7F;
 
-        if( !( oid->p[i] & 0x80 ) )
-        {
+        if (!(oid->p[i] & 0x80)) {
             /* Last byte */
-            ret = mbedtls_snprintf( p, n, ".%u", value );
+            ret = mbedtls_snprintf(p, n, ".%u", value);
             OID_SAFE_SNPRINTF;
             value = 0;
         }
     }
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 
 #endif /* MBEDTLS_OID_C */
diff --git a/library/padlock.c b/library/padlock.c
index 81bea1f..b6c6919 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -42,14 +42,13 @@
 /*
  * PadLock detection routine
  */
-int mbedtls_padlock_has_support( int feature )
+int mbedtls_padlock_has_support(int feature)
 {
     static int flags = -1;
     int ebx = 0, edx = 0;
 
-    if( flags == -1 )
-    {
-        asm( "movl  %%ebx, %0           \n\t"
+    if (flags == -1) {
+        asm ("movl  %%ebx, %0           \n\t"
              "movl  $0xC0000000, %%eax  \n\t"
              "cpuid                     \n\t"
              "cmpl  $0xC0000001, %%eax  \n\t"
@@ -62,21 +61,21 @@
              "movl  %2, %%ebx           \n\t"
              : "=m" (ebx), "=m" (edx)
              :  "m" (ebx)
-             : "eax", "ecx", "edx" );
+             : "eax", "ecx", "edx");
 
         flags = edx;
     }
 
-    return( flags & feature );
+    return flags & feature;
 }
 
 /*
  * PadLock AES-ECB block en(de)cryption
  */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] )
+int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
+                              int mode,
+                              const unsigned char input[16],
+                              unsigned char output[16])
 {
     int ebx = 0;
     uint32_t *rk;
@@ -86,16 +85,17 @@
 
     rk = ctx->buf + ctx->rk_offset;
 
-    if( ( (long) rk & 15 ) != 0 )
-        return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
+    if (((long) rk & 15) != 0) {
+        return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
+    }
 
-    blk = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( blk, input, 16 );
+    blk = MBEDTLS_PADLOCK_ALIGN16(buf);
+    memcpy(blk, input, 16);
 
-     ctrl = blk + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
+    ctrl = blk + 4;
+    *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
 
-    asm( "pushfl                        \n\t"
+    asm ("pushfl                        \n\t"
          "popfl                         \n\t"
          "movl    %%ebx, %0             \n\t"
          "movl    $1, %%ecx             \n\t"
@@ -107,22 +107,22 @@
          "movl    %1, %%ebx             \n\t"
          : "=m" (ebx)
          :  "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
-         : "memory", "ecx", "edx", "esi", "edi" );
+         : "memory", "ecx", "edx", "esi", "edi");
 
-    memcpy( output, blk, 16 );
+    memcpy(output, blk, 16);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * PadLock AES-CBC buffer en(de)cryption
  */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
+                              int mode,
+                              size_t length,
+                              unsigned char iv[16],
+                              const unsigned char *input,
+                              unsigned char *output)
 {
     int ebx = 0;
     size_t count;
@@ -133,20 +133,21 @@
 
     rk = ctx->buf + ctx->rk_offset;
 
-    if( ( (long) input  & 15 ) != 0 ||
-        ( (long) output & 15 ) != 0 ||
-        ( (long) rk & 15 ) != 0 )
-        return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
+    if (((long) input  & 15) != 0 ||
+        ((long) output & 15) != 0 ||
+        ((long) rk & 15) != 0) {
+        return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
+    }
 
-    iw = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( iw, iv, 16 );
+    iw = MBEDTLS_PADLOCK_ALIGN16(buf);
+    memcpy(iw, iv, 16);
 
-     ctrl = iw + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
+    ctrl = iw + 4;
+    *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
 
-    count = ( length + 15 ) >> 4;
+    count = (length + 15) >> 4;
 
-    asm( "pushfl                        \n\t"
+    asm ("pushfl                        \n\t"
          "popfl                         \n\t"
          "movl    %%ebx, %0             \n\t"
          "movl    %2, %%ecx             \n\t"
@@ -159,12 +160,12 @@
          "movl    %1, %%ebx             \n\t"
          : "=m" (ebx)
          :  "m" (ebx), "m" (count), "m" (ctrl),
-            "m"  (rk), "m" (input), "m" (output), "m" (iw)
-         : "memory", "eax", "ecx", "edx", "esi", "edi" );
+         "m"  (rk), "m" (input), "m" (output), "m" (iw)
+         : "memory", "eax", "ecx", "edx", "esi", "edi");
 
-    memcpy( iv, iw, 16 );
+    memcpy(iv, iw, 16);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_HAVE_X86 */
diff --git a/library/padlock.h b/library/padlock.h
index 1506ee0..b5f0d7d 100644
--- a/library/padlock.h
+++ b/library/padlock.h
@@ -69,7 +69,7 @@
  *
  * \return         non-zero if CPU has support for the feature, 0 otherwise
  */
-int mbedtls_padlock_has_support( int feature );
+int mbedtls_padlock_has_support(int feature);
 
 /**
  * \brief          Internal PadLock AES-ECB block en(de)cryption
@@ -84,10 +84,10 @@
  *
  * \return         0 if success, 1 if operation failed
  */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                               int mode,
-                               const unsigned char input[16],
-                               unsigned char output[16] );
+int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
+                              int mode,
+                              const unsigned char input[16],
+                              unsigned char output[16]);
 
 /**
  * \brief          Internal PadLock AES-CBC buffer en(de)cryption
@@ -104,12 +104,12 @@
  *
  * \return         0 if success, 1 if operation failed
  */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                               int mode,
-                               size_t length,
-                               unsigned char iv[16],
-                               const unsigned char *input,
-                               unsigned char *output );
+int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
+                              int mode,
+                              size_t length,
+                              unsigned char iv[16],
+                              const unsigned char *input,
+                              unsigned char *output);
 
 #ifdef __cplusplus
 }
diff --git a/library/pem.c b/library/pem.c
index e8abba1..8044ed6 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -43,106 +43,121 @@
 
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) &&  \
     defined(MBEDTLS_CIPHER_MODE_CBC) &&                             \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+    (defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C))
 #define PEM_RFC1421
 #endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
           MBEDTLS_CIPHER_MODE_CBC &&
           ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-void mbedtls_pem_init( mbedtls_pem_context *ctx )
+void mbedtls_pem_init(mbedtls_pem_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_pem_context ) );
+    memset(ctx, 0, sizeof(mbedtls_pem_context));
 }
 
 #if defined(PEM_RFC1421)
 /*
  * Read a 16-byte hex string and convert it to binary
  */
-static int pem_get_iv( const unsigned char *s, unsigned char *iv,
-                       size_t iv_len )
+static int pem_get_iv(const unsigned char *s, unsigned char *iv,
+                      size_t iv_len)
 {
     size_t i, j, k;
 
-    memset( iv, 0, iv_len );
+    memset(iv, 0, iv_len);
 
-    for( i = 0; i < iv_len * 2; i++, s++ )
-    {
-        if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
-        if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
-        if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
-            return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+    for (i = 0; i < iv_len * 2; i++, s++) {
+        if (*s >= '0' && *s <= '9') {
+            j = *s - '0';
+        } else
+        if (*s >= 'A' && *s <= 'F') {
+            j = *s - '7';
+        } else
+        if (*s >= 'a' && *s <= 'f') {
+            j = *s - 'W';
+        } else {
+            return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+        }
 
-        k = ( ( i & 1 ) != 0 ) ? j : j << 4;
+        k = ((i & 1) != 0) ? j : j << 4;
 
-        iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
+        iv[i >> 1] = (unsigned char) (iv[i >> 1] | k);
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_MD5_C)
-static int pem_pbkdf1( unsigned char *key, size_t keylen,
-                       unsigned char *iv,
-                       const unsigned char *pwd, size_t pwdlen )
+static int pem_pbkdf1(unsigned char *key, size_t keylen,
+                      unsigned char *iv,
+                      const unsigned char *pwd, size_t pwdlen)
 {
     mbedtls_md5_context md5_ctx;
     unsigned char md5sum[16];
     size_t use_len;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_md5_init( &md5_ctx );
+    mbedtls_md5_init(&md5_ctx);
 
     /*
      * key[ 0..15] = MD5(pwd || IV)
      */
-    if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
+    if ((ret = mbedtls_md5_starts(&md5_ctx)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_update(&md5_ctx, pwd, pwdlen)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_update( &md5_ctx, iv,  8 ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_update(&md5_ctx, iv,  8)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
-        goto exit;
-
-    if( keylen <= 16 )
-    {
-        memcpy( key, md5sum, keylen );
+    }
+    if ((ret = mbedtls_md5_finish(&md5_ctx, md5sum)) != 0) {
         goto exit;
     }
 
-    memcpy( key, md5sum, 16 );
+    if (keylen <= 16) {
+        memcpy(key, md5sum, keylen);
+        goto exit;
+    }
+
+    memcpy(key, md5sum, 16);
 
     /*
      * key[16..23] = MD5(key[ 0..15] || pwd || IV])
      */
-    if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
+    if ((ret = mbedtls_md5_starts(&md5_ctx)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_update( &md5_ctx, md5sum, 16 ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_update(&md5_ctx, md5sum, 16)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_update(&md5_ctx, pwd, pwdlen)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_update(&md5_ctx, iv, 8)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
+    }
+    if ((ret = mbedtls_md5_finish(&md5_ctx, md5sum)) != 0) {
         goto exit;
+    }
 
     use_len = 16;
-    if( keylen < 32 )
+    if (keylen < 32) {
         use_len = keylen - 16;
+    }
 
-    memcpy( key + 16, md5sum, use_len );
+    memcpy(key + 16, md5sum, use_len);
 
 exit:
-    mbedtls_md5_free( &md5_ctx );
-    mbedtls_platform_zeroize( md5sum, 16 );
+    mbedtls_md5_free(&md5_ctx);
+    mbedtls_platform_zeroize(md5sum, 16);
 
-    return( ret );
+    return ret;
 }
 #else
-static int pem_pbkdf1( unsigned char *key, size_t keylen,
-                       unsigned char *iv,
-                       const unsigned char *pwd, size_t pwdlen )
+static int pem_pbkdf1(unsigned char *key, size_t keylen,
+                      unsigned char *iv,
+                      const unsigned char *pwd, size_t pwdlen)
 {
     unsigned char md5sum[16];
     psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
@@ -150,71 +165,78 @@
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
 
-    if( ( status = psa_hash_setup( &operation, PSA_ALG_MD5 ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_update( &operation, pwd, pwdlen ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_update( &operation, iv, 8 ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_finish( &operation, md5sum,
-                                    PSA_HASH_LENGTH( PSA_ALG_MD5 ),
-                                    &output_length ) ) != PSA_SUCCESS )
-    {
+    if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
         goto exit;
     }
 
-    if( ( status = psa_hash_abort( &operation ) ) != PSA_SUCCESS )
+    if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
         goto exit;
+    }
+
+    if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    if ((status = psa_hash_finish(&operation, md5sum,
+                                  PSA_HASH_LENGTH(PSA_ALG_MD5),
+                                  &output_length)) != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
+        goto exit;
+    }
 
     /*
      * key[ 0..15] = MD5(pwd || IV)
      */
-    if( keylen <= 16 )
-    {
-        memcpy( key, md5sum, keylen );
+    if (keylen <= 16) {
+        memcpy(key, md5sum, keylen);
         goto exit;
     }
 
-    memcpy( key, md5sum, 16 );
+    memcpy(key, md5sum, 16);
 
     /*
      * key[16..23] = MD5(key[ 0..15] || pwd || IV])
      */
-    if( ( status = psa_hash_setup( &operation, PSA_ALG_MD5 ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_update( &operation, md5sum, 16 ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_update( &operation, pwd, pwdlen ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_update( &operation, iv, 8 ) ) != PSA_SUCCESS )
-        goto exit;
-
-    if( ( status = psa_hash_finish( &operation, md5sum,
-                                    PSA_HASH_LENGTH( PSA_ALG_MD5 ),
-                                    &output_length ) ) != PSA_SUCCESS )
-    {
+    if ((status = psa_hash_setup(&operation, PSA_ALG_MD5)) != PSA_SUCCESS) {
         goto exit;
     }
 
-    if( ( status = psa_hash_abort( &operation ) ) != PSA_SUCCESS )
+    if ((status = psa_hash_update(&operation, md5sum, 16)) != PSA_SUCCESS) {
         goto exit;
+    }
+
+    if ((status = psa_hash_update(&operation, pwd, pwdlen)) != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    if ((status = psa_hash_update(&operation, iv, 8)) != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    if ((status = psa_hash_finish(&operation, md5sum,
+                                  PSA_HASH_LENGTH(PSA_ALG_MD5),
+                                  &output_length)) != PSA_SUCCESS) {
+        goto exit;
+    }
+
+    if ((status = psa_hash_abort(&operation)) != PSA_SUCCESS) {
+        goto exit;
+    }
 
     size_t use_len = 16;
-    if( keylen < 32 )
+    if (keylen < 32) {
         use_len = keylen - 16;
+    }
 
-    memcpy( key + 16, md5sum, use_len );
+    memcpy(key + 16, md5sum, use_len);
 
 exit:
-    mbedtls_platform_zeroize( md5sum, 16 );
+    mbedtls_platform_zeroize(md5sum, 16);
 
-    return( mbedtls_md_error_from_psa ( status ) );
+    return mbedtls_md_error_from_psa(status);
 }
 #endif /* MBEDTLS_MD5_C */
 
@@ -222,57 +244,61 @@
 /*
  * Decrypt with DES-CBC, using PBKDF1 for key derivation
  */
-static int pem_des_decrypt( unsigned char des_iv[8],
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
+static int pem_des_decrypt(unsigned char des_iv[8],
+                           unsigned char *buf, size_t buflen,
+                           const unsigned char *pwd, size_t pwdlen)
 {
     mbedtls_des_context des_ctx;
     unsigned char des_key[8];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_des_init( &des_ctx );
+    mbedtls_des_init(&des_ctx);
 
-    if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
+    if ((ret = pem_pbkdf1(des_key, 8, des_iv, pwd, pwdlen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
+    if ((ret = mbedtls_des_setkey_dec(&des_ctx, des_key)) != 0) {
         goto exit;
-    ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des_iv, buf, buf );
+    }
+    ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, buflen,
+                                des_iv, buf, buf);
 
 exit:
-    mbedtls_des_free( &des_ctx );
-    mbedtls_platform_zeroize( des_key, 8 );
+    mbedtls_des_free(&des_ctx);
+    mbedtls_platform_zeroize(des_key, 8);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
  */
-static int pem_des3_decrypt( unsigned char des3_iv[8],
-                             unsigned char *buf, size_t buflen,
-                             const unsigned char *pwd, size_t pwdlen )
+static int pem_des3_decrypt(unsigned char des3_iv[8],
+                            unsigned char *buf, size_t buflen,
+                            const unsigned char *pwd, size_t pwdlen)
 {
     mbedtls_des3_context des3_ctx;
     unsigned char des3_key[24];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_des3_init( &des3_ctx );
+    mbedtls_des3_init(&des3_ctx);
 
-    if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
+    if ((ret = pem_pbkdf1(des3_key, 24, des3_iv, pwd, pwdlen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
+    if ((ret = mbedtls_des3_set3key_dec(&des3_ctx, des3_key)) != 0) {
         goto exit;
-    ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des3_iv, buf, buf );
+    }
+    ret = mbedtls_des3_crypt_cbc(&des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
+                                 des3_iv, buf, buf);
 
 exit:
-    mbedtls_des3_free( &des3_ctx );
-    mbedtls_platform_zeroize( des3_key, 24 );
+    mbedtls_des3_free(&des3_ctx);
+    mbedtls_platform_zeroize(des3_key, 24);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_DES_C */
 
@@ -280,37 +306,39 @@
 /*
  * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
  */
-static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
+static int pem_aes_decrypt(unsigned char aes_iv[16], unsigned int keylen,
+                           unsigned char *buf, size_t buflen,
+                           const unsigned char *pwd, size_t pwdlen)
 {
     mbedtls_aes_context aes_ctx;
     unsigned char aes_key[32];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_aes_init( &aes_ctx );
+    mbedtls_aes_init(&aes_ctx);
 
-    if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
+    if ((ret = pem_pbkdf1(aes_key, keylen, aes_iv, pwd, pwdlen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
+    if ((ret = mbedtls_aes_setkey_dec(&aes_ctx, aes_key, keylen * 8)) != 0) {
         goto exit;
-    ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
-                     aes_iv, buf, buf );
+    }
+    ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
+                                aes_iv, buf, buf);
 
 exit:
-    mbedtls_aes_free( &aes_ctx );
-    mbedtls_platform_zeroize( aes_key, keylen );
+    mbedtls_aes_free(&aes_ctx);
+    mbedtls_platform_zeroize(aes_key, keylen);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_AES_C */
 
 #endif /* PEM_RFC1421 */
 
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data, const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len )
+int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
+                            const unsigned char *data, const unsigned char *pwd,
+                            size_t pwdlen, size_t *use_len)
 {
     int ret, enc;
     size_t len;
@@ -324,151 +352,178 @@
     ((void) pwdlen);
 #endif /* PEM_RFC1421 */
 
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
+    if (ctx == NULL) {
+        return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
+    }
 
-    s1 = (unsigned char *) strstr( (const char *) data, header );
+    s1 = (unsigned char *) strstr((const char *) data, header);
 
-    if( s1 == NULL )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+    if (s1 == NULL) {
+        return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    }
 
-    s2 = (unsigned char *) strstr( (const char *) data, footer );
+    s2 = (unsigned char *) strstr((const char *) data, footer);
 
-    if( s2 == NULL || s2 <= s1 )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+    if (s2 == NULL || s2 <= s1) {
+        return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    }
 
-    s1 += strlen( header );
-    if( *s1 == ' '  ) s1++;
-    if( *s1 == '\r' ) s1++;
-    if( *s1 == '\n' ) s1++;
-    else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+    s1 += strlen(header);
+    if (*s1 == ' ') {
+        s1++;
+    }
+    if (*s1 == '\r') {
+        s1++;
+    }
+    if (*s1 == '\n') {
+        s1++;
+    } else {
+        return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    }
 
     end = s2;
-    end += strlen( footer );
-    if( *end == ' '  ) end++;
-    if( *end == '\r' ) end++;
-    if( *end == '\n' ) end++;
+    end += strlen(footer);
+    if (*end == ' ') {
+        end++;
+    }
+    if (*end == '\r') {
+        end++;
+    }
+    if (*end == '\n') {
+        end++;
+    }
     *use_len = end - data;
 
     enc = 0;
 
-    if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
-    {
+    if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) {
 #if defined(PEM_RFC1421)
         enc++;
 
         s1 += 22;
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+        if (*s1 == '\r') {
+            s1++;
+        }
+        if (*s1 == '\n') {
+            s1++;
+        } else {
+            return MBEDTLS_ERR_PEM_INVALID_DATA;
+        }
 
 
 #if defined(MBEDTLS_DES_C)
-        if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
-        {
+        if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) {
             enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
 
             s1 += 23;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+            if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) {
+                return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+            }
 
             s1 += 16;
-        }
-        else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
-        {
+        } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) {
             enc_alg = MBEDTLS_CIPHER_DES_CBC;
 
             s1 += 18;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+            if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) {
+                return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+            }
 
             s1 += 16;
         }
 #endif /* MBEDTLS_DES_C */
 
 #if defined(MBEDTLS_AES_C)
-        if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
-        {
-            if( s2 - s1 < 22 )
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-            else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+        if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) {
+            if (s2 - s1 < 22) {
+                return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+            } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) {
                 enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
+            } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) {
                 enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
+            } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) {
                 enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
-            else
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+            } else {
+                return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+            }
 
             s1 += 22;
-            if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+            if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) {
+                return MBEDTLS_ERR_PEM_INVALID_ENC_IV;
+            }
 
             s1 += 32;
         }
 #endif /* MBEDTLS_AES_C */
 
-        if( enc_alg == MBEDTLS_CIPHER_NONE )
-            return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+        if (enc_alg == MBEDTLS_CIPHER_NONE) {
+            return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG;
+        }
 
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+        if (*s1 == '\r') {
+            s1++;
+        }
+        if (*s1 == '\n') {
+            s1++;
+        } else {
+            return MBEDTLS_ERR_PEM_INVALID_DATA;
+        }
 #else
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
 #endif /* PEM_RFC1421 */
     }
 
-    if( s1 >= s2 )
-        return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
-    ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
-
-    if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
-
-    if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
-    {
-        mbedtls_platform_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
+    if (s1 >= s2) {
+        return MBEDTLS_ERR_PEM_INVALID_DATA;
     }
 
-    if( enc != 0 )
-    {
+    ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1);
+
+    if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
+    }
+
+    if ((buf = mbedtls_calloc(1, len)) == NULL) {
+        return MBEDTLS_ERR_PEM_ALLOC_FAILED;
+    }
+
+    if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) {
+        mbedtls_platform_zeroize(buf, len);
+        mbedtls_free(buf);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
+    }
+
+    if (enc != 0) {
 #if defined(PEM_RFC1421)
-        if( pwd == NULL )
-        {
-            mbedtls_platform_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
+        if (pwd == NULL) {
+            mbedtls_platform_zeroize(buf, len);
+            mbedtls_free(buf);
+            return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED;
         }
 
         ret = 0;
 
 #if defined(MBEDTLS_DES_C)
-        if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
-            ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
-            ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
+        if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) {
+            ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen);
+        } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) {
+            ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen);
+        }
 #endif /* MBEDTLS_DES_C */
 
 #if defined(MBEDTLS_AES_C)
-        if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
-            ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
-            ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
-            ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
+        if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) {
+            ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen);
+        } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) {
+            ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen);
+        } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) {
+            ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen);
+        }
 #endif /* MBEDTLS_AES_C */
 
-        if( ret != 0 )
-        {
-            mbedtls_free( buf );
-            return( ret );
+        if (ret != 0) {
+            mbedtls_free(buf);
+            return ret;
         }
 
         /*
@@ -477,93 +532,88 @@
          *
          * Use that as a heuristic to try to detect password mismatches.
          */
-        if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
-        {
-            mbedtls_platform_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
+        if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) {
+            mbedtls_platform_zeroize(buf, len);
+            mbedtls_free(buf);
+            return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
         }
 #else
-        mbedtls_platform_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+        mbedtls_platform_zeroize(buf, len);
+        mbedtls_free(buf);
+        return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
 #endif /* PEM_RFC1421 */
     }
 
     ctx->buf = buf;
     ctx->buflen = len;
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_pem_free( mbedtls_pem_context *ctx )
+void mbedtls_pem_free(mbedtls_pem_context *ctx)
 {
-    if ( ctx->buf != NULL )
-    {
-        mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
-        mbedtls_free( ctx->buf );
+    if (ctx->buf != NULL) {
+        mbedtls_platform_zeroize(ctx->buf, ctx->buflen);
+        mbedtls_free(ctx->buf);
     }
-    mbedtls_free( ctx->info );
+    mbedtls_free(ctx->info);
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context));
 }
 #endif /* MBEDTLS_PEM_PARSE_C */
 
 #if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen )
+int mbedtls_pem_write_buffer(const char *header, const char *footer,
+                             const unsigned char *der_data, size_t der_len,
+                             unsigned char *buf, size_t buf_len, size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *encode_buf = NULL, *c, *p = buf;
     size_t len = 0, use_len, add_len = 0;
 
-    mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
-    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+    mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len);
+    add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1;
 
-    if( use_len + add_len > buf_len )
-    {
+    if (use_len + add_len > buf_len) {
         *olen = use_len + add_len;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
-    if( use_len != 0 &&
-        ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
-                               der_len ) ) != 0 )
-    {
-        mbedtls_free( encode_buf );
-        return( ret );
+    if (use_len != 0 &&
+        ((encode_buf = mbedtls_calloc(1, use_len)) == NULL)) {
+        return MBEDTLS_ERR_PEM_ALLOC_FAILED;
     }
 
-    memcpy( p, header, strlen( header ) );
-    p += strlen( header );
+    if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data,
+                                     der_len)) != 0) {
+        mbedtls_free(encode_buf);
+        return ret;
+    }
+
+    memcpy(p, header, strlen(header));
+    p += strlen(header);
     c = encode_buf;
 
-    while( use_len )
-    {
-        len = ( use_len > 64 ) ? 64 : use_len;
-        memcpy( p, c, len );
+    while (use_len) {
+        len = (use_len > 64) ? 64 : use_len;
+        memcpy(p, c, len);
         use_len -= len;
         p += len;
         c += len;
         *p++ = '\n';
     }
 
-    memcpy( p, footer, strlen( footer ) );
-    p += strlen( footer );
+    memcpy(p, footer, strlen(footer));
+    p += strlen(footer);
 
     *p++ = '\0';
     *olen = p - buf;
 
-     /* Clean any remaining data previously written to the buffer */
-    memset( buf + *olen, 0, buf_len - *olen );
+    /* Clean any remaining data previously written to the buffer */
+    memset(buf + *olen, 0, buf_len - *olen);
 
-    mbedtls_free( encode_buf );
-    return( 0 );
+    mbedtls_free(encode_buf);
+    return 0;
 }
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
-
diff --git a/library/pk.c b/library/pk.c
index a73fa56..b01694c 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -49,7 +49,7 @@
 /*
  * Initialise a mbedtls_pk_context
  */
-void mbedtls_pk_init( mbedtls_pk_context *ctx )
+void mbedtls_pk_init(mbedtls_pk_context *ctx)
 {
     ctx->pk_info = NULL;
     ctx->pk_ctx = NULL;
@@ -58,22 +58,24 @@
 /*
  * Free (the components of) a mbedtls_pk_context
  */
-void mbedtls_pk_free( mbedtls_pk_context *ctx )
+void mbedtls_pk_free(mbedtls_pk_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    if ( ctx->pk_info != NULL )
-        ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+    if (ctx->pk_info != NULL) {
+        ctx->pk_info->ctx_free_func(ctx->pk_ctx);
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context));
 }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /*
  * Initialize a restart context
  */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
+void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx)
 {
     ctx->pk_info = NULL;
     ctx->rs_ctx = NULL;
@@ -82,15 +84,14 @@
 /*
  * Free the components of a restart context
  */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
+void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx)
 {
-    if( ctx == NULL || ctx->pk_info == NULL ||
-        ctx->pk_info->rs_free_func == NULL )
-    {
+    if (ctx == NULL || ctx->pk_info == NULL ||
+        ctx->pk_info->rs_free_func == NULL) {
         return;
     }
 
-    ctx->pk_info->rs_free_func( ctx->rs_ctx );
+    ctx->pk_info->rs_free_func(ctx->rs_ctx);
 
     ctx->pk_info = NULL;
     ctx->rs_ctx = NULL;
@@ -100,81 +101,87 @@
 /*
  * Get pk_info structure from type
  */
-const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
 {
-    switch( pk_type ) {
+    switch (pk_type) {
 #if defined(MBEDTLS_RSA_C)
         case MBEDTLS_PK_RSA:
-            return( &mbedtls_rsa_info );
+            return &mbedtls_rsa_info;
 #endif
 #if defined(MBEDTLS_ECP_C)
         case MBEDTLS_PK_ECKEY:
-            return( &mbedtls_eckey_info );
+            return &mbedtls_eckey_info;
         case MBEDTLS_PK_ECKEY_DH:
-            return( &mbedtls_eckeydh_info );
+            return &mbedtls_eckeydh_info;
 #endif
 #if defined(MBEDTLS_ECDSA_C)
         case MBEDTLS_PK_ECDSA:
-            return( &mbedtls_ecdsa_info );
+            return &mbedtls_ecdsa_info;
 #endif
         /* MBEDTLS_PK_RSA_ALT omitted on purpose */
         default:
-            return( NULL );
+            return NULL;
     }
 }
 
 /*
  * Initialise context
  */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
+int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info)
 {
-    if( info == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (info == NULL || ctx->pk_info != NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
+    }
 
     ctx->pk_info = info;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /*
  * Initialise a PSA-wrapping context
  */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
-                             const mbedtls_svc_key_id_t key )
+int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
+                            const mbedtls_svc_key_id_t key)
 {
     const mbedtls_pk_info_t *info = NULL;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t *pk_ctx;
     psa_key_type_t type;
 
-    if( ctx == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->pk_info != NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    type = psa_get_key_type( &attributes );
-    psa_reset_key_attributes( &attributes );
+    if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+    type = psa_get_key_type(&attributes);
+    psa_reset_key_attributes(&attributes);
 
-    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+    if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
         info = &mbedtls_pk_ecdsa_opaque_info;
-    else if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
+    } else if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
         info = &mbedtls_pk_rsa_opaque_info;
-    else
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    } else {
+        return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+    }
 
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
+    }
 
     ctx->pk_info = info;
 
     pk_ctx = (mbedtls_svc_key_id_t *) ctx->pk_ctx;
     *pk_ctx = key;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -182,19 +189,21 @@
 /*
  * Initialize an RSA-alt context
  */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func )
+int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
+                             mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                             mbedtls_pk_rsa_alt_sign_func sign_func,
+                             mbedtls_pk_rsa_alt_key_len_func key_len_func)
 {
     mbedtls_rsa_alt_context *rsa_alt;
     const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
 
-    if( ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info != NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
+    }
 
     ctx->pk_info = info;
 
@@ -205,78 +214,83 @@
     rsa_alt->sign_func = sign_func;
     rsa_alt->key_len_func = key_len_func;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 
 /*
  * Tell if a PK can do the operations of the given type
  */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
+int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
 {
     /* A context with null pk_info is not set up yet and can't do anything.
      * For backward compatibility, also accept NULL instead of a context
      * pointer. */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
+    if (ctx == NULL || ctx->pk_info == NULL) {
+        return 0;
+    }
 
-    return( ctx->pk_info->can_do( type ) );
+    return ctx->pk_info->can_do(type);
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /*
  * Tell if a PK can do the operations of the given PSA algorithm
  */
-int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
-                           psa_key_usage_t usage )
+int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
+                          psa_key_usage_t usage)
 {
     psa_key_usage_t key_usage;
 
     /* A context with null pk_info is not set up yet and can't do anything.
      * For backward compatibility, also accept NULL instead of a context
      * pointer. */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
+    if (ctx == NULL || ctx->pk_info == NULL) {
+        return 0;
+    }
 
     /* Filter out non allowed algorithms */
-    if( PSA_ALG_IS_ECDSA( alg ) == 0 &&
-        PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) == 0 &&
-        PSA_ALG_IS_RSA_PSS( alg ) == 0 &&
+    if (PSA_ALG_IS_ECDSA(alg) == 0 &&
+        PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) == 0 &&
+        PSA_ALG_IS_RSA_PSS(alg) == 0 &&
         alg != PSA_ALG_RSA_PKCS1V15_CRYPT &&
-        PSA_ALG_IS_ECDH( alg ) == 0 )
-        return( 0 );
+        PSA_ALG_IS_ECDH(alg) == 0) {
+        return 0;
+    }
 
     /* Filter out non allowed usage flags */
-    if( usage == 0 ||
-        ( usage & ~( PSA_KEY_USAGE_SIGN_HASH |
-                     PSA_KEY_USAGE_DECRYPT |
-                     PSA_KEY_USAGE_DERIVE ) ) != 0 )
-        return( 0 );
+    if (usage == 0 ||
+        (usage & ~(PSA_KEY_USAGE_SIGN_HASH |
+                   PSA_KEY_USAGE_DECRYPT |
+                   PSA_KEY_USAGE_DERIVE)) != 0) {
+        return 0;
+    }
 
     /* Wildcard hash is not allowed */
-    if( PSA_ALG_IS_SIGN_HASH( alg ) &&
-        PSA_ALG_SIGN_GET_HASH( alg ) == PSA_ALG_ANY_HASH )
-        return( 0 );
+    if (PSA_ALG_IS_SIGN_HASH(alg) &&
+        PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH) {
+        return 0;
+    }
 
-    if( mbedtls_pk_get_type( ctx ) != MBEDTLS_PK_OPAQUE )
-    {
+    if (mbedtls_pk_get_type(ctx) != MBEDTLS_PK_OPAQUE) {
         mbedtls_pk_type_t type;
 
-        if( PSA_ALG_IS_ECDSA( alg ) || PSA_ALG_IS_ECDH( alg ) )
+        if (PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_ECDH(alg)) {
             type = MBEDTLS_PK_ECKEY;
-        else if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
-                 alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
+        } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+                   alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
             type = MBEDTLS_PK_RSA;
-        else if( PSA_ALG_IS_RSA_PSS( alg ) )
+        } else if (PSA_ALG_IS_RSA_PSS(alg)) {
             type = MBEDTLS_PK_RSASSA_PSS;
-        else
-            return( 0 );
+        } else {
+            return 0;
+        }
 
-        if( ctx->pk_info->can_do( type ) == 0 )
-            return( 0 );
+        if (ctx->pk_info->can_do(type) == 0) {
+            return 0;
+        }
 
-        switch( type )
-        {
+        switch (type) {
             case MBEDTLS_PK_ECKEY:
                 key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
                 break;
@@ -288,10 +302,10 @@
                 break;
             default:
                 /* Should never happen */
-                return( 0 );
+                return 0;
         }
 
-        return( ( key_usage & usage ) == usage );
+        return (key_usage & usage) == usage;
     }
 
     const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
@@ -299,17 +313,19 @@
     psa_algorithm_t key_alg, key_alg2;
     psa_status_t status;
 
-    status = psa_get_key_attributes( *key, &attributes );
-    if( status != PSA_SUCCESS )
-        return( 0 );
+    status = psa_get_key_attributes(*key, &attributes);
+    if (status != PSA_SUCCESS) {
+        return 0;
+    }
 
-    key_alg = psa_get_key_algorithm( &attributes );
-    key_alg2 = psa_get_key_enrollment_algorithm( &attributes );
-    key_usage = psa_get_key_usage_flags( &attributes );
-    psa_reset_key_attributes( &attributes );
+    key_alg = psa_get_key_algorithm(&attributes);
+    key_alg2 = psa_get_key_enrollment_algorithm(&attributes);
+    key_usage = psa_get_key_usage_flags(&attributes);
+    psa_reset_key_attributes(&attributes);
 
-    if( ( key_usage & usage ) != usage )
-        return( 0 );
+    if ((key_usage & usage) != usage) {
+        return 0;
+    }
 
     /*
      * Common case: the key alg or alg2 only allows alg.
@@ -318,153 +334,167 @@
      * This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with
      * a fixed hash on key_alg/key_alg2.
      */
-    if( alg == key_alg || alg == key_alg2 )
-            return( 1 );
+    if (alg == key_alg || alg == key_alg2) {
+        return 1;
+    }
 
     /*
      * If key_alg or key_alg2 is a hash-and-sign with a wildcard for the hash,
      * and alg is the same hash-and-sign family with any hash,
      * then alg is compliant with this key alg
      */
-    if( PSA_ALG_IS_SIGN_HASH( alg ) )
-    {
+    if (PSA_ALG_IS_SIGN_HASH(alg)) {
 
-        if( PSA_ALG_IS_SIGN_HASH( key_alg ) &&
-            PSA_ALG_SIGN_GET_HASH( key_alg ) == PSA_ALG_ANY_HASH &&
-            ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg & ~PSA_ALG_HASH_MASK ) )
-            return( 1 );
+        if (PSA_ALG_IS_SIGN_HASH(key_alg) &&
+            PSA_ALG_SIGN_GET_HASH(key_alg) == PSA_ALG_ANY_HASH &&
+            (alg & ~PSA_ALG_HASH_MASK) == (key_alg & ~PSA_ALG_HASH_MASK)) {
+            return 1;
+        }
 
-        if( PSA_ALG_IS_SIGN_HASH( key_alg2 ) &&
-            PSA_ALG_SIGN_GET_HASH( key_alg2 ) == PSA_ALG_ANY_HASH &&
-            ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg2 & ~PSA_ALG_HASH_MASK ) )
-            return( 1 );
+        if (PSA_ALG_IS_SIGN_HASH(key_alg2) &&
+            PSA_ALG_SIGN_GET_HASH(key_alg2) == PSA_ALG_ANY_HASH &&
+            (alg & ~PSA_ALG_HASH_MASK) == (key_alg2 & ~PSA_ALG_HASH_MASK)) {
+            return 1;
+        }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /*
  * Helper for mbedtls_pk_sign and mbedtls_pk_verify
  */
-static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
+static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len)
 {
-    if( *hash_len != 0 )
-        return( 0 );
+    if (*hash_len != 0) {
+        return 0;
+    }
 
-    *hash_len = mbedtls_hash_info_get_size( md_alg );
+    *hash_len = mbedtls_hash_info_get_size(md_alg);
 
-    if( *hash_len == 0 )
-        return( -1 );
+    if (*hash_len == 0) {
+        return -1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /*
  * Helper to set up a restart context if needed
  */
-static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
-                             const mbedtls_pk_info_t *info )
+static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx,
+                            const mbedtls_pk_info_t *info)
 {
     /* Don't do anything if already set up or invalid */
-    if( ctx == NULL || ctx->pk_info != NULL )
-        return( 0 );
+    if (ctx == NULL || ctx->pk_info != NULL) {
+        return 0;
+    }
 
     /* Should never happen when we're called */
-    if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) {
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
+    }
 
     ctx->pk_info = info;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
 /*
  * Verify a signature (restartable)
  */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
-               mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len,
-               mbedtls_pk_restart_ctx *rs_ctx )
+int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  const unsigned char *hash, size_t hash_len,
+                                  const unsigned char *sig, size_t sig_len,
+                                  mbedtls_pk_restart_ctx *rs_ctx)
 {
-    if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info == NULL ||
-        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL ||
+        pk_hashlen_helper(md_alg, &hash_len) != 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* optimization: use non-restartable version if restart disabled */
-    if( rs_ctx != NULL &&
+    if (rs_ctx != NULL &&
         mbedtls_ecp_restart_is_enabled() &&
-        ctx->pk_info->verify_rs_func != NULL )
-    {
+        ctx->pk_info->verify_rs_func != NULL) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-        if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
-            return( ret );
+        if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
+            return ret;
+        }
 
-        ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
-                   md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
+        ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx,
+                                           md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx);
 
-        if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-            mbedtls_pk_restart_free( rs_ctx );
+        if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+            mbedtls_pk_restart_free(rs_ctx);
+        }
 
-        return( ret );
+        return ret;
     }
 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
     (void) rs_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-    if( ctx->pk_info->verify_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (ctx->pk_info->verify_func == NULL) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
-                                       sig, sig_len ) );
+    return ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len,
+                                     sig, sig_len);
 }
 
 /*
  * Verify a signature
  */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len )
+int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                      const unsigned char *hash, size_t hash_len,
+                      const unsigned char *sig, size_t sig_len)
 {
-    return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
-                                           sig, sig_len, NULL ) );
+    return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len,
+                                         sig, sig_len, NULL);
 }
 
 /*
  * Verify a signature with options
  */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
+int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
+                          mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                          const unsigned char *hash, size_t hash_len,
+                          const unsigned char *sig, size_t sig_len)
 {
-    if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ! mbedtls_pk_can_do( ctx, type ) )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (!mbedtls_pk_can_do(ctx, type)) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    if( type != MBEDTLS_PK_RSASSA_PSS )
-    {
+    if (type != MBEDTLS_PK_RSASSA_PSS) {
         /* General case: no options */
-        if( options != NULL )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+        if (options != NULL) {
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+        }
 
-        return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+        return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len);
     }
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
@@ -472,18 +502,19 @@
     const mbedtls_pk_rsassa_pss_options *pss_opts;
 
 #if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif /* SIZE_MAX > UINT_MAX */
 
-    if( options == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (options == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
     pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( pss_opts->mgf1_hash_id == md_alg )
-    {
+    if (pss_opts->mgf1_hash_id == md_alg) {
         unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
         unsigned char *p;
         int key_len;
@@ -491,27 +522,27 @@
         psa_status_t status = PSA_ERROR_DATA_CORRUPT;
         psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
 
-        psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
+        psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
         mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-        psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT( psa_md_alg );
-        p = buf + sizeof( buf );
-        key_len = mbedtls_pk_write_pubkey( &p, buf, ctx );
+        psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg);
+        p = buf + sizeof(buf);
+        key_len = mbedtls_pk_write_pubkey(&p, buf, ctx);
 
-        if( key_len < 0 )
-            return( key_len );
+        if (key_len < 0) {
+            return key_len;
+        }
 
-        psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
-        psa_set_key_algorithm( &attributes, psa_sig_alg );
+        psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+        psa_set_key_algorithm(&attributes, psa_sig_alg);
 
-        status = psa_import_key( &attributes,
-                                 buf + sizeof( buf ) - key_len, key_len,
-                                 &key_id );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_key( key_id );
-            return( mbedtls_pk_error_from_psa( status ) );
+        status = psa_import_key(&attributes,
+                                buf + sizeof(buf) - key_len, key_len,
+                                &key_id);
+        if (status != PSA_SUCCESS) {
+            psa_destroy_key(key_id);
+            return mbedtls_pk_error_from_psa(status);
         }
 
         /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
@@ -519,157 +550,166 @@
          * mbedtls_psa_rsa_verify_hash requires the sig_len to be exact,
          * so for this reason the passed sig_len is overwritten. Smaller
          * signature lengths should not be accepted for verification. */
-        signature_length = sig_len > mbedtls_pk_get_len( ctx ) ?
-                                     mbedtls_pk_get_len( ctx ) : sig_len;
-        status = psa_verify_hash( key_id, psa_sig_alg, hash,
-                                  hash_len, sig, signature_length );
-        destruction_status = psa_destroy_key( key_id );
+        signature_length = sig_len > mbedtls_pk_get_len(ctx) ?
+                           mbedtls_pk_get_len(ctx) : sig_len;
+        status = psa_verify_hash(key_id, psa_sig_alg, hash,
+                                 hash_len, sig, signature_length);
+        destruction_status = psa_destroy_key(key_id);
 
-        if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+        if (status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len(ctx)) {
+            return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+        }
 
-        if( status == PSA_SUCCESS )
+        if (status == PSA_SUCCESS) {
             status = destruction_status;
+        }
 
-        return( mbedtls_pk_error_from_psa_rsa( status ) );
-    }
-    else
+        return mbedtls_pk_error_from_psa_rsa(status);
+    } else
 #endif
     {
-        if( sig_len < mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+        if (sig_len < mbedtls_pk_get_len(ctx)) {
+            return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+        }
 
-        ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
-                                                 md_alg, (unsigned int) hash_len, hash,
-                                                 pss_opts->mgf1_hash_id,
-                                                 pss_opts->expected_salt_len,
-                                                 sig );
-        if( ret != 0 )
-            return( ret );
+        ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx),
+                                                md_alg, (unsigned int) hash_len, hash,
+                                                pss_opts->mgf1_hash_id,
+                                                pss_opts->expected_salt_len,
+                                                sig);
+        if (ret != 0) {
+            return ret;
+        }
 
-        if( sig_len > mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+        if (sig_len > mbedtls_pk_get_len(ctx)) {
+            return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+        }
 
-        return( 0 );
+        return 0;
     }
 #else
-    return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
 }
 
 /*
  * Make a signature (restartable)
  */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
-             mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_pk_restart_ctx *rs_ctx )
+int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
+                                mbedtls_md_type_t md_alg,
+                                const unsigned char *hash, size_t hash_len,
+                                unsigned char *sig, size_t sig_size, size_t *sig_len,
+                                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                                mbedtls_pk_restart_ctx *rs_ctx)
 {
-    if( ( md_alg != MBEDTLS_MD_NONE || hash_len != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL || pk_hashlen_helper(md_alg, &hash_len) != 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* optimization: use non-restartable version if restart disabled */
-    if( rs_ctx != NULL &&
+    if (rs_ctx != NULL &&
         mbedtls_ecp_restart_is_enabled() &&
-        ctx->pk_info->sign_rs_func != NULL )
-    {
+        ctx->pk_info->sign_rs_func != NULL) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-        if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
-            return( ret );
+        if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
+            return ret;
+        }
 
-        ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
-                                          hash, hash_len,
-                                          sig, sig_size, sig_len,
-                                          f_rng, p_rng, rs_ctx->rs_ctx );
+        ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg,
+                                         hash, hash_len,
+                                         sig, sig_size, sig_len,
+                                         f_rng, p_rng, rs_ctx->rs_ctx);
 
-        if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-            mbedtls_pk_restart_free( rs_ctx );
+        if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+            mbedtls_pk_restart_free(rs_ctx);
+        }
 
-        return( ret );
+        return ret;
     }
 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
     (void) rs_ctx;
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-    if( ctx->pk_info->sign_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (ctx->pk_info->sign_func == NULL) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg,
-                                     hash, hash_len,
-                                     sig, sig_size, sig_len,
-                                     f_rng, p_rng ) );
+    return ctx->pk_info->sign_func(ctx->pk_ctx, md_alg,
+                                   hash, hash_len,
+                                   sig, sig_size, sig_len,
+                                   f_rng, p_rng);
 }
 
 /*
  * Make a signature
  */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                    const unsigned char *hash, size_t hash_len,
+                    unsigned char *sig, size_t sig_size, size_t *sig_len,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
-                                         sig, sig_size, sig_len,
-                                         f_rng, p_rng, NULL ) );
+    return mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len,
+                                       sig, sig_size, sig_len,
+                                       f_rng, p_rng, NULL);
 }
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 /*
  * Make a signature given a signature type.
  */
-int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
-                         mbedtls_pk_context *ctx,
-                         mbedtls_md_type_t md_alg,
-                         const unsigned char *hash, size_t hash_len,
-                         unsigned char *sig, size_t sig_size, size_t *sig_len,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng )
+int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
+                        mbedtls_pk_context *ctx,
+                        mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        unsigned char *sig, size_t sig_size, size_t *sig_len,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng)
 {
 #if defined(MBEDTLS_RSA_C)
     psa_algorithm_t psa_md_alg;
 #endif /* MBEDTLS_RSA_C */
     *sig_len = 0;
 
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ! mbedtls_pk_can_do( ctx, pk_type ) )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (!mbedtls_pk_can_do(ctx, pk_type)) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    if( pk_type != MBEDTLS_PK_RSASSA_PSS )
-    {
-        return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
-                                 sig, sig_size, sig_len, f_rng, p_rng ) );
+    if (pk_type != MBEDTLS_PK_RSASSA_PSS) {
+        return mbedtls_pk_sign(ctx, md_alg, hash, hash_len,
+                               sig, sig_size, sig_len, f_rng, p_rng);
     }
 
 #if defined(MBEDTLS_RSA_C)
-    psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
-    if( psa_md_alg == 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+    if (psa_md_alg == 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
-    {
+    if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
         const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
         psa_status_t status;
 
-        status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
-                                hash, hash_len,
-                                sig, sig_size, sig_len );
-        return( mbedtls_pk_error_from_psa_rsa( status ) );
+        status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg),
+                               hash, hash_len,
+                               sig, sig_size, sig_len);
+        return mbedtls_pk_error_from_psa_rsa(status);
     }
 
-    return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ),
-                                         ctx->pk_ctx, hash, hash_len,
-                                         sig, sig_size, sig_len ) );
+    return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
+                                       ctx->pk_ctx, hash, hash_len,
+                                       sig, sig_size, sig_len);
 #else /* MBEDTLS_RSA_C */
-    return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 #endif /* !MBEDTLS_RSA_C */
 
 }
@@ -678,121 +718,130 @@
 /*
  * Decrypt message
  */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
+                       const unsigned char *input, size_t ilen,
+                       unsigned char *output, size_t *olen, size_t osize,
+                       int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info->decrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (ctx->pk_info->decrypt_func == NULL) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
+    return ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen,
+                                      output, olen, osize, f_rng, p_rng);
 }
 
 /*
  * Encrypt message
  */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
+                       const unsigned char *input, size_t ilen,
+                       unsigned char *output, size_t *olen, size_t osize,
+                       int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info->encrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (ctx->pk_info->encrypt_func == NULL) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
+    return ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen,
+                                      output, olen, osize, f_rng, p_rng);
 }
 
 /*
  * Check public-private key pair
  */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
-                           const mbedtls_pk_context *prv,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng )
+int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
+                          const mbedtls_pk_context *prv,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng)
 {
-    if( pub->pk_info == NULL ||
-        prv->pk_info == NULL )
-    {
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (pub->pk_info == NULL ||
+        prv->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( prv->pk_info->check_pair_func == NULL )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
-    {
-        if( pub->pk_info->type != MBEDTLS_PK_RSA )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-    }
-    else
-    {
-        if( pub->pk_info != prv->pk_info )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
 
-    return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx, f_rng, p_rng ) );
+    if (prv->pk_info->check_pair_func == NULL) {
+        return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+    }
+
+    if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) {
+        if (pub->pk_info->type != MBEDTLS_PK_RSA) {
+            return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+        }
+    } else {
+        if (pub->pk_info != prv->pk_info) {
+            return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+        }
+    }
+
+    return prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx, f_rng, p_rng);
 }
 
 /*
  * Get key size in bits
  */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
+size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
 {
     /* For backward compatibility, accept NULL or a context that
      * isn't set up yet, and return a fake value that should be safe. */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
+    if (ctx == NULL || ctx->pk_info == NULL) {
+        return 0;
+    }
 
-    return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
+    return ctx->pk_info->get_bitlen(ctx->pk_ctx);
 }
 
 /*
  * Export debug information
  */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
+int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items)
 {
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (ctx->pk_info == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    if( ctx->pk_info->debug_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    if (ctx->pk_info->debug_func == NULL) {
+        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+    }
 
-    ctx->pk_info->debug_func( ctx->pk_ctx, items );
-    return( 0 );
+    ctx->pk_info->debug_func(ctx->pk_ctx, items);
+    return 0;
 }
 
 /*
  * Access the PK type name
  */
-const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
+const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( "invalid PK" );
+    if (ctx == NULL || ctx->pk_info == NULL) {
+        return "invalid PK";
+    }
 
-    return( ctx->pk_info->name );
+    return ctx->pk_info->name;
 }
 
 /*
  * Access the PK type
  */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
+mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
 {
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_PK_NONE );
+    if (ctx == NULL || ctx->pk_info == NULL) {
+        return MBEDTLS_PK_NONE;
+    }
 
-    return( ctx->pk_info->type );
+    return ctx->pk_info->type;
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -802,11 +851,11 @@
  *
  * Currently only works for EC & RSA private keys.
  */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               mbedtls_svc_key_id_t *key,
-                               psa_algorithm_t alg,
-                               psa_key_usage_t usage,
-                               psa_algorithm_t alg2 )
+int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+                              mbedtls_svc_key_id_t *key,
+                              psa_algorithm_t alg,
+                              psa_key_usage_t usage,
+                              psa_algorithm_t alg2)
 {
 #if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C)
     ((void) pk);
@@ -816,8 +865,7 @@
     ((void) alg2);
 #else
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY )
-    {
+    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
         const mbedtls_ecp_keypair *ec;
         unsigned char d[MBEDTLS_ECP_MAX_BYTES];
         size_t d_len;
@@ -829,76 +877,79 @@
         psa_status_t status;
 
         /* export the private key material in the format PSA wants */
-        ec = mbedtls_pk_ec( *pk );
-        d_len = PSA_BITS_TO_BYTES( ec->grp.nbits );
-        if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
-            return( ret );
+        ec = mbedtls_pk_ec(*pk);
+        d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
+        if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) {
+            return ret;
+        }
 
-        curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
-        key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
+        curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
+        key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
 
         /* prepare the key attributes */
-        psa_set_key_type( &attributes, key_type );
-        psa_set_key_bits( &attributes, bits );
-        psa_set_key_usage_flags( &attributes, usage );
-        psa_set_key_algorithm( &attributes, alg );
-        if( alg2 != PSA_ALG_NONE )
-            psa_set_key_enrollment_algorithm( &attributes, alg2 );
+        psa_set_key_type(&attributes, key_type);
+        psa_set_key_bits(&attributes, bits);
+        psa_set_key_usage_flags(&attributes, usage);
+        psa_set_key_algorithm(&attributes, alg);
+        if (alg2 != PSA_ALG_NONE) {
+            psa_set_key_enrollment_algorithm(&attributes, alg2);
+        }
 
         /* import private key into PSA */
-        status = psa_import_key( &attributes, d, d_len, key );
-        if( status != PSA_SUCCESS )
-            return( mbedtls_pk_error_from_psa( status ) );
+        status = psa_import_key(&attributes, d, d_len, key);
+        if (status != PSA_SUCCESS) {
+            return mbedtls_pk_error_from_psa(status);
+        }
 
         /* make PK context wrap the key slot */
-        mbedtls_pk_free( pk );
-        mbedtls_pk_init( pk );
+        mbedtls_pk_free(pk);
+        mbedtls_pk_init(pk);
 
-        return( mbedtls_pk_setup_opaque( pk, *key ) );
-    }
-    else
+        return mbedtls_pk_setup_opaque(pk, *key);
+    } else
 #endif /* MBEDTLS_ECP_C */
 #if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
-    {
+    if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
         unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
         int key_len;
         psa_status_t status;
 
         /* export the private key material in the format PSA wants */
-        key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) );
-        if( key_len <= 0 )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+        key_len = mbedtls_pk_write_key_der(pk, buf, sizeof(buf));
+        if (key_len <= 0) {
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+        }
 
         /* prepare the key attributes */
-        psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
-        psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) );
-        psa_set_key_usage_flags( &attributes, usage );
-        psa_set_key_algorithm( &attributes, alg );
-        if( alg2 != PSA_ALG_NONE )
-            psa_set_key_enrollment_algorithm( &attributes, alg2 );
+        psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+        psa_set_key_bits(&attributes, mbedtls_pk_get_bitlen(pk));
+        psa_set_key_usage_flags(&attributes, usage);
+        psa_set_key_algorithm(&attributes, alg);
+        if (alg2 != PSA_ALG_NONE) {
+            psa_set_key_enrollment_algorithm(&attributes, alg2);
+        }
 
         /* import private key into PSA */
-        status = psa_import_key( &attributes,
-                                 buf + sizeof( buf ) - key_len,
-                                 key_len, key);
+        status = psa_import_key(&attributes,
+                                buf + sizeof(buf) - key_len,
+                                key_len, key);
 
-        mbedtls_platform_zeroize( buf, sizeof( buf ) );
+        mbedtls_platform_zeroize(buf, sizeof(buf));
 
-        if( status != PSA_SUCCESS )
-            return( mbedtls_pk_error_from_psa( status ) );
+        if (status != PSA_SUCCESS) {
+            return mbedtls_pk_error_from_psa(status);
+        }
 
         /* make PK context wrap the key slot */
-        mbedtls_pk_free( pk );
-        mbedtls_pk_init( pk );
+        mbedtls_pk_free(pk);
+        mbedtls_pk_init(pk);
 
-        return( mbedtls_pk_setup_opaque( pk, *key ) );
-    }
-    else
+        return mbedtls_pk_setup_opaque(pk, *key);
+    } else
 #endif /* MBEDTLS_RSA_C */
 #endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */
-    return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    return MBEDTLS_ERR_PK_TYPE_MISMATCH;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_PK_C */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index ea7d726..aaf516e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -61,60 +61,58 @@
 #include <stdint.h>
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
-int mbedtls_pk_error_from_psa( psa_status_t status )
+int mbedtls_pk_error_from_psa(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_SUCCESS:
-            return( 0 );
+            return 0;
         case PSA_ERROR_INVALID_HANDLE:
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+            return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
         case PSA_ERROR_NOT_PERMITTED:
-            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
         case PSA_ERROR_BUFFER_TOO_SMALL:
-            return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+            return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
         case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_PK_INVALID_ALG );
+            return MBEDTLS_ERR_PK_INVALID_ALG;
         case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+            return MBEDTLS_ERR_PK_ALLOC_FAILED;
         case PSA_ERROR_BAD_STATE:
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
         case PSA_ERROR_COMMUNICATION_FAILURE:
         case PSA_ERROR_HARDWARE_FAILURE:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         case PSA_ERROR_DATA_CORRUPT:
         case PSA_ERROR_DATA_INVALID:
         case PSA_ERROR_STORAGE_FAILURE:
-            return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+            return MBEDTLS_ERR_PK_FILE_IO_ERROR;
         case PSA_ERROR_CORRUPTION_DETECTED:
-            return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         default:
-            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     }
 }
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
+int mbedtls_pk_error_from_psa_rsa(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_ERROR_NOT_PERMITTED:
         case PSA_ERROR_INVALID_ARGUMENT:
         case PSA_ERROR_INVALID_HANDLE:
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
         case PSA_ERROR_BUFFER_TOO_SMALL:
-            return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+            return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
         case PSA_ERROR_INSUFFICIENT_ENTROPY:
-            return( MBEDTLS_ERR_RSA_RNG_FAILED );
+            return MBEDTLS_ERR_RSA_RNG_FAILED;
         case PSA_ERROR_INVALID_SIGNATURE:
-            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+            return MBEDTLS_ERR_RSA_VERIFY_FAILED;
         case PSA_ERROR_INVALID_PADDING:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
         default:
-            return( mbedtls_pk_error_from_psa( status ) );
+            return mbedtls_pk_error_from_psa(status);
     }
 }
 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
@@ -124,23 +122,22 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status )
+int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_ERROR_NOT_PERMITTED:
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         case PSA_ERROR_INVALID_HANDLE:
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
         case PSA_ERROR_BUFFER_TOO_SMALL:
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+            return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         case PSA_ERROR_INSUFFICIENT_ENTROPY:
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+            return MBEDTLS_ERR_ECP_RANDOM_FAILED;
         case PSA_ERROR_INVALID_SIGNATURE:
-            return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
+            return MBEDTLS_ERR_ECP_VERIFY_FAILED;
         default:
-            return( mbedtls_pk_error_from_psa( status ) );
+            return mbedtls_pk_error_from_psa(status);
     }
 }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
@@ -148,24 +145,24 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_RSA_C)
-static int rsa_can_do( mbedtls_pk_type_t type )
+static int rsa_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_RSA ||
-            type == MBEDTLS_PK_RSASSA_PSS );
+    return type == MBEDTLS_PK_RSA ||
+           type == MBEDTLS_PK_RSASSA_PSS;
 }
 
-static size_t rsa_get_bitlen( const void *ctx )
+static size_t rsa_get_bitlen(const void *ctx)
 {
-    const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
-    return( 8 * mbedtls_rsa_get_len( rsa ) );
+    const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
+    return 8 * mbedtls_rsa_get_len(rsa);
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
+static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           const unsigned char *sig, size_t sig_len)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -174,94 +171,100 @@
     int key_len;
     unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
     psa_algorithm_t psa_alg_md =
-        PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) );
-    size_t rsa_len = mbedtls_rsa_get_len( rsa );
+        PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+    size_t rsa_len = mbedtls_rsa_get_len(rsa);
 
 #if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif /* SIZE_MAX > UINT_MAX */
 
-    if( sig_len < rsa_len )
-        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+    if (sig_len < rsa_len) {
+        return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+    }
 
     /* mbedtls_pk_write_pubkey_der() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &mbedtls_rsa_info;
     key.pk_ctx = ctx;
-    key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
-    psa_set_key_algorithm( &attributes, psa_alg_md );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+    psa_set_key_algorithm(&attributes, psa_alg_md);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
 
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_import_key(&attributes,
+                            buf + sizeof(buf) - key_len, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
         goto cleanup;
     }
 
-    status = psa_verify_hash( key_id, psa_alg_md, hash, hash_len,
-                              sig, sig_len );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa_rsa( status );
+    status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len,
+                             sig, sig_len);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_rsa(status);
         goto cleanup;
     }
     ret = 0;
 
 cleanup:
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
 
-    return( ret );
+    return ret;
 }
 #else
-static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-        const unsigned char *hash, size_t hash_len,
-        const unsigned char *sig, size_t sig_len )
+static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           const unsigned char *sig, size_t sig_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    size_t rsa_len = mbedtls_rsa_get_len( rsa );
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+    size_t rsa_len = mbedtls_rsa_get_len(rsa);
 
 #if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif /* SIZE_MAX > UINT_MAX */
 
-    if( sig_len < rsa_len )
-        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+    if (sig_len < rsa_len) {
+        return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+    }
 
-    if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg,
-                                          (unsigned int) hash_len,
-                                          hash, sig ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_rsa_pkcs1_verify(rsa, md_alg,
+                                        (unsigned int) hash_len,
+                                        hash, sig)) != 0) {
+        return ret;
+    }
 
     /* The buffer contains a valid signature followed by extra data.
      * We have a special error code for that so that so that callers can
      * use mbedtls_pk_verify() to check "Does the buffer start with a
      * valid signature?" and not just "Does the buffer contain a valid
      * signature?". */
-    if( sig_len > rsa_len )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+    if (sig_len > rsa_len) {
+        return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
-int  mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg,
-                                  mbedtls_rsa_context *rsa_ctx,
-                                  const unsigned char *hash, size_t hash_len,
-                                  unsigned char *sig, size_t sig_size,
-                                  size_t *sig_len )
+int  mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
+                                 mbedtls_rsa_context *rsa_ctx,
+                                 const unsigned char *hash, size_t hash_len,
+                                 unsigned char *sig, size_t sig_size,
+                                 size_t *sig_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -272,96 +275,100 @@
     unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
     mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
 
-    *sig_len = mbedtls_rsa_get_len( rsa_ctx );
-    if( sig_size < *sig_len )
-        return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+    *sig_len = mbedtls_rsa_get_len(rsa_ctx);
+    if (sig_size < *sig_len) {
+        return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+    }
 
     /* mbedtls_pk_write_key_der() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &pk_info;
     key.pk_ctx = rsa_ctx;
-    key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+    key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+    psa_set_key_algorithm(&attributes, alg);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
 
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_import_key(&attributes,
+                            buf + sizeof(buf) - key_len, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
         goto cleanup;
     }
-    status = psa_sign_hash( key_id, alg, hash, hash_len,
-                            sig, sig_size, sig_len );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa_rsa( status );
+    status = psa_sign_hash(key_id, alg, hash, hash_len,
+                           sig, sig_size, sig_len);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_rsa(status);
         goto cleanup;
     }
 
     ret = 0;
 
 cleanup:
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
-    return( ret );
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
+    return ret;
 }
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                         const unsigned char *hash, size_t hash_len,
+                         unsigned char *sig, size_t sig_size, size_t *sig_len,
+                         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     ((void) f_rng);
     ((void) p_rng);
 
     psa_algorithm_t psa_md_alg;
-    psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
-    if( psa_md_alg == 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+    if (psa_md_alg == 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN(
-                                            psa_md_alg ),
-                                          ctx, hash, hash_len,
-                                          sig, sig_size, sig_len ) );
+    return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN(
+                                           psa_md_alg),
+                                       ctx, hash, hash_len,
+                                       sig, sig_size, sig_len);
 }
 #else
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                         const unsigned char *hash, size_t hash_len,
+                         unsigned char *sig, size_t sig_size, size_t *sig_len,
+                         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
 
 #if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif /* SIZE_MAX > UINT_MAX */
 
-    *sig_len = mbedtls_rsa_get_len( rsa );
-    if( sig_size < *sig_len )
-        return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+    *sig_len = mbedtls_rsa_get_len(rsa);
+    if (sig_size < *sig_len) {
+        return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+    }
 
-    return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng,
-                                    md_alg, (unsigned int) hash_len,
-                                    hash, sig ) );
+    return mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng,
+                                  md_alg, (unsigned int) hash_len,
+                                  hash, sig);
 }
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_decrypt_wrap(void *ctx,
+                            const unsigned char *input, size_t ilen,
+                            unsigned char *output, size_t *olen, size_t osize,
+                            int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -374,77 +381,80 @@
     ((void) p_rng);
 
 #if !defined(MBEDTLS_RSA_ALT)
-    if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
+        return MBEDTLS_ERR_RSA_INVALID_PADDING;
+    }
 #endif /* !MBEDTLS_RSA_ALT */
 
-    if( ilen != mbedtls_rsa_get_len( rsa ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen != mbedtls_rsa_get_len(rsa)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /* mbedtls_pk_write_key_der() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &mbedtls_rsa_info;
     key.pk_ctx = ctx;
-    key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
-    psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+    psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
 
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_import_key(&attributes,
+                            buf + sizeof(buf) - key_len, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
         goto cleanup;
     }
 
-    status = psa_asymmetric_decrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                     input, ilen,
-                                     NULL, 0,
-                                     output, osize, olen );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa_rsa( status );
+    status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+                                    input, ilen,
+                                    NULL, 0,
+                                    output, osize, olen);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_rsa(status);
         goto cleanup;
     }
 
     ret = 0;
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
 
-    return( ret );
+    return ret;
 }
 #else
-static int rsa_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_decrypt_wrap(void *ctx,
+                            const unsigned char *input, size_t ilen,
+                            unsigned char *output, size_t *olen, size_t osize,
+                            int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
 
-    if( ilen != mbedtls_rsa_get_len( rsa ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen != mbedtls_rsa_get_len(rsa)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
-                olen, input, output, osize ) );
+    return mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng,
+                                     olen, input, output, osize);
 }
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_encrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_encrypt_wrap(void *ctx,
+                            const unsigned char *input, size_t ilen,
+                            unsigned char *output, size_t *olen, size_t osize,
+                            int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -457,97 +467,101 @@
     ((void) p_rng);
 
 #if !defined(MBEDTLS_RSA_ALT)
-    if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
+        return MBEDTLS_ERR_RSA_INVALID_PADDING;
+    }
 #endif
 
-    if( mbedtls_rsa_get_len( rsa ) > osize )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+    if (mbedtls_rsa_get_len(rsa) > osize) {
+        return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+    }
 
     /* mbedtls_pk_write_pubkey_der() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &mbedtls_rsa_info;
     key.pk_ctx = ctx;
-    key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
-    psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+    psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
 
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_import_key(&attributes,
+                            buf + sizeof(buf) - key_len, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
         goto cleanup;
     }
 
-    status = psa_asymmetric_encrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                     input, ilen,
-                                     NULL, 0,
-                                     output, osize, olen );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa_rsa( status );
+    status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+                                    input, ilen,
+                                    NULL, 0,
+                                    output, osize, olen);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_rsa(status);
         goto cleanup;
     }
 
     ret = 0;
 
 cleanup:
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
 
-    return( ret );
+    return ret;
 }
 #else
-static int rsa_encrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_encrypt_wrap(void *ctx,
+                            const unsigned char *input, size_t ilen,
+                            unsigned char *output, size_t *olen, size_t osize,
+                            int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    *olen = mbedtls_rsa_get_len( rsa );
+    mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
+    *olen = mbedtls_rsa_get_len(rsa);
 
-    if( *olen > osize )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+    if (*olen > osize) {
+        return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+    }
 
-    return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
-                                       ilen, input, output ) );
+    return mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng,
+                                     ilen, input, output);
 }
 #endif
 
-static int rsa_check_pair_wrap( const void *pub, const void *prv,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng )
+static int rsa_check_pair_wrap(const void *pub, const void *prv,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng)
 {
     (void) f_rng;
     (void) p_rng;
-    return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
-                                (const mbedtls_rsa_context *) prv ) );
+    return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub,
+                                      (const mbedtls_rsa_context *) prv);
 }
 
-static void *rsa_alloc_wrap( void )
+static void *rsa_alloc_wrap(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
 
-    if( ctx != NULL )
-        mbedtls_rsa_init( (mbedtls_rsa_context *) ctx );
+    if (ctx != NULL) {
+        mbedtls_rsa_init((mbedtls_rsa_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void rsa_free_wrap( void *ctx )
+static void rsa_free_wrap(void *ctx)
 {
-    mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_rsa_free((mbedtls_rsa_context *) ctx);
+    mbedtls_free(ctx);
 }
 
-static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
+static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items)
 {
 #if defined(MBEDTLS_RSA_ALT)
     /* Not supported */
@@ -556,13 +570,13 @@
 #else
     items->type = MBEDTLS_PK_DEBUG_MPI;
     items->name = "rsa.N";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->N );
+    items->value = &(((mbedtls_rsa_context *) ctx)->N);
 
     items++;
 
     items->type = MBEDTLS_PK_DEBUG_MPI;
     items->name = "rsa.E";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->E );
+    items->value = &(((mbedtls_rsa_context *) ctx)->E);
 #endif
 }
 
@@ -594,78 +608,80 @@
 /*
  * Generic EC key
  */
-static int eckey_can_do( mbedtls_pk_type_t type )
+static int eckey_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH ||
-            type == MBEDTLS_PK_ECDSA );
+    return type == MBEDTLS_PK_ECKEY ||
+           type == MBEDTLS_PK_ECKEY_DH ||
+           type == MBEDTLS_PK_ECDSA;
 }
 
-static size_t eckey_get_bitlen( const void *ctx )
+static size_t eckey_get_bitlen(const void *ctx)
 {
-    return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
+    return ((mbedtls_ecp_keypair *) ctx)->grp.pbits;
 }
 
 #if defined(MBEDTLS_ECDSA_C)
 /* Forward declarations */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len );
+static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                             const unsigned char *hash, size_t hash_len,
+                             const unsigned char *sig, size_t sig_len);
 
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           unsigned char *sig, size_t sig_size, size_t *sig_len,
+                           int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
 
-static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
+static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                             const unsigned char *hash, size_t hash_len,
+                             const unsigned char *sig, size_t sig_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecdsa_context ecdsa;
 
-    mbedtls_ecdsa_init( &ecdsa );
+    mbedtls_ecdsa_init(&ecdsa);
 
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
+    if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
+        ret = ecdsa_verify_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len);
+    }
 
-    mbedtls_ecdsa_free( &ecdsa );
+    mbedtls_ecdsa_free(&ecdsa);
 
-    return( ret );
+    return ret;
 }
 
-static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           unsigned char *sig, size_t sig_size, size_t *sig_len,
+                           int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecdsa_context ecdsa;
 
-    mbedtls_ecdsa_init( &ecdsa );
+    mbedtls_ecdsa_init(&ecdsa);
 
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len,
-                               sig, sig_size, sig_len,
-                               f_rng, p_rng );
+    if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
+        ret = ecdsa_sign_wrap(&ecdsa, md_alg, hash, hash_len,
+                              sig, sig_size, sig_len,
+                              f_rng, p_rng);
+    }
 
-    mbedtls_ecdsa_free( &ecdsa );
+    mbedtls_ecdsa_free(&ecdsa);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /* Forward declarations */
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx );
+static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                                const unsigned char *hash, size_t hash_len,
+                                const unsigned char *sig, size_t sig_len,
+                                void *rs_ctx);
 
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                   void *rs_ctx );
+static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                              const unsigned char *hash, size_t hash_len,
+                              unsigned char *sig, size_t sig_size, size_t *sig_len,
+                              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                              void *rs_ctx);
 
 /*
  * Restart context for ECDSA operations with ECKEY context
@@ -673,123 +689,127 @@
  * We need to store an actual ECDSA context, as we need to pass the same to
  * the underlying ecdsa function, so we can't create it on the fly every time.
  */
-typedef struct
-{
+typedef struct {
     mbedtls_ecdsa_restart_ctx ecdsa_rs;
     mbedtls_ecdsa_context ecdsa_ctx;
 } eckey_restart_ctx;
 
-static void *eckey_rs_alloc( void )
+static void *eckey_rs_alloc(void)
 {
     eckey_restart_ctx *rs_ctx;
 
-    void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
+    void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx));
 
-    if( ctx != NULL )
-    {
+    if (ctx != NULL) {
         rs_ctx = ctx;
-        mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
-        mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
+        mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs);
+        mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx);
     }
 
-    return( ctx );
+    return ctx;
 }
 
-static void eckey_rs_free( void *ctx )
+static void eckey_rs_free(void *ctx)
 {
     eckey_restart_ctx *rs_ctx;
 
-    if( ctx == NULL)
+    if (ctx == NULL) {
         return;
+    }
 
     rs_ctx = ctx;
-    mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
-    mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
+    mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs);
+    mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx);
 
-    mbedtls_free( ctx );
+    mbedtls_free(ctx);
 }
 
-static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx )
+static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                                const unsigned char *hash, size_t hash_len,
+                                const unsigned char *sig, size_t sig_len,
+                                void *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     eckey_restart_ctx *rs = rs_ctx;
 
     /* Should never happen */
-    if( rs == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (rs == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
     /* set up our own sub-context if needed (that is, on first run) */
-    if( rs->ecdsa_ctx.grp.pbits == 0 )
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+    if (rs->ecdsa_ctx.grp.pbits == 0) {
+        MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+    }
 
-    MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
-                                           md_alg, hash, hash_len,
-                                           sig, sig_len, &rs->ecdsa_rs ) );
+    MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx,
+                                         md_alg, hash, hash_len,
+                                         sig, sig_len, &rs->ecdsa_rs));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
-static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                       void *rs_ctx )
+static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                              const unsigned char *hash, size_t hash_len,
+                              unsigned char *sig, size_t sig_size, size_t *sig_len,
+                              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                              void *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     eckey_restart_ctx *rs = rs_ctx;
 
     /* Should never happen */
-    if( rs == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (rs == NULL) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
     /* set up our own sub-context if needed (that is, on first run) */
-    if( rs->ecdsa_ctx.grp.pbits == 0 )
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
+    if (rs->ecdsa_ctx.grp.pbits == 0) {
+        MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
+    }
 
-    MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
-                                         hash, hash_len, sig, sig_size, sig_len,
-                                         f_rng, p_rng, &rs->ecdsa_rs ) );
+    MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg,
+                                       hash, hash_len, sig, sig_size, sig_len,
+                                       f_rng, p_rng, &rs->ecdsa_rs));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_ECDSA_C */
 
-static int eckey_check_pair( const void *pub, const void *prv,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
+static int eckey_check_pair(const void *pub, const void *prv,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
-    return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
-                                (const mbedtls_ecp_keypair *) prv,
-                                f_rng, p_rng ) );
+    return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
+                                      (const mbedtls_ecp_keypair *) prv,
+                                      f_rng, p_rng);
 }
 
-static void *eckey_alloc_wrap( void )
+static void *eckey_alloc_wrap(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
 
-    if( ctx != NULL )
-        mbedtls_ecp_keypair_init( ctx );
+    if (ctx != NULL) {
+        mbedtls_ecp_keypair_init(ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void eckey_free_wrap( void *ctx )
+static void eckey_free_wrap(void *ctx)
 {
-    mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx);
+    mbedtls_free(ctx);
 }
 
-static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
+static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items)
 {
     items->type = MBEDTLS_PK_DEBUG_ECP;
     items->name = "eckey.Q";
-    items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
+    items->value = &(((mbedtls_ecp_keypair *) ctx)->Q);
 }
 
 const mbedtls_pk_info_t mbedtls_eckey_info = {
@@ -823,10 +843,10 @@
 /*
  * EC key restricted to ECDH
  */
-static int eckeydh_can_do( mbedtls_pk_type_t type )
+static int eckeydh_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH );
+    return type == MBEDTLS_PK_ECKEY ||
+           type == MBEDTLS_PK_ECKEY_DH;
 }
 
 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
@@ -854,9 +874,9 @@
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_ECDSA_C)
-static int ecdsa_can_do( mbedtls_pk_type_t type )
+static int ecdsa_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_ECDSA );
+    return type == MBEDTLS_PK_ECDSA;
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -864,33 +884,32 @@
  * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
  * those integers and convert it to the fixed-length encoding expected by PSA.
  */
-static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
-                                  unsigned char *to, size_t to_len )
+static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end,
+                                 unsigned char *to, size_t to_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t unpadded_len, padding_len;
 
-    if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len,
+                                    MBEDTLS_ASN1_INTEGER)) != 0) {
+        return ret;
     }
 
-    while( unpadded_len > 0 && **from == 0x00 )
-    {
-        ( *from )++;
+    while (unpadded_len > 0 && **from == 0x00) {
+        (*from)++;
         unpadded_len--;
     }
 
-    if( unpadded_len > to_len || unpadded_len == 0 )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (unpadded_len > to_len || unpadded_len == 0) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
     padding_len = to_len - unpadded_len;
-    memset( to, 0x00, padding_len );
-    memcpy( to + padding_len, *from, unpadded_len );
-    ( *from ) += unpadded_len;
+    memset(to, 0x00, padding_len);
+    memcpy(to + padding_len, *from, unpadded_len);
+    (*from) += unpadded_len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -898,29 +917,32 @@
  * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
  * twice as big as int_size.
  */
-static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
-                              unsigned char *sig, size_t int_size )
+static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end,
+                             unsigned char *sig, size_t int_size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t tmp_size;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
 
     /* Extract r */
-    if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
-        return( ret );
+    if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) {
+        return ret;
+    }
     /* Extract s */
-    if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
-        return( ret );
+    if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
+static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
+                             const unsigned char *hash, size_t hash_len,
+                             const unsigned char *sig, size_t sig_len)
 {
     mbedtls_ecdsa_context *ctx = ctx_arg;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -935,88 +957,87 @@
     psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
     size_t curve_bits;
     psa_ecc_family_t curve =
-        mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
-    const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
+        mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
+    const size_t signature_part_size = (ctx->grp.nbits + 7) / 8;
     ((void) md_alg);
 
-    if( curve == 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (curve == 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
     /* mbedtls_pk_write_pubkey() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &pk_info;
     key.pk_ctx = ctx;
-    p = buf + sizeof( buf );
-    key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    p = buf + sizeof(buf);
+    key_len = mbedtls_pk_write_pubkey(&p, buf, &key);
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
-    psa_set_key_algorithm( &attributes, psa_sig_md );
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+    psa_set_key_algorithm(&attributes, psa_sig_md);
 
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_import_key(&attributes,
+                            buf + sizeof(buf) - key_len, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
         goto cleanup;
     }
 
     /* We don't need the exported key anymore and can
      * reuse its buffer for signature extraction. */
-    if( 2 * signature_part_size > sizeof( buf ) )
-    {
+    if (2 * signature_part_size > sizeof(buf)) {
         ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    p = (unsigned char*) sig;
-    if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
-                                   signature_part_size ) ) != 0 )
-    {
+    p = (unsigned char *) sig;
+    if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf,
+                                 signature_part_size)) != 0) {
         goto cleanup;
     }
 
-    status = psa_verify_hash( key_id, psa_sig_md,
-                              hash, hash_len,
-                              buf, 2 * signature_part_size );
-    if( status != PSA_SUCCESS )
-    {
-         ret = mbedtls_pk_error_from_psa_ecdsa( status );
-         goto cleanup;
+    status = psa_verify_hash(key_id, psa_sig_md,
+                             hash, hash_len,
+                             buf, 2 * signature_part_size);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_ecdsa(status);
+        goto cleanup;
     }
 
-    if( p != sig + sig_len )
-    {
+    if (p != sig + sig_len) {
         ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
         goto cleanup;
     }
     ret = 0;
 
 cleanup:
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
 
-    return( ret );
+    return ret;
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
+static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                             const unsigned char *hash, size_t hash_len,
+                             const unsigned char *sig, size_t sig_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) md_alg);
 
-    ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
-                                hash, hash_len, sig, sig_len );
+    ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx,
+                                       hash, hash_len, sig, sig_len);
 
-    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+    if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
+        return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -1030,48 +1051,49 @@
  * start: start of the output buffer, and also of the mpi to write at the end
  * n_len: length of the mpi to read from start
  */
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
-                              size_t n_len )
+static int asn1_write_mpibuf(unsigned char **p, unsigned char *start,
+                             size_t n_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( (size_t)( *p - start ) < n_len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if ((size_t) (*p - start) < n_len) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = n_len;
     *p -= len;
-    memmove( *p, start, len );
+    memmove(*p, start, len);
 
     /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
      * Neither r nor s should be 0, but as a failsafe measure, still detect
      * that rather than overflowing the buffer in case of a PSA error. */
-    while( len > 0 && **p == 0x00 )
-    {
+    while (len > 0 && **p == 0x00) {
         ++(*p);
         --len;
     }
 
     /* this is only reached if the signature was invalid */
-    if( len == 0 )
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    if (len == 0) {
+        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+    }
 
     /* if the msb is 1, ASN.1 requires that we prepend a 0.
      * Neither r nor s can be 0, so we can assume len > 0 at all times. */
-    if( **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (**p & 0x80) {
+        if (*p - start < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
         *--(*p) = 0x00;
         len += 1;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                                MBEDTLS_ASN1_INTEGER ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                     MBEDTLS_ASN1_INTEGER));
 
-    return( (int) len );
+    return (int) len;
 }
 
 /* Transcode signature from PSA format to ASN.1 sequence.
@@ -1082,25 +1104,26 @@
  * [in/out] sig_len: signature length pre- and post-transcoding
  * [int] buf_len: the available size the in/out buffer
  */
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
-                                       size_t buf_len )
+static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len,
+                                      size_t buf_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     const size_t rs_len = *sig_len / 2;
     unsigned char *p = sig + buf_len;
 
-    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len));
+    MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
-                          MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    memmove( sig, p, len );
+    memmove(sig, p, len);
     *sig_len = len;
 
-    return( 0 );
+    return 0;
 }
 
 /* Locate an ECDSA privateKey in a RFC 5915, or SEC1 Appendix C.4 ASN.1 buffer
@@ -1109,8 +1132,8 @@
  * [in] end: ASN.1 buffer end
  * [out] key_len: the ECDSA privateKey length in bytes
  */
-static int find_ecdsa_private_key( unsigned char **buf, unsigned char *end,
-                                   size_t *key_len )
+static int find_ecdsa_private_key(unsigned char **buf, unsigned char *end,
+                                  size_t *key_len)
 {
     size_t len;
     int ret;
@@ -1126,32 +1149,35 @@
      *    }
      */
 
-    if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
-                                      MBEDTLS_ASN1_CONSTRUCTED |
-                                      MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(buf, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED |
+                                    MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
 
     /* version */
-    if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(buf, end, &len,
+                                    MBEDTLS_ASN1_INTEGER)) != 0) {
+        return ret;
+    }
 
     *buf += len;
 
     /* privateKey */
-    if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
-                                      MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(buf, end, &len,
+                                    MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return ret;
+    }
 
     *key_len = len;
 
     return 0;
 }
 
-static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           unsigned char *sig, size_t sig_size, size_t *sig_len,
+                           int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     mbedtls_ecdsa_context *ctx = ctx_arg;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1162,145 +1188,150 @@
     size_t key_len;
     unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES];
     unsigned char *p;
-    psa_algorithm_t psa_hash = mbedtls_hash_info_psa_from_md( md_alg );
+    psa_algorithm_t psa_hash = mbedtls_hash_info_psa_from_md(md_alg);
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA( psa_hash );
+    psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(psa_hash);
 #else
-    psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( psa_hash );
+    psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA(psa_hash);
 #endif
     size_t curve_bits;
     psa_ecc_family_t curve =
-        mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
+        mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
 
     /* PSA has its own RNG */
     ((void) f_rng);
     ((void) p_rng);
 
-    if( curve == 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (curve == 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
     /* mbedtls_pk_write_key_der() expects a full PK context;
      * re-construct one to make it happy */
     key.pk_info = &mbedtls_eckey_info;
     key.pk_ctx = ctx;
-    key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
+    if (key_len <= 0) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 
-    p = buf + sizeof( buf ) - key_len;
-    ret = find_ecdsa_private_key( &p, buf + sizeof( buf ), &key_len );
-    if( ret != 0 )
-        goto cleanup;
-
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( curve ) );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
-    psa_set_key_algorithm( &attributes, psa_sig_md );
-
-    status = psa_import_key( &attributes,
-                             p, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_pk_error_from_psa( status );
+    p = buf + sizeof(buf) - key_len;
+    ret = find_ecdsa_private_key(&p, buf + sizeof(buf), &key_len);
+    if (ret != 0) {
         goto cleanup;
     }
 
-    status = psa_sign_hash( key_id, psa_sig_md, hash, hash_len,
-                            sig, sig_size, sig_len );
-    if( status != PSA_SUCCESS )
-    {
-         ret = mbedtls_pk_error_from_psa_ecdsa( status );
-         goto cleanup;
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+    psa_set_key_algorithm(&attributes, psa_sig_md);
+
+    status = psa_import_key(&attributes,
+                            p, key_len,
+                            &key_id);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+        goto cleanup;
     }
 
-    ret = pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size );
+    status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
+                           sig, sig_size, sig_len);
+    if (status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa_ecdsa(status);
+        goto cleanup;
+    }
+
+    ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size);
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    status = psa_destroy_key( key_id );
-    if( ret == 0 && status != PSA_SUCCESS )
-        ret = mbedtls_pk_error_from_psa( status );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    status = psa_destroy_key(key_id);
+    if (ret == 0 && status != PSA_SUCCESS) {
+        ret = mbedtls_pk_error_from_psa(status);
+    }
 
-    return( ret );
+    return ret;
 }
 #else
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hash_len,
+                           unsigned char *sig, size_t sig_size, size_t *sig_len,
+                           int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
-    return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
-                                           md_alg, hash, hash_len,
-                                           sig, sig_size, sig_len,
-                                           f_rng, p_rng ) );
+    return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx,
+                                         md_alg, hash, hash_len,
+                                         sig, sig_size, sig_len,
+                                         f_rng, p_rng);
 }
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx )
+static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                                const unsigned char *hash, size_t hash_len,
+                                const unsigned char *sig, size_t sig_len,
+                                void *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) md_alg);
 
     ret = mbedtls_ecdsa_read_signature_restartable(
-            (mbedtls_ecdsa_context *) ctx,
-            hash, hash_len, sig, sig_len,
-            (mbedtls_ecdsa_restart_ctx *) rs_ctx );
+        (mbedtls_ecdsa_context *) ctx,
+        hash, hash_len, sig, sig_len,
+        (mbedtls_ecdsa_restart_ctx *) rs_ctx);
 
-    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+    if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
+        return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
+    }
 
-    return( ret );
+    return ret;
 }
 
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                   void *rs_ctx )
+static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                              const unsigned char *hash, size_t hash_len,
+                              unsigned char *sig, size_t sig_size, size_t *sig_len,
+                              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                              void *rs_ctx)
 {
-    return( mbedtls_ecdsa_write_signature_restartable(
-                (mbedtls_ecdsa_context *) ctx,
-                md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng,
-                (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
+    return mbedtls_ecdsa_write_signature_restartable(
+        (mbedtls_ecdsa_context *) ctx,
+        md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng,
+        (mbedtls_ecdsa_restart_ctx *) rs_ctx);
 
 }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-static void *ecdsa_alloc_wrap( void )
+static void *ecdsa_alloc_wrap(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context));
 
-    if( ctx != NULL )
-        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
+    if (ctx != NULL) {
+        mbedtls_ecdsa_init((mbedtls_ecdsa_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void ecdsa_free_wrap( void *ctx )
+static void ecdsa_free_wrap(void *ctx)
 {
-    mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
-    mbedtls_free( ctx );
+    mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx);
+    mbedtls_free(ctx);
 }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-static void *ecdsa_rs_alloc( void )
+static void *ecdsa_rs_alloc(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx));
 
-    if( ctx != NULL )
-        mbedtls_ecdsa_restart_init( ctx );
+    if (ctx != NULL) {
+        mbedtls_ecdsa_restart_init(ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void ecdsa_rs_free( void *ctx )
+static void ecdsa_rs_free(void *ctx)
 {
-    mbedtls_ecdsa_restart_free( ctx );
-    mbedtls_free( ctx );
+    mbedtls_ecdsa_restart_free(ctx);
+    mbedtls_free(ctx);
 }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
@@ -1333,104 +1364,108 @@
  * Support for alternative RSA-private implementations
  */
 
-static int rsa_alt_can_do( mbedtls_pk_type_t type )
+static int rsa_alt_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_RSA );
+    return type == MBEDTLS_PK_RSA;
 }
 
-static size_t rsa_alt_get_bitlen( const void *ctx )
+static size_t rsa_alt_get_bitlen(const void *ctx)
 {
     const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
 
-    return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
+    return 8 * rsa_alt->key_len_func(rsa_alt->key);
 }
 
-static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                             const unsigned char *hash, size_t hash_len,
+                             unsigned char *sig, size_t sig_size, size_t *sig_len,
+                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
 
 #if SIZE_MAX > UINT_MAX
-    if( UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    if (UINT_MAX < hash_len) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif /* SIZE_MAX > UINT_MAX */
 
-    *sig_len = rsa_alt->key_len_func( rsa_alt->key );
-    if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    if( *sig_len > sig_size )
-        return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+    *sig_len = rsa_alt->key_len_func(rsa_alt->key);
+    if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+    if (*sig_len > sig_size) {
+        return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+    }
 
-    return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng,
-                md_alg, (unsigned int) hash_len, hash, sig ) );
+    return rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng,
+                              md_alg, (unsigned int) hash_len, hash, sig);
 }
 
-static int rsa_alt_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_alt_decrypt_wrap(void *ctx,
+                                const unsigned char *input, size_t ilen,
+                                unsigned char *output, size_t *olen, size_t osize,
+                                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
 
     ((void) f_rng);
     ((void) p_rng);
 
-    if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen != rsa_alt->key_len_func(rsa_alt->key)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    return( rsa_alt->decrypt_func( rsa_alt->key,
-                olen, input, output, osize ) );
+    return rsa_alt->decrypt_func(rsa_alt->key,
+                                 olen, input, output, osize);
 }
 
 #if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+static int rsa_alt_check_pair(const void *pub, const void *prv,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
     unsigned char hash[32];
     size_t sig_len = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    memset( hash, 0x2a, sizeof( hash ) );
-
-    if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
-                                   hash, sizeof( hash ),
-                                   sig, sizeof( sig ), &sig_len,
-                                   f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
+    if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
-                         hash, sizeof( hash ), sig, sig_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    memset(hash, 0x2a, sizeof(hash));
+
+    if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE,
+                                 hash, sizeof(hash),
+                                 sig, sizeof(sig), &sig_len,
+                                 f_rng, p_rng)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE,
+                        hash, sizeof(hash), sig, sig_len) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+    }
+
+    return 0;
 }
 #endif /* MBEDTLS_RSA_C */
 
-static void *rsa_alt_alloc_wrap( void )
+static void *rsa_alt_alloc_wrap(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context));
 
-    if( ctx != NULL )
-        memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
+    if (ctx != NULL) {
+        memset(ctx, 0, sizeof(mbedtls_rsa_alt_context));
+    }
 
-    return( ctx );
+    return ctx;
 }
 
-static void rsa_alt_free_wrap( void *ctx )
+static void rsa_alt_free_wrap(void *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
-    mbedtls_free( ctx );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context));
+    mbedtls_free(ctx);
 }
 
 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
@@ -1464,51 +1499,52 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
-static void *pk_opaque_alloc_wrap( void )
+static void *pk_opaque_alloc_wrap(void)
 {
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_svc_key_id_t ) );
+    void *ctx = mbedtls_calloc(1, sizeof(mbedtls_svc_key_id_t));
 
     /* no _init() function to call, as calloc() already zeroized */
 
-    return( ctx );
+    return ctx;
 }
 
-static void pk_opaque_free_wrap( void *ctx )
+static void pk_opaque_free_wrap(void *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_svc_key_id_t ) );
-    mbedtls_free( ctx );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_svc_key_id_t));
+    mbedtls_free(ctx);
 }
 
-static size_t pk_opaque_get_bitlen( const void *ctx )
+static size_t pk_opaque_get_bitlen(const void *ctx)
 {
     const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
     size_t bits;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-    if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
-        return( 0 );
+    if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) {
+        return 0;
+    }
 
-    bits = psa_get_key_bits( &attributes );
-    psa_reset_key_attributes( &attributes );
-    return( bits );
+    bits = psa_get_key_bits(&attributes);
+    psa_reset_key_attributes(&attributes);
+    return bits;
 }
 
-static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type )
+static int pk_opaque_ecdsa_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECDSA );
+    return type == MBEDTLS_PK_ECKEY ||
+           type == MBEDTLS_PK_ECDSA;
 }
 
-static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
+static int pk_opaque_rsa_can_do(mbedtls_pk_type_t type)
 {
-    return( type == MBEDTLS_PK_RSA ||
-            type == MBEDTLS_PK_RSASSA_PSS );
+    return type == MBEDTLS_PK_RSA ||
+           type == MBEDTLS_PK_RSASSA_PSS;
 }
 
-static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t sig_size, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
+                               const unsigned char *hash, size_t hash_len,
+                               unsigned char *sig, size_t sig_size, size_t *sig_len,
+                               int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
 #if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C)
     ((void) ctx);
@@ -1520,7 +1556,7 @@
     ((void) sig_len);
     ((void) f_rng);
     ((void) p_rng);
-    return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 #else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
     const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1532,47 +1568,48 @@
     (void) f_rng;
     (void) p_rng;
 
-    status = psa_get_key_attributes( *key, &attributes );
-    if( status != PSA_SUCCESS )
-        return( mbedtls_pk_error_from_psa( status ) );
+    status = psa_get_key_attributes(*key, &attributes);
+    if (status != PSA_SUCCESS) {
+        return mbedtls_pk_error_from_psa(status);
+    }
 
-    type = psa_get_key_type( &attributes );
-    psa_reset_key_attributes( &attributes );
+    type = psa_get_key_type(&attributes);
+    psa_reset_key_attributes(&attributes);
 
 #if defined(MBEDTLS_ECDSA_C)
-    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
-        alg = PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );
-    else
+    if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
+        alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+    } else
 #endif /* MBEDTLS_ECDSA_C */
 #if defined(MBEDTLS_RSA_C)
-    if( PSA_KEY_TYPE_IS_RSA( type ) )
-        alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) );
-    else
+    if (PSA_KEY_TYPE_IS_RSA(type)) {
+        alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+    } else
 #endif /* MBEDTLS_RSA_C */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 
     /* make the signature */
-    status = psa_sign_hash( *key, alg, hash, hash_len,
-                            sig, sig_size, sig_len );
-    if( status != PSA_SUCCESS )
-    {
+    status = psa_sign_hash(*key, alg, hash, hash_len,
+                           sig, sig_size, sig_len);
+    if (status != PSA_SUCCESS) {
 #if defined(MBEDTLS_ECDSA_C)
-        if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
-            return( mbedtls_pk_error_from_psa_ecdsa( status ) );
-        else
+        if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
+            return mbedtls_pk_error_from_psa_ecdsa(status);
+        } else
 #endif /* MBEDTLS_ECDSA_C */
 #if defined(MBEDTLS_RSA_C)
-        if( PSA_KEY_TYPE_IS_RSA( type ) )
-            return( mbedtls_pk_error_from_psa_rsa( status ) );
-        else
+        if (PSA_KEY_TYPE_IS_RSA(type)) {
+            return mbedtls_pk_error_from_psa_rsa(status);
+        } else
 #endif /* MBEDTLS_RSA_C */
-            return( mbedtls_pk_error_from_psa( status ) );
+        return mbedtls_pk_error_from_psa(status);
     }
 
 #if defined(MBEDTLS_ECDSA_C)
-    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+    if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
         /* transcode it to ASN.1 sequence */
-        return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
+        return pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size);
+    }
 #endif /* MBEDTLS_ECDSA_C */
 
     return 0;
@@ -1603,10 +1640,10 @@
 };
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-static int pk_opaque_rsa_decrypt( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int pk_opaque_rsa_decrypt(void *ctx,
+                                 const unsigned char *input, size_t ilen,
+                                 unsigned char *output, size_t *olen, size_t osize,
+                                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
     psa_status_t status;
@@ -1615,13 +1652,12 @@
     (void) f_rng;
     (void) p_rng;
 
-    status = psa_asymmetric_decrypt( *key, PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                     input, ilen,
-                                     NULL, 0,
-                                     output, osize, olen );
-    if( status != PSA_SUCCESS )
-    {
-        return( mbedtls_pk_error_from_psa_rsa( status ) );
+    status = psa_asymmetric_decrypt(*key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+                                    input, ilen,
+                                    NULL, 0,
+                                    output, osize, olen);
+    if (status != PSA_SUCCESS) {
+        return mbedtls_pk_error_from_psa_rsa(status);
     }
 
     return 0;
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index fc756db..67d0989 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -31,8 +31,7 @@
 #include "psa/crypto.h"
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
-struct mbedtls_pk_info_t
-{
+struct mbedtls_pk_info_t {
     /** Public key type */
     mbedtls_pk_type_t type;
 
@@ -40,77 +39,76 @@
     const char *name;
 
     /** Get key size in bits */
-    size_t (*get_bitlen)( const void * );
+    size_t (*get_bitlen)(const void *);
 
     /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
-    int (*can_do)( mbedtls_pk_type_t type );
+    int (*can_do)(mbedtls_pk_type_t type);
 
     /** Verify signature */
-    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
-                        const unsigned char *hash, size_t hash_len,
-                        const unsigned char *sig, size_t sig_len );
+    int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
+                       const unsigned char *sig, size_t sig_len);
 
     /** Make signature */
-    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
-                      const unsigned char *hash, size_t hash_len,
-                      unsigned char *sig, size_t sig_size, size_t *sig_len,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
+    int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg,
+                     const unsigned char *hash, size_t hash_len,
+                     unsigned char *sig, size_t sig_size, size_t *sig_len,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /** Verify signature (restartable) */
-    int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hash_len,
-                           const unsigned char *sig, size_t sig_len,
-                           void *rs_ctx );
+    int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+                          const unsigned char *hash, size_t hash_len,
+                          const unsigned char *sig, size_t sig_len,
+                          void *rs_ctx);
 
     /** Make signature (restartable) */
-    int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
-                         const unsigned char *hash, size_t hash_len,
-                         unsigned char *sig, size_t sig_size, size_t *sig_len,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng, void *rs_ctx );
+    int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        unsigned char *sig, size_t sig_size, size_t *sig_len,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng, void *rs_ctx);
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
     /** Decrypt message */
-    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
+    int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+                        unsigned char *output, size_t *olen, size_t osize,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng);
 
     /** Encrypt message */
-    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
+    int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen,
+                        unsigned char *output, size_t *olen, size_t osize,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng);
 
     /** Check public-private key pair */
-    int (*check_pair_func)( const void *pub, const void *prv,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
+    int (*check_pair_func)(const void *pub, const void *prv,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng);
 
     /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
+    void * (*ctx_alloc_func)(void);
 
     /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
+    void (*ctx_free_func)(void *ctx);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /** Allocate the restart context */
-    void * (*rs_alloc_func)( void );
+    void *(*rs_alloc_func)(void);
 
     /** Free the restart context */
-    void (*rs_free_func)( void *rs_ctx );
+    void (*rs_free_func)(void *rs_ctx);
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
     /** Interface with the debug module */
-    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+    void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items);
 
 };
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /* Container for RSA-alt */
-typedef struct
-{
+typedef struct {
     void *key;
     mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
     mbedtls_pk_rsa_alt_sign_func sign_func;
@@ -140,25 +138,25 @@
 extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
 
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
+int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
 #endif
 
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
-int mbedtls_pk_error_from_psa( psa_status_t status );
+int mbedtls_pk_error_from_psa(psa_status_t status);
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
+int mbedtls_pk_error_from_psa_rsa(psa_status_t status);
 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
 
 #if defined(MBEDTLS_RSA_C)
-int  mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
-                                  mbedtls_rsa_context *rsa_ctx,
-                                  const unsigned char *hash, size_t hash_len,
-                                  unsigned char *sig, size_t sig_size,
-                                  size_t *sig_len );
+int  mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
+                                 mbedtls_rsa_context *rsa_ctx,
+                                 const unsigned char *hash, size_t hash_len,
+                                 unsigned char *sig, size_t sig_size,
+                                 size_t *sig_len);
 #endif /* MBEDTLS_RSA_C */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index f335079..f5ab742 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -44,8 +44,8 @@
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 
-static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
-                                    mbedtls_asn1_buf *salt, int *iterations )
+static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params,
+                                   mbedtls_asn1_buf *salt, int *iterations)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char **p = &params->p;
@@ -58,77 +58,83 @@
      *  }
      *
      */
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
+    }
 
     salt->p = *p;
     *p += salt->len;
 
-    if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(p, end, iterations)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret);
+    }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #define PKCS12_MAX_PWDLEN 128
 
-static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
-                                     const unsigned char *pwd,  size_t pwdlen,
-                                     unsigned char *key, size_t keylen,
-                                     unsigned char *iv,  size_t ivlen )
+static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
+                                    const unsigned char *pwd,  size_t pwdlen,
+                                    unsigned char *key, size_t keylen,
+                                    unsigned char *iv,  size_t ivlen)
 {
     int ret, iterations = 0;
     mbedtls_asn1_buf salt;
     size_t i;
     unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
 
-    if( pwdlen > PKCS12_MAX_PWDLEN )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+    if (pwdlen > PKCS12_MAX_PWDLEN) {
+        return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+    }
 
-    memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
-    memset( &unipwd, 0, sizeof(unipwd) );
+    memset(&salt, 0, sizeof(mbedtls_asn1_buf));
+    memset(&unipwd, 0, sizeof(unipwd));
 
-    if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
-                                         &iterations ) ) != 0 )
-        return( ret );
+    if ((ret = pkcs12_parse_pbe_params(pbe_params, &salt,
+                                       &iterations)) != 0) {
+        return ret;
+    }
 
-    for( i = 0; i < pwdlen; i++ )
+    for (i = 0; i < pwdlen; i++) {
         unipwd[i * 2 + 1] = pwd[i];
-
-    if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
-    {
-        return( ret );
     }
 
-    if( iv == NULL || ivlen == 0 )
-        return( 0 );
-
-    if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pkcs12_derivation(key, keylen, unipwd, pwdlen * 2 + 2,
+                                         salt.p, salt.len, md_type,
+                                         MBEDTLS_PKCS12_DERIVE_KEY, iterations)) != 0) {
+        return ret;
     }
-    return( 0 );
+
+    if (iv == NULL || ivlen == 0) {
+        return 0;
+    }
+
+    if ((ret = mbedtls_pkcs12_derivation(iv, ivlen, unipwd, pwdlen * 2 + 2,
+                                         salt.p, salt.len, md_type,
+                                         MBEDTLS_PKCS12_DERIVE_IV, iterations)) != 0) {
+        return ret;
+    }
+    return 0;
 }
 
 #undef PKCS12_MAX_PWDLEN
 
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *data, size_t len,
-                unsigned char *output )
+int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+                       mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+                       const unsigned char *pwd,  size_t pwdlen,
+                       const unsigned char *data, size_t len,
+                       unsigned char *output)
 {
     int ret, keylen = 0;
     unsigned char key[32];
@@ -137,73 +143,76 @@
     mbedtls_cipher_context_t cipher_ctx;
     size_t olen = 0;
 
-    if( pwd == NULL && pwdlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+    if (pwd == NULL && pwdlen != 0) {
+        return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+    }
 
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+    cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+    }
 
     keylen = cipher_info->key_bitlen / 8;
 
-    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
-                                          key, keylen,
-                                          iv, cipher_info->iv_size ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
+                                        key, keylen,
+                                        iv, cipher_info->iv_size)) != 0) {
+        return ret;
     }
 
-    mbedtls_cipher_init( &cipher_ctx );
+    mbedtls_cipher_init(&cipher_ctx);
 
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
-                                output, &olen ) ) != 0 )
-    {
+    if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
         goto exit;
     }
 
-    if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+    if ((ret =
+             mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+                                   (mbedtls_operation_t) mode)) != 0) {
+        goto exit;
+    }
+
+    if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
+        goto exit;
+    }
+
+    if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) {
+        goto exit;
+    }
+
+    if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len,
+                                     output, &olen)) != 0) {
+        goto exit;
+    }
+
+    if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) {
         ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
+    }
 
 exit:
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-    mbedtls_platform_zeroize( iv,  sizeof( iv  ) );
-    mbedtls_cipher_free( &cipher_ctx );
+    mbedtls_platform_zeroize(key, sizeof(key));
+    mbedtls_platform_zeroize(iv,  sizeof(iv));
+    mbedtls_cipher_free(&cipher_ctx);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
-static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
-                                const unsigned char *filler, size_t fill_len )
+static void pkcs12_fill_buffer(unsigned char *data, size_t data_len,
+                               const unsigned char *filler, size_t fill_len)
 {
     unsigned char *p = data;
     size_t use_len;
 
-    if( filler != NULL && fill_len != 0 )
-    {
-        while( data_len > 0 )
-        {
-            use_len = ( data_len > fill_len ) ? fill_len : data_len;
-            memcpy( p, filler, use_len );
+    if (filler != NULL && fill_len != 0) {
+        while (data_len > 0) {
+            use_len = (data_len > fill_len) ? fill_len : data_len;
+            memcpy(p, filler, use_len);
             p += use_len;
             data_len -= use_len;
         }
-    }
-    else
-    {
+    } else {
         /* If either of the above are not true then clearly there is nothing
          * that this function can do. The function should *not* be called
          * under either of those circumstances, as you could end up with an
@@ -213,117 +222,127 @@
 }
 
 
-static int calculate_hashes( mbedtls_md_type_t md_type, int iterations,
-    unsigned char *diversifier, unsigned char *salt_block,
-    unsigned char *pwd_block, unsigned char *hash_output, int use_salt,
-    int use_password, size_t hlen, size_t v )
+static int calculate_hashes(mbedtls_md_type_t md_type, int iterations,
+                            unsigned char *diversifier, unsigned char *salt_block,
+                            unsigned char *pwd_block, unsigned char *hash_output, int use_salt,
+                            int use_password, size_t hlen, size_t v)
 {
 #if defined(MBEDTLS_MD_C)
     int ret = -1;
     size_t i;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
-    md_info = mbedtls_md_info_from_type( md_type );
-    if( md_info == NULL )
-        return ( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+    md_info = mbedtls_md_info_from_type(md_type);
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+    }
 
-    mbedtls_md_init( &md_ctx );
+    mbedtls_md_init(&md_ctx);
 
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        return ( ret );
+    if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
+        return ret;
+    }
     // Calculate hash( diversifier || salt_block || pwd_block )
-    if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+    if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
         goto exit;
-
-    if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
-        goto exit;
-
-    if( use_salt != 0 )
-    {
-        if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
-            goto exit;
     }
 
-    if( use_password != 0 )
-    {
-        if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
-            goto exit;
+    if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) {
+        goto exit;
     }
 
-    if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
+    if (use_salt != 0) {
+        if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) {
+            goto exit;
+        }
+    }
+
+    if (use_password != 0) {
+        if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) {
+            goto exit;
+        }
+    }
+
+    if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) {
         goto exit;
+    }
 
     // Perform remaining ( iterations - 1 ) recursive hash calculations
-    for( i = 1; i < (size_t) iterations; i++ )
-    {
-        if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) )
-            != 0 )
+    for (i = 1; i < (size_t) iterations; i++) {
+        if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output))
+            != 0) {
             goto exit;
+        }
     }
 
 exit:
-    mbedtls_md_free( &md_ctx );
+    mbedtls_md_free(&md_ctx);
     return ret;
 #else
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
-    psa_algorithm_t alg = mbedtls_psa_translate_md( md_type );
+    psa_algorithm_t alg = mbedtls_psa_translate_md(md_type);
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t status_abort = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t i, out_len, out_size = PSA_HASH_LENGTH( alg );
+    size_t i, out_len, out_size = PSA_HASH_LENGTH(alg);
 
-    if( alg == PSA_ALG_NONE )
-        return ( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+    if (alg == PSA_ALG_NONE) {
+        return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
+    }
 
-    if( ( status = psa_hash_setup( &op, alg ) ) != PSA_SUCCESS )
+    if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
         goto exit;
+    }
 
     // Calculate hash( diversifier || salt_block || pwd_block )
-    if( ( status = psa_hash_update( &op, diversifier, v ) ) != PSA_SUCCESS )
+    if ((status = psa_hash_update(&op, diversifier, v)) != PSA_SUCCESS) {
         goto exit;
-
-    if( use_salt != 0 )
-    {
-        if( ( status = psa_hash_update( &op, salt_block, v ) ) != PSA_SUCCESS )
-            goto exit;
     }
 
-    if( use_password != 0 )
-    {
-        if( ( status = psa_hash_update( &op, pwd_block, v ) ) != PSA_SUCCESS )
+    if (use_salt != 0) {
+        if ((status = psa_hash_update(&op, salt_block, v)) != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
-    if( ( status = psa_hash_finish( &op, hash_output, out_size, &out_len ) )
-        != PSA_SUCCESS )
+    if (use_password != 0) {
+        if ((status = psa_hash_update(&op, pwd_block, v)) != PSA_SUCCESS) {
+            goto exit;
+        }
+    }
+
+    if ((status = psa_hash_finish(&op, hash_output, out_size, &out_len))
+        != PSA_SUCCESS) {
         goto exit;
+    }
 
     // Perform remaining ( iterations - 1 ) recursive hash calculations
-    for( i = 1; i < (size_t) iterations; i++ )
-    {
-        if( ( status = psa_hash_compute( alg, hash_output, hlen, hash_output,
-            out_size, &out_len ) ) != PSA_SUCCESS )
+    for (i = 1; i < (size_t) iterations; i++) {
+        if ((status = psa_hash_compute(alg, hash_output, hlen, hash_output,
+                                       out_size, &out_len)) != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
 exit:
-    status_abort = psa_hash_abort( &op );
-    if( status == PSA_SUCCESS )
+    status_abort = psa_hash_abort(&op);
+    if (status == PSA_SUCCESS) {
         status = status_abort;
-    return ( mbedtls_md_error_from_psa( status ) );
+    }
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
 
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t md_type, int id, int iterations )
+int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
+                              const unsigned char *pwd, size_t pwdlen,
+                              const unsigned char *salt, size_t saltlen,
+                              mbedtls_md_type_t md_type, int id, int iterations)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned int j;
 
     unsigned char diversifier[128];
-    unsigned char salt_block[128], pwd_block[128], hash_block[128] = {0};
+    unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
     unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
     unsigned char *p;
     unsigned char c;
@@ -333,84 +352,83 @@
     size_t hlen, use_len, v, i;
 
     // This version only allows max of 64 bytes of password or salt
-    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    if( pwd == NULL && pwdlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    if( salt == NULL && saltlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    use_password = ( pwd && pwdlen != 0 );
-    use_salt = ( salt && saltlen != 0 );
-
-    hlen = mbedtls_hash_info_get_size( md_type );
-
-    if( hlen <= 32 )
-        v = 64;
-    else
-        v = 128;
-
-    memset( diversifier, (unsigned char) id, v );
-
-    if( use_salt != 0 )
-    {
-        pkcs12_fill_buffer( salt_block, v, salt, saltlen );
+    if (datalen > 128 || pwdlen > 64 || saltlen > 64) {
+        return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
     }
 
-    if( use_password != 0 )
-    {
-        pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );
+    if (pwd == NULL && pwdlen != 0) {
+        return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+    }
+
+    if (salt == NULL && saltlen != 0) {
+        return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA;
+    }
+
+    use_password = (pwd && pwdlen != 0);
+    use_salt = (salt && saltlen != 0);
+
+    hlen = mbedtls_hash_info_get_size(md_type);
+
+    if (hlen <= 32) {
+        v = 64;
+    } else {
+        v = 128;
+    }
+
+    memset(diversifier, (unsigned char) id, v);
+
+    if (use_salt != 0) {
+        pkcs12_fill_buffer(salt_block, v, salt, saltlen);
+    }
+
+    if (use_password != 0) {
+        pkcs12_fill_buffer(pwd_block,  v, pwd,  pwdlen);
     }
 
     p = data;
-    while( datalen > 0 )
-    {
-        if( calculate_hashes( md_type, iterations, diversifier, salt_block,
-            pwd_block, hash_output, use_salt, use_password, hlen,
-            v ) != 0 )
-        {
+    while (datalen > 0) {
+        if (calculate_hashes(md_type, iterations, diversifier, salt_block,
+                             pwd_block, hash_output, use_salt, use_password, hlen,
+                             v) != 0) {
             goto exit;
         }
 
-        use_len = ( datalen > hlen ) ? hlen : datalen;
-        memcpy( p, hash_output, use_len );
+        use_len = (datalen > hlen) ? hlen : datalen;
+        memcpy(p, hash_output, use_len);
         datalen -= use_len;
         p += use_len;
 
-        if( datalen == 0 )
+        if (datalen == 0) {
             break;
+        }
 
         // Concatenating copies of hash_output into hash_block (B)
-        pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
+        pkcs12_fill_buffer(hash_block, v, hash_output, hlen);
 
         // B += 1
-        for( i = v; i > 0; i-- )
-            if( ++hash_block[i - 1] != 0 )
+        for (i = v; i > 0; i--) {
+            if (++hash_block[i - 1] != 0) {
                 break;
-
-        if( use_salt != 0 )
-        {
-            // salt_block += B
-            c = 0;
-            for( i = v; i > 0; i-- )
-            {
-                j = salt_block[i - 1] + hash_block[i - 1] + c;
-                c = MBEDTLS_BYTE_1( j );
-                salt_block[i - 1] = MBEDTLS_BYTE_0( j );
             }
         }
 
-        if( use_password != 0 )
-        {
+        if (use_salt != 0) {
+            // salt_block += B
+            c = 0;
+            for (i = v; i > 0; i--) {
+                j = salt_block[i - 1] + hash_block[i - 1] + c;
+                c = MBEDTLS_BYTE_1(j);
+                salt_block[i - 1] = MBEDTLS_BYTE_0(j);
+            }
+        }
+
+        if (use_password != 0) {
             // pwd_block  += B
             c = 0;
-            for( i = v; i > 0; i-- )
-            {
+            for (i = v; i > 0; i--) {
                 j = pwd_block[i - 1] + hash_block[i - 1] + c;
-                c = MBEDTLS_BYTE_1( j );
-                pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
+                c = MBEDTLS_BYTE_1(j);
+                pwd_block[i - 1] = MBEDTLS_BYTE_0(j);
             }
         }
     }
@@ -418,12 +436,12 @@
     ret = 0;
 
 exit:
-    mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
-    mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
-    mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
-    mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
+    mbedtls_platform_zeroize(salt_block, sizeof(salt_block));
+    mbedtls_platform_zeroize(pwd_block, sizeof(pwd_block));
+    mbedtls_platform_zeroize(hash_block, sizeof(hash_block));
+    mbedtls_platform_zeroize(hash_output, sizeof(hash_output));
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_PKCS12_C */
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 1e3b17e..4e71dd3 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -48,18 +48,19 @@
 #include "mbedtls/psa_util.h"
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
-static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
-                                      mbedtls_asn1_buf *salt, int *iterations,
-                                      int *keylen, mbedtls_md_type_t *md_type )
+static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
+                                     mbedtls_asn1_buf *salt, int *iterations,
+                                     int *keylen, mbedtls_md_type_t *md_type)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_asn1_buf prf_alg_oid;
     unsigned char *p = params->p;
     const unsigned char *end = params->p + params->len;
 
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
     /*
      *  PBKDF2-params ::= SEQUENCE {
      *    salt              OCTET STRING,
@@ -69,45 +70,52 @@
      *  }
      *
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
-                                      MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &salt->len,
+                                    MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+    }
 
     salt->p = p;
     p += salt->len;
 
-    if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
-    {
-        if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(&p, end, iterations)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
     }
 
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
-    if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) {
+        if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+        }
+    }
 
-    if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+    if (p == end) {
+        return 0;
+    }
 
-    if( p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if ((ret = mbedtls_asn1_get_alg_null(&p, end, &prf_alg_oid)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+    }
 
-    return( 0 );
+    if (mbedtls_oid_get_md_hmac(&prf_alg_oid, md_type) != 0) {
+        return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+    }
+
+    if (p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
+
+    return 0;
 }
 
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
+int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
+                        const unsigned char *pwd,  size_t pwdlen,
+                        const unsigned char *data, size_t datalen,
+                        unsigned char *output)
 {
     int ret, iterations = 0, keylen = 0;
     unsigned char *p, *end;
@@ -129,38 +137,41 @@
      *    encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
      *  }
      */
-    if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (pbe_params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
-                                      &kdf_alg_params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_alg(&p, end, &kdf_alg_oid,
+                                    &kdf_alg_params)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+    }
 
     // Only PBKDF2 supported at the moment
     //
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
-                                           &salt, &iterations, &keylen,
-                                           &md_type ) ) != 0 )
-    {
-        return( ret );
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid) != 0) {
+        return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
     }
 
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
-                              &enc_scheme_params ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
+    if ((ret = pkcs5_parse_pbkdf2_params(&kdf_alg_params,
+                                         &salt, &iterations, &keylen,
+                                         &md_type)) != 0) {
+        return ret;
     }
 
-    if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+    if ((ret = mbedtls_asn1_get_alg(&p, end, &enc_scheme_oid,
+                                    &enc_scheme_params)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
+    }
 
-    cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+    if (mbedtls_oid_get_cipher_alg(&enc_scheme_oid, &cipher_alg) != 0) {
+        return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+    }
+
+    cipher_info = mbedtls_cipher_info_from_type(cipher_alg);
+    if (cipher_info == NULL) {
+        return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+    }
 
     /*
      * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
@@ -168,164 +179,176 @@
      */
     keylen = cipher_info->key_bitlen / 8;
 
-    if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
-        enc_scheme_params.len != cipher_info->iv_size )
-    {
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
+    if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
+        enc_scheme_params.len != cipher_info->iv_size) {
+        return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
     }
 
-    mbedtls_cipher_init( &cipher_ctx );
+    mbedtls_cipher_init(&cipher_ctx);
 
-    memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
+    memcpy(iv, enc_scheme_params.p, enc_scheme_params.len);
 
-    if( ( ret = mbedtls_pkcs5_pbkdf2_hmac_ext( md_type, pwd, pwdlen, salt.p,
-                                               salt.len, iterations, keylen,
-                                               key ) ) != 0 )
-    {
+    if ((ret = mbedtls_pkcs5_pbkdf2_hmac_ext(md_type, pwd, pwdlen, salt.p,
+                                             salt.len, iterations, keylen,
+                                             key)) != 0) {
         goto exit;
     }
 
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
+    if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen,
-                                       (mbedtls_operation_t) mode ) ) != 0 )
+    if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen,
+                                     (mbedtls_operation_t) mode)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
-                              data, datalen, output, &olen ) ) != 0 )
+    if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
+                                    data, datalen, output, &olen)) != 0) {
         ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
+    }
 
 exit:
-    mbedtls_cipher_free( &cipher_ctx );
+    mbedtls_cipher_free(&cipher_ctx);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
 #if defined(MBEDTLS_MD_C)
-static int pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
-                              const unsigned char *password,
-                              size_t plen, const unsigned char *salt, size_t slen,
-                              unsigned int iteration_count,
-                              uint32_t key_length, unsigned char *output )
+static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
+                             const unsigned char *password,
+                             size_t plen, const unsigned char *salt, size_t slen,
+                             unsigned int iteration_count,
+                             uint32_t key_length, unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned int i;
     unsigned char md1[MBEDTLS_MD_MAX_SIZE];
     unsigned char work[MBEDTLS_MD_MAX_SIZE];
-    unsigned char md_size = mbedtls_md_get_size( ctx->md_info );
+    unsigned char md_size = mbedtls_md_get_size(ctx->md_info);
     size_t use_len;
     unsigned char *out_p = output;
     unsigned char counter[4];
 
-    memset( counter, 0, 4 );
+    memset(counter, 0, 4);
     counter[3] = 1;
 
 #if UINT_MAX > 0xFFFFFFFF
-    if( iteration_count > 0xFFFFFFFF )
-        return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+    if (iteration_count > 0xFFFFFFFF) {
+        return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
+    }
 #endif
 
-    if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
-        return( ret );
-    while( key_length )
-    {
+    if ((ret = mbedtls_md_hmac_starts(ctx, password, plen)) != 0) {
+        return ret;
+    }
+    while (key_length) {
         // U1 ends up in work
         //
-        if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_update(ctx, salt, slen)) != 0) {
             goto cleanup;
+        }
 
-        if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_update(ctx, counter, 4)) != 0) {
             goto cleanup;
+        }
 
-        if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_finish(ctx, work)) != 0) {
             goto cleanup;
+        }
 
-        if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
+        if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) {
             goto cleanup;
+        }
 
-        memcpy( md1, work, md_size );
+        memcpy(md1, work, md_size);
 
-        for( i = 1; i < iteration_count; i++ )
-        {
+        for (i = 1; i < iteration_count; i++) {
             // U2 ends up in md1
             //
-            if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
+            if ((ret = mbedtls_md_hmac_update(ctx, md1, md_size)) != 0) {
                 goto cleanup;
+            }
 
-            if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
+            if ((ret = mbedtls_md_hmac_finish(ctx, md1)) != 0) {
                 goto cleanup;
+            }
 
-            if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
+            if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) {
                 goto cleanup;
+            }
 
             // U1 xor U2
             //
-            mbedtls_xor( work, work, md1, md_size );
+            mbedtls_xor(work, work, md1, md_size);
         }
 
-        use_len = ( key_length < md_size ) ? key_length : md_size;
-        memcpy( out_p, work, use_len );
+        use_len = (key_length < md_size) ? key_length : md_size;
+        memcpy(out_p, work, use_len);
 
         key_length -= (uint32_t) use_len;
         out_p += use_len;
 
-        for( i = 4; i > 0; i-- )
-            if( ++counter[i - 1] != 0 )
+        for (i = 4; i > 0; i--) {
+            if (++counter[i - 1] != 0) {
                 break;
+            }
+        }
     }
 
 cleanup:
     /* Zeroise buffers to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE );
-    mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
+    mbedtls_platform_zeroize(work, MBEDTLS_MD_MAX_SIZE);
+    mbedtls_platform_zeroize(md1, MBEDTLS_MD_MAX_SIZE);
 
-    return( ret );
+    return ret;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
-                       const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output )
+int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
+                              const unsigned char *password,
+                              size_t plen, const unsigned char *salt, size_t slen,
+                              unsigned int iteration_count,
+                              uint32_t key_length, unsigned char *output)
 {
-    return( pkcs5_pbkdf2_hmac( ctx, password, plen, salt, slen, iteration_count,
-                               key_length, output ) );
+    return pkcs5_pbkdf2_hmac(ctx, password, plen, salt, slen, iteration_count,
+                             key_length, output);
 }
 #endif
 #endif /* MBEDTLS_MD_C */
 
-int mbedtls_pkcs5_pbkdf2_hmac_ext( mbedtls_md_type_t md_alg,
-                       const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output )
+int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg,
+                                  const unsigned char *password,
+                                  size_t plen, const unsigned char *salt, size_t slen,
+                                  unsigned int iteration_count,
+                                  uint32_t key_length, unsigned char *output)
 {
 #if defined(MBEDTLS_MD_C)
     mbedtls_md_context_t md_ctx;
     const mbedtls_md_info_t *md_info = NULL;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    md_info = mbedtls_md_info_from_type( md_alg );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+    md_info = mbedtls_md_info_from_type(md_alg);
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE;
+    }
 
-    mbedtls_md_init( &md_ctx );
+    mbedtls_md_init(&md_ctx);
 
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+    if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
         goto exit;
-    ret = pkcs5_pbkdf2_hmac( &md_ctx, password, plen, salt, slen,
-                             iteration_count, key_length, output );
+    }
+    ret = pkcs5_pbkdf2_hmac(&md_ctx, password, plen, salt, slen,
+                            iteration_count, key_length, output);
 exit:
-    mbedtls_md_free( &md_ctx );
-    return( ret );
+    mbedtls_md_free(&md_ctx);
+    return ret;
 #else
     unsigned int i;
     unsigned char md1[PSA_HASH_MAX_SIZE];
     unsigned char work[PSA_HASH_MAX_SIZE];
-    const unsigned char md_size = mbedtls_hash_info_get_size( md_alg );
+    const unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
 
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -335,109 +358,121 @@
     unsigned char counter[4];
     mbedtls_svc_key_id_t psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    const psa_algorithm_t alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( md_alg ) );
-    const size_t out_size = PSA_MAC_LENGTH( PSA_KEY_TYPE_HMAC, 0, alg );
+    const psa_algorithm_t alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(md_alg));
+    const size_t out_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 0, alg);
 
-    memset( counter, 0, sizeof( counter ) );
+    memset(counter, 0, sizeof(counter));
     counter[3] = 1;
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes,  alg );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_algorithm(&attributes,  alg);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
 
-    if( key_length == 0 )
+    if (key_length == 0) {
         return 0;
-    if( ( status = psa_import_key( &attributes,
-                                   password, plen,
-                                   &psa_hmac_key ) ) != PSA_SUCCESS )
-    {
+    }
+    if ((status = psa_import_key(&attributes,
+                                 password, plen,
+                                 &psa_hmac_key)) != PSA_SUCCESS) {
         return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
     }
 
 #if UINT_MAX > 0xFFFFFFFF
-    if( iteration_count > 0xFFFFFFFF )
-        return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+    if (iteration_count > 0xFFFFFFFF) {
+        return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
+    }
 #endif
 
-    while( key_length )
-    {
-        status = psa_mac_sign_setup( &operation, psa_hmac_key,
-            PSA_ALG_HMAC( alg ) );
-        if( status != PSA_SUCCESS )
+    while (key_length) {
+        status = psa_mac_sign_setup(&operation, psa_hmac_key,
+                                    PSA_ALG_HMAC(alg));
+        if (status != PSA_SUCCESS) {
             goto cleanup;
+        }
         // U1 ends up in work
-        if( ( status = psa_mac_update( &operation, salt, slen ) ) != PSA_SUCCESS )
+        if ((status = psa_mac_update(&operation, salt, slen)) != PSA_SUCCESS) {
             goto cleanup;
+        }
 
-        if( ( status = psa_mac_update( &operation, counter, sizeof( counter ) ) ) != PSA_SUCCESS )
+        if ((status = psa_mac_update(&operation, counter, sizeof(counter))) != PSA_SUCCESS) {
             goto cleanup;
+        }
 
-        if( ( status = psa_mac_sign_finish( &operation, work, out_size, &out_len ) )
-            != PSA_SUCCESS )
+        if ((status = psa_mac_sign_finish(&operation, work, out_size, &out_len))
+            != PSA_SUCCESS) {
             goto cleanup;
+        }
 
-        memcpy( md1, work, out_len );
+        memcpy(md1, work, out_len);
 
-        for( i = 1; i < iteration_count; i++ )
-        {
+        for (i = 1; i < iteration_count; i++) {
             // U2 ends up in md1
             //
-            status = psa_mac_sign_setup( &operation, psa_hmac_key,
-                PSA_ALG_HMAC( alg ) );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_sign_setup(&operation, psa_hmac_key,
+                                        PSA_ALG_HMAC(alg));
+            if (status != PSA_SUCCESS) {
                 goto cleanup;
-            if( ( status = psa_mac_update( &operation, md1, md_size ) ) != PSA_SUCCESS )
+            }
+            if ((status = psa_mac_update(&operation, md1, md_size)) != PSA_SUCCESS) {
                 goto cleanup;
-            if( ( status = psa_mac_sign_finish( &operation, md1, out_size, &out_len ) ) != PSA_SUCCESS )
+            }
+            if ((status =
+                     psa_mac_sign_finish(&operation, md1, out_size, &out_len)) != PSA_SUCCESS) {
                 goto cleanup;
+            }
 
             // U1 xor U2
             //
-            mbedtls_xor( work, work, md1, md_size );
+            mbedtls_xor(work, work, md1, md_size);
         }
 
-        use_len = ( key_length < md_size ) ? key_length : md_size;
-        memcpy( out_p, work, use_len );
+        use_len = (key_length < md_size) ? key_length : md_size;
+        memcpy(out_p, work, use_len);
 
         key_length -= (uint32_t) use_len;
         out_p += use_len;
 
-        for( i = 4; i > 0; i-- )
-            if( ++counter[i - 1] != 0 )
+        for (i = 4; i > 0; i--) {
+            if (++counter[i - 1] != 0) {
                 break;
+            }
+        }
     }
 
 cleanup:
     /* Zeroise buffers to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( work, PSA_HASH_MAX_SIZE );
-    mbedtls_platform_zeroize( md1, PSA_HASH_MAX_SIZE );
-    status_destruction = psa_destroy_key( psa_hmac_key );
-    if( status == PSA_SUCCESS && status_destruction != PSA_SUCCESS )
+    mbedtls_platform_zeroize(work, PSA_HASH_MAX_SIZE);
+    mbedtls_platform_zeroize(md1, PSA_HASH_MAX_SIZE);
+    status_destruction = psa_destroy_key(psa_hmac_key);
+    if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
         status = status_destruction;
-    status_destruction = psa_mac_abort( &operation );
-    if( status == PSA_SUCCESS && status_destruction != PSA_SUCCESS )
+    }
+    status_destruction = psa_mac_abort(&operation);
+    if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
         status = status_destruction;
+    }
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
 #if defined(MBEDTLS_SELF_TEST)
 
 #if !defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA)
-int mbedtls_pkcs5_self_test( int verbose )
+int mbedtls_pkcs5_self_test(int verbose)
 {
-    if( verbose != 0 )
-        mbedtls_printf( "  PBKDF2 (SHA1): skipped\n\n" );
+    if (verbose != 0) {
+        mbedtls_printf("  PBKDF2 (SHA1): skipped\n\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 #else
 
 #define MAX_TESTS   6
 
 static const size_t plen_test_data[MAX_TESTS] =
-    { 8, 8, 8, 24, 9 };
+{ 8, 8, 8, 24, 9 };
 
 static const unsigned char password_test_data[MAX_TESTS][32] =
 {
@@ -449,7 +484,7 @@
 };
 
 static const size_t slen_test_data[MAX_TESTS] =
-    { 4, 4, 4, 36, 5 };
+{ 4, 4, 4, 36, 5 };
 
 static const unsigned char salt_test_data[MAX_TESTS][40] =
 {
@@ -461,10 +496,10 @@
 };
 
 static const uint32_t it_cnt_test_data[MAX_TESTS] =
-    { 1, 2, 4096, 4096, 4096 };
+{ 1, 2, 4096, 4096, 4096 };
 
 static const uint32_t key_len_test_data[MAX_TESTS] =
-    { 20, 20, 20, 25, 16 };
+{ 20, 20, 20, 25, 16 };
 
 static const unsigned char result_key_test_data[MAX_TESTS][32] =
 {
@@ -485,39 +520,41 @@
       0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
 };
 
-int mbedtls_pkcs5_self_test( int verbose )
+int mbedtls_pkcs5_self_test(int verbose)
 {
     int ret, i;
     unsigned char key[64];
 
-    for( i = 0; i < MAX_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  PBKDF2 (SHA1) #%d: ", i );
+    for (i = 0; i < MAX_TESTS; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  PBKDF2 (SHA1) #%d: ", i);
+        }
 
-        ret = mbedtls_pkcs5_pbkdf2_hmac_ext( MBEDTLS_MD_SHA1, password_test_data[i],
-                                         plen_test_data[i], salt_test_data[i],
-                                         slen_test_data[i], it_cnt_test_data[i],
-                                         key_len_test_data[i], key );
-        if( ret != 0 ||
-            memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
+        ret = mbedtls_pkcs5_pbkdf2_hmac_ext(MBEDTLS_MD_SHA1, password_test_data[i],
+                                            plen_test_data[i], salt_test_data[i],
+                                            slen_test_data[i], it_cnt_test_data[i],
+                                            key_len_test_data[i], key);
+        if (ret != 0 ||
+            memcmp(result_key_test_data[i], key, key_len_test_data[i]) != 0) {
+            if (verbose != 0) {
+                mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA */
 
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 9100980..5fd8f64 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -47,43 +47,44 @@
 /**
  * Initializes the pkcs7 structure.
  */
-void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 )
+void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7)
 {
-    memset( pkcs7, 0, sizeof( *pkcs7 ) );
+    memset(pkcs7, 0, sizeof(*pkcs7));
 }
 
-static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end,
-                                       size_t *len )
+static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end,
+                                      size_t *len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED
-            | MBEDTLS_ASN1_CONTEXT_SPECIFIC );
-    if( ret != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret );
+    ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_CONTEXT_SPECIFIC);
+    if (ret != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
     }
 
-    return( ret );
+    return ret;
 }
 
 /**
  * version Version
  * Version ::= INTEGER
  **/
-static int pkcs7_get_version( unsigned char **p, unsigned char *end, int *ver )
+static int pkcs7_get_version(unsigned char **p, unsigned char *end, int *ver)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_asn1_get_int( p, end, ver );
-    if( ret != 0 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_VERSION, ret );
+    ret = mbedtls_asn1_get_int(p, end, ver);
+    if (ret != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_VERSION, ret);
+    }
 
     /* If version != 1, return invalid version */
-    if( *ver != MBEDTLS_PKCS7_SUPPORTED_VERSION )
+    if (*ver != MBEDTLS_PKCS7_SUPPORTED_VERSION) {
         ret = MBEDTLS_ERR_PKCS7_INVALID_VERSION;
+    }
 
-    return( ret );
+    return ret;
 }
 
 /**
@@ -92,24 +93,24 @@
  *      content
  *              [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
  **/
-static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end,
-                                        mbedtls_pkcs7_buf *pkcs7 )
+static int pkcs7_get_content_info_type(unsigned char **p, unsigned char *end,
+                                       mbedtls_pkcs7_buf *pkcs7)
 {
     size_t len = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *start = *p;
 
-    ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
-                                            | MBEDTLS_ASN1_SEQUENCE );
-    if( ret != 0 ) {
+    ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_SEQUENCE);
+    if (ret != 0) {
         *p = start;
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret);
     }
 
-    ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID );
-    if( ret != 0 ) {
+    ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OID);
+    if (ret != 0) {
         *p = start;
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret);
     }
 
     pkcs7->tag = MBEDTLS_ASN1_OID;
@@ -117,7 +118,7 @@
     pkcs7->p = *p;
     *p += len;
 
-    return( ret );
+    return ret;
 }
 
 /**
@@ -125,47 +126,47 @@
  *
  * This is from x509.h
  **/
-static int pkcs7_get_digest_algorithm( unsigned char **p, unsigned char *end,
-                                       mbedtls_x509_buf *alg )
+static int pkcs7_get_digest_algorithm(unsigned char **p, unsigned char *end,
+                                      mbedtls_x509_buf *alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret );
+    if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret);
+    }
 
-    return( ret );
+    return ret;
 }
 
 /**
  * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier
  **/
-static int pkcs7_get_digest_algorithm_set( unsigned char **p,
-                                           unsigned char *end,
-                                           mbedtls_x509_buf *alg )
+static int pkcs7_get_digest_algorithm_set(unsigned char **p,
+                                          unsigned char *end,
+                                          mbedtls_x509_buf *alg)
 {
     size_t len = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
-                                            | MBEDTLS_ASN1_SET );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret ) );
+    ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_SET);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret);
     }
 
     end = *p + len;
 
-    ret = mbedtls_asn1_get_alg_null( p, end, alg );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret ) );
+    ret = mbedtls_asn1_get_alg_null(p, end, alg);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_ALG, ret);
     }
 
     /** For now, it assumes there is only one digest algorithm specified **/
-    if ( *p != end )
-        return( MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE );
+    if (*p != end) {
+        return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /**
@@ -177,30 +178,29 @@
  * 0 or higher is valid.
  * Return negative error code for failure.
  **/
-static int pkcs7_get_certificates( unsigned char **p, unsigned char *end,
-                                   mbedtls_x509_crt *certs )
+static int pkcs7_get_certificates(unsigned char **p, unsigned char *end,
+                                  mbedtls_x509_crt *certs)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len1 = 0;
     size_t len2 = 0;
     unsigned char *end_set, *end_cert, *start;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED
-                    | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
-        else
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED
+                                    | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            return 0;
+        } else {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
+        }
     }
     start = *p;
     end_set = *p + len1;
 
-    ret = mbedtls_asn1_get_tag( p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED
-            | MBEDTLS_ASN1_SEQUENCE );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CERT, ret ) );
+    ret = mbedtls_asn1_get_tag(p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_SEQUENCE);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CERT, ret);
     }
 
     end_cert = *p + len2;
@@ -211,15 +211,13 @@
      * So, we support only the root certificate and the single signer.
      * The behaviour would be improved with addition of multiple signer support.
      */
-    if ( end_cert != end_set )
-    {
-        return( MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE );
+    if (end_cert != end_set) {
+        return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
     }
 
     *p = start;
-    if( ( ret = mbedtls_x509_crt_parse_der( certs, *p, len1 ) ) < 0 )
-    {
-        return( MBEDTLS_ERR_PKCS7_INVALID_CERT );
+    if ((ret = mbedtls_x509_crt_parse_der(certs, *p, len1)) < 0) {
+        return MBEDTLS_ERR_PKCS7_INVALID_CERT;
     }
 
     *p = *p + len1;
@@ -228,21 +226,22 @@
      * Since in this version we strictly support single certificate, and reaching
      * here implies we have parsed successfully, we return 1.
      */
-    return( 1 );
+    return 1;
 }
 
 /**
  * EncryptedDigest ::= OCTET STRING
  **/
-static int pkcs7_get_signature( unsigned char **p, unsigned char *end,
-                                mbedtls_pkcs7_buf *signature )
+static int pkcs7_get_signature(unsigned char **p, unsigned char *end,
+                               mbedtls_pkcs7_buf *signature)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OCTET_STRING );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+    if (ret != 0) {
+        return ret;
+    }
 
     signature->tag = MBEDTLS_ASN1_OCTET_STRING;
     signature->len = len;
@@ -250,23 +249,23 @@
 
     *p = *p + len;
 
-    return( 0 );
+    return 0;
 }
 
-static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
+static void pkcs7_free_signer_info(mbedtls_pkcs7_signer_info *signer)
 {
     mbedtls_x509_name *name_cur;
     mbedtls_x509_name *name_prv;
 
-    if( signer == NULL )
+    if (signer == NULL) {
         return;
+    }
 
     name_cur = signer->issuer.next;
-    while( name_cur != NULL )
-    {
+    while (name_cur != NULL) {
         name_prv = name_cur;
         name_cur = name_cur->next;
-        mbedtls_free( name_prv );
+        mbedtls_free(name_prv);
     }
     signer->issuer.next = NULL;
 }
@@ -287,74 +286,83 @@
  * Structure must not contain vales for authenticatedAttributes
  * and unauthenticatedAttributes.
  **/
-static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end,
-                                  mbedtls_pkcs7_signer_info *signer )
+static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end,
+                                 mbedtls_pkcs7_signer_info *signer)
 {
     unsigned char *end_signer;
     int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    asn1_ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
-                                | MBEDTLS_ASN1_SEQUENCE );
-    if( asn1_ret != 0 )
+    asn1_ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
+                                    | MBEDTLS_ASN1_SEQUENCE);
+    if (asn1_ret != 0) {
         goto out;
+    }
 
     end_signer = *p + len;
 
-    ret = pkcs7_get_version( p, end_signer, &signer->version );
-    if( ret != 0 )
+    ret = pkcs7_get_version(p, end_signer, &signer->version);
+    if (ret != 0) {
         goto out;
+    }
 
-    asn1_ret = mbedtls_asn1_get_tag( p, end_signer, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
-    if( asn1_ret != 0 )
+    asn1_ret = mbedtls_asn1_get_tag(p, end_signer, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    if (asn1_ret != 0) {
         goto out;
+    }
 
     /* Parsing IssuerAndSerialNumber */
     signer->issuer_raw.p = *p;
 
-    asn1_ret = mbedtls_asn1_get_tag( p, end_signer, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
-    if( asn1_ret != 0 )
+    asn1_ret = mbedtls_asn1_get_tag(p, end_signer, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    if (asn1_ret != 0) {
         goto out;
+    }
 
-    ret  = mbedtls_x509_get_name( p, *p + len, &signer->issuer );
-    if( ret != 0 )
+    ret  = mbedtls_x509_get_name(p, *p + len, &signer->issuer);
+    if (ret != 0) {
         goto out;
+    }
 
     signer->issuer_raw.len =  *p - signer->issuer_raw.p;
 
-    ret = mbedtls_x509_get_serial( p, end_signer, &signer->serial );
-    if( ret != 0 )
+    ret = mbedtls_x509_get_serial(p, end_signer, &signer->serial);
+    if (ret != 0) {
         goto out;
+    }
 
-    ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->alg_identifier );
-    if( ret != 0 )
+    ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->alg_identifier);
+    if (ret != 0) {
         goto out;
+    }
 
     /* Assume authenticatedAttributes is nonexistent */
 
-    ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->sig_alg_identifier );
-    if( ret != 0 )
+    ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier);
+    if (ret != 0) {
         goto out;
-
-    ret = pkcs7_get_signature( p, end_signer, &signer->sig );
-    if( ret != 0 )
-        goto out;
-
-    /* Do not permit any unauthenticated attributes */
-    if( *p != end_signer )
-        ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
-
-out:
-    if( asn1_ret != 0 || ret != 0 )
-    {
-        pkcs7_free_signer_info( signer );
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
-                                    asn1_ret );
     }
 
-    return( ret );
+    ret = pkcs7_get_signature(p, end_signer, &signer->sig);
+    if (ret != 0) {
+        goto out;
+    }
+
+    /* Do not permit any unauthenticated attributes */
+    if (*p != end_signer) {
+        ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
+    }
+
+out:
+    if (asn1_ret != 0 || ret != 0) {
+        pkcs7_free_signer_info(signer);
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
+                                asn1_ret);
+    }
+
+    return ret;
 }
 
 /**
@@ -363,48 +371,45 @@
  * 0 or higher is valid.
  * Return negative error code for failure.
  **/
-static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end,
-                                       mbedtls_pkcs7_signer_info *signers_set )
+static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end,
+                                      mbedtls_pkcs7_signer_info *signers_set)
 {
     unsigned char *end_set;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int count = 0;
     size_t len = 0;
 
-    ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
-                                | MBEDTLS_ASN1_SET );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, ret ) );
+    ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_SET);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, ret);
     }
 
     /* Detect zero signers */
-    if( len == 0 )
-    {
-        return( 0 );
+    if (len == 0) {
+        return 0;
     }
 
     end_set = *p + len;
 
-    ret = pkcs7_get_signer_info( p, end_set, signers_set );
-    if( ret != 0 )
-        return( ret );
+    ret = pkcs7_get_signer_info(p, end_set, signers_set);
+    if (ret != 0) {
+        return ret;
+    }
     count++;
 
     mbedtls_pkcs7_signer_info *prev = signers_set;
-    while( *p != end_set )
-    {
+    while (*p != end_set) {
         mbedtls_pkcs7_signer_info *signer =
-            mbedtls_calloc( 1, sizeof( mbedtls_pkcs7_signer_info ) );
-        if( !signer )
-        {
+            mbedtls_calloc(1, sizeof(mbedtls_pkcs7_signer_info));
+        if (!signer) {
             ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED;
             goto cleanup;
         }
 
-        ret = pkcs7_get_signer_info( p, end_set, signer );
-        if( ret != 0 ) {
-            mbedtls_free( signer );
+        ret = pkcs7_get_signer_info(p, end_set, signer);
+        if (ret != 0) {
+            mbedtls_free(signer);
             goto cleanup;
         }
         prev->next = signer;
@@ -412,20 +417,19 @@
         count++;
     }
 
-    return( count );
+    return count;
 
 cleanup:
-    pkcs7_free_signer_info( signers_set );
+    pkcs7_free_signer_info(signers_set);
     mbedtls_pkcs7_signer_info *signer = signers_set->next;
-    while( signer != NULL )
-    {
+    while (signer != NULL) {
         prev = signer;
         signer = signer->next;
-        pkcs7_free_signer_info( prev );
-        mbedtls_free( prev );
+        pkcs7_free_signer_info(prev);
+        mbedtls_free(prev);
     }
     signers_set->next = NULL;
-    return( ret );
+    return ret;
 }
 
 /**
@@ -440,8 +444,8 @@
  *              [0] IMPLICIT CertificateRevocationLists OPTIONAL,
  *      signerInfos SignerInfos }
  */
-static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen,
-                                  mbedtls_pkcs7_signed_data *signed_data )
+static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
+                                 mbedtls_pkcs7_signed_data *signed_data)
 {
     unsigned char *p = buf;
     unsigned char *end = buf + buflen;
@@ -450,47 +454,48 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_alg;
 
-    ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
-                                | MBEDTLS_ASN1_SEQUENCE );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret ) );
+    ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
+                               | MBEDTLS_ASN1_SEQUENCE);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
     }
 
     end_set = p + len;
 
     /* Get version of signed data */
-    ret = pkcs7_get_version( &p, end_set, &signed_data->version );
-    if( ret != 0 )
-        return( ret );
+    ret = pkcs7_get_version(&p, end_set, &signed_data->version);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Get digest algorithm */
-    ret = pkcs7_get_digest_algorithm_set( &p, end_set,
-            &signed_data->digest_alg_identifiers );
-    if( ret != 0 )
-        return( ret );
+    ret = pkcs7_get_digest_algorithm_set(&p, end_set,
+                                         &signed_data->digest_alg_identifiers);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_oid_get_md_alg( &signed_data->digest_alg_identifiers, &md_alg );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERR_PKCS7_INVALID_ALG );
+    ret = mbedtls_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg);
+    if (ret != 0) {
+        return MBEDTLS_ERR_PKCS7_INVALID_ALG;
     }
 
     /* Do not expect any content */
-    ret = pkcs7_get_content_info_type( &p, end_set, &signed_data->content.oid );
-    if( ret != 0 )
-        return( ret );
+    ret = pkcs7_get_content_info_type(&p, end_set, &signed_data->content.oid);
+    if (ret != 0) {
+        return ret;
+    }
 
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid ) )
-    {
-        return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO );
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid)) {
+        return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO;
     }
 
     /* Look for certificates, there may or may not be any */
-    mbedtls_x509_crt_init( &signed_data->certs );
-    ret = pkcs7_get_certificates( &p, end_set, &signed_data->certs );
-    if( ret < 0 )
-        return( ret );
+    mbedtls_x509_crt_init(&signed_data->certs);
+    ret = pkcs7_get_certificates(&p, end_set, &signed_data->certs);
+    if (ret < 0) {
+        return ret;
+    }
 
     signed_data->no_of_certs = ret;
 
@@ -503,21 +508,23 @@
     signed_data->no_of_crls = 0;
 
     /* Get signers info */
-    ret = pkcs7_get_signers_info_set( &p, end_set, &signed_data->signers );
-    if( ret < 0 )
-        return( ret );
+    ret = pkcs7_get_signers_info_set(&p, end_set, &signed_data->signers);
+    if (ret < 0) {
+        return ret;
+    }
 
     signed_data->no_of_signers = ret;
 
     /* Don't permit trailing data */
-    if ( p != end )
-        return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT );
+    if (p != end) {
+        return MBEDTLS_ERR_PKCS7_INVALID_FORMAT;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
-                             const size_t buflen )
+int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
+                            const size_t buflen)
 {
     unsigned char *p;
     unsigned char *end;
@@ -525,78 +532,75 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int isoidset = 0;
 
-    if( pkcs7 == NULL )
-    {
-        return( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA );
+    if (pkcs7 == NULL) {
+        return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
     }
 
     /* make an internal copy of the buffer for parsing */
-    pkcs7->raw.p = p = mbedtls_calloc( 1, buflen );
-    if( pkcs7->raw.p == NULL )
-    {
+    pkcs7->raw.p = p = mbedtls_calloc(1, buflen);
+    if (pkcs7->raw.p == NULL) {
         ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED;
         goto out;
     }
-    memcpy( p, buf, buflen );
+    memcpy(p, buf, buflen);
     pkcs7->raw.len = buflen;
     end = p + buflen;
 
-    ret = pkcs7_get_content_info_type( &p, end, &pkcs7->content_type_oid );
-    if( ret != 0 )
-    {
+    ret = pkcs7_get_content_info_type(&p, end, &pkcs7->content_type_oid);
+    if (ret != 0) {
         len = buflen;
         goto try_data;
     }
 
-    if( ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid )
-     || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid )
-     || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid )
-     || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid )
-     || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid )
-     || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) )
-    {
+    if (!MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid)
+        || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid)
+        || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid)
+        || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid)
+        || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid)
+        || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid)) {
         ret =  MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
         goto out;
     }
 
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid ) )
-    {
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid)) {
         ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
         goto out;
     }
 
     isoidset = 1;
 
-    ret = pkcs7_get_next_content_len( &p, end, &len );
-    if( ret != 0 )
+    ret = pkcs7_get_next_content_len(&p, end, &len);
+    if (ret != 0) {
         goto out;
+    }
 
 try_data:
-    ret = pkcs7_get_signed_data( p, len, &pkcs7->signed_data );
-    if ( ret != 0 )
+    ret = pkcs7_get_signed_data(p, len, &pkcs7->signed_data);
+    if (ret != 0) {
         goto out;
+    }
 
-    if ( !isoidset )
-    {
+    if (!isoidset) {
         pkcs7->content_type_oid.tag = MBEDTLS_ASN1_OID;
-        pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS7_SIGNED_DATA );
-        pkcs7->content_type_oid.p = (unsigned char *)MBEDTLS_OID_PKCS7_SIGNED_DATA;
+        pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS7_SIGNED_DATA);
+        pkcs7->content_type_oid.p = (unsigned char *) MBEDTLS_OID_PKCS7_SIGNED_DATA;
     }
 
     ret = MBEDTLS_PKCS7_SIGNED_DATA;
 
 out:
-    if ( ret < 0 )
-        mbedtls_pkcs7_free( pkcs7 );
+    if (ret < 0) {
+        mbedtls_pkcs7_free(pkcs7);
+    }
 
-    return( ret );
+    return ret;
 }
 
-static int mbedtls_pkcs7_data_or_hash_verify( mbedtls_pkcs7 *pkcs7,
+static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7,
                                              const mbedtls_x509_crt *cert,
                                              const unsigned char *data,
                                              size_t datalen,
-                                             const int is_data_hash )
+                                             const int is_data_hash)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *hash;
@@ -605,15 +609,13 @@
     mbedtls_md_type_t md_alg;
     mbedtls_pkcs7_signer_info *signer;
 
-    if( pkcs7->signed_data.no_of_signers == 0 )
-    {
-        return( MBEDTLS_ERR_PKCS7_INVALID_CERT );
+    if (pkcs7->signed_data.no_of_signers == 0) {
+        return MBEDTLS_ERR_PKCS7_INVALID_CERT;
     }
 
-    if( mbedtls_x509_time_is_past( &cert->valid_to ) ||
-        mbedtls_x509_time_is_future( &cert->valid_from ))
-    {
-        return( MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID );
+    if (mbedtls_x509_time_is_past(&cert->valid_to) ||
+        mbedtls_x509_time_is_future(&cert->valid_from)) {
+        return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID;
     }
 
     /*
@@ -629,97 +631,92 @@
      * We could also cache hashes by md, so if there are several sigs all using
      * the same algo we don't recalculate the hash each time.
      */
-    for( signer = &pkcs7->signed_data.signers; signer; signer = signer->next )
-    {
-        ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg );
-        if( ret != 0 )
-        {
+    for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
+        ret = mbedtls_oid_get_md_alg(&signer->alg_identifier, &md_alg);
+        if (ret != 0) {
             ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
             continue;
         }
 
-        md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-        {
+        md_info = mbedtls_md_info_from_type(md_alg);
+        if (md_info == NULL) {
             ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
             continue;
         }
 
-        hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 );
-        if( hash == NULL ) {
-            return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED );
+        hash = mbedtls_calloc(mbedtls_md_get_size(md_info), 1);
+        if (hash == NULL) {
+            return MBEDTLS_ERR_PKCS7_ALLOC_FAILED;
         }
         /* BEGIN must free hash before jumping out */
-        if( is_data_hash )
-        {
-            if( datalen != mbedtls_md_get_size( md_info ))
+        if (is_data_hash) {
+            if (datalen != mbedtls_md_get_size(md_info)) {
                 ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
-            else
+            } else {
                 memcpy(hash, data, datalen);
+            }
+        } else {
+            ret = mbedtls_md(md_info, data, datalen, hash);
         }
-        else
-        {
-            ret = mbedtls_md( md_info, data, datalen, hash );
-        }
-        if( ret != 0 )
-        {
+        if (ret != 0) {
             ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
-            mbedtls_free( hash );
+            mbedtls_free(hash);
             continue;
         }
 
-        ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash,
-                                 mbedtls_md_get_size( md_info ),
-                                 signer->sig.p, signer->sig.len );
-        mbedtls_free( hash );
+        ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash,
+                                mbedtls_md_get_size(md_info),
+                                signer->sig.p, signer->sig.len);
+        mbedtls_free(hash);
         /* END must free hash before jumping out */
 
-        if( ret == 0 )
+        if (ret == 0) {
             break;
+        }
     }
 
-    return( ret );
+    return ret;
 }
-int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7,
-                                      const mbedtls_x509_crt *cert,
-                                      const unsigned char *data,
-                                      size_t datalen )
+int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7,
+                                     const mbedtls_x509_crt *cert,
+                                     const unsigned char *data,
+                                     size_t datalen)
 {
-    return( mbedtls_pkcs7_data_or_hash_verify( pkcs7, cert, data, datalen, 0 ) );
+    return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, data, datalen, 0);
 }
 
-int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7,
-                                      const mbedtls_x509_crt *cert,
-                                      const unsigned char *hash,
-                                      size_t hashlen )
+int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7,
+                                     const mbedtls_x509_crt *cert,
+                                     const unsigned char *hash,
+                                     size_t hashlen)
 {
-    return( mbedtls_pkcs7_data_or_hash_verify( pkcs7, cert, hash, hashlen, 1 ) );
+    return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, hash, hashlen, 1);
 }
 
 /*
  * Unallocate all pkcs7 data
  */
-void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 )
+void mbedtls_pkcs7_free(mbedtls_pkcs7 *pkcs7)
 {
     mbedtls_pkcs7_signer_info *signer_cur;
     mbedtls_pkcs7_signer_info *signer_prev;
 
-    if( pkcs7 == NULL || pkcs7->raw.p == NULL )
+    if (pkcs7 == NULL || pkcs7->raw.p == NULL) {
         return;
+    }
 
-    mbedtls_free( pkcs7->raw.p );
+    mbedtls_free(pkcs7->raw.p);
 
-    mbedtls_x509_crt_free( &pkcs7->signed_data.certs );
-    mbedtls_x509_crl_free( &pkcs7->signed_data.crl );
+    mbedtls_x509_crt_free(&pkcs7->signed_data.certs);
+    mbedtls_x509_crl_free(&pkcs7->signed_data.crl);
 
     signer_cur = pkcs7->signed_data.signers.next;
-    pkcs7_free_signer_info( &pkcs7->signed_data.signers );
-    while( signer_cur != NULL )
-    {
+    pkcs7_free_signer_info(&pkcs7->signed_data.signers);
+    while (signer_cur != NULL) {
         signer_prev = signer_cur;
         signer_cur = signer_prev->next;
-        pkcs7_free_signer_info( signer_prev );
-        mbedtls_free( signer_prev );
+        pkcs7_free_signer_info(signer_prev);
+        mbedtls_free(signer_prev);
     }
 
     pkcs7->raw.p = NULL;
diff --git a/library/pkparse.c b/library/pkparse.c
index b982637..990b554 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -58,98 +58,100 @@
  * A terminating null byte is always appended. It is included in the announced
  * length only if the data looks like it is PEM encoded.
  */
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n)
 {
     FILE *f;
     long size;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+    if ((f = fopen(path, "rb")) == NULL) {
+        return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( f, NULL );
+    mbedtls_setbuf(f, NULL);
 
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+    fseek(f, 0, SEEK_END);
+    if ((size = ftell(f)) == -1) {
+        fclose(f);
+        return MBEDTLS_ERR_PK_FILE_IO_ERROR;
     }
-    fseek( f, 0, SEEK_SET );
+    fseek(f, 0, SEEK_SET);
 
     *n = (size_t) size;
 
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    if (*n + 1 == 0 ||
+        (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+        fclose(f);
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
     }
 
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
+    if (fread(*buf, 1, *n, f) != *n) {
+        fclose(f);
 
-        mbedtls_platform_zeroize( *buf, *n );
-        mbedtls_free( *buf );
+        mbedtls_platform_zeroize(*buf, *n);
+        mbedtls_free(*buf);
 
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+        return MBEDTLS_ERR_PK_FILE_IO_ERROR;
     }
 
-    fclose( f );
+    fclose(f);
 
     (*buf)[*n] = '\0';
 
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+    if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
         ++*n;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Load and parse a private key
  */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-        const char *path, const char *pwd,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+                             const char *path, const char *pwd,
+                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    if( pwd == NULL )
-        ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0, f_rng, p_rng );
-    else
-        ret = mbedtls_pk_parse_key( ctx, buf, n,
-                (const unsigned char *) pwd, strlen( pwd ), f_rng, p_rng );
+    if (pwd == NULL) {
+        ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0, f_rng, p_rng);
+    } else {
+        ret = mbedtls_pk_parse_key(ctx, buf, n,
+                                   (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng);
+    }
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Load and parse a public key
  */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_pk_parse_public_key( ctx, buf, n );
+    ret = mbedtls_pk_parse_public_key(ctx, buf, n);
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -162,40 +164,40 @@
  *   -- implicitCurve   NULL
  * }
  */
-static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
-                            mbedtls_asn1_buf *params )
+static int pk_get_ecparams(unsigned char **p, const unsigned char *end,
+                           mbedtls_asn1_buf *params)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if ( end - *p < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if (end - *p < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
-    if( params->tag != MBEDTLS_ASN1_OID
+    if (params->tag != MBEDTLS_ASN1_OID
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-            && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
+        && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
 #endif
-            )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+        ) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
     }
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &params->len, params->tag)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     params->p = *p;
     *p += params->len;
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
@@ -218,7 +220,7 @@
  *
  * We only support prime-field as field type, and ignore hash and cofactor.
  */
-static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+static int pk_group_from_specified(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = params->p;
@@ -228,11 +230,13 @@
     int ver;
 
     /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(&p, end, &ver)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( ver < 1 || ver > 3 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    if (ver < 1 || ver > 3) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+    }
 
     /*
      * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
@@ -240,9 +244,10 @@
      *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
      * }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
 
     end_field = p + len;
 
@@ -254,26 +259,28 @@
      * }
      * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(&p, end_field, &len, MBEDTLS_ASN1_OID)) != 0) {
+        return ret;
+    }
 
-    if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
-        memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) ||
+        memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) {
+        return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
     }
 
     p += len;
 
     /* Prime-p ::= INTEGER -- Field of size p. */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_mpi(&p, end_field, &grp->P)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+    grp->pbits = mbedtls_mpi_bitlen(&grp->P);
 
-    if( p != end_field )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end_field) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
     /*
      * Curve ::= SEQUENCE {
@@ -284,9 +291,10 @@
      *       -- with version equal to ecdpVer2 or ecdpVer3
      * }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
 
     end_curve = p + len;
 
@@ -294,51 +302,50 @@
      * FieldElement ::= OCTET STRING
      * containing an integer in the case of a prime field
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
+        (ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     p += len;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 ||
+        (ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     p += len;
 
     /* Ignore seed BIT STRING OPTIONAL */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
+    if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) {
         p += len;
+    }
 
-    if( p != end_curve )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end_curve) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
     /*
      * ECPoint ::= OCTET STRING
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
-                                      ( const unsigned char *) p, len ) ) != 0 )
-    {
+    if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G,
+                                             (const unsigned char *) p, len)) != 0) {
         /*
          * If we can't read the point because it's compressed, cheat by
          * reading only the X coordinate and the parity bit of Y.
          */
-        if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
-            ( p[0] != 0x02 && p[0] != 0x03 ) ||
-            len != mbedtls_mpi_size( &grp->P ) + 1 ||
-            mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
-        {
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+        if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
+            (p[0] != 0x02 && p[0] != 0x03) ||
+            len != mbedtls_mpi_size(&grp->P) + 1 ||
+            mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 ||
+            mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 ||
+            mbedtls_mpi_lset(&grp->G.Z, 1) != 0) {
+            return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
         }
     }
 
@@ -347,83 +354,84 @@
     /*
      * order INTEGER
      */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_mpi(&p, end, &grp->N)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+    grp->nbits = mbedtls_mpi_bitlen(&grp->N);
 
     /*
      * Allow optional elements by purposefully not enforcing p == end here.
      */
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Find the group id associated with an (almost filled) group as generated by
  * pk_group_from_specified(), or return an error if unknown.
  */
-static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
+static int pk_group_id_from_group(const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id)
 {
     int ret = 0;
     mbedtls_ecp_group ref;
     const mbedtls_ecp_group_id *id;
 
-    mbedtls_ecp_group_init( &ref );
+    mbedtls_ecp_group_init(&ref);
 
-    for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
-    {
+    for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) {
         /* Load the group associated to that id */
-        mbedtls_ecp_group_free( &ref );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
+        mbedtls_ecp_group_free(&ref);
+        MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id));
 
         /* Compare to the group we were given, starting with easy tests */
-        if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
-            mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
+        if (grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
+            mbedtls_mpi_cmp_mpi(&grp->P, &ref.P) == 0 &&
+            mbedtls_mpi_cmp_mpi(&grp->A, &ref.A) == 0 &&
+            mbedtls_mpi_cmp_mpi(&grp->B, &ref.B) == 0 &&
+            mbedtls_mpi_cmp_mpi(&grp->N, &ref.N) == 0 &&
+            mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 &&
+            mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 &&
             /* For Y we may only know the parity bit, so compare only that */
-            mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
-        {
+            mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) {
             break;
         }
 
     }
 
 cleanup:
-    mbedtls_ecp_group_free( &ref );
+    mbedtls_ecp_group_free(&ref);
 
     *grp_id = *id;
 
-    if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
+    if (ret == 0 && *id == MBEDTLS_ECP_DP_NONE) {
         ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
  */
-static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
-                                       mbedtls_ecp_group_id *grp_id )
+static int pk_group_id_from_specified(const mbedtls_asn1_buf *params,
+                                      mbedtls_ecp_group_id *grp_id)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group grp;
 
-    mbedtls_ecp_group_init( &grp );
+    mbedtls_ecp_group_init(&grp);
 
-    if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
+    if ((ret = pk_group_from_specified(params, &grp)) != 0) {
         goto cleanup;
+    }
 
-    ret = pk_group_id_from_group( &grp, grp_id );
+    ret = pk_group_id_from_group(&grp, grp_id);
 
 cleanup:
-    mbedtls_ecp_group_free( &grp );
+    mbedtls_ecp_group_free(&grp);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
 
@@ -435,36 +443,37 @@
  *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
  *   -- implicitCurve   NULL
  */
-static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group_id grp_id;
 
-    if( params->tag == MBEDTLS_ASN1_OID )
-    {
-        if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
-            return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
-    }
-    else
-    {
+    if (params->tag == MBEDTLS_ASN1_OID) {
+        if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) {
+            return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE;
+        }
+    } else {
 #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-        if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
-            return( ret );
+        if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) {
+            return ret;
+        }
 #else
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
 #endif
     }
 
     /*
      * grp may already be initialized; if so, make sure IDs match
      */
-    if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+    }
 
-    if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -474,15 +483,14 @@
  * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
  * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
  */
-static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
-                            mbedtls_ecp_keypair *key )
+static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
+                           mbedtls_ecp_keypair *key)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
-                    (const unsigned char *) *p, end - *p ) ) == 0 )
-    {
-        ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
+    if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q,
+                                             (const unsigned char *) *p, end - *p)) == 0) {
+        ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q);
     }
 
     /*
@@ -490,7 +498,7 @@
      */
     *p = (unsigned char *) end;
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_C */
 
@@ -501,52 +509,58 @@
  *      publicExponent    INTEGER   -- e
  *  }
  */
-static int pk_get_rsapubkey( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_rsa_context *rsa )
+static int pk_get_rsapubkey(unsigned char **p,
+                            const unsigned char *end,
+                            mbedtls_rsa_context *rsa)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+    }
 
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p + len != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
     /* Import N */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+    }
 
-    if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+    if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0,
+                                      NULL, 0, NULL, 0)) != 0) {
+        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
+    }
 
     *p += len;
 
     /* Import E */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+    }
 
-    if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
-                                        NULL, 0, *p, len ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+    if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
+                                      NULL, 0, *p, len)) != 0) {
+        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
+    }
 
     *p += len;
 
-    if( mbedtls_rsa_complete( rsa ) != 0 ||
-        mbedtls_rsa_check_pubkey( rsa ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+    if (mbedtls_rsa_complete(rsa) != 0 ||
+        mbedtls_rsa_check_pubkey(rsa) != 0) {
+        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
     }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_RSA_C */
 
@@ -556,32 +570,33 @@
  *       algorithm               OBJECT IDENTIFIER,
  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  */
-static int pk_get_pk_alg( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
+static int pk_get_pk_alg(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_asn1_buf alg_oid;
 
-    memset( params, 0, sizeof(mbedtls_asn1_buf) );
+    memset(params, 0, sizeof(mbedtls_asn1_buf));
 
-    if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret);
+    }
 
-    if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+    if (mbedtls_oid_get_pk_alg(&alg_oid, pk_alg) != 0) {
+        return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+    }
 
     /*
      * No parameters with RSA (only for EC)
      */
-    if( *pk_alg == MBEDTLS_PK_RSA &&
-            ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
-                params->len != 0 ) )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_ALG );
+    if (*pk_alg == MBEDTLS_PK_RSA &&
+        ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) ||
+         params->len != 0)) {
+        return MBEDTLS_ERR_PK_INVALID_ALG;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -589,8 +604,8 @@
  *       algorithm            AlgorithmIdentifier,
  *       subjectPublicKey     BIT STRING }
  */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk )
+int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
+                               mbedtls_pk_context *pk)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -598,54 +613,59 @@
     mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
     const mbedtls_pk_info_t *pk_info;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     end = *p + len;
 
-    if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
-        return( ret );
+    if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
+    if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+    }
 
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p + len != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+    if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) {
+        return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+    }
 
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
+    if (pk_alg == MBEDTLS_PK_RSA) {
+        ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
     } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
-    {
-        ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
-        if( ret == 0 )
-            ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
+    if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
+        ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
+        if (ret == 0) {
+            ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
+        }
     } else
 #endif /* MBEDTLS_ECP_C */
-        ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+    ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
 
-    if( ret == 0 && *p != end )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (ret == 0 && *p != end) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    if( ret != 0 )
-        mbedtls_pk_free( pk );
+    if (ret != 0) {
+        mbedtls_pk_free(pk);
+    }
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_RSA_C)
@@ -659,35 +679,37 @@
  * Since values can't be omitted in PKCS#1, passing a zero value to
  * rsa_complete() would be incorrect, so reject zero values early.
  */
-static int asn1_get_nonzero_mpi( unsigned char **p,
-                                 const unsigned char *end,
-                                 mbedtls_mpi *X )
+static int asn1_get_nonzero_mpi(unsigned char **p,
+                                const unsigned char *end,
+                                mbedtls_mpi *X)
 {
     int ret;
 
-    ret = mbedtls_asn1_get_mpi( p, end, X );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_asn1_get_mpi(p, end, X);
+    if (ret != 0) {
+        return ret;
+    }
 
-    if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    if (mbedtls_mpi_cmp_int(X, 0) == 0) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse a PKCS#1 encoded private RSA key
  */
-static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
-                                   const unsigned char *key,
-                                   size_t keylen )
+static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa,
+                                  const unsigned char *key,
+                                  size_t keylen)
 {
     int ret, version;
     size_t len;
     unsigned char *p, *end;
 
     mbedtls_mpi T;
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
     p = (unsigned char *) key;
     end = p + keylen;
@@ -708,87 +730,93 @@
      *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
      *  }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     end = p + len;
 
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
-    if( version != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+    if (version != 0) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_VERSION;
     }
 
     /* Import N */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
-                                        NULL, NULL ) ) != 0 )
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL,
+                                  NULL, NULL)) != 0) {
         goto cleanup;
+    }
 
     /* Import E */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
-                                        NULL, &T ) ) != 0 )
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+                                  NULL, &T)) != 0) {
         goto cleanup;
+    }
 
     /* Import D */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
-                                        &T, NULL ) ) != 0 )
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+                                  &T, NULL)) != 0) {
         goto cleanup;
+    }
 
     /* Import P */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
-                                        NULL, NULL ) ) != 0 )
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL,
+                                  NULL, NULL)) != 0) {
         goto cleanup;
+    }
 
     /* Import Q */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
-                                        NULL, NULL ) ) != 0 )
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T,
+                                  NULL, NULL)) != 0) {
         goto cleanup;
+    }
 
 #if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
     /*
-    * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
-    * that they can be easily recomputed from D, P and Q. However by
-    * parsing them from the PKCS1 structure it is possible to avoid
-    * recalculating them which both reduces the overhead of loading
-    * RSA private keys into memory and also avoids side channels which
-    * can arise when computing those values, since all of D, P, and Q
-    * are secret. See https://eprint.iacr.org/2020/055 for a
-    * description of one such attack.
-    */
+     * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
+     * that they can be easily recomputed from D, P and Q. However by
+     * parsing them from the PKCS1 structure it is possible to avoid
+     * recalculating them which both reduces the overhead of loading
+     * RSA private keys into memory and also avoids side channels which
+     * can arise when computing those values, since all of D, P, and Q
+     * are secret. See https://eprint.iacr.org/2020/055 for a
+     * description of one such attack.
+     */
 
     /* Import DP */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
-       goto cleanup;
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) {
+        goto cleanup;
+    }
 
     /* Import DQ */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
-       goto cleanup;
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) {
+        goto cleanup;
+    }
 
     /* Import QP */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
-       goto cleanup;
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) {
+        goto cleanup;
+    }
 
 #else
     /* Verify existence of the CRT params */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
-       goto cleanup;
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) {
+        goto cleanup;
+    }
 #endif
 
     /* rsa_complete() doesn't complete anything with the default
@@ -800,34 +828,32 @@
      * Furthermore, we also check the public part for consistency with
      * mbedtls_pk_parse_pubkey(), as it includes size minima for example.
      */
-    if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
-        ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
-    {
+    if ((ret = mbedtls_rsa_complete(rsa)) != 0 ||
+        (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) {
         goto cleanup;
     }
 
-    if( p != end )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    if (p != end) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
 cleanup:
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         /* Wrap error code if it's coming from a lower level */
-        if( ( ret & 0xff80 ) == 0 )
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret );
-        else
+        if ((ret & 0xff80) == 0) {
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+        } else {
             ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+        }
 
-        mbedtls_rsa_free( rsa );
+        mbedtls_rsa_free(rsa);
     }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_RSA_C */
 
@@ -835,9 +861,9 @@
 /*
  * Parse a SEC1 encoded private EC key
  */
-static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
-        const unsigned char *key, size_t keylen,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck,
+                                 const unsigned char *key, size_t keylen,
+                                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int version, pubkey_done;
@@ -857,106 +883,100 @@
      *      publicKey  [1] BIT STRING OPTIONAL
      *    }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     end = p + len;
 
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( version != 1 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+    if (version != 1) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_VERSION;
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
+        mbedtls_ecp_keypair_free(eck);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     p += len;
 
     pubkey_done = 0;
-    if( p != end )
-    {
+    if (p != end) {
         /*
          * Is 'parameters' present?
          */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
-        {
-            if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
-                ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
-            {
-                mbedtls_ecp_keypair_free( eck );
-                return( ret );
+        if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                        0)) == 0) {
+            if ((ret = pk_get_ecparams(&p, p + len, &params)) != 0 ||
+                (ret = pk_use_ecparams(&params, &eck->grp)) != 0) {
+                mbedtls_ecp_keypair_free(eck);
+                return ret;
             }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+        } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            mbedtls_ecp_keypair_free(eck);
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
         }
     }
 
-    if( p != end )
-    {
+    if (p != end) {
         /*
          * Is 'publickey' present? If not, or if we can't read it (eg because it
          * is compressed), create it from the private key.
          */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
-        {
+        if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                        1)) == 0) {
             end2 = p + len;
 
-            if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+            if ((ret = mbedtls_asn1_get_bitstring_null(&p, end2, &len)) != 0) {
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+            }
 
-            if( p + len != end2 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                        MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+            if (p + len != end2) {
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                         MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+            }
 
-            if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
+            if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) {
                 pubkey_done = 1;
-            else
-            {
+            } else {
                 /*
                  * The only acceptable failure mode of pk_get_ecpubkey() above
                  * is if the point format is not recognized.
                  */
-                if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
-                    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+                if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) {
+                    return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+                }
             }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+        } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            mbedtls_ecp_keypair_free(eck);
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
         }
     }
 
-    if( ! pubkey_done &&
-        ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
-                                 f_rng, p_rng ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if (!pubkey_done &&
+        (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
+                               f_rng, p_rng)) != 0) {
+        mbedtls_ecp_keypair_free(eck);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
-    if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( ret );
+    if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
+        mbedtls_ecp_keypair_free(eck);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECP_C */
 
@@ -974,9 +994,9 @@
  *
  */
 static int pk_parse_key_pkcs8_unencrypted_der(
-        mbedtls_pk_context *pk,
-        const unsigned char* key, size_t keylen,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+    mbedtls_pk_context *pk,
+    const unsigned char *key, size_t keylen,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret, version;
     size_t len;
@@ -1007,62 +1027,62 @@
      *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
      */
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     end = p + len;
 
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( version != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) );
-
-    if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if (version != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret);
+    }
 
-    if( len < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((ret = pk_get_pk_alg(&p, end, &pk_alg, &params)) != 0) {
+        return ret;
+    }
 
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
+    if (len < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
+
+    if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) {
+        return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+    }
+
+    if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
+    if (pk_alg == MBEDTLS_PK_RSA) {
+        if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) {
+            mbedtls_pk_free(pk);
+            return ret;
         }
     } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
-    {
-        if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len, f_rng, p_rng ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
+    if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
+        if ((ret = pk_use_ecparams(&params, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
+            (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len, f_rng, p_rng)) != 0) {
+            mbedtls_pk_free(pk);
+            return ret;
         }
     } else
 #endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+    return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -1076,10 +1096,10 @@
  */
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
 static int pk_parse_key_pkcs8_encrypted_der(
-        mbedtls_pk_context *pk,
-        unsigned char *key, size_t keylen,
-        const unsigned char *pwd, size_t pwdlen,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+    mbedtls_pk_context *pk,
+    unsigned char *key, size_t keylen,
+    const unsigned char *pwd, size_t pwdlen,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret, decrypted = 0;
     size_t len;
@@ -1094,8 +1114,9 @@
     p = key;
     end = p + keylen;
 
-    if( pwdlen == 0 )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
+    if (pwdlen == 0) {
+        return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+    }
 
     /*
      * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
@@ -1112,19 +1133,20 @@
      *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
      *
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
     }
 
     end = p + len;
 
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_alg(&p, end, &pbe_alg_oid, &pbe_params)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+    }
 
     buf = p;
 
@@ -1132,56 +1154,53 @@
      * Decrypt EncryptedData with appropriate PBE
      */
 #if defined(MBEDTLS_PKCS12_C)
-    if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
-                                cipher_alg, md_alg,
-                                pwd, pwdlen, p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+    if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
+        if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+                                      cipher_alg, md_alg,
+                                      pwd, pwdlen, p, len, buf)) != 0) {
+            if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
+                return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+            }
 
-            return( ret );
+            return ret;
         }
 
         decrypted = 1;
-    }
-    else
+    } else
 #endif /* MBEDTLS_PKCS12_C */
 #if defined(MBEDTLS_PKCS5_C)
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
-                                  p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) {
+        if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
+                                       p, len, buf)) != 0) {
+            if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) {
+                return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+            }
 
-            return( ret );
+            return ret;
         }
 
         decrypted = 1;
-    }
-    else
+    } else
 #endif /* MBEDTLS_PKCS5_C */
     {
         ((void) pwd);
     }
 
-    if( decrypted == 0 )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    if (decrypted == 0) {
+        return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+    }
 
-    return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len, f_rng, p_rng ) );
+    return pk_parse_key_pkcs8_unencrypted_der(pk, buf, len, f_rng, p_rng);
 }
 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
 
 /*
  * Parse a private key
  */
-int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
-                  const unsigned char *key, size_t keylen,
-                  const unsigned char *pwd, size_t pwdlen,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
+                         const unsigned char *key, size_t keylen,
+                         const unsigned char *pwd, size_t pwdlen,
+                         int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_pk_info_t *pk_info;
@@ -1190,119 +1209,116 @@
     mbedtls_pem_context pem;
 #endif
 
-    if( keylen == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    if (keylen == 0) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+    }
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-   mbedtls_pem_init( &pem );
+    mbedtls_pem_init(&pem);
 
 #if defined(MBEDTLS_RSA_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PRIVATE KEY-----",
-                               "-----END RSA PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN RSA PRIVATE KEY-----",
+                                      "-----END RSA PRIVATE KEY-----",
+                                      key, pwd, pwdlen, &len);
+    }
 
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
-                                            pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
+    if (ret == 0) {
+        pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
+        if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
+            (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk),
+                                          pem.buf, pem.buflen)) != 0) {
+            mbedtls_pk_free(pk);
         }
 
-        mbedtls_pem_free( &pem );
-        return( ret );
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+        return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+    } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+        return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        return ret;
     }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
 #endif /* MBEDTLS_RSA_C */
 
 #if defined(MBEDTLS_ECP_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN EC PRIVATE KEY-----",
-                               "-----END EC PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN EC PRIVATE KEY-----",
+                                      "-----END EC PRIVATE KEY-----",
+                                      key, pwd, pwdlen, &len);
+    }
+    if (ret == 0) {
+        pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
 
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                                           pem.buf, pem.buflen,
-                                           f_rng, p_rng ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
+        if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
+            (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+                                         pem.buf, pem.buflen,
+                                         f_rng, p_rng)) != 0) {
+            mbedtls_pk_free(pk);
         }
 
-        mbedtls_pem_free( &pem );
-        return( ret );
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+        return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
+    } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+        return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        return ret;
     }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
 #endif /* MBEDTLS_ECP_C */
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN PRIVATE KEY-----",
-                               "-----END PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
-                        pem.buf, pem.buflen, f_rng, p_rng ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN PRIVATE KEY-----",
+                                      "-----END PRIVATE KEY-----",
+                                      key, NULL, 0, &len);
+    }
+    if (ret == 0) {
+        if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk,
+                                                      pem.buf, pem.buflen, f_rng, p_rng)) != 0) {
+            mbedtls_pk_free(pk);
         }
 
-        mbedtls_pem_free( &pem );
-        return( ret );
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        return ret;
     }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
 
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN ENCRYPTED PRIVATE KEY-----",
-                               "-----END ENCRYPTED PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen,
-                        pwd, pwdlen, f_rng, p_rng ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+                                      "-----END ENCRYPTED PRIVATE KEY-----",
+                                      key, NULL, 0, &len);
+    }
+    if (ret == 0) {
+        if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen,
+                                                    pwd, pwdlen, f_rng, p_rng)) != 0) {
+            mbedtls_pk_free(pk);
         }
 
-        mbedtls_pem_free( &pem );
-        return( ret );
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        return ret;
     }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
 #else
     ((void) pwd);
@@ -1317,65 +1333,62 @@
      * error
      */
 #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-    if( pwdlen != 0 )
-    {
+    if (pwdlen != 0) {
         unsigned char *key_copy;
 
-        if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+        if ((key_copy = mbedtls_calloc(1, keylen)) == NULL) {
+            return MBEDTLS_ERR_PK_ALLOC_FAILED;
+        }
 
-        memcpy( key_copy, key, keylen );
+        memcpy(key_copy, key, keylen);
 
-        ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
-                                                pwd, pwdlen, f_rng, p_rng );
+        ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
+                                               pwd, pwdlen, f_rng, p_rng);
 
-        mbedtls_platform_zeroize( key_copy, keylen );
-        mbedtls_free( key_copy );
+        mbedtls_platform_zeroize(key_copy, keylen);
+        mbedtls_free(key_copy);
     }
 
-    if( ret == 0 )
-        return( 0 );
+    if (ret == 0) {
+        return 0;
+    }
 
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
+    mbedtls_pk_free(pk);
+    mbedtls_pk_init(pk);
 
-    if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
-    {
-        return( ret );
+    if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) {
+        return ret;
     }
 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
 
-    ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen, f_rng, p_rng );
-    if( ret == 0 )
-    {
-        return( 0 );
+    ret = pk_parse_key_pkcs8_unencrypted_der(pk, key, keylen, f_rng, p_rng);
+    if (ret == 0) {
+        return 0;
     }
 
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
+    mbedtls_pk_free(pk);
+    mbedtls_pk_init(pk);
 
 #if defined(MBEDTLS_RSA_C)
 
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-    if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
-        pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
-    {
-        return( 0 );
+    pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
+    if (mbedtls_pk_setup(pk, pk_info) == 0 &&
+        pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) {
+        return 0;
     }
 
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
+    mbedtls_pk_free(pk);
+    mbedtls_pk_init(pk);
 #endif /* MBEDTLS_RSA_C */
 
 #if defined(MBEDTLS_ECP_C)
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
-    if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
-        pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                               key, keylen, f_rng, p_rng ) == 0 )
-    {
-        return( 0 );
+    pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
+    if (mbedtls_pk_setup(pk, pk_info) == 0 &&
+        pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+                              key, keylen, f_rng, p_rng) == 0) {
+        return 0;
     }
-    mbedtls_pk_free( pk );
+    mbedtls_pk_free(pk);
 #endif /* MBEDTLS_ECP_C */
 
     /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
@@ -1388,14 +1401,14 @@
      * also ok and in line with the mbedtls_pk_free() calls
      * on failed PEM parsing attempts. */
 
-    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
 }
 
 /*
  * Parse a public key
  */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen )
+int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
+                                const unsigned char *key, size_t keylen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p;
@@ -1407,102 +1420,98 @@
     mbedtls_pem_context pem;
 #endif
 
-    if( keylen == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+    if (keylen == 0) {
+        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+    }
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
+    mbedtls_pem_init(&pem);
 #if defined(MBEDTLS_RSA_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PUBLIC KEY-----",
-                               "-----END RSA PUBLIC KEY-----",
-                               key, NULL, 0, &len );
-
-    if( ret == 0 )
-    {
-        p = pem.buf;
-        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-        {
-            mbedtls_pem_free( &pem );
-            return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-        }
-
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-        {
-            mbedtls_pem_free( &pem );
-            return( ret );
-        }
-
-        if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
-            mbedtls_pk_free( ctx );
-
-        mbedtls_pem_free( &pem );
-        return( ret );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN RSA PUBLIC KEY-----",
+                                      "-----END RSA PUBLIC KEY-----",
+                                      key, NULL, 0, &len);
     }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
+
+    if (ret == 0) {
+        p = pem.buf;
+        if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
+            mbedtls_pem_free(&pem);
+            return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+        }
+
+        if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
+            mbedtls_pem_free(&pem);
+            return ret;
+        }
+
+        if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) {
+            mbedtls_pk_free(ctx);
+        }
+
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        mbedtls_pem_free(&pem);
+        return ret;
     }
 #endif /* MBEDTLS_RSA_C */
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
+    if (key[keylen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                "-----BEGIN PUBLIC KEY-----",
-                "-----END PUBLIC KEY-----",
-                key, NULL, 0, &len );
+    } else {
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN PUBLIC KEY-----",
+                                      "-----END PUBLIC KEY-----",
+                                      key, NULL, 0, &len);
+    }
 
-    if( ret == 0 )
-    {
+    if (ret == 0) {
         /*
          * Was PEM encoded
          */
         p = pem.buf;
 
-        ret = mbedtls_pk_parse_subpubkey( &p,  p + pem.buflen, ctx );
-        mbedtls_pem_free( &pem );
-        return( ret );
+        ret = mbedtls_pk_parse_subpubkey(&p,  p + pem.buflen, ctx);
+        mbedtls_pem_free(&pem);
+        return ret;
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+        mbedtls_pem_free(&pem);
+        return ret;
     }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    mbedtls_pem_free( &pem );
+    mbedtls_pem_free(&pem);
 #endif /* MBEDTLS_PEM_PARSE_C */
 
 #if defined(MBEDTLS_RSA_C)
-    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-        return( ret );
-
-    p = (unsigned char *)key;
-    ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
-    if( ret == 0 )
-    {
-        return( ret );
+    if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) {
+        return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
     }
-    mbedtls_pk_free( ctx );
-    if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) )
-    {
-        return( ret );
+
+    if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) {
+        return ret;
+    }
+
+    p = (unsigned char *) key;
+    ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx));
+    if (ret == 0) {
+        return ret;
+    }
+    mbedtls_pk_free(ctx);
+    if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
+                                  MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) {
+        return ret;
     }
 #endif /* MBEDTLS_RSA_C */
     p = (unsigned char *) key;
 
-    ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
+    ret = mbedtls_pk_parse_subpubkey(&p, p + keylen, ctx);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_PK_PARSE_C */
diff --git a/library/pkwrite.c b/library/pkwrite.c
index f699a27..2194c97 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -60,38 +60,41 @@
  *      publicExponent    INTEGER   -- e
  *  }
  */
-static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
-                                mbedtls_rsa_context *rsa )
+static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
+                               mbedtls_rsa_context *rsa)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     mbedtls_mpi T;
 
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
     /* Export E */
-    if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
+    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
         goto end_of_export;
+    }
     len += ret;
 
     /* Export N */
-    if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
+    if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
         goto end_of_export;
+    }
     len += ret;
 
 end_of_export:
 
-    mbedtls_mpi_free( &T );
-    if( ret < 0 )
-        return( ret );
+    mbedtls_mpi_free(&T);
+    if (ret < 0) {
+        return ret;
+    }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 #endif /* MBEDTLS_RSA_C */
 
@@ -99,27 +102,27 @@
 /*
  * EC public key is an EC point
  */
-static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
-                               mbedtls_ecp_keypair *ec )
+static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
+                              mbedtls_ecp_keypair *ec)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
 
-    if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
-                                        MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                        &len, buf, sizeof( buf ) ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
+                                              MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                              &len, buf, sizeof(buf))) != 0) {
+        return ret;
     }
 
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p < start || (size_t) (*p - start) < len) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *p -= len;
-    memcpy( *p, buf, len );
+    memcpy(*p, buf, len);
 
-    return( (int) len );
+    return (int) len;
 }
 
 /*
@@ -127,88 +130,86 @@
  *   namedCurve         OBJECT IDENTIFIER
  * }
  */
-static int pk_write_ec_param( unsigned char **p, unsigned char *start,
-                              mbedtls_ecp_keypair *ec )
+static int pk_write_ec_param(unsigned char **p, unsigned char *start,
+                             mbedtls_ecp_keypair *ec)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     const char *oid;
     size_t oid_len;
 
-    if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0) {
+        return ret;
+    }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
 
-    return( (int) len );
+    return (int) len;
 }
 
 /*
  * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
  */
-static int pk_write_ec_private( unsigned char **p, unsigned char *start,
-                                mbedtls_ecp_keypair *ec )
+static int pk_write_ec_private(unsigned char **p, unsigned char *start,
+                               mbedtls_ecp_keypair *ec)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
+    size_t byte_length = (ec->grp.pbits + 7) / 8;
     unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
 
-    ret = mbedtls_ecp_write_key( ec, tmp, byte_length );
-    if( ret != 0 )
+    ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
+    if (ret != 0) {
         goto exit;
-    ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
+    }
+    ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
 
 exit:
-    mbedtls_platform_zeroize( tmp, byte_length );
-    return( ret );
+    mbedtls_platform_zeroize(tmp, byte_length);
+    return ret;
 }
 #endif /* MBEDTLS_ECP_C */
 
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                             const mbedtls_pk_context *key )
+int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
+                            const mbedtls_pk_context *key)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
 #if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
-    else
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
+        MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key)));
+    } else
 #endif
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
-    else
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
+        MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
+    } else
 #endif
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
-    {
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
         size_t buffer_size;
-        mbedtls_svc_key_id_t* key_id = (mbedtls_svc_key_id_t*) key->pk_ctx;
+        mbedtls_svc_key_id_t *key_id = (mbedtls_svc_key_id_t *) key->pk_ctx;
 
-        if ( *p < start )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-        buffer_size = (size_t)( *p - start );
-        if ( psa_export_public_key( *key_id, start, buffer_size, &len )
-             != PSA_SUCCESS )
-        {
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+        if (*p < start) {
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
         }
-        else
-        {
+
+        buffer_size = (size_t) (*p - start);
+        if (psa_export_public_key(*key_id, start, buffer_size, &len)
+            != PSA_SUCCESS) {
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+        } else {
             *p -= len;
-            memmove( *p, start, len );
+            memmove(*p, start, len);
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *c;
@@ -216,15 +217,17 @@
     mbedtls_pk_type_t pk_type;
     const char *oid;
 
-    if( size == 0 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (size == 0) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     c = buf + size;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key));
 
-    if( c - buf < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (c - buf < 1) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     /*
      *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
@@ -234,174 +237,176 @@
     *--c = 0;
     len += 1;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
 
-    pk_type = mbedtls_pk_get_type( key );
+    pk_type = mbedtls_pk_get_type(key);
 #if defined(MBEDTLS_ECP_C)
-    if( pk_type == MBEDTLS_PK_ECKEY )
-    {
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
+    if (pk_type == MBEDTLS_PK_ECKEY) {
+        MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
     }
 #endif
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( pk_type == MBEDTLS_PK_OPAQUE )
-    {
+    if (pk_type == MBEDTLS_PK_OPAQUE) {
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
         psa_key_type_t key_type;
         mbedtls_svc_key_id_t key_id;
         psa_ecc_family_t curve;
         size_t bits;
 
-        key_id = *((mbedtls_svc_key_id_t*) key->pk_ctx );
-        if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-        key_type = psa_get_key_type( &attributes );
-        bits = psa_get_key_bits( &attributes );
-        psa_reset_key_attributes( &attributes );
+        key_id = *((mbedtls_svc_key_id_t *) key->pk_ctx);
+        if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) {
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        }
+        key_type = psa_get_key_type(&attributes);
+        bits = psa_get_key_bits(&attributes);
+        psa_reset_key_attributes(&attributes);
 
-        if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) )
-        {
-            curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
-            if( curve == 0 )
-                return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+        if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) {
+            curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type);
+            if (curve == 0) {
+                return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+            }
 
-            ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits,
-                                                   &oid, &oid_len );
-            if( ret != 0 )
-                return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+            ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits,
+                                                  &oid, &oid_len);
+            if (ret != 0) {
+                return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+            }
 
             /* Write EC algorithm parameters; that's akin
              * to pk_write_ec_param() above. */
-            MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
-                                                                   oid,
-                                                                   oid_len ) );
+            MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf,
+                                                                 oid,
+                                                                 oid_len));
 
             /* The rest of the function works as for legacy EC contexts. */
             pk_type = MBEDTLS_PK_ECKEY;
-        }
-        else if( PSA_KEY_TYPE_IS_RSA( key_type ) )
-        {
+        } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
             /* The rest of the function works as for legacy RSA contexts. */
             pk_type = MBEDTLS_PK_RSA;
-        }
-        else
-        {
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+        } else {
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
         }
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
-                                               &oid_len ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
+                                             &oid_len)) != 0) {
+        return ret;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
-                                                        par_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len,
+                                                                      par_len));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_pk_write_key_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *c;
     size_t len = 0;
 
-    if( size == 0 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (size == 0) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     c = buf + size;
 
 #if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
         mbedtls_mpi T; /* Temporary holding the exported parameters */
-        mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
+        mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key);
 
         /*
          * Export the parameters one after another to avoid simultaneous copies.
          */
 
-        mbedtls_mpi_init( &T );
+        mbedtls_mpi_init(&T);
 
         /* Export QP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export DQ */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export DP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export Q */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         &T, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+                                      &T, NULL, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export P */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export(rsa, NULL, &T,
+                                      NULL, NULL, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export D */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, &T, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+                                      NULL, &T, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export E */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, NULL, &T ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
+                                      NULL, NULL, &T)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
         /* Export N */
-        if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
+        if ((ret = mbedtls_rsa_export(rsa, &T, NULL,
+                                      NULL, NULL, NULL)) != 0 ||
+            (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
             goto end_of_export;
+        }
         len += ret;
 
-    end_of_export:
+end_of_export:
 
-        mbedtls_mpi_free( &T );
-        if( ret < 0 )
-            return( ret );
+        mbedtls_mpi_free(&T);
+        if (ret < 0) {
+            return ret;
+        }
 
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
-                                               buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                               MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c,
+                                                         buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                         MBEDTLS_ASN1_SEQUENCE));
+    } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
+        mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
         size_t pub_len = 0, par_len = 0;
 
         /*
@@ -416,44 +421,46 @@
          */
 
         /* publicKey */
-        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
+        MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec));
 
-        if( c - buf < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        if (c - buf < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
         *--c = 0;
         pub_len += 1;
 
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+        MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
+        MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
 
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
+        MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
+        MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf,
+                                                             MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                             MBEDTLS_ASN1_CONSTRUCTED | 1));
         len += pub_len;
 
         /* parameters */
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
+        MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec));
 
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+        MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len));
+        MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf,
+                                                             MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                             MBEDTLS_ASN1_CONSTRUCTED | 0));
         len += par_len;
 
         /* privateKey */
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
+        MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec));
 
         /* version */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1));
 
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                         MBEDTLS_ASN1_SEQUENCE));
+    } else
 #endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 
-    return( (int) len );
+    return (int) len;
 }
 
 #if defined(MBEDTLS_PEM_WRITE_C)
@@ -467,70 +474,64 @@
 #define PEM_END_PRIVATE_KEY_EC      "-----END EC PRIVATE KEY-----\n"
 
 #define PUB_DER_MAX_BYTES                                                   \
-    ( MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
-      MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES )
+    (MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
+     MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES : MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES)
 #define PRV_DER_MAX_BYTES                                                   \
-    ( MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
-      MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES )
+    (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES > MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES ? \
+     MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES : MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES)
 
-int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char output_buf[PUB_DER_MAX_BYTES];
     size_t olen = 0;
 
-    if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
-                                     sizeof(output_buf) ) ) < 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
+                                           sizeof(output_buf))) < 0) {
+        return ret;
     }
 
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
+                                        output_buf + sizeof(output_buf) - ret,
+                                        ret, buf, size, &olen)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_pk_write_key_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char output_buf[PRV_DER_MAX_BYTES];
     const char *begin, *end;
     size_t olen = 0;
 
-    if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
         begin = PEM_BEGIN_PRIVATE_KEY_RSA;
         end = PEM_END_PRIVATE_KEY_RSA;
-    }
-    else
+    } else
 #endif
 #if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
+    if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
         begin = PEM_BEGIN_PRIVATE_KEY_EC;
         end = PEM_END_PRIVATE_KEY_EC;
-    }
-    else
+    } else
 #endif
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 
-    if( ( ret = mbedtls_pem_write_buffer( begin, end,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pem_write_buffer(begin, end,
+                                        output_buf + sizeof(output_buf) - ret,
+                                        ret, buf, size, &olen)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PEM_WRITE_C */
 
diff --git a/library/pkwrite.h b/library/pkwrite.h
index 77d3b91..8aebd0c 100644
--- a/library/pkwrite.h
+++ b/library/pkwrite.h
@@ -44,7 +44,7 @@
  *      publicExponent    INTEGER   -- e            1 + 3 + MPI_MAX + 1
  *  }
  */
-#define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES    ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
+#define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES    (38 + 2 * MBEDTLS_MPI_MAX_SIZE)
 
 /*
  * RSA private keys:
@@ -61,10 +61,10 @@
  *      otherPrimeInfos   OtherPrimeInfos OPTIONAL  0 (not supported)
  *  }
  */
-#define MBEDTLS_MPI_MAX_SIZE_2  ( MBEDTLS_MPI_MAX_SIZE / 2 + \
-                                  MBEDTLS_MPI_MAX_SIZE % 2 )
-#define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES    ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
-                                              + 5 * MBEDTLS_MPI_MAX_SIZE_2 )
+#define MBEDTLS_MPI_MAX_SIZE_2  (MBEDTLS_MPI_MAX_SIZE / 2 + \
+                                 MBEDTLS_MPI_MAX_SIZE % 2)
+#define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES    (47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+                                             + 5 * MBEDTLS_MPI_MAX_SIZE_2)
 
 #else /* MBEDTLS_RSA_C */
 
@@ -85,7 +85,7 @@
  *                                            + 2 * ECP_MAX (coords)    [1]
  *  }
  */
-#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES    ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
+#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES    (30 + 2 * MBEDTLS_ECP_MAX_BYTES)
 
 /*
  * EC private keys:
@@ -96,7 +96,7 @@
  *      publicKey  [1] BIT STRING OPTIONAL      1 + 2 + [1] above
  *    }
  */
-#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES    ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
+#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES    (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
 
 #else /* MBEDTLS_ECP_C */
 
diff --git a/library/platform.c b/library/platform.c
index 6151e6c..b15b7b2 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -30,22 +30,22 @@
  * configuration via mbedtls_platform_set_calloc_free(). So, omit everything
  * related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */
 #if defined(MBEDTLS_PLATFORM_MEMORY) &&                 \
-    !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&        \
-       defined(MBEDTLS_PLATFORM_FREE_MACRO) )
+    !(defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&        \
+    defined(MBEDTLS_PLATFORM_FREE_MACRO))
 
 #if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-static void *platform_calloc_uninit( size_t n, size_t size )
+static void *platform_calloc_uninit(size_t n, size_t size)
 {
     ((void) n);
     ((void) size);
-    return( NULL );
+    return NULL;
 }
 
 #define MBEDTLS_PLATFORM_STD_CALLOC   platform_calloc_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
 
 #if !defined(MBEDTLS_PLATFORM_STD_FREE)
-static void platform_free_uninit( void *ptr )
+static void platform_free_uninit(void *ptr)
 {
     ((void) ptr);
 }
@@ -53,25 +53,25 @@
 #define MBEDTLS_PLATFORM_STD_FREE     platform_free_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_FREE */
 
-static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
-static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE;
+static void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC;
+static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE;
 
-void * mbedtls_calloc( size_t nmemb, size_t size )
+void *mbedtls_calloc(size_t nmemb, size_t size)
 {
-    return (*mbedtls_calloc_func)( nmemb, size );
+    return (*mbedtls_calloc_func)(nmemb, size);
 }
 
-void mbedtls_free( void * ptr )
+void mbedtls_free(void *ptr)
 {
-    (*mbedtls_free_func)( ptr );
+    (*mbedtls_free_func)(ptr);
 }
 
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) )
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+                                     void (*free_func)(void *))
 {
     mbedtls_calloc_func = calloc_func;
     mbedtls_free_func = free_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_MEMORY &&
           !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
@@ -79,16 +79,16 @@
 
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 #include <stdarg.h>
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     va_list argp;
 
-    va_start( argp, fmt );
-    ret = mbedtls_vsnprintf( s, n, fmt, argp );
-    va_end( argp );
+    va_start(argp, fmt);
+    ret = mbedtls_vsnprintf(s, n, fmt, argp);
+    va_end(argp);
 
-    return( ret );
+    return ret;
 }
 #endif
 
@@ -97,53 +97,53 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_snprintf_uninit( char * s, size_t n,
-                                     const char * format, ... )
+static int platform_snprintf_uninit(char *s, size_t n,
+                                    const char *format, ...)
 {
     ((void) s);
     ((void) n);
     ((void) format);
-    return( 0 );
+    return 0;
 }
 
 #define MBEDTLS_PLATFORM_STD_SNPRINTF    platform_snprintf_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
 
-int (*mbedtls_snprintf)( char * s, size_t n,
-                          const char * format,
-                          ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
+int (*mbedtls_snprintf)(char *s, size_t n,
+                        const char *format,
+                        ...) = MBEDTLS_PLATFORM_STD_SNPRINTF;
 
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format,
-                                                 ... ) )
+int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
+                                                       const char *format,
+                                                       ...))
 {
     mbedtls_snprintf = snprintf_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
 
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
 #include <stdarg.h>
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
+int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Avoid calling the invalid parameter handler by checking ourselves */
-    if( s == NULL || n == 0 || fmt == NULL )
-        return( -1 );
+    if (s == NULL || n == 0 || fmt == NULL) {
+        return -1;
+    }
 
 #if defined(_TRUNCATE)
-    ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
+    ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg);
 #else
-    ret = vsnprintf( s, n, fmt, arg );
-    if( ret < 0 || (size_t) ret == n )
-    {
+    ret = vsnprintf(s, n, fmt, arg);
+    if (ret < 0 || (size_t) ret == n) {
         s[n-1] = '\0';
         ret = -1;
     }
 #endif
 
-    return( ret );
+    return ret;
 }
 #endif
 
@@ -152,29 +152,29 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_vsnprintf_uninit( char * s, size_t n,
-                                     const char * format, va_list arg )
+static int platform_vsnprintf_uninit(char *s, size_t n,
+                                     const char *format, va_list arg)
 {
     ((void) s);
     ((void) n);
     ((void) format);
     ((void) arg);
-    return( -1 );
+    return -1;
 }
 
 #define MBEDTLS_PLATFORM_STD_VSNPRINTF    platform_vsnprintf_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
 
-int (*mbedtls_vsnprintf)( char * s, size_t n,
-                          const char * format,
-                          va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
+int (*mbedtls_vsnprintf)(char *s, size_t n,
+                         const char *format,
+                         va_list arg) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
 
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
-                                                 const char * format,
-                                                 va_list arg ) )
+int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
+                                                         const char *format,
+                                                         va_list arg))
 {
     mbedtls_vsnprintf = vsnprintf_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
 
@@ -183,21 +183,21 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_printf_uninit( const char *format, ... )
+static int platform_printf_uninit(const char *format, ...)
 {
     ((void) format);
-    return( 0 );
+    return 0;
 }
 
 #define MBEDTLS_PLATFORM_STD_PRINTF    platform_printf_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
 
-int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
+int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF;
 
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...))
 {
     mbedtls_printf = printf_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
 
@@ -206,23 +206,23 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
+static int platform_fprintf_uninit(FILE *stream, const char *format, ...)
 {
     ((void) stream);
     ((void) format);
-    return( 0 );
+    return 0;
 }
 
 #define MBEDTLS_PLATFORM_STD_FPRINTF   platform_fprintf_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
 
-int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
-                                        MBEDTLS_PLATFORM_STD_FPRINTF;
+int (*mbedtls_fprintf)(FILE *, const char *, ...) =
+    MBEDTLS_PLATFORM_STD_FPRINTF;
 
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...))
 {
     mbedtls_fprintf = fprintf_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
 
@@ -231,20 +231,20 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static void platform_setbuf_uninit( FILE *stream, char *buf )
+static void platform_setbuf_uninit(FILE *stream, char *buf)
 {
-   ((void) stream);
-   ((void) buf);
+    ((void) stream);
+    ((void) buf);
 }
 
 #define MBEDTLS_PLATFORM_STD_SETBUF   platform_setbuf_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_SETBUF */
-void (*mbedtls_setbuf)( FILE *stream, char *buf ) = MBEDTLS_PLATFORM_STD_SETBUF;
+void (*mbedtls_setbuf)(FILE *stream, char *buf) = MBEDTLS_PLATFORM_STD_SETBUF;
 
-int mbedtls_platform_set_setbuf( void (*setbuf_func)( FILE *stream, char *buf ) )
+int mbedtls_platform_set_setbuf(void (*setbuf_func)(FILE *stream, char *buf))
 {
-   mbedtls_setbuf = setbuf_func;
-   return( 0 );
+    mbedtls_setbuf = setbuf_func;
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
 
@@ -253,7 +253,7 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static void platform_exit_uninit( int status )
+static void platform_exit_uninit(int status)
 {
     ((void) status);
 }
@@ -261,12 +261,12 @@
 #define MBEDTLS_PLATFORM_STD_EXIT   platform_exit_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_EXIT */
 
-void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
+void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT;
 
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
+int mbedtls_platform_set_exit(void (*exit_func)(int status))
 {
     mbedtls_exit = exit_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_EXIT_ALT */
 
@@ -277,21 +277,21 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
+static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer)
 {
     ((void) timer);
-    return( 0 );
+    return 0;
 }
 
 #define MBEDTLS_PLATFORM_STD_TIME   platform_time_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_TIME */
 
-mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
+mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME;
 
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer))
 {
     mbedtls_time = time_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_TIME_ALT */
 
@@ -302,47 +302,47 @@
 /* Default implementations for the platform independent seed functions use
  * standard libc file functions to read from and write to a pre-defined filename
  */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len)
 {
     FILE *file;
     size_t n;
 
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
-        return( -1 );
-
-    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( file, NULL );
-
-    if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
-        mbedtls_platform_zeroize( buf, buf_len );
-        return( -1 );
+    if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) {
+        return -1;
     }
 
-    fclose( file );
-    return( (int)n );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf(file, NULL);
+
+    if ((n = fread(buf, 1, buf_len, file)) != buf_len) {
+        fclose(file);
+        mbedtls_platform_zeroize(buf, buf_len);
+        return -1;
+    }
+
+    fclose(file);
+    return (int) n;
 }
 
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len)
 {
     FILE *file;
     size_t n;
 
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
-        return -1;
-
-    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( file, NULL );
-
-    if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
+    if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) {
         return -1;
     }
 
-    fclose( file );
-    return( (int)n );
+    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+    mbedtls_setbuf(file, NULL);
+
+    if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) {
+        fclose(file);
+        return -1;
+    }
+
+    fclose(file);
+    return (int) n;
 }
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
@@ -351,11 +351,11 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len)
 {
     ((void) buf);
     ((void) buf_len);
-    return( -1 );
+    return -1;
 }
 
 #define MBEDTLS_PLATFORM_STD_NV_SEED_READ   platform_nv_seed_read_uninit
@@ -365,28 +365,28 @@
 /*
  * Make dummy function to prevent NULL pointer dereferences
  */
-static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
+static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len)
 {
     ((void) buf);
     ((void) buf_len);
-    return( -1 );
+    return -1;
 }
 
 #define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE   platform_nv_seed_write_uninit
 #endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
 
-int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_READ;
-int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
+int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) =
+    MBEDTLS_PLATFORM_STD_NV_SEED_READ;
+int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) =
+    MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
 
 int mbedtls_platform_set_nv_seed(
-        int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-        int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
+    int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len),
+    int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len))
 {
     mbedtls_nv_seed_read = nv_seed_read_func;
     mbedtls_nv_seed_write = nv_seed_write_func;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
@@ -395,19 +395,19 @@
 /*
  * Placeholder platform setup that does nothing by default
  */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+int mbedtls_platform_setup(mbedtls_platform_context *ctx)
 {
-    (void)ctx;
+    (void) ctx;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Placeholder platform teardown that does nothing by default
  */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx)
 {
-    (void)ctx;
+    (void) ctx;
 }
 #endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
 
diff --git a/library/platform_util.c b/library/platform_util.c
index 2b674f6..f935b90 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -62,14 +62,15 @@
  * mbedtls_platform_zeroize() to use a suitable implementation for their
  * platform and needs.
  */
-static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
+static void *(*const volatile memset_func)(void *, int, size_t) = memset;
 
-void mbedtls_platform_zeroize( void *buf, size_t len )
+void mbedtls_platform_zeroize(void *buf, size_t len)
 {
-    MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
+    MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
 
-    if( len > 0 )
-        memset_func( buf, 0, len );
+    if (len > 0) {
+        memset_func(buf, 0, len);
+    }
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
 
@@ -83,9 +84,9 @@
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-         _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
+#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) ||     \
+    (defined(_POSIX_THREAD_SAFE_FUNCTIONS) &&                     \
+    _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L))
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
@@ -93,70 +94,74 @@
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
  * we keep it private by only defining it in this file
  */
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) || \
-      ( defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) )
+#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)) || \
+    (defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR))
 #define PLATFORM_UTIL_USE_GMTIME
 #endif
 
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
 
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
-                                      struct tm *tm_buf )
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+                                     struct tm *tm_buf)
 {
 #if defined(_WIN32) && !defined(PLATFORM_UTIL_USE_GMTIME)
 #if defined(__STDC_LIB_EXT1__)
-    return( ( gmtime_s( tt, tm_buf ) == 0 ) ? NULL : tm_buf );
+    return (gmtime_s(tt, tm_buf) == 0) ? NULL : tm_buf;
 #else
     /* MSVC and mingw64 argument order and return value are inconsistent with the C11 standard */
-    return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
+    return (gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL;
 #endif
 #elif !defined(PLATFORM_UTIL_USE_GMTIME)
-    return( gmtime_r( tt, tm_buf ) );
+    return gmtime_r(tt, tm_buf);
 #else
     struct tm *lt;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( NULL );
+    if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) {
+        return NULL;
+    }
 #endif /* MBEDTLS_THREADING_C */
 
-    lt = gmtime( tt );
+    lt = gmtime(tt);
 
-    if( lt != NULL )
-    {
-        memcpy( tm_buf, lt, sizeof( struct tm ) );
+    if (lt != NULL) {
+        memcpy(tm_buf, lt, sizeof(struct tm));
     }
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( NULL );
+    if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) {
+        return NULL;
+    }
 #endif /* MBEDTLS_THREADING_C */
 
-    return( ( lt == NULL ) ? NULL : tm_buf );
+    return (lt == NULL) ? NULL : tm_buf;
 #endif /* _WIN32 && !EFIX64 && !EFI32 */
 }
 #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
 #if defined(MBEDTLS_TEST_HOOKS)
-void (*mbedtls_test_hook_test_fail)( const char *, int, const char *);
+void (*mbedtls_test_hook_test_fail)(const char *, int, const char *);
 #endif /* MBEDTLS_TEST_HOOKS */
 
 /*
  * Provide external definitions of some inline functions so that the compiler
  * has the option to not inline them
  */
-extern inline void mbedtls_xor( unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n );
+extern inline void mbedtls_xor(unsigned char *r,
+                               const unsigned char *a,
+                               const unsigned char *b,
+                               size_t n);
 
-extern inline uint16_t mbedtls_get_unaligned_uint16( const void *p );
+extern inline uint16_t mbedtls_get_unaligned_uint16(const void *p);
 
-extern inline void mbedtls_put_unaligned_uint16( void *p, uint16_t x );
+extern inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x);
 
-extern inline uint32_t mbedtls_get_unaligned_uint32( const void *p );
+extern inline uint32_t mbedtls_get_unaligned_uint32(const void *p);
 
-extern inline void mbedtls_put_unaligned_uint32( void *p, uint32_t x );
+extern inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x);
 
-extern inline uint64_t mbedtls_get_unaligned_uint64( const void *p );
+extern inline uint64_t mbedtls_get_unaligned_uint64(const void *p);
 
-extern inline void mbedtls_put_unaligned_uint64( void *p, uint64_t x );
+extern inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x);
diff --git a/library/poly1305.c b/library/poly1305.c
index 4d0cdee..f4e1d3f 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -32,14 +32,14 @@
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
-#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
+#define POLY1305_BLOCK_SIZE_BYTES (16U)
 
 /*
  * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
  * However we provided an alternative for platforms without such a multiplier.
  */
 #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
-static uint64_t mul64( uint32_t a, uint32_t b )
+static uint64_t mul64(uint32_t a, uint32_t b)
 {
     /* a = al + 2**16 ah, b = bl + 2**16 bh */
     const uint16_t al = (uint16_t) a;
@@ -49,15 +49,15 @@
 
     /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
     const uint32_t lo = (uint32_t) al * bl;
-    const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh;
+    const uint64_t me = (uint64_t) ((uint32_t) ah * bl) + (uint32_t) al * bh;
     const uint32_t hi = (uint32_t) ah * bh;
 
-    return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) );
+    return lo + (me << 16) + ((uint64_t) hi << 32);
 }
 #else
-static inline uint64_t mul64( uint32_t a, uint32_t b )
+static inline uint64_t mul64(uint32_t a, uint32_t b)
 {
-    return( (uint64_t) a * b );
+    return (uint64_t) a * b;
 }
 #endif
 
@@ -73,10 +73,10 @@
  *                          applied to the input data before calling this
  *                          function.  Otherwise, set this parameter to 1.
  */
-static void poly1305_process( mbedtls_poly1305_context *ctx,
-                              size_t nblocks,
-                              const unsigned char *input,
-                              uint32_t needs_padding )
+static void poly1305_process(mbedtls_poly1305_context *ctx,
+                             size_t nblocks,
+                             const unsigned char *input,
+                             uint32_t needs_padding)
 {
     uint64_t d0, d1, d2, d3;
     uint32_t acc0, acc1, acc2, acc3, acc4;
@@ -90,9 +90,9 @@
     r2 = ctx->r[2];
     r3 = ctx->r[3];
 
-    rs1 = r1 + ( r1 >> 2U );
-    rs2 = r2 + ( r2 >> 2U );
-    rs3 = r3 + ( r3 >> 2U );
+    rs1 = r1 + (r1 >> 2U);
+    rs2 = r2 + (r2 >> 2U);
+    rs3 = r3 + (r3 >> 2U);
 
     acc0 = ctx->acc[0];
     acc1 = ctx->acc[1];
@@ -101,67 +101,66 @@
     acc4 = ctx->acc[4];
 
     /* Process full blocks */
-    for( i = 0U; i < nblocks; i++ )
-    {
+    for (i = 0U; i < nblocks; i++) {
         /* The input block is treated as a 128-bit little-endian integer */
-        d0   = MBEDTLS_GET_UINT32_LE( input, offset + 0  );
-        d1   = MBEDTLS_GET_UINT32_LE( input, offset + 4  );
-        d2   = MBEDTLS_GET_UINT32_LE( input, offset + 8  );
-        d3   = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
+        d0   = MBEDTLS_GET_UINT32_LE(input, offset + 0);
+        d1   = MBEDTLS_GET_UINT32_LE(input, offset + 4);
+        d2   = MBEDTLS_GET_UINT32_LE(input, offset + 8);
+        d3   = MBEDTLS_GET_UINT32_LE(input, offset + 12);
 
         /* Compute: acc += (padded) block as a 130-bit integer */
         d0  += (uint64_t) acc0;
-        d1  += (uint64_t) acc1 + ( d0 >> 32U );
-        d2  += (uint64_t) acc2 + ( d1 >> 32U );
-        d3  += (uint64_t) acc3 + ( d2 >> 32U );
+        d1  += (uint64_t) acc1 + (d0 >> 32U);
+        d2  += (uint64_t) acc2 + (d1 >> 32U);
+        d3  += (uint64_t) acc3 + (d2 >> 32U);
         acc0 = (uint32_t) d0;
         acc1 = (uint32_t) d1;
         acc2 = (uint32_t) d2;
         acc3 = (uint32_t) d3;
-        acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
+        acc4 += (uint32_t) (d3 >> 32U) + needs_padding;
 
         /* Compute: acc *= r */
-        d0 = mul64( acc0, r0  ) +
-             mul64( acc1, rs3 ) +
-             mul64( acc2, rs2 ) +
-             mul64( acc3, rs1 );
-        d1 = mul64( acc0, r1  ) +
-             mul64( acc1, r0  ) +
-             mul64( acc2, rs3 ) +
-             mul64( acc3, rs2 ) +
-             mul64( acc4, rs1 );
-        d2 = mul64( acc0, r2  ) +
-             mul64( acc1, r1  ) +
-             mul64( acc2, r0  ) +
-             mul64( acc3, rs3 ) +
-             mul64( acc4, rs2 );
-        d3 = mul64( acc0, r3  ) +
-             mul64( acc1, r2  ) +
-             mul64( acc2, r1  ) +
-             mul64( acc3, r0  ) +
-             mul64( acc4, rs3 );
+        d0 = mul64(acc0, r0) +
+             mul64(acc1, rs3) +
+             mul64(acc2, rs2) +
+             mul64(acc3, rs1);
+        d1 = mul64(acc0, r1) +
+             mul64(acc1, r0) +
+             mul64(acc2, rs3) +
+             mul64(acc3, rs2) +
+             mul64(acc4, rs1);
+        d2 = mul64(acc0, r2) +
+             mul64(acc1, r1) +
+             mul64(acc2, r0) +
+             mul64(acc3, rs3) +
+             mul64(acc4, rs2);
+        d3 = mul64(acc0, r3) +
+             mul64(acc1, r2) +
+             mul64(acc2, r1) +
+             mul64(acc3, r0) +
+             mul64(acc4, rs3);
         acc4 *= r0;
 
         /* Compute: acc %= (2^130 - 5) (partial remainder) */
-        d1 += ( d0 >> 32 );
-        d2 += ( d1 >> 32 );
-        d3 += ( d2 >> 32 );
+        d1 += (d0 >> 32);
+        d2 += (d1 >> 32);
+        d3 += (d2 >> 32);
         acc0 = (uint32_t) d0;
         acc1 = (uint32_t) d1;
         acc2 = (uint32_t) d2;
         acc3 = (uint32_t) d3;
-        acc4 = (uint32_t) ( d3 >> 32 ) + acc4;
+        acc4 = (uint32_t) (d3 >> 32) + acc4;
 
-        d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
+        d0 = (uint64_t) acc0 + (acc4 >> 2) + (acc4 & 0xFFFFFFFCU);
         acc4 &= 3U;
         acc0 = (uint32_t) d0;
-        d0 = (uint64_t) acc1 + ( d0 >> 32U );
+        d0 = (uint64_t) acc1 + (d0 >> 32U);
         acc1 = (uint32_t) d0;
-        d0 = (uint64_t) acc2 + ( d0 >> 32U );
+        d0 = (uint64_t) acc2 + (d0 >> 32U);
         acc2 = (uint32_t) d0;
-        d0 = (uint64_t) acc3 + ( d0 >> 32U );
+        d0 = (uint64_t) acc3 + (d0 >> 32U);
         acc3 = (uint32_t) d0;
-        d0 = (uint64_t) acc4 + ( d0 >> 32U );
+        d0 = (uint64_t) acc4 + (d0 >> 32U);
         acc4 = (uint32_t) d0;
 
         offset    += POLY1305_BLOCK_SIZE_BYTES;
@@ -181,8 +180,8 @@
  * \param mac               The buffer to where the MAC is written. Must be
  *                          big enough to contain the 16-byte MAC.
  */
-static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
-                                  unsigned char mac[16] )
+static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx,
+                                 unsigned char mac[16])
 {
     uint64_t d;
     uint32_t g0, g1, g2, g3, g4;
@@ -202,68 +201,69 @@
      */
 
     /* Calculate acc + -(2^130 - 5) */
-    d  = ( (uint64_t) acc0 + 5U );
+    d  = ((uint64_t) acc0 + 5U);
     g0 = (uint32_t) d;
-    d  = ( (uint64_t) acc1 + ( d >> 32 ) );
+    d  = ((uint64_t) acc1 + (d >> 32));
     g1 = (uint32_t) d;
-    d  = ( (uint64_t) acc2 + ( d >> 32 ) );
+    d  = ((uint64_t) acc2 + (d >> 32));
     g2 = (uint32_t) d;
-    d  = ( (uint64_t) acc3 + ( d >> 32 ) );
+    d  = ((uint64_t) acc3 + (d >> 32));
     g3 = (uint32_t) d;
-    g4 = acc4 + (uint32_t) ( d >> 32U );
+    g4 = acc4 + (uint32_t) (d >> 32U);
 
     /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
-    mask = (uint32_t) 0U - ( g4 >> 2U );
+    mask = (uint32_t) 0U - (g4 >> 2U);
     mask_inv = ~mask;
 
     /* If 131st bit is set then acc=g, otherwise, acc is unmodified */
-    acc0 = ( acc0 & mask_inv ) | ( g0 & mask );
-    acc1 = ( acc1 & mask_inv ) | ( g1 & mask );
-    acc2 = ( acc2 & mask_inv ) | ( g2 & mask );
-    acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
+    acc0 = (acc0 & mask_inv) | (g0 & mask);
+    acc1 = (acc1 & mask_inv) | (g1 & mask);
+    acc2 = (acc2 & mask_inv) | (g2 & mask);
+    acc3 = (acc3 & mask_inv) | (g3 & mask);
 
     /* Add 's' */
     d = (uint64_t) acc0 + ctx->s[0];
     acc0 = (uint32_t) d;
-    d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U );
+    d = (uint64_t) acc1 + ctx->s[1] + (d >> 32U);
     acc1 = (uint32_t) d;
-    d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U );
+    d = (uint64_t) acc2 + ctx->s[2] + (d >> 32U);
     acc2 = (uint32_t) d;
-    acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
+    acc3 += ctx->s[3] + (uint32_t) (d >> 32U);
 
     /* Compute MAC (128 least significant bits of the accumulator) */
-    MBEDTLS_PUT_UINT32_LE( acc0, mac,  0 );
-    MBEDTLS_PUT_UINT32_LE( acc1, mac,  4 );
-    MBEDTLS_PUT_UINT32_LE( acc2, mac,  8 );
-    MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
+    MBEDTLS_PUT_UINT32_LE(acc0, mac,  0);
+    MBEDTLS_PUT_UINT32_LE(acc1, mac,  4);
+    MBEDTLS_PUT_UINT32_LE(acc2, mac,  8);
+    MBEDTLS_PUT_UINT32_LE(acc3, mac, 12);
 }
 
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
+void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx)
 {
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));
 }
 
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
+void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));
 }
 
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
-                             const unsigned char key[32] )
+int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
+                            const unsigned char key[32])
 {
     /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
-    ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 )  & 0x0FFFFFFFU;
-    ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 )  & 0x0FFFFFFCU;
-    ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 )  & 0x0FFFFFFCU;
-    ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
+    ctx->r[0] = MBEDTLS_GET_UINT32_LE(key, 0)  & 0x0FFFFFFFU;
+    ctx->r[1] = MBEDTLS_GET_UINT32_LE(key, 4)  & 0x0FFFFFFCU;
+    ctx->r[2] = MBEDTLS_GET_UINT32_LE(key, 8)  & 0x0FFFFFFCU;
+    ctx->r[3] = MBEDTLS_GET_UINT32_LE(key, 12) & 0x0FFFFFFCU;
 
-    ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
-    ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
-    ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
-    ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
+    ctx->s[0] = MBEDTLS_GET_UINT32_LE(key, 16);
+    ctx->s[1] = MBEDTLS_GET_UINT32_LE(key, 20);
+    ctx->s[2] = MBEDTLS_GET_UINT32_LE(key, 24);
+    ctx->s[3] = MBEDTLS_GET_UINT32_LE(key, 28);
 
     /* Initial accumulator state */
     ctx->acc[0] = 0U;
@@ -273,121 +273,116 @@
     ctx->acc[4] = 0U;
 
     /* Queue initially empty */
-    mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) );
+    mbedtls_platform_zeroize(ctx->queue, sizeof(ctx->queue));
     ctx->queue_len = 0U;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen )
+int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
+                            const unsigned char *input,
+                            size_t ilen)
 {
     size_t offset    = 0U;
     size_t remaining = ilen;
     size_t queue_free_len;
     size_t nblocks;
 
-    if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
-    {
-        queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+    if ((remaining > 0U) && (ctx->queue_len > 0U)) {
+        queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);
 
-        if( ilen < queue_free_len )
-        {
+        if (ilen < queue_free_len) {
             /* Not enough data to complete the block.
              * Store this data with the other leftovers.
              */
-            memcpy( &ctx->queue[ctx->queue_len],
-                    input,
-                    ilen );
+            memcpy(&ctx->queue[ctx->queue_len],
+                   input,
+                   ilen);
 
             ctx->queue_len += ilen;
 
             remaining = 0U;
-        }
-        else
-        {
+        } else {
             /* Enough data to produce a complete block */
-            memcpy( &ctx->queue[ctx->queue_len],
-                    input,
-                    queue_free_len );
+            memcpy(&ctx->queue[ctx->queue_len],
+                   input,
+                   queue_free_len);
 
             ctx->queue_len = 0U;
 
-            poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */
+            poly1305_process(ctx, 1U, ctx->queue, 1U);   /* add padding bit */
 
             offset    += queue_free_len;
             remaining -= queue_free_len;
         }
     }
 
-    if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
-    {
+    if (remaining >= POLY1305_BLOCK_SIZE_BYTES) {
         nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
 
-        poly1305_process( ctx, nblocks, &input[offset], 1U );
+        poly1305_process(ctx, nblocks, &input[offset], 1U);
 
         offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
         remaining %= POLY1305_BLOCK_SIZE_BYTES;
     }
 
-    if( remaining > 0U )
-    {
+    if (remaining > 0U) {
         /* Store partial block */
         ctx->queue_len = remaining;
-        memcpy( ctx->queue, &input[offset], remaining );
+        memcpy(ctx->queue, &input[offset], remaining);
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
-                             unsigned char mac[16] )
+int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
+                            unsigned char mac[16])
 {
     /* Process any leftover data */
-    if( ctx->queue_len > 0U )
-    {
+    if (ctx->queue_len > 0U) {
         /* Add padding bit */
         ctx->queue[ctx->queue_len] = 1U;
         ctx->queue_len++;
 
         /* Pad with zeroes */
-        memset( &ctx->queue[ctx->queue_len],
-                0,
-                POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+        memset(&ctx->queue[ctx->queue_len],
+               0,
+               POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);
 
-        poly1305_process( ctx, 1U,          /* Process 1 block */
-                          ctx->queue, 0U ); /* Already padded above */
+        poly1305_process(ctx, 1U,           /* Process 1 block */
+                         ctx->queue, 0U);   /* Already padded above */
     }
 
-    poly1305_compute_mac( ctx, mac );
+    poly1305_compute_mac(ctx, mac);
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_poly1305_mac( const unsigned char key[32],
-                          const unsigned char *input,
-                          size_t ilen,
-                          unsigned char mac[16] )
+int mbedtls_poly1305_mac(const unsigned char key[32],
+                         const unsigned char *input,
+                         size_t ilen,
+                         unsigned char mac[16])
 {
     mbedtls_poly1305_context ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_poly1305_init( &ctx );
+    mbedtls_poly1305_init(&ctx);
 
-    ret = mbedtls_poly1305_starts( &ctx, key );
-    if( ret != 0 )
+    ret = mbedtls_poly1305_starts(&ctx, key);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_poly1305_update( &ctx, input, ilen );
-    if( ret != 0 )
+    ret = mbedtls_poly1305_update(&ctx, input, ilen);
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_poly1305_finish( &ctx, mac );
+    ret = mbedtls_poly1305_finish(&ctx, mac);
 
 cleanup:
-    mbedtls_poly1305_free( &ctx );
-    return( ret );
+    mbedtls_poly1305_free(&ctx);
+    return ret;
 }
 
 #endif /* MBEDTLS_POLY1305_ALT */
@@ -460,46 +455,48 @@
 /* Make sure no other definition is already present. */
 #undef ASSERT
 
-#define ASSERT( cond, args )            \
+#define ASSERT(cond, args)            \
     do                                  \
     {                                   \
-        if( ! ( cond ) )                \
+        if (!(cond))                \
         {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
+            if (verbose != 0)          \
+            mbedtls_printf args;    \
                                         \
-            return( -1 );               \
+            return -1;               \
         }                               \
     }                                   \
-    while( 0 )
+    while (0)
 
-int mbedtls_poly1305_self_test( int verbose )
+int mbedtls_poly1305_self_test(int verbose)
 {
     unsigned char mac[16];
     unsigned i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    for( i = 0U; i < 2U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  Poly1305 test %u ", i );
+    for (i = 0U; i < 2U; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  Poly1305 test %u ", i);
+        }
 
-        ret = mbedtls_poly1305_mac( test_keys[i],
-                                    test_data[i],
-                                    test_data_len[i],
-                                    mac );
-        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
+        ret = mbedtls_poly1305_mac(test_keys[i],
+                                   test_data[i],
+                                   test_data_len[i],
+                                   mac);
+        ASSERT(0 == ret, ("error code: %i\n", ret));
 
-        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
+        ASSERT(0 == memcmp(mac, test_mac[i], 16U), ("failed (mac)\n"));
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cb5791f..0a8949f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -82,7 +82,7 @@
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
 
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) ||          \
     defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) ||  \
@@ -94,9 +94,9 @@
 /* Global data, support functions and library management */
 /****************************************************************/
 
-static int key_type_is_raw_bytes( psa_key_type_t type )
+static int key_type_is_raw_bytes(psa_key_type_t type)
 {
-    return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
+    return PSA_KEY_TYPE_IS_UNSTRUCTURED(type);
 }
 
 /* Values for psa_global_data_t::rng_state */
@@ -104,8 +104,7 @@
 #define RNG_INITIALIZED 1
 #define RNG_SEEDED 2
 
-typedef struct
-{
+typedef struct {
     unsigned initialized : 1;
     unsigned rng_state : 2;
     mbedtls_psa_random_context_t rng;
@@ -119,204 +118,203 @@
 #endif
 
 #define GUARD_MODULE_INITIALIZED        \
-    if( global_data.initialized == 0 )  \
-        return( PSA_ERROR_BAD_STATE );
+    if (global_data.initialized == 0)  \
+    return PSA_ERROR_BAD_STATE;
 
-psa_status_t mbedtls_to_psa_error( int ret )
+psa_status_t mbedtls_to_psa_error(int ret)
 {
     /* Mbed TLS error codes can combine a high-level error code and a
      * low-level error code. The low-level error usually reflects the
      * root cause better, so dispatch on that preferably. */
-    int low_level_ret = - ( -ret & 0x007f );
-    switch( low_level_ret != 0 ? low_level_ret : ret )
-    {
+    int low_level_ret = -(-ret & 0x007f);
+    switch (low_level_ret != 0 ? low_level_ret : ret) {
         case 0:
-            return( PSA_SUCCESS );
+            return PSA_SUCCESS;
 
         case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
         case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
         case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
         case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
         case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:
         case MBEDTLS_ERR_ASN1_INVALID_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_ASN1_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
         case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
 
 #if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
         case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
 #endif
         case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
 
         case MBEDTLS_ERR_CCM_BAD_INPUT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_CCM_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
 
         case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
 
         case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
         case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
 
         case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
         case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
-            return( PSA_ERROR_INVALID_PADDING );
+            return PSA_ERROR_INVALID_PADDING;
         case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
         case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+            return PSA_ERROR_CORRUPTION_DETECTED;
 
-#if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ||      \
-       defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) )
+#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ||      \
+            defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE))
         /* Only check CTR_DRBG error codes if underlying mbedtls_xxx
          * functions are passed a CTR_DRBG instance. */
         case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
         case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
         case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
 #endif
 
         case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
 
         case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
         case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
         case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
 
         case MBEDTLS_ERR_GCM_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
         case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
         case MBEDTLS_ERR_GCM_BAD_INPUT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
 
 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&        \
-    defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
+            defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
         /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx
          * functions are passed a HMAC_DRBG instance. */
         case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
         case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG:
         case MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
 #endif
 
         case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MD_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
         case MBEDTLS_ERR_MD_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
+            return PSA_ERROR_STORAGE_FAILURE;
 
         case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
+            return PSA_ERROR_STORAGE_FAILURE;
         case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
         case MBEDTLS_ERR_MPI_NEGATIVE_VALUE:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_MPI_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
 
         case MBEDTLS_ERR_PK_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
         case MBEDTLS_ERR_PK_TYPE_MISMATCH:
         case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_PK_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
+            return PSA_ERROR_STORAGE_FAILURE;
         case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
         case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
         case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
-            return( PSA_ERROR_NOT_PERMITTED );
+            return PSA_ERROR_NOT_PERMITTED;
         case MBEDTLS_ERR_PK_INVALID_PUBKEY:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_PK_INVALID_ALG:
         case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
         case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
         case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
 
         case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
+            return PSA_ERROR_HARDWARE_FAILURE;
         case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
 
         case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_RSA_INVALID_PADDING:
-            return( PSA_ERROR_INVALID_PADDING );
+            return PSA_ERROR_INVALID_PADDING;
         case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
+            return PSA_ERROR_HARDWARE_FAILURE;
         case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
         case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+            return PSA_ERROR_CORRUPTION_DETECTED;
         case MBEDTLS_ERR_RSA_VERIFY_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
         case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
         case MBEDTLS_ERR_RSA_RNG_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
 
         case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
         case MBEDTLS_ERR_ECP_INVALID_KEY:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
         case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
         case MBEDTLS_ERR_ECP_VERIFY_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
+            return PSA_ERROR_INVALID_SIGNATURE;
         case MBEDTLS_ERR_ECP_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
         case MBEDTLS_ERR_ECP_RANDOM_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+            return PSA_ERROR_INSUFFICIENT_ENTROPY;
 
         case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+            return PSA_ERROR_CORRUPTION_DETECTED;
 
         default:
-            return( PSA_ERROR_GENERIC_ERROR );
+            return PSA_ERROR_GENERIC_ERROR;
     }
 }
 
@@ -332,99 +330,96 @@
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
-                                               size_t bits,
-                                               int bits_is_sloppy )
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
+                                              size_t bits,
+                                              int bits_is_sloppy)
 {
-    switch( curve )
-    {
+    switch (curve) {
         case PSA_ECC_FAMILY_SECP_R1:
-            switch( bits )
-            {
+            switch (bits) {
 #if defined(PSA_WANT_ECC_SECP_R1_192)
                 case 192:
-                    return( MBEDTLS_ECP_DP_SECP192R1 );
+                    return MBEDTLS_ECP_DP_SECP192R1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_R1_224)
                 case 224:
-                    return( MBEDTLS_ECP_DP_SECP224R1 );
+                    return MBEDTLS_ECP_DP_SECP224R1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_R1_256)
                 case 256:
-                    return( MBEDTLS_ECP_DP_SECP256R1 );
+                    return MBEDTLS_ECP_DP_SECP256R1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_R1_384)
                 case 384:
-                    return( MBEDTLS_ECP_DP_SECP384R1 );
+                    return MBEDTLS_ECP_DP_SECP384R1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_R1_521)
                 case 521:
-                    return( MBEDTLS_ECP_DP_SECP521R1 );
+                    return MBEDTLS_ECP_DP_SECP521R1;
                 case 528:
-                    if( bits_is_sloppy )
-                        return( MBEDTLS_ECP_DP_SECP521R1 );
+                    if (bits_is_sloppy) {
+                        return MBEDTLS_ECP_DP_SECP521R1;
+                    }
                     break;
 #endif
             }
             break;
 
         case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
-            switch( bits )
-            {
+            switch (bits) {
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
                 case 256:
-                    return( MBEDTLS_ECP_DP_BP256R1 );
+                    return MBEDTLS_ECP_DP_BP256R1;
 #endif
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
                 case 384:
-                    return( MBEDTLS_ECP_DP_BP384R1 );
+                    return MBEDTLS_ECP_DP_BP384R1;
 #endif
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
                 case 512:
-                    return( MBEDTLS_ECP_DP_BP512R1 );
+                    return MBEDTLS_ECP_DP_BP512R1;
 #endif
             }
             break;
 
         case PSA_ECC_FAMILY_MONTGOMERY:
-            switch( bits )
-            {
+            switch (bits) {
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)
                 case 255:
-                    return( MBEDTLS_ECP_DP_CURVE25519 );
+                    return MBEDTLS_ECP_DP_CURVE25519;
                 case 256:
-                    if( bits_is_sloppy )
-                        return( MBEDTLS_ECP_DP_CURVE25519 );
+                    if (bits_is_sloppy) {
+                        return MBEDTLS_ECP_DP_CURVE25519;
+                    }
                     break;
 #endif
 #if defined(PSA_WANT_ECC_MONTGOMERY_448)
                 case 448:
-                    return( MBEDTLS_ECP_DP_CURVE448 );
+                    return MBEDTLS_ECP_DP_CURVE448;
 #endif
             }
             break;
 
         case PSA_ECC_FAMILY_SECP_K1:
-            switch( bits )
-            {
+            switch (bits) {
 #if defined(PSA_WANT_ECC_SECP_K1_192)
                 case 192:
-                    return( MBEDTLS_ECP_DP_SECP192K1 );
+                    return MBEDTLS_ECP_DP_SECP192K1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_K1_224)
                 case 224:
-                    return( MBEDTLS_ECP_DP_SECP224K1 );
+                    return MBEDTLS_ECP_DP_SECP224K1;
 #endif
 #if defined(PSA_WANT_ECC_SECP_K1_256)
                 case 256:
-                    return( MBEDTLS_ECP_DP_SECP256K1 );
+                    return MBEDTLS_ECP_DP_SECP256K1;
 #endif
             }
             break;
     }
 
     (void) bits_is_sloppy;
-    return( MBEDTLS_ECP_DP_NONE );
+    return MBEDTLS_ECP_DP_NONE;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
           defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
@@ -432,12 +427,11 @@
           defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
           defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
 
-psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                     size_t bits )
+psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
+                                                    size_t bits)
 {
     /* Check that the bit size is acceptable for the key type */
-    switch( type )
-    {
+    switch (type) {
         case PSA_KEY_TYPE_RAW_DATA:
         case PSA_KEY_TYPE_HMAC:
         case PSA_KEY_TYPE_DERIVE:
@@ -446,41 +440,47 @@
             break;
 #if defined(PSA_WANT_KEY_TYPE_AES)
         case PSA_KEY_TYPE_AES:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (bits != 128 && bits != 192 && bits != 256) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif
 #if defined(PSA_WANT_KEY_TYPE_ARIA)
         case PSA_KEY_TYPE_ARIA:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (bits != 128 && bits != 192 && bits != 256) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif
 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
         case PSA_KEY_TYPE_CAMELLIA:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (bits != 128 && bits != 192 && bits != 256) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif
 #if defined(PSA_WANT_KEY_TYPE_DES)
         case PSA_KEY_TYPE_DES:
-            if( bits != 64 && bits != 128 && bits != 192 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (bits != 64 && bits != 128 && bits != 192) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif
 #if defined(PSA_WANT_KEY_TYPE_CHACHA20)
         case PSA_KEY_TYPE_CHACHA20:
-            if( bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (bits != 256) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif
         default:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
-    if( bits % 8 != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (bits % 8 != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Check whether a given key type is valid for use with a given MAC algorithm
@@ -499,116 +499,115 @@
  */
 MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
     psa_algorithm_t algorithm,
-    psa_key_type_t key_type )
+    psa_key_type_t key_type)
 {
-    if( PSA_ALG_IS_HMAC( algorithm ) )
-    {
-        if( key_type == PSA_KEY_TYPE_HMAC )
-            return( PSA_SUCCESS );
-    }
-
-    if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
-    {
-        /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
-         * key. */
-        if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
-            PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
-        {
-            /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
-             * the block length (larger than 1) for block ciphers. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
-                return( PSA_SUCCESS );
+    if (PSA_ALG_IS_HMAC(algorithm)) {
+        if (key_type == PSA_KEY_TYPE_HMAC) {
+            return PSA_SUCCESS;
         }
     }
 
-    return( PSA_ERROR_INVALID_ARGUMENT );
+    if (PSA_ALG_IS_BLOCK_CIPHER_MAC(algorithm)) {
+        /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
+         * key. */
+        if ((key_type & PSA_KEY_TYPE_CATEGORY_MASK) ==
+            PSA_KEY_TYPE_CATEGORY_SYMMETRIC) {
+            /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
+             * the block length (larger than 1) for block ciphers. */
+            if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1) {
+                return PSA_SUCCESS;
+            }
+        }
+    }
+
+    return PSA_ERROR_INVALID_ARGUMENT;
 }
 
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
-                                          size_t buffer_length )
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+                                         size_t buffer_length)
 {
-    if( slot->key.data != NULL )
-        return( PSA_ERROR_ALREADY_EXISTS );
+    if (slot->key.data != NULL) {
+        return PSA_ERROR_ALREADY_EXISTS;
+    }
 
-    slot->key.data = mbedtls_calloc( 1, buffer_length );
-    if( slot->key.data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    slot->key.data = mbedtls_calloc(1, buffer_length);
+    if (slot->key.data == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
 
     slot->key.bytes = buffer_length;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
-                                              const uint8_t* data,
-                                              size_t data_length )
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+                                             const uint8_t *data,
+                                             size_t data_length)
 {
-    psa_status_t status = psa_allocate_buffer_to_slot( slot,
-                                                       data_length );
-    if( status != PSA_SUCCESS )
-        return( status );
+    psa_status_t status = psa_allocate_buffer_to_slot(slot,
+                                                      data_length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    memcpy( slot->key.data, data, data_length );
-    return( PSA_SUCCESS );
+    memcpy(slot->key.data, data, data_length);
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_import_key_into_slot(
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
+    size_t *key_buffer_length, size_t *bits)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_type_t type = attributes->core.type;
 
     /* zero-length keys are never supported. */
-    if( data_length == 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (data_length == 0) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    if( key_type_is_raw_bytes( type ) )
-    {
-        *bits = PSA_BYTES_TO_BITS( data_length );
+    if (key_type_is_raw_bytes(type)) {
+        *bits = PSA_BYTES_TO_BITS(data_length);
 
-        status = psa_validate_unstructured_key_bit_size( attributes->core.type,
-                                                         *bits );
-        if( status != PSA_SUCCESS )
-            return( status );
+        status = psa_validate_unstructured_key_bit_size(attributes->core.type,
+                                                        *bits);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
 
         /* Copy the key material. */
-        memcpy( key_buffer, data, data_length );
+        memcpy(key_buffer, data, data_length);
         *key_buffer_length = data_length;
-        (void)key_buffer_size;
+        (void) key_buffer_size;
 
-        return( PSA_SUCCESS );
-    }
-    else if( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
-    {
+        return PSA_SUCCESS;
+    } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_ECC( type ) )
-        {
-            return( mbedtls_psa_ecp_import_key( attributes,
-                                                data, data_length,
-                                                key_buffer, key_buffer_size,
-                                                key_buffer_length,
-                                                bits ) );
+        defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+        if (PSA_KEY_TYPE_IS_ECC(type)) {
+            return mbedtls_psa_ecp_import_key(attributes,
+                                              data, data_length,
+                                              key_buffer, key_buffer_size,
+                                              key_buffer_length,
+                                              bits);
         }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_RSA( type ) )
-        {
-            return( mbedtls_psa_rsa_import_key( attributes,
-                                                data, data_length,
-                                                key_buffer, key_buffer_size,
-                                                key_buffer_length,
-                                                bits ) );
+        defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+        if (PSA_KEY_TYPE_IS_RSA(type)) {
+            return mbedtls_psa_rsa_import_key(attributes,
+                                              data, data_length,
+                                              key_buffer, key_buffer_size,
+                                              key_buffer_length,
+                                              bits);
         }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
     }
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
 /** Calculate the intersection of two algorithm usage policies.
@@ -618,63 +617,61 @@
 static psa_algorithm_t psa_key_policy_algorithm_intersection(
     psa_key_type_t key_type,
     psa_algorithm_t alg1,
-    psa_algorithm_t alg2 )
+    psa_algorithm_t alg2)
 {
     /* Common case: both sides actually specify the same policy. */
-    if( alg1 == alg2 )
-        return( alg1 );
+    if (alg1 == alg2) {
+        return alg1;
+    }
     /* If the policies are from the same hash-and-sign family, check
      * if one is a wildcard. If so the other has the specific algorithm. */
-    if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
-        PSA_ALG_IS_SIGN_HASH( alg2 ) &&
-        ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
-    {
-        if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
-            return( alg2 );
-        if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
-            return( alg1 );
+    if (PSA_ALG_IS_SIGN_HASH(alg1) &&
+        PSA_ALG_IS_SIGN_HASH(alg2) &&
+        (alg1 & ~PSA_ALG_HASH_MASK) == (alg2 & ~PSA_ALG_HASH_MASK)) {
+        if (PSA_ALG_SIGN_GET_HASH(alg1) == PSA_ALG_ANY_HASH) {
+            return alg2;
+        }
+        if (PSA_ALG_SIGN_GET_HASH(alg2) == PSA_ALG_ANY_HASH) {
+            return alg1;
+        }
     }
     /* If the policies are from the same AEAD family, check whether
      * one of them is a minimum-tag-length wildcard. Calculate the most
      * restrictive tag length. */
-    if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
-        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
-          PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
-    {
-        size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
-        size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
+    if (PSA_ALG_IS_AEAD(alg1) && PSA_ALG_IS_AEAD(alg2) &&
+        (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg1, 0) ==
+         PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg2, 0))) {
+        size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg1);
+        size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg2);
         size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
 
         /* If both are wildcards, return most restrictive wildcard */
-        if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-        {
-            return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
-                        alg1, restricted_len ) );
+        if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+            ((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+            return PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
+                alg1, restricted_len);
         }
         /* If only one is a wildcard, return specific algorithm if compatible. */
-        if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( alg1_len <= alg2_len ) )
-        {
-            return( alg2 );
+        if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+            (alg1_len <= alg2_len)) {
+            return alg2;
         }
-        if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( alg2_len <= alg1_len ) )
-        {
-            return( alg1 );
+        if (((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+            (alg2_len <= alg1_len)) {
+            return alg1;
         }
     }
     /* If the policies are from the same MAC family, check whether one
      * of them is a minimum-MAC-length policy. Calculate the most
      * restrictive tag length. */
-    if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
-        ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
-          PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
-    {
+    if (PSA_ALG_IS_MAC(alg1) && PSA_ALG_IS_MAC(alg2) &&
+        (PSA_ALG_FULL_LENGTH_MAC(alg1) ==
+         PSA_ALG_FULL_LENGTH_MAC(alg2))) {
         /* Validate the combination of key type and algorithm. Since the base
          * algorithm of alg1 and alg2 are the same, we only need this once. */
-        if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
-            return( 0 );
+        if (PSA_SUCCESS != psa_mac_key_can_do(alg1, key_type)) {
+            return 0;
+        }
 
         /* Get the (exact or at-least) output lengths for both sides of the
          * requested intersection. None of the currently supported algorithms
@@ -684,79 +681,76 @@
          * Note that for at-least-this-length wildcard algorithms, the output
          * length is set to the shortest allowed length, which allows us to
          * calculate the most restrictive tag length for the intersection. */
-        size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
-        size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
+        size_t alg1_len = PSA_MAC_LENGTH(key_type, 0, alg1);
+        size_t alg2_len = PSA_MAC_LENGTH(key_type, 0, alg2);
         size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
 
         /* If both are wildcards, return most restrictive wildcard */
-        if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-        {
-            return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
+        if (((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) &&
+            ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+            return PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg1, restricted_len);
         }
 
         /* If only one is an at-least-this-length policy, the intersection would
          * be the other (fixed-length) policy as long as said fixed length is
          * equal to or larger than the shortest allowed length. */
-        if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
+        if ((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+            return (alg1_len <= alg2_len) ? alg2 : 0;
         }
-        if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
+        if ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+            return (alg2_len <= alg1_len) ? alg1 : 0;
         }
 
         /* If none of them are wildcards, check whether they define the same tag
          * length. This is still possible here when one is default-length and
          * the other specific-length. Ensure to always return the
          * specific-length version for the intersection. */
-        if( alg1_len == alg2_len )
-            return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
+        if (alg1_len == alg2_len) {
+            return PSA_ALG_TRUNCATED_MAC(alg1, alg1_len);
+        }
     }
     /* If the policies are incompatible, allow nothing. */
-    return( 0 );
+    return 0;
 }
 
-static int psa_key_algorithm_permits( psa_key_type_t key_type,
-                                      psa_algorithm_t policy_alg,
-                                      psa_algorithm_t requested_alg )
+static int psa_key_algorithm_permits(psa_key_type_t key_type,
+                                     psa_algorithm_t policy_alg,
+                                     psa_algorithm_t requested_alg)
 {
     /* Common case: the policy only allows requested_alg. */
-    if( requested_alg == policy_alg )
-        return( 1 );
+    if (requested_alg == policy_alg) {
+        return 1;
+    }
     /* If policy_alg is a hash-and-sign with a wildcard for the hash,
      * and requested_alg is the same hash-and-sign family with any hash,
      * then requested_alg is compliant with policy_alg. */
-    if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
-        PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
-    {
-        return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
-                ( requested_alg & ~PSA_ALG_HASH_MASK ) );
+    if (PSA_ALG_IS_SIGN_HASH(requested_alg) &&
+        PSA_ALG_SIGN_GET_HASH(policy_alg) == PSA_ALG_ANY_HASH) {
+        return (policy_alg & ~PSA_ALG_HASH_MASK) ==
+               (requested_alg & ~PSA_ALG_HASH_MASK);
     }
     /* If policy_alg is a wildcard AEAD algorithm of the same base as
      * the requested algorithm, check the requested tag length to be
      * equal-length or longer than the wildcard-specified length. */
-    if( PSA_ALG_IS_AEAD( policy_alg ) &&
-        PSA_ALG_IS_AEAD( requested_alg ) &&
-        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
-          PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
-        ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-    {
-        return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
-                PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
+    if (PSA_ALG_IS_AEAD(policy_alg) &&
+        PSA_ALG_IS_AEAD(requested_alg) &&
+        (PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, 0) ==
+         PSA_ALG_AEAD_WITH_SHORTENED_TAG(requested_alg, 0)) &&
+        ((policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) {
+        return PSA_ALG_AEAD_GET_TAG_LENGTH(policy_alg) <=
+               PSA_ALG_AEAD_GET_TAG_LENGTH(requested_alg);
     }
     /* If policy_alg is a MAC algorithm of the same base as the requested
      * algorithm, check whether their MAC lengths are compatible. */
-    if( PSA_ALG_IS_MAC( policy_alg ) &&
-        PSA_ALG_IS_MAC( requested_alg ) &&
-        ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
-          PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
-    {
+    if (PSA_ALG_IS_MAC(policy_alg) &&
+        PSA_ALG_IS_MAC(requested_alg) &&
+        (PSA_ALG_FULL_LENGTH_MAC(policy_alg) ==
+         PSA_ALG_FULL_LENGTH_MAC(requested_alg))) {
         /* Validate the combination of key type and algorithm. Since the policy
          * and requested algorithms are the same, we only need this once. */
-        if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
-            return( 0 );
+        if (PSA_SUCCESS != psa_mac_key_can_do(policy_alg, key_type)) {
+            return 0;
+        }
 
         /* Get both the requested output length for the algorithm which is to be
          * verified, and the default output length for the base algorithm.
@@ -764,44 +758,42 @@
          * length dependent on actual key size, so setting it to a bogus value
          * of 0 is currently OK. */
         size_t requested_output_length = PSA_MAC_LENGTH(
-                                            key_type, 0, requested_alg );
+            key_type, 0, requested_alg);
         size_t default_output_length = PSA_MAC_LENGTH(
-                                        key_type, 0,
-                                        PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
+            key_type, 0,
+            PSA_ALG_FULL_LENGTH_MAC(requested_alg));
 
         /* If the policy is default-length, only allow an algorithm with
          * a declared exact-length matching the default. */
-        if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
-            return( requested_output_length == default_output_length );
+        if (PSA_MAC_TRUNCATED_LENGTH(policy_alg) == 0) {
+            return requested_output_length == default_output_length;
+        }
 
         /* If the requested algorithm is default-length, allow it if the policy
          * length exactly matches the default length. */
-        if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
-            PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
-        {
-            return( 1 );
+        if (PSA_MAC_TRUNCATED_LENGTH(requested_alg) == 0 &&
+            PSA_MAC_TRUNCATED_LENGTH(policy_alg) == default_output_length) {
+            return 1;
         }
 
         /* If policy_alg is an at-least-this-length wildcard MAC algorithm,
          * check for the requested MAC length to be equal to or longer than the
          * minimum allowed length. */
-        if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
-                    requested_output_length );
+        if ((policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) {
+            return PSA_MAC_TRUNCATED_LENGTH(policy_alg) <=
+                   requested_output_length;
         }
     }
     /* If policy_alg is a generic key agreement operation, then using it for
      * a key derivation with that key agreement should also be allowed. This
      * behaviour is expected to be defined in a future specification version. */
-    if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
-        PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
-    {
-        return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
-                policy_alg );
+    if (PSA_ALG_IS_RAW_KEY_AGREEMENT(policy_alg) &&
+        PSA_ALG_IS_KEY_AGREEMENT(requested_alg)) {
+        return PSA_ALG_KEY_AGREEMENT_GET_BASE(requested_alg) ==
+               policy_alg;
     }
     /* If it isn't explicitly permitted, it's forbidden. */
-    return( 0 );
+    return 0;
 }
 
 /** Test whether a policy permits an algorithm.
@@ -819,23 +811,26 @@
  * \retval PSA_ERROR_NOT_PERMITTED      When \p alg is a specific algorithm, but
  *                                      the \p policy does not allow it.
  */
-static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
-                                            psa_key_type_t key_type,
-                                            psa_algorithm_t alg )
+static psa_status_t psa_key_policy_permits(const psa_key_policy_t *policy,
+                                           psa_key_type_t key_type,
+                                           psa_algorithm_t alg)
 {
     /* '0' is not a valid algorithm */
-    if( alg == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (alg == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     /* A requested algorithm cannot be a wildcard. */
-    if( PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (PSA_ALG_IS_WILDCARD(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
-        psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
-        return( PSA_SUCCESS );
-    else
-        return( PSA_ERROR_NOT_PERMITTED );
+    if (psa_key_algorithm_permits(key_type, policy->alg, alg) ||
+        psa_key_algorithm_permits(key_type, policy->alg2, alg)) {
+        return PSA_SUCCESS;
+    } else {
+        return PSA_ERROR_NOT_PERMITTED;
+    }
 }
 
 /** Restrict a key policy based on a constraint.
@@ -859,68 +854,71 @@
 static psa_status_t psa_restrict_key_policy(
     psa_key_type_t key_type,
     psa_key_policy_t *policy,
-    const psa_key_policy_t *constraint )
+    const psa_key_policy_t *constraint)
 {
     psa_algorithm_t intersection_alg =
-        psa_key_policy_algorithm_intersection( key_type, policy->alg,
-                                               constraint->alg );
+        psa_key_policy_algorithm_intersection(key_type, policy->alg,
+                                              constraint->alg);
     psa_algorithm_t intersection_alg2 =
-        psa_key_policy_algorithm_intersection( key_type, policy->alg2,
-                                               constraint->alg2 );
-    if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        psa_key_policy_algorithm_intersection(key_type, policy->alg2,
+                                              constraint->alg2);
+    if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
     policy->usage &= constraint->usage;
     policy->alg = intersection_alg;
     policy->alg2 = intersection_alg2;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_get_and_lock_key_slot_with_policy(
     mbedtls_svc_key_id_t key,
     psa_key_slot_t **p_slot,
     psa_key_usage_t usage,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
-    status = psa_get_and_lock_key_slot( key, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot(key, p_slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
     slot = *p_slot;
 
     /* Enforce that usage policy for the key slot contains all the flags
      * required by the usage parameter. There is one exception: public
      * keys can always be exported, so we treat public key objects as
      * if they had the export flag. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
         usage &= ~PSA_KEY_USAGE_EXPORT;
+    }
 
-    if( ( slot->attr.policy.usage & usage ) != usage )
-    {
+    if ((slot->attr.policy.usage & usage) != usage) {
         status = PSA_ERROR_NOT_PERMITTED;
         goto error;
     }
 
     /* Enforce that the usage policy permits the requested algorithm. */
-    if( alg != 0 )
-    {
-        status = psa_key_policy_permits( &slot->attr.policy,
-                                         slot->attr.type,
-                                         alg );
-        if( status != PSA_SUCCESS )
+    if (alg != 0) {
+        status = psa_key_policy_permits(&slot->attr.policy,
+                                        slot->attr.type,
+                                        alg);
+        if (status != PSA_SUCCESS) {
             goto error;
+        }
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 
 error:
     *p_slot = NULL;
-    psa_unlock_key_slot( slot );
+    psa_unlock_key_slot(slot);
 
-    return( status );
+    return status;
 }
 
 /** Get a key slot containing a transparent key and lock it.
@@ -940,54 +938,54 @@
     mbedtls_svc_key_id_t key,
     psa_key_slot_t **p_slot,
     psa_key_usage_t usage,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot,
-                                                                 usage, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) )
-    {
-        psa_unlock_key_slot( *p_slot );
-        *p_slot = NULL;
-        return( PSA_ERROR_NOT_SUPPORTED );
+    psa_status_t status = psa_get_and_lock_key_slot_with_policy(key, p_slot,
+                                                                usage, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
     }
 
-    return( PSA_SUCCESS );
+    if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) {
+        psa_unlock_key_slot(*p_slot);
+        *p_slot = NULL;
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
 {
     /* Data pointer will always be either a valid pointer or NULL in an
      * initialized slot, so we can just free it. */
-    if( slot->key.data != NULL )
-        mbedtls_platform_zeroize( slot->key.data, slot->key.bytes);
+    if (slot->key.data != NULL) {
+        mbedtls_platform_zeroize(slot->key.data, slot->key.bytes);
+    }
 
-    mbedtls_free( slot->key.data );
+    mbedtls_free(slot->key.data);
     slot->key.data = NULL;
     slot->key.bytes = 0;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Completely wipe a slot in memory, including its policy.
  * Persistent storage is not affected. */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot)
 {
-    psa_status_t status = psa_remove_key_data_from_memory( slot );
+    psa_status_t status = psa_remove_key_data_from_memory(slot);
 
-   /*
-    * As the return error code may not be handled in case of multiple errors,
-    * do our best to report an unexpected lock counter. Assert with
-    * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
-    * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
-    * function is called as part of the execution of a test suite, the
-    * execution of the test suite is stopped in error if the assertion fails.
-    */
-    if( slot->lock_count != 1 )
-    {
-        MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count == 1 );
+    /*
+     * As the return error code may not be handled in case of multiple errors,
+     * do our best to report an unexpected lock counter. Assert with
+     * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one:
+     * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the
+     * function is called as part of the execution of a test suite, the
+     * execution of the test suite is stopped in error if the assertion fails.
+     */
+    if (slot->lock_count != 1) {
+        MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count == 1);
         status = PSA_ERROR_CORRUPTION_DETECTED;
     }
 
@@ -999,11 +997,11 @@
     /* At this point, key material and other type-specific content has
      * been wiped. Clear remaining metadata. We can call memset and not
      * zeroize because the metadata is not particularly sensitive. */
-    memset( slot, 0, sizeof( *slot ) );
-    return( status );
+    memset(slot, 0, sizeof(*slot));
+    return status;
 }
 
-psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
 {
     psa_key_slot_t *slot;
     psa_status_t status; /* status of the last operation */
@@ -1012,8 +1010,9 @@
     psa_se_drv_table_entry_t *driver;
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    if( mbedtls_svc_key_id_is_null( key ) )
-        return( PSA_SUCCESS );
+    if (mbedtls_svc_key_id_is_null(key)) {
+        return PSA_SUCCESS;
+    }
 
     /*
      * Get the description of the key in a key slot. In case of a persistent
@@ -1022,9 +1021,10 @@
      * the key is operated by an SE or not and this information is needed by
      * the current implementation.
      */
-    status = psa_get_and_lock_key_slot( key, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot(key, &slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /*
      * If the key slot containing the key description is under access by the
@@ -1033,14 +1033,12 @@
      * implemented), the key should be destroyed when all accesses have
      * stopped.
      */
-    if( slot->lock_count > 1 )
-    {
-       psa_unlock_key_slot( slot );
-       return( PSA_ERROR_GENERIC_ERROR );
+    if (slot->lock_count > 1) {
+        psa_unlock_key_slot(slot);
+        return PSA_ERROR_GENERIC_ERROR;
     }
 
-    if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
-    {
+    if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
         /* Refuse the destruction of a read-only key (which may or may not work
          * if we attempt it, depending on whether the key is merely read-only
          * by policy or actually physically read-only).
@@ -1051,22 +1049,20 @@
     }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    driver = psa_get_se_driver_entry( slot->attr.lifetime );
-    if( driver != NULL )
-    {
+    driver = psa_get_se_driver_entry(slot->attr.lifetime);
+    if (driver != NULL) {
         /* For a key in a secure element, we need to do three things:
          * remove the key file in internal storage, destroy the
          * key inside the secure element, and update the driver's
          * persistent data. Start a transaction that will encompass these
          * three actions. */
-        psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
+        psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_DESTROY_KEY);
         psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
-        psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot );
+        psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number(slot);
         psa_crypto_transaction.key.id = slot->attr.id;
-        status = psa_crypto_save_transaction( );
-        if( status != PSA_SUCCESS )
-        {
-            (void) psa_crypto_stop_transaction( );
+        status = psa_crypto_save_transaction();
+        if (status != PSA_SUCCESS) {
+            (void) psa_crypto_stop_transaction();
             /* We should still try to destroy the key in the secure
              * element and the key metadata in storage. This is especially
              * important if the error is that the storage is full.
@@ -1078,19 +1074,20 @@
             goto exit;
         }
 
-        status = psa_destroy_se_key( driver,
-                                     psa_key_slot_get_slot_number( slot ) );
-        if( overall_status == PSA_SUCCESS )
+        status = psa_destroy_se_key(driver,
+                                    psa_key_slot_get_slot_number(slot));
+        if (overall_status == PSA_SUCCESS) {
             overall_status = status;
+        }
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
-        status = psa_destroy_persistent_key( slot->attr.id );
-        if( overall_status == PSA_SUCCESS )
+    if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
+        status = psa_destroy_persistent_key(slot->attr.id);
+        if (overall_status == PSA_SUCCESS) {
             overall_status = status;
+        }
 
         /* TODO: other slots may have a copy of the same key. We should
          * invalidate them.
@@ -1100,96 +1097,100 @@
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
-    {
-        status = psa_save_se_persistent_data( driver );
-        if( overall_status == PSA_SUCCESS )
+    if (driver != NULL) {
+        status = psa_save_se_persistent_data(driver);
+        if (overall_status == PSA_SUCCESS) {
             overall_status = status;
-        status = psa_crypto_stop_transaction( );
-        if( overall_status == PSA_SUCCESS )
+        }
+        status = psa_crypto_stop_transaction();
+        if (overall_status == PSA_SUCCESS) {
             overall_status = status;
+        }
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 exit:
-    status = psa_wipe_key_slot( slot );
+    status = psa_wipe_key_slot(slot);
     /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         overall_status = status;
-    return( overall_status );
+    }
+    return overall_status;
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
 static psa_status_t psa_get_rsa_public_exponent(
     const mbedtls_rsa_context *rsa,
-    psa_key_attributes_t *attributes )
+    psa_key_attributes_t *attributes)
 {
     mbedtls_mpi mpi;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint8_t *buffer = NULL;
     size_t buflen;
-    mbedtls_mpi_init( &mpi );
+    mbedtls_mpi_init(&mpi);
 
-    ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
-    if( ret != 0 )
+    ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &mpi);
+    if (ret != 0) {
         goto exit;
-    if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
-    {
+    }
+    if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) {
         /* It's the default value, which is reported as an empty string,
          * so there's nothing to do. */
         goto exit;
     }
 
-    buflen = mbedtls_mpi_size( &mpi );
-    buffer = mbedtls_calloc( 1, buflen );
-    if( buffer == NULL )
-    {
+    buflen = mbedtls_mpi_size(&mpi);
+    buffer = mbedtls_calloc(1, buflen);
+    if (buffer == NULL) {
         ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
         goto exit;
     }
-    ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
-    if( ret != 0 )
+    ret = mbedtls_mpi_write_binary(&mpi, buffer, buflen);
+    if (ret != 0) {
         goto exit;
+    }
     attributes->domain_parameters = buffer;
     attributes->domain_parameters_size = buflen;
 
 exit:
-    mbedtls_mpi_free( &mpi );
-    if( ret != 0 )
-        mbedtls_free( buffer );
-    return( mbedtls_to_psa_error( ret ) );
+    mbedtls_mpi_free(&mpi);
+    if (ret != 0) {
+        mbedtls_free(buffer);
+    }
+    return mbedtls_to_psa_error(ret);
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
 
 /** Retrieve all the publicly-accessible attributes of a key.
  */
-psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
-                                     psa_key_attributes_t *attributes )
+psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
+                                    psa_key_attributes_t *attributes)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
-    psa_reset_key_attributes( attributes );
+    psa_reset_key_attributes(attributes);
 
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     attributes->core = slot->attr;
-    attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
-                                MBEDTLS_PSA_KA_MASK_DUAL_USE );
+    attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+                               MBEDTLS_PSA_KA_MASK_DUAL_USE);
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( psa_get_se_driver_entry( slot->attr.lifetime ) != NULL )
-        psa_set_key_slot_number( attributes,
-                                 psa_key_slot_get_slot_number( slot ) );
+    if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
+        psa_set_key_slot_number(attributes,
+                                psa_key_slot_get_slot_number(slot));
+    }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    switch( slot->attr.type )
-    {
+    switch (slot->attr.type) {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
         case PSA_KEY_TYPE_RSA_KEY_PAIR:
@@ -1198,22 +1199,22 @@
              * is not yet implemented.
              * https://github.com/ARMmbed/mbed-crypto/issues/216
              */
-            if( ! psa_key_lifetime_is_external( slot->attr.lifetime ) )
-            {
+            if (!psa_key_lifetime_is_external(slot->attr.lifetime)) {
                 mbedtls_rsa_context *rsa = NULL;
 
                 status = mbedtls_psa_rsa_load_representation(
-                             slot->attr.type,
-                             slot->key.data,
-                             slot->key.bytes,
-                             &rsa );
-                if( status != PSA_SUCCESS )
+                    slot->attr.type,
+                    slot->key.data,
+                    slot->key.bytes,
+                    &rsa);
+                if (status != PSA_SUCCESS) {
                     break;
+                }
 
-                status = psa_get_rsa_public_exponent( rsa,
-                                                      attributes );
-                mbedtls_rsa_free( rsa );
-                mbedtls_free( rsa );
+                status = psa_get_rsa_public_exponent(rsa,
+                                                     attributes);
+                mbedtls_rsa_free(rsa);
+                mbedtls_free(rsa);
             }
             break;
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
@@ -1223,72 +1224,70 @@
             break;
     }
 
-    if( status != PSA_SUCCESS )
-        psa_reset_key_attributes( attributes );
+    if (status != PSA_SUCCESS) {
+        psa_reset_key_attributes(attributes);
+    }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 psa_status_t psa_get_key_slot_number(
     const psa_key_attributes_t *attributes,
-    psa_key_slot_number_t *slot_number )
+    psa_key_slot_number_t *slot_number)
 {
-    if( attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER )
-    {
+    if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
         *slot_number = attributes->slot_number;
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
+    } else {
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
-    else
-        return( PSA_ERROR_INVALID_ARGUMENT );
 }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-static psa_status_t psa_export_key_buffer_internal( const uint8_t *key_buffer,
-                                                    size_t key_buffer_size,
-                                                    uint8_t *data,
-                                                    size_t data_size,
-                                                    size_t *data_length )
+static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer,
+                                                   size_t key_buffer_size,
+                                                   uint8_t *data,
+                                                   size_t data_size,
+                                                   size_t *data_length)
 {
-    if( key_buffer_size > data_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-    memcpy( data, key_buffer, key_buffer_size );
-    memset( data + key_buffer_size, 0,
-            data_size - key_buffer_size );
+    if (key_buffer_size > data_size) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
+    memcpy(data, key_buffer, key_buffer_size);
+    memset(data + key_buffer_size, 0,
+           data_size - key_buffer_size);
     *data_length = key_buffer_size;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_export_key_internal(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
+    uint8_t *data, size_t data_size, size_t *data_length)
 {
     psa_key_type_t type = attributes->core.type;
 
-    if( key_type_is_raw_bytes( type ) ||
-        PSA_KEY_TYPE_IS_RSA( type )   ||
-        PSA_KEY_TYPE_IS_ECC( type )      )
-    {
-        return( psa_export_key_buffer_internal(
-                    key_buffer, key_buffer_size,
-                    data, data_size, data_length ) );
-    }
-    else
-    {
+    if (key_type_is_raw_bytes(type) ||
+        PSA_KEY_TYPE_IS_RSA(type)   ||
+        PSA_KEY_TYPE_IS_ECC(type)) {
+        return psa_export_key_buffer_internal(
+            key_buffer, key_buffer_size,
+            data, data_size, data_length);
+    } else {
         /* This shouldn't happen in the reference implementation, but
            it is valid for a special-purpose implementation to omit
            support for exporting certain key types. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 }
 
-psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
-                             uint8_t *data,
-                             size_t data_size,
-                             size_t *data_length )
+psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
+                            uint8_t *data,
+                            size_t data_size,
+                            size_t *data_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1297,8 +1296,9 @@
     /* Reject a zero-length output buffer now, since this can never be a
      * valid key representation. This way we know that data must be a valid
      * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (data_size == 0) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
     /* Set the key to empty now, so that even when there are errors, we always
      * set data_length to a value between 0 and data_size. On error, setting
@@ -1310,21 +1310,22 @@
      * which don't require any flag, but
      * psa_get_and_lock_key_slot_with_policy() takes care of this.
      */
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_EXPORT, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+                                                   PSA_KEY_USAGE_EXPORT, 0);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };
-    status = psa_driver_wrapper_export_key( &attributes,
-                 slot->key.data, slot->key.bytes,
-                 data, data_size, data_length );
+    status = psa_driver_wrapper_export_key(&attributes,
+                                           slot->key.data, slot->key.bytes,
+                                           data, data_size, data_length);
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 psa_status_t psa_export_public_key_internal(
@@ -1333,66 +1334,59 @@
     size_t key_buffer_size,
     uint8_t *data,
     size_t data_size,
-    size_t *data_length )
+    size_t *data_length)
 {
     psa_key_type_t type = attributes->core.type;
 
-    if( PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) )
-    {
-        if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-        {
+    if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type)) {
+        if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
             /* Exporting public -> public */
-            return( psa_export_key_buffer_internal(
-                        key_buffer, key_buffer_size,
-                        data, data_size, data_length ) );
+            return psa_export_key_buffer_internal(
+                key_buffer, key_buffer_size,
+                data, data_size, data_length);
         }
 
-        if( PSA_KEY_TYPE_IS_RSA( type ) )
-        {
+        if (PSA_KEY_TYPE_IS_RSA(type)) {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-            return( mbedtls_psa_rsa_export_public_key( attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       data,
-                                                       data_size,
-                                                       data_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+            return mbedtls_psa_rsa_export_public_key(attributes,
+                                                     key_buffer,
+                                                     key_buffer_size,
+                                                     data,
+                                                     data_size,
+                                                     data_length);
 #else
             /* We don't know how to convert a private RSA key to public. */
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-        }
-        else
-        {
+        } else {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
-            return( mbedtls_psa_ecp_export_public_key( attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       data,
-                                                       data_size,
-                                                       data_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+            return mbedtls_psa_ecp_export_public_key(attributes,
+                                                     key_buffer,
+                                                     key_buffer_size,
+                                                     data,
+                                                     data_size,
+                                                     data_length);
 #else
             /* We don't know how to convert a private ECC key to public */
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
         }
-    }
-    else
-    {
+    } else {
         /* This shouldn't happen in the reference implementation, but
            it is valid for a special-purpose implementation to omit
            support for exporting certain key types. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 }
 
-psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
-                                    uint8_t *data,
-                                    size_t data_size,
-                                    size_t *data_length )
+psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
+                                   uint8_t *data,
+                                   size_t data_size,
+                                   size_t *data_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1401,8 +1395,9 @@
     /* Reject a zero-length output buffer now, since this can never be a
      * valid key representation. This way we know that data must be a valid
      * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (data_size == 0) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
     /* Set the key to empty now, so that even when there are errors, we always
      * set data_length to a value between 0 and data_size. On error, setting
@@ -1411,14 +1406,14 @@
     *data_length = 0;
 
     /* Exporting a public key doesn't require a usage flag. */
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
-    {
-         status = PSA_ERROR_INVALID_ARGUMENT;
-         goto exit;
+    if (!PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
     }
 
     psa_key_attributes_t attributes = {
@@ -1426,21 +1421,21 @@
     };
     status = psa_driver_wrapper_export_public_key(
         &attributes, slot->key.data, slot->key.bytes,
-        data, data_size, data_length );
+        data, data_size, data_length);
 
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 #if defined(static_assert)
-static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
-               "One or more key attribute flag is listed as both external-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
-               "One or more key attribute flag is listed as both internal-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
-               "One or more key attribute flag is listed as both internal-only and external-only" );
+static_assert((MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+              "One or more key attribute flag is listed as both external-only and dual-use");
+static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+              "One or more key attribute flag is listed as both internal-only and dual-use");
+static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
+              "One or more key attribute flag is listed as both internal-only and external-only");
 #endif
 
 /** Validate that a key policy is internally well-formed.
@@ -1449,21 +1444,22 @@
  * consistency of the policy with respect to other attributes of the key
  * such as the key type.
  */
-static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
+static psa_status_t psa_validate_key_policy(const psa_key_policy_t *policy)
 {
-    if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
-                             PSA_KEY_USAGE_COPY |
-                             PSA_KEY_USAGE_ENCRYPT |
-                             PSA_KEY_USAGE_DECRYPT |
-                             PSA_KEY_USAGE_SIGN_MESSAGE |
-                             PSA_KEY_USAGE_VERIFY_MESSAGE |
-                             PSA_KEY_USAGE_SIGN_HASH |
-                             PSA_KEY_USAGE_VERIFY_HASH |
-                             PSA_KEY_USAGE_VERIFY_DERIVATION |
-                             PSA_KEY_USAGE_DERIVE ) ) != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT |
+                           PSA_KEY_USAGE_COPY |
+                           PSA_KEY_USAGE_ENCRYPT |
+                           PSA_KEY_USAGE_DECRYPT |
+                           PSA_KEY_USAGE_SIGN_MESSAGE |
+                           PSA_KEY_USAGE_VERIFY_MESSAGE |
+                           PSA_KEY_USAGE_SIGN_HASH |
+                           PSA_KEY_USAGE_VERIFY_HASH |
+                           PSA_KEY_USAGE_VERIFY_DERIVATION |
+                           PSA_KEY_USAGE_DERIVE)) != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Validate the internal consistency of key attributes.
@@ -1481,48 +1477,52 @@
  */
 static psa_status_t psa_validate_key_attributes(
     const psa_key_attributes_t *attributes,
-    psa_se_drv_table_entry_t **p_drv )
+    psa_se_drv_table_entry_t **p_drv)
 {
     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
-    mbedtls_svc_key_id_t key = psa_get_key_id( attributes );
+    psa_key_lifetime_t lifetime = psa_get_key_lifetime(attributes);
+    mbedtls_svc_key_id_t key = psa_get_key_id(attributes);
 
-    status = psa_validate_key_location( lifetime, p_drv );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = psa_validate_key_persistence( lifetime );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
-        if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
-        if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    status = psa_validate_key_location(lifetime, p_drv);
+    if (status != PSA_SUCCESS) {
+        return status;
     }
 
-    status = psa_validate_key_policy( &attributes->core.policy );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_validate_key_persistence(lifetime);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
+        if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key) != 0) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+    } else {
+        if (!psa_is_valid_key_id(psa_get_key_id(attributes), 0)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+    }
+
+    status = psa_validate_key_policy(&attributes->core.policy);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* Refuse to create overly large keys.
      * Note that this doesn't trigger on import if the attributes don't
      * explicitly specify a size (so psa_get_key_bits returns 0), so
      * psa_import_key() needs its own checks. */
-    if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (psa_get_key_bits(attributes) > PSA_MAX_KEY_BITS) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
     /* Reject invalid flags. These should not be reachable through the API. */
-    if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
-                                     MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
+                                   MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Prepare a key slot to receive key material.
@@ -1558,7 +1558,7 @@
     psa_key_creation_method_t method,
     const psa_key_attributes_t *attributes,
     psa_key_slot_t **p_slot,
-    psa_se_drv_table_entry_t **p_drv )
+    psa_se_drv_table_entry_t **p_drv)
 {
     psa_status_t status;
     psa_key_id_t volatile_key_id;
@@ -1567,13 +1567,15 @@
     (void) method;
     *p_drv = NULL;
 
-    status = psa_validate_key_attributes( attributes, p_drv );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_validate_key_attributes(attributes, p_drv);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
     slot = *p_slot;
 
     /* We're storing the declared bit-size of the key. It's up to each
@@ -1585,8 +1587,7 @@
      * definition. */
 
     slot->attr = attributes->core;
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
+    if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
 #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
         slot->attr.id = volatile_key_id;
 #else
@@ -1619,40 +1620,37 @@
      * secure element driver updates its persistent state, but we do not yet
      * save the driver's persistent state, so that if the power fails,
      * we can roll back to a state where the key doesn't exist. */
-    if( *p_drv != NULL )
-    {
+    if (*p_drv != NULL) {
         psa_key_slot_number_t slot_number;
-        status = psa_find_se_slot_for_key( attributes, method, *p_drv,
-                                           &slot_number );
-        if( status != PSA_SUCCESS )
-            return( status );
+        status = psa_find_se_slot_for_key(attributes, method, *p_drv,
+                                          &slot_number);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
 
-        if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
-        {
-            psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
+        if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
+            psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY);
             psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
             psa_crypto_transaction.key.slot = slot_number;
             psa_crypto_transaction.key.id = slot->attr.id;
-            status = psa_crypto_save_transaction( );
-            if( status != PSA_SUCCESS )
-            {
-                (void) psa_crypto_stop_transaction( );
-                return( status );
+            status = psa_crypto_save_transaction();
+            if (status != PSA_SUCCESS) {
+                (void) psa_crypto_stop_transaction();
+                return status;
             }
         }
 
         status = psa_copy_key_material_into_slot(
-            slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) );
+            slot, (uint8_t *) (&slot_number), sizeof(slot_number));
     }
 
-    if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
-    {
+    if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
         /* Key registration only makes sense with a secure element. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Finalize the creation of a key once its key material has been set.
@@ -1695,33 +1693,30 @@
     (void) driver;
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
+    if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-        if( driver != NULL )
-        {
+        if (driver != NULL) {
             psa_se_key_data_storage_t data;
             psa_key_slot_number_t slot_number =
-                psa_key_slot_get_slot_number( slot ) ;
+                psa_key_slot_get_slot_number(slot);
 
 #if defined(static_assert)
-            static_assert( sizeof( slot_number ) ==
-                           sizeof( data.slot_number ),
-                           "Slot number size does not match psa_se_key_data_storage_t" );
+            static_assert(sizeof(slot_number) ==
+                          sizeof(data.slot_number),
+                          "Slot number size does not match psa_se_key_data_storage_t");
 #endif
-            memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) );
-            status = psa_save_persistent_key( &slot->attr,
-                                              (uint8_t*) &data,
-                                              sizeof( data ) );
-        }
-        else
+            memcpy(&data.slot_number, &slot_number, sizeof(slot_number));
+            status = psa_save_persistent_key(&slot->attr,
+                                             (uint8_t *) &data,
+                                             sizeof(data));
+        } else
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
         {
             /* Key material is saved in export representation in the slot, so
              * just pass the slot buffer for storage. */
-            status = psa_save_persistent_key( &slot->attr,
-                                              slot->key.data,
-                                              slot->key.bytes );
+            status = psa_save_persistent_key(&slot->attr,
+                                             slot->key.data,
+                                             slot->key.bytes);
         }
     }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
@@ -1732,28 +1727,26 @@
      * by checking whether a transaction is in progress (actual
      * creation of a persistent key in a secure element requires a transaction,
      * but registration or volatile key creation doesn't use one). */
-    if( driver != NULL &&
-        psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
-    {
-        status = psa_save_se_persistent_data( driver );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_persistent_key( slot->attr.id );
-            return( status );
+    if (driver != NULL &&
+        psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY) {
+        status = psa_save_se_persistent_data(driver);
+        if (status != PSA_SUCCESS) {
+            psa_destroy_persistent_key(slot->attr.id);
+            return status;
         }
-        status = psa_crypto_stop_transaction( );
+        status = psa_crypto_stop_transaction();
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    if( status == PSA_SUCCESS )
-    {
+    if (status == PSA_SUCCESS) {
         *key = slot->attr.id;
-        status = psa_unlock_key_slot( slot );
-        if( status != PSA_SUCCESS )
+        status = psa_unlock_key_slot(slot);
+        if (status != PSA_SUCCESS) {
             *key = MBEDTLS_SVC_KEY_ID_INIT;
+        }
     }
 
-    return( status );
+    return status;
 }
 
 /** Abort the creation of a key.
@@ -1768,13 +1761,14 @@
  * \param[in] driver    The secure element driver for the key,
  *                      or NULL for a transparent key.
  */
-static void psa_fail_key_creation( psa_key_slot_t *slot,
-                                   psa_se_drv_table_entry_t *driver )
+static void psa_fail_key_creation(psa_key_slot_t *slot,
+                                  psa_se_drv_table_entry_t *driver)
 {
     (void) driver;
 
-    if( slot == NULL )
+    if (slot == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* TODO: If the key has already been created in the secure
@@ -1790,10 +1784,10 @@
      * Earlier functions must already have done what it takes to undo any
      * partial creation. All that's left is to update the transaction data
      * itself. */
-    (void) psa_crypto_stop_transaction( );
+    (void) psa_crypto_stop_transaction();
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    psa_wipe_key_slot( slot );
+    psa_wipe_key_slot(slot);
 }
 
 /** Validate optional attributes during key creation.
@@ -1807,74 +1801,76 @@
  */
 static psa_status_t psa_validate_optional_attributes(
     const psa_key_slot_t *slot,
-    const psa_key_attributes_t *attributes )
+    const psa_key_attributes_t *attributes)
 {
-    if( attributes->core.type != 0 )
-    {
-        if( attributes->core.type != slot->attr.type )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    if (attributes->core.type != 0) {
+        if (attributes->core.type != slot->attr.type) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
     }
 
-    if( attributes->domain_parameters_size != 0 )
-    {
+    if (attributes->domain_parameters_size != 0) {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
-        {
+        defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+        if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) {
             mbedtls_rsa_context *rsa = NULL;
             mbedtls_mpi actual, required;
             int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
             psa_status_t status = mbedtls_psa_rsa_load_representation(
-                                      slot->attr.type,
-                                      slot->key.data,
-                                      slot->key.bytes,
-                                      &rsa );
-            if( status != PSA_SUCCESS )
-                return( status );
+                slot->attr.type,
+                slot->key.data,
+                slot->key.bytes,
+                &rsa);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
 
-            mbedtls_mpi_init( &actual );
-            mbedtls_mpi_init( &required );
-            ret = mbedtls_rsa_export( rsa,
-                                      NULL, NULL, NULL, NULL, &actual );
-            mbedtls_rsa_free( rsa );
-            mbedtls_free( rsa );
-            if( ret != 0 )
+            mbedtls_mpi_init(&actual);
+            mbedtls_mpi_init(&required);
+            ret = mbedtls_rsa_export(rsa,
+                                     NULL, NULL, NULL, NULL, &actual);
+            mbedtls_rsa_free(rsa);
+            mbedtls_free(rsa);
+            if (ret != 0) {
                 goto rsa_exit;
-            ret = mbedtls_mpi_read_binary( &required,
-                                           attributes->domain_parameters,
-                                           attributes->domain_parameters_size );
-            if( ret != 0 )
+            }
+            ret = mbedtls_mpi_read_binary(&required,
+                                          attributes->domain_parameters,
+                                          attributes->domain_parameters_size);
+            if (ret != 0) {
                 goto rsa_exit;
-            if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 )
+            }
+            if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) {
                 ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-        rsa_exit:
-            mbedtls_mpi_free( &actual );
-            mbedtls_mpi_free( &required );
-            if( ret != 0)
-                return( mbedtls_to_psa_error( ret ) );
-        }
-        else
+            }
+rsa_exit:
+            mbedtls_mpi_free(&actual);
+            mbedtls_mpi_free(&required);
+            if (ret != 0) {
+                return mbedtls_to_psa_error(ret);
+            }
+        } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
         {
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
     }
 
-    if( attributes->core.bits != 0 )
-    {
-        if( attributes->core.bits != slot->attr.bits )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    if (attributes->core.bits != 0) {
+        if (attributes->core.bits != slot->attr.bits) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
-                             const uint8_t *data,
-                             size_t data_length,
-                             mbedtls_svc_key_id_t *key )
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
+                            const uint8_t *data,
+                            size_t data_length,
+                            mbedtls_svc_key_id_t *key)
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;
@@ -1887,75 +1883,79 @@
     /* Reject zero-length symmetric keys (including raw data key objects).
      * This also rejects any key which might be encoded as an empty string,
      * which is never valid. */
-    if( data_length == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (data_length == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     /* Ensure that the bytes-to-bits conversion cannot overflow. */
-    if( data_length > SIZE_MAX / 8 )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (data_length > SIZE_MAX / 8) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
+    status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes,
+                                    &slot, &driver);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* In the case of a transparent key or an opaque key stored in local
      * storage ( thus not in the case of importing a key in a secure element
      * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
      * buffer to hold the imported key material. */
-    if( slot->key.data == NULL )
-    {
-        if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
-        {
+    if (slot->key.data == NULL) {
+        if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
             status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
-                         attributes, data, data_length, &storage_size );
-            if( status != PSA_SUCCESS )
+                attributes, data, data_length, &storage_size);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
         }
-        status = psa_allocate_buffer_to_slot( slot, storage_size );
-        if( status != PSA_SUCCESS )
+        status = psa_allocate_buffer_to_slot(slot, storage_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
     bits = slot->attr.bits;
-    status = psa_driver_wrapper_import_key( attributes,
-                                            data, data_length,
-                                            slot->key.data,
-                                            slot->key.bytes,
-                                            &slot->key.bytes, &bits );
-    if( status != PSA_SUCCESS )
+    status = psa_driver_wrapper_import_key(attributes,
+                                           data, data_length,
+                                           slot->key.data,
+                                           slot->key.bytes,
+                                           &slot->key.bytes, &bits);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( slot->attr.bits == 0 )
+    if (slot->attr.bits == 0) {
         slot->attr.bits = (psa_key_bits_t) bits;
-    else if( bits != slot->attr.bits )
-    {
+    } else if (bits != slot->attr.bits) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
     /* Enforce a size limit, and in particular ensure that the bit
      * size fits in its representation type.*/
-    if( bits > PSA_MAX_KEY_BITS )
-    {
+    if (bits > PSA_MAX_KEY_BITS) {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
-    status = psa_validate_optional_attributes( slot, attributes );
-    if( status != PSA_SUCCESS )
+    status = psa_validate_optional_attributes(slot, attributes);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_finish_key_creation( slot, driver, key );
+    status = psa_finish_key_creation(slot, driver, key);
 exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
+    if (status != PSA_SUCCESS) {
+        psa_fail_key_creation(slot, driver);
+    }
 
-    return( status );
+    return status;
 }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 psa_status_t mbedtls_psa_register_se_key(
-    const psa_key_attributes_t *attributes )
+    const psa_key_attributes_t *attributes)
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;
@@ -1966,31 +1966,35 @@
      * It could make sense to query the key type and size from the
      * secure element, but not all secure elements support this
      * and the driver HAL doesn't currently support it. */
-    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (psa_get_key_type(attributes) == PSA_KEY_TYPE_NONE) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+    if (psa_get_key_bits(attributes) == 0) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
+    status = psa_start_key_creation(PSA_KEY_CREATION_REGISTER, attributes,
+                                    &slot, &driver);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_finish_key_creation( slot, driver, &key );
+    status = psa_finish_key_creation(slot, driver, &key);
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
+    if (status != PSA_SUCCESS) {
+        psa_fail_key_creation(slot, driver);
+    }
 
     /* Registration doesn't keep the key in RAM. */
-    psa_close_key( key );
-    return( status );
+    psa_close_key(key);
+    return status;
 }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
-                           const psa_key_attributes_t *specified_attributes,
-                           mbedtls_svc_key_id_t *target_key )
+psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
+                          const psa_key_attributes_t *specified_attributes,
+                          mbedtls_svc_key_id_t *target_key)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2003,14 +2007,16 @@
     *target_key = MBEDTLS_SVC_KEY_ID_INIT;
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 );
-    if( status != PSA_SUCCESS )
+        source_key, &source_slot, PSA_KEY_USAGE_COPY, 0);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_validate_optional_attributes( source_slot,
-                                               specified_attributes );
-    if( status != PSA_SUCCESS )
+    status = psa_validate_optional_attributes(source_slot,
+                                              specified_attributes);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* The target key type and number of bits have been validated by
      * psa_validate_optional_attributes() to be either equal to zero or
@@ -2021,19 +2027,20 @@
     actual_attributes.core.type = source_slot->attr.type;
 
 
-    status = psa_restrict_key_policy( source_slot->attr.type,
-                                      &actual_attributes.core.policy,
-                                      &source_slot->attr.policy );
-    if( status != PSA_SUCCESS )
+    status = psa_restrict_key_policy(source_slot->attr.type,
+                                     &actual_attributes.core.policy,
+                                     &source_slot->attr.policy);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
-                                     &target_slot, &driver );
-    if( status != PSA_SUCCESS )
+    status = psa_start_key_creation(PSA_KEY_CREATION_COPY, &actual_attributes,
+                                    &target_slot, &driver);
+    if (status != PSA_SUCCESS) {
         goto exit;
-    if( PSA_KEY_LIFETIME_GET_LOCATION( target_slot->attr.lifetime ) !=
-        PSA_KEY_LIFETIME_GET_LOCATION( source_slot->attr.lifetime ) )
-    {
+    }
+    if (PSA_KEY_LIFETIME_GET_LOCATION(target_slot->attr.lifetime) !=
+        PSA_KEY_LIFETIME_GET_LOCATION(source_slot->attr.lifetime)) {
         /*
          * If the source and target keys are stored in different locations,
          * the source key would need to be exported as plaintext and re-imported
@@ -2050,42 +2057,44 @@
      * - For opaque keys this translates to an invocation of the drivers'
      *   copy_key entry point through the dispatch layer.
      * */
-    if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
-    {
-        status = psa_driver_wrapper_get_key_buffer_size( &actual_attributes,
-                                                         &storage_size );
-        if( status != PSA_SUCCESS )
+    if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
+        status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes,
+                                                        &storage_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_allocate_buffer_to_slot( target_slot, storage_size );
-        if( status != PSA_SUCCESS )
+        status = psa_allocate_buffer_to_slot(target_slot, storage_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
-        status = psa_driver_wrapper_copy_key( &actual_attributes,
-                                              source_slot->key.data,
-                                              source_slot->key.bytes,
-                                              target_slot->key.data,
-                                              target_slot->key.bytes,
-                                              &target_slot->key.bytes );
-        if( status != PSA_SUCCESS )
+        status = psa_driver_wrapper_copy_key(&actual_attributes,
+                                             source_slot->key.data,
+                                             source_slot->key.bytes,
+                                             target_slot->key.data,
+                                             target_slot->key.bytes,
+                                             &target_slot->key.bytes);
+        if (status != PSA_SUCCESS) {
             goto exit;
-    }
-    else
-    {
-       status = psa_copy_key_material_into_slot( target_slot,
+        }
+    } else {
+        status = psa_copy_key_material_into_slot(target_slot,
                                                  source_slot->key.data,
-                                                 source_slot->key.bytes );
-        if( status != PSA_SUCCESS )
+                                                 source_slot->key.bytes);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
-    status = psa_finish_key_creation( target_slot, driver, target_key );
+    status = psa_finish_key_creation(target_slot, driver, target_key);
 exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( target_slot, driver );
+    if (status != PSA_SUCCESS) {
+        psa_fail_key_creation(target_slot, driver);
+    }
 
-    unlock_status = psa_unlock_key_slot( source_slot );
+    unlock_status = psa_unlock_key_slot(source_slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 
@@ -2094,178 +2103,185 @@
 /* Message digests */
 /****************************************************************/
 
-psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
+psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
 {
     /* Aborting a non-active operation is allowed */
-    if( operation->id == 0 )
-        return( PSA_SUCCESS );
+    if (operation->id == 0) {
+        return PSA_SUCCESS;
+    }
 
-    psa_status_t status = psa_driver_wrapper_hash_abort( operation );
+    psa_status_t status = psa_driver_wrapper_hash_abort(operation);
     operation->id = 0;
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
-                             psa_algorithm_t alg )
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
+                            psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
+    if (operation->id != 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( !PSA_ALG_IS_HASH( alg ) )
-    {
+    if (!PSA_ALG_IS_HASH(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
     /* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
      * directly zeroes the int-sized dummy member of the context union. */
-    memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+    memset(&operation->ctx, 0, sizeof(operation->ctx));
 
-    status = psa_driver_wrapper_hash_setup( operation, alg );
+    status = psa_driver_wrapper_hash_setup(operation, alg);
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_hash_abort(operation);
+    }
 
     return status;
 }
 
-psa_status_t psa_hash_update( psa_hash_operation_t *operation,
-                              const uint8_t *input,
-                              size_t input_length )
+psa_status_t psa_hash_update(psa_hash_operation_t *operation,
+                             const uint8_t *input,
+                             size_t input_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
     /* Don't require hash implementations to behave correctly on a
      * zero-length input, which may have an invalid pointer. */
-    if( input_length == 0 )
-        return( PSA_SUCCESS );
+    if (input_length == 0) {
+        return PSA_SUCCESS;
+    }
 
-    status = psa_driver_wrapper_hash_update( operation, input, input_length );
+    status = psa_driver_wrapper_hash_update(operation, input, input_length);
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_hash_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
-                              uint8_t *hash,
-                              size_t hash_size,
-                              size_t *hash_length )
+psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
+                             uint8_t *hash,
+                             size_t hash_size,
+                             size_t *hash_length)
 {
     *hash_length = 0;
-    if( operation->id == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->id == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
     psa_status_t status = psa_driver_wrapper_hash_finish(
-                            operation, hash, hash_size, hash_length );
-    psa_hash_abort( operation );
-    return( status );
+        operation, hash, hash_size, hash_length);
+    psa_hash_abort(operation);
+    return status;
 }
 
-psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
-                              const uint8_t *hash,
-                              size_t hash_length )
+psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
+                             const uint8_t *hash,
+                             size_t hash_length)
 {
     uint8_t actual_hash[PSA_HASH_MAX_SIZE];
     size_t actual_hash_length;
     psa_status_t status = psa_hash_finish(
-                            operation,
-                            actual_hash, sizeof( actual_hash ),
-                            &actual_hash_length );
+        operation,
+        actual_hash, sizeof(actual_hash),
+        &actual_hash_length);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( actual_hash_length != hash_length )
-    {
+    if (actual_hash_length != hash_length) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
 
-    if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+    if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
+    }
 
 exit:
-    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
-    if( status != PSA_SUCCESS )
+    mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+    if (status != PSA_SUCCESS) {
         psa_hash_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_hash_compute( psa_algorithm_t alg,
-                               const uint8_t *input, size_t input_length,
-                               uint8_t *hash, size_t hash_size,
-                               size_t *hash_length )
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+                              const uint8_t *input, size_t input_length,
+                              uint8_t *hash, size_t hash_size,
+                              size_t *hash_length)
 {
     *hash_length = 0;
-    if( !PSA_ALG_IS_HASH( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_HASH(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( psa_driver_wrapper_hash_compute( alg, input, input_length,
-                                             hash, hash_size, hash_length ) );
+    return psa_driver_wrapper_hash_compute(alg, input, input_length,
+                                           hash, hash_size, hash_length);
 }
 
-psa_status_t psa_hash_compare( psa_algorithm_t alg,
-                               const uint8_t *input, size_t input_length,
-                               const uint8_t *hash, size_t hash_length )
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+                              const uint8_t *input, size_t input_length,
+                              const uint8_t *hash, size_t hash_length)
 {
     uint8_t actual_hash[PSA_HASH_MAX_SIZE];
     size_t actual_hash_length;
 
-    if( !PSA_ALG_IS_HASH( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_HASH(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     psa_status_t status = psa_driver_wrapper_hash_compute(
-                            alg, input, input_length,
-                            actual_hash, sizeof(actual_hash),
-                            &actual_hash_length );
-    if( status != PSA_SUCCESS )
+        alg, input, input_length,
+        actual_hash, sizeof(actual_hash),
+        &actual_hash_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
-    if( actual_hash_length != hash_length )
-    {
+    }
+    if (actual_hash_length != hash_length) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
-    if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+    if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
+    }
 
 exit:
-    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
-    return( status );
+    mbedtls_platform_zeroize(actual_hash, sizeof(actual_hash));
+    return status;
 }
 
-psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
-                             psa_hash_operation_t *target_operation )
+psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
+                            psa_hash_operation_t *target_operation)
 {
-    if( source_operation->id == 0 ||
-        target_operation->id != 0 )
-    {
-        return( PSA_ERROR_BAD_STATE );
+    if (source_operation->id == 0 ||
+        target_operation->id != 0) {
+        return PSA_ERROR_BAD_STATE;
     }
 
-    psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
-                                                         target_operation );
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( target_operation );
+    psa_status_t status = psa_driver_wrapper_hash_clone(source_operation,
+                                                        target_operation);
+    if (status != PSA_SUCCESS) {
+        psa_hash_abort(target_operation);
+    }
 
-    return( status );
+    return status;
 }
 
 
@@ -2273,59 +2289,59 @@
 /* MAC */
 /****************************************************************/
 
-psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
 {
     /* Aborting a non-active operation is allowed */
-    if( operation->id == 0 )
-        return( PSA_SUCCESS );
+    if (operation->id == 0) {
+        return PSA_SUCCESS;
+    }
 
-    psa_status_t status = psa_driver_wrapper_mac_abort( operation );
+    psa_status_t status = psa_driver_wrapper_mac_abort(operation);
     operation->mac_size = 0;
     operation->is_sign = 0;
     operation->id = 0;
 
-    return( status );
+    return status;
 }
 
 static psa_status_t psa_mac_finalize_alg_and_key_validation(
     psa_algorithm_t alg,
     const psa_key_attributes_t *attributes,
-    uint8_t *mac_size )
+    uint8_t *mac_size)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_type_t key_type = psa_get_key_type( attributes );
-    size_t key_bits = psa_get_key_bits( attributes );
+    psa_key_type_t key_type = psa_get_key_type(attributes);
+    size_t key_bits = psa_get_key_bits(attributes);
 
-    if( ! PSA_ALG_IS_MAC( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_MAC(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     /* Validate the combination of key type and algorithm */
-    status = psa_mac_key_can_do( alg, key_type );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_mac_key_can_do(alg, key_type);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* Get the output length for the algorithm and key combination */
-    *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
+    *mac_size = PSA_MAC_LENGTH(key_type, key_bits, alg);
 
-    if( *mac_size < 4 )
-    {
+    if (*mac_size < 4) {
         /* A very short MAC is too short for security since it can be
          * brute-forced. Ancient protocols with 32-bit MACs do exist,
          * so we make this our minimum, even though 32 bits is still
          * too small for security. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
-                                    PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
-    {
+    if (*mac_size > PSA_MAC_LENGTH(key_type, key_bits,
+                                   PSA_ALG_FULL_LENGTH_MAC(alg))) {
         /* It's impossible to "truncate" to a larger length than the full length
          * of the algorithm. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
-    if( *mac_size > PSA_MAC_MAX_SIZE )
-    {
+    if (*mac_size > PSA_MAC_MAX_SIZE) {
         /* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
          * that is disabled in the compile-time configuration. The result can
          * therefore be larger than PSA_MAC_MAX_SIZE, which does take the
@@ -2335,144 +2351,142 @@
          * PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
          * is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
          * systematically generated tests. */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
-                                   mbedtls_svc_key_id_t key,
-                                   psa_algorithm_t alg,
-                                   int is_sign )
+static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
+                                  mbedtls_svc_key_id_t key,
+                                  psa_algorithm_t alg,
+                                  int is_sign)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
+    if (operation->id != 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key,
-                 &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
-                 alg );
-    if( status != PSA_SUCCESS )
+        key,
+        &slot,
+        is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+        alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };
 
-    status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
-                                                      &operation->mac_size );
-    if( status != PSA_SUCCESS )
+    status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+                                                     &operation->mac_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     operation->is_sign = is_sign;
     /* Dispatch the MAC setup call with validated input */
-    if( is_sign )
-    {
-        status = psa_driver_wrapper_mac_sign_setup( operation,
-                                                    &attributes,
-                                                    slot->key.data,
-                                                    slot->key.bytes,
-                                                    alg );
-    }
-    else
-    {
-        status = psa_driver_wrapper_mac_verify_setup( operation,
-                                                      &attributes,
-                                                      slot->key.data,
-                                                      slot->key.bytes,
-                                                      alg );
+    if (is_sign) {
+        status = psa_driver_wrapper_mac_sign_setup(operation,
+                                                   &attributes,
+                                                   slot->key.data,
+                                                   slot->key.bytes,
+                                                   alg);
+    } else {
+        status = psa_driver_wrapper_mac_verify_setup(operation,
+                                                     &attributes,
+                                                     slot->key.data,
+                                                     slot->key.bytes,
+                                                     alg);
     }
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_mac_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_mac_abort(operation);
+    }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
-                                 mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg )
+psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
+                                mbedtls_svc_key_id_t key,
+                                psa_algorithm_t alg)
 {
-    return( psa_mac_setup( operation, key, alg, 1 ) );
+    return psa_mac_setup(operation, key, alg, 1);
 }
 
-psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
-                                   mbedtls_svc_key_id_t key,
-                                   psa_algorithm_t alg )
+psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
+                                  mbedtls_svc_key_id_t key,
+                                  psa_algorithm_t alg)
 {
-    return( psa_mac_setup( operation, key, alg, 0 ) );
+    return psa_mac_setup(operation, key, alg, 0);
 }
 
-psa_status_t psa_mac_update( psa_mac_operation_t *operation,
-                             const uint8_t *input,
-                             size_t input_length )
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+                            const uint8_t *input,
+                            size_t input_length)
 {
-    if( operation->id == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->id == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
     /* Don't require hash implementations to behave correctly on a
      * zero-length input, which may have an invalid pointer. */
-    if( input_length == 0 )
-        return( PSA_SUCCESS );
+    if (input_length == 0) {
+        return PSA_SUCCESS;
+    }
 
-    psa_status_t status = psa_driver_wrapper_mac_update( operation,
-                                                         input, input_length );
-    if( status != PSA_SUCCESS )
-        psa_mac_abort( operation );
+    psa_status_t status = psa_driver_wrapper_mac_update(operation,
+                                                        input, input_length);
+    if (status != PSA_SUCCESS) {
+        psa_mac_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
-                                  uint8_t *mac,
-                                  size_t mac_size,
-                                  size_t *mac_length )
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+                                 uint8_t *mac,
+                                 size_t mac_size,
+                                 size_t *mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( ! operation->is_sign )
-    {
+    if (!operation->is_sign) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
     /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
      * once all the error checks are done. */
-    if( operation->mac_size == 0 )
-    {
+    if (operation->mac_size == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( mac_size < operation->mac_size )
-    {
+    if (mac_size < operation->mac_size) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    status = psa_driver_wrapper_mac_sign_finish( operation,
-                                                 mac, operation->mac_size,
-                                                 mac_length );
+    status = psa_driver_wrapper_mac_sign_finish(operation,
+                                                mac, operation->mac_size,
+                                                mac_length);
 
 exit:
     /* In case of success, set the potential excess room in the output buffer
@@ -2481,63 +2495,60 @@
      * such that in case the caller misses an error check, the output would be
      * an unachievable MAC.
      */
-    if( status != PSA_SUCCESS )
-    {
+    if (status != PSA_SUCCESS) {
         *mac_length = mac_size;
         operation->mac_size = 0;
     }
 
-    if( mac_size > operation->mac_size )
-        memset( &mac[operation->mac_size], '!',
-                mac_size - operation->mac_size );
+    if (mac_size > operation->mac_size) {
+        memset(&mac[operation->mac_size], '!',
+               mac_size - operation->mac_size);
+    }
 
-    abort_status = psa_mac_abort( operation );
+    abort_status = psa_mac_abort(operation);
 
-    return( status == PSA_SUCCESS ? abort_status : status );
+    return status == PSA_SUCCESS ? abort_status : status;
 }
 
-psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
-                                    const uint8_t *mac,
-                                    size_t mac_length )
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+                                   const uint8_t *mac,
+                                   size_t mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->is_sign )
-    {
+    if (operation->is_sign) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->mac_size != mac_length )
-    {
+    if (operation->mac_size != mac_length) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
 
-    status = psa_driver_wrapper_mac_verify_finish( operation,
-                                                   mac, mac_length );
+    status = psa_driver_wrapper_mac_verify_finish(operation,
+                                                  mac, mac_length);
 
 exit:
-    abort_status = psa_mac_abort( operation );
+    abort_status = psa_mac_abort(operation);
 
-    return( status == PSA_SUCCESS ? abort_status : status );
+    return status == PSA_SUCCESS ? abort_status : status;
 }
 
-static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
-                                              psa_algorithm_t alg,
-                                              const uint8_t *input,
-                                              size_t input_length,
-                                              uint8_t *mac,
-                                              size_t mac_size,
-                                              size_t *mac_length,
-                                              int is_sign )
+static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
+                                             psa_algorithm_t alg,
+                                             const uint8_t *input,
+                                             size_t input_length,
+                                             uint8_t *mac,
+                                             size_t mac_size,
+                                             size_t *mac_length,
+                                             int is_sign)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2545,34 +2556,35 @@
     uint8_t operation_mac_size = 0;
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key,
-                 &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
-                 alg );
-    if( status != PSA_SUCCESS )
+        key,
+        &slot,
+        is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
+        alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };
 
-    status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
-                                                      &operation_mac_size );
-    if( status != PSA_SUCCESS )
+    status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
+                                                     &operation_mac_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( mac_size < operation_mac_size )
-    {
+    if (mac_size < operation_mac_size) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
     status = psa_driver_wrapper_mac_compute(
-                 &attributes,
-                 slot->key.data, slot->key.bytes,
-                 alg,
-                 input, input_length,
-                 mac, operation_mac_size, mac_length );
+        &attributes,
+        slot->key.data, slot->key.bytes,
+        alg,
+        input, input_length,
+        mac, operation_mac_size, mac_length);
 
 exit:
     /* In case of success, set the potential excess room in the output buffer
@@ -2581,102 +2593,100 @@
      * such that in case the caller misses an error check, the output would be
      * an unachievable MAC.
      */
-    if( status != PSA_SUCCESS )
-    {
+    if (status != PSA_SUCCESS) {
         *mac_length = mac_size;
         operation_mac_size = 0;
     }
-    if( mac_size > operation_mac_size )
-        memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
+    if (mac_size > operation_mac_size) {
+        memset(&mac[operation_mac_size], '!', mac_size - operation_mac_size);
+    }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *input,
-                              size_t input_length,
-                              uint8_t *mac,
-                              size_t mac_size,
-                              size_t *mac_length)
-{
-    return( psa_mac_compute_internal( key, alg,
-                                      input, input_length,
-                                      mac, mac_size, mac_length, 1 ) );
-}
-
-psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
+psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
                              psa_algorithm_t alg,
                              const uint8_t *input,
                              size_t input_length,
-                             const uint8_t *mac,
-                             size_t mac_length)
+                             uint8_t *mac,
+                             size_t mac_size,
+                             size_t *mac_length)
+{
+    return psa_mac_compute_internal(key, alg,
+                                    input, input_length,
+                                    mac, mac_size, mac_length, 1);
+}
+
+psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
+                            psa_algorithm_t alg,
+                            const uint8_t *input,
+                            size_t input_length,
+                            const uint8_t *mac,
+                            size_t mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     uint8_t actual_mac[PSA_MAC_MAX_SIZE];
     size_t actual_mac_length;
 
-    status = psa_mac_compute_internal( key, alg,
-                                       input, input_length,
-                                       actual_mac, sizeof( actual_mac ),
-                                       &actual_mac_length, 0 );
-    if( status != PSA_SUCCESS )
+    status = psa_mac_compute_internal(key, alg,
+                                      input, input_length,
+                                      actual_mac, sizeof(actual_mac),
+                                      &actual_mac_length, 0);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( mac_length != actual_mac_length )
-    {
+    if (mac_length != actual_mac_length) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
-    if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
-    {
+    if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
 
 exit:
-    mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+    mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
 
-    return ( status );
+    return status;
 }
 
 /****************************************************************/
 /* Asymmetric cryptography */
 /****************************************************************/
 
-static psa_status_t psa_sign_verify_check_alg( int input_is_message,
-                                               psa_algorithm_t alg )
+static psa_status_t psa_sign_verify_check_alg(int input_is_message,
+                                              psa_algorithm_t alg)
 {
-    if( input_is_message )
-    {
-        if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    if (input_is_message) {
+        if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
 
-        if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-        {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+        if (PSA_ALG_IS_SIGN_HASH(alg)) {
+            if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
+        }
+    } else {
+        if (!PSA_ALG_IS_SIGN_HASH(alg)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
     }
-    else
-    {
-        if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
-                                       int input_is_message,
-                                       psa_algorithm_t alg,
-                                       const uint8_t * input,
-                                       size_t input_length,
-                                       uint8_t * signature,
-                                       size_t signature_size,
-                                       size_t * signature_length )
+static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
+                                      int input_is_message,
+                                      psa_algorithm_t alg,
+                                      const uint8_t *input,
+                                      size_t input_length,
+                                      uint8_t *signature,
+                                      size_t signature_size,
+                                      size_t *signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2684,50 +2694,49 @@
 
     *signature_length = 0;
 
-    status = psa_sign_verify_check_alg( input_is_message, alg );
-    if( status != PSA_SUCCESS )
+    status = psa_sign_verify_check_alg(input_is_message, alg);
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
     /* Immediately reject a zero-length signature buffer. This guarantees
      * that signature must be a valid pointer. (On the other hand, the input
      * buffer can in principle be empty since it doesn't actually have
      * to be a hash.) */
-    if( signature_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (signature_size == 0) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
     status = psa_get_and_lock_key_slot_with_policy(
-                key, &slot,
-                input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
-                                   PSA_KEY_USAGE_SIGN_HASH,
-                alg );
+        key, &slot,
+        input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
+        PSA_KEY_USAGE_SIGN_HASH,
+        alg);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
-    {
+    if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    if( input_is_message )
-    {
+    if (input_is_message) {
         status = psa_driver_wrapper_sign_message(
             &attributes, slot->key.data, slot->key.bytes,
             alg, input, input_length,
-            signature, signature_size, signature_length );
-    }
-    else
-    {
+            signature, signature_size, signature_length);
+    } else {
 
         status = psa_driver_wrapper_sign_hash(
             &attributes, slot->key.data, slot->key.bytes,
             alg, input, input_length,
-            signature, signature_size, signature_length );
+            signature, signature_size, signature_length);
     }
 
 
@@ -2736,66 +2745,66 @@
      * the trailing part on success) with something that isn't a valid signature
      * (barring an attack on the signature and deliberately-crafted input),
      * in case the caller doesn't check the return status properly. */
-    if( status == PSA_SUCCESS )
-        memset( signature + *signature_length, '!',
-                signature_size - *signature_length );
-    else
-        memset( signature, '!', signature_size );
+    if (status == PSA_SUCCESS) {
+        memset(signature + *signature_length, '!',
+               signature_size - *signature_length);
+    } else {
+        memset(signature, '!', signature_size);
+    }
     /* If signature_size is 0 then we have nothing to do. We must not call
      * memset because signature may be NULL in this case. */
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
-                                         int input_is_message,
-                                         psa_algorithm_t alg,
-                                         const uint8_t * input,
-                                         size_t input_length,
-                                         const uint8_t * signature,
-                                         size_t signature_length )
+static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
+                                        int input_is_message,
+                                        psa_algorithm_t alg,
+                                        const uint8_t *input,
+                                        size_t input_length,
+                                        const uint8_t *signature,
+                                        size_t signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
-    status = psa_sign_verify_check_alg( input_is_message, alg );
-    if( status != PSA_SUCCESS )
+    status = psa_sign_verify_check_alg(input_is_message, alg);
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
     status = psa_get_and_lock_key_slot_with_policy(
-                key, &slot,
-                input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
-                                   PSA_KEY_USAGE_VERIFY_HASH,
-                alg );
+        key, &slot,
+        input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
+        PSA_KEY_USAGE_VERIFY_HASH,
+        alg);
 
-    if( status != PSA_SUCCESS )
-        return( status );
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    if( input_is_message )
-    {
+    if (input_is_message) {
         status = psa_driver_wrapper_verify_message(
             &attributes, slot->key.data, slot->key.bytes,
             alg, input, input_length,
-            signature, signature_length );
-    }
-    else
-    {
+            signature, signature_length);
+    } else {
         status = psa_driver_wrapper_verify_hash(
             &attributes, slot->key.data, slot->key.bytes,
             alg, input, input_length,
-            signature, signature_length );
+            signature, signature_length);
     }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 
 }
 
@@ -2808,43 +2817,43 @@
     size_t input_length,
     uint8_t *signature,
     size_t signature_size,
-    size_t *signature_length )
+    size_t *signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-    {
+    if (PSA_ALG_IS_SIGN_HASH(alg)) {
         size_t hash_length;
         uint8_t hash[PSA_HASH_MAX_SIZE];
 
         status = psa_driver_wrapper_hash_compute(
-                    PSA_ALG_SIGN_GET_HASH( alg ),
-                    input, input_length,
-                    hash, sizeof( hash ), &hash_length );
+            PSA_ALG_SIGN_GET_HASH(alg),
+            input, input_length,
+            hash, sizeof(hash), &hash_length);
 
-        if( status != PSA_SUCCESS )
+        if (status != PSA_SUCCESS) {
             return status;
+        }
 
         return psa_driver_wrapper_sign_hash(
-                    attributes, key_buffer, key_buffer_size,
-                    alg, hash, hash_length,
-                    signature, signature_size, signature_length );
+            attributes, key_buffer, key_buffer_size,
+            alg, hash, hash_length,
+            signature, signature_size, signature_length);
     }
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t * input,
-                               size_t input_length,
-                               uint8_t * signature,
-                               size_t signature_size,
-                               size_t * signature_length )
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+                              psa_algorithm_t alg,
+                              const uint8_t *input,
+                              size_t input_length,
+                              uint8_t *signature,
+                              size_t signature_size,
+                              size_t *signature_length)
 {
     return psa_sign_internal(
         key, 1, alg, input, input_length,
-        signature, signature_size, signature_length );
+        signature, signature_size, signature_length);
 }
 
 psa_status_t psa_verify_message_builtin(
@@ -2855,191 +2864,173 @@
     const uint8_t *input,
     size_t input_length,
     const uint8_t *signature,
-    size_t signature_length )
+    size_t signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-    {
+    if (PSA_ALG_IS_SIGN_HASH(alg)) {
         size_t hash_length;
         uint8_t hash[PSA_HASH_MAX_SIZE];
 
         status = psa_driver_wrapper_hash_compute(
-                    PSA_ALG_SIGN_GET_HASH( alg ),
-                    input, input_length,
-                    hash, sizeof( hash ), &hash_length );
+            PSA_ALG_SIGN_GET_HASH(alg),
+            input, input_length,
+            hash, sizeof(hash), &hash_length);
 
-        if( status != PSA_SUCCESS )
+        if (status != PSA_SUCCESS) {
             return status;
+        }
 
         return psa_driver_wrapper_verify_hash(
-                    attributes, key_buffer, key_buffer_size,
-                    alg, hash, hash_length,
-                    signature, signature_length );
+            attributes, key_buffer, key_buffer_size,
+            alg, hash, hash_length,
+            signature, signature_length);
     }
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t * input,
-                                 size_t input_length,
-                                 const uint8_t * signature,
-                                 size_t signature_length )
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+                                psa_algorithm_t alg,
+                                const uint8_t *input,
+                                size_t input_length,
+                                const uint8_t *signature,
+                                size_t signature_length)
 {
     return psa_verify_internal(
         key, 1, alg, input, input_length,
-        signature, signature_length );
+        signature, signature_length);
 }
 
 psa_status_t psa_sign_hash_builtin(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
+    uint8_t *signature, size_t signature_size, size_t *signature_length)
 {
-    if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
-        if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
-            PSA_ALG_IS_RSA_PSS( alg) )
-        {
+    if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+        if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+            PSA_ALG_IS_RSA_PSS(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-            return( mbedtls_psa_rsa_sign_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_size, signature_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+            return mbedtls_psa_rsa_sign_hash(
+                attributes,
+                key_buffer, key_buffer_size,
+                alg, hash, hash_length,
+                signature, signature_size, signature_length);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+        } else {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-    else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_ECDSA( alg ) )
-        {
+    } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+        if (PSA_ALG_IS_ECDSA(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-            return( mbedtls_psa_ecdsa_sign_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_size, signature_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+            return mbedtls_psa_ecdsa_sign_hash(
+                attributes,
+                key_buffer, key_buffer_size,
+                alg, hash, hash_length,
+                signature, signature_size, signature_length);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
+        } else {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
     }
 
-    (void)key_buffer;
-    (void)key_buffer_size;
-    (void)hash;
-    (void)hash_length;
-    (void)signature;
-    (void)signature_size;
-    (void)signature_length;
+    (void) key_buffer;
+    (void) key_buffer_size;
+    (void) hash;
+    (void) hash_length;
+    (void) signature;
+    (void) signature_size;
+    (void) signature_length;
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
-                            psa_algorithm_t alg,
-                            const uint8_t *hash,
-                            size_t hash_length,
-                            uint8_t *signature,
-                            size_t signature_size,
-                            size_t *signature_length )
+psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
+                           psa_algorithm_t alg,
+                           const uint8_t *hash,
+                           size_t hash_length,
+                           uint8_t *signature,
+                           size_t signature_size,
+                           size_t *signature_length)
 {
     return psa_sign_internal(
         key, 0, alg, hash, hash_length,
-        signature, signature_size, signature_length );
+        signature, signature_size, signature_length);
 }
 
 psa_status_t psa_verify_hash_builtin(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
+    const uint8_t *signature, size_t signature_length)
 {
-    if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
-            PSA_ALG_IS_RSA_PSS( alg) )
-        {
+    if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
+        if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
+            PSA_ALG_IS_RSA_PSS(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-            return( mbedtls_psa_rsa_verify_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
+            return mbedtls_psa_rsa_verify_hash(
+                attributes,
+                key_buffer, key_buffer_size,
+                alg, hash, hash_length,
+                signature, signature_length);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+        } else {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-    else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_ECDSA( alg ) )
-        {
+    } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
+        if (PSA_ALG_IS_ECDSA(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-            return( mbedtls_psa_ecdsa_verify_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_length ) );
+            defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+            return mbedtls_psa_ecdsa_verify_hash(
+                attributes,
+                key_buffer, key_buffer_size,
+                alg, hash, hash_length,
+                signature, signature_length);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
+        } else {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
     }
 
-    (void)key_buffer;
-    (void)key_buffer_size;
-    (void)hash;
-    (void)hash_length;
-    (void)signature;
-    (void)signature_length;
+    (void) key_buffer;
+    (void) key_buffer_size;
+    (void) hash;
+    (void) hash_length;
+    (void) signature;
+    (void) signature_length;
 
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *hash,
-                              size_t hash_length,
-                              const uint8_t *signature,
-                              size_t signature_length )
+psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
+                             psa_algorithm_t alg,
+                             const uint8_t *hash,
+                             size_t hash_length,
+                             const uint8_t *signature,
+                             size_t signature_length)
 {
     return psa_verify_internal(
         key, 0, alg, hash, hash_length,
-        signature, signature_length );
+        signature, signature_length);
 }
 
-psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg,
-                                     const uint8_t *input,
-                                     size_t input_length,
-                                     const uint8_t *salt,
-                                     size_t salt_length,
-                                     uint8_t *output,
-                                     size_t output_size,
-                                     size_t *output_length )
+psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg,
+                                    const uint8_t *input,
+                                    size_t input_length,
+                                    const uint8_t *salt,
+                                    size_t salt_length,
+                                    uint8_t *output,
+                                    size_t output_size,
+                                    size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3053,43 +3044,44 @@
 
     *output_length = 0;
 
-    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ||
-            PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
-    {
+        key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+    if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) ||
+          PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
     status = psa_driver_wrapper_asymmetric_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, input, input_length, salt, salt_length,
-        output, output_size, output_length );
+        output, output_size, output_length);
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg,
-                                     const uint8_t *input,
-                                     size_t input_length,
-                                     const uint8_t *salt,
-                                     size_t salt_length,
-                                     uint8_t *output,
-                                     size_t output_size,
-                                     size_t *output_length )
+psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg,
+                                    const uint8_t *input,
+                                    size_t input_length,
+                                    const uint8_t *salt,
+                                    size_t salt_length,
+                                    uint8_t *output,
+                                    size_t output_size,
+                                    size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3103,32 +3095,33 @@
 
     *output_length = 0;
 
-    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
-    {
+        key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+    if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
     status = psa_driver_wrapper_asymmetric_decrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, input, input_length, salt, salt_length,
-        output, output_size, output_length );
+        output, output_size, output_length);
 
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 
@@ -3137,277 +3130,266 @@
 /* Symmetric cryptography */
 /****************************************************************/
 
-static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
-                                      mbedtls_svc_key_id_t key,
-                                      psa_algorithm_t alg,
-                                      mbedtls_operation_t cipher_operation )
+static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
+                                     mbedtls_svc_key_id_t key,
+                                     psa_algorithm_t alg,
+                                     mbedtls_operation_t cipher_operation)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
-    psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
-                              PSA_KEY_USAGE_ENCRYPT :
-                              PSA_KEY_USAGE_DECRYPT );
+    psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
+                             PSA_KEY_USAGE_ENCRYPT :
+                             PSA_KEY_USAGE_DECRYPT);
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
+    if (operation->id != 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
+    if (!PSA_ALG_IS_CIPHER(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
-    if( status != PSA_SUCCESS )
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Initialize the operation struct members, except for id. The id member
      * is used to indicate to psa_cipher_abort that there are resources to free,
      * so we only set it (in the driver wrapper) after resources have been
      * allocated/initialized. */
     operation->iv_set = 0;
-    if( alg == PSA_ALG_ECB_NO_PADDING )
+    if (alg == PSA_ALG_ECB_NO_PADDING) {
         operation->iv_required = 0;
-    else
+    } else {
         operation->iv_required = 1;
-    operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
+    }
+    operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
     /* Try doing the operation through a driver before using software fallback. */
-    if( cipher_operation == MBEDTLS_ENCRYPT )
-        status = psa_driver_wrapper_cipher_encrypt_setup( operation,
-                                                          &attributes,
-                                                          slot->key.data,
-                                                          slot->key.bytes,
-                                                          alg );
-    else
-        status = psa_driver_wrapper_cipher_decrypt_setup( operation,
-                                                          &attributes,
-                                                          slot->key.data,
-                                                          slot->key.bytes,
-                                                          alg );
+    if (cipher_operation == MBEDTLS_ENCRYPT) {
+        status = psa_driver_wrapper_cipher_encrypt_setup(operation,
+                                                         &attributes,
+                                                         slot->key.data,
+                                                         slot->key.bytes,
+                                                         alg);
+    } else {
+        status = psa_driver_wrapper_cipher_decrypt_setup(operation,
+                                                         &attributes,
+                                                         slot->key.data,
+                                                         slot->key.bytes,
+                                                         alg);
+    }
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_cipher_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_cipher_abort(operation);
+    }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
-                                       mbedtls_svc_key_id_t key,
-                                       psa_algorithm_t alg )
+psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
+                                      mbedtls_svc_key_id_t key,
+                                      psa_algorithm_t alg)
 {
-    return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) );
+    return psa_cipher_setup(operation, key, alg, MBEDTLS_ENCRYPT);
 }
 
-psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
-                                       mbedtls_svc_key_id_t key,
-                                       psa_algorithm_t alg )
+psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
+                                      mbedtls_svc_key_id_t key,
+                                      psa_algorithm_t alg)
 {
-    return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) );
+    return psa_cipher_setup(operation, key, alg, MBEDTLS_DECRYPT);
 }
 
-psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
-                                     uint8_t *iv,
-                                     size_t iv_size,
-                                     size_t *iv_length )
+psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
+                                    uint8_t *iv,
+                                    size_t iv_size,
+                                    size_t *iv_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
     size_t default_iv_length;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->iv_set || ! operation->iv_required )
-    {
+    if (operation->iv_set || !operation->iv_required) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
     default_iv_length = operation->default_iv_length;
-    if( iv_size < default_iv_length )
-    {
+    if (iv_size < default_iv_length) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
+    if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
         status = PSA_ERROR_GENERIC_ERROR;
         goto exit;
     }
 
-    status = psa_generate_random( local_iv, default_iv_length );
-    if( status != PSA_SUCCESS )
+    status = psa_generate_random(local_iv, default_iv_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_driver_wrapper_cipher_set_iv( operation,
-                                               local_iv, default_iv_length );
+    status = psa_driver_wrapper_cipher_set_iv(operation,
+                                              local_iv, default_iv_length);
 
 exit:
-    if( status == PSA_SUCCESS )
-    {
-        memcpy( iv, local_iv, default_iv_length );
+    if (status == PSA_SUCCESS) {
+        memcpy(iv, local_iv, default_iv_length);
         *iv_length = default_iv_length;
         operation->iv_set = 1;
-    }
-    else
-    {
+    } else {
         *iv_length = 0;
-        psa_cipher_abort( operation );
+        psa_cipher_abort(operation);
     }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
-                                const uint8_t *iv,
-                                size_t iv_length )
+psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
+                               const uint8_t *iv,
+                               size_t iv_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->iv_set || ! operation->iv_required )
-    {
+    if (operation->iv_set || !operation->iv_required) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
+    if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    status = psa_driver_wrapper_cipher_set_iv( operation,
-                                               iv,
-                                               iv_length );
+    status = psa_driver_wrapper_cipher_set_iv(operation,
+                                              iv,
+                                              iv_length);
 
 exit:
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->iv_set = 1;
-    else
-        psa_cipher_abort( operation );
-    return( status );
+    } else {
+        psa_cipher_abort(operation);
+    }
+    return status;
 }
 
-psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
-                                const uint8_t *input,
-                                size_t input_length,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length )
+psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
+                               const uint8_t *input,
+                               size_t input_length,
+                               uint8_t *output,
+                               size_t output_size,
+                               size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->iv_required && ! operation->iv_set )
-    {
+    if (operation->iv_required && !operation->iv_set) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_driver_wrapper_cipher_update( operation,
-                                               input,
-                                               input_length,
-                                               output,
-                                               output_size,
-                                               output_length );
+    status = psa_driver_wrapper_cipher_update(operation,
+                                              input,
+                                              input_length,
+                                              output,
+                                              output_size,
+                                              output_length);
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_cipher_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_cipher_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length )
+psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
+                               uint8_t *output,
+                               size_t output_size,
+                               size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->iv_required && ! operation->iv_set )
-    {
+    if (operation->iv_required && !operation->iv_set) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_driver_wrapper_cipher_finish( operation,
-                                               output,
-                                               output_size,
-                                               output_length );
+    status = psa_driver_wrapper_cipher_finish(operation,
+                                              output,
+                                              output_size,
+                                              output_length);
 
 exit:
-    if( status == PSA_SUCCESS )
-        return( psa_cipher_abort( operation ) );
-    else
-    {
+    if (status == PSA_SUCCESS) {
+        return psa_cipher_abort(operation);
+    } else {
         *output_length = 0;
-        (void) psa_cipher_abort( operation );
+        (void) psa_cipher_abort(operation);
 
-        return( status );
+        return status;
     }
 }
 
-psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
+psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
 {
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         /* The object has (apparently) been initialized but it is not (yet)
          * in use. It's ok to call abort on such an object, and there's
          * nothing to do. */
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
     }
 
-    psa_driver_wrapper_cipher_abort( operation );
+    psa_driver_wrapper_cipher_abort(operation);
 
     operation->id = 0;
     operation->iv_set = 0;
     operation->iv_required = 0;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t *input,
-                                 size_t input_length,
-                                 uint8_t *output,
-                                 size_t output_size,
-                                 size_t *output_length )
+psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
+                                psa_algorithm_t alg,
+                                const uint8_t *input,
+                                size_t input_length,
+                                uint8_t *output,
+                                size_t output_size,
+                                size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3415,100 +3397,97 @@
     uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
     size_t default_iv_length = 0;
 
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
+    if (!PSA_ALG_IS_CIPHER(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_ENCRYPT,
-                                                    alg );
-    if( status != PSA_SUCCESS )
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+                                                   PSA_KEY_USAGE_ENCRYPT,
+                                                   alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
-    if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
+    default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
+    if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
         status = PSA_ERROR_GENERIC_ERROR;
         goto exit;
     }
 
-    if( default_iv_length > 0 )
-    {
-        if( output_size < default_iv_length )
-        {
+    if (default_iv_length > 0) {
+        if (output_size < default_iv_length) {
             status = PSA_ERROR_BUFFER_TOO_SMALL;
             goto exit;
         }
 
-        status = psa_generate_random( local_iv, default_iv_length );
-        if( status != PSA_SUCCESS )
+        status = psa_generate_random(local_iv, default_iv_length);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
     status = psa_driver_wrapper_cipher_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, local_iv, default_iv_length, input, input_length,
-        mbedtls_buffer_offset( output, default_iv_length ),
-        output_size - default_iv_length, output_length );
+        mbedtls_buffer_offset(output, default_iv_length),
+        output_size - default_iv_length, output_length);
 
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
-    if( status == PSA_SUCCESS )
+    unlock_status = psa_unlock_key_slot(slot);
+    if (status == PSA_SUCCESS) {
         status = unlock_status;
-
-    if( status == PSA_SUCCESS )
-    {
-        if( default_iv_length > 0 )
-            memcpy( output, local_iv, default_iv_length );
-        *output_length += default_iv_length;
     }
-    else
-        *output_length = 0;
 
-    return( status );
+    if (status == PSA_SUCCESS) {
+        if (default_iv_length > 0) {
+            memcpy(output, local_iv, default_iv_length);
+        }
+        *output_length += default_iv_length;
+    } else {
+        *output_length = 0;
+    }
+
+    return status;
 }
 
-psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t *input,
-                                 size_t input_length,
-                                 uint8_t *output,
-                                 size_t output_size,
-                                 size_t *output_length )
+psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
+                                psa_algorithm_t alg,
+                                const uint8_t *input,
+                                size_t input_length,
+                                uint8_t *output,
+                                size_t output_size,
+                                size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
 
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
+    if (!PSA_ALG_IS_CIPHER(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_DECRYPT,
-                                                    alg );
-    if( status != PSA_SUCCESS )
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot,
+                                                   PSA_KEY_USAGE_DECRYPT,
+                                                   alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
-    {
+    if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
+        input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
-    }
-    else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
-    {
+    } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
@@ -3516,17 +3495,19 @@
     status = psa_driver_wrapper_cipher_decrypt(
         &attributes, slot->key.data, slot->key.bytes,
         alg, input, input_length,
-        output, output_size, output_length );
+        output, output_size, output_length);
 
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
-    if( status == PSA_SUCCESS )
+    unlock_status = psa_unlock_key_slot(slot);
+    if (status == PSA_SUCCESS) {
         status = unlock_status;
+    }
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         *output_length = 0;
+    }
 
-    return( status );
+    return status;
 }
 
 
@@ -3535,94 +3516,100 @@
 /****************************************************************/
 
 /* Helper function to get the base algorithm from its variants. */
-static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg )
+static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
 {
-    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
+    return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
 }
 
 /* Helper function to perform common nonce length checks. */
-static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
-                                                 size_t nonce_length )
+static psa_status_t psa_aead_check_nonce_length(psa_algorithm_t alg,
+                                                size_t nonce_length)
 {
-    psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
+    psa_algorithm_t base_alg = psa_aead_get_base_algorithm(alg);
 
-    switch(base_alg)
-    {
+    switch (base_alg) {
 #if defined(PSA_WANT_ALG_GCM)
         case PSA_ALG_GCM:
             /* Not checking max nonce size here as GCM spec allows almost
-            * arbitrarily large nonces. Please note that we do not generally
-            * recommend the usage of nonces of greater length than
-            * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
-            * size, which can then lead to collisions if you encrypt a very
-            * large number of messages.*/
-            if( nonce_length != 0 )
-                return( PSA_SUCCESS );
+             * arbitrarily large nonces. Please note that we do not generally
+             * recommend the usage of nonces of greater length than
+             * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
+             * size, which can then lead to collisions if you encrypt a very
+             * large number of messages.*/
+            if (nonce_length != 0) {
+                return PSA_SUCCESS;
+            }
             break;
 #endif /* PSA_WANT_ALG_GCM */
 #if defined(PSA_WANT_ALG_CCM)
         case PSA_ALG_CCM:
-            if( nonce_length >= 7 && nonce_length <= 13 )
-                return( PSA_SUCCESS );
+            if (nonce_length >= 7 && nonce_length <= 13) {
+                return PSA_SUCCESS;
+            }
             break;
 #endif /* PSA_WANT_ALG_CCM */
 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
         case PSA_ALG_CHACHA20_POLY1305:
-            if( nonce_length == 12 )
-                return( PSA_SUCCESS );
-            else if( nonce_length == 8 )
-                return( PSA_ERROR_NOT_SUPPORTED );
+            if (nonce_length == 12) {
+                return PSA_SUCCESS;
+            } else if (nonce_length == 8) {
+                return PSA_ERROR_NOT_SUPPORTED;
+            }
             break;
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
         default:
             (void) nonce_length;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return( PSA_ERROR_INVALID_ARGUMENT );
+    return PSA_ERROR_INVALID_ARGUMENT;
 }
 
-static psa_status_t psa_aead_check_algorithm( psa_algorithm_t alg )
+static psa_status_t psa_aead_check_algorithm(psa_algorithm_t alg)
 {
-    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_AEAD(alg) || PSA_ALG_IS_WILDCARD(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t *nonce,
-                               size_t nonce_length,
-                               const uint8_t *additional_data,
-                               size_t additional_data_length,
-                               const uint8_t *plaintext,
-                               size_t plaintext_length,
-                               uint8_t *ciphertext,
-                               size_t ciphertext_size,
-                               size_t *ciphertext_length )
+psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
+                              psa_algorithm_t alg,
+                              const uint8_t *nonce,
+                              size_t nonce_length,
+                              const uint8_t *additional_data,
+                              size_t additional_data_length,
+                              const uint8_t *plaintext,
+                              size_t plaintext_length,
+                              uint8_t *ciphertext,
+                              size_t ciphertext_size,
+                              size_t *ciphertext_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
     *ciphertext_length = 0;
 
-    status = psa_aead_check_algorithm( alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_aead_check_algorithm(alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+        key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    status = psa_aead_check_nonce_length( alg, nonce_length );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_check_nonce_length(alg, nonce_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     status = psa_driver_wrapper_aead_encrypt(
         &attributes, slot->key.data, slot->key.bytes,
@@ -3630,50 +3617,54 @@
         nonce, nonce_length,
         additional_data, additional_data_length,
         plaintext, plaintext_length,
-        ciphertext, ciphertext_size, ciphertext_length );
+        ciphertext, ciphertext_size, ciphertext_length);
 
-    if( status != PSA_SUCCESS && ciphertext_size != 0 )
-        memset( ciphertext, 0, ciphertext_size );
+    if (status != PSA_SUCCESS && ciphertext_size != 0) {
+        memset(ciphertext, 0, ciphertext_size);
+    }
 
 exit:
-    psa_unlock_key_slot( slot );
+    psa_unlock_key_slot(slot);
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t *nonce,
-                               size_t nonce_length,
-                               const uint8_t *additional_data,
-                               size_t additional_data_length,
-                               const uint8_t *ciphertext,
-                               size_t ciphertext_length,
-                               uint8_t *plaintext,
-                               size_t plaintext_size,
-                               size_t *plaintext_length )
+psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
+                              psa_algorithm_t alg,
+                              const uint8_t *nonce,
+                              size_t nonce_length,
+                              const uint8_t *additional_data,
+                              size_t additional_data_length,
+                              const uint8_t *ciphertext,
+                              size_t ciphertext_length,
+                              uint8_t *plaintext,
+                              size_t plaintext_size,
+                              size_t *plaintext_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
     *plaintext_length = 0;
 
-    status = psa_aead_check_algorithm( alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_aead_check_algorithm(alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+        key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    status = psa_aead_check_nonce_length( alg, nonce_length );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_check_nonce_length(alg, nonce_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     status = psa_driver_wrapper_aead_decrypt(
         &attributes, slot->key.data, slot->key.bytes,
@@ -3681,151 +3672,158 @@
         nonce, nonce_length,
         additional_data, additional_data_length,
         ciphertext, ciphertext_length,
-        plaintext, plaintext_size, plaintext_length );
+        plaintext, plaintext_size, plaintext_length);
 
-    if( status != PSA_SUCCESS && plaintext_size != 0 )
-        memset( plaintext, 0, plaintext_size );
+    if (status != PSA_SUCCESS && plaintext_size != 0) {
+        memset(plaintext, 0, plaintext_size);
+    }
 
 exit:
-    psa_unlock_key_slot( slot );
+    psa_unlock_key_slot(slot);
 
-    return( status );
+    return status;
 }
 
-static psa_status_t psa_validate_tag_length( psa_algorithm_t alg ) {
-    const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg );
+static psa_status_t psa_validate_tag_length(psa_algorithm_t alg)
+{
+    const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
 
-    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
-    {
+    switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
 #if defined(PSA_WANT_ALG_CCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
             /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/
-            if( tag_len < 4 || tag_len > 16 || tag_len % 2 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (tag_len < 4 || tag_len > 16 || tag_len % 2) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif /* PSA_WANT_ALG_CCM */
 
 #if defined(PSA_WANT_ALG_GCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
             /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */
-            if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (tag_len != 4 && tag_len != 8 && (tag_len < 12 || tag_len > 16)) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif /* PSA_WANT_ALG_GCM */
 
 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
             /* We only support the default tag length. */
-            if( tag_len != 16 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (tag_len != 16) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
             break;
 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
 
         default:
             (void) tag_len;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /* Set the key for a multipart authenticated operation. */
-static psa_status_t psa_aead_setup( psa_aead_operation_t *operation,
-                                    int is_encrypt,
-                                    mbedtls_svc_key_id_t key,
-                                    psa_algorithm_t alg )
+static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
+                                   int is_encrypt,
+                                   mbedtls_svc_key_id_t key,
+                                   psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
     psa_key_usage_t key_usage = 0;
 
-    status = psa_aead_check_algorithm( alg );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_check_algorithm(alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( operation->id != 0 )
-    {
+    if (operation->id != 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->nonce_set || operation->lengths_set ||
-        operation->ad_started || operation->body_started )
-    {
+    if (operation->nonce_set || operation->lengths_set ||
+        operation->ad_started || operation->body_started) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( is_encrypt )
+    if (is_encrypt) {
         key_usage = PSA_KEY_USAGE_ENCRYPT;
-    else
+    } else {
         key_usage = PSA_KEY_USAGE_DECRYPT;
+    }
 
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage,
-                                                    alg );
-    if( status != PSA_SUCCESS )
+    status = psa_get_and_lock_key_slot_with_policy(key, &slot, key_usage,
+                                                   alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };
 
-    if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS )
+    if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( is_encrypt )
-        status = psa_driver_wrapper_aead_encrypt_setup( operation,
-                                                        &attributes,
-                                                        slot->key.data,
-                                                        slot->key.bytes,
-                                                        alg );
-    else
-        status = psa_driver_wrapper_aead_decrypt_setup( operation,
-                                                        &attributes,
-                                                        slot->key.data,
-                                                        slot->key.bytes,
-                                                        alg );
-    if( status != PSA_SUCCESS )
+    if (is_encrypt) {
+        status = psa_driver_wrapper_aead_encrypt_setup(operation,
+                                                       &attributes,
+                                                       slot->key.data,
+                                                       slot->key.bytes,
+                                                       alg);
+    } else {
+        status = psa_driver_wrapper_aead_decrypt_setup(operation,
+                                                       &attributes,
+                                                       slot->key.data,
+                                                       slot->key.bytes,
+                                                       alg);
+    }
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    operation->key_type = psa_get_key_type( &attributes );
+    operation->key_type = psa_get_key_type(&attributes);
 
 exit:
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    if( status == PSA_SUCCESS )
-    {
+    if (status == PSA_SUCCESS) {
         status = unlock_status;
-        operation->alg = psa_aead_get_base_algorithm( alg );
+        operation->alg = psa_aead_get_base_algorithm(alg);
         operation->is_encrypt = is_encrypt;
+    } else {
+        psa_aead_abort(operation);
     }
-    else
-        psa_aead_abort( operation );
 
-    return( status );
+    return status;
 }
 
 /* Set the key for a multipart authenticated encryption operation. */
-psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
-                                     mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg )
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+                                    mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg)
 {
-    return( psa_aead_setup( operation, 1, key, alg ) );
+    return psa_aead_setup(operation, 1, key, alg);
 }
 
 /* Set the key for a multipart authenticated decryption operation. */
-psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
-                                     mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg )
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+                                    mbedtls_svc_key_id_t key,
+                                    psa_algorithm_t alg)
 {
-    return( psa_aead_setup( operation, 0, key, alg ) );
+    return psa_aead_setup(operation, 0, key, alg);
 }
 
 /* Generate a random nonce / IV for multipart AEAD operation */
-psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
-                                      uint8_t *nonce,
-                                      size_t nonce_size,
-                                      size_t *nonce_length )
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+                                     uint8_t *nonce,
+                                     size_t nonce_size,
+                                     size_t *nonce_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
@@ -3833,14 +3831,12 @@
 
     *nonce_length = 0;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->nonce_set || !operation->is_encrypt )
-    {
+    if (operation->nonce_set || !operation->is_encrypt) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
@@ -3854,102 +3850,95 @@
      * However this restriction that L has to be the smallest integer is not
      * applied in practice, and it is not implementable here since the
      * plaintext length may or may not be known at this time. */
-    required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type,
-                                                 operation->alg );
-    if( nonce_size < required_nonce_size )
-    {
+    required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type,
+                                                operation->alg);
+    if (nonce_size < required_nonce_size) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    status = psa_generate_random( local_nonce, required_nonce_size );
-    if( status != PSA_SUCCESS )
+    status = psa_generate_random(local_nonce, required_nonce_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
+    status = psa_aead_set_nonce(operation, local_nonce, required_nonce_size);
 
 exit:
-    if( status == PSA_SUCCESS )
-    {
-        memcpy( nonce, local_nonce, required_nonce_size );
+    if (status == PSA_SUCCESS) {
+        memcpy(nonce, local_nonce, required_nonce_size);
         *nonce_length = required_nonce_size;
+    } else {
+        psa_aead_abort(operation);
     }
-    else
-        psa_aead_abort( operation );
 
-    return( status );
+    return status;
 }
 
 /* Set the nonce for a multipart authenticated encryption or decryption
    operation.*/
-psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
-                                 const uint8_t *nonce,
-                                 size_t nonce_length )
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+                                const uint8_t *nonce,
+                                size_t nonce_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->nonce_set )
-    {
+    if (operation->nonce_set) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_aead_check_nonce_length( operation->alg, nonce_length );
-    if( status != PSA_SUCCESS )
-    {
+    status = psa_aead_check_nonce_length(operation->alg, nonce_length);
+    if (status != PSA_SUCCESS) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
-                                                nonce_length );
+    status = psa_driver_wrapper_aead_set_nonce(operation, nonce,
+                                               nonce_length);
 
 exit:
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->nonce_set = 1;
-    else
-        psa_aead_abort( operation );
+    } else {
+        psa_aead_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
 /* Declare the lengths of the message and additional data for multipart AEAD. */
-psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
-                                   size_t ad_length,
-                                   size_t plaintext_length )
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+                                  size_t ad_length,
+                                  size_t plaintext_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->lengths_set || operation->ad_started ||
-        operation->body_started )
-    {
+    if (operation->lengths_set || operation->ad_started ||
+        operation->body_started) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    switch(operation->alg)
-    {
+    switch (operation->alg) {
 #if defined(PSA_WANT_ALG_GCM)
         case PSA_ALG_GCM:
             /* Lengths can only be too large for GCM if size_t is bigger than 32
-            * bits. Without the guard this code will generate warnings on 32bit
-            * builds. */
+             * bits. Without the guard this code will generate warnings on 32bit
+             * builds. */
 #if SIZE_MAX > UINT32_MAX
-            if( (( uint64_t ) ad_length ) >> 61 != 0 ||
-                (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
-            {
+            if (((uint64_t) ad_length) >> 61 != 0 ||
+                ((uint64_t) plaintext_length) > 0xFFFFFFFE0ull) {
                 status = PSA_ERROR_INVALID_ARGUMENT;
                 goto exit;
             }
@@ -3958,8 +3947,7 @@
 #endif /* PSA_WANT_ALG_GCM */
 #if defined(PSA_WANT_ALG_CCM)
         case PSA_ALG_CCM:
-            if( ad_length > 0xFF00 )
-            {
+            if (ad_length > 0xFF00) {
                 status = PSA_ERROR_INVALID_ARGUMENT;
                 goto exit;
             }
@@ -3974,45 +3962,40 @@
             break;
     }
 
-    status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
-                                                  plaintext_length );
+    status = psa_driver_wrapper_aead_set_lengths(operation, ad_length,
+                                                 plaintext_length);
 
 exit:
-    if( status == PSA_SUCCESS )
-    {
+    if (status == PSA_SUCCESS) {
         operation->ad_remaining = ad_length;
         operation->body_remaining = plaintext_length;
         operation->lengths_set = 1;
+    } else {
+        psa_aead_abort(operation);
     }
-    else
-        psa_aead_abort( operation );
 
-    return( status );
+    return status;
 }
 
 /* Pass additional data to an active multipart AEAD operation. */
-psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
-                                 const uint8_t *input,
-                                 size_t input_length )
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+                                const uint8_t *input,
+                                size_t input_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( !operation->nonce_set || operation->body_started )
-    {
+    if (!operation->nonce_set || operation->body_started) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->lengths_set )
-    {
-        if( operation->ad_remaining < input_length )
-        {
+    if (operation->lengths_set) {
+        if (operation->ad_remaining < input_length) {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto exit;
         }
@@ -4020,63 +4003,58 @@
         operation->ad_remaining -= input_length;
     }
 #if defined(PSA_WANT_ALG_CCM)
-    else if( operation->alg == PSA_ALG_CCM )
-    {
+    else if (operation->alg == PSA_ALG_CCM) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 #endif /* PSA_WANT_ALG_CCM */
 
-    status = psa_driver_wrapper_aead_update_ad( operation, input,
-                                                input_length );
+    status = psa_driver_wrapper_aead_update_ad(operation, input,
+                                               input_length);
 
 exit:
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->ad_started = 1;
-    else
-        psa_aead_abort( operation );
+    } else {
+        psa_aead_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
    operation.*/
-psa_status_t psa_aead_update( psa_aead_operation_t *operation,
-                              const uint8_t *input,
-                              size_t input_length,
-                              uint8_t *output,
-                              size_t output_size,
-                              size_t *output_length )
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+                             const uint8_t *input,
+                             size_t input_length,
+                             uint8_t *output,
+                             size_t output_size,
+                             size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *output_length = 0;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( !operation->nonce_set )
-    {
+    if (!operation->nonce_set) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    if( operation->lengths_set )
-    {
+    if (operation->lengths_set) {
         /* Additional data length was supplied, but not all the additional
            data was supplied.*/
-        if( operation->ad_remaining != 0 )
-        {
+        if (operation->ad_remaining != 0) {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto exit;
         }
 
         /* Too much data provided. */
-        if( operation->body_remaining < input_length )
-        {
+        if (operation->body_remaining < input_length) {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto exit;
         }
@@ -4084,66 +4062,68 @@
         operation->body_remaining -= input_length;
     }
 #if defined(PSA_WANT_ALG_CCM)
-    else if( operation->alg == PSA_ALG_CCM )
-    {
+    else if (operation->alg == PSA_ALG_CCM) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 #endif /* PSA_WANT_ALG_CCM */
 
-    status = psa_driver_wrapper_aead_update( operation, input, input_length,
-                                             output, output_size,
-                                             output_length );
+    status = psa_driver_wrapper_aead_update(operation, input, input_length,
+                                            output, output_size,
+                                            output_length);
 
 exit:
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->body_started = 1;
-    else
-        psa_aead_abort( operation );
+    } else {
+        psa_aead_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
-static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation )
+static psa_status_t psa_aead_final_checks(const psa_aead_operation_t *operation)
 {
-    if( operation->id == 0 || !operation->nonce_set )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->id == 0 || !operation->nonce_set) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( operation->lengths_set && ( operation->ad_remaining != 0 ||
-                                   operation->body_remaining != 0 ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (operation->lengths_set && (operation->ad_remaining != 0 ||
+                                   operation->body_remaining != 0)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
-psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
-                              uint8_t *ciphertext,
-                              size_t ciphertext_size,
-                              size_t *ciphertext_length,
-                              uint8_t *tag,
-                              size_t tag_size,
-                              size_t *tag_length )
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+                             uint8_t *ciphertext,
+                             size_t ciphertext_size,
+                             size_t *ciphertext_length,
+                             uint8_t *tag,
+                             size_t tag_size,
+                             size_t *tag_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *ciphertext_length = 0;
     *tag_length = tag_size;
 
-    status = psa_aead_final_checks( operation );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_final_checks(operation);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( !operation->is_encrypt )
-    {
+    if (!operation->is_encrypt) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_driver_wrapper_aead_finish( operation, ciphertext,
-                                             ciphertext_size,
-                                             ciphertext_length,
-                                             tag, tag_size, tag_length );
+    status = psa_driver_wrapper_aead_finish(operation, ciphertext,
+                                            ciphertext_size,
+                                            ciphertext_length,
+                                            tag, tag_size, tag_length);
 
 exit:
     /* In case the operation fails and the user fails to check for failure or
@@ -4151,71 +4131,70 @@
      * Even if the operation succeeds, make sure we clear the rest of the
      * buffer to prevent potential leakage of anything previously placed in
      * the same buffer.*/
-    if( tag != NULL )
-    {
-        if( status != PSA_SUCCESS )
-            memset( tag, '!', tag_size );
-        else if( *tag_length < tag_size )
-            memset( tag + *tag_length, '!', ( tag_size - *tag_length ) );
+    if (tag != NULL) {
+        if (status != PSA_SUCCESS) {
+            memset(tag, '!', tag_size);
+        } else if (*tag_length < tag_size) {
+            memset(tag + *tag_length, '!', (tag_size - *tag_length));
+        }
     }
 
-    psa_aead_abort( operation );
+    psa_aead_abort(operation);
 
-    return( status );
+    return status;
 }
 
 /* Finish authenticating and decrypting a message in a multipart AEAD
    operation.*/
-psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
-                              uint8_t *plaintext,
-                              size_t plaintext_size,
-                              size_t *plaintext_length,
-                              const uint8_t *tag,
-                              size_t tag_length )
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+                             uint8_t *plaintext,
+                             size_t plaintext_size,
+                             size_t *plaintext_length,
+                             const uint8_t *tag,
+                             size_t tag_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *plaintext_length = 0;
 
-    status = psa_aead_final_checks( operation );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_final_checks(operation);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( operation->is_encrypt )
-    {
+    if (operation->is_encrypt) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
     }
 
-    status = psa_driver_wrapper_aead_verify( operation, plaintext,
-                                             plaintext_size,
-                                             plaintext_length,
-                                             tag, tag_length );
+    status = psa_driver_wrapper_aead_verify(operation, plaintext,
+                                            plaintext_size,
+                                            plaintext_length,
+                                            tag, tag_length);
 
 exit:
-    psa_aead_abort( operation );
+    psa_aead_abort(operation);
 
-    return( status );
+    return status;
 }
 
 /* Abort an AEAD operation. */
-psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->id == 0 )
-    {
+    if (operation->id == 0) {
         /* The object has (apparently) been initialized but it is not (yet)
          * in use. It's ok to call abort on such an object, and there's
          * nothing to do. */
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
     }
 
-    status = psa_driver_wrapper_aead_abort( operation );
+    status = psa_driver_wrapper_aead_abort(operation);
 
-    memset( operation, 0, sizeof( *operation ) );
+    memset(operation, 0, sizeof(*operation));
 
-    return( status );
+    return status;
 }
 
 /****************************************************************/
@@ -4236,24 +4215,24 @@
     psa_mac_operation_t *operation,
     psa_algorithm_t hash_alg,
     const uint8_t *hmac_key,
-    size_t hmac_key_length )
+    size_t hmac_key_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
-    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+    psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(hmac_key_length));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
 
     operation->is_sign = 1;
-    operation->mac_size = PSA_HASH_LENGTH( hash_alg );
+    operation->mac_size = PSA_HASH_LENGTH(hash_alg);
 
-    status = psa_driver_wrapper_mac_sign_setup( operation,
-                                                &attributes,
-                                                hmac_key, hmac_key_length,
-                                                PSA_ALG_HMAC( hash_alg ) );
+    status = psa_driver_wrapper_mac_sign_setup(operation,
+                                               &attributes,
+                                               hmac_key, hmac_key_length,
+                                               PSA_ALG_HMAC(hash_alg));
 
-    psa_reset_key_attributes( &attributes );
-    return( status );
+    psa_reset_key_attributes(&attributes);
+    return status;
 }
 #endif /* KDF algorithms reliant on HMAC */
 
@@ -4263,197 +4242,194 @@
 #define HKDF_STATE_OUTPUT 3 /* output started */
 
 static psa_algorithm_t psa_key_derivation_get_kdf_alg(
-    const psa_key_derivation_operation_t *operation )
+    const psa_key_derivation_operation_t *operation)
 {
-    if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
-        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
-    else
-        return( operation->alg );
+    if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
+        return PSA_ALG_KEY_AGREEMENT_GET_KDF(operation->alg);
+    } else {
+        return operation->alg;
+    }
 }
 
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
+psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
 {
     psa_status_t status = PSA_SUCCESS;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
-    if( kdf_alg == 0 )
-    {
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
+    if (kdf_alg == 0) {
         /* The object has (apparently) been initialized but it is not
          * in use. It's ok to call abort on such an object, and there's
          * nothing to do. */
-    }
-    else
+    } else
 #if defined(BUILTIN_ALG_ANY_HKDF)
-    if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
-    {
-        mbedtls_free( operation->ctx.hkdf.info );
-        status = psa_mac_abort( &operation->ctx.hkdf.hmac );
-    }
-    else
+    if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
+        mbedtls_free(operation->ctx.hkdf.info);
+        status = psa_mac_abort(&operation->ctx.hkdf.hmac);
+    } else
 #endif /* BUILTIN_ALG_ANY_HKDF */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-             /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
-             PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        if( operation->ctx.tls12_prf.secret != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.secret,
-                                      operation->ctx.tls12_prf.secret_length );
-            mbedtls_free( operation->ctx.tls12_prf.secret );
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+        /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
+        PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+        if (operation->ctx.tls12_prf.secret != NULL) {
+            mbedtls_platform_zeroize(operation->ctx.tls12_prf.secret,
+                                     operation->ctx.tls12_prf.secret_length);
+            mbedtls_free(operation->ctx.tls12_prf.secret);
         }
 
-        if( operation->ctx.tls12_prf.seed != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
-                                      operation->ctx.tls12_prf.seed_length );
-            mbedtls_free( operation->ctx.tls12_prf.seed );
+        if (operation->ctx.tls12_prf.seed != NULL) {
+            mbedtls_platform_zeroize(operation->ctx.tls12_prf.seed,
+                                     operation->ctx.tls12_prf.seed_length);
+            mbedtls_free(operation->ctx.tls12_prf.seed);
         }
 
-        if( operation->ctx.tls12_prf.label != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.label,
-                                      operation->ctx.tls12_prf.label_length );
-            mbedtls_free( operation->ctx.tls12_prf.label );
+        if (operation->ctx.tls12_prf.label != NULL) {
+            mbedtls_platform_zeroize(operation->ctx.tls12_prf.label,
+                                     operation->ctx.tls12_prf.label_length);
+            mbedtls_free(operation->ctx.tls12_prf.label);
         }
 
-        if( operation->ctx.tls12_prf.other_secret != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.other_secret,
-                                      operation->ctx.tls12_prf.other_secret_length );
-            mbedtls_free( operation->ctx.tls12_prf.other_secret );
+        if (operation->ctx.tls12_prf.other_secret != NULL) {
+            mbedtls_platform_zeroize(operation->ctx.tls12_prf.other_secret,
+                                     operation->ctx.tls12_prf.other_secret_length);
+            mbedtls_free(operation->ctx.tls12_prf.other_secret);
         }
 
         status = PSA_SUCCESS;
 
         /* We leave the fields Ai and output_block to be erased safely by the
          * mbedtls_platform_zeroize() in the end of this function. */
-    }
-    else
+    } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
-    {
-        mbedtls_platform_zeroize( operation->ctx.tls12_ecjpake_to_pms.data,
-            sizeof( operation->ctx.tls12_ecjpake_to_pms.data ) );
-    }
-    else
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        mbedtls_platform_zeroize(operation->ctx.tls12_ecjpake_to_pms.data,
+                                 sizeof(operation->ctx.tls12_ecjpake_to_pms.data));
+    } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */
     {
         status = PSA_ERROR_BAD_STATE;
     }
-    mbedtls_platform_zeroize( operation, sizeof( *operation ) );
-    return( status );
+    mbedtls_platform_zeroize(operation, sizeof(*operation));
+    return status;
 }
 
 psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
-                                        size_t *capacity)
+                                             size_t *capacity)
 {
-    if( operation->alg == 0 )
-    {
+    if (operation->alg == 0) {
         /* This is a blank key derivation operation. */
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 
     *capacity = operation->capacity;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
-                                         size_t capacity )
+psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
+                                             size_t capacity)
 {
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
-    if( capacity > operation->capacity )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (operation->alg == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
+    if (capacity > operation->capacity) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
     operation->capacity = capacity;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 #if defined(BUILTIN_ALG_ANY_HKDF)
 /* Read some bytes from an HKDF-based operation. */
-static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
-                                                  psa_algorithm_t kdf_alg,
-                                                  uint8_t *output,
-                                                  size_t output_length )
+static psa_status_t psa_key_derivation_hkdf_read(psa_hkdf_key_derivation_t *hkdf,
+                                                 psa_algorithm_t kdf_alg,
+                                                 uint8_t *output,
+                                                 size_t output_length)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
+    uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
     size_t hmac_output_length;
     psa_status_t status;
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-    const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ? 0 : 0xff;
+    const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) ? 0 : 0xff;
 #else
     const uint8_t last_block = 0xff;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
 
-    if( hkdf->state < HKDF_STATE_KEYED ||
-        ( !hkdf->info_set
+    if (hkdf->state < HKDF_STATE_KEYED ||
+        (!hkdf->info_set
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-         && !PSA_ALG_IS_HKDF_EXTRACT( kdf_alg )
+         && !PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
-    ) )
-        return( PSA_ERROR_BAD_STATE );
+        )) {
+        return PSA_ERROR_BAD_STATE;
+    }
     hkdf->state = HKDF_STATE_OUTPUT;
 
-    while( output_length != 0 )
-    {
+    while (output_length != 0) {
         /* Copy what remains of the current block */
         uint8_t n = hash_length - hkdf->offset_in_block;
-        if( n > output_length )
+        if (n > output_length) {
             n = (uint8_t) output_length;
-        memcpy( output, hkdf->output_block + hkdf->offset_in_block, n );
+        }
+        memcpy(output, hkdf->output_block + hkdf->offset_in_block, n);
         output += n;
         output_length -= n;
         hkdf->offset_in_block += n;
-        if( output_length == 0 )
+        if (output_length == 0) {
             break;
+        }
         /* We can't be wanting more output after the last block, otherwise
          * the capacity check in psa_key_derivation_output_bytes() would have
          * prevented this call. It could happen only if the operation
          * object was corrupted or if this function is called directly
          * inside the library. */
-        if( hkdf->block_number == last_block )
-            return( PSA_ERROR_BAD_STATE );
+        if (hkdf->block_number == last_block) {
+            return PSA_ERROR_BAD_STATE;
+        }
 
         /* We need a new block */
         ++hkdf->block_number;
         hkdf->offset_in_block = 0;
 
-        status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                hash_alg,
-                                                hkdf->prk,
-                                                hash_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        if( hkdf->block_number != 1 )
-        {
-            status = psa_mac_update( &hkdf->hmac,
-                                     hkdf->output_block,
-                                     hash_length );
-            if( status != PSA_SUCCESS )
-                return( status );
+        status = psa_key_derivation_start_hmac(&hkdf->hmac,
+                                               hash_alg,
+                                               hkdf->prk,
+                                               hash_length);
+        if (status != PSA_SUCCESS) {
+            return status;
         }
-        status = psa_mac_update( &hkdf->hmac,
-                                 hkdf->info,
-                                 hkdf->info_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_mac_update( &hkdf->hmac,
-                                 &hkdf->block_number, 1 );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_mac_sign_finish( &hkdf->hmac,
-                                      hkdf->output_block,
-                                      sizeof( hkdf->output_block ),
-                                      &hmac_output_length );
-        if( status != PSA_SUCCESS )
-            return( status );
+
+        if (hkdf->block_number != 1) {
+            status = psa_mac_update(&hkdf->hmac,
+                                    hkdf->output_block,
+                                    hash_length);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
+        }
+        status = psa_mac_update(&hkdf->hmac,
+                                hkdf->info,
+                                hkdf->info_length);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+        status = psa_mac_update(&hkdf->hmac,
+                                &hkdf->block_number, 1);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+        status = psa_mac_sign_finish(&hkdf->hmac,
+                                     hkdf->output_block,
+                                     sizeof(hkdf->output_block),
+                                     &hmac_output_length);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif /* BUILTIN_ALG_ANY_HKDF */
 
@@ -4461,10 +4437,10 @@
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
 static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
     psa_tls12_prf_key_derivation_t *tls12_prf,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(alg);
+    uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
     psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT;
     size_t hmac_output_length;
     psa_status_t status, cleanup_status;
@@ -4474,8 +4450,9 @@
      * prevented this call. It could happen only if the operation
      * object was corrupted or if this function is called directly
      * inside the library. */
-    if( tls12_prf->block_number == 0xff )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
+    if (tls12_prf->block_number == 0xff) {
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
 
     /* We need a new block */
     ++tls12_prf->block_number;
@@ -4498,125 +4475,133 @@
      * `block_number`.
      */
 
-    status = psa_key_derivation_start_hmac( &hmac,
-                                            hash_alg,
-                                            tls12_prf->secret,
-                                            tls12_prf->secret_length );
-    if( status != PSA_SUCCESS )
+    status = psa_key_derivation_start_hmac(&hmac,
+                                           hash_alg,
+                                           tls12_prf->secret,
+                                           tls12_prf->secret_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
+    }
 
     /* Calculate A(i) where i = tls12_prf->block_number. */
-    if( tls12_prf->block_number == 1 )
-    {
+    if (tls12_prf->block_number == 1) {
         /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads
          * the variable seed and in this instance means it in the context of the
          * P_hash function, where seed = label + seed.) */
-        status = psa_mac_update( &hmac,
-                                 tls12_prf->label,
-                                 tls12_prf->label_length );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_update(&hmac,
+                                tls12_prf->label,
+                                tls12_prf->label_length);
+        if (status != PSA_SUCCESS) {
             goto cleanup;
-        status = psa_mac_update( &hmac,
-                                 tls12_prf->seed,
-                                 tls12_prf->seed_length );
-        if( status != PSA_SUCCESS )
+        }
+        status = psa_mac_update(&hmac,
+                                tls12_prf->seed,
+                                tls12_prf->seed_length);
+        if (status != PSA_SUCCESS) {
             goto cleanup;
-    }
-    else
-    {
+        }
+    } else {
         /* A(i) = HMAC_hash(secret, A(i-1)) */
-        status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length);
+        if (status != PSA_SUCCESS) {
             goto cleanup;
+        }
     }
 
-    status = psa_mac_sign_finish( &hmac,
-                                  tls12_prf->Ai, hash_length,
-                                  &hmac_output_length );
-    if( hmac_output_length != hash_length )
+    status = psa_mac_sign_finish(&hmac,
+                                 tls12_prf->Ai, hash_length,
+                                 &hmac_output_length);
+    if (hmac_output_length != hash_length) {
         status = PSA_ERROR_CORRUPTION_DETECTED;
-    if( status != PSA_SUCCESS )
+    }
+    if (status != PSA_SUCCESS) {
         goto cleanup;
+    }
 
     /* Calculate HMAC_hash(secret, A(i) + label + seed). */
-    status = psa_key_derivation_start_hmac( &hmac,
-                                            hash_alg,
-                                            tls12_prf->secret,
-                                            tls12_prf->secret_length );
-    if( status != PSA_SUCCESS )
+    status = psa_key_derivation_start_hmac(&hmac,
+                                           hash_alg,
+                                           tls12_prf->secret,
+                                           tls12_prf->secret_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = psa_mac_update(&hmac, tls12_prf->Ai, hash_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->label, tls12_prf->label_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = psa_mac_update(&hmac, tls12_prf->label, tls12_prf->label_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->seed, tls12_prf->seed_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = psa_mac_update(&hmac, tls12_prf->seed, tls12_prf->seed_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
-    status = psa_mac_sign_finish( &hmac,
-                                  tls12_prf->output_block, hash_length,
-                                  &hmac_output_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = psa_mac_sign_finish(&hmac,
+                                 tls12_prf->output_block, hash_length,
+                                 &hmac_output_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
+    }
 
 
 cleanup:
-    cleanup_status = psa_mac_abort( &hmac );
-    if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
+    cleanup_status = psa_mac_abort(&hmac);
+    if (status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS) {
         status = cleanup_status;
+    }
 
-    return( status );
+    return status;
 }
 
 static psa_status_t psa_key_derivation_tls12_prf_read(
     psa_tls12_prf_key_derivation_t *tls12_prf,
     psa_algorithm_t alg,
     uint8_t *output,
-    size_t output_length )
+    size_t output_length)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH(alg);
+    uint8_t hash_length = PSA_HASH_LENGTH(hash_alg);
     psa_status_t status;
     uint8_t offset, length;
 
-    switch( tls12_prf->state )
-    {
+    switch (tls12_prf->state) {
         case PSA_TLS12_PRF_STATE_LABEL_SET:
             tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
             break;
         case PSA_TLS12_PRF_STATE_OUTPUT:
             break;
         default:
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
     }
 
-    while( output_length != 0 )
-    {
+    while (output_length != 0) {
         /* Check if we have fully processed the current block. */
-        if( tls12_prf->left_in_block == 0 )
-        {
-            status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
-                                                                       alg );
-            if( status != PSA_SUCCESS )
-                return( status );
+        if (tls12_prf->left_in_block == 0) {
+            status = psa_key_derivation_tls12_prf_generate_next_block(tls12_prf,
+                                                                      alg);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
 
             continue;
         }
 
-        if( tls12_prf->left_in_block > output_length )
+        if (tls12_prf->left_in_block > output_length) {
             length = (uint8_t) output_length;
-        else
+        } else {
             length = tls12_prf->left_in_block;
+        }
 
         offset = hash_length - tls12_prf->left_in_block;
-        memcpy( output, tls12_prf->output_block + offset, length );
+        memcpy(output, tls12_prf->output_block + offset, length);
         output += length;
         output_length -= length;
         tls12_prf->left_in_block -= length;
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
         * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
@@ -4625,151 +4610,147 @@
 static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read(
     psa_tls12_ecjpake_to_pms_t *ecjpake,
     uint8_t *output,
-    size_t output_length )
+    size_t output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t output_size = 0;
 
-    if( output_length != 32 )
-        return ( PSA_ERROR_INVALID_ARGUMENT );
+    if (output_length != 32) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    status = psa_hash_compute( PSA_ALG_SHA_256, ecjpake->data,
-        PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE, output, output_length,
-        &output_size );
-    if( status != PSA_SUCCESS )
-        return ( status );
+    status = psa_hash_compute(PSA_ALG_SHA_256, ecjpake->data,
+                              PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE, output, output_length,
+                              &output_size);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    if( output_size != output_length )
-        return ( PSA_ERROR_GENERIC_ERROR );
+    if (output_size != output_length) {
+        return PSA_ERROR_GENERIC_ERROR;
+    }
 
-    return ( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif
 
 psa_status_t psa_key_derivation_output_bytes(
     psa_key_derivation_operation_t *operation,
     uint8_t *output,
-    size_t output_length )
+    size_t output_length)
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
 
-    if( operation->alg == 0 )
-    {
+    if (operation->alg == 0) {
         /* This is a blank operation. */
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 
-    if( output_length > operation->capacity )
-    {
+    if (output_length > operation->capacity) {
         operation->capacity = 0;
         /* Go through the error path to wipe all confidential data now
          * that the operation object is useless. */
         status = PSA_ERROR_INSUFFICIENT_DATA;
         goto exit;
     }
-    if( output_length == 0 && operation->capacity == 0 )
-    {
+    if (output_length == 0 && operation->capacity == 0) {
         /* Edge case: this is a finished operation, and 0 bytes
          * were requested. The right error in this case could
          * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
          * INSUFFICIENT_CAPACITY, which is right for a finished
          * operation, for consistency with the case when
          * output_length > 0. */
-        return( PSA_ERROR_INSUFFICIENT_DATA );
+        return PSA_ERROR_INSUFFICIENT_DATA;
     }
     operation->capacity -= output_length;
 
 #if defined(BUILTIN_ALG_ANY_HKDF)
-    if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
-    {
-        status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg,
-                                          output, output_length );
-    }
-    else
+    if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
+        status = psa_key_derivation_hkdf_read(&operation->ctx.hkdf, kdf_alg,
+                                              output, output_length);
+    } else
 #endif /* BUILTIN_ALG_ANY_HKDF */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-        PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
-                                                    kdf_alg, output,
-                                                    output_length );
-    }
-    else
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+        PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+        status = psa_key_derivation_tls12_prf_read(&operation->ctx.tls12_prf,
+                                                   kdf_alg, output,
+                                                   output_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
         * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
-    {
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
         status = psa_key_derivation_tls12_ecjpake_to_pms_read(
-            &operation->ctx.tls12_ecjpake_to_pms, output, output_length );
-    }
-    else
+            &operation->ctx.tls12_ecjpake_to_pms, output, output_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
 
     {
         (void) kdf_alg;
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 
 exit:
-    if( status != PSA_SUCCESS )
-    {
+    if (status != PSA_SUCCESS) {
         /* Preserve the algorithm upon errors, but clear all sensitive state.
          * This allows us to differentiate between exhausted operations and
          * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
          * operations. */
         psa_algorithm_t alg = operation->alg;
-        psa_key_derivation_abort( operation );
+        psa_key_derivation_abort(operation);
         operation->alg = alg;
-        memset( output, '!', output_length );
+        memset(output, '!', output_length);
     }
-    return( status );
+    return status;
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
+static void psa_des_set_key_parity(uint8_t *data, size_t data_size)
 {
-    if( data_size >= 8 )
-        mbedtls_des_key_set_parity( data );
-    if( data_size >= 16 )
-        mbedtls_des_key_set_parity( data + 8 );
-    if( data_size >= 24 )
-        mbedtls_des_key_set_parity( data + 16 );
+    if (data_size >= 8) {
+        mbedtls_des_key_set_parity(data);
+    }
+    if (data_size >= 16) {
+        mbedtls_des_key_set_parity(data + 8);
+    }
+    if (data_size >= 24) {
+        mbedtls_des_key_set_parity(data + 16);
+    }
 }
 #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
 
 /*
-* ECC keys on a Weierstrass elliptic curve require the generation
-* of a private key which is an integer
-* in the range [1, N - 1], where N is the boundary of the private key domain:
-* N is the prime p for Diffie-Hellman, or the order of the
-* curve’s base point for ECC.
-*
-* Let m be the bit size of N, such that 2^m > N >= 2^(m-1).
-* This function generates the private key using the following process:
-*
-* 1. Draw a byte string of length ceiling(m/8) bytes.
-* 2. If m is not a multiple of 8, set the most significant
-*    (8 * ceiling(m/8) - m) bits of the first byte in the string to zero.
-* 3. Convert the string to integer k by decoding it as a big-endian byte string.
-* 4. If k > N - 2, discard the result and return to step 1.
-* 5. Output k + 1 as the private key.
-*
-* This method allows compliance to NIST standards, specifically the methods titled
-* Key-Pair Generation by Testing Candidates in the following publications:
-* - NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment
-*   Schemes Using Discrete Logarithm Cryptography [SP800-56A] §5.6.1.1.4 for
-*   Diffie-Hellman keys.
-*
-* - [SP800-56A] §5.6.1.2.2 or FIPS Publication 186-4: Digital Signature
-*   Standard (DSS) [FIPS186-4] §B.4.2 for elliptic curve keys.
-*
-* Note: Function allocates memory for *data buffer, so given *data should be
-*       always NULL.
-*/
+ * ECC keys on a Weierstrass elliptic curve require the generation
+ * of a private key which is an integer
+ * in the range [1, N - 1], where N is the boundary of the private key domain:
+ * N is the prime p for Diffie-Hellman, or the order of the
+ * curve’s base point for ECC.
+ *
+ * Let m be the bit size of N, such that 2^m > N >= 2^(m-1).
+ * This function generates the private key using the following process:
+ *
+ * 1. Draw a byte string of length ceiling(m/8) bytes.
+ * 2. If m is not a multiple of 8, set the most significant
+ *    (8 * ceiling(m/8) - m) bits of the first byte in the string to zero.
+ * 3. Convert the string to integer k by decoding it as a big-endian byte string.
+ * 4. If k > N - 2, discard the result and return to step 1.
+ * 5. Output k + 1 as the private key.
+ *
+ * This method allows compliance to NIST standards, specifically the methods titled
+ * Key-Pair Generation by Testing Candidates in the following publications:
+ * - NIST Special Publication 800-56A: Recommendation for Pair-Wise Key-Establishment
+ *   Schemes Using Discrete Logarithm Cryptography [SP800-56A] §5.6.1.1.4 for
+ *   Diffie-Hellman keys.
+ *
+ * - [SP800-56A] §5.6.1.2.2 or FIPS Publication 186-4: Digital Signature
+ *   Standard (DSS) [FIPS186-4] §B.4.2 for elliptic curve keys.
+ *
+ * Note: Function allocates memory for *data buffer, so given *data should be
+ *       always NULL.
+ */
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
@@ -4788,85 +4769,83 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_mpi_init( &k );
-    mbedtls_mpi_init( &diff_N_2 );
+    mbedtls_mpi_init(&k);
+    mbedtls_mpi_init(&diff_N_2);
 
     psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
-                                slot->attr.type );
+        slot->attr.type);
     mbedtls_ecp_group_id grp_id =
-        mbedtls_ecc_group_of_psa( curve, bits, 0 );
+        mbedtls_ecc_group_of_psa(curve, bits, 0);
 
-    if( grp_id == MBEDTLS_ECP_DP_NONE )
-    {
+    if (grp_id == MBEDTLS_ECP_DP_NONE) {
         ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
         goto cleanup;
     }
 
     mbedtls_ecp_group ecp_group;
-    mbedtls_ecp_group_init( &ecp_group );
+    mbedtls_ecp_group_init(&ecp_group);
 
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp_group, grp_id ) );
+    MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ecp_group, grp_id));
 
     /* N is the boundary of the private key domain (ecp_group.N). */
     /* Let m be the bit size of N. */
     size_t m = ecp_group.nbits;
 
-    size_t m_bytes = PSA_BITS_TO_BYTES( m );
+    size_t m_bytes = PSA_BITS_TO_BYTES(m);
 
     /* Calculate N - 2 - it will be needed later. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &diff_N_2, &ecp_group.N, 2 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&diff_N_2, &ecp_group.N, 2));
 
     /* Note: This function is always called with *data == NULL and it
      * allocates memory for the data buffer. */
-    *data = mbedtls_calloc( 1, m_bytes );
-    if( *data == NULL )
-    {
+    *data = mbedtls_calloc(1, m_bytes);
+    if (*data == NULL) {
         ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
         goto cleanup;
     }
 
-    while( key_out_of_range )
-    {
+    while (key_out_of_range) {
         /* 1. Draw a byte string of length ceiling(m/8) bytes. */
-        if( ( status = psa_key_derivation_output_bytes( operation, *data, m_bytes ) ) != 0 )
+        if ((status = psa_key_derivation_output_bytes(operation, *data, m_bytes)) != 0) {
             goto cleanup;
+        }
 
         /* 2. If m is not a multiple of 8 */
-        if( m % 8 != 0 )
-        {
+        if (m % 8 != 0) {
             /* Set the most significant
              * (8 * ceiling(m/8) - m) bits of the first byte in
              * the string to zero.
              */
-            uint8_t clear_bit_mask = ( 1 << ( m % 8 ) ) - 1;
+            uint8_t clear_bit_mask = (1 << (m % 8)) - 1;
             (*data)[0] &= clear_bit_mask;
         }
 
         /* 3. Convert the string to integer k by decoding it as a
-        *    big-endian byte string.
-        */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &k, *data, m_bytes ) );
+         *    big-endian byte string.
+         */
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&k, *data, m_bytes));
 
         /* 4. If k > N - 2, discard the result and return to step 1.
-        *    Result of comparison is returned. When it indicates error
-        *    then this function is called again.
-        */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
+         *    Result of comparison is returned. When it indicates error
+         *    then this function is called again.
+         */
+        MBEDTLS_MPI_CHK(mbedtls_mpi_lt_mpi_ct(&diff_N_2, &k, &key_out_of_range));
     }
 
     /* 5. Output k + 1 as the private key. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &k, &k, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &k, *data, m_bytes ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&k, &k, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&k, *data, m_bytes));
 cleanup:
-    if( ret != 0 )
-        status = mbedtls_to_psa_error( ret );
-    if( status != PSA_SUCCESS  ) {
-        mbedtls_free( *data );
+    if (ret != 0) {
+        status = mbedtls_to_psa_error(ret);
+    }
+    if (status != PSA_SUCCESS) {
+        mbedtls_free(*data);
         *data = NULL;
     }
-    mbedtls_mpi_free( &k );
-    mbedtls_mpi_free( &diff_N_2 );
-    return( status );
+    mbedtls_mpi_free(&k);
+    mbedtls_mpi_free(&diff_N_2);
+    return status;
 }
 
 /* ECC keys on a Montgomery elliptic curve draws a byte string whose length
@@ -4892,8 +4871,7 @@
     size_t output_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    switch( bits )
-    {
+    switch (bits) {
         case 255:
             output_length = 32;
             break;
@@ -4901,22 +4879,23 @@
             output_length = 56;
             break;
         default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
             break;
     }
 
-    *data = mbedtls_calloc( 1, output_length );
+    *data = mbedtls_calloc(1, output_length);
 
-    if( *data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (*data == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
 
-    status = psa_key_derivation_output_bytes( operation, *data, output_length );
+    status = psa_key_derivation_output_bytes(operation, *data, output_length);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
-    switch( bits )
-    {
+    switch (bits) {
         case 255:
             (*data)[0] &= 248;
             (*data)[31] &= 127;
@@ -4927,7 +4906,7 @@
             (*data)[55] |= 128;
             break;
         default:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+            return PSA_ERROR_CORRUPTION_DETECTED;
             break;
     }
 
@@ -4942,37 +4921,36 @@
 static psa_status_t psa_generate_derived_key_internal(
     psa_key_slot_t *slot,
     size_t bits,
-    psa_key_derivation_operation_t *operation )
+    psa_key_derivation_operation_t *operation)
 {
     uint8_t *data = NULL;
-    size_t bytes = PSA_BITS_TO_BYTES( bits );
+    size_t bytes = PSA_BITS_TO_BYTES(bits);
     size_t storage_size = bytes;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
     defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-    if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
-    {
-        psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type );
-        if( PSA_ECC_FAMILY_IS_WEIERSTRASS( curve ) )
-        {
+    if (PSA_KEY_TYPE_IS_ECC(slot->attr.type)) {
+        psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type);
+        if (PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) {
             /* Weierstrass elliptic curve */
-            status = psa_generate_derived_ecc_key_weierstrass_helper( slot, bits, operation, &data );
-            if( status != PSA_SUCCESS )
+            status = psa_generate_derived_ecc_key_weierstrass_helper(slot, bits, operation, &data);
+            if (status != PSA_SUCCESS) {
                 goto exit;
-        }
-        else
-        {
+            }
+        } else {
             /* Montgomery elliptic curve */
-            status = psa_generate_derived_ecc_key_montgomery_helper( bits, operation, &data );
-            if( status != PSA_SUCCESS )
+            status = psa_generate_derived_ecc_key_montgomery_helper(bits, operation, &data);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
         }
     } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
@@ -4980,57 +4958,62 @@
           defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
           defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
           defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
-    if( key_type_is_raw_bytes( slot->attr.type ) )
-    {
-        if( bits % 8 != 0 )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        data = mbedtls_calloc( 1, bytes );
-        if( data == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (key_type_is_raw_bytes(slot->attr.type)) {
+        if (bits % 8 != 0) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+        data = mbedtls_calloc(1, bytes);
+        if (data == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
 
-        status = psa_key_derivation_output_bytes( operation, data, bytes );
-        if( status != PSA_SUCCESS )
+        status = psa_key_derivation_output_bytes(operation, data, bytes);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-        if( slot->attr.type == PSA_KEY_TYPE_DES )
-            psa_des_set_key_parity( data, bytes );
+        if (slot->attr.type == PSA_KEY_TYPE_DES) {
+            psa_des_set_key_parity(data, bytes);
+        }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) */
+    } else {
+        return PSA_ERROR_NOT_SUPPORTED;
     }
-    else
-        return( PSA_ERROR_NOT_SUPPORTED );
 
     slot->attr.bits = (psa_key_bits_t) bits;
     psa_key_attributes_t attributes = {
-      .core = slot->attr
+        .core = slot->attr
     };
 
-    if( psa_key_lifetime_is_external( attributes.core.lifetime ) )
-    {
-        status = psa_driver_wrapper_get_key_buffer_size( &attributes,
-                                                         &storage_size );
-        if( status != PSA_SUCCESS )
+    if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
+        status = psa_driver_wrapper_get_key_buffer_size(&attributes,
+                                                        &storage_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
-    status = psa_allocate_buffer_to_slot( slot, storage_size );
-    if( status != PSA_SUCCESS )
+    status = psa_allocate_buffer_to_slot(slot, storage_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_driver_wrapper_import_key( &attributes,
-                                            data, bytes,
-                                            slot->key.data,
-                                            slot->key.bytes,
-                                            &slot->key.bytes, &bits );
-    if( bits != slot->attr.bits )
+    status = psa_driver_wrapper_import_key(&attributes,
+                                           data, bytes,
+                                           slot->key.data,
+                                           slot->key.bytes,
+                                           &slot->key.bytes, &bits);
+    if (bits != slot->attr.bits) {
         status = PSA_ERROR_INVALID_ARGUMENT;
+    }
 
 exit:
-    mbedtls_free( data );
-    return( status );
+    mbedtls_free(data);
+    return status;
 }
 
-psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
-                                       psa_key_derivation_operation_t *operation,
-                                       mbedtls_svc_key_id_t *key )
+psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
+                                           psa_key_derivation_operation_t *operation,
+                                           mbedtls_svc_key_id_t *key)
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;
@@ -5040,36 +5023,39 @@
 
     /* Reject any attempt to create a zero-length key so that we don't
      * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (psa_get_key_bits(attributes) == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    if( operation->alg == PSA_ALG_NONE )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == PSA_ALG_NONE) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( ! operation->can_output_key )
-        return( PSA_ERROR_NOT_PERMITTED );
+    if (!operation->can_output_key) {
+        return PSA_ERROR_NOT_PERMITTED;
+    }
 
-    status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
-                                     &slot, &driver );
+    status = psa_start_key_creation(PSA_KEY_CREATION_DERIVE, attributes,
+                                    &slot, &driver);
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
-    {
+    if (driver != NULL) {
         /* Deriving a key in a secure element is not implemented yet. */
         status = PSA_ERROR_NOT_SUPPORTED;
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_generate_derived_key_internal( slot,
-                                                    attributes->core.bits,
-                                                    operation );
+    if (status == PSA_SUCCESS) {
+        status = psa_generate_derived_key_internal(slot,
+                                                   attributes->core.bits,
+                                                   operation);
     }
-    if( status == PSA_SUCCESS )
-        status = psa_finish_key_creation( slot, driver, key );
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
+    if (status == PSA_SUCCESS) {
+        status = psa_finish_key_creation(slot, driver, key);
+    }
+    if (status != PSA_SUCCESS) {
+        psa_fail_key_creation(slot, driver);
+    }
 
-    return( status );
+    return status;
 }
 
 
@@ -5079,353 +5065,367 @@
 /****************************************************************/
 
 #if defined(AT_LEAST_ONE_BUILTIN_KDF)
-static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
+static int is_kdf_alg_supported(psa_algorithm_t kdf_alg)
 {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-    if( PSA_ALG_IS_HKDF( kdf_alg ) )
-        return( 1 );
+    if (PSA_ALG_IS_HKDF(kdf_alg)) {
+        return 1;
+    }
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-    if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
-        return( 1 );
+    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
+        return 1;
+    }
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-    if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
-        return( 1 );
+    if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
+        return 1;
+    }
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
-        return( 1 );
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
+        return 1;
+    }
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-        return( 1 );
+    if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+        return 1;
+    }
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
-        return( 1 );
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        return 1;
+    }
 #endif
-    return( 0 );
+    return 0;
 }
 
-static psa_status_t psa_hash_try_support( psa_algorithm_t alg )
+static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
 {
     psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
-    psa_status_t status = psa_hash_setup( &operation, alg );
-    psa_hash_abort( &operation );
-    return( status );
+    psa_status_t status = psa_hash_setup(&operation, alg);
+    psa_hash_abort(&operation);
+    return status;
 }
 
 static psa_status_t psa_key_derivation_setup_kdf(
     psa_key_derivation_operation_t *operation,
-    psa_algorithm_t kdf_alg )
+    psa_algorithm_t kdf_alg)
 {
     /* Make sure that operation->ctx is properly zero-initialised. (Macro
      * initialisers for this union leave some bytes unspecified.) */
-    memset( &operation->ctx, 0, sizeof( operation->ctx ) );
+    memset(&operation->ctx, 0, sizeof(operation->ctx));
 
     /* Make sure that kdf_alg is a supported key derivation algorithm. */
-    if( ! is_kdf_alg_supported( kdf_alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (!is_kdf_alg_supported(kdf_alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
     /* All currently supported key derivation algorithms (apart from
      * ecjpake to pms) are based on a hash algorithm. */
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-    size_t hash_size = PSA_HASH_LENGTH( hash_alg );
-    if( kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS )
-    {
-        if( hash_size == 0 )
-            return( PSA_ERROR_NOT_SUPPORTED );
+    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
+    size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+    if (kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        if (hash_size == 0) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
 
         /* Make sure that hash_alg is a supported hash algorithm. Otherwise
          * we might fail later, which is somewhat unfriendly and potentially
          * risk-prone. */
-        psa_status_t status = psa_hash_try_support( hash_alg );
-        if( status != PSA_SUCCESS )
-            return( status );
-    }
-    else
-    {
-        hash_size = PSA_HASH_LENGTH( PSA_ALG_SHA_256 );
+        psa_status_t status = psa_hash_try_support(hash_alg);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+    } else {
+        hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
     }
 
-    if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-          PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
-        ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
-    {
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+         PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
+        !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ||
-        ( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS ) )
+    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) ||
+        (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)) {
         operation->capacity = hash_size;
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
           MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-        operation->capacity = 255 * hash_size;
-    return( PSA_SUCCESS );
+    operation->capacity = 255 * hash_size;
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
+static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)
 {
 #if defined(PSA_WANT_ALG_ECDH)
-    if( alg == PSA_ALG_ECDH )
-        return( PSA_SUCCESS );
+    if (alg == PSA_ALG_ECDH) {
+        return PSA_SUCCESS;
+    }
 #endif
     (void) alg;
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 #endif /* AT_LEAST_ONE_BUILTIN_KDF */
 
-psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
-                                       psa_algorithm_t alg )
+psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
+                                      psa_algorithm_t alg)
 {
     psa_status_t status;
 
-    if( operation->alg != 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
-    {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-        psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
-        psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
-        status = psa_key_agreement_try_support( ka_alg );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_key_derivation_setup_kdf( operation, kdf_alg );
-#else
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+    if (operation->alg != 0) {
+        return PSA_ERROR_BAD_STATE;
     }
-    else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
-    {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-        status = psa_key_derivation_setup_kdf( operation, alg );
-#else
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
-    }
-    else
-        return( PSA_ERROR_INVALID_ARGUMENT );
 
-    if( status == PSA_SUCCESS )
+    if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
+        psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
+        psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(alg);
+        status = psa_key_agreement_try_support(ka_alg);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+        status = psa_key_derivation_setup_kdf(operation, kdf_alg);
+#else
+        return PSA_ERROR_NOT_SUPPORTED;
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+    } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
+        status = psa_key_derivation_setup_kdf(operation, alg);
+#else
+        return PSA_ERROR_NOT_SUPPORTED;
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+    } else {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+
+    if (status == PSA_SUCCESS) {
         operation->alg = alg;
-    return( status );
+    }
+    return status;
 }
 
 #if defined(BUILTIN_ALG_ANY_HKDF)
-static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
-                                    psa_algorithm_t kdf_alg,
-                                    psa_key_derivation_step_t step,
-                                    const uint8_t *data,
-                                    size_t data_length )
+static psa_status_t psa_hkdf_input(psa_hkdf_key_derivation_t *hkdf,
+                                   psa_algorithm_t kdf_alg,
+                                   psa_key_derivation_step_t step,
+                                   const uint8_t *data,
+                                   size_t data_length)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
     psa_status_t status;
-    switch( step )
-    {
+    switch (step) {
         case PSA_KEY_DERIVATION_INPUT_SALT:
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-            if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
-            if( hkdf->state != HKDF_STATE_INIT )
-                return( PSA_ERROR_BAD_STATE );
-            else
-            {
-                status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                        hash_alg,
-                                                        data, data_length );
-                if( status != PSA_SUCCESS )
-                    return( status );
+            if (hkdf->state != HKDF_STATE_INIT) {
+                return PSA_ERROR_BAD_STATE;
+            } else {
+                status = psa_key_derivation_start_hmac(&hkdf->hmac,
+                                                       hash_alg,
+                                                       data, data_length);
+                if (status != PSA_SUCCESS) {
+                    return status;
+                }
                 hkdf->state = HKDF_STATE_STARTED;
-                return( PSA_SUCCESS );
+                return PSA_SUCCESS;
             }
         case PSA_KEY_DERIVATION_INPUT_SECRET:
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-            if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
-            {
+            if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
                 /* We shouldn't be in different state as HKDF_EXPAND only allows
                  * two inputs: SECRET (this case) and INFO which does not modify
                  * the state. It could happen only if the hkdf
                  * object was corrupted. */
-                if( hkdf->state != HKDF_STATE_INIT )
-                    return( PSA_ERROR_BAD_STATE );
+                if (hkdf->state != HKDF_STATE_INIT) {
+                    return PSA_ERROR_BAD_STATE;
+                }
 
                 /* Allow only input that fits expected prk size */
-                if( data_length != PSA_HASH_LENGTH( hash_alg ) )
-                    return( PSA_ERROR_INVALID_ARGUMENT );
+                if (data_length != PSA_HASH_LENGTH(hash_alg)) {
+                    return PSA_ERROR_INVALID_ARGUMENT;
+                }
 
-                memcpy( hkdf->prk, data, data_length );
-            }
-            else
+                memcpy(hkdf->prk, data, data_length);
+            } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
             {
                 /* HKDF: If no salt was provided, use an empty salt.
                  * HKDF-EXTRACT: salt is mandatory. */
-                if( hkdf->state == HKDF_STATE_INIT )
-                {
+                if (hkdf->state == HKDF_STATE_INIT) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-                    if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
-                        return( PSA_ERROR_BAD_STATE );
+                    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
+                        return PSA_ERROR_BAD_STATE;
+                    }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
-                    status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                            hash_alg,
-                                                            NULL, 0 );
-                    if( status != PSA_SUCCESS )
-                        return( status );
+                    status = psa_key_derivation_start_hmac(&hkdf->hmac,
+                                                           hash_alg,
+                                                           NULL, 0);
+                    if (status != PSA_SUCCESS) {
+                        return status;
+                    }
                     hkdf->state = HKDF_STATE_STARTED;
                 }
-                if( hkdf->state != HKDF_STATE_STARTED )
-                    return( PSA_ERROR_BAD_STATE );
-                status = psa_mac_update( &hkdf->hmac,
-                                        data, data_length );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                status = psa_mac_sign_finish( &hkdf->hmac,
-                                            hkdf->prk,
-                                            sizeof( hkdf->prk ),
-                                            &data_length );
-                if( status != PSA_SUCCESS )
-                    return( status );
+                if (hkdf->state != HKDF_STATE_STARTED) {
+                    return PSA_ERROR_BAD_STATE;
+                }
+                status = psa_mac_update(&hkdf->hmac,
+                                        data, data_length);
+                if (status != PSA_SUCCESS) {
+                    return status;
+                }
+                status = psa_mac_sign_finish(&hkdf->hmac,
+                                             hkdf->prk,
+                                             sizeof(hkdf->prk),
+                                             &data_length);
+                if (status != PSA_SUCCESS) {
+                    return status;
+                }
             }
 
             hkdf->state = HKDF_STATE_KEYED;
             hkdf->block_number = 0;
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-            if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
-            {
+            if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
                 /* The only block of output is the PRK. */
-                memcpy( hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH( hash_alg ) );
+                memcpy(hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH(hash_alg));
                 hkdf->offset_in_block = 0;
-            }
-            else
+            } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
             {
                 /* Block 0 is empty, and the next block will be
                  * generated by psa_key_derivation_hkdf_read(). */
-                hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
+                hkdf->offset_in_block = PSA_HASH_LENGTH(hash_alg);
             }
 
-            return( PSA_SUCCESS );
+            return PSA_SUCCESS;
         case PSA_KEY_DERIVATION_INPUT_INFO:
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
-            if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-            if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) &&
-                hkdf->state == HKDF_STATE_INIT )
-                return( PSA_ERROR_BAD_STATE );
+            if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg) &&
+                hkdf->state == HKDF_STATE_INIT) {
+                return PSA_ERROR_BAD_STATE;
+            }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
-            if( hkdf->state == HKDF_STATE_OUTPUT )
-                return( PSA_ERROR_BAD_STATE );
-            if( hkdf->info_set )
-                return( PSA_ERROR_BAD_STATE );
+            if (hkdf->state == HKDF_STATE_OUTPUT) {
+                return PSA_ERROR_BAD_STATE;
+            }
+            if (hkdf->info_set) {
+                return PSA_ERROR_BAD_STATE;
+            }
             hkdf->info_length = data_length;
-            if( data_length != 0 )
-            {
-                hkdf->info = mbedtls_calloc( 1, data_length );
-                if( hkdf->info == NULL )
-                    return( PSA_ERROR_INSUFFICIENT_MEMORY );
-                memcpy( hkdf->info, data, data_length );
+            if (data_length != 0) {
+                hkdf->info = mbedtls_calloc(1, data_length);
+                if (hkdf->info == NULL) {
+                    return PSA_ERROR_INSUFFICIENT_MEMORY;
+                }
+                memcpy(hkdf->info, data, data_length);
             }
             hkdf->info_set = 1;
-            return( PSA_SUCCESS );
+            return PSA_SUCCESS;
         default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
     }
 }
 #endif /* BUILTIN_ALG_ANY_HKDF */
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
-                                            const uint8_t *data,
-                                            size_t data_length )
+static psa_status_t psa_tls12_prf_set_seed(psa_tls12_prf_key_derivation_t *prf,
+                                           const uint8_t *data,
+                                           size_t data_length)
 {
-    if( prf->state != PSA_TLS12_PRF_STATE_INIT )
-        return( PSA_ERROR_BAD_STATE );
+    if (prf->state != PSA_TLS12_PRF_STATE_INIT) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( data_length != 0 )
-    {
-        prf->seed = mbedtls_calloc( 1, data_length );
-        if( prf->seed == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (data_length != 0) {
+        prf->seed = mbedtls_calloc(1, data_length);
+        if (prf->seed == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
 
-        memcpy( prf->seed, data, data_length );
+        memcpy(prf->seed, data, data_length);
         prf->seed_length = data_length;
     }
 
     prf->state = PSA_TLS12_PRF_STATE_SEED_SET;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf,
-                                           const uint8_t *data,
-                                           size_t data_length )
+static psa_status_t psa_tls12_prf_set_key(psa_tls12_prf_key_derivation_t *prf,
+                                          const uint8_t *data,
+                                          size_t data_length)
 {
-    if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET &&
-        prf->state != PSA_TLS12_PRF_STATE_OTHER_KEY_SET )
-        return( PSA_ERROR_BAD_STATE );
+    if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET &&
+        prf->state != PSA_TLS12_PRF_STATE_OTHER_KEY_SET) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( data_length != 0 )
-    {
-        prf->secret = mbedtls_calloc( 1, data_length );
-        if( prf->secret == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (data_length != 0) {
+        prf->secret = mbedtls_calloc(1, data_length);
+        if (prf->secret == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
 
-        memcpy( prf->secret, data, data_length );
+        memcpy(prf->secret, data, data_length);
         prf->secret_length = data_length;
     }
 
     prf->state = PSA_TLS12_PRF_STATE_KEY_SET;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf,
-                                             const uint8_t *data,
-                                             size_t data_length )
+static psa_status_t psa_tls12_prf_set_label(psa_tls12_prf_key_derivation_t *prf,
+                                            const uint8_t *data,
+                                            size_t data_length)
 {
-    if( prf->state != PSA_TLS12_PRF_STATE_KEY_SET )
-        return( PSA_ERROR_BAD_STATE );
+    if (prf->state != PSA_TLS12_PRF_STATE_KEY_SET) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( data_length != 0 )
-    {
-        prf->label = mbedtls_calloc( 1, data_length );
-        if( prf->label == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (data_length != 0) {
+        prf->label = mbedtls_calloc(1, data_length);
+        if (prf->label == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
 
-        memcpy( prf->label, data, data_length );
+        memcpy(prf->label, data, data_length);
         prf->label_length = data_length;
     }
 
     prf->state = PSA_TLS12_PRF_STATE_LABEL_SET;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
-                                         psa_key_derivation_step_t step,
-                                         const uint8_t *data,
-                                         size_t data_length )
+static psa_status_t psa_tls12_prf_input(psa_tls12_prf_key_derivation_t *prf,
+                                        psa_key_derivation_step_t step,
+                                        const uint8_t *data,
+                                        size_t data_length)
 {
-    switch( step )
-    {
+    switch (step) {
         case PSA_KEY_DERIVATION_INPUT_SEED:
-            return( psa_tls12_prf_set_seed( prf, data, data_length ) );
+            return psa_tls12_prf_set_seed(prf, data, data_length);
         case PSA_KEY_DERIVATION_INPUT_SECRET:
-            return( psa_tls12_prf_set_key( prf, data, data_length ) );
+            return psa_tls12_prf_set_key(prf, data, data_length);
         case PSA_KEY_DERIVATION_INPUT_LABEL:
-            return( psa_tls12_prf_set_label( prf, data, data_length ) );
+            return psa_tls12_prf_set_label(prf, data, data_length);
         default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ERROR_INVALID_ARGUMENT;
     }
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
@@ -5435,19 +5435,21 @@
 static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
     psa_tls12_prf_key_derivation_t *prf,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
     psa_status_t status;
-    const size_t pms_len = ( prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET ?
-        4 + data_length + prf->other_secret_length :
-        4 + 2 * data_length );
+    const size_t pms_len = (prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET ?
+                            4 + data_length + prf->other_secret_length :
+                            4 + 2 * data_length);
 
-    if( data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    uint8_t *pms = mbedtls_calloc( 1, pms_len );
-    if( pms == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    uint8_t *pms = mbedtls_calloc(1, pms_len);
+    if (pms == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
     uint8_t *cur = pms;
 
     /* pure-PSK:
@@ -5468,83 +5470,77 @@
      * - RFC 5489 for the definition of ECDHE-PSK.
      */
 
-    if( prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET )
-    {
-        *cur++ = MBEDTLS_BYTE_1( prf->other_secret_length );
-        *cur++ = MBEDTLS_BYTE_0( prf->other_secret_length );
-        if( prf->other_secret_length != 0 )
-        {
-            memcpy( cur, prf->other_secret, prf->other_secret_length );
-            mbedtls_platform_zeroize( prf->other_secret, prf->other_secret_length );
+    if (prf->state == PSA_TLS12_PRF_STATE_OTHER_KEY_SET) {
+        *cur++ = MBEDTLS_BYTE_1(prf->other_secret_length);
+        *cur++ = MBEDTLS_BYTE_0(prf->other_secret_length);
+        if (prf->other_secret_length != 0) {
+            memcpy(cur, prf->other_secret, prf->other_secret_length);
+            mbedtls_platform_zeroize(prf->other_secret, prf->other_secret_length);
             cur += prf->other_secret_length;
         }
-    }
-    else
-    {
-        *cur++ = MBEDTLS_BYTE_1( data_length );
-        *cur++ = MBEDTLS_BYTE_0( data_length );
-        memset( cur, 0, data_length );
+    } else {
+        *cur++ = MBEDTLS_BYTE_1(data_length);
+        *cur++ = MBEDTLS_BYTE_0(data_length);
+        memset(cur, 0, data_length);
         cur += data_length;
     }
 
-    *cur++ = MBEDTLS_BYTE_1( data_length );
-    *cur++ = MBEDTLS_BYTE_0( data_length );
-    memcpy( cur, data, data_length );
+    *cur++ = MBEDTLS_BYTE_1(data_length);
+    *cur++ = MBEDTLS_BYTE_0(data_length);
+    memcpy(cur, data, data_length);
     cur += data_length;
 
-    status = psa_tls12_prf_set_key( prf, pms, cur - pms );
+    status = psa_tls12_prf_set_key(prf, pms, cur - pms);
 
-    mbedtls_platform_zeroize( pms, pms_len );
-    mbedtls_free( pms );
-    return( status );
+    mbedtls_platform_zeroize(pms, pms_len);
+    mbedtls_free(pms);
+    return status;
 }
 
 static psa_status_t psa_tls12_prf_psk_to_ms_set_other_key(
     psa_tls12_prf_key_derivation_t *prf,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
-    if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( data_length != 0 )
-    {
-        prf->other_secret = mbedtls_calloc( 1, data_length );
-        if( prf->other_secret == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        memcpy( prf->other_secret, data, data_length );
-        prf->other_secret_length = data_length;
+    if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET) {
+        return PSA_ERROR_BAD_STATE;
     }
-    else
-    {
+
+    if (data_length != 0) {
+        prf->other_secret = mbedtls_calloc(1, data_length);
+        if (prf->other_secret == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
+
+        memcpy(prf->other_secret, data, data_length);
+        prf->other_secret_length = data_length;
+    } else {
         prf->other_secret_length = 0;
     }
 
     prf->state = PSA_TLS12_PRF_STATE_OTHER_KEY_SET;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 static psa_status_t psa_tls12_prf_psk_to_ms_input(
     psa_tls12_prf_key_derivation_t *prf,
     psa_key_derivation_step_t step,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
-    switch( step )
-    {
+    switch (step) {
         case PSA_KEY_DERIVATION_INPUT_SECRET:
-            return( psa_tls12_prf_psk_to_ms_set_key( prf,
-                                                     data, data_length ) );
+            return psa_tls12_prf_psk_to_ms_set_key(prf,
+                                                   data, data_length);
             break;
         case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
-            return( psa_tls12_prf_psk_to_ms_set_other_key( prf,
-                                                           data,
-                                                           data_length ) );
+            return psa_tls12_prf_psk_to_ms_set_other_key(prf,
+                                                         data,
+                                                         data_length);
             break;
         default:
-            return( psa_tls12_prf_input( prf, step, data, data_length ) );
+            return psa_tls12_prf_input(prf, step, data, data_length);
             break;
 
     }
@@ -5556,22 +5552,22 @@
     psa_tls12_ecjpake_to_pms_t *ecjpake,
     psa_key_derivation_step_t step,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
-    if( data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE ||
-        step != PSA_KEY_DERIVATION_INPUT_SECRET )
-    {
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (data_length != PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE ||
+        step != PSA_KEY_DERIVATION_INPUT_SECRET) {
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     /* Check if the passed point is in an uncompressed form */
-    if( data[0] != 0x04 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (data[0] != 0x04) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     /* Only K.X has to be extracted - bytes 1 to 32 inclusive. */
-    memcpy( ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE );
+    memcpy(ecjpake->data, data + 1, PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE);
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
 /** Check whether the given key type is acceptable for the given
@@ -5585,33 +5581,38 @@
  */
 static int psa_key_derivation_check_input_type(
     psa_key_derivation_step_t step,
-    psa_key_type_t key_type )
+    psa_key_type_t key_type)
 {
-    switch( step )
-    {
+    switch (step) {
         case PSA_KEY_DERIVATION_INPUT_SECRET:
-            if( key_type == PSA_KEY_TYPE_DERIVE )
-                return( PSA_SUCCESS );
-            if( key_type == PSA_KEY_TYPE_NONE )
-                return( PSA_SUCCESS );
+            if (key_type == PSA_KEY_TYPE_DERIVE) {
+                return PSA_SUCCESS;
+            }
+            if (key_type == PSA_KEY_TYPE_NONE) {
+                return PSA_SUCCESS;
+            }
             break;
         case PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:
-            if( key_type == PSA_KEY_TYPE_DERIVE )
-                return( PSA_SUCCESS );
-            if( key_type == PSA_KEY_TYPE_NONE )
-                return( PSA_SUCCESS );
+            if (key_type == PSA_KEY_TYPE_DERIVE) {
+                return PSA_SUCCESS;
+            }
+            if (key_type == PSA_KEY_TYPE_NONE) {
+                return PSA_SUCCESS;
+            }
             break;
         case PSA_KEY_DERIVATION_INPUT_LABEL:
         case PSA_KEY_DERIVATION_INPUT_SALT:
         case PSA_KEY_DERIVATION_INPUT_INFO:
         case PSA_KEY_DERIVATION_INPUT_SEED:
-            if( key_type == PSA_KEY_TYPE_RAW_DATA )
-                return( PSA_SUCCESS );
-            if( key_type == PSA_KEY_TYPE_NONE )
-                return( PSA_SUCCESS );
+            if (key_type == PSA_KEY_TYPE_RAW_DATA) {
+                return PSA_SUCCESS;
+            }
+            if (key_type == PSA_KEY_TYPE_NONE) {
+                return PSA_SUCCESS;
+            }
             break;
     }
-    return( PSA_ERROR_INVALID_ARGUMENT );
+    return PSA_ERROR_INVALID_ARGUMENT;
 }
 
 static psa_status_t psa_key_derivation_input_internal(
@@ -5619,102 +5620,96 @@
     psa_key_derivation_step_t step,
     psa_key_type_t key_type,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
     psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
+    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
 
-    status = psa_key_derivation_check_input_type( step, key_type );
-    if( status != PSA_SUCCESS )
+    status = psa_key_derivation_check_input_type(step, key_type);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 #if defined(BUILTIN_ALG_ANY_HKDF)
-    if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
-    {
-        status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg,
-                                 step, data, data_length );
-    }
-    else
+    if (PSA_ALG_IS_ANY_HKDF(kdf_alg)) {
+        status = psa_hkdf_input(&operation->ctx.hkdf, kdf_alg,
+                                step, data, data_length);
+    } else
 #endif /* BUILTIN_ALG_ANY_HKDF */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
-    {
-        status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
-                                      step, data, data_length );
-    }
-    else
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
+        status = psa_tls12_prf_input(&operation->ctx.tls12_prf,
+                                     step, data, data_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf,
-                                                step, data, data_length );
-    }
-    else
+    if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+        status = psa_tls12_prf_psk_to_ms_input(&operation->ctx.tls12_prf,
+                                               step, data, data_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if( kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS )
-    {
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
         status = psa_tls12_ecjpake_to_pms_input(
-            &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length );
-    }
-    else
+            &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
     {
         /* This can't happen unless the operation object was not initialized */
         (void) data;
         (void) data_length;
         (void) kdf_alg;
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( operation );
-    return( status );
+    if (status != PSA_SUCCESS) {
+        psa_key_derivation_abort(operation);
+    }
+    return status;
 }
 
 psa_status_t psa_key_derivation_input_bytes(
     psa_key_derivation_operation_t *operation,
     psa_key_derivation_step_t step,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
-    return( psa_key_derivation_input_internal( operation, step,
-                                               PSA_KEY_TYPE_NONE,
-                                               data, data_length ) );
+    return psa_key_derivation_input_internal(operation, step,
+                                             PSA_KEY_TYPE_NONE,
+                                             data, data_length);
 }
 
 psa_status_t psa_key_derivation_input_key(
     psa_key_derivation_operation_t *operation,
     psa_key_derivation_step_t step,
-    mbedtls_svc_key_id_t key )
+    mbedtls_svc_key_id_t key)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
     status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
-    if( status != PSA_SUCCESS )
-    {
-        psa_key_derivation_abort( operation );
-        return( status );
+        key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
+    if (status != PSA_SUCCESS) {
+        psa_key_derivation_abort(operation);
+        return status;
     }
 
     /* Passing a key object as a SECRET input unlocks the permission
      * to output to a key object. */
-    if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+    if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
         operation->can_output_key = 1;
+    }
 
-    status = psa_key_derivation_input_internal( operation,
-                                                step, slot->attr.type,
-                                                slot->key.data,
-                                                slot->key.bytes );
+    status = psa_key_derivation_input_internal(operation,
+                                               step, slot->attr.type,
+                                               slot->key.data,
+                                               slot->key.bytes);
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 
@@ -5723,26 +5718,25 @@
 /* Key agreement */
 /****************************************************************/
 
-psa_status_t psa_key_agreement_raw_builtin( const psa_key_attributes_t *attributes,
-                                            const uint8_t *key_buffer,
-                                            size_t key_buffer_size,
-                                            psa_algorithm_t alg,
-                                            const uint8_t *peer_key,
-                                            size_t peer_key_length,
-                                            uint8_t *shared_secret,
-                                            size_t shared_secret_size,
-                                            size_t *shared_secret_length )
+psa_status_t psa_key_agreement_raw_builtin(const psa_key_attributes_t *attributes,
+                                           const uint8_t *key_buffer,
+                                           size_t key_buffer_size,
+                                           psa_algorithm_t alg,
+                                           const uint8_t *peer_key,
+                                           size_t peer_key_length,
+                                           uint8_t *shared_secret,
+                                           size_t shared_secret_size,
+                                           size_t *shared_secret_length)
 {
-    switch( alg )
-    {
+    switch (alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
         case PSA_ALG_ECDH:
-            return( mbedtls_psa_key_agreement_ecdh( attributes, key_buffer,
-                                                    key_buffer_size, alg,
-                                                    peer_key, peer_key_length,
-                                                    shared_secret,
-                                                    shared_secret_size,
-                                                    shared_secret_length ) );
+            return mbedtls_psa_key_agreement_ecdh(attributes, key_buffer,
+                                                  key_buffer_size, alg,
+                                                  peer_key, peer_key_length,
+                                                  shared_secret,
+                                                  shared_secret_size,
+                                                  shared_secret_length);
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
         default:
             (void) attributes;
@@ -5753,7 +5747,7 @@
             (void) shared_secret;
             (void) shared_secret_size;
             (void) shared_secret_length;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
 }
 
@@ -5763,122 +5757,126 @@
  *  Fallback specified in the driver wrapper is built-in raw key agreement
  *  (psa_key_agreement_raw_builtin).
  */
-static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
-                                                    psa_key_slot_t *private_key,
-                                                    const uint8_t *peer_key,
-                                                    size_t peer_key_length,
-                                                    uint8_t *shared_secret,
-                                                    size_t shared_secret_size,
-                                                    size_t *shared_secret_length )
+static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
+                                                   psa_key_slot_t *private_key,
+                                                   const uint8_t *peer_key,
+                                                   size_t peer_key_length,
+                                                   uint8_t *shared_secret,
+                                                   size_t shared_secret_size,
+                                                   size_t *shared_secret_length)
 {
-    if( !PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (!PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
     psa_key_attributes_t attributes = {
-      .core = private_key->attr
+        .core = private_key->attr
     };
 
-    return( psa_driver_wrapper_key_agreement( &attributes,
-                                              private_key->key.data,
-                                              private_key->key.bytes, alg,
-                                              peer_key, peer_key_length,
-                                              shared_secret,
-                                              shared_secret_size,
-                                              shared_secret_length ) );
+    return psa_driver_wrapper_key_agreement(&attributes,
+                                            private_key->key.data,
+                                            private_key->key.bytes, alg,
+                                            peer_key, peer_key_length,
+                                            shared_secret,
+                                            shared_secret_size,
+                                            shared_secret_length);
 }
 
 /* Note that if this function fails, you must call psa_key_derivation_abort()
  * to potentially free embedded data structures and wipe confidential data.
  */
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
-                                                psa_key_derivation_step_t step,
-                                                psa_key_slot_t *private_key,
-                                                const uint8_t *peer_key,
-                                                size_t peer_key_length )
+static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *operation,
+                                               psa_key_derivation_step_t step,
+                                               psa_key_slot_t *private_key,
+                                               const uint8_t *peer_key,
+                                               size_t peer_key_length)
 {
     psa_status_t status;
     uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
     size_t shared_secret_length = 0;
-    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
+    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
 
     /* Step 1: run the secret agreement algorithm to generate the shared
      * secret. */
-    status = psa_key_agreement_raw_internal( ka_alg,
-                                             private_key,
-                                             peer_key, peer_key_length,
-                                             shared_secret,
-                                             sizeof( shared_secret ),
-                                             &shared_secret_length );
-    if( status != PSA_SUCCESS )
+    status = psa_key_agreement_raw_internal(ka_alg,
+                                            private_key,
+                                            peer_key, peer_key_length,
+                                            shared_secret,
+                                            sizeof(shared_secret),
+                                            &shared_secret_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Step 2: set up the key derivation to generate key material from
      * the shared secret. A shared secret is permitted wherever a key
      * of type DERIVE is permitted. */
-    status = psa_key_derivation_input_internal( operation, step,
-                                                PSA_KEY_TYPE_DERIVE,
-                                                shared_secret,
-                                                shared_secret_length );
+    status = psa_key_derivation_input_internal(operation, step,
+                                               PSA_KEY_TYPE_DERIVE,
+                                               shared_secret,
+                                               shared_secret_length);
 exit:
-    mbedtls_platform_zeroize( shared_secret, shared_secret_length );
-    return( status );
+    mbedtls_platform_zeroize(shared_secret, shared_secret_length);
+    return status;
 }
 
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
-                                               psa_key_derivation_step_t step,
-                                               mbedtls_svc_key_id_t private_key,
-                                               const uint8_t *peer_key,
-                                               size_t peer_key_length )
+psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
+                                              psa_key_derivation_step_t step,
+                                              mbedtls_svc_key_id_t private_key,
+                                              const uint8_t *peer_key,
+                                              size_t peer_key_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
     status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    status = psa_key_agreement_internal( operation, step,
-                                         slot,
-                                         peer_key, peer_key_length );
-    if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( operation );
-    else
-    {
+        private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+    status = psa_key_agreement_internal(operation, step,
+                                        slot,
+                                        peer_key, peer_key_length);
+    if (status != PSA_SUCCESS) {
+        psa_key_derivation_abort(operation);
+    } else {
         /* If a private key has been added as SECRET, we allow the derived
          * key material to be used as a key in PSA Crypto. */
-        if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
+        if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
             operation->can_output_key = 1;
+        }
     }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
-psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
-                                    mbedtls_svc_key_id_t private_key,
-                                    const uint8_t *peer_key,
-                                    size_t peer_key_length,
-                                    uint8_t *output,
-                                    size_t output_size,
-                                    size_t *output_length )
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+                                   mbedtls_svc_key_id_t private_key,
+                                   const uint8_t *peer_key,
+                                   size_t peer_key_length,
+                                   uint8_t *output,
+                                   size_t output_size,
+                                   size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot = NULL;
 
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
-    {
+    if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
     status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 private_key, &slot, PSA_KEY_USAGE_DERIVE, alg );
-    if( status != PSA_SUCCESS )
+        private_key, &slot, PSA_KEY_USAGE_DERIVE, alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is in general an upper bound
      * for the output size. The PSA specification only guarantees that this
@@ -5889,21 +5887,19 @@
      * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
      * be exact for it as well. */
     size_t expected_length =
-        PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( slot->attr.type, slot->attr.bits );
-    if( output_size < expected_length )
-    {
+        PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
+    if (output_size < expected_length) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    status = psa_key_agreement_raw_internal( alg, slot,
-                                             peer_key, peer_key_length,
-                                             output, output_size,
-                                             output_length );
+    status = psa_key_agreement_raw_internal(alg, slot,
+                                            peer_key, peer_key_length,
+                                            output, output_size,
+                                            output_length);
 
 exit:
-    if( status != PSA_SUCCESS )
-    {
+    if (status != PSA_SUCCESS) {
         /* If an error happens and is not handled properly, the output
          * may be used as a key to protect sensitive data. Arrange for such
          * a key to be random, which is likely to result in decryption or
@@ -5911,13 +5907,13 @@
          * some constant data such as zeros, which would result in the data
          * being protected with a reproducible, easily knowable key.
          */
-        psa_generate_random( output, output_size );
+        psa_generate_random(output, output_size);
         *output_length = output_size;
     }
 
-    unlock_status = psa_unlock_key_slot( slot );
+    unlock_status = psa_unlock_key_slot(slot);
 
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 
@@ -5928,97 +5924,101 @@
 
 /** Initialize the PSA random generator.
  */
-static void mbedtls_psa_random_init( mbedtls_psa_random_context_t *rng )
+static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
 {
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-    memset( rng, 0, sizeof( *rng ) );
+    memset(rng, 0, sizeof(*rng));
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
     /* Set default configuration if
      * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */
-    if( rng->entropy_init == NULL )
+    if (rng->entropy_init == NULL) {
         rng->entropy_init = mbedtls_entropy_init;
-    if( rng->entropy_free == NULL )
+    }
+    if (rng->entropy_free == NULL) {
         rng->entropy_free = mbedtls_entropy_free;
+    }
 
-    rng->entropy_init( &rng->entropy );
+    rng->entropy_init(&rng->entropy);
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
     defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
     /* The PSA entropy injection feature depends on using NV seed as an entropy
      * source. Add NV seed as an entropy source for PSA entropy injection. */
-    mbedtls_entropy_add_source( &rng->entropy,
-                                mbedtls_nv_seed_poll, NULL,
-                                MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+    mbedtls_entropy_add_source(&rng->entropy,
+                               mbedtls_nv_seed_poll, NULL,
+                               MBEDTLS_ENTROPY_BLOCK_SIZE,
+                               MBEDTLS_ENTROPY_SOURCE_STRONG);
 #endif
 
-    mbedtls_psa_drbg_init( MBEDTLS_PSA_RANDOM_STATE );
+    mbedtls_psa_drbg_init(MBEDTLS_PSA_RANDOM_STATE);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 /** Deinitialize the PSA random generator.
  */
-static void mbedtls_psa_random_free( mbedtls_psa_random_context_t *rng )
+static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng)
 {
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-    memset( rng, 0, sizeof( *rng ) );
+    memset(rng, 0, sizeof(*rng));
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-    mbedtls_psa_drbg_free( MBEDTLS_PSA_RANDOM_STATE );
-    rng->entropy_free( &rng->entropy );
+    mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE);
+    rng->entropy_free(&rng->entropy);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
 /** Seed the PSA random generator.
  */
-static psa_status_t mbedtls_psa_random_seed( mbedtls_psa_random_context_t *rng )
+static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
 {
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     /* Do nothing: the external RNG seeds itself. */
     (void) rng;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
     const unsigned char drbg_seed[] = "PSA";
-    int ret = mbedtls_psa_drbg_seed( &rng->entropy,
-                                     drbg_seed, sizeof( drbg_seed ) - 1 );
-    return mbedtls_to_psa_error( ret );
+    int ret = mbedtls_psa_drbg_seed(&rng->entropy,
+                                    drbg_seed, sizeof(drbg_seed) - 1);
+    return mbedtls_to_psa_error(ret);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
-psa_status_t psa_generate_random( uint8_t *output,
-                                  size_t output_size )
+psa_status_t psa_generate_random(uint8_t *output,
+                                 size_t output_size)
 {
     GUARD_MODULE_INITIALIZED;
 
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 
     size_t output_length = 0;
-    psa_status_t status = mbedtls_psa_external_get_random( &global_data.rng,
-                                                           output, output_size,
-                                                           &output_length );
-    if( status != PSA_SUCCESS )
-        return( status );
+    psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
+                                                          output, output_size,
+                                                          &output_length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
     /* Breaking up a request into smaller chunks is currently not supported
      * for the external RNG interface. */
-    if( output_length != output_size )
-        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-    return( PSA_SUCCESS );
+    if (output_length != output_size) {
+        return PSA_ERROR_INSUFFICIENT_ENTROPY;
+    }
+    return PSA_SUCCESS;
 
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
-    while( output_size > 0 )
-    {
+    while (output_size > 0) {
         size_t request_size =
-            ( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
-              MBEDTLS_PSA_RANDOM_MAX_REQUEST :
-              output_size );
-        int ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
-                                          output, request_size );
-        if( ret != 0 )
-            return( mbedtls_to_psa_error( ret ) );
+            (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
+             MBEDTLS_PSA_RANDOM_MAX_REQUEST :
+             output_size);
+        int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+                                         output, request_size);
+        if (ret != 0) {
+            return mbedtls_to_psa_error(ret);
+        }
         output_size -= request_size;
         output += request_size;
     }
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
@@ -6035,10 +6035,10 @@
  * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
  * as a constant function pointer to `mbedtls_xxx_drbg_random`.
  */
-#if defined (MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size )
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+int mbedtls_psa_get_random(void *p_rng,
+                           unsigned char *output,
+                           size_t output_size)
 {
     /* This function takes a pointer to the RNG state because that's what
      * classic mbedtls functions using an RNG expect. The PSA RNG manages
@@ -6046,29 +6046,32 @@
      * So we just ignore the state parameter, and in practice we'll pass
      * NULL. */
     (void) p_rng;
-    psa_status_t status = psa_generate_random( output, output_size );
-    if( status == PSA_SUCCESS )
-        return( 0 );
-    else
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    psa_status_t status = psa_generate_random(output, output_size);
+    if (status == PSA_SUCCESS) {
+        return 0;
+    } else {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 }
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
 #include "entropy_poll.h"
 
-psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
-                                         size_t seed_size )
+psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
+                                        size_t seed_size)
 {
-    if( global_data.initialized )
-        return( PSA_ERROR_NOT_PERMITTED );
+    if (global_data.initialized) {
+        return PSA_ERROR_NOT_PERMITTED;
+    }
 
-    if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
-          ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
-          ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    if (((seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM) ||
+         (seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE)) ||
+        (seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
+    return mbedtls_psa_storage_inject_entropy(seed, seed_size);
 }
 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
@@ -6086,103 +6089,97 @@
  *         the two is not supported.
  */
 static psa_status_t psa_validate_key_type_and_size_for_key_generation(
-    psa_key_type_t type, size_t bits )
+    psa_key_type_t type, size_t bits)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( key_type_is_raw_bytes( type ) )
-    {
-        status = psa_validate_unstructured_key_bit_size( type, bits );
-        if( status != PSA_SUCCESS )
-            return( status );
-    }
-    else
+    if (key_type_is_raw_bytes(type)) {
+        status = psa_validate_unstructured_key_bit_size(type, bits);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+    } else
 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-    if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
-        if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
-            return( PSA_ERROR_NOT_SUPPORTED );
+    if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
 
         /* Accept only byte-aligned keys, for the same reasons as
          * in psa_import_rsa_key(). */
-        if( bits % 8 != 0 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
+        if (bits % 8 != 0) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
+    } else
 #endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) */
 
 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-    if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
+    if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
         /* To avoid empty block, return successfully here. */
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
     {
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_generate_key_internal(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_type_t type = attributes->core.type;
 
-    if( ( attributes->domain_parameters == NULL ) &&
-        ( attributes->domain_parameters_size != 0 ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if ((attributes->domain_parameters == NULL) &&
+        (attributes->domain_parameters_size != 0)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    if( key_type_is_raw_bytes( type ) )
-    {
-        status = psa_generate_random( key_buffer, key_buffer_size );
-        if( status != PSA_SUCCESS )
-            return( status );
+    if (key_type_is_raw_bytes(type)) {
+        status = psa_generate_random(key_buffer, key_buffer_size);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-        if( type == PSA_KEY_TYPE_DES )
-            psa_des_set_key_parity( key_buffer, key_buffer_size );
+        if (type == PSA_KEY_TYPE_DES) {
+            psa_des_set_key_parity(key_buffer, key_buffer_size);
+        }
 #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
-    }
-    else
+    } else
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
     defined(MBEDTLS_GENPRIME)
-    if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
-        return( mbedtls_psa_rsa_generate_key( attributes,
-                                              key_buffer,
-                                              key_buffer_size,
-                                              key_buffer_length ) );
-    }
-    else
+    if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+        return mbedtls_psa_rsa_generate_key(attributes,
+                                            key_buffer,
+                                            key_buffer_size,
+                                            key_buffer_length);
+    } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
         * defined(MBEDTLS_GENPRIME) */
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
-    if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
-        return( mbedtls_psa_ecp_generate_key( attributes,
-                                              key_buffer,
-                                              key_buffer_size,
-                                              key_buffer_length ) );
-    }
-    else
+    if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        return mbedtls_psa_ecp_generate_key(attributes,
+                                            key_buffer,
+                                            key_buffer_size,
+                                            key_buffer_length);
+    } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
     {
-        (void)key_buffer_length;
-        return( PSA_ERROR_NOT_SUPPORTED );
+        (void) key_buffer_length;
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
-                               mbedtls_svc_key_id_t *key )
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+                              mbedtls_svc_key_id_t *key)
 {
     psa_status_t status;
     psa_key_slot_t *slot = NULL;
@@ -6193,62 +6190,67 @@
 
     /* Reject any attempt to create a zero-length key so that we don't
      * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (psa_get_key_bits(attributes) == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
     /* Reject any attempt to create a public key. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
+    status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes,
+                                    &slot, &driver);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* In the case of a transparent key or an opaque key stored in local
      * storage ( thus not in the case of generating a key in a secure element
      * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
      * buffer to hold the generated key material. */
-    if( slot->key.data == NULL )
-    {
-        if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
-             PSA_KEY_LOCATION_LOCAL_STORAGE )
-        {
+    if (slot->key.data == NULL) {
+        if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
+            PSA_KEY_LOCATION_LOCAL_STORAGE) {
             status = psa_validate_key_type_and_size_for_key_generation(
-                attributes->core.type, attributes->core.bits );
-            if( status != PSA_SUCCESS )
+                attributes->core.type, attributes->core.bits);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
             key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
-                                  attributes->core.type,
-                                  attributes->core.bits );
-        }
-        else
-        {
+                attributes->core.type,
+                attributes->core.bits);
+        } else {
             status = psa_driver_wrapper_get_key_buffer_size(
-                         attributes, &key_buffer_size );
-            if( status != PSA_SUCCESS )
+                attributes, &key_buffer_size);
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
         }
 
-        status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
-        if( status != PSA_SUCCESS )
+        status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
-    status = psa_driver_wrapper_generate_key( attributes,
-        slot->key.data, slot->key.bytes, &slot->key.bytes );
+    status = psa_driver_wrapper_generate_key(attributes,
+                                             slot->key.data, slot->key.bytes, &slot->key.bytes);
 
-    if( status != PSA_SUCCESS )
-        psa_remove_key_data_from_memory( slot );
+    if (status != PSA_SUCCESS) {
+        psa_remove_key_data_from_memory(slot);
+    }
 
 exit:
-    if( status == PSA_SUCCESS )
-        status = psa_finish_key_creation( slot, driver, key );
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
+    if (status == PSA_SUCCESS) {
+        status = psa_finish_key_creation(slot, driver, key);
+    }
+    if (status != PSA_SUCCESS) {
+        psa_fail_key_creation(slot, driver);
+    }
 
-    return( status );
+    return status;
 }
 
 /****************************************************************/
@@ -6257,31 +6259,31 @@
 
 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
-    void (* entropy_init )( mbedtls_entropy_context *ctx ),
-    void (* entropy_free )( mbedtls_entropy_context *ctx ) )
+    void (* entropy_init)(mbedtls_entropy_context *ctx),
+    void (* entropy_free)(mbedtls_entropy_context *ctx))
 {
-    if( global_data.rng_state != RNG_NOT_INITIALIZED )
-        return( PSA_ERROR_BAD_STATE );
+    if (global_data.rng_state != RNG_NOT_INITIALIZED) {
+        return PSA_ERROR_BAD_STATE;
+    }
     global_data.rng.entropy_init = entropy_init;
     global_data.rng.entropy_free = entropy_free;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
-void mbedtls_psa_crypto_free( void )
+void mbedtls_psa_crypto_free(void)
 {
-    psa_wipe_all_key_slots( );
-    if( global_data.rng_state != RNG_NOT_INITIALIZED )
-    {
-        mbedtls_psa_random_free( &global_data.rng );
+    psa_wipe_all_key_slots();
+    if (global_data.rng_state != RNG_NOT_INITIALIZED) {
+        mbedtls_psa_random_free(&global_data.rng);
     }
     /* Wipe all remaining data, including configuration.
      * In particular, this sets all state indicator to the value
      * indicating "uninitialized". */
-    mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
+    mbedtls_platform_zeroize(&global_data, sizeof(global_data));
 
     /* Terminate drivers */
-    psa_driver_wrapper_free( );
+    psa_driver_wrapper_free();
 }
 
 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
@@ -6292,60 +6294,61 @@
  * fails.
  */
 static psa_status_t psa_crypto_recover_transaction(
-    const psa_crypto_transaction_t *transaction )
+    const psa_crypto_transaction_t *transaction)
 {
-    switch( transaction->unknown.type )
-    {
+    switch (transaction->unknown.type) {
         case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
         case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
-            /* TODO - fall through to the failure case until this
-             * is implemented.
-             * https://github.com/ARMmbed/mbed-crypto/issues/218
-             */
+        /* TODO - fall through to the failure case until this
+         * is implemented.
+         * https://github.com/ARMmbed/mbed-crypto/issues/218
+         */
         default:
             /* We found an unsupported transaction in the storage.
              * We don't know what state the storage is in. Give up. */
-            return( PSA_ERROR_DATA_INVALID );
+            return PSA_ERROR_DATA_INVALID;
     }
 }
 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
 
-psa_status_t psa_crypto_init( void )
+psa_status_t psa_crypto_init(void)
 {
     psa_status_t status;
 
     /* Double initialization is explicitly allowed. */
-    if( global_data.initialized != 0 )
-        return( PSA_SUCCESS );
+    if (global_data.initialized != 0) {
+        return PSA_SUCCESS;
+    }
 
     /* Initialize and seed the random generator. */
-    mbedtls_psa_random_init( &global_data.rng );
+    mbedtls_psa_random_init(&global_data.rng);
     global_data.rng_state = RNG_INITIALIZED;
-    status = mbedtls_psa_random_seed( &global_data.rng );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_random_seed(&global_data.rng);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
     global_data.rng_state = RNG_SEEDED;
 
-    status = psa_initialize_key_slots( );
-    if( status != PSA_SUCCESS )
+    status = psa_initialize_key_slots();
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Init drivers */
-    status = psa_driver_wrapper_init( );
-    if( status != PSA_SUCCESS )
+    status = psa_driver_wrapper_init();
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
-    status = psa_crypto_load_transaction( );
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_crypto_recover_transaction( &psa_crypto_transaction );
-        if( status != PSA_SUCCESS )
+    status = psa_crypto_load_transaction();
+    if (status == PSA_SUCCESS) {
+        status = psa_crypto_recover_transaction(&psa_crypto_transaction);
+        if (status != PSA_SUCCESS) {
             goto exit;
-        status = psa_crypto_stop_transaction( );
-    }
-    else if( status == PSA_ERROR_DOES_NOT_EXIST )
-    {
+        }
+        status = psa_crypto_stop_transaction();
+    } else if (status == PSA_ERROR_DOES_NOT_EXIST) {
         /* There's no transaction to complete. It's all good. */
         status = PSA_SUCCESS;
     }
@@ -6355,9 +6358,10 @@
     global_data.initialized = 1;
 
 exit:
-    if( status != PSA_SUCCESS )
-        mbedtls_psa_crypto_free( );
-    return( status );
+    if (status != PSA_SUCCESS) {
+        mbedtls_psa_crypto_free();
+    }
+    return status;
 }
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 730ef95..85d1f39 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -40,88 +40,94 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t key_bits;
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_id_t cipher_id;
 
-    ( void ) key_buffer_size;
+    (void) key_buffer_size;
 
     key_bits = attributes->core.bits;
 
-    cipher_info = mbedtls_cipher_info_from_psa( alg,
-                                                attributes->core.type, key_bits,
-                                                &cipher_id );
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    cipher_info = mbedtls_cipher_info_from_psa(alg,
+                                               attributes->core.type, key_bits,
+                                               &cipher_id);
+    if (cipher_info == NULL) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
-    {
+    switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
             operation->alg = PSA_ALG_CCM;
             /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
              * The call to mbedtls_ccm_encrypt_and_tag or
              * mbedtls_ccm_auth_decrypt will validate the tag length. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
 
-            mbedtls_ccm_init( &operation->ctx.ccm );
+            mbedtls_ccm_init(&operation->ctx.ccm);
             status = mbedtls_to_psa_error(
-                mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
-                                    key_buffer, (unsigned int) key_bits ) );
-            if( status != PSA_SUCCESS )
-                return( status );
+                mbedtls_ccm_setkey(&operation->ctx.ccm, cipher_id,
+                                   key_buffer, (unsigned int) key_bits));
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
             operation->alg = PSA_ALG_GCM;
             /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
              * The call to mbedtls_gcm_crypt_and_tag or
              * mbedtls_gcm_auth_decrypt will validate the tag length. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+            if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
+                return PSA_ERROR_INVALID_ARGUMENT;
+            }
 
-            mbedtls_gcm_init( &operation->ctx.gcm );
+            mbedtls_gcm_init(&operation->ctx.gcm);
             status = mbedtls_to_psa_error(
-                mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
-                                    key_buffer, (unsigned int) key_bits ) );
-            if( status != PSA_SUCCESS )
-                return( status );
+                mbedtls_gcm_setkey(&operation->ctx.gcm, cipher_id,
+                                   key_buffer, (unsigned int) key_bits));
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+        case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
             operation->alg = PSA_ALG_CHACHA20_POLY1305;
             /* We only support the default tag length. */
-            if( alg != PSA_ALG_CHACHA20_POLY1305 )
-                return( PSA_ERROR_NOT_SUPPORTED );
+            if (alg != PSA_ALG_CHACHA20_POLY1305) {
+                return PSA_ERROR_NOT_SUPPORTED;
+            }
 
-            mbedtls_chachapoly_init( &operation->ctx.chachapoly );
+            mbedtls_chachapoly_init(&operation->ctx.chachapoly);
             status = mbedtls_to_psa_error(
-                mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
-                                           key_buffer ) );
-            if( status != PSA_SUCCESS )
-                return( status );
+                mbedtls_chachapoly_setkey(&operation->ctx.chachapoly,
+                                          key_buffer));
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
 
         default:
             (void) status;
             (void) key_buffer;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    operation->key_type = psa_get_key_type( attributes );
+    operation->key_type = psa_get_key_type(attributes);
 
-    operation->tag_length = PSA_ALG_AEAD_GET_TAG_LENGTH( alg );
+    operation->tag_length = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_aead_encrypt(
@@ -131,74 +137,67 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     uint8_t *tag;
 
-    status = psa_aead_setup( &operation, attributes, key_buffer,
-                             key_buffer_size, alg );
+    status = psa_aead_setup(&operation, attributes, key_buffer,
+                            key_buffer_size, alg);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* For all currently supported modes, the tag is at the end of the
      * ciphertext. */
-    if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
-    {
+    if (ciphertext_size < (plaintext_length + operation.tag_length)) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
     tag = ciphertext + plaintext_length;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.alg == PSA_ALG_CCM )
-    {
+    if (operation.alg == PSA_ALG_CCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
-                                         plaintext_length,
-                                         nonce, nonce_length,
-                                         additional_data,
-                                         additional_data_length,
-                                         plaintext, ciphertext,
-                                         tag, operation.tag_length ) );
-    }
-    else
+            mbedtls_ccm_encrypt_and_tag(&operation.ctx.ccm,
+                                        plaintext_length,
+                                        nonce, nonce_length,
+                                        additional_data,
+                                        additional_data_length,
+                                        plaintext, ciphertext,
+                                        tag, operation.tag_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
+    if (operation.alg == PSA_ALG_GCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
-                                       MBEDTLS_GCM_ENCRYPT,
-                                       plaintext_length,
-                                       nonce, nonce_length,
-                                       additional_data, additional_data_length,
-                                       plaintext, ciphertext,
-                                       operation.tag_length, tag ) );
-    }
-    else
+            mbedtls_gcm_crypt_and_tag(&operation.ctx.gcm,
+                                      MBEDTLS_GCM_ENCRYPT,
+                                      plaintext_length,
+                                      nonce, nonce_length,
+                                      additional_data, additional_data_length,
+                                      plaintext, ciphertext,
+                                      operation.tag_length, tag));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( operation.tag_length != 16 )
-        {
+    if (operation.alg == PSA_ALG_CHACHA20_POLY1305) {
+        if (operation.tag_length != 16) {
             status = PSA_ERROR_NOT_SUPPORTED;
             goto exit;
         }
         status = mbedtls_to_psa_error(
-            mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
-                                                plaintext_length,
-                                                nonce,
-                                                additional_data,
-                                                additional_data_length,
-                                                plaintext,
-                                                ciphertext,
-                                                tag ) );
-    }
-    else
+            mbedtls_chachapoly_encrypt_and_tag(&operation.ctx.chachapoly,
+                                               plaintext_length,
+                                               nonce,
+                                               additional_data,
+                                               additional_data_length,
+                                               plaintext,
+                                               ciphertext,
+                                               tag));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
         (void) tag;
@@ -207,16 +206,17 @@
         (void) additional_data;
         (void) additional_data_length;
         (void) plaintext;
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *ciphertext_length = plaintext_length + operation.tag_length;
+    }
 
 exit:
-    mbedtls_psa_aead_abort( &operation );
+    mbedtls_psa_aead_abort(&operation);
 
-    return( status );
+    return status;
 }
 
 /* Locate the tag in a ciphertext buffer containing the encrypted data
@@ -224,20 +224,22 @@
  * *plaintext_length. This is the size of the plaintext in modes where
  * the encrypted data has the same size as the plaintext, such as
  * CCM and GCM. */
-static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
-                                                  const uint8_t *ciphertext,
-                                                  size_t ciphertext_length,
-                                                  size_t plaintext_size,
-                                                  const uint8_t **p_tag )
+static psa_status_t psa_aead_unpadded_locate_tag(size_t tag_length,
+                                                 const uint8_t *ciphertext,
+                                                 size_t ciphertext_length,
+                                                 size_t plaintext_size,
+                                                 const uint8_t **p_tag)
 {
     size_t payload_length;
-    if( tag_length > ciphertext_length )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (tag_length > ciphertext_length) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
     payload_length = ciphertext_length - tag_length;
-    if( payload_length > plaintext_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (payload_length > plaintext_size) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
     *p_tag = ciphertext + payload_length;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_aead_decrypt(
@@ -247,71 +249,66 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
     const uint8_t *tag = NULL;
 
-    status = psa_aead_setup( &operation, attributes, key_buffer,
-                             key_buffer_size, alg );
+    status = psa_aead_setup(&operation, attributes, key_buffer,
+                            key_buffer_size, alg);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                           ciphertext, ciphertext_length,
-                                           plaintext_size, &tag );
-    if( status != PSA_SUCCESS )
+    status = psa_aead_unpadded_locate_tag(operation.tag_length,
+                                          ciphertext, ciphertext_length,
+                                          plaintext_size, &tag);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.alg == PSA_ALG_CCM )
-    {
+    if (operation.alg == PSA_ALG_CCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
-                                      ciphertext_length - operation.tag_length,
-                                      nonce, nonce_length,
-                                      additional_data,
-                                      additional_data_length,
-                                      ciphertext, plaintext,
-                                      tag, operation.tag_length ) );
-    }
-    else
+            mbedtls_ccm_auth_decrypt(&operation.ctx.ccm,
+                                     ciphertext_length - operation.tag_length,
+                                     nonce, nonce_length,
+                                     additional_data,
+                                     additional_data_length,
+                                     ciphertext, plaintext,
+                                     tag, operation.tag_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.alg == PSA_ALG_GCM )
-    {
+    if (operation.alg == PSA_ALG_GCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
-                                      ciphertext_length - operation.tag_length,
-                                      nonce, nonce_length,
-                                      additional_data,
-                                      additional_data_length,
-                                      tag, operation.tag_length,
-                                      ciphertext, plaintext ) );
-    }
-    else
+            mbedtls_gcm_auth_decrypt(&operation.ctx.gcm,
+                                     ciphertext_length - operation.tag_length,
+                                     nonce, nonce_length,
+                                     additional_data,
+                                     additional_data_length,
+                                     tag, operation.tag_length,
+                                     ciphertext, plaintext));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( operation.tag_length != 16 )
-        {
+    if (operation.alg == PSA_ALG_CHACHA20_POLY1305) {
+        if (operation.tag_length != 16) {
             status = PSA_ERROR_NOT_SUPPORTED;
             goto exit;
         }
         status = mbedtls_to_psa_error(
-            mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
-                                             ciphertext_length - operation.tag_length,
-                                             nonce,
-                                             additional_data,
-                                             additional_data_length,
-                                             tag,
-                                             ciphertext,
-                                             plaintext ) );
-    }
-    else
+            mbedtls_chachapoly_auth_decrypt(&operation.ctx.chachapoly,
+                                            ciphertext_length - operation.tag_length,
+                                            nonce,
+                                            additional_data,
+                                            additional_data_length,
+                                            tag,
+                                            ciphertext,
+                                            plaintext));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
         (void) nonce;
@@ -319,18 +316,20 @@
         (void) additional_data;
         (void) additional_data_length;
         (void) plaintext;
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *plaintext_length = ciphertext_length - operation.tag_length;
+    }
 
 exit:
-    mbedtls_psa_aead_abort( &operation );
+    mbedtls_psa_aead_abort(&operation);
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *plaintext_length = ciphertext_length - operation.tag_length;
-    return( status );
+    }
+    return status;
 }
 
 /* Set the key and algorithm for a multipart authenticated encryption
@@ -340,17 +339,18 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    status = psa_aead_setup( operation, attributes, key_buffer,
-                             key_buffer_size, alg );
+    status = psa_aead_setup(operation, attributes, key_buffer,
+                            key_buffer_size, alg);
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->is_encrypt = 1;
+    }
 
-    return ( status );
+    return status;
 }
 
 /* Set the key and algorithm for a multipart authenticated decryption
@@ -360,152 +360,139 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    status = psa_aead_setup( operation, attributes, key_buffer,
-                             key_buffer_size, alg );
+    status = psa_aead_setup(operation, attributes, key_buffer,
+                            key_buffer_size, alg);
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         operation->is_encrypt = 0;
+    }
 
-    return ( status );
+    return status;
 }
 
 /* Set a nonce for the multipart AEAD operation*/
 psa_status_t mbedtls_psa_aead_set_nonce(
     mbedtls_psa_aead_operation_t *operation,
     const uint8_t *nonce,
-    size_t nonce_length )
+    size_t nonce_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
+    if (operation->alg == PSA_ALG_GCM) {
         status = mbedtls_to_psa_error(
-                 mbedtls_gcm_starts( &operation->ctx.gcm,
-                                     operation->is_encrypt ?
-                                     MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
-                                     nonce,
-                                     nonce_length ) );
-    }
-    else
+            mbedtls_gcm_starts(&operation->ctx.gcm,
+                               operation->is_encrypt ?
+                               MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT,
+                               nonce,
+                               nonce_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
+    if (operation->alg == PSA_ALG_CCM) {
         status = mbedtls_to_psa_error(
-                   mbedtls_ccm_starts( &operation->ctx.ccm,
-                                       operation->is_encrypt ?
-                                       MBEDTLS_CCM_ENCRYPT : MBEDTLS_CCM_DECRYPT,
-                                       nonce,
-                                       nonce_length ) );
-    }
-    else
+            mbedtls_ccm_starts(&operation->ctx.ccm,
+                               operation->is_encrypt ?
+                               MBEDTLS_CCM_ENCRYPT : MBEDTLS_CCM_DECRYPT,
+                               nonce,
+                               nonce_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
+    if (operation->alg == PSA_ALG_CHACHA20_POLY1305) {
         /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
          * allocate a buffer in the operation, copy the nonce to it and pad
          * it, so for now check the nonce is 12 bytes, as
          * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
          * passed in buffer. */
-        if( nonce_length != 12 )
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
+        if (nonce_length != 12) {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
 
         status = mbedtls_to_psa_error(
-           mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
+            mbedtls_chachapoly_starts(&operation->ctx.chachapoly,
                                       nonce,
                                       operation->is_encrypt ?
                                       MBEDTLS_CHACHAPOLY_ENCRYPT :
-                                      MBEDTLS_CHACHAPOLY_DECRYPT ) );
-    }
-    else
+                                      MBEDTLS_CHACHAPOLY_DECRYPT));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        ( void ) operation;
-        ( void ) nonce;
-        ( void ) nonce_length;
+        (void) operation;
+        (void) nonce;
+        (void) nonce_length;
 
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return( status );
+    return status;
 }
 
- /* Declare the lengths of the message and additional data for AEAD. */
+/* Declare the lengths of the message and additional data for AEAD. */
 psa_status_t mbedtls_psa_aead_set_lengths(
     mbedtls_psa_aead_operation_t *operation,
     size_t ad_length,
-    size_t plaintext_length )
+    size_t plaintext_length)
 {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        return( mbedtls_to_psa_error(
-                         mbedtls_ccm_set_lengths( &operation->ctx.ccm,
-                                                 ad_length,
-                                                 plaintext_length,
-                                                 operation->tag_length ) ) );
+    if (operation->alg == PSA_ALG_CCM) {
+        return mbedtls_to_psa_error(
+            mbedtls_ccm_set_lengths(&operation->ctx.ccm,
+                                    ad_length,
+                                    plaintext_length,
+                                    operation->tag_length));
 
     }
 #else /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-    ( void ) operation;
-    ( void ) ad_length;
-    ( void ) plaintext_length;
+    (void) operation;
+    (void) ad_length;
+    (void) plaintext_length;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 
-    return ( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /* Pass additional data to an active multipart AEAD operation. */
 psa_status_t mbedtls_psa_aead_update_ad(
     mbedtls_psa_aead_operation_t *operation,
     const uint8_t *input,
-    size_t input_length )
+    size_t input_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
+    if (operation->alg == PSA_ALG_GCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) );
-    }
-    else
+            mbedtls_gcm_update_ad(&operation->ctx.gcm, input, input_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
+    if (operation->alg == PSA_ALG_CCM) {
         status = mbedtls_to_psa_error(
-            mbedtls_ccm_update_ad( &operation->ctx.ccm, input, input_length ) );
-    }
-    else
+            mbedtls_ccm_update_ad(&operation->ctx.ccm, input, input_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
+    if (operation->alg == PSA_ALG_CHACHA20_POLY1305) {
         status = mbedtls_to_psa_error(
-           mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly,
+            mbedtls_chachapoly_update_aad(&operation->ctx.chachapoly,
                                           input,
-                                          input_length ) );
-    }
-    else
+                                          input_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        ( void ) operation;
-        ( void ) input;
-        ( void ) input_length;
+        (void) operation;
+        (void) input;
+        (void) input_length;
 
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    return ( status );
+    return status;
 }
 
 /* Encrypt or decrypt a message fragment in an active multipart AEAD
@@ -516,7 +503,7 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length )
+    size_t *output_length)
 {
     size_t update_output_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -524,57 +511,54 @@
     update_output_length = input_length;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
+    if (operation->alg == PSA_ALG_GCM) {
         status =  mbedtls_to_psa_error(
-            mbedtls_gcm_update( &operation->ctx.gcm,
-                                input, input_length,
-                                output, output_size,
-                                &update_output_length ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
-        if( output_size < input_length )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-        status = mbedtls_to_psa_error(
-           mbedtls_ccm_update( &operation->ctx.ccm,
+            mbedtls_gcm_update(&operation->ctx.gcm,
                                input, input_length,
                                output, output_size,
-                               &update_output_length ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( output_size < input_length )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+                               &update_output_length));
+    } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+    if (operation->alg == PSA_ALG_CCM) {
+        if (output_size < input_length) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
 
         status = mbedtls_to_psa_error(
-           mbedtls_chachapoly_update( &operation->ctx.chachapoly,
+            mbedtls_ccm_update(&operation->ctx.ccm,
+                               input, input_length,
+                               output, output_size,
+                               &update_output_length));
+    } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+    if (operation->alg == PSA_ALG_CHACHA20_POLY1305) {
+        if (output_size < input_length) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
+
+        status = mbedtls_to_psa_error(
+            mbedtls_chachapoly_update(&operation->ctx.chachapoly,
                                       input_length,
                                       input,
-                                      output ) );
-    }
-    else
+                                      output));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        ( void ) operation;
-        ( void ) input;
-        ( void ) output;
-        ( void ) output_size;
+        (void) operation;
+        (void) input;
+        (void) output;
+        (void) output_size;
 
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *output_length = update_output_length;
+    }
 
-    return( status );
+    return status;
 }
 
 /* Finish encrypting a message in a multipart AEAD operation. */
@@ -585,103 +569,97 @@
     size_t *ciphertext_length,
     uint8_t *tag,
     size_t tag_size,
-    size_t *tag_length )
+    size_t *tag_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t finish_output_size = 0;
 
-    if( tag_size < operation->tag_length )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (tag_size < operation->tag_length) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation->alg == PSA_ALG_GCM )
-    {
+    if (operation->alg == PSA_ALG_GCM) {
         status =  mbedtls_to_psa_error(
-            mbedtls_gcm_finish( &operation->ctx.gcm,
-                                ciphertext, ciphertext_size, ciphertext_length,
-                                tag, operation->tag_length ) );
-    }
-    else
+            mbedtls_gcm_finish(&operation->ctx.gcm,
+                               ciphertext, ciphertext_size, ciphertext_length,
+                               tag, operation->tag_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation->alg == PSA_ALG_CCM )
-    {
+    if (operation->alg == PSA_ALG_CCM) {
         /* tag must be big enough to store a tag of size passed into set
          * lengths. */
-        if( tag_size < operation->tag_length )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+        if (tag_size < operation->tag_length) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
 
         status = mbedtls_to_psa_error(
-                           mbedtls_ccm_finish( &operation->ctx.ccm,
-                                               tag, operation->tag_length ) );
-    }
-    else
+            mbedtls_ccm_finish(&operation->ctx.ccm,
+                               tag, operation->tag_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
+    if (operation->alg == PSA_ALG_CHACHA20_POLY1305) {
         /* Belt and braces. Although the above tag_size check should have
          * already done this, if we later start supporting smaller tag sizes
          * for chachapoly, then passing a tag buffer smaller than 16 into here
          * could cause a buffer overflow, so better safe than sorry. */
-        if( tag_size < 16 )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+        if (tag_size < 16) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
 
         status = mbedtls_to_psa_error(
-            mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
-                                       tag ) );
-    }
-    else
+            mbedtls_chachapoly_finish(&operation->ctx.chachapoly,
+                                      tag));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     {
-        ( void ) ciphertext;
-        ( void ) ciphertext_size;
-        ( void ) ciphertext_length;
-        ( void ) tag;
-        ( void ) tag_size;
-        ( void ) tag_length;
+        (void) ciphertext;
+        (void) ciphertext_size;
+        (void) ciphertext_length;
+        (void) tag;
+        (void) tag_size;
+        (void) tag_length;
 
-        return ( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status == PSA_SUCCESS )
-    {
+    if (status == PSA_SUCCESS) {
         /* This will be zero for all supported algorithms currently, but left
          * here for future support. */
         *ciphertext_length = finish_output_size;
         *tag_length = operation->tag_length;
     }
 
-    return ( status );
+    return status;
 }
 
 /* Abort an AEAD operation */
 psa_status_t mbedtls_psa_aead_abort(
-   mbedtls_psa_aead_operation_t *operation )
+    mbedtls_psa_aead_operation_t *operation)
 {
-    switch( operation->alg )
-    {
+    switch (operation->alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
         case PSA_ALG_CCM:
-            mbedtls_ccm_free( &operation->ctx.ccm );
+            mbedtls_ccm_free(&operation->ctx.ccm);
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
         case PSA_ALG_GCM:
-            mbedtls_gcm_free( &operation->ctx.gcm );
+            mbedtls_gcm_free(&operation->ctx.gcm);
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
         case PSA_ALG_CHACHA20_POLY1305:
-            mbedtls_chachapoly_free( &operation->ctx.chachapoly );
+            mbedtls_chachapoly_free(&operation->ctx.chachapoly);
             break;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
     }
 
     operation->is_encrypt = 0;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
-
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index 70f714a..2ae8fe8 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -83,7 +83,7 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
 
 /**
  * \brief Process an authenticated decryption operation.
@@ -146,7 +146,7 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
 
 /** Set the key for a multipart authenticated encryption operation.
  *
@@ -189,7 +189,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 /** Set the key for a multipart authenticated decryption operation.
  *
@@ -232,7 +232,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 /** Set the nonce for an authenticated encryption or decryption operation.
  *
@@ -265,7 +265,7 @@
 psa_status_t mbedtls_psa_aead_set_nonce(
     mbedtls_psa_aead_operation_t *operation,
     const uint8_t *nonce,
-    size_t nonce_length );
+    size_t nonce_length);
 
 /** Declare the lengths of the message and additional data for AEAD.
  *
@@ -306,7 +306,7 @@
 psa_status_t mbedtls_psa_aead_set_lengths(
     mbedtls_psa_aead_operation_t *operation,
     size_t ad_length,
-    size_t plaintext_length );
+    size_t plaintext_length);
 
 /** Pass additional data to an active AEAD operation.
  *
@@ -343,7 +343,7 @@
 psa_status_t mbedtls_psa_aead_update_ad(
     mbedtls_psa_aead_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 /** Encrypt or decrypt a message fragment in an active AEAD operation.
  *
@@ -406,7 +406,7 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 /** Finish encrypting a message in an AEAD operation.
  *
@@ -479,7 +479,7 @@
     size_t *ciphertext_length,
     uint8_t *tag,
     size_t tag_size,
-    size_t *tag_length );
+    size_t *tag_length);
 
 /** Abort an AEAD operation.
  *
@@ -506,6 +506,6 @@
  *         Success.
  */
 psa_status_t mbedtls_psa_aead_abort(
-    mbedtls_psa_aead_operation_t *operation );
+    mbedtls_psa_aead_operation_t *operation);
 
 #endif /* PSA_CRYPTO_AEAD_H */
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 91a0e3b..c501144 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -35,18 +35,17 @@
     psa_algorithm_t alg,
     psa_key_type_t key_type,
     size_t key_bits,
-    mbedtls_cipher_id_t* cipher_id )
+    mbedtls_cipher_id_t *cipher_id)
 {
     mbedtls_cipher_mode_t mode;
     mbedtls_cipher_id_t cipher_id_tmp;
 
-    if( PSA_ALG_IS_AEAD( alg ) )
-        alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
+    if (PSA_ALG_IS_AEAD(alg)) {
+        alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
+    }
 
-    if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
-    {
-        switch( alg )
-        {
+    if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg)) {
+        switch (alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
             case PSA_ALG_STREAM_CIPHER:
                 mode = MBEDTLS_MODE_STREAM;
@@ -88,31 +87,30 @@
                 break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+            case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
                 mode = MBEDTLS_MODE_CCM;
                 break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+            case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
                 mode = MBEDTLS_MODE_GCM;
                 break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+            case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
                 mode = MBEDTLS_MODE_CHACHAPOLY;
                 break;
 #endif
             default:
-                return( NULL );
+                return NULL;
         }
-    }
-    else if( alg == PSA_ALG_CMAC )
+    } else if (alg == PSA_ALG_CMAC) {
         mode = MBEDTLS_MODE_ECB;
-    else
-        return( NULL );
+    } else {
+        return NULL;
+    }
 
-    switch( key_type )
-    {
+    switch (key_type) {
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
         case PSA_KEY_TYPE_AES:
             cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
@@ -127,15 +125,17 @@
         case PSA_KEY_TYPE_DES:
             /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
              * and 192 for three-key Triple-DES. */
-            if( key_bits == 64 )
+            if (key_bits == 64) {
                 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
-            else
+            } else {
                 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
+            }
             /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
              * but two-key Triple-DES is functionally three-key Triple-DES
              * with K1=K3, so that's how we present it to mbedtls. */
-            if( key_bits == 128 )
+            if (key_bits == 128) {
                 key_bits = 192;
+            }
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
@@ -149,13 +149,14 @@
             break;
 #endif
         default:
-            return( NULL );
+            return NULL;
     }
-    if( cipher_id != NULL )
+    if (cipher_id != NULL) {
         *cipher_id = cipher_id_tmp;
+    }
 
-    return( mbedtls_cipher_info_from_values( cipher_id_tmp,
-                                             (int) key_bits, mode ) );
+    return mbedtls_cipher_info_from_values(cipher_id_tmp,
+                                           (int) key_bits, mode);
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -165,110 +166,112 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg,
-    mbedtls_operation_t cipher_operation )
+    mbedtls_operation_t cipher_operation)
 {
     int ret = 0;
     size_t key_bits;
     const mbedtls_cipher_info_t *cipher_info = NULL;
     psa_key_type_t key_type = attributes->core.type;
 
-    (void)key_buffer_size;
+    (void) key_buffer_size;
 
-    mbedtls_cipher_init( &operation->ctx.cipher );
+    mbedtls_cipher_init(&operation->ctx.cipher);
 
     operation->alg = alg;
     key_bits = attributes->core.bits;
-    cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
-                                                key_bits, NULL );
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
+                                               key_bits, NULL);
+    if (cipher_info == NULL) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
-    if( ret != 0 )
+    ret = mbedtls_cipher_setup(&operation->ctx.cipher, cipher_info);
+    if (ret != 0) {
         goto exit;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-    if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
-    {
+    if (key_type == PSA_KEY_TYPE_DES && key_bits == 128) {
         /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
         uint8_t keys[24];
-        memcpy( keys, key_buffer, 16 );
-        memcpy( keys + 16, key_buffer, 8 );
-        ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
-                                     keys,
-                                     192, cipher_operation );
-    }
-    else
+        memcpy(keys, key_buffer, 16);
+        memcpy(keys + 16, key_buffer, 8);
+        ret = mbedtls_cipher_setkey(&operation->ctx.cipher,
+                                    keys,
+                                    192, cipher_operation);
+    } else
 #endif
     {
-        ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
-                                     (int) key_bits, cipher_operation );
+        ret = mbedtls_cipher_setkey(&operation->ctx.cipher, key_buffer,
+                                    (int) key_bits, cipher_operation);
     }
-    if( ret != 0 )
+    if (ret != 0) {
         goto exit;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
-    switch( alg )
-    {
+    switch (alg) {
         case PSA_ALG_CBC_NO_PADDING:
-            ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
-                                                   MBEDTLS_PADDING_NONE );
+            ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
+                                                  MBEDTLS_PADDING_NONE);
             break;
         case PSA_ALG_CBC_PKCS7:
-            ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
-                                                   MBEDTLS_PADDING_PKCS7 );
+            ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
+                                                  MBEDTLS_PADDING_PKCS7);
             break;
         default:
             /* The algorithm doesn't involve padding. */
             ret = 0;
             break;
     }
-    if( ret != 0 )
+    if (ret != 0) {
         goto exit;
+    }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING ||
           MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
 
-    operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
-                                PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
-    operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+    operation->block_length = (PSA_ALG_IS_STREAM_CIPHER(alg) ? 1 :
+                               PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
+    operation->iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
 
 exit:
-    return( mbedtls_to_psa_error( ret ) );
+    return mbedtls_to_psa_error(ret);
 }
 
 psa_status_t mbedtls_psa_cipher_encrypt_setup(
     mbedtls_psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    return( psa_cipher_setup( operation, attributes,
-                              key_buffer, key_buffer_size,
-                              alg, MBEDTLS_ENCRYPT ) );
+    return psa_cipher_setup(operation, attributes,
+                            key_buffer, key_buffer_size,
+                            alg, MBEDTLS_ENCRYPT);
 }
 
 psa_status_t mbedtls_psa_cipher_decrypt_setup(
     mbedtls_psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    return( psa_cipher_setup( operation, attributes,
-                              key_buffer, key_buffer_size,
-                              alg, MBEDTLS_DECRYPT ) );
+    return psa_cipher_setup(operation, attributes,
+                            key_buffer, key_buffer_size,
+                            alg, MBEDTLS_DECRYPT);
 }
 
 psa_status_t mbedtls_psa_cipher_set_iv(
     mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *iv, size_t iv_length )
+    const uint8_t *iv, size_t iv_length)
 {
-    if( iv_length != operation->iv_length )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (iv_length != operation->iv_length) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    return( mbedtls_to_psa_error(
-                mbedtls_cipher_set_iv( &operation->ctx.cipher,
-                                       iv, iv_length ) ) );
+    return mbedtls_to_psa_error(
+        mbedtls_cipher_set_iv(&operation->ctx.cipher,
+                              iv, iv_length));
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
@@ -300,43 +303,42 @@
     const uint8_t *input,
     size_t input_length,
     uint8_t *output,
-    size_t *output_length )
+    size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t block_size = ctx->cipher_info->block_size;
     size_t internal_output_length = 0;
     *output_length = 0;
 
-    if( input_length == 0 )
-    {
+    if (input_length == 0) {
         status = PSA_SUCCESS;
         goto exit;
     }
 
-    if( ctx->unprocessed_len > 0 )
-    {
+    if (ctx->unprocessed_len > 0) {
         /* Fill up to block size, and run the block if there's a full one. */
         size_t bytes_to_copy = block_size - ctx->unprocessed_len;
 
-        if( input_length < bytes_to_copy )
+        if (input_length < bytes_to_copy) {
             bytes_to_copy = input_length;
+        }
 
-        memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
-                input, bytes_to_copy );
+        memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
+               input, bytes_to_copy);
         input_length -= bytes_to_copy;
         input += bytes_to_copy;
         ctx->unprocessed_len += bytes_to_copy;
 
-        if( ctx->unprocessed_len == block_size )
-        {
+        if (ctx->unprocessed_len == block_size) {
             status = mbedtls_to_psa_error(
-                mbedtls_cipher_update( ctx,
-                                       ctx->unprocessed_data,
-                                       block_size,
-                                       output, &internal_output_length ) );
+                mbedtls_cipher_update(ctx,
+                                      ctx->unprocessed_data,
+                                      block_size,
+                                      output, &internal_output_length));
 
-            if( status != PSA_SUCCESS )
+            if (status != PSA_SUCCESS) {
                 goto exit;
+            }
 
             output += internal_output_length;
             *output_length += internal_output_length;
@@ -344,16 +346,16 @@
         }
     }
 
-    while( input_length >= block_size )
-    {
+    while (input_length >= block_size) {
         /* Run all full blocks we have, one by one */
         status = mbedtls_to_psa_error(
-            mbedtls_cipher_update( ctx, input,
-                                   block_size,
-                                   output, &internal_output_length ) );
+            mbedtls_cipher_update(ctx, input,
+                                  block_size,
+                                  output, &internal_output_length));
 
-        if( status != PSA_SUCCESS )
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
         input_length -= block_size;
         input += block_size;
@@ -362,122 +364,119 @@
         *output_length += internal_output_length;
     }
 
-    if( input_length > 0 )
-    {
+    if (input_length > 0) {
         /* Save unprocessed bytes for later processing */
-        memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
-                input, input_length );
+        memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
+               input, input_length);
         ctx->unprocessed_len += input_length;
     }
 
     status = PSA_SUCCESS;
 
 exit:
-    return( status );
+    return status;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
 
 psa_status_t mbedtls_psa_cipher_update(
     mbedtls_psa_cipher_operation_t *operation,
     const uint8_t *input, size_t input_length,
-    uint8_t *output, size_t output_size, size_t *output_length )
+    uint8_t *output, size_t output_size, size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t expected_output_size;
 
-    if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
-    {
+    if (!PSA_ALG_IS_STREAM_CIPHER(operation->alg)) {
         /* Take the unprocessed partial block left over from previous
          * update calls, if any, plus the input to this call. Remove
          * the last partial block, if any. You get the data that will be
          * output in this call. */
         expected_output_size =
-            ( operation->ctx.cipher.unprocessed_len + input_length )
+            (operation->ctx.cipher.unprocessed_len + input_length)
             / operation->block_length * operation->block_length;
-    }
-    else
-    {
+    } else {
         expected_output_size = input_length;
     }
 
-    if( output_size < expected_output_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (output_size < expected_output_size) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
-    if( operation->alg == PSA_ALG_ECB_NO_PADDING )
-    {
+    if (operation->alg == PSA_ALG_ECB_NO_PADDING) {
         /* mbedtls_cipher_update has an API inconsistency: it will only
-        * process a single block at a time in ECB mode. Abstract away that
-        * inconsistency here to match the PSA API behaviour. */
-        status = psa_cipher_update_ecb( &operation->ctx.cipher,
-                                        input,
-                                        input_length,
-                                        output,
-                                        output_length );
-    }
-    else
+         * process a single block at a time in ECB mode. Abstract away that
+         * inconsistency here to match the PSA API behaviour. */
+        status = psa_cipher_update_ecb(&operation->ctx.cipher,
+                                       input,
+                                       input_length,
+                                       output,
+                                       output_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
     {
         status = mbedtls_to_psa_error(
-            mbedtls_cipher_update( &operation->ctx.cipher, input,
-                                   input_length, output, output_length ) );
+            mbedtls_cipher_update(&operation->ctx.cipher, input,
+                                  input_length, output, output_length));
 
-        if( *output_length > output_size )
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+        if (*output_length > output_size) {
+            return PSA_ERROR_CORRUPTION_DETECTED;
+        }
     }
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_cipher_finish(
     mbedtls_psa_cipher_operation_t *operation,
-    uint8_t *output, size_t output_size, size_t *output_length )
+    uint8_t *output, size_t output_size, size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
 
-    if( operation->ctx.cipher.unprocessed_len != 0 )
-    {
-        if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
-            operation->alg == PSA_ALG_CBC_NO_PADDING )
-        {
+    if (operation->ctx.cipher.unprocessed_len != 0) {
+        if (operation->alg == PSA_ALG_ECB_NO_PADDING ||
+            operation->alg == PSA_ALG_CBC_NO_PADDING) {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto exit;
         }
     }
 
     status = mbedtls_to_psa_error(
-        mbedtls_cipher_finish( &operation->ctx.cipher,
-                               temp_output_buffer,
-                               output_length ) );
-    if( status != PSA_SUCCESS )
+        mbedtls_cipher_finish(&operation->ctx.cipher,
+                              temp_output_buffer,
+                              output_length));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( *output_length == 0 )
+    if (*output_length == 0) {
         ; /* Nothing to copy. Note that output may be NULL in this case. */
-    else if( output_size >= *output_length )
-        memcpy( output, temp_output_buffer, *output_length );
-    else
+    } else if (output_size >= *output_length) {
+        memcpy(output, temp_output_buffer, *output_length);
+    } else {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
+    }
 
 exit:
-    mbedtls_platform_zeroize( temp_output_buffer,
-                              sizeof( temp_output_buffer ) );
+    mbedtls_platform_zeroize(temp_output_buffer,
+                             sizeof(temp_output_buffer));
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_cipher_abort(
-    mbedtls_psa_cipher_operation_t *operation )
+    mbedtls_psa_cipher_operation_t *operation)
 {
     /* Sanity check (shouldn't happen: operation->alg should
      * always have been initialized to a valid value). */
-    if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
-        return( PSA_ERROR_BAD_STATE );
+    if (!PSA_ALG_IS_CIPHER(operation->alg)) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    mbedtls_cipher_free( &operation->ctx.cipher );
+    mbedtls_cipher_free(&operation->ctx.cipher);
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_cipher_encrypt(
@@ -491,47 +490,51 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length )
+    size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
     size_t update_output_length, finish_output_length;
 
-    status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
-                                               key_buffer, key_buffer_size,
-                                               alg );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_cipher_encrypt_setup(&operation, attributes,
+                                              key_buffer, key_buffer_size,
+                                              alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
-
-    if( iv_length > 0 )
-    {
-        status = mbedtls_psa_cipher_set_iv( &operation, iv, iv_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
     }
 
-    status = mbedtls_psa_cipher_update( &operation, input, input_length,
-                                        output, output_size,
-                                        &update_output_length );
-    if( status != PSA_SUCCESS )
+    if (iv_length > 0) {
+        status = mbedtls_psa_cipher_set_iv(&operation, iv, iv_length);
+        if (status != PSA_SUCCESS) {
+            goto exit;
+        }
+    }
+
+    status = mbedtls_psa_cipher_update(&operation, input, input_length,
+                                       output, output_size,
+                                       &update_output_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     status = mbedtls_psa_cipher_finish(
         &operation,
-        mbedtls_buffer_offset( output, update_output_length ),
-        output_size - update_output_length, &finish_output_length );
-    if( status != PSA_SUCCESS )
+        mbedtls_buffer_offset(output, update_output_length),
+        output_size - update_output_length, &finish_output_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     *output_length = update_output_length + finish_output_length;
 
 exit:
-    if( status == PSA_SUCCESS )
-        status = mbedtls_psa_cipher_abort( &operation );
-    else
-        mbedtls_psa_cipher_abort( &operation );
+    if (status == PSA_SUCCESS) {
+        status = mbedtls_psa_cipher_abort(&operation);
+    } else {
+        mbedtls_psa_cipher_abort(&operation);
+    }
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_cipher_decrypt(
@@ -543,52 +546,56 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length )
+    size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
     size_t olength, accumulated_length;
 
-    status = mbedtls_psa_cipher_decrypt_setup( &operation, attributes,
-                                               key_buffer, key_buffer_size,
-                                               alg );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_cipher_decrypt_setup(&operation, attributes,
+                                              key_buffer, key_buffer_size,
+                                              alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( operation.iv_length > 0 )
-    {
-        status = mbedtls_psa_cipher_set_iv( &operation,
-                                            input, operation.iv_length );
-        if( status != PSA_SUCCESS )
+    if (operation.iv_length > 0) {
+        status = mbedtls_psa_cipher_set_iv(&operation,
+                                           input, operation.iv_length);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
     status = mbedtls_psa_cipher_update(
         &operation,
-        mbedtls_buffer_offset_const( input, operation.iv_length ),
+        mbedtls_buffer_offset_const(input, operation.iv_length),
         input_length - operation.iv_length,
-        output, output_size, &olength );
-    if( status != PSA_SUCCESS )
+        output, output_size, &olength);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     accumulated_length = olength;
 
     status = mbedtls_psa_cipher_finish(
         &operation,
-        mbedtls_buffer_offset( output, accumulated_length ),
-        output_size - accumulated_length, &olength );
-    if( status != PSA_SUCCESS )
+        mbedtls_buffer_offset(output, accumulated_length),
+        output_size - accumulated_length, &olength);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     *output_length = accumulated_length + olength;
 
 exit:
-    if ( status == PSA_SUCCESS )
-        status = mbedtls_psa_cipher_abort( &operation );
-    else
-        mbedtls_psa_cipher_abort( &operation );
+    if (status == PSA_SUCCESS) {
+        status = mbedtls_psa_cipher_abort(&operation);
+    } else {
+        mbedtls_psa_cipher_abort(&operation);
+    }
 
-    return( status );
+    return status;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
 
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 3bd5360..6cc6bf6 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -38,7 +38,7 @@
  */
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
     psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
-    mbedtls_cipher_id_t *cipher_id );
+    mbedtls_cipher_id_t *cipher_id);
 
 /**
  * \brief Set the key for a multipart symmetric encryption operation.
@@ -68,7 +68,7 @@
     mbedtls_psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 /**
  * \brief Set the key for a multipart symmetric decryption operation.
@@ -98,7 +98,7 @@
     mbedtls_psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 /** Set the IV for a symmetric encryption or decryption operation.
  *
@@ -124,7 +124,7 @@
  */
 psa_status_t mbedtls_psa_cipher_set_iv(
     mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *iv, size_t iv_length );
+    const uint8_t *iv, size_t iv_length);
 
 /** Encrypt or decrypt a message fragment in an active cipher operation.
  *
@@ -150,7 +150,7 @@
 psa_status_t mbedtls_psa_cipher_update(
     mbedtls_psa_cipher_operation_t *operation,
     const uint8_t *input, size_t input_length,
-    uint8_t *output, size_t output_size, size_t *output_length );
+    uint8_t *output, size_t output_size, size_t *output_length);
 
 /** Finish encrypting or decrypting a message in a cipher operation.
  *
@@ -180,7 +180,7 @@
  */
 psa_status_t mbedtls_psa_cipher_finish(
     mbedtls_psa_cipher_operation_t *operation,
-    uint8_t *output, size_t output_size, size_t *output_length );
+    uint8_t *output, size_t output_size, size_t *output_length);
 
 /** Abort a cipher operation.
  *
@@ -197,7 +197,7 @@
  *
  * \retval #PSA_SUCCESS
  */
-psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
+psa_status_t mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t *operation);
 
 /** Encrypt a message using a symmetric cipher.
  *
@@ -241,17 +241,17 @@
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
  */
-psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
-                                         const uint8_t *key_buffer,
-                                         size_t key_buffer_size,
-                                         psa_algorithm_t alg,
-                                         const uint8_t *iv,
-                                         size_t iv_length,
-                                         const uint8_t *input,
-                                         size_t input_length,
-                                         uint8_t *output,
-                                         size_t output_size,
-                                         size_t *output_length );
+psa_status_t mbedtls_psa_cipher_encrypt(const psa_key_attributes_t *attributes,
+                                        const uint8_t *key_buffer,
+                                        size_t key_buffer_size,
+                                        psa_algorithm_t alg,
+                                        const uint8_t *iv,
+                                        size_t iv_length,
+                                        const uint8_t *input,
+                                        size_t input_length,
+                                        uint8_t *output,
+                                        size_t output_size,
+                                        size_t *output_length);
 
 /** Decrypt a message using a symmetric cipher.
  *
@@ -292,14 +292,14 @@
  *         This is a decryption operation for an algorithm that includes
  *         padding, and the ciphertext does not contain valid padding.
  */
-psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
-                                         const uint8_t *key_buffer,
-                                         size_t key_buffer_size,
-                                         psa_algorithm_t alg,
-                                         const uint8_t *input,
-                                         size_t input_length,
-                                         uint8_t *output,
-                                         size_t output_size,
-                                         size_t *output_length );
+psa_status_t mbedtls_psa_cipher_decrypt(const psa_key_attributes_t *attributes,
+                                        const uint8_t *key_buffer,
+                                        size_t key_buffer_size,
+                                        psa_algorithm_t alg,
+                                        const uint8_t *input,
+                                        size_t input_length,
+                                        uint8_t *output,
+                                        size_t output_size,
+                                        size_t *output_length);
 
 #endif /* PSA_CRYPTO_CIPHER_H */
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index ab79086..c323427 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -26,32 +26,31 @@
 #include <string.h>
 #include "mbedtls/platform.h"
 
-void psa_reset_key_attributes( psa_key_attributes_t *attributes )
+void psa_reset_key_attributes(psa_key_attributes_t *attributes)
 {
-    mbedtls_free( attributes->domain_parameters );
-    memset( attributes, 0, sizeof( *attributes ) );
+    mbedtls_free(attributes->domain_parameters);
+    memset(attributes, 0, sizeof(*attributes));
 }
 
-psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
-                                            psa_key_type_t type,
-                                            const uint8_t *data,
-                                            size_t data_length )
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+                                           psa_key_type_t type,
+                                           const uint8_t *data,
+                                           size_t data_length)
 {
     uint8_t *copy = NULL;
 
-    if( data_length != 0 )
-    {
-        copy = mbedtls_calloc( 1, data_length );
-        if( copy == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( copy, data, data_length );
+    if (data_length != 0) {
+        copy = mbedtls_calloc(1, data_length);
+        if (copy == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
+        memcpy(copy, data, data_length);
     }
     /* After this point, this function is guaranteed to succeed, so it
      * can start modifying `*attributes`. */
 
-    if( attributes->domain_parameters != NULL )
-    {
-        mbedtls_free( attributes->domain_parameters );
+    if (attributes->domain_parameters != NULL) {
+        mbedtls_free(attributes->domain_parameters);
         attributes->domain_parameters = NULL;
         attributes->domain_parameters_size = 0;
     }
@@ -59,20 +58,22 @@
     attributes->domain_parameters = copy;
     attributes->domain_parameters_size = data_length;
     attributes->core.type = type;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_get_key_domain_parameters(
     const psa_key_attributes_t *attributes,
-    uint8_t *data, size_t data_size, size_t *data_length )
+    uint8_t *data, size_t data_size, size_t *data_length)
 {
-    if( attributes->domain_parameters_size > data_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if (attributes->domain_parameters_size > data_size) {
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+    }
     *data_length = attributes->domain_parameters_size;
-    if( attributes->domain_parameters_size != 0 )
-        memcpy( data, attributes->domain_parameters,
-                attributes->domain_parameters_size );
-    return( PSA_SUCCESS );
+    if (attributes->domain_parameters_size != 0) {
+        memcpy(data, attributes->domain_parameters,
+               attributes->domain_parameters_size);
+    }
+    return PSA_SUCCESS;
 }
 
 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 614cad1..38e4bc5 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -35,22 +35,22 @@
  * \return 0 if the buffer contents are equal, non-zero otherwise
  */
 static inline int mbedtls_psa_safer_memcmp(
-    const uint8_t *a, const uint8_t *b, size_t n )
+    const uint8_t *a, const uint8_t *b, size_t n)
 {
     size_t i;
     unsigned char diff = 0;
 
-    for( i = 0; i < n; i++ )
+    for (i = 0; i < n; i++) {
         diff |= a[i] ^ b[i];
+    }
 
-    return( diff );
+    return diff;
 }
 
 /** The data structure representing a key slot, containing key material
  * and metadata for one key.
  */
-typedef struct
-{
+typedef struct {
     psa_core_key_attributes_t attr;
 
     /*
@@ -80,8 +80,7 @@
 
     /* Dynamically allocated key data buffer.
      * Format as specified in psa_export_key(). */
-    struct key_data
-    {
+    struct key_data {
         uint8_t *data;
         size_t bytes;
     } key;
@@ -90,7 +89,7 @@
 /* A mask of key attribute flags used only internally.
  * Currently there aren't any. */
 #define PSA_KA_MASK_INTERNAL_ONLY (     \
-        0 )
+        0)
 
 /** Test whether a key slot is occupied.
  *
@@ -101,9 +100,9 @@
  *
  * \return 1 if the slot is occupied, 0 otherwise.
  */
-static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot)
 {
-    return( slot->attr.type != 0 );
+    return slot->attr.type != 0;
 }
 
 /** Test whether a key slot is locked.
@@ -114,9 +113,9 @@
  *
  * \return 1 if the slot is locked, 0 otherwise.
  */
-static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
+static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot)
 {
-    return( slot->lock_count > 0 );
+    return slot->lock_count > 0;
 }
 
 /** Retrieve flags from psa_key_slot_t::attr::core::flags.
@@ -127,10 +126,10 @@
  * \return The key attribute flags in the given slot,
  *         bitwise-anded with \p mask.
  */
-static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
-                                               uint16_t mask )
+static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
+                                              uint16_t mask)
 {
-    return( slot->attr.flags & mask );
+    return slot->attr.flags & mask;
 }
 
 /** Set flags in psa_key_slot_t::attr::core::flags.
@@ -139,12 +138,12 @@
  * \param mask          The mask of bits to modify.
  * \param value         The new value of the selected bits.
  */
-static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
-                                           uint16_t mask,
-                                           uint16_t value )
+static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
+                                          uint16_t mask,
+                                          uint16_t value)
 {
-    slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
-                              ( mask & value ) );
+    slot->attr.flags = ((~mask & slot->attr.flags) |
+                        (mask & value));
 }
 
 /** Turn on flags in psa_key_slot_t::attr::core::flags.
@@ -152,8 +151,8 @@
  * \param[in,out] slot  The key slot to modify.
  * \param mask          The mask of bits to set.
  */
-static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
-                                                   uint16_t mask )
+static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
+                                                  uint16_t mask)
 {
     slot->attr.flags |= mask;
 }
@@ -163,8 +162,8 @@
  * \param[in,out] slot  The key slot to modify.
  * \param mask          The mask of bits to clear.
  */
-static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
-                                            uint16_t mask )
+static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
+                                           uint16_t mask)
 {
     slot->attr.flags &= ~mask;
 }
@@ -177,9 +176,9 @@
  *                   secure element, otherwise the behaviour is undefined.
  */
 static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
-    const psa_key_slot_t *slot )
+    const psa_key_slot_t *slot)
 {
-    return( *( (psa_key_slot_number_t *)( slot->key.data ) ) );
+    return *((psa_key_slot_number_t *) (slot->key.data));
 }
 #endif
 
@@ -196,10 +195,10 @@
  * On success, the returned key slot is locked. It is the responsibility of
  * the caller to unlock the key slot when it does not access it anymore.
  */
-psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key,
-                                                    psa_key_slot_t **p_slot,
-                                                    psa_key_usage_t usage,
-                                                    psa_algorithm_t alg );
+psa_status_t psa_get_and_lock_key_slot_with_policy(mbedtls_svc_key_id_t key,
+                                                   psa_key_slot_t **p_slot,
+                                                   psa_key_usage_t usage,
+                                                   psa_algorithm_t alg);
 
 /** Completely wipe a slot in memory, including its policy.
  *
@@ -212,7 +211,7 @@
  *         already fully wiped.
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot);
 
 /** Try to allocate a buffer to an empty key slot.
  *
@@ -226,11 +225,11 @@
  * \retval #PSA_ERROR_ALREADY_EXISTS
  *         Trying to allocate a buffer to a non-empty key slot.
  */
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
-                                          size_t buffer_length );
+psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
+                                         size_t buffer_length);
 
 /** Wipe key data from a slot. Preserves metadata such as the policy. */
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
+psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot);
 
 /** Copy key data (in export format) into an empty key slot.
  *
@@ -249,9 +248,9 @@
  * \retval #PSA_ERROR_ALREADY_EXISTS
  *         There was other key material already present in the slot.
  */
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
-                                              const uint8_t *data,
-                                              size_t data_length );
+psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
+                                             const uint8_t *data,
+                                             size_t data_length);
 
 /** Convert an mbed TLS error code to a PSA error code
  *
@@ -262,7 +261,7 @@
  *
  * \return              The corresponding PSA error code
  */
-psa_status_t mbedtls_to_psa_error( int ret );
+psa_status_t mbedtls_to_psa_error(int ret);
 
 /** Import a key in binary format.
  *
@@ -294,7 +293,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
+    size_t *key_buffer_length, size_t *bits);
 
 /** Export a key in binary format
  *
@@ -321,7 +320,7 @@
 psa_status_t psa_export_key_internal(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 /** Export a public key or the public part of a key pair in binary format.
  *
@@ -349,7 +348,7 @@
 psa_status_t psa_export_public_key_internal(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 /**
  * \brief Generate a key.
@@ -371,10 +370,10 @@
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of \p key_buffer is too small.
  */
-psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
-                                        uint8_t *key_buffer,
-                                        size_t key_buffer_size,
-                                        size_t *key_buffer_length );
+psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
+                                       uint8_t *key_buffer,
+                                       size_t key_buffer_size,
+                                       size_t *key_buffer_length);
 
 /** Sign a message with a private key. For hash-and-sign algorithms,
  *  this includes the hashing step.
@@ -417,7 +416,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *input, size_t input_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
+    uint8_t *signature, size_t signature_size, size_t *signature_length);
 
 /** Verify the signature of a message with a public key, using
  *  a hash-and-sign verification algorithm.
@@ -454,7 +453,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *input, size_t input_length,
-    const uint8_t *signature, size_t signature_length );
+    const uint8_t *signature, size_t signature_length);
 
 /** Sign an already-calculated hash with a private key.
  *
@@ -493,7 +492,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
+    uint8_t *signature, size_t signature_size, size_t *signature_length);
 
 /**
  * \brief Verify the signature a hash or short message using a public key.
@@ -528,7 +527,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
+    const uint8_t *signature, size_t signature_length);
 
 /**
  * \brief Validate the key bit size for unstructured keys.
@@ -547,8 +546,8 @@
  *         The type and/or the size in bits of the key or the combination of
  *         the two is not supported.
  */
-psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                     size_t bits );
+psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
+                                                    size_t bits);
 
 /** Perform a key agreement and return the raw shared secret, using
     built-in raw key agreement functions.
@@ -605,6 +604,6 @@
     size_t peer_key_length,
     uint8_t *shared_secret,
     size_t shared_secret_size,
-    size_t *shared_secret_length );
+    size_t *shared_secret_length);
 
 #endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index a19d7ec..da3cd1d 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -27,8 +27,8 @@
 /*
  * Initialization and termination functions
  */
-psa_status_t psa_driver_wrapper_init( void );
-void psa_driver_wrapper_free( void );
+psa_status_t psa_driver_wrapper_init(void);
+void psa_driver_wrapper_free(void);
 
 /*
  * Signature functions
@@ -42,7 +42,7 @@
     size_t input_length,
     uint8_t *signature,
     size_t signature_size,
-    size_t *signature_length );
+    size_t *signature_length);
 
 psa_status_t psa_driver_wrapper_verify_message(
     const psa_key_attributes_t *attributes,
@@ -52,19 +52,19 @@
     const uint8_t *input,
     size_t input_length,
     const uint8_t *signature,
-    size_t signature_length );
+    size_t signature_length);
 
 psa_status_t psa_driver_wrapper_sign_hash(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
+    uint8_t *signature, size_t signature_size, size_t *signature_length);
 
 psa_status_t psa_driver_wrapper_verify_hash(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
+    const uint8_t *signature, size_t signature_length);
 
 /*
  * Key handling functions
@@ -74,42 +74,42 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
+    size_t *key_buffer_length, size_t *bits);
 
 psa_status_t psa_driver_wrapper_export_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 psa_status_t psa_driver_wrapper_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 psa_status_t psa_driver_wrapper_get_key_buffer_size(
     const psa_key_attributes_t *attributes,
-    size_t *key_buffer_size );
+    size_t *key_buffer_size);
 
 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
     const psa_key_attributes_t *attributes,
     const uint8_t *data,
     size_t data_length,
-    size_t *key_buffer_size );
+    size_t *key_buffer_size);
 
 psa_status_t psa_driver_wrapper_generate_key(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
 
 psa_status_t psa_driver_wrapper_get_builtin_key(
     psa_drv_slot_number_t slot_number,
     psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
 
 psa_status_t psa_driver_wrapper_copy_key(
     psa_key_attributes_t *attributes,
     const uint8_t *source_key, size_t source_key_length,
     uint8_t *target_key_buffer, size_t target_key_buffer_size,
-    size_t *target_key_buffer_length );
+    size_t *target_key_buffer_length);
 /*
  * Cipher functions
  */
@@ -124,7 +124,7 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_cipher_decrypt(
     const psa_key_attributes_t *attributes,
@@ -135,24 +135,24 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
     psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
     psa_cipher_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_cipher_set_iv(
     psa_cipher_operation_t *operation,
     const uint8_t *iv,
-    size_t iv_length );
+    size_t iv_length);
 
 psa_status_t psa_driver_wrapper_cipher_update(
     psa_cipher_operation_t *operation,
@@ -160,16 +160,16 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_cipher_finish(
     psa_cipher_operation_t *operation,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_cipher_abort(
-    psa_cipher_operation_t *operation );
+    psa_cipher_operation_t *operation);
 
 /*
  * Hashing functions
@@ -184,25 +184,25 @@
 
 psa_status_t psa_driver_wrapper_hash_setup(
     psa_hash_operation_t *operation,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_hash_clone(
     const psa_hash_operation_t *source_operation,
-    psa_hash_operation_t *target_operation );
+    psa_hash_operation_t *target_operation);
 
 psa_status_t psa_driver_wrapper_hash_update(
     psa_hash_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 psa_status_t psa_driver_wrapper_hash_finish(
     psa_hash_operation_t *operation,
     uint8_t *hash,
     size_t hash_size,
-    size_t *hash_length );
+    size_t *hash_length);
 
 psa_status_t psa_driver_wrapper_hash_abort(
-    psa_hash_operation_t *operation );
+    psa_hash_operation_t *operation);
 
 /*
  * AEAD functions
@@ -215,7 +215,7 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
 
 psa_status_t psa_driver_wrapper_aead_decrypt(
     const psa_key_attributes_t *attributes,
@@ -224,34 +224,34 @@
     const uint8_t *nonce, size_t nonce_length,
     const uint8_t *additional_data, size_t additional_data_length,
     const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
 
 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
     psa_aead_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_aead_set_nonce(
     psa_aead_operation_t *operation,
     const uint8_t *nonce,
-    size_t nonce_length );
+    size_t nonce_length);
 
 psa_status_t psa_driver_wrapper_aead_set_lengths(
     psa_aead_operation_t *operation,
     size_t ad_length,
-    size_t plaintext_length );
+    size_t plaintext_length);
 
 psa_status_t psa_driver_wrapper_aead_update_ad(
     psa_aead_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 psa_status_t psa_driver_wrapper_aead_update(
     psa_aead_operation_t *operation,
@@ -259,7 +259,7 @@
     size_t input_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_aead_finish(
     psa_aead_operation_t *operation,
@@ -268,7 +268,7 @@
     size_t *ciphertext_length,
     uint8_t *tag,
     size_t tag_size,
-    size_t *tag_length );
+    size_t *tag_length);
 
 psa_status_t psa_driver_wrapper_aead_verify(
     psa_aead_operation_t *operation,
@@ -276,10 +276,10 @@
     size_t plaintext_size,
     size_t *plaintext_length,
     const uint8_t *tag,
-    size_t tag_length );
+    size_t tag_length);
 
 psa_status_t psa_driver_wrapper_aead_abort(
-    psa_aead_operation_t *operation );
+    psa_aead_operation_t *operation);
 
 /*
  * MAC functions
@@ -293,40 +293,40 @@
     size_t input_length,
     uint8_t *mac,
     size_t mac_size,
-    size_t *mac_length );
+    size_t *mac_length);
 
 psa_status_t psa_driver_wrapper_mac_sign_setup(
     psa_mac_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_mac_verify_setup(
     psa_mac_operation_t *operation,
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 psa_status_t psa_driver_wrapper_mac_update(
     psa_mac_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 psa_status_t psa_driver_wrapper_mac_sign_finish(
     psa_mac_operation_t *operation,
     uint8_t *mac,
     size_t mac_size,
-    size_t *mac_length );
+    size_t *mac_length);
 
 psa_status_t psa_driver_wrapper_mac_verify_finish(
     psa_mac_operation_t *operation,
     const uint8_t *mac,
-    size_t mac_length );
+    size_t mac_length);
 
 psa_status_t psa_driver_wrapper_mac_abort(
-    psa_mac_operation_t *operation );
+    psa_mac_operation_t *operation);
 
 /*
  * Asymmetric cryptography
@@ -342,7 +342,7 @@
     size_t salt_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 psa_status_t psa_driver_wrapper_asymmetric_decrypt(
     const psa_key_attributes_t *attributes,
@@ -355,7 +355,7 @@
     size_t salt_length,
     uint8_t *output,
     size_t output_size,
-    size_t *output_length );
+    size_t *output_length);
 
 /*
  * Raw Key Agreement
@@ -369,7 +369,7 @@
     size_t peer_key_length,
     uint8_t *shared_secret,
     size_t shared_secret_size,
-    size_t *shared_secret_length );
+    size_t *shared_secret_length);
 
 #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
 
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 537a748..c4ccefd 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -45,25 +45,25 @@
 psa_status_t mbedtls_psa_ecp_load_representation(
     psa_key_type_t type, size_t curve_bits,
     const uint8_t *data, size_t data_length,
-    mbedtls_ecp_keypair **p_ecp )
+    mbedtls_ecp_keypair **p_ecp)
 {
     mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
     psa_status_t status;
     mbedtls_ecp_keypair *ecp = NULL;
     size_t curve_bytes = data_length;
-    int explicit_bits = ( curve_bits != 0 );
+    int explicit_bits = (curve_bits != 0);
 
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) &&
-        PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY )
-    {
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
+        PSA_KEY_TYPE_ECC_GET_FAMILY(type) != PSA_ECC_FAMILY_MONTGOMERY) {
         /* A Weierstrass public key is represented as:
          * - The byte 0x04;
          * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
          * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
          * So its data length is 2m+1 where m is the curve size in bits.
          */
-        if( ( data_length & 1 ) == 0 )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+        if ((data_length & 1) == 0) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
         curve_bytes = data_length / 2;
 
         /* Montgomery public keys are represented in compressed format, meaning
@@ -73,31 +73,29 @@
          * format, meaning their curve_bytes is equal to the amount of input. */
     }
 
-    if( explicit_bits )
-    {
+    if (explicit_bits) {
         /* With an explicit bit-size, the data must have the matching length. */
-        if( curve_bytes != PSA_BITS_TO_BYTES( curve_bits ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
+        if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
+    } else {
         /* We need to infer the bit-size from the data. Since the only
          * information we have is the length in bytes, the value of curve_bits
          * at this stage is rounded up to the nearest multiple of 8. */
-        curve_bits = PSA_BYTES_TO_BITS( curve_bytes );
+        curve_bits = PSA_BYTES_TO_BITS(curve_bytes);
     }
 
     /* Allocate and initialize a key representation. */
-    ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
-    if( ecp == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-    mbedtls_ecp_keypair_init( ecp );
+    ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
+    if (ecp == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
+    mbedtls_ecp_keypair_init(ecp);
 
     /* Load the group. */
-    grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( type ),
-                                       curve_bits, !explicit_bits );
-    if( grp_id == MBEDTLS_ECP_DP_NONE )
-    {
+    grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type),
+                                      curve_bits, !explicit_bits);
+    if (grp_id == MBEDTLS_ECP_DP_NONE) {
         /* We can't distinguish between a nonsensical family/size combination
          * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
          * well-regarded curve that Mbed TLS just doesn't know about (which
@@ -109,48 +107,48 @@
     }
 
     status = mbedtls_to_psa_error(
-                mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
-    if( status != PSA_SUCCESS )
+        mbedtls_ecp_group_load(&ecp->grp, grp_id));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Load the key material. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-    {
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
         /* Load the public value. */
         status = mbedtls_to_psa_error(
-            mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
-                                           data,
-                                           data_length ) );
-        if( status != PSA_SUCCESS )
+            mbedtls_ecp_point_read_binary(&ecp->grp, &ecp->Q,
+                                          data,
+                                          data_length));
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 
         /* Check that the point is on the curve. */
         status = mbedtls_to_psa_error(
-            mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
-        if( status != PSA_SUCCESS )
+            mbedtls_ecp_check_pubkey(&ecp->grp, &ecp->Q));
+        if (status != PSA_SUCCESS) {
             goto exit;
-    }
-    else
-    {
+        }
+    } else {
         /* Load and validate the secret value. */
         status = mbedtls_to_psa_error(
-            mbedtls_ecp_read_key( ecp->grp.id,
-                                  ecp,
-                                  data,
-                                  data_length ) );
-        if( status != PSA_SUCCESS )
+            mbedtls_ecp_read_key(ecp->grp.id,
+                                 ecp,
+                                 data,
+                                 data_length));
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
     }
 
     *p_ecp = ecp;
 exit:
-    if( status != PSA_SUCCESS )
-    {
-        mbedtls_ecp_keypair_free( ecp );
-        mbedtls_free( ecp );
+    if (status != PSA_SUCCESS) {
+        mbedtls_ecp_keypair_free(ecp);
+        mbedtls_free(ecp);
     }
 
-    return( status );
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
@@ -165,116 +163,119 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
+    size_t *key_buffer_length, size_t *bits)
 {
     psa_status_t status;
     mbedtls_ecp_keypair *ecp = NULL;
 
     /* Parse input */
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  data,
-                                                  data_length,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+                                                 attributes->core.bits,
+                                                 data,
+                                                 data_length,
+                                                 &ecp);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ==
-        PSA_ECC_FAMILY_MONTGOMERY )
+    if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) ==
+        PSA_ECC_FAMILY_MONTGOMERY) {
         *bits = ecp->grp.nbits + 1;
-    else
+    } else {
         *bits = ecp->grp.nbits;
+    }
 
     /* Re-export the data to PSA export format. There is currently no support
      * for other input formats then the export format, so this is a 1-1
      * copy operation. */
-    status = mbedtls_psa_ecp_export_key( attributes->core.type,
-                                         ecp,
-                                         key_buffer,
-                                         key_buffer_size,
-                                         key_buffer_length );
+    status = mbedtls_psa_ecp_export_key(attributes->core.type,
+                                        ecp,
+                                        key_buffer,
+                                        key_buffer_size,
+                                        key_buffer_length);
 exit:
     /* Always free the PK object (will also free contained ECP context) */
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
+    mbedtls_ecp_keypair_free(ecp);
+    mbedtls_free(ecp);
 
-    return( status );
+    return status;
 }
 
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
-                                         mbedtls_ecp_keypair *ecp,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length )
+psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
+                                        mbedtls_ecp_keypair *ecp,
+                                        uint8_t *data,
+                                        size_t data_size,
+                                        size_t *data_length)
 {
     psa_status_t status;
 
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-    {
+    if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
         /* Check whether the public part is loaded */
-        if( mbedtls_ecp_is_zero( &ecp->Q ) )
-        {
+        if (mbedtls_ecp_is_zero(&ecp->Q)) {
             /* Calculate the public key */
             status = mbedtls_to_psa_error(
-                mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
-                                 mbedtls_psa_get_random,
-                                 MBEDTLS_PSA_RANDOM_STATE ) );
-            if( status != PSA_SUCCESS )
-                return( status );
+                mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+                                mbedtls_psa_get_random,
+                                MBEDTLS_PSA_RANDOM_STATE));
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
         }
 
         status = mbedtls_to_psa_error(
-                    mbedtls_ecp_point_write_binary( &ecp->grp, &ecp->Q,
-                                                    MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                                    data_length,
-                                                    data,
-                                                    data_size ) );
-        if( status != PSA_SUCCESS )
-            memset( data, 0, data_size );
+            mbedtls_ecp_point_write_binary(&ecp->grp, &ecp->Q,
+                                           MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                           data_length,
+                                           data,
+                                           data_size));
+        if (status != PSA_SUCCESS) {
+            memset(data, 0, data_size);
+        }
 
-        return( status );
-    }
-    else
-    {
-        if( data_size < PSA_BITS_TO_BYTES( ecp->grp.nbits ) )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+        return status;
+    } else {
+        if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
 
         status = mbedtls_to_psa_error(
-                    mbedtls_ecp_write_key( ecp,
-                                           data,
-                                           PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
-        if( status == PSA_SUCCESS )
-            *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
-        else
-            memset( data, 0, data_size );
+            mbedtls_ecp_write_key(ecp,
+                                  data,
+                                  PSA_BITS_TO_BYTES(ecp->grp.nbits)));
+        if (status == PSA_SUCCESS) {
+            *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits);
+        } else {
+            memset(data, 0, data_size);
+        }
 
-        return( status );
+        return status;
     }
 }
 
 psa_status_t mbedtls_psa_ecp_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
+    uint8_t *data, size_t data_size, size_t *data_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_keypair *ecp = NULL;
 
     status = mbedtls_psa_ecp_load_representation(
         attributes->core.type, attributes->core.bits,
-        key_buffer, key_buffer_size, &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
+        key_buffer, key_buffer_size, &ecp);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     status = mbedtls_psa_ecp_export_key(
-                 PSA_KEY_TYPE_ECC_PUBLIC_KEY(
-                     PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ),
-                 ecp, data, data_size, data_length );
+        PSA_KEY_TYPE_ECC_PUBLIC_KEY(
+            PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)),
+        ecp, data, data_size, data_length);
 
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
+    mbedtls_ecp_keypair_free(ecp);
+    mbedtls_free(ecp);
 
-    return( status );
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
@@ -282,45 +283,47 @@
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
 psa_status_t mbedtls_psa_ecp_generate_key(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
-                                 attributes->core.type );
+        attributes->core.type);
     mbedtls_ecp_group_id grp_id =
-         mbedtls_ecc_group_of_psa( curve, attributes->core.bits, 0 );
+        mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0);
 
     const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id( grp_id );
+        mbedtls_ecp_curve_info_from_grp_id(grp_id);
     mbedtls_ecp_keypair ecp;
 
-    if( attributes->domain_parameters_size != 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (attributes->domain_parameters_size != 0) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    mbedtls_ecp_keypair_init( &ecp );
-    ret = mbedtls_ecp_gen_key( grp_id, &ecp,
-                               mbedtls_psa_get_random,
-                               MBEDTLS_PSA_RANDOM_STATE );
-    if( ret != 0 )
-    {
-        mbedtls_ecp_keypair_free( &ecp );
-        return( mbedtls_to_psa_error( ret ) );
+    mbedtls_ecp_keypair_init(&ecp);
+    ret = mbedtls_ecp_gen_key(grp_id, &ecp,
+                              mbedtls_psa_get_random,
+                              MBEDTLS_PSA_RANDOM_STATE);
+    if (ret != 0) {
+        mbedtls_ecp_keypair_free(&ecp);
+        return mbedtls_to_psa_error(ret);
     }
 
     status = mbedtls_to_psa_error(
-        mbedtls_ecp_write_key( &ecp, key_buffer, key_buffer_size ) );
+        mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size));
 
-    mbedtls_ecp_keypair_free( &ecp );
+    mbedtls_ecp_keypair_free(&ecp);
 
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *key_buffer_length = key_buffer_size;
+    }
 
-    return( status );
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
 
@@ -334,7 +337,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
+    uint8_t *signature, size_t signature_size, size_t *signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_keypair *ecp = NULL;
@@ -342,72 +345,70 @@
     size_t curve_bytes;
     mbedtls_mpi r, s;
 
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+                                                 attributes->core.bits,
+                                                 key_buffer,
+                                                 key_buffer_size,
+                                                 &ecp);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
+    curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits);
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
 
-    if( signature_size < 2 * curve_bytes )
-    {
+    if (signature_size < 2 * curve_bytes) {
         ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         goto cleanup;
     }
 
-    if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
-    {
+    if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-        psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-        mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa( hash_alg );
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
-                             &ecp->grp, &r, &s,
-                             &ecp->d, hash,
-                             hash_length, md_alg,
-                             mbedtls_psa_get_random,
-                             MBEDTLS_PSA_RANDOM_STATE ) );
+        psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+        mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+        MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext(
+                            &ecp->grp, &r, &s,
+                            &ecp->d, hash,
+                            hash_length, md_alg,
+                            mbedtls_psa_get_random,
+                            MBEDTLS_PSA_RANDOM_STATE));
 #else
-       ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-       goto cleanup;
+        ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+        goto cleanup;
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-    }
-    else
-    {
+    } else {
         (void) alg;
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
-                                             hash, hash_length,
-                                             mbedtls_psa_get_random,
-                                             MBEDTLS_PSA_RANDOM_STATE ) );
+        MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ecp->grp, &r, &s, &ecp->d,
+                                           hash, hash_length,
+                                           mbedtls_psa_get_random,
+                                           MBEDTLS_PSA_RANDOM_STATE));
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
-                                               signature,
-                                               curve_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
-                                               signature + curve_bytes,
-                                               curve_bytes ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&r,
+                                             signature,
+                                             curve_bytes));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&s,
+                                             signature + curve_bytes,
+                                             curve_bytes));
 cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-    if( ret == 0 )
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
+    if (ret == 0) {
         *signature_length = 2 * curve_bytes;
+    }
 
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
+    mbedtls_ecp_keypair_free(ecp);
+    mbedtls_free(ecp);
 
-    return( mbedtls_to_psa_error( ret ) );
+    return mbedtls_to_psa_error(ret);
 }
 
 psa_status_t mbedtls_psa_ecdsa_verify_hash(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
+    const uint8_t *signature, size_t signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_keypair *ecp = NULL;
@@ -415,51 +416,50 @@
     size_t curve_bytes;
     mbedtls_mpi r, s;
 
-    (void)alg;
+    (void) alg;
 
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = mbedtls_psa_ecp_load_representation(attributes->core.type,
+                                                 attributes->core.bits,
+                                                 key_buffer,
+                                                 key_buffer_size,
+                                                 &ecp);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
+    curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits);
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
 
-    if( signature_length != 2 * curve_bytes )
-    {
+    if (signature_length != 2 * curve_bytes) {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
-                                              signature,
-                                              curve_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
-                                              signature + curve_bytes,
-                                              curve_bytes ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r,
+                                            signature,
+                                            curve_bytes));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&s,
+                                            signature + curve_bytes,
+                                            curve_bytes));
 
     /* Check whether the public part is loaded. If not, load it. */
-    if( mbedtls_ecp_is_zero( &ecp->Q ) )
-    {
+    if (mbedtls_ecp_is_zero(&ecp->Q)) {
         MBEDTLS_MPI_CHK(
-            mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
-                             mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
+            mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
+                            mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE));
     }
 
-    ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
-                                &ecp->Q, &r, &s );
+    ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length,
+                               &ecp->Q, &r, &s);
 
 cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
+    mbedtls_ecp_keypair_free(ecp);
+    mbedtls_free(ecp);
 
-    return( mbedtls_to_psa_error( ret ) );
+    return mbedtls_to_psa_error(ret);
 }
 
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
@@ -475,64 +475,72 @@
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
     uint8_t *shared_secret, size_t shared_secret_size,
-    size_t *shared_secret_length )
+    size_t *shared_secret_length)
 {
     psa_status_t status;
-    if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( attributes->core.type ) ||
-        ! PSA_ALG_IS_ECDH(alg) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
+    if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->core.type) ||
+        !PSA_ALG_IS_ECDH(alg)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
     mbedtls_ecp_keypair *ecp = NULL;
     status = mbedtls_psa_ecp_load_representation(
-                attributes->core.type,
-                attributes->core.bits,
-                key_buffer,
-                key_buffer_size,
-                &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
+        attributes->core.type,
+        attributes->core.bits,
+        key_buffer,
+        key_buffer_size,
+        &ecp);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
     mbedtls_ecp_keypair *their_key = NULL;
     mbedtls_ecdh_context ecdh;
     size_t bits = 0;
-    psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ecp->grp.id, &bits );
-    mbedtls_ecdh_init( &ecdh );
+    psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ecp->grp.id, &bits);
+    mbedtls_ecdh_init(&ecdh);
 
     status = mbedtls_psa_ecp_load_representation(
-                PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
-                bits,
-                peer_key,
-                peer_key_length,
-                &their_key );
-    if( status != PSA_SUCCESS )
+        PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
+        bits,
+        peer_key,
+        peer_key_length,
+        &their_key);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     status = mbedtls_to_psa_error(
-        mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
-    if( status != PSA_SUCCESS )
+        mbedtls_ecdh_get_params(&ecdh, their_key, MBEDTLS_ECDH_THEIRS));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
     status = mbedtls_to_psa_error(
-        mbedtls_ecdh_get_params( &ecdh, ecp, MBEDTLS_ECDH_OURS ) );
-    if( status != PSA_SUCCESS )
+        mbedtls_ecdh_get_params(&ecdh, ecp, MBEDTLS_ECDH_OURS));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     status = mbedtls_to_psa_error(
-        mbedtls_ecdh_calc_secret( &ecdh,
-                                shared_secret_length,
-                                shared_secret, shared_secret_size,
-                                mbedtls_psa_get_random,
-                                MBEDTLS_PSA_RANDOM_STATE ) );
-    if( status != PSA_SUCCESS )
+        mbedtls_ecdh_calc_secret(&ecdh,
+                                 shared_secret_length,
+                                 shared_secret, shared_secret_size,
+                                 mbedtls_psa_get_random,
+                                 MBEDTLS_PSA_RANDOM_STATE));
+    if (status != PSA_SUCCESS) {
         goto exit;
-    if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
+    }
+    if (PSA_BITS_TO_BYTES(bits) != *shared_secret_length) {
         status = PSA_ERROR_CORRUPTION_DETECTED;
+    }
 exit:
-    if( status != PSA_SUCCESS )
-        mbedtls_platform_zeroize( shared_secret, shared_secret_size );
-    mbedtls_ecdh_free( &ecdh );
-    mbedtls_ecp_keypair_free( their_key );
-    mbedtls_free( their_key );
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
-    return( status );
+    if (status != PSA_SUCCESS) {
+        mbedtls_platform_zeroize(shared_secret, shared_secret_size);
+    }
+    mbedtls_ecdh_free(&ecdh);
+    mbedtls_ecp_keypair_free(their_key);
+    mbedtls_free(their_key);
+    mbedtls_ecp_keypair_free(ecp);
+    mbedtls_free(ecp);
+    return status;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
 
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 386e87a..71f9d6a 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -42,11 +42,11 @@
  *                          contents of the context and the context itself
  *                          when done.
  */
-psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type,
-                                                  size_t curve_bits,
-                                                  const uint8_t *data,
-                                                  size_t data_length,
-                                                  mbedtls_ecp_keypair **p_ecp );
+psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type,
+                                                 size_t curve_bits,
+                                                 const uint8_t *data,
+                                                 size_t data_length,
+                                                 mbedtls_ecp_keypair **p_ecp);
 
 /** Import an ECP key in binary format.
  *
@@ -78,7 +78,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
+    size_t *key_buffer_length, size_t *bits);
 
 /** Export an ECP key to export representation
  *
@@ -88,11 +88,11 @@
  * \param[in] data_size     The length of the buffer to export to
  * \param[out] data_length  The amount of bytes written to \p data
  */
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
-                                         mbedtls_ecp_keypair *ecp,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length );
+psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
+                                        mbedtls_ecp_keypair *ecp,
+                                        uint8_t *data,
+                                        size_t data_size,
+                                        size_t *data_length);
 
 /** Export an ECP public key or the public part of an ECP key pair in binary
  *  format.
@@ -121,7 +121,7 @@
 psa_status_t mbedtls_psa_ecp_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 /**
  * \brief Generate an ECP key.
@@ -144,7 +144,7 @@
  */
 psa_status_t mbedtls_psa_ecp_generate_key(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
 
 /** Sign an already-calculated hash with ECDSA.
  *
@@ -182,7 +182,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
+    uint8_t *signature, size_t signature_size, size_t *signature_length);
 
 /**
  * \brief Verify an ECDSA hash or short message signature.
@@ -217,7 +217,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
+    const uint8_t *signature, size_t signature_length);
 
 
 /** Perform a key agreement and return the raw ECDH shared secret.
@@ -266,5 +266,5 @@
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
     uint8_t *shared_secret, size_t shared_secret_size,
-    size_t *shared_secret_length );
+    size_t *shared_secret_length);
 #endif /* PSA_CRYPTO_ECP_H */
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index a20c13f..ddf7094 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -31,10 +31,9 @@
 
 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
 psa_status_t mbedtls_psa_hash_abort(
-    mbedtls_psa_hash_operation_t *operation )
+    mbedtls_psa_hash_operation_t *operation)
 {
-    switch( operation->alg )
-    {
+    switch (operation->alg) {
         case 0:
             /* The object has (apparently) been initialized but it is not
              * in use. It's ok to call abort on such an object, and there's
@@ -42,243 +41,240 @@
             break;
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         case PSA_ALG_MD5:
-            mbedtls_md5_free( &operation->ctx.md5 );
+            mbedtls_md5_free(&operation->ctx.md5);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
         case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
+            mbedtls_ripemd160_free(&operation->ctx.ripemd160);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
         case PSA_ALG_SHA_1:
-            mbedtls_sha1_free( &operation->ctx.sha1 );
+            mbedtls_sha1_free(&operation->ctx.sha1);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
         case PSA_ALG_SHA_224:
-            mbedtls_sha256_free( &operation->ctx.sha256 );
+            mbedtls_sha256_free(&operation->ctx.sha256);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
         case PSA_ALG_SHA_256:
-            mbedtls_sha256_free( &operation->ctx.sha256 );
+            mbedtls_sha256_free(&operation->ctx.sha256);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
         case PSA_ALG_SHA_384:
-            mbedtls_sha512_free( &operation->ctx.sha512 );
+            mbedtls_sha512_free(&operation->ctx.sha512);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
         case PSA_ALG_SHA_512:
-            mbedtls_sha512_free( &operation->ctx.sha512 );
+            mbedtls_sha512_free(&operation->ctx.sha512);
             break;
 #endif
         default:
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
     }
     operation->alg = 0;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_hash_setup(
     mbedtls_psa_hash_operation_t *operation,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->alg != 0 )
-    {
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg != 0) {
+        return PSA_ERROR_BAD_STATE;
     }
 
-    switch( alg )
-    {
+    switch (alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         case PSA_ALG_MD5:
-            mbedtls_md5_init( &operation->ctx.md5 );
-            ret = mbedtls_md5_starts( &operation->ctx.md5 );
+            mbedtls_md5_init(&operation->ctx.md5);
+            ret = mbedtls_md5_starts(&operation->ctx.md5);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
         case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
-            ret = mbedtls_ripemd160_starts( &operation->ctx.ripemd160 );
+            mbedtls_ripemd160_init(&operation->ctx.ripemd160);
+            ret = mbedtls_ripemd160_starts(&operation->ctx.ripemd160);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
         case PSA_ALG_SHA_1:
-            mbedtls_sha1_init( &operation->ctx.sha1 );
-            ret = mbedtls_sha1_starts( &operation->ctx.sha1 );
+            mbedtls_sha1_init(&operation->ctx.sha1);
+            ret = mbedtls_sha1_starts(&operation->ctx.sha1);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
         case PSA_ALG_SHA_224:
-            mbedtls_sha256_init( &operation->ctx.sha256 );
-            ret = mbedtls_sha256_starts( &operation->ctx.sha256, 1 );
+            mbedtls_sha256_init(&operation->ctx.sha256);
+            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 1);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
         case PSA_ALG_SHA_256:
-            mbedtls_sha256_init( &operation->ctx.sha256 );
-            ret = mbedtls_sha256_starts( &operation->ctx.sha256, 0 );
+            mbedtls_sha256_init(&operation->ctx.sha256);
+            ret = mbedtls_sha256_starts(&operation->ctx.sha256, 0);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
         case PSA_ALG_SHA_384:
-            mbedtls_sha512_init( &operation->ctx.sha512 );
-            ret = mbedtls_sha512_starts( &operation->ctx.sha512, 1 );
+            mbedtls_sha512_init(&operation->ctx.sha512);
+            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 1);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
         case PSA_ALG_SHA_512:
-            mbedtls_sha512_init( &operation->ctx.sha512 );
-            ret = mbedtls_sha512_starts( &operation->ctx.sha512, 0 );
+            mbedtls_sha512_init(&operation->ctx.sha512);
+            ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
             break;
 #endif
         default:
-            return( PSA_ALG_IS_HASH( alg ) ?
-                    PSA_ERROR_NOT_SUPPORTED :
-                    PSA_ERROR_INVALID_ARGUMENT );
+            return PSA_ALG_IS_HASH(alg) ?
+                   PSA_ERROR_NOT_SUPPORTED :
+                   PSA_ERROR_INVALID_ARGUMENT;
     }
-    if( ret == 0 )
+    if (ret == 0) {
         operation->alg = alg;
-    else
-        mbedtls_psa_hash_abort( operation );
-    return( mbedtls_to_psa_error( ret ) );
+    } else {
+        mbedtls_psa_hash_abort(operation);
+    }
+    return mbedtls_to_psa_error(ret);
 }
 
 psa_status_t mbedtls_psa_hash_clone(
     const mbedtls_psa_hash_operation_t *source_operation,
-    mbedtls_psa_hash_operation_t *target_operation )
+    mbedtls_psa_hash_operation_t *target_operation)
 {
-    switch( source_operation->alg )
-    {
+    switch (source_operation->alg) {
         case 0:
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         case PSA_ALG_MD5:
-            mbedtls_md5_clone( &target_operation->ctx.md5,
-                               &source_operation->ctx.md5 );
+            mbedtls_md5_clone(&target_operation->ctx.md5,
+                              &source_operation->ctx.md5);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
         case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
-                                     &source_operation->ctx.ripemd160 );
+            mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160,
+                                    &source_operation->ctx.ripemd160);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
         case PSA_ALG_SHA_1:
-            mbedtls_sha1_clone( &target_operation->ctx.sha1,
-                                &source_operation->ctx.sha1 );
+            mbedtls_sha1_clone(&target_operation->ctx.sha1,
+                               &source_operation->ctx.sha1);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
         case PSA_ALG_SHA_224:
-            mbedtls_sha256_clone( &target_operation->ctx.sha256,
-                                  &source_operation->ctx.sha256 );
+            mbedtls_sha256_clone(&target_operation->ctx.sha256,
+                                 &source_operation->ctx.sha256);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
         case PSA_ALG_SHA_256:
-            mbedtls_sha256_clone( &target_operation->ctx.sha256,
-                                  &source_operation->ctx.sha256 );
+            mbedtls_sha256_clone(&target_operation->ctx.sha256,
+                                 &source_operation->ctx.sha256);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
         case PSA_ALG_SHA_384:
-            mbedtls_sha512_clone( &target_operation->ctx.sha512,
-                                  &source_operation->ctx.sha512 );
+            mbedtls_sha512_clone(&target_operation->ctx.sha512,
+                                 &source_operation->ctx.sha512);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
         case PSA_ALG_SHA_512:
-            mbedtls_sha512_clone( &target_operation->ctx.sha512,
-                                  &source_operation->ctx.sha512 );
+            mbedtls_sha512_clone(&target_operation->ctx.sha512,
+                                 &source_operation->ctx.sha512);
             break;
 #endif
         default:
             (void) source_operation;
             (void) target_operation;
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
     }
 
     target_operation->alg = source_operation->alg;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_hash_update(
     mbedtls_psa_hash_operation_t *operation,
     const uint8_t *input,
-    size_t input_length )
+    size_t input_length)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    switch( operation->alg )
-    {
+    switch (operation->alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         case PSA_ALG_MD5:
-            ret = mbedtls_md5_update( &operation->ctx.md5,
-                                          input, input_length );
+            ret = mbedtls_md5_update(&operation->ctx.md5,
+                                     input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
         case PSA_ALG_RIPEMD160:
-            ret = mbedtls_ripemd160_update( &operation->ctx.ripemd160,
-                                                input, input_length );
+            ret = mbedtls_ripemd160_update(&operation->ctx.ripemd160,
+                                           input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
         case PSA_ALG_SHA_1:
-            ret = mbedtls_sha1_update( &operation->ctx.sha1,
-                                           input, input_length );
+            ret = mbedtls_sha1_update(&operation->ctx.sha1,
+                                      input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
         case PSA_ALG_SHA_224:
-            ret = mbedtls_sha256_update( &operation->ctx.sha256,
-                                             input, input_length );
+            ret = mbedtls_sha256_update(&operation->ctx.sha256,
+                                        input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
         case PSA_ALG_SHA_256:
-            ret = mbedtls_sha256_update( &operation->ctx.sha256,
-                                             input, input_length );
+            ret = mbedtls_sha256_update(&operation->ctx.sha256,
+                                        input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
         case PSA_ALG_SHA_384:
-            ret = mbedtls_sha512_update( &operation->ctx.sha512,
-                                             input, input_length );
+            ret = mbedtls_sha512_update(&operation->ctx.sha512,
+                                        input, input_length);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
         case PSA_ALG_SHA_512:
-            ret = mbedtls_sha512_update( &operation->ctx.sha512,
-                                             input, input_length );
+            ret = mbedtls_sha512_update(&operation->ctx.sha512,
+                                        input, input_length);
             break;
 #endif
         default:
             (void) input;
             (void) input_length;
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
     }
 
-    return( mbedtls_to_psa_error( ret ) );
+    return mbedtls_to_psa_error(ret);
 }
 
 psa_status_t mbedtls_psa_hash_finish(
     mbedtls_psa_hash_operation_t *operation,
     uint8_t *hash,
     size_t hash_size,
-    size_t *hash_length )
+    size_t *hash_length)
 {
     psa_status_t status;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg );
+    size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg);
 
     /* Fill the output buffer with something that isn't a valid hash
      * (barring an attack on the hash and deliberately-crafted input),
@@ -286,62 +282,62 @@
     *hash_length = hash_size;
     /* If hash_size is 0 then hash may be NULL and then the
      * call to memset would have undefined behavior. */
-    if( hash_size != 0 )
-        memset( hash, '!', hash_size );
+    if (hash_size != 0) {
+        memset(hash, '!', hash_size);
+    }
 
-    if( hash_size < actual_hash_length )
-    {
+    if (hash_size < actual_hash_length) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    switch( operation->alg )
-    {
+    switch (operation->alg) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         case PSA_ALG_MD5:
-            ret = mbedtls_md5_finish( &operation->ctx.md5, hash );
+            ret = mbedtls_md5_finish(&operation->ctx.md5, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
         case PSA_ALG_RIPEMD160:
-            ret = mbedtls_ripemd160_finish( &operation->ctx.ripemd160, hash );
+            ret = mbedtls_ripemd160_finish(&operation->ctx.ripemd160, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
         case PSA_ALG_SHA_1:
-            ret = mbedtls_sha1_finish( &operation->ctx.sha1, hash );
+            ret = mbedtls_sha1_finish(&operation->ctx.sha1, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
         case PSA_ALG_SHA_224:
-            ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
+            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
         case PSA_ALG_SHA_256:
-            ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
+            ret = mbedtls_sha256_finish(&operation->ctx.sha256, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
         case PSA_ALG_SHA_384:
-            ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
+            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
             break;
 #endif
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
         case PSA_ALG_SHA_512:
-            ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
+            ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
             break;
 #endif
         default:
             (void) hash;
-            return( PSA_ERROR_BAD_STATE );
+            return PSA_ERROR_BAD_STATE;
     }
-    status = mbedtls_to_psa_error( ret );
+    status = mbedtls_to_psa_error(ret);
 
 exit:
-    if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
         *hash_length = actual_hash_length;
-    return( status );
+    }
+    return status;
 }
 
 psa_status_t mbedtls_psa_hash_compute(
@@ -357,22 +353,26 @@
     psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *hash_length = hash_size;
-    status = mbedtls_psa_hash_setup( &operation, alg );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_hash_setup(&operation, alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
-    status = mbedtls_psa_hash_update( &operation, input, input_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = mbedtls_psa_hash_update(&operation, input, input_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
-    status = mbedtls_psa_hash_finish( &operation, hash, hash_size, hash_length );
-    if( status != PSA_SUCCESS )
+    }
+    status = mbedtls_psa_hash_finish(&operation, hash, hash_size, hash_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 exit:
-    abort_status = mbedtls_psa_hash_abort( &operation );
-    if( status == PSA_SUCCESS )
-        return( abort_status );
-    else
-        return( status );
+    abort_status = mbedtls_psa_hash_abort(&operation);
+    if (status == PSA_SUCCESS) {
+        return abort_status;
+    } else {
+        return status;
+    }
 
 }
 #endif /* MBEDTLS_PSA_BUILTIN_HASH */
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
index 053da0b..63874e8 100644
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@@ -93,7 +93,7 @@
  */
 psa_status_t mbedtls_psa_hash_setup(
     mbedtls_psa_hash_operation_t *operation,
-    psa_algorithm_t alg );
+    psa_algorithm_t alg);
 
 /** Clone an Mbed TLS hash operation.
  *
@@ -125,7 +125,7 @@
  */
 psa_status_t mbedtls_psa_hash_clone(
     const mbedtls_psa_hash_operation_t *source_operation,
-    mbedtls_psa_hash_operation_t *target_operation );
+    mbedtls_psa_hash_operation_t *target_operation);
 
 /** Add a message fragment to a multipart Mbed TLS hash operation.
  *
@@ -153,7 +153,7 @@
 psa_status_t mbedtls_psa_hash_update(
     mbedtls_psa_hash_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 /** Finish the calculation of the Mbed TLS-calculated hash of a message.
  *
@@ -193,7 +193,7 @@
     mbedtls_psa_hash_operation_t *operation,
     uint8_t *hash,
     size_t hash_size,
-    size_t *hash_length );
+    size_t *hash_length);
 
 /** Abort an Mbed TLS hash operation.
  *
@@ -220,6 +220,6 @@
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t mbedtls_psa_hash_abort(
-    mbedtls_psa_hash_operation_t *operation );
+    mbedtls_psa_hash_operation_t *operation);
 
 #endif /* PSA_CRYPTO_HASH_H */
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
index 1dd9579..a900dd8 100644
--- a/library/psa_crypto_invasive.h
+++ b/library/psa_crypto_invasive.h
@@ -69,14 +69,14 @@
  *         The library has already been initialized.
  */
 psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
-    void (* entropy_init )( mbedtls_entropy_context *ctx ),
-    void (* entropy_free )( mbedtls_entropy_context *ctx ) );
+    void (* entropy_init)(mbedtls_entropy_context *ctx),
+    void (* entropy_free)(mbedtls_entropy_context *ctx));
 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
 #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
 psa_status_t psa_mac_key_can_do(
     psa_algorithm_t algorithm,
-    psa_key_type_t key_type );
+    psa_key_type_t key_type);
 #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
 
 #endif /* PSA_CRYPTO_INVASIVE_H */
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 1b8dc20..273277f 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -45,8 +45,7 @@
 /**
  * \brief A container for metadata associated with a specific uid
  */
-struct psa_storage_info_t
-{
+struct psa_storage_info_t {
     uint32_t size;                  /**< The size of the data associated with a uid **/
     psa_storage_create_flags_t flags;    /**< The flags set when the uid was created **/
 };
@@ -56,8 +55,8 @@
 
 /** \brief PSA storage specific error codes
  */
-#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
-#define PSA_ERROR_DATA_CORRUPT          ((psa_status_t)-152)
+#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t) -149)
+#define PSA_ERROR_DATA_CORRUPT          ((psa_status_t) -152)
 
 #define PSA_ITS_API_VERSION_MAJOR  1  /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
 #define PSA_ITS_API_VERSION_MINOR  1  /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
@@ -109,7 +108,7 @@
                          uint32_t data_offset,
                          uint32_t data_length,
                          void *p_data,
-                         size_t *p_data_length );
+                         size_t *p_data_length);
 
 /**
  * \brief Retrieve the metadata about the provided uid
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index d771e23..07f123e 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -33,22 +33,22 @@
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
 static psa_status_t psa_hmac_abort_internal(
-    mbedtls_psa_hmac_operation_t *hmac )
+    mbedtls_psa_hmac_operation_t *hmac)
 {
-    mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
-    return( psa_hash_abort( &hmac->hash_ctx ) );
+    mbedtls_platform_zeroize(hmac->opad, sizeof(hmac->opad));
+    return psa_hash_abort(&hmac->hash_ctx);
 }
 
 static psa_status_t psa_hmac_setup_internal(
     mbedtls_psa_hmac_operation_t *hmac,
     const uint8_t *key,
     size_t key_length,
-    psa_algorithm_t hash_alg )
+    psa_algorithm_t hash_alg)
 {
     uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
     size_t i;
-    size_t hash_size = PSA_HASH_LENGTH( hash_alg );
-    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+    size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+    size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
     psa_status_t status;
 
     hmac->alg = hash_alg;
@@ -59,134 +59,149 @@
     /* The size checks against the ipad and opad buffers cannot be written
      * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
      * because that triggers -Wlogical-op on GCC 7.3. */
-    if( block_size > sizeof( ipad ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( block_size > sizeof( hmac->opad ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( block_size < hash_size )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (block_size > sizeof(ipad)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+    if (block_size > sizeof(hmac->opad)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+    if (block_size < hash_size) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    if( key_length > block_size )
-    {
-        status = psa_hash_compute( hash_alg, key, key_length,
-                                   ipad, sizeof( ipad ), &key_length );
-        if( status != PSA_SUCCESS )
+    if (key_length > block_size) {
+        status = psa_hash_compute(hash_alg, key, key_length,
+                                  ipad, sizeof(ipad), &key_length);
+        if (status != PSA_SUCCESS) {
             goto cleanup;
+        }
     }
     /* A 0-length key is not commonly used in HMAC when used as a MAC,
      * but it is permitted. It is common when HMAC is used in HKDF, for
      * example. Don't call `memcpy` in the 0-length because `key` could be
      * an invalid pointer which would make the behavior undefined. */
-    else if( key_length != 0 )
-        memcpy( ipad, key, key_length );
+    else if (key_length != 0) {
+        memcpy(ipad, key, key_length);
+    }
 
     /* ipad contains the key followed by garbage. Xor and fill with 0x36
      * to create the ipad value. */
-    for( i = 0; i < key_length; i++ )
+    for (i = 0; i < key_length; i++) {
         ipad[i] ^= 0x36;
-    memset( ipad + key_length, 0x36, block_size - key_length );
+    }
+    memset(ipad + key_length, 0x36, block_size - key_length);
 
     /* Copy the key material from ipad to opad, flipping the requisite bits,
      * and filling the rest of opad with the requisite constant. */
-    for( i = 0; i < key_length; i++ )
+    for (i = 0; i < key_length; i++) {
         hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
-    memset( hmac->opad + key_length, 0x5C, block_size - key_length );
+    }
+    memset(hmac->opad + key_length, 0x5C, block_size - key_length);
 
-    status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_setup(&hmac->hash_ctx, hash_alg);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
+    }
 
-    status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
+    status = psa_hash_update(&hmac->hash_ctx, ipad, block_size);
 
 cleanup:
-    mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
+    mbedtls_platform_zeroize(ipad, sizeof(ipad));
 
-    return( status );
+    return status;
 }
 
 static psa_status_t psa_hmac_update_internal(
     mbedtls_psa_hmac_operation_t *hmac,
     const uint8_t *data,
-    size_t data_length )
+    size_t data_length)
 {
-    return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
+    return psa_hash_update(&hmac->hash_ctx, data, data_length);
 }
 
 static psa_status_t psa_hmac_finish_internal(
     mbedtls_psa_hmac_operation_t *hmac,
     uint8_t *mac,
-    size_t mac_size )
+    size_t mac_size)
 {
     uint8_t tmp[PSA_HASH_MAX_SIZE];
     psa_algorithm_t hash_alg = hmac->alg;
     size_t hash_size = 0;
-    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+    size_t block_size = PSA_HASH_BLOCK_LENGTH(hash_alg);
     psa_status_t status;
 
-    status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
     /* From here on, tmp needs to be wiped. */
 
-    status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_setup(&hmac->hash_ctx, hash_alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&hmac->hash_ctx, hmac->opad, block_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_update(&hmac->hash_ctx, tmp, hash_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    memcpy( mac, tmp, mac_size );
+    memcpy(mac, tmp, mac_size);
 
 exit:
-    mbedtls_platform_zeroize( tmp, hash_size );
-    return( status );
+    mbedtls_platform_zeroize(tmp, hash_size);
+    return status;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
-                                const psa_key_attributes_t *attributes,
-                                const uint8_t *key_buffer )
+static psa_status_t cmac_setup(mbedtls_psa_mac_operation_t *operation,
+                               const psa_key_attributes_t *attributes,
+                               const uint8_t *key_buffer)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(PSA_WANT_KEY_TYPE_DES)
     /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
      * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
-    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
-        ( psa_get_key_bits( attributes ) == 64 ||
-          psa_get_key_bits( attributes ) == 128 ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (psa_get_key_type(attributes) == PSA_KEY_TYPE_DES &&
+        (psa_get_key_bits(attributes) == 64 ||
+         psa_get_key_bits(attributes) == 128)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 #endif
 
-    const mbedtls_cipher_info_t * cipher_info =
+    const mbedtls_cipher_info_t *cipher_info =
         mbedtls_cipher_info_from_psa(
             PSA_ALG_CMAC,
-            psa_get_key_type( attributes ),
-            psa_get_key_bits( attributes ),
-            NULL );
+            psa_get_key_type(attributes),
+            psa_get_key_bits(attributes),
+            NULL);
 
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (cipher_info == NULL) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
-    if( ret != 0 )
+    ret = mbedtls_cipher_setup(&operation->ctx.cmac, cipher_info);
+    if (ret != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
-                                      key_buffer,
-                                      psa_get_key_bits( attributes ) );
+    ret = mbedtls_cipher_cmac_starts(&operation->ctx.cmac,
+                                     key_buffer,
+                                     psa_get_key_bits(attributes));
 exit:
-    return( mbedtls_to_psa_error( ret ) );
+    return mbedtls_to_psa_error(ret);
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 
@@ -197,62 +212,53 @@
  * called, mbedtls_psa_mac_abort can run and will do the right thing. */
 static psa_status_t mac_init(
     mbedtls_psa_mac_operation_t *operation,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     operation->alg = alg;
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        mbedtls_cipher_init( &operation->ctx.cmac );
+    if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+        mbedtls_cipher_init(&operation->ctx.cmac);
         status = PSA_SUCCESS;
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
+    if (PSA_ALG_IS_HMAC(operation->alg)) {
         /* We'll set up the hash operation later in psa_hmac_setup_internal. */
         operation->ctx.hmac.alg = 0;
         status = PSA_SUCCESS;
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
     {
         (void) operation;
         status = PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status != PSA_SUCCESS )
-        memset( operation, 0, sizeof( *operation ) );
-    return( status );
+    if (status != PSA_SUCCESS) {
+        memset(operation, 0, sizeof(*operation));
+    }
+    return status;
 }
 
-psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation )
+psa_status_t mbedtls_psa_mac_abort(mbedtls_psa_mac_operation_t *operation)
 {
-    if( operation->alg == 0 )
-    {
+    if (operation->alg == 0) {
         /* The object has (apparently) been initialized but it is not
          * in use. It's ok to call abort on such an object, and there's
          * nothing to do. */
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        mbedtls_cipher_free( &operation->ctx.cmac );
-    }
-    else
+    if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+        mbedtls_cipher_free(&operation->ctx.cmac);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        psa_hmac_abort_internal( &operation->ctx.hmac );
-    }
-    else
+    if (PSA_ALG_IS_HMAC(operation->alg)) {
+        psa_hmac_abort_internal(&operation->ctx.hmac);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
     {
         /* Sanity check (shouldn't happen: operation->alg should
@@ -262,52 +268,50 @@
 
     operation->alg = 0;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 
 bad_state:
     /* If abort is called on an uninitialized object, we can't trust
      * anything. Wipe the object in case it contains confidential data.
      * This may result in a memory leak if a pointer gets overwritten,
      * but it's too late to do anything about this. */
-    memset( operation, 0, sizeof( *operation ) );
-    return( PSA_ERROR_BAD_STATE );
+    memset(operation, 0, sizeof(*operation));
+    return PSA_ERROR_BAD_STATE;
 }
 
-static psa_status_t psa_mac_setup( mbedtls_psa_mac_operation_t *operation,
-                                   const psa_key_attributes_t *attributes,
-                                   const uint8_t *key_buffer,
-                                   size_t key_buffer_size,
-                                   psa_algorithm_t alg )
+static psa_status_t psa_mac_setup(mbedtls_psa_mac_operation_t *operation,
+                                  const psa_key_attributes_t *attributes,
+                                  const uint8_t *key_buffer,
+                                  size_t key_buffer_size,
+                                  psa_algorithm_t alg)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->alg != 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg != 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    status = mac_init( operation, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = mac_init(operation, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
-    {
+    if (PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) {
         /* Key buffer size for CMAC is dictated by the key bits set on the
          * attributes, and previously validated by the core on key import. */
         (void) key_buffer_size;
-        status = cmac_setup( operation, attributes, key_buffer );
-    }
-    else
+        status = cmac_setup(operation, attributes, key_buffer);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( alg ) )
-    {
-        status = psa_hmac_setup_internal( &operation->ctx.hmac,
-                                          key_buffer,
-                                          key_buffer_size,
-                                          PSA_ALG_HMAC_GET_HASH( alg ) );
-    }
-    else
+    if (PSA_ALG_IS_HMAC(alg)) {
+        status = psa_hmac_setup_internal(&operation->ctx.hmac,
+                                         key_buffer,
+                                         key_buffer_size,
+                                         PSA_ALG_HMAC_GET_HASH(alg));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
     {
         (void) attributes;
@@ -316,10 +320,11 @@
         status = PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if( status != PSA_SUCCESS )
-        mbedtls_psa_mac_abort( operation );
+    if (status != PSA_SUCCESS) {
+        mbedtls_psa_mac_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_mac_sign_setup(
@@ -327,10 +332,10 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    return( psa_mac_setup( operation, attributes,
-                           key_buffer, key_buffer_size, alg ) );
+    return psa_mac_setup(operation, attributes,
+                         key_buffer, key_buffer_size, alg);
 }
 
 psa_status_t mbedtls_psa_mac_verify_setup(
@@ -338,69 +343,63 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer,
     size_t key_buffer_size,
-    psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
-    return( psa_mac_setup( operation, attributes,
-                           key_buffer, key_buffer_size, alg ) );
+    return psa_mac_setup(operation, attributes,
+                         key_buffer, key_buffer_size, alg);
 }
 
 psa_status_t mbedtls_psa_mac_update(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *input,
-    size_t input_length )
+    size_t input_length)
 {
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        return( mbedtls_to_psa_error(
-                    mbedtls_cipher_cmac_update( &operation->ctx.cmac,
-                                                input, input_length ) ) );
-    }
-    else
+    if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
+        return mbedtls_to_psa_error(
+            mbedtls_cipher_cmac_update(&operation->ctx.cmac,
+                                       input, input_length));
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        return( psa_hmac_update_internal( &operation->ctx.hmac,
-                                          input, input_length ) );
-    }
-    else
+    if (PSA_ALG_IS_HMAC(operation->alg)) {
+        return psa_hmac_update_internal(&operation->ctx.hmac,
+                                        input, input_length);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
     {
         /* This shouldn't happen if `operation` was initialized by
          * a setup function. */
         (void) input;
         (void) input_length;
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 }
 
 static psa_status_t psa_mac_finish_internal(
     mbedtls_psa_mac_operation_t *operation,
-    uint8_t *mac, size_t mac_size )
+    uint8_t *mac, size_t mac_size)
 {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
+    if (PSA_ALG_FULL_LENGTH_MAC(operation->alg) == PSA_ALG_CMAC) {
         uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
-        int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
-        if( ret == 0 )
-            memcpy( mac, tmp, mac_size );
-        mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-    else
+        int ret = mbedtls_cipher_cmac_finish(&operation->ctx.cmac, tmp);
+        if (ret == 0) {
+            memcpy(mac, tmp, mac_size);
+        }
+        mbedtls_platform_zeroize(tmp, sizeof(tmp));
+        return mbedtls_to_psa_error(ret);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        return( psa_hmac_finish_internal( &operation->ctx.hmac,
-                                          mac, mac_size ) );
-    }
-    else
+    if (PSA_ALG_IS_HMAC(operation->alg)) {
+        return psa_hmac_finish_internal(&operation->ctx.hmac,
+                                        mac, mac_size);
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
     {
         /* This shouldn't happen if `operation` was initialized by
@@ -408,7 +407,7 @@
         (void) operation;
         (void) mac;
         (void) mac_size;
-        return( PSA_ERROR_BAD_STATE );
+        return PSA_ERROR_BAD_STATE;
     }
 }
 
@@ -416,46 +415,52 @@
     mbedtls_psa_mac_operation_t *operation,
     uint8_t *mac,
     size_t mac_size,
-    size_t *mac_length )
+    size_t *mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    status = psa_mac_finish_internal( operation, mac, mac_size );
-    if( status == PSA_SUCCESS )
+    status = psa_mac_finish_internal(operation, mac, mac_size);
+    if (status == PSA_SUCCESS) {
         *mac_length = mac_size;
+    }
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_mac_verify_finish(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *mac,
-    size_t mac_length )
+    size_t mac_length)
 {
     uint8_t actual_mac[PSA_MAC_MAX_SIZE];
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
     /* Consistency check: requested MAC length fits our local buffer */
-    if( mac_length > sizeof( actual_mac ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (mac_length > sizeof(actual_mac)) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
-    status = psa_mac_finish_internal( operation, actual_mac, mac_length );
-    if( status != PSA_SUCCESS )
+    status = psa_mac_finish_internal(operation, actual_mac, mac_length);
+    if (status != PSA_SUCCESS) {
         goto cleanup;
+    }
 
-    if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
+    if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
+    }
 
 cleanup:
-    mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+    mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac));
 
-    return( status );
+    return status;
 }
 
 psa_status_t mbedtls_psa_mac_compute(
@@ -467,32 +472,34 @@
     size_t input_length,
     uint8_t *mac,
     size_t mac_size,
-    size_t *mac_length )
+    size_t *mac_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
 
-    status = psa_mac_setup( &operation,
-                            attributes, key_buffer, key_buffer_size,
-                            alg );
-    if( status != PSA_SUCCESS )
+    status = psa_mac_setup(&operation,
+                           attributes, key_buffer, key_buffer_size,
+                           alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
-
-    if( input_length > 0 )
-    {
-        status = mbedtls_psa_mac_update( &operation, input, input_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
     }
 
-    status = psa_mac_finish_internal( &operation, mac, mac_size );
-    if( status == PSA_SUCCESS )
+    if (input_length > 0) {
+        status = mbedtls_psa_mac_update(&operation, input, input_length);
+        if (status != PSA_SUCCESS) {
+            goto exit;
+        }
+    }
+
+    status = psa_mac_finish_internal(&operation, mac, mac_size);
+    if (status == PSA_SUCCESS) {
         *mac_length = mac_size;
+    }
 
 exit:
-    mbedtls_psa_mac_abort( &operation );
+    mbedtls_psa_mac_abort(&operation);
 
-    return( status );
+    return status;
 }
 
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_CMAC */
diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h
index a821e74..21c4de6 100644
--- a/library/psa_crypto_mac.h
+++ b/library/psa_crypto_mac.h
@@ -164,7 +164,7 @@
 psa_status_t mbedtls_psa_mac_update(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *input,
-    size_t input_length );
+    size_t input_length);
 
 /** Finish the calculation of the MAC of a message using Mbed TLS.
  *
@@ -207,7 +207,7 @@
     mbedtls_psa_mac_operation_t *operation,
     uint8_t *mac,
     size_t mac_size,
-    size_t *mac_length );
+    size_t *mac_length);
 
 /** Finish the calculation of the MAC of a message and compare it with
  * an expected value using Mbed TLS.
@@ -247,7 +247,7 @@
 psa_status_t mbedtls_psa_mac_verify_finish(
     mbedtls_psa_mac_operation_t *operation,
     const uint8_t *mac,
-    size_t mac_length );
+    size_t mac_length);
 
 /** Abort a MAC operation using Mbed TLS.
  *
@@ -271,6 +271,6 @@
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  */
 psa_status_t mbedtls_psa_mac_abort(
-    mbedtls_psa_mac_operation_t *operation );
+    mbedtls_psa_mac_operation_t *operation);
 
 #endif /* PSA_CRYPTO_MAC_H */
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index da66dae..1f9a8cb 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -78,16 +78,14 @@
  *   psa_pake_abort()
  */
 
-enum psa_pake_step
-{
+enum psa_pake_step {
     PSA_PAKE_STEP_INVALID       = 0,
     PSA_PAKE_STEP_X1_X2         = 1,
     PSA_PAKE_STEP_X2S           = 2,
     PSA_PAKE_STEP_DERIVE        = 3,
 };
 
-enum psa_pake_state
-{
+enum psa_pake_state {
     PSA_PAKE_STATE_INVALID      = 0,
     PSA_PAKE_STATE_SETUP        = 1,
     PSA_PAKE_STATE_READY        = 2,
@@ -158,8 +156,7 @@
  *   psa_pake_get_implicit_key()
  *   => Input & Output Step = PSA_PAKE_STEP_INVALID
  */
-enum psa_pake_sequence
-{
+enum psa_pake_sequence {
     PSA_PAKE_SEQ_INVALID        = 0,
     PSA_PAKE_X1_STEP_KEY_SHARE  = 1,    /* also X2S & X4S KEY_SHARE */
     PSA_PAKE_X1_STEP_ZK_PUBLIC  = 2,    /* also X2S & X4S ZK_PUBLIC */
@@ -171,89 +168,83 @@
 };
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-static psa_status_t mbedtls_ecjpake_to_psa_error( int ret )
+static psa_status_t mbedtls_ecjpake_to_psa_error(int ret)
 {
-    switch( ret )
-    {
+    switch (ret) {
         case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
         case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
         case MBEDTLS_ERR_ECP_INVALID_KEY:
         case MBEDTLS_ERR_ECP_VERIFY_FAILED:
-            return( PSA_ERROR_DATA_INVALID );
+            return PSA_ERROR_DATA_INVALID;
         case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
         case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+            return PSA_ERROR_BUFFER_TOO_SMALL;
         case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return PSA_ERROR_NOT_SUPPORTED;
         case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
+            return PSA_ERROR_CORRUPTION_DETECTED;
         default:
-            return( PSA_ERROR_GENERIC_ERROR );
+            return PSA_ERROR_GENERIC_ERROR;
     }
 }
 #endif
 
 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
-psa_status_t psa_pake_setup( psa_pake_operation_t *operation,
-                             const psa_pake_cipher_suite_t *cipher_suite)
+psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
+                            const psa_pake_cipher_suite_t *cipher_suite)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     /* A context must be freshly initialized before it can be set up. */
-    if( operation->alg != PSA_ALG_NONE )
-    {
+    if (operation->alg != PSA_ALG_NONE) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
-    if( cipher_suite == NULL ||
-        PSA_ALG_IS_PAKE(cipher_suite->algorithm ) == 0 ||
-        ( cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
-          cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH ) ||
-        PSA_ALG_IS_HASH( cipher_suite->hash ) == 0 )
-    {
+    if (cipher_suite == NULL ||
+        PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 ||
+        (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC &&
+         cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) ||
+        PSA_ALG_IS_HASH(cipher_suite->hash) == 0) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto error;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-    if( cipher_suite->algorithm == PSA_ALG_JPAKE )
-    {
-        if( cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
+    if (cipher_suite->algorithm == PSA_ALG_JPAKE) {
+        if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC ||
             cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 ||
             cipher_suite->bits != 256 ||
-            cipher_suite->hash != PSA_ALG_SHA_256 )
-        {
+            cipher_suite->hash != PSA_ALG_SHA_256) {
             status = PSA_ERROR_NOT_SUPPORTED;
             goto error;
         }
 
         operation->alg = cipher_suite->algorithm;
 
-        mbedtls_ecjpake_init( &operation->ctx.ecjpake );
+        mbedtls_ecjpake_init(&operation->ctx.ecjpake);
 
         operation->state = PSA_PAKE_STATE_SETUP;
         operation->sequence = PSA_PAKE_SEQ_INVALID;
         operation->input_step = PSA_PAKE_STEP_X1_X2;
         operation->output_step = PSA_PAKE_STEP_X1_X2;
 
-        mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+        mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
         operation->buffer_length = 0;
         operation->buffer_offset = 0;
 
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #endif
     status = PSA_ERROR_NOT_SUPPORTED;
 
 error:
-    psa_pake_abort( operation );
+    psa_pake_abort(operation);
     return status;
 }
 
-psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation,
-                                        mbedtls_svc_key_id_t password )
+psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
+                                       mbedtls_svc_key_id_t password)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = psa_key_attributes_init();
@@ -261,78 +252,77 @@
     psa_key_usage_t usage;
     psa_key_slot_t *slot = NULL;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state != PSA_PAKE_STATE_SETUP )
-    {
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state != PSA_PAKE_STATE_SETUP) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
-    status = psa_get_key_attributes( password, &attributes );
-    if( status != PSA_SUCCESS )
+    status = psa_get_key_attributes(password, &attributes);
+    if (status != PSA_SUCCESS) {
         goto error;
+    }
 
-    type = psa_get_key_type( &attributes );
-    usage = psa_get_key_usage_flags( &attributes );
+    type = psa_get_key_type(&attributes);
+    usage = psa_get_key_usage_flags(&attributes);
 
-    psa_reset_key_attributes( &attributes );
+    psa_reset_key_attributes(&attributes);
 
-    if( type != PSA_KEY_TYPE_PASSWORD &&
-        type != PSA_KEY_TYPE_PASSWORD_HASH )
-    {
+    if (type != PSA_KEY_TYPE_PASSWORD &&
+        type != PSA_KEY_TYPE_PASSWORD_HASH) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto error;
     }
 
-    if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) {
+    if ((usage & PSA_KEY_USAGE_DERIVE) == 0) {
         status = PSA_ERROR_NOT_PERMITTED;
         goto error;
     }
 
-    if( operation->password != NULL )
-        return( PSA_ERROR_BAD_STATE );
-
-    status = psa_get_and_lock_key_slot_with_policy( password, &slot,
-                                                    PSA_KEY_USAGE_DERIVE,
-                                                    PSA_ALG_JPAKE );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    operation->password = mbedtls_calloc( 1, slot->key.bytes );
-    if( operation->password == NULL )
-    {
-        psa_unlock_key_slot( slot );
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (operation->password != NULL) {
+        return PSA_ERROR_BAD_STATE;
     }
-    memcpy( operation->password, slot->key.data, slot->key.bytes );
+
+    status = psa_get_and_lock_key_slot_with_policy(password, &slot,
+                                                   PSA_KEY_USAGE_DERIVE,
+                                                   PSA_ALG_JPAKE);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    operation->password = mbedtls_calloc(1, slot->key.bytes);
+    if (operation->password == NULL) {
+        psa_unlock_key_slot(slot);
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
+    memcpy(operation->password, slot->key.data, slot->key.bytes);
     operation->password_len = slot->key.bytes;
 
-    status = psa_unlock_key_slot( slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_unlock_key_slot(slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 
 error:
     psa_pake_abort(operation);
-    return( status );
+    return status;
 }
 
-psa_status_t psa_pake_set_user( psa_pake_operation_t *operation,
-                                const uint8_t *user_id,
-                                size_t user_id_len )
+psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
+                               const uint8_t *user_id,
+                               size_t user_id_len)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state != PSA_PAKE_STATE_SETUP )
-    {
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state != PSA_PAKE_STATE_SETUP) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
-    if( user_id_len == 0 || user_id == NULL )
-    {
+    if (user_id_len == 0 || user_id == NULL) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto error;
     }
@@ -341,24 +331,22 @@
 
 error:
     psa_pake_abort(operation);
-    return( status );
+    return status;
 }
 
-psa_status_t psa_pake_set_peer( psa_pake_operation_t *operation,
-                                const uint8_t *peer_id,
-                                size_t peer_id_len )
+psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
+                               const uint8_t *peer_id,
+                               size_t peer_id_len)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state != PSA_PAKE_STATE_SETUP )
-    {
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state != PSA_PAKE_STATE_SETUP) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
-    if( peer_id_len == 0 || peer_id == NULL )
-    {
+    if (peer_id_len == 0 || peer_id == NULL) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto error;
     }
@@ -367,105 +355,107 @@
 
 error:
     psa_pake_abort(operation);
-    return( status );
+    return status;
 }
 
-psa_status_t psa_pake_set_role( psa_pake_operation_t *operation,
-                                psa_pake_role_t role )
+psa_status_t psa_pake_set_role(psa_pake_operation_t *operation,
+                               psa_pake_role_t role)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state != PSA_PAKE_STATE_SETUP )
-    {
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state != PSA_PAKE_STATE_SETUP) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
-    if( role != PSA_PAKE_ROLE_NONE &&
+    if (role != PSA_PAKE_ROLE_NONE &&
         role != PSA_PAKE_ROLE_FIRST &&
         role != PSA_PAKE_ROLE_SECOND &&
         role != PSA_PAKE_ROLE_CLIENT &&
-        role != PSA_PAKE_ROLE_SERVER )
-    {
+        role != PSA_PAKE_ROLE_SERVER) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto error;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-    if( operation->alg == PSA_ALG_JPAKE )
-    {
-        if( role != PSA_PAKE_ROLE_CLIENT &&
-            role != PSA_PAKE_ROLE_SERVER )
-            return( PSA_ERROR_NOT_SUPPORTED );
+    if (operation->alg == PSA_ALG_JPAKE) {
+        if (role != PSA_PAKE_ROLE_CLIENT &&
+            role != PSA_PAKE_ROLE_SERVER) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
 
         operation->role = role;
 
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #endif
-        status = PSA_ERROR_NOT_SUPPORTED;
+    status = PSA_ERROR_NOT_SUPPORTED;
 
 error:
     psa_pake_abort(operation);
-    return( status );
+    return status;
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation )
+static psa_status_t psa_pake_ecjpake_setup(psa_pake_operation_t *operation)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecjpake_role role;
 
-    if( operation->role == PSA_PAKE_ROLE_CLIENT )
+    if (operation->role == PSA_PAKE_ROLE_CLIENT) {
         role = MBEDTLS_ECJPAKE_CLIENT;
-    else if( operation->role == PSA_PAKE_ROLE_SERVER )
+    } else if (operation->role == PSA_PAKE_ROLE_SERVER) {
         role = MBEDTLS_ECJPAKE_SERVER;
-    else
-        return( PSA_ERROR_BAD_STATE );
+    } else {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( operation->password_len == 0 )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->password_len == 0) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    ret = mbedtls_ecjpake_setup( &operation->ctx.ecjpake,
-                                 role,
-                                 MBEDTLS_MD_SHA256,
-                                 MBEDTLS_ECP_DP_SECP256R1,
-                                 operation->password,
-                                 operation->password_len );
+    ret = mbedtls_ecjpake_setup(&operation->ctx.ecjpake,
+                                role,
+                                MBEDTLS_MD_SHA256,
+                                MBEDTLS_ECP_DP_SECP256R1,
+                                operation->password,
+                                operation->password_len);
 
-    mbedtls_platform_zeroize( operation->password, operation->password_len );
-    mbedtls_free( operation->password );
+    mbedtls_platform_zeroize(operation->password, operation->password_len);
+    mbedtls_free(operation->password);
     operation->password = NULL;
     operation->password_len = 0;
 
-    if( ret != 0 )
-        return( mbedtls_ecjpake_to_psa_error( ret ) );
+    if (ret != 0) {
+        return mbedtls_ecjpake_to_psa_error(ret);
+    }
 
     operation->state = PSA_PAKE_STATE_READY;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 #endif
 
 static psa_status_t psa_pake_output_internal(
-                              psa_pake_operation_t *operation,
-                              psa_pake_step_t step,
-                              uint8_t *output,
-                              size_t output_size,
-                              size_t *output_length )
+    psa_pake_operation_t *operation,
+    psa_pake_step_t step,
+    uint8_t *output,
+    size_t output_size,
+    size_t *output_length)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t length;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state == PSA_PAKE_STATE_INVALID )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state == PSA_PAKE_STATE_INVALID) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( output == NULL || output_size == 0 || output_length == NULL )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (output == NULL || output_size == 0 || output_length == NULL) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
     /*
@@ -482,33 +472,32 @@
      * and data is sliced down by parsing the ECPoint records in order
      * to return the right parts on each step.
      */
-    if( operation->alg == PSA_ALG_JPAKE )
-    {
-        if( step != PSA_PAKE_STEP_KEY_SHARE &&
+    if (operation->alg == PSA_ALG_JPAKE) {
+        if (step != PSA_PAKE_STEP_KEY_SHARE &&
             step != PSA_PAKE_STEP_ZK_PUBLIC &&
-            step != PSA_PAKE_STEP_ZK_PROOF )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        if( operation->state == PSA_PAKE_STATE_SETUP ) {
-            status = psa_pake_ecjpake_setup( operation );
-            if( status != PSA_SUCCESS )
-                return( status );
+            step != PSA_PAKE_STEP_ZK_PROOF) {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
 
-        if( operation->state != PSA_PAKE_STATE_READY &&
+        if (operation->state == PSA_PAKE_STATE_SETUP) {
+            status = psa_pake_ecjpake_setup(operation);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
+        }
+
+        if (operation->state != PSA_PAKE_STATE_READY &&
             operation->state != PSA_PAKE_OUTPUT_X1_X2 &&
-            operation->state != PSA_PAKE_OUTPUT_X2S )
-        {
-            return( PSA_ERROR_BAD_STATE );
+            operation->state != PSA_PAKE_OUTPUT_X2S) {
+            return PSA_ERROR_BAD_STATE;
         }
 
-        if( operation->state == PSA_PAKE_STATE_READY )
-        {
-            if( step != PSA_PAKE_STEP_KEY_SHARE )
-                return( PSA_ERROR_BAD_STATE );
+        if (operation->state == PSA_PAKE_STATE_READY) {
+            if (step != PSA_PAKE_STEP_KEY_SHARE) {
+                return PSA_ERROR_BAD_STATE;
+            }
 
-            switch( operation->output_step )
-            {
+            switch (operation->output_step) {
                 case PSA_PAKE_STEP_X1_X2:
                     operation->state = PSA_PAKE_OUTPUT_X1_X2;
                     break;
@@ -516,63 +505,64 @@
                     operation->state = PSA_PAKE_OUTPUT_X2S;
                     break;
                 default:
-                    return( PSA_ERROR_BAD_STATE );
+                    return PSA_ERROR_BAD_STATE;
             }
 
             operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
         }
 
         /* Check if step matches current sequence */
-        switch( operation->sequence )
-        {
+        switch (operation->sequence) {
             case PSA_PAKE_X1_STEP_KEY_SHARE:
             case PSA_PAKE_X2_STEP_KEY_SHARE:
-                if( step != PSA_PAKE_STEP_KEY_SHARE )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_KEY_SHARE) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             case PSA_PAKE_X1_STEP_ZK_PUBLIC:
             case PSA_PAKE_X2_STEP_ZK_PUBLIC:
-                if( step != PSA_PAKE_STEP_ZK_PUBLIC )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             case PSA_PAKE_X1_STEP_ZK_PROOF:
             case PSA_PAKE_X2_STEP_ZK_PROOF:
-                if( step != PSA_PAKE_STEP_ZK_PROOF )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_ZK_PROOF) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             default:
-                return( PSA_ERROR_BAD_STATE );
+                return PSA_ERROR_BAD_STATE;
         }
 
         /* Initialize & write round on KEY_SHARE sequences */
-        if( operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
-            operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
-        {
-            ret = mbedtls_ecjpake_write_round_one( &operation->ctx.ecjpake,
-                                                   operation->buffer,
-                                                   MBEDTLS_PSA_PAKE_BUFFER_SIZE,
-                                                   &operation->buffer_length,
-                                                   mbedtls_psa_get_random,
-                                                   MBEDTLS_PSA_RANDOM_STATE );
-            if( ret != 0 )
-                return( mbedtls_ecjpake_to_psa_error( ret ) );
+        if (operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
+            operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) {
+            ret = mbedtls_ecjpake_write_round_one(&operation->ctx.ecjpake,
+                                                  operation->buffer,
+                                                  MBEDTLS_PSA_PAKE_BUFFER_SIZE,
+                                                  &operation->buffer_length,
+                                                  mbedtls_psa_get_random,
+                                                  MBEDTLS_PSA_RANDOM_STATE);
+            if (ret != 0) {
+                return mbedtls_ecjpake_to_psa_error(ret);
+            }
 
             operation->buffer_offset = 0;
-        }
-        else if( operation->state == PSA_PAKE_OUTPUT_X2S &&
-                 operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE )
-        {
-            ret = mbedtls_ecjpake_write_round_two( &operation->ctx.ecjpake,
-                                                   operation->buffer,
-                                                   MBEDTLS_PSA_PAKE_BUFFER_SIZE,
-                                                   &operation->buffer_length,
-                                                   mbedtls_psa_get_random,
-                                                   MBEDTLS_PSA_RANDOM_STATE );
-            if( ret != 0 )
-                return( mbedtls_ecjpake_to_psa_error( ret ) );
+        } else if (operation->state == PSA_PAKE_OUTPUT_X2S &&
+                   operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) {
+            ret = mbedtls_ecjpake_write_round_two(&operation->ctx.ecjpake,
+                                                  operation->buffer,
+                                                  MBEDTLS_PSA_PAKE_BUFFER_SIZE,
+                                                  &operation->buffer_length,
+                                                  mbedtls_psa_get_random,
+                                                  MBEDTLS_PSA_RANDOM_STATE);
+            if (ret != 0) {
+                return mbedtls_ecjpake_to_psa_error(ret);
+            }
 
             operation->buffer_offset = 0;
         }
@@ -588,10 +578,9 @@
          * output with a length byte, even less a curve identifier, as that
          * information is already available.
          */
-        if( operation->state == PSA_PAKE_OUTPUT_X2S &&
+        if (operation->state == PSA_PAKE_OUTPUT_X2S &&
             operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
-            operation->role == PSA_PAKE_ROLE_SERVER )
-        {
+            operation->role == PSA_PAKE_ROLE_SERVER) {
             /* Skip ECParameters, with is 3 bytes (RFC 8422) */
             operation->buffer_offset += 3;
         }
@@ -600,73 +589,76 @@
         length = operation->buffer[operation->buffer_offset];
         operation->buffer_offset += 1;
 
-        if( operation->buffer_offset + length > operation->buffer_length )
-            return( PSA_ERROR_DATA_CORRUPT );
+        if (operation->buffer_offset + length > operation->buffer_length) {
+            return PSA_ERROR_DATA_CORRUPT;
+        }
 
-        if( output_size < length )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
+        if (output_size < length) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
 
-        memcpy( output,
-                operation->buffer + operation->buffer_offset,
-                length );
+        memcpy(output,
+               operation->buffer + operation->buffer_offset,
+               length);
         *output_length = length;
 
         operation->buffer_offset += length;
 
         /* Reset buffer after ZK_PROOF sequence */
-        if( ( operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
-              operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF ) ||
-            ( operation->state == PSA_PAKE_OUTPUT_X2S &&
-              operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF ) )
-        {
-            mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+        if ((operation->state == PSA_PAKE_OUTPUT_X1_X2 &&
+             operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
+            (operation->state == PSA_PAKE_OUTPUT_X2S &&
+             operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
+            mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
             operation->buffer_length = 0;
             operation->buffer_offset = 0;
 
             operation->state = PSA_PAKE_STATE_READY;
             operation->output_step++;
             operation->sequence = PSA_PAKE_SEQ_INVALID;
-        }
-        else
+        } else {
             operation->sequence++;
+        }
 
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #endif
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_pake_output( psa_pake_operation_t *operation,
-                              psa_pake_step_t step,
-                              uint8_t *output,
-                              size_t output_size,
-                              size_t *output_length )
+psa_status_t psa_pake_output(psa_pake_operation_t *operation,
+                             psa_pake_step_t step,
+                             uint8_t *output,
+                             size_t output_size,
+                             size_t *output_length)
 {
     psa_status_t status = psa_pake_output_internal(
-            operation, step, output, output_size, output_length );
+        operation, step, output, output_size, output_length);
 
-    if( status != PSA_SUCCESS )
-        psa_pake_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_pake_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
 static psa_status_t psa_pake_input_internal(
-                             psa_pake_operation_t *operation,
-                             psa_pake_step_t step,
-                             const uint8_t *input,
-                             size_t input_length )
+    psa_pake_operation_t *operation,
+    psa_pake_step_t step,
+    const uint8_t *input,
+    size_t input_length)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == PSA_ALG_NONE ||
-        operation->state == PSA_PAKE_STATE_INVALID )
-        return( PSA_ERROR_BAD_STATE );
+    if (operation->alg == PSA_ALG_NONE ||
+        operation->state == PSA_PAKE_STATE_INVALID) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
-    if( input == NULL || input_length == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (input == NULL || input_length == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
     /*
@@ -684,39 +676,38 @@
      *
      * This causes any input error to be only detected on the last step.
      */
-    if( operation->alg == PSA_ALG_JPAKE )
-    {
-        if( step != PSA_PAKE_STEP_KEY_SHARE &&
+    if (operation->alg == PSA_ALG_JPAKE) {
+        if (step != PSA_PAKE_STEP_KEY_SHARE &&
             step != PSA_PAKE_STEP_ZK_PUBLIC &&
-            step != PSA_PAKE_STEP_ZK_PROOF )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+            step != PSA_PAKE_STEP_ZK_PROOF) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
 
         const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE(
-                PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256 );
-        if( input_length > (size_t) PSA_PAKE_INPUT_SIZE( PSA_ALG_JPAKE, prim, step ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        if( operation->state == PSA_PAKE_STATE_SETUP )
-        {
-            status = psa_pake_ecjpake_setup( operation );
-            if( status != PSA_SUCCESS )
-                return( status );
+            PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256);
+        if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
         }
 
-        if( operation->state != PSA_PAKE_STATE_READY &&
+        if (operation->state == PSA_PAKE_STATE_SETUP) {
+            status = psa_pake_ecjpake_setup(operation);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
+        }
+
+        if (operation->state != PSA_PAKE_STATE_READY &&
             operation->state != PSA_PAKE_INPUT_X1_X2 &&
-            operation->state != PSA_PAKE_INPUT_X4S )
-        {
-            return( PSA_ERROR_BAD_STATE );
+            operation->state != PSA_PAKE_INPUT_X4S) {
+            return PSA_ERROR_BAD_STATE;
         }
 
-        if( operation->state == PSA_PAKE_STATE_READY )
-        {
-            if( step != PSA_PAKE_STEP_KEY_SHARE )
-                return( PSA_ERROR_BAD_STATE );
+        if (operation->state == PSA_PAKE_STATE_READY) {
+            if (step != PSA_PAKE_STEP_KEY_SHARE) {
+                return PSA_ERROR_BAD_STATE;
+            }
 
-            switch( operation->input_step )
-            {
+            switch (operation->input_step) {
                 case PSA_PAKE_STEP_X1_X2:
                     operation->state = PSA_PAKE_INPUT_X1_X2;
                     break;
@@ -724,35 +715,37 @@
                     operation->state = PSA_PAKE_INPUT_X4S;
                     break;
                 default:
-                    return( PSA_ERROR_BAD_STATE );
+                    return PSA_ERROR_BAD_STATE;
             }
 
             operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
         }
 
         /* Check if step matches current sequence */
-        switch( operation->sequence )
-        {
+        switch (operation->sequence) {
             case PSA_PAKE_X1_STEP_KEY_SHARE:
             case PSA_PAKE_X2_STEP_KEY_SHARE:
-                if( step != PSA_PAKE_STEP_KEY_SHARE )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_KEY_SHARE) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             case PSA_PAKE_X1_STEP_ZK_PUBLIC:
             case PSA_PAKE_X2_STEP_ZK_PUBLIC:
-                if( step != PSA_PAKE_STEP_ZK_PUBLIC )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             case PSA_PAKE_X1_STEP_ZK_PROOF:
             case PSA_PAKE_X2_STEP_ZK_PROOF:
-                if( step != PSA_PAKE_STEP_ZK_PROOF )
-                    return( PSA_ERROR_BAD_STATE );
+                if (step != PSA_PAKE_STEP_ZK_PROOF) {
+                    return PSA_ERROR_BAD_STATE;
+                }
                 break;
 
             default:
-                return( PSA_ERROR_BAD_STATE );
+                return PSA_ERROR_BAD_STATE;
         }
 
         /*
@@ -764,19 +757,18 @@
          * ECParameters structure - which means we have to prepend that when
          * we're a client.
          */
-        if( operation->state == PSA_PAKE_INPUT_X4S &&
+        if (operation->state == PSA_PAKE_INPUT_X4S &&
             operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE &&
-            operation->role == PSA_PAKE_ROLE_CLIENT )
-        {
+            operation->role == PSA_PAKE_ROLE_CLIENT) {
             /* We only support secp256r1. */
             /* This is the ECParameters structure defined by RFC 8422. */
             unsigned char ecparameters[3] = {
                 3, /* named_curve */
                 0, 23 /* secp256r1 */
             };
-            memcpy( operation->buffer + operation->buffer_length,
-                    ecparameters, sizeof( ecparameters ) );
-            operation->buffer_length += sizeof( ecparameters );
+            memcpy(operation->buffer + operation->buffer_length,
+                   ecparameters, sizeof(ecparameters));
+            operation->buffer_length += sizeof(ecparameters);
         }
 
         /* Write the length byte */
@@ -784,69 +776,67 @@
         operation->buffer_length += 1;
 
         /* Finally copy the data */
-        memcpy( operation->buffer + operation->buffer_length,
-                input, input_length );
+        memcpy(operation->buffer + operation->buffer_length,
+               input, input_length);
         operation->buffer_length += input_length;
 
         /* Load buffer at each last round ZK_PROOF */
-        if( operation->state == PSA_PAKE_INPUT_X1_X2 &&
-            operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF )
-        {
-            ret = mbedtls_ecjpake_read_round_one( &operation->ctx.ecjpake,
-                                                  operation->buffer,
-                                                  operation->buffer_length );
+        if (operation->state == PSA_PAKE_INPUT_X1_X2 &&
+            operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) {
+            ret = mbedtls_ecjpake_read_round_one(&operation->ctx.ecjpake,
+                                                 operation->buffer,
+                                                 operation->buffer_length);
 
-            mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+            mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
             operation->buffer_length = 0;
 
-            if( ret != 0 )
-                return( mbedtls_ecjpake_to_psa_error( ret ) );
-        }
-        else if( operation->state == PSA_PAKE_INPUT_X4S &&
-                 operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF )
-        {
-            ret = mbedtls_ecjpake_read_round_two( &operation->ctx.ecjpake,
-                                                  operation->buffer,
-                                                  operation->buffer_length );
+            if (ret != 0) {
+                return mbedtls_ecjpake_to_psa_error(ret);
+            }
+        } else if (operation->state == PSA_PAKE_INPUT_X4S &&
+                   operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) {
+            ret = mbedtls_ecjpake_read_round_two(&operation->ctx.ecjpake,
+                                                 operation->buffer,
+                                                 operation->buffer_length);
 
-            mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+            mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
             operation->buffer_length = 0;
 
-            if( ret != 0 )
-                return( mbedtls_ecjpake_to_psa_error( ret ) );
+            if (ret != 0) {
+                return mbedtls_ecjpake_to_psa_error(ret);
+            }
         }
 
-        if( ( operation->state == PSA_PAKE_INPUT_X1_X2 &&
-              operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF ) ||
-            ( operation->state == PSA_PAKE_INPUT_X4S &&
-              operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF ) )
-        {
+        if ((operation->state == PSA_PAKE_INPUT_X1_X2 &&
+             operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
+            (operation->state == PSA_PAKE_INPUT_X4S &&
+             operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
             operation->state = PSA_PAKE_STATE_READY;
             operation->input_step++;
             operation->sequence = PSA_PAKE_SEQ_INVALID;
-        }
-        else
+        } else {
             operation->sequence++;
+        }
 
-        return( PSA_SUCCESS );
-    }
-    else
+        return PSA_SUCCESS;
+    } else
 #endif
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 }
 
-psa_status_t psa_pake_input( psa_pake_operation_t *operation,
-                             psa_pake_step_t step,
-                             const uint8_t *input,
-                             size_t input_length )
+psa_status_t psa_pake_input(psa_pake_operation_t *operation,
+                            psa_pake_step_t step,
+                            const uint8_t *input,
+                            size_t input_length)
 {
     psa_status_t status = psa_pake_input_internal(
-            operation, step, input, input_length );
+        operation, step, input, input_length);
 
-    if( status != PSA_SUCCESS )
-        psa_pake_abort( operation );
+    if (status != PSA_SUCCESS) {
+        psa_pake_abort(operation);
+    }
 
-    return( status );
+    return status;
 }
 
 psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
@@ -855,74 +845,69 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( operation->alg == PSA_ALG_NONE ||
+    if (operation->alg == PSA_ALG_NONE ||
         operation->state != PSA_PAKE_STATE_READY ||
         operation->input_step != PSA_PAKE_STEP_DERIVE ||
-        operation->output_step != PSA_PAKE_STEP_DERIVE )
-    {
+        operation->output_step != PSA_PAKE_STEP_DERIVE) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-    if( operation->alg == PSA_ALG_JPAKE )
-    {
-        ret = mbedtls_ecjpake_write_shared_key( &operation->ctx.ecjpake,
-                                                operation->buffer,
-                                                MBEDTLS_PSA_PAKE_BUFFER_SIZE,
-                                                &operation->buffer_length,
-                                                mbedtls_psa_get_random,
-                                                MBEDTLS_PSA_RANDOM_STATE );
-        if( ret != 0)
-        {
-            psa_pake_abort( operation );
-            return( mbedtls_ecjpake_to_psa_error( ret ) );
+    if (operation->alg == PSA_ALG_JPAKE) {
+        ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.ecjpake,
+                                               operation->buffer,
+                                               MBEDTLS_PSA_PAKE_BUFFER_SIZE,
+                                               &operation->buffer_length,
+                                               mbedtls_psa_get_random,
+                                               MBEDTLS_PSA_RANDOM_STATE);
+        if (ret != 0) {
+            psa_pake_abort(operation);
+            return mbedtls_ecjpake_to_psa_error(ret);
         }
 
-        status = psa_key_derivation_input_bytes( output,
-                                                 PSA_KEY_DERIVATION_INPUT_SECRET,
-                                                 operation->buffer,
-                                                 operation->buffer_length );
+        status = psa_key_derivation_input_bytes(output,
+                                                PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                operation->buffer,
+                                                operation->buffer_length);
 
-        mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+        mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
 
-        psa_pake_abort( operation );
+        psa_pake_abort(operation);
 
-        return( status );
-    }
-    else
+        return status;
+    } else
 #endif
     status = PSA_ERROR_NOT_SUPPORTED;
 
 error:
-    psa_key_derivation_abort( output );
-    psa_pake_abort( operation );
+    psa_key_derivation_abort(output);
+    psa_pake_abort(operation);
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_pake_abort(psa_pake_operation_t * operation)
+psa_status_t psa_pake_abort(psa_pake_operation_t *operation)
 {
-    if( operation->alg == PSA_ALG_NONE )
-    {
-        return( PSA_SUCCESS );
+    if (operation->alg == PSA_ALG_NONE) {
+        return PSA_SUCCESS;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
-    if( operation->alg == PSA_ALG_JPAKE )
-    {
+    if (operation->alg == PSA_ALG_JPAKE) {
         operation->input_step = PSA_PAKE_STEP_INVALID;
         operation->output_step = PSA_PAKE_STEP_INVALID;
-        if( operation->password_len > 0 )
-            mbedtls_platform_zeroize( operation->password, operation->password_len );
-        mbedtls_free( operation->password );
+        if (operation->password_len > 0) {
+            mbedtls_platform_zeroize(operation->password, operation->password_len);
+        }
+        mbedtls_free(operation->password);
         operation->password = NULL;
         operation->password_len = 0;
         operation->role = PSA_PAKE_ROLE_NONE;
-        mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE );
+        mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE);
         operation->buffer_length = 0;
         operation->buffer_offset = 0;
-        mbedtls_ecjpake_free( &operation->ctx.ecjpake );
+        mbedtls_ecjpake_free(&operation->ctx.ecjpake);
     }
 #endif
 
@@ -930,7 +915,7 @@
     operation->state = PSA_PAKE_STATE_INVALID;
     operation->sequence = PSA_PAKE_SEQ_INVALID;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 3c4c09a..f1a2af1 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -41,9 +41,9 @@
 typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
 
 /* Trivial wrapper around psa_generate_random(). */
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+                           unsigned char *output,
+                           size_t output_size);
 
 /* The PSA RNG API doesn't need any externally maintained state. */
 #define MBEDTLS_PSA_RANDOM_STATE NULL
@@ -89,12 +89,12 @@
  *
  * \param p_rng        Pointer to the Mbed TLS DRBG state.
  */
-static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_init(mbedtls_psa_drbg_context_t *p_rng)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_init( p_rng );
+    mbedtls_ctr_drbg_init(p_rng);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_init( p_rng );
+    mbedtls_hmac_drbg_init(p_rng);
 #endif
 }
 
@@ -102,12 +102,12 @@
  *
  * \param p_rng        Pointer to the Mbed TLS DRBG state.
  */
-static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
+static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_free( p_rng );
+    mbedtls_ctr_drbg_free(p_rng);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_free( p_rng );
+    mbedtls_hmac_drbg_free(p_rng);
 #endif
 }
 
@@ -116,10 +116,9 @@
  * The random generator context is composed of an entropy context and
  * a DRBG context.
  */
-typedef struct
-{
-    void (* entropy_init )( mbedtls_entropy_context *ctx );
-    void (* entropy_free )( mbedtls_entropy_context *ctx );
+typedef struct {
+    void (* entropy_init)(mbedtls_entropy_context *ctx);
+    void (* entropy_free)(mbedtls_entropy_context *ctx);
     mbedtls_entropy_context entropy;
     mbedtls_psa_drbg_context_t drbg;
 } mbedtls_psa_random_context_t;
@@ -182,21 +181,21 @@
  */
 static inline int mbedtls_psa_drbg_seed(
     mbedtls_entropy_context *entropy,
-    const unsigned char *custom, size_t len )
+    const unsigned char *custom, size_t len)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    return( mbedtls_ctr_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
-                                   mbedtls_entropy_func,
-                                   entropy,
-                                   custom, len ) );
+    return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+                                 mbedtls_entropy_func,
+                                 entropy,
+                                 custom, len);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
     const mbedtls_md_info_t *md_info =
-        mbedtls_md_info_from_type( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE );
-    return( mbedtls_hmac_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
-                                    md_info,
-                                    mbedtls_entropy_func,
-                                    entropy,
-                                    custom, len ) );
+        mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
+    return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+                                  md_info,
+                                  mbedtls_entropy_func,
+                                  entropy,
+                                  custom, len);
 #endif
 }
 
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index f1b9809..c720615 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -52,46 +52,47 @@
  * way to return the exact bit size of a key.
  * To keep things simple, reject non-byte-aligned key sizes. */
 static psa_status_t psa_check_rsa_key_byte_aligned(
-    const mbedtls_rsa_context *rsa )
+    const mbedtls_rsa_context *rsa)
 {
     mbedtls_mpi n;
     psa_status_t status;
-    mbedtls_mpi_init( &n );
+    mbedtls_mpi_init(&n);
     status = mbedtls_to_psa_error(
-        mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
-    if( status == PSA_SUCCESS )
-    {
-        if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
+        mbedtls_rsa_export(rsa, &n, NULL, NULL, NULL, NULL));
+    if (status == PSA_SUCCESS) {
+        if (mbedtls_mpi_bitlen(&n) % 8 != 0) {
             status = PSA_ERROR_NOT_SUPPORTED;
+        }
     }
-    mbedtls_mpi_free( &n );
-    return( status );
+    mbedtls_mpi_free(&n);
+    return status;
 }
 
 psa_status_t mbedtls_psa_rsa_load_representation(
     psa_key_type_t type, const uint8_t *data, size_t data_length,
-    mbedtls_rsa_context **p_rsa )
+    mbedtls_rsa_context **p_rsa)
 {
     psa_status_t status;
     mbedtls_pk_context ctx;
     size_t bits;
-    mbedtls_pk_init( &ctx );
+    mbedtls_pk_init(&ctx);
 
     /* Parse the data. */
-    if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
+    if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
         status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0,
-                mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
-    else
+            mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0,
+                                 mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE));
+    } else {
         status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
-    if( status != PSA_SUCCESS )
+            mbedtls_pk_parse_public_key(&ctx, data, data_length));
+    }
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* We have something that the pkparse module recognizes. If it is a
      * valid RSA key, store it. */
-    if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
-    {
+    if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
@@ -99,24 +100,24 @@
     /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
      * supports non-byte-aligned key sizes, but not well. For example,
      * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
-    bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) );
-    if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
-    {
+    bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx)));
+    if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
-    status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) );
-    if( status != PSA_SUCCESS )
+    status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx));
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Copy out the pointer to the RSA context, and reset the PK context
      * such that pk_free doesn't free the RSA context we just grabbed. */
-    *p_rsa = mbedtls_pk_rsa( ctx );
+    *p_rsa = mbedtls_pk_rsa(ctx);
     ctx.pk_info = NULL;
 
 exit:
-    mbedtls_pk_free( &ctx );
-    return( status );
+    mbedtls_pk_free(&ctx);
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
@@ -132,179 +133,182 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
+    size_t *key_buffer_length, size_t *bits)
 {
     psa_status_t status;
     mbedtls_rsa_context *rsa = NULL;
 
     /* Parse input */
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  data,
-                                                  data_length,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+                                                 data,
+                                                 data_length,
+                                                 &rsa);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
+    *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(rsa));
 
     /* Re-export the data to PSA export format, such that we can store export
      * representation in the key slot. Export representation in case of RSA is
      * the smallest representation that's allowed as input, so a straight-up
      * allocation of the same size as the input buffer will be large enough. */
-    status = mbedtls_psa_rsa_export_key( attributes->core.type,
-                                         rsa,
-                                         key_buffer,
-                                         key_buffer_size,
-                                         key_buffer_length );
+    status = mbedtls_psa_rsa_export_key(attributes->core.type,
+                                        rsa,
+                                        key_buffer,
+                                        key_buffer_size,
+                                        key_buffer_length);
 exit:
     /* Always free the RSA object */
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
+    mbedtls_rsa_free(rsa);
+    mbedtls_free(rsa);
 
-    return( status );
+    return status;
 }
 
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
-                                         mbedtls_rsa_context *rsa,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length )
+psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type,
+                                        mbedtls_rsa_context *rsa,
+                                        uint8_t *data,
+                                        size_t data_size,
+                                        size_t *data_length)
 {
 #if defined(MBEDTLS_PK_WRITE_C)
     int ret;
     mbedtls_pk_context pk;
     uint8_t *pos = data + data_size;
 
-    mbedtls_pk_init( &pk );
+    mbedtls_pk_init(&pk);
     pk.pk_info = &mbedtls_rsa_info;
     pk.pk_ctx = rsa;
 
     /* PSA Crypto API defines the format of an RSA key as a DER-encoded
      * representation of the non-encrypted PKCS#1 RSAPrivateKey for a
      * private key and of the RFC3279 RSAPublicKey for a public key. */
-    if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-        ret = mbedtls_pk_write_key_der( &pk, data, data_size );
-    else
-        ret = mbedtls_pk_write_pubkey( &pos, data, &pk );
+    if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        ret = mbedtls_pk_write_key_der(&pk, data, data_size);
+    } else {
+        ret = mbedtls_pk_write_pubkey(&pos, data, &pk);
+    }
 
-    if( ret < 0 )
-    {
+    if (ret < 0) {
         /* Clean up in case pk_write failed halfway through. */
-        memset( data, 0, data_size );
-        return( mbedtls_to_psa_error( ret ) );
+        memset(data, 0, data_size);
+        return mbedtls_to_psa_error(ret);
     }
 
     /* The mbedtls_pk_xxx functions write to the end of the buffer.
      * Move the data to the beginning and erase remaining data
      * at the original location. */
-    if( 2 * (size_t) ret <= data_size )
-    {
-        memcpy( data, data + data_size - ret, ret );
-        memset( data + data_size - ret, 0, ret );
-    }
-    else if( (size_t) ret < data_size )
-    {
-        memmove( data, data + data_size - ret, ret );
-        memset( data + ret, 0, data_size - ret );
+    if (2 * (size_t) ret <= data_size) {
+        memcpy(data, data + data_size - ret, ret);
+        memset(data + data_size - ret, 0, ret);
+    } else if ((size_t) ret < data_size) {
+        memmove(data, data + data_size - ret, ret);
+        memset(data + ret, 0, data_size - ret);
     }
 
     *data_length = ret;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 #else
     (void) type;
     (void) rsa;
     (void) data;
     (void) data_size;
     (void) data_length;
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PK_WRITE_C */
 }
 
 psa_status_t mbedtls_psa_rsa_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
+    uint8_t *data, size_t data_size, size_t *data_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_rsa_context *rsa = NULL;
 
     status = mbedtls_psa_rsa_load_representation(
-                 attributes->core.type, key_buffer, key_buffer_size, &rsa );
-    if( status != PSA_SUCCESS )
-        return( status );
+        attributes->core.type, key_buffer, key_buffer_size, &rsa);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY,
-                                         rsa,
-                                         data,
-                                         data_size,
-                                         data_length );
+    status = mbedtls_psa_rsa_export_key(PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+                                        rsa,
+                                        data,
+                                        data_size,
+                                        data_length);
 
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
+    mbedtls_rsa_free(rsa);
+    mbedtls_free(rsa);
 
-    return( status );
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
         * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
 
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
     defined(MBEDTLS_GENPRIME)
-static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
-                                           size_t domain_parameters_size,
-                                           int *exponent )
+static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters,
+                                          size_t domain_parameters_size,
+                                          int *exponent)
 {
     size_t i;
     uint32_t acc = 0;
 
-    if( domain_parameters_size == 0 )
-    {
+    if (domain_parameters_size == 0) {
         *exponent = 65537;
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
     }
 
     /* Mbed TLS encodes the public exponent as an int. For simplicity, only
      * support values that fit in a 32-bit integer, which is larger than
      * int on just about every platform anyway. */
-    if( domain_parameters_size > sizeof( acc ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    for( i = 0; i < domain_parameters_size; i++ )
-        acc = ( acc << 8 ) | domain_parameters[i];
-    if( acc > INT_MAX )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (domain_parameters_size > sizeof(acc)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+    for (i = 0; i < domain_parameters_size; i++) {
+        acc = (acc << 8) | domain_parameters[i];
+    }
+    if (acc > INT_MAX) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
     *exponent = acc;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_rsa_generate_key(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 {
     psa_status_t status;
     mbedtls_rsa_context rsa;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int exponent;
 
-    status = psa_rsa_read_exponent( attributes->domain_parameters,
-                                    attributes->domain_parameters_size,
-                                    &exponent );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_rsa_read_exponent(attributes->domain_parameters,
+                                   attributes->domain_parameters_size,
+                                   &exponent);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    mbedtls_rsa_init( &rsa );
-    ret = mbedtls_rsa_gen_key( &rsa,
-                               mbedtls_psa_get_random,
-                               MBEDTLS_PSA_RANDOM_STATE,
-                               (unsigned int)attributes->core.bits,
-                               exponent );
-    if( ret != 0 )
-        return( mbedtls_to_psa_error( ret ) );
+    mbedtls_rsa_init(&rsa);
+    ret = mbedtls_rsa_gen_key(&rsa,
+                              mbedtls_psa_get_random,
+                              MBEDTLS_PSA_RANDOM_STATE,
+                              (unsigned int) attributes->core.bits,
+                              exponent);
+    if (ret != 0) {
+        return mbedtls_to_psa_error(ret);
+    }
 
-    status = mbedtls_psa_rsa_export_key( attributes->core.type,
-                                         &rsa, key_buffer, key_buffer_size,
-                                         key_buffer_length );
-    mbedtls_rsa_free( &rsa );
+    status = mbedtls_psa_rsa_export_key(attributes->core.type,
+                                        &rsa, key_buffer, key_buffer_size,
+                                        key_buffer_length);
+    mbedtls_rsa_free(&rsa);
 
-    return( status );
+    return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
         * defined(MBEDTLS_GENPRIME) */
@@ -318,131 +322,131 @@
 
 /* Decode the hash algorithm from alg and store the mbedtls encoding in
  * md_alg. Verify that the hash length is acceptable. */
-static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
-                                            size_t hash_length,
-                                            mbedtls_md_type_t *md_alg )
+static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg,
+                                           size_t hash_length,
+                                           mbedtls_md_type_t *md_alg)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-    *md_alg = mbedtls_hash_info_md_from_psa( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+    *md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
 
     /* The Mbed TLS RSA module uses an unsigned int for hash length
      * parameters. Validate that it fits so that we don't risk an
      * overflow later. */
 #if SIZE_MAX > UINT_MAX
-    if( hash_length > UINT_MAX )
-        return( PSA_ERROR_INVALID_ARGUMENT );
+    if (hash_length > UINT_MAX) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
 #endif
 
     /* For signatures using a hash, the hash length must be correct. */
-    if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
-    {
-        if( *md_alg == MBEDTLS_MD_NONE )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        if( mbedtls_hash_info_get_size( *md_alg ) != hash_length )
-            return( PSA_ERROR_INVALID_ARGUMENT );
+    if (alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
+        if (*md_alg == MBEDTLS_MD_NONE) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
+        if (mbedtls_hash_info_get_size(*md_alg) != hash_length) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t mbedtls_psa_rsa_sign_hash(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
+    uint8_t *signature, size_t signature_size, size_t *signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_rsa_context *rsa = NULL;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_alg;
 
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+                                                 key_buffer,
+                                                 key_buffer_size,
+                                                 &rsa);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
-    if( status != PSA_SUCCESS )
+    status = psa_rsa_decode_md_type(alg, hash_length, &md_alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( signature_size < mbedtls_rsa_get_len( rsa ) )
-    {
+    if (signature_size < mbedtls_rsa_get_len(rsa)) {
         status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
-    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
-    {
-        ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
-                                       MBEDTLS_MD_NONE );
-        if( ret == 0 )
-        {
-            ret = mbedtls_rsa_pkcs1_sign( rsa,
-                                          mbedtls_psa_get_random,
-                                          MBEDTLS_PSA_RANDOM_STATE,
-                                          md_alg,
-                                          (unsigned int) hash_length,
-                                          hash,
-                                          signature );
+    if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+        ret = mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
+                                      MBEDTLS_MD_NONE);
+        if (ret == 0) {
+            ret = mbedtls_rsa_pkcs1_sign(rsa,
+                                         mbedtls_psa_get_random,
+                                         MBEDTLS_PSA_RANDOM_STATE,
+                                         md_alg,
+                                         (unsigned int) hash_length,
+                                         hash,
+                                         signature);
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-    if( PSA_ALG_IS_RSA_PSS( alg ) )
-    {
-        ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+    if (PSA_ALG_IS_RSA_PSS(alg)) {
+        ret = mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
 
-        if( ret == 0 )
-        {
-            ret = mbedtls_rsa_rsassa_pss_sign( rsa,
-                                               mbedtls_psa_get_random,
-                                               MBEDTLS_PSA_RANDOM_STATE,
-                                               MBEDTLS_MD_NONE,
-                                               (unsigned int) hash_length,
-                                               hash,
-                                               signature );
+        if (ret == 0) {
+            ret = mbedtls_rsa_rsassa_pss_sign(rsa,
+                                              mbedtls_psa_get_random,
+                                              MBEDTLS_PSA_RANDOM_STATE,
+                                              MBEDTLS_MD_NONE,
+                                              (unsigned int) hash_length,
+                                              hash,
+                                              signature);
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
 
-    if( ret == 0 )
-        *signature_length = mbedtls_rsa_get_len( rsa );
-    status = mbedtls_to_psa_error( ret );
+    if (ret == 0) {
+        *signature_length = mbedtls_rsa_get_len(rsa);
+    }
+    status = mbedtls_to_psa_error(ret);
 
 exit:
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
+    mbedtls_rsa_free(rsa);
+    mbedtls_free(rsa);
 
-    return( status );
+    return status;
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
-                                      const mbedtls_rsa_context *rsa,
-                                      size_t hash_length )
+static int rsa_pss_expected_salt_len(psa_algorithm_t alg,
+                                     const mbedtls_rsa_context *rsa,
+                                     size_t hash_length)
 {
-    if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
-        return( MBEDTLS_RSA_SALT_LEN_ANY );
+    if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) {
+        return MBEDTLS_RSA_SALT_LEN_ANY;
+    }
     /* Otherwise: standard salt length, i.e. largest possible salt length
      * up to the hash length. */
-    int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
+    int klen = (int) mbedtls_rsa_get_len(rsa);   // known to fit
     int hlen = (int) hash_length; // known to fit
     int room = klen - 2 - hlen;
-    if( room < 0 )
-        return( 0 ); // there is no valid signature in this case anyway
-    else if( room > hlen )
-        return( hlen );
-    else
-        return( room );
+    if (room < 0) {
+        return 0;  // there is no valid signature in this case anyway
+    } else if (room > hlen) {
+        return hlen;
+    } else {
+        return room;
+    }
 }
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
 
@@ -450,63 +454,58 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
+    const uint8_t *signature, size_t signature_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     mbedtls_rsa_context *rsa = NULL;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_alg;
 
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
+    status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+                                                 key_buffer,
+                                                 key_buffer_size,
+                                                 &rsa);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
-    if( status != PSA_SUCCESS )
+    status = psa_rsa_decode_md_type(alg, hash_length, &md_alg);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    if( signature_length != mbedtls_rsa_get_len( rsa ) )
-    {
+    if (signature_length != mbedtls_rsa_get_len(rsa)) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
-    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
-    {
-        ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
-                                       MBEDTLS_MD_NONE );
-        if( ret == 0 )
-        {
-            ret = mbedtls_rsa_pkcs1_verify( rsa,
-                                            md_alg,
-                                            (unsigned int) hash_length,
-                                            hash,
-                                            signature );
+    if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
+        ret = mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15,
+                                      MBEDTLS_MD_NONE);
+        if (ret == 0) {
+            ret = mbedtls_rsa_pkcs1_verify(rsa,
+                                           md_alg,
+                                           (unsigned int) hash_length,
+                                           hash,
+                                           signature);
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-    if( PSA_ALG_IS_RSA_PSS( alg ) )
-    {
-        ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
-        if( ret == 0 )
-        {
-            int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
-            ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa,
-                                                     md_alg,
-                                                     (unsigned) hash_length,
-                                                     hash,
-                                                     md_alg,
-                                                     slen,
-                                                     signature );
+    if (PSA_ALG_IS_RSA_PSS(alg)) {
+        ret = mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
+        if (ret == 0) {
+            int slen = rsa_pss_expected_salt_len(alg, rsa, hash_length);
+            ret = mbedtls_rsa_rsassa_pss_verify_ext(rsa,
+                                                    md_alg,
+                                                    (unsigned) hash_length,
+                                                    hash,
+                                                    md_alg,
+                                                    slen,
+                                                    signature);
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
     {
         status = PSA_ERROR_INVALID_ARGUMENT;
@@ -516,15 +515,15 @@
     /* Mbed TLS distinguishes "invalid padding" from "valid padding but
      * the rest of the signature is invalid". This has little use in
      * practice and PSA doesn't report this distinction. */
-    status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
+    status = (ret == MBEDTLS_ERR_RSA_INVALID_PADDING) ?
              PSA_ERROR_INVALID_SIGNATURE :
-             mbedtls_to_psa_error( ret );
+             mbedtls_to_psa_error(ret);
 
 exit:
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
+    mbedtls_rsa_free(rsa);
+    mbedtls_free(rsa);
 
-    return( status );
+    return status;
 }
 
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
@@ -535,27 +534,27 @@
 /****************************************************************/
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
-                                          mbedtls_rsa_context *rsa )
+static int psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg,
+                                         mbedtls_rsa_context *rsa)
 {
-    psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
-    mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa( hash_alg );
+    psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg);
+    mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
 
-    return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
+    return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
 
-psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg,
-                                             const uint8_t *input,
-                                             size_t input_length,
-                                             const uint8_t *salt,
-                                             size_t salt_length,
-                                             uint8_t *output,
-                                             size_t output_size,
-                                             size_t *output_length )
+psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
+                                            psa_algorithm_t alg,
+                                            const uint8_t *input,
+                                            size_t input_length,
+                                            const uint8_t *salt,
+                                            size_t salt_length,
+                                            uint8_t *output,
+                                            size_t output_size,
+                                            size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     (void) key_buffer;
@@ -568,94 +567,88 @@
     (void) output_size;
     (void) output_length;
 
-    if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
-    {
+    if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+        defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
         mbedtls_rsa_context *rsa = NULL;
-        status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                      key_buffer,
-                                                      key_buffer_size,
-                                                      &rsa );
-        if( status != PSA_SUCCESS )
+        status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+                                                     key_buffer,
+                                                     key_buffer_size,
+                                                     &rsa);
+        if (status != PSA_SUCCESS) {
             goto rsa_exit;
+        }
 
-        if( output_size < mbedtls_rsa_get_len( rsa ) )
-        {
+        if (output_size < mbedtls_rsa_get_len(rsa)) {
             status = PSA_ERROR_BUFFER_TOO_SMALL;
             goto rsa_exit;
         }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-        if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
-        {
+        if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
             status = mbedtls_to_psa_error(
-                    mbedtls_rsa_pkcs1_encrypt( rsa,
-                                               mbedtls_psa_get_random,
-                                               MBEDTLS_PSA_RANDOM_STATE,
-                                               input_length,
-                                               input,
-                                               output ) );
+                mbedtls_rsa_pkcs1_encrypt(rsa,
+                                          mbedtls_psa_get_random,
+                                          MBEDTLS_PSA_RANDOM_STATE,
+                                          input_length,
+                                          input,
+                                          output));
 #else
             status = PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
-        }
-        else
-        if( PSA_ALG_IS_RSA_OAEP( alg ) )
-        {
+        } else
+        if (PSA_ALG_IS_RSA_OAEP(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
             status = mbedtls_to_psa_error(
-                         psa_rsa_oaep_set_padding_mode( alg, rsa ) );
-            if( status != PSA_SUCCESS )
+                psa_rsa_oaep_set_padding_mode(alg, rsa));
+            if (status != PSA_SUCCESS) {
                 goto rsa_exit;
+            }
 
             status = mbedtls_to_psa_error(
-                mbedtls_rsa_rsaes_oaep_encrypt( rsa,
-                                                mbedtls_psa_get_random,
-                                                MBEDTLS_PSA_RANDOM_STATE,
-                                                salt, salt_length,
-                                                input_length,
-                                                input,
-                                                output ) );
+                mbedtls_rsa_rsaes_oaep_encrypt(rsa,
+                                               mbedtls_psa_get_random,
+                                               MBEDTLS_PSA_RANDOM_STATE,
+                                               salt, salt_length,
+                                               input_length,
+                                               input,
+                                               output));
 #else
             status = PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
-        }
-        else
-        {
+        } else {
             status = PSA_ERROR_INVALID_ARGUMENT;
         }
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+        defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
 rsa_exit:
-        if( status == PSA_SUCCESS )
-            *output_length = mbedtls_rsa_get_len( rsa );
+        if (status == PSA_SUCCESS) {
+            *output_length = mbedtls_rsa_get_len(rsa);
+        }
 
-        mbedtls_rsa_free( rsa );
-        mbedtls_free( rsa );
+        mbedtls_rsa_free(rsa);
+        mbedtls_free(rsa);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-    }
-    else
-    {
+    } else {
         status = PSA_ERROR_NOT_SUPPORTED;
     }
 
     return status;
 }
 
-psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg,
-                                             const uint8_t *input,
-                                             size_t input_length,
-                                             const uint8_t *salt,
-                                             size_t salt_length,
-                                             uint8_t *output,
-                                             size_t output_size,
-                                             size_t *output_length )
+psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
+                                            psa_algorithm_t alg,
+                                            const uint8_t *input,
+                                            size_t input_length,
+                                            const uint8_t *salt,
+                                            size_t salt_length,
+                                            uint8_t *output,
+                                            size_t output_size,
+                                            size_t *output_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     (void) key_buffer;
@@ -670,78 +663,71 @@
 
     *output_length = 0;
 
-    if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
+    if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+        defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
         mbedtls_rsa_context *rsa = NULL;
-        status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                      key_buffer,
-                                                      key_buffer_size,
-                                                      &rsa );
-        if( status != PSA_SUCCESS )
+        status = mbedtls_psa_rsa_load_representation(attributes->core.type,
+                                                     key_buffer,
+                                                     key_buffer_size,
+                                                     &rsa);
+        if (status != PSA_SUCCESS) {
             goto rsa_exit;
+        }
 
-        if( input_length != mbedtls_rsa_get_len( rsa ) )
-        {
+        if (input_length != mbedtls_rsa_get_len(rsa)) {
             status = PSA_ERROR_INVALID_ARGUMENT;
             goto rsa_exit;
         }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
 
-        if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
-        {
+        if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
             status = mbedtls_to_psa_error(
-                mbedtls_rsa_pkcs1_decrypt( rsa,
-                                           mbedtls_psa_get_random,
-                                           MBEDTLS_PSA_RANDOM_STATE,
-                                           output_length,
-                                           input,
-                                           output,
-                                           output_size ) );
+                mbedtls_rsa_pkcs1_decrypt(rsa,
+                                          mbedtls_psa_get_random,
+                                          MBEDTLS_PSA_RANDOM_STATE,
+                                          output_length,
+                                          input,
+                                          output,
+                                          output_size));
 #else
             status = PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
-        }
-        else
-        if( PSA_ALG_IS_RSA_OAEP( alg ) )
-        {
+        } else
+        if (PSA_ALG_IS_RSA_OAEP(alg)) {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
             status = mbedtls_to_psa_error(
-                         psa_rsa_oaep_set_padding_mode( alg, rsa ) );
-            if( status != PSA_SUCCESS )
+                psa_rsa_oaep_set_padding_mode(alg, rsa));
+            if (status != PSA_SUCCESS) {
                 goto rsa_exit;
+            }
 
             status = mbedtls_to_psa_error(
-                mbedtls_rsa_rsaes_oaep_decrypt( rsa,
-                                                mbedtls_psa_get_random,
-                                                MBEDTLS_PSA_RANDOM_STATE,
-                                                salt, salt_length,
-                                                output_length,
-                                                input,
-                                                output,
-                                                output_size ) );
+                mbedtls_rsa_rsaes_oaep_decrypt(rsa,
+                                               mbedtls_psa_get_random,
+                                               MBEDTLS_PSA_RANDOM_STATE,
+                                               salt, salt_length,
+                                               output_length,
+                                               input,
+                                               output,
+                                               output_size));
 #else
             status = PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
-        }
-        else
-        {
+        } else {
             status = PSA_ERROR_INVALID_ARGUMENT;
         }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
+        defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
 rsa_exit:
-        mbedtls_rsa_free( rsa );
-        mbedtls_free( rsa );
+        mbedtls_rsa_free(rsa);
+        mbedtls_free(rsa);
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-    }
-    else
-    {
+    } else {
         status = PSA_ERROR_NOT_SUPPORTED;
     }
 
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index 5835c6f..c3acdd0 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -34,10 +34,10 @@
  *                          contents of the context and the context itself
  *                          when done.
  */
-psa_status_t mbedtls_psa_rsa_load_representation( psa_key_type_t type,
-                                                  const uint8_t *data,
-                                                  size_t data_length,
-                                                  mbedtls_rsa_context **p_rsa );
+psa_status_t mbedtls_psa_rsa_load_representation(psa_key_type_t type,
+                                                 const uint8_t *data,
+                                                 size_t data_length,
+                                                 mbedtls_rsa_context **p_rsa);
 
 /** Import an RSA key in binary format.
  *
@@ -69,7 +69,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *data, size_t data_length,
     uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
+    size_t *key_buffer_length, size_t *bits);
 
 /** Export an RSA key to export representation
  *
@@ -79,11 +79,11 @@
  * \param[in] data_size     The length of the buffer to export to
  * \param[out] data_length  The amount of bytes written to \p data
  */
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
-                                         mbedtls_rsa_context *rsa,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length );
+psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type,
+                                        mbedtls_rsa_context *rsa,
+                                        uint8_t *data,
+                                        size_t data_size,
+                                        size_t *data_length);
 
 /** Export a public RSA key or the public part of an RSA key pair in binary
  *  format.
@@ -112,7 +112,7 @@
 psa_status_t mbedtls_psa_rsa_export_public_key(
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
+    uint8_t *data, size_t data_size, size_t *data_length);
 
 /**
  * \brief Generate an RSA key.
@@ -135,7 +135,7 @@
  */
 psa_status_t mbedtls_psa_rsa_generate_key(
     const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
 
 /** Sign an already-calculated hash with an RSA private key.
  *
@@ -174,7 +174,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
+    uint8_t *signature, size_t signature_size, size_t *signature_length);
 
 /**
  * \brief Verify the signature a hash or short message using a public RSA key.
@@ -210,7 +210,7 @@
     const psa_key_attributes_t *attributes,
     const uint8_t *key_buffer, size_t key_buffer_size,
     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
+    const uint8_t *signature, size_t signature_length);
 
 /**
  * \brief Encrypt a short message with a public key.
@@ -256,17 +256,17 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_asymmetric_encrypt( const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg,
-                                             const uint8_t *input,
-                                             size_t input_length,
-                                             const uint8_t *salt,
-                                             size_t salt_length,
-                                             uint8_t *output,
-                                             size_t output_size,
-                                             size_t *output_length );
+psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
+                                            psa_algorithm_t alg,
+                                            const uint8_t *input,
+                                            size_t input_length,
+                                            const uint8_t *salt,
+                                            size_t salt_length,
+                                            uint8_t *output,
+                                            size_t output_size,
+                                            size_t *output_length);
 
 /**
  * \brief Decrypt a short message with a private key.
@@ -314,16 +314,16 @@
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
-psa_status_t mbedtls_psa_asymmetric_decrypt( const psa_key_attributes_t *attributes,
-                                             const uint8_t *key_buffer,
-                                             size_t key_buffer_size,
-                                             psa_algorithm_t alg,
-                                             const uint8_t *input,
-                                             size_t input_length,
-                                             const uint8_t *salt,
-                                             size_t salt_length,
-                                             uint8_t *output,
-                                             size_t output_size,
-                                             size_t *output_length );
+psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attributes,
+                                            const uint8_t *key_buffer,
+                                            size_t key_buffer_size,
+                                            psa_algorithm_t alg,
+                                            const uint8_t *input,
+                                            size_t input_length,
+                                            const uint8_t *salt,
+                                            size_t salt_length,
+                                            uint8_t *output,
+                                            size_t output_size,
+                                            size_t *output_length);
 
 #endif /* PSA_CRYPTO_RSA_H */
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 87d2634..b660393 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -48,19 +48,16 @@
 /* This structure is identical to psa_drv_se_context_t declared in
  * `crypto_se_driver.h`, except that some parts are writable here
  * (non-const, or pointer to non-const). */
-typedef struct
-{
+typedef struct {
     void *persistent_data;
     size_t persistent_data_size;
     uintptr_t transient_data;
 } psa_drv_se_internal_context_t;
 
-struct psa_se_drv_table_entry_s
-{
+struct psa_se_drv_table_entry_s {
     psa_key_location_t location;
     const psa_drv_se_t *methods;
-    union
-    {
+    union {
         psa_drv_se_internal_context_t internal;
         psa_drv_se_context_t context;
     } u;
@@ -69,46 +66,49 @@
 static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
 
 psa_se_drv_table_entry_t *psa_get_se_driver_entry(
-    psa_key_lifetime_t lifetime )
+    psa_key_lifetime_t lifetime)
 {
     size_t i;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
+    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime);
     /* In the driver table, location=0 means an entry that isn't used.
      * No driver has a location of 0 because it's a reserved value
      * (which designates transparent keys). Make sure we never return
      * a driver entry for location 0. */
-    if( location == 0 )
-        return( NULL );
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].location == location )
-            return( &driver_table[i] );
+    if (location == 0) {
+        return NULL;
     }
-    return( NULL );
+    for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+        if (driver_table[i].location == location) {
+            return &driver_table[i];
+        }
+    }
+    return NULL;
 }
 
 const psa_drv_se_t *psa_get_se_driver_methods(
-    const psa_se_drv_table_entry_t *driver )
+    const psa_se_drv_table_entry_t *driver)
 {
-    return( driver->methods );
+    return driver->methods;
 }
 
 psa_drv_se_context_t *psa_get_se_driver_context(
-    psa_se_drv_table_entry_t *driver )
+    psa_se_drv_table_entry_t *driver)
 {
-    return( &driver->u.context );
+    return &driver->u.context;
 }
 
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
-                       const psa_drv_se_t **p_methods,
-                       psa_drv_se_context_t **p_drv_context)
+int psa_get_se_driver(psa_key_lifetime_t lifetime,
+                      const psa_drv_se_t **p_methods,
+                      psa_drv_se_context_t **p_drv_context)
 {
-    psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
-    if( p_methods != NULL )
-        *p_methods = ( driver ? driver->methods : NULL );
-    if( p_drv_context != NULL )
-        *p_drv_context = ( driver ? &driver->u.context : NULL );
-    return( driver != NULL );
+    psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
+    if (p_methods != NULL) {
+        *p_methods = (driver ? driver->methods : NULL);
+    }
+    if (p_drv_context != NULL) {
+        *p_drv_context = (driver ? &driver->u.context : NULL);
+    }
+    return driver != NULL;
 }
 
 
@@ -119,32 +119,35 @@
 
 static psa_status_t psa_get_se_driver_its_file_uid(
     const psa_se_drv_table_entry_t *driver,
-    psa_storage_uid_t *uid )
+    psa_storage_uid_t *uid)
 {
-    if( driver->location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (driver->location > PSA_MAX_SE_LOCATION) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
 #if SIZE_MAX > UINT32_MAX
     /* ITS file sizes are limited to 32 bits. */
-    if( driver->u.internal.persistent_data_size > UINT32_MAX )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (driver->u.internal.persistent_data_size > UINT32_MAX) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 #endif
 
     /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
     *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 psa_status_t psa_load_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver )
+    const psa_se_drv_table_entry_t *driver)
 {
     psa_status_t status;
     psa_storage_uid_t uid;
     size_t length;
 
-    status = psa_get_se_driver_its_file_uid( driver, &uid );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_se_driver_its_file_uid(driver, &uid);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* Read the amount of persistent data that the driver requests.
      * If the data in storage is larger, it is truncated. If the data
@@ -153,97 +156,98 @@
     /* psa_get_se_driver_its_file_uid ensures that the size_t
      * persistent_data_size is in range, but compilers don't know that,
      * so cast to reassure them. */
-    return( psa_its_get( uid, 0,
-                         (uint32_t) driver->u.internal.persistent_data_size,
-                         driver->u.internal.persistent_data,
-                         &length ) );
+    return psa_its_get(uid, 0,
+                       (uint32_t) driver->u.internal.persistent_data_size,
+                       driver->u.internal.persistent_data,
+                       &length);
 }
 
 psa_status_t psa_save_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver )
+    const psa_se_drv_table_entry_t *driver)
 {
     psa_status_t status;
     psa_storage_uid_t uid;
 
-    status = psa_get_se_driver_its_file_uid( driver, &uid );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_se_driver_its_file_uid(driver, &uid);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* psa_get_se_driver_its_file_uid ensures that the size_t
      * persistent_data_size is in range, but compilers don't know that,
      * so cast to reassure them. */
-    return( psa_its_set( uid,
-                         (uint32_t) driver->u.internal.persistent_data_size,
-                         driver->u.internal.persistent_data,
-                         0 ) );
+    return psa_its_set(uid,
+                       (uint32_t) driver->u.internal.persistent_data_size,
+                       driver->u.internal.persistent_data,
+                       0);
 }
 
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
+psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location)
 {
     psa_storage_uid_t uid;
-    if( location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (location > PSA_MAX_SE_LOCATION) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
     uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
-    return( psa_its_remove( uid ) );
+    return psa_its_remove(uid);
 }
 
 psa_status_t psa_find_se_slot_for_key(
     const psa_key_attributes_t *attributes,
     psa_key_creation_method_t method,
     psa_se_drv_table_entry_t *driver,
-    psa_key_slot_number_t *slot_number )
+    psa_key_slot_number_t *slot_number)
 {
     psa_status_t status;
     psa_key_location_t key_location =
-        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
+        PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 
     /* If the location is wrong, it's a bug in the library. */
-    if( driver->location != key_location )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
+    if (driver->location != key_location) {
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
 
     /* If the driver doesn't support key creation in any way, give up now. */
-    if( driver->methods->key_management == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (driver->methods->key_management == NULL) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS )
-    {
+    if (psa_get_key_slot_number(attributes, slot_number) == PSA_SUCCESS) {
         /* The application wants to use a specific slot. Allow it if
          * the driver supports it. On a system with isolation,
          * the crypto service must check that the application is
          * permitted to request this slot. */
         psa_drv_se_validate_slot_number_t p_validate_slot_number =
             driver->methods->key_management->p_validate_slot_number;
-        if( p_validate_slot_number == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_validate_slot_number( &driver->u.context,
-                                         driver->u.internal.persistent_data,
-                                         attributes, method,
-                                         *slot_number );
-    }
-    else if( method == PSA_KEY_CREATION_REGISTER )
-    {
+        if (p_validate_slot_number == NULL) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
+        status = p_validate_slot_number(&driver->u.context,
+                                        driver->u.internal.persistent_data,
+                                        attributes, method,
+                                        *slot_number);
+    } else if (method == PSA_KEY_CREATION_REGISTER) {
         /* The application didn't specify a slot number. This doesn't
          * make sense when registering a slot. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    } else {
         /* The application didn't tell us which slot to use. Let the driver
          * choose. This is the normal case. */
         psa_drv_se_allocate_key_t p_allocate =
             driver->methods->key_management->p_allocate;
-        if( p_allocate == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_allocate( &driver->u.context,
-                             driver->u.internal.persistent_data,
-                             attributes, method,
-                             slot_number );
+        if (p_allocate == NULL) {
+            return PSA_ERROR_NOT_SUPPORTED;
+        }
+        status = p_allocate(&driver->u.context,
+                            driver->u.internal.persistent_data,
+                            attributes, method,
+                            slot_number);
     }
-    return( status );
+    return status;
 }
 
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
-                                 psa_key_slot_number_t slot_number )
+psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
+                                psa_key_slot_number_t slot_number)
 {
     psa_status_t status;
     psa_status_t storage_status;
@@ -255,40 +259,42 @@
      * locked in a read-only state: we can use the keys but not
      * destroy them. Hence, if the driver doesn't support destroying
      * keys, it's really a lack of permission. */
-    if( driver->methods->key_management == NULL ||
-        driver->methods->key_management->p_destroy == NULL )
-        return( PSA_ERROR_NOT_PERMITTED );
+    if (driver->methods->key_management == NULL ||
+        driver->methods->key_management->p_destroy == NULL) {
+        return PSA_ERROR_NOT_PERMITTED;
+    }
     status = driver->methods->key_management->p_destroy(
         &driver->u.context,
         driver->u.internal.persistent_data,
-        slot_number );
-    storage_status = psa_save_se_persistent_data( driver );
-    return( status == PSA_SUCCESS ? storage_status : status );
+        slot_number);
+    storage_status = psa_save_se_persistent_data(driver);
+    return status == PSA_SUCCESS ? storage_status : status;
 }
 
-psa_status_t psa_init_all_se_drivers( void )
+psa_status_t psa_init_all_se_drivers(void)
 {
     size_t i;
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
+    for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
         psa_se_drv_table_entry_t *driver = &driver_table[i];
-        if( driver->location == 0 )
+        if (driver->location == 0) {
             continue; /* skipping unused entry */
-        const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
-        if( methods->p_init != NULL )
-        {
+        }
+        const psa_drv_se_t *methods = psa_get_se_driver_methods(driver);
+        if (methods->p_init != NULL) {
             psa_status_t status = methods->p_init(
                 &driver->u.context,
                 driver->u.internal.persistent_data,
-                driver->location );
-            if( status != PSA_SUCCESS )
-                return( status );
-            status = psa_save_se_persistent_data( driver );
-            if( status != PSA_SUCCESS )
-                return( status );
+                driver->location);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
+            status = psa_save_se_persistent_data(driver);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
         }
     }
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 
@@ -304,70 +310,74 @@
     size_t i;
     psa_status_t status;
 
-    if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (methods->hal_version != PSA_DRV_SE_HAL_VERSION) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
     /* Driver table entries are 0-initialized. 0 is not a valid driver
      * location because it means a transparent key. */
 #if defined(static_assert)
-    static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
-                   "Secure element support requires 0 to mean a local key" );
+    static_assert(PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
+                  "Secure element support requires 0 to mean a local key");
 #endif
-    if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    if( location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
+    if (location == PSA_KEY_LOCATION_LOCAL_STORAGE) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    if (location > PSA_MAX_SE_LOCATION) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
 
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].location == 0 )
+    for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+        if (driver_table[i].location == 0) {
             break;
+        }
         /* Check that location isn't already in use up to the first free
          * entry. Since entries are created in order and never deleted,
          * there can't be a used entry after the first free entry. */
-        if( driver_table[i].location == location )
-            return( PSA_ERROR_ALREADY_EXISTS );
+        if (driver_table[i].location == location) {
+            return PSA_ERROR_ALREADY_EXISTS;
+        }
     }
-    if( i == PSA_MAX_SE_DRIVERS )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (i == PSA_MAX_SE_DRIVERS) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
 
     driver_table[i].location = location;
     driver_table[i].methods = methods;
     driver_table[i].u.internal.persistent_data_size =
         methods->persistent_data_size;
 
-    if( methods->persistent_data_size != 0 )
-    {
+    if (methods->persistent_data_size != 0) {
         driver_table[i].u.internal.persistent_data =
-            mbedtls_calloc( 1, methods->persistent_data_size );
-        if( driver_table[i].u.internal.persistent_data == NULL )
-        {
+            mbedtls_calloc(1, methods->persistent_data_size);
+        if (driver_table[i].u.internal.persistent_data == NULL) {
             status = PSA_ERROR_INSUFFICIENT_MEMORY;
             goto error;
         }
         /* Load the driver's persistent data. On first use, the persistent
          * data does not exist in storage, and is initialized to
          * all-bits-zero by the calloc call just above. */
-        status = psa_load_se_persistent_data( &driver_table[i] );
-        if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
+        status = psa_load_se_persistent_data(&driver_table[i]);
+        if (status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST) {
             goto error;
+        }
     }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 
 error:
-    memset( &driver_table[i], 0, sizeof( driver_table[i] ) );
-    return( status );
+    memset(&driver_table[i], 0, sizeof(driver_table[i]));
+    return status;
 }
 
-void psa_unregister_all_se_drivers( void )
+void psa_unregister_all_se_drivers(void)
 {
     size_t i;
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].u.internal.persistent_data != NULL )
-            mbedtls_free( driver_table[i].u.internal.persistent_data );
+    for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) {
+        if (driver_table[i].u.internal.persistent_data != NULL) {
+            mbedtls_free(driver_table[i].u.internal.persistent_data);
+        }
     }
-    memset( driver_table, 0, sizeof( driver_table ) );
+    memset(driver_table, 0, sizeof(driver_table));
 }
 
 
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 693c3ea..a1e5e09 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -47,7 +47,7 @@
  * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
  * which doesn't have a driver.
  */
-#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
+#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ((psa_key_id_t) 0xfffffe00)
 
 /** The maximum number of registered secure element driver locations. */
 #define PSA_MAX_SE_DRIVERS 4
@@ -58,13 +58,13 @@
  *          state. This function is only intended to be called at the end
  *          of mbedtls_psa_crypto_free().
  */
-void psa_unregister_all_se_drivers( void );
+void psa_unregister_all_se_drivers(void);
 
 /** Initialize all secure element drivers.
  *
  * Called from psa_crypto_init().
  */
-psa_status_t psa_init_all_se_drivers( void );
+psa_status_t psa_init_all_se_drivers(void);
 
 /** A structure that describes a registered secure element driver.
  *
@@ -89,9 +89,9 @@
  * \retval 0
  *         \p lifetime does not correspond to a registered driver.
  */
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
-                       const psa_drv_se_t **p_methods,
-                       psa_drv_se_context_t **p_drv_context);
+int psa_get_se_driver(psa_key_lifetime_t lifetime,
+                      const psa_drv_se_t **p_methods,
+                      psa_drv_se_context_t **p_drv_context);
 
 /** Return the secure element driver table entry for a lifetime value.
  *
@@ -101,7 +101,7 @@
  *         \p NULL if \p lifetime does not correspond to a registered driver.
  */
 psa_se_drv_table_entry_t *psa_get_se_driver_entry(
-    psa_key_lifetime_t lifetime );
+    psa_key_lifetime_t lifetime);
 
 /** Return the method table for a secure element driver.
  *
@@ -111,7 +111,7 @@
  *         \c NULL if \p driver is \c NULL.
  */
 const psa_drv_se_t *psa_get_se_driver_methods(
-    const psa_se_drv_table_entry_t *driver );
+    const psa_se_drv_table_entry_t *driver);
 
 /** Return the context of a secure element driver.
  *
@@ -121,7 +121,7 @@
  *         \c NULL if \p driver is \c NULL.
  */
 psa_drv_se_context_t *psa_get_se_driver_context(
-    psa_se_drv_table_entry_t *driver );
+    psa_se_drv_table_entry_t *driver);
 
 /** Find a free slot for a key that is to be created.
  *
@@ -137,15 +137,15 @@
     const psa_key_attributes_t *attributes,
     psa_key_creation_method_t method,
     psa_se_drv_table_entry_t *driver,
-    psa_key_slot_number_t *slot_number );
+    psa_key_slot_number_t *slot_number);
 
 /** Destroy a key in a secure element.
  *
  * This function calls the relevant driver method to destroy a key
  * and updates the driver's persistent data.
  */
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
-                                 psa_key_slot_number_t slot_number );
+psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver,
+                                psa_key_slot_number_t slot_number);
 
 /** Load the persistent data of a secure element driver.
  *
@@ -160,7 +160,7 @@
  * \return #PSA_ERROR_INVALID_ARGUMENT
  */
 psa_status_t psa_load_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver );
+    const psa_se_drv_table_entry_t *driver);
 
 /** Save the persistent data of a secure element driver.
  *
@@ -176,7 +176,7 @@
  * \return #PSA_ERROR_INVALID_ARGUMENT
  */
 psa_status_t psa_save_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver );
+    const psa_se_drv_table_entry_t *driver);
 
 /** Destroy the persistent data of a secure element driver.
  *
@@ -185,14 +185,13 @@
  * \param[in] location  The location identifier for the driver whose
  *                      persistent data is to be erased.
  */
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
+psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location);
 
 
 /** The storage representation of a key whose data is in a secure element.
  */
-typedef struct
-{
-    uint8_t slot_number[sizeof( psa_key_slot_number_t )];
+typedef struct {
+    uint8_t slot_number[sizeof(psa_key_slot_number_t)];
 } psa_se_key_data_storage_t;
 
 #endif /* PSA_CRYPTO_SE_H */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 9dceaac..cb7fa59 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -36,30 +36,31 @@
 #include <string.h>
 #include "mbedtls/platform.h"
 
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
+#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
 
-typedef struct
-{
+typedef struct {
     psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
     unsigned key_slots_initialized : 1;
 } psa_global_data_t;
 
 static psa_global_data_t global_data;
 
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok)
 {
-    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
 
-    if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
-        ( key_id <= PSA_KEY_ID_USER_MAX ) )
-        return( 1 );
+    if ((PSA_KEY_ID_USER_MIN <= key_id) &&
+        (key_id <= PSA_KEY_ID_USER_MAX)) {
+        return 1;
+    }
 
-    if( vendor_ok &&
-        ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
-        ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
-        return( 1 );
+    if (vendor_ok &&
+        (PSA_KEY_ID_VENDOR_MIN <= key_id) &&
+        (key_id <= PSA_KEY_ID_VENDOR_MAX)) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /** Get the description in memory of a key given its identifier and lock it.
@@ -94,16 +95,15 @@
  *         There is no key with key identifier \p key in the key slots.
  */
 static psa_status_t psa_get_and_lock_key_slot_in_memory(
-    mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot )
+    mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
+    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
     size_t slot_idx;
     psa_key_slot_t *slot = NULL;
 
-    if( psa_key_id_is_volatile( key_id ) )
-    {
-        slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
+    if (psa_key_id_is_volatile(key_id)) {
+        slot = &global_data.key_slots[key_id - PSA_KEY_ID_VOLATILE_MIN];
 
         /*
          * Check if both the PSA key identifier key_id and the owner
@@ -113,83 +113,79 @@
          * is equal to zero. This is an invalid value for a PSA key identifier
          * and thus cannot be equal to the valid PSA key identifier key_id.
          */
-        status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ?
+        status = mbedtls_svc_key_id_equal(key, slot->attr.id) ?
                  PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
-    }
-    else
-    {
-        if ( !psa_is_valid_key_id( key, 1 ) )
-            return( PSA_ERROR_INVALID_HANDLE );
-
-        for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-        {
-            slot = &global_data.key_slots[ slot_idx ];
-            if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
-                break;
+    } else {
+        if (!psa_is_valid_key_id(key, 1)) {
+            return PSA_ERROR_INVALID_HANDLE;
         }
-        status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ?
+
+        for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+            slot = &global_data.key_slots[slot_idx];
+            if (mbedtls_svc_key_id_equal(key, slot->attr.id)) {
+                break;
+            }
+        }
+        status = (slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT) ?
                  PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
     }
 
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_lock_key_slot( slot );
-        if( status == PSA_SUCCESS )
+    if (status == PSA_SUCCESS) {
+        status = psa_lock_key_slot(slot);
+        if (status == PSA_SUCCESS) {
             *p_slot = slot;
+        }
     }
 
-    return( status );
+    return status;
 }
 
-psa_status_t psa_initialize_key_slots( void )
+psa_status_t psa_initialize_key_slots(void)
 {
     /* Nothing to do: program startup and psa_wipe_all_key_slots() both
      * guarantee that the key slots are initialized to all-zero, which
      * means that all the key slots are in a valid, empty state. */
     global_data.key_slots_initialized = 1;
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-void psa_wipe_all_key_slots( void )
+void psa_wipe_all_key_slots(void)
 {
     size_t slot_idx;
 
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
+    for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+        psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
         slot->lock_count = 1;
-        (void) psa_wipe_key_slot( slot );
+        (void) psa_wipe_key_slot(slot);
     }
     global_data.key_slots_initialized = 0;
 }
 
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
-                                     psa_key_slot_t **p_slot )
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+                                    psa_key_slot_t **p_slot)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t slot_idx;
     psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot;
 
-    if( ! global_data.key_slots_initialized )
-    {
+    if (!global_data.key_slots_initialized) {
         status = PSA_ERROR_BAD_STATE;
         goto error;
     }
 
     selected_slot = unlocked_persistent_key_slot = NULL;
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
-        if( ! psa_is_key_slot_occupied( slot ) )
-        {
+    for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+        psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+        if (!psa_is_key_slot_occupied(slot)) {
             selected_slot = slot;
             break;
         }
 
-        if( ( unlocked_persistent_key_slot == NULL ) &&
-            ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
-            ( ! psa_is_key_slot_locked( slot ) ) )
+        if ((unlocked_persistent_key_slot == NULL) &&
+            (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+            (!psa_is_key_slot_locked(slot))) {
             unlocked_persistent_key_slot = slot;
+        }
     }
 
     /*
@@ -199,25 +195,24 @@
      * persistent key we are evicting now, we will reload its description from
      * storage.
      */
-    if( ( selected_slot == NULL ) &&
-        ( unlocked_persistent_key_slot != NULL ) )
-    {
+    if ((selected_slot == NULL) &&
+        (unlocked_persistent_key_slot != NULL)) {
         selected_slot = unlocked_persistent_key_slot;
         selected_slot->lock_count = 1;
-        psa_wipe_key_slot( selected_slot );
+        psa_wipe_key_slot(selected_slot);
     }
 
-    if( selected_slot != NULL )
-    {
-       status = psa_lock_key_slot( selected_slot );
-       if( status != PSA_SUCCESS )
-           goto error;
+    if (selected_slot != NULL) {
+        status = psa_lock_key_slot(selected_slot);
+        if (status != PSA_SUCCESS) {
+            goto error;
+        }
 
         *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
-            ( (psa_key_id_t)( selected_slot - global_data.key_slots ) );
+                           ((psa_key_id_t) (selected_slot - global_data.key_slots));
         *p_slot = selected_slot;
 
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
     }
     status = PSA_ERROR_INSUFFICIENT_MEMORY;
 
@@ -225,53 +220,52 @@
     *p_slot = NULL;
     *volatile_key_id = 0;
 
-    return( status );
+    return status;
 }
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot)
 {
     psa_status_t status = PSA_SUCCESS;
     uint8_t *key_data = NULL;
     size_t key_data_length = 0;
 
-    status = psa_load_persistent_key( &slot->attr,
-                                      &key_data, &key_data_length );
-    if( status != PSA_SUCCESS )
+    status = psa_load_persistent_key(&slot->attr,
+                                     &key_data, &key_data_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* Special handling is required for loading keys associated with a
      * dynamically registered SE interface. */
     const psa_drv_se_t *drv;
     psa_drv_se_context_t *drv_context;
-    if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
-    {
+    if (psa_get_se_driver(slot->attr.lifetime, &drv, &drv_context)) {
         psa_se_key_data_storage_t *data;
 
-        if( key_data_length != sizeof( *data ) )
-        {
+        if (key_data_length != sizeof(*data)) {
             status = PSA_ERROR_DATA_INVALID;
             goto exit;
         }
         data = (psa_se_key_data_storage_t *) key_data;
         status = psa_copy_key_material_into_slot(
-                     slot, data->slot_number, sizeof( data->slot_number ) );
+            slot, data->slot_number, sizeof(data->slot_number));
         goto exit;
     }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
-    status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
+    status = psa_copy_key_material_into_slot(slot, key_data, key_data_length);
 
 exit:
-    psa_free_persistent_key_data( key_data, key_data_length );
-    return( status );
+    psa_free_persistent_key_data(key_data, key_data_length);
+    return status;
 }
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
 
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
 
-static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
+static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -280,91 +274,98 @@
     size_t key_buffer_size = 0;
     size_t key_buffer_length = 0;
 
-    if( ! psa_key_id_is_builtin(
-            MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
-    {
-        return( PSA_ERROR_DOES_NOT_EXIST );
+    if (!psa_key_id_is_builtin(
+            MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id))) {
+        return PSA_ERROR_DOES_NOT_EXIST;
     }
 
     /* Check the platform function to see whether this key actually exists */
     status = mbedtls_psa_platform_get_builtin_key(
-                slot->attr.id, &lifetime, &slot_number );
-    if( status != PSA_SUCCESS )
-        return( status );
+        slot->attr.id, &lifetime, &slot_number);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* Set required key attributes to ensure get_builtin_key can retrieve the
      * full attributes. */
-    psa_set_key_id( &attributes, slot->attr.id );
-    psa_set_key_lifetime( &attributes, lifetime );
+    psa_set_key_id(&attributes, slot->attr.id);
+    psa_set_key_lifetime(&attributes, lifetime);
 
     /* Get the full key attributes from the driver in order to be able to
      * calculate the required buffer size. */
     status = psa_driver_wrapper_get_builtin_key(
-                slot_number, &attributes,
-                NULL, 0, NULL );
-    if( status != PSA_ERROR_BUFFER_TOO_SMALL )
-    {
+        slot_number, &attributes,
+        NULL, 0, NULL);
+    if (status != PSA_ERROR_BUFFER_TOO_SMALL) {
         /* Builtin keys cannot be defined by the attributes alone */
-        if( status == PSA_SUCCESS )
+        if (status == PSA_SUCCESS) {
             status = PSA_ERROR_CORRUPTION_DETECTED;
-        return( status );
+        }
+        return status;
     }
 
     /* If the key should exist according to the platform, then ask the driver
      * what its expected size is. */
-    status = psa_driver_wrapper_get_key_buffer_size( &attributes,
-                                                     &key_buffer_size );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_driver_wrapper_get_key_buffer_size(&attributes,
+                                                    &key_buffer_size);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     /* Allocate a buffer of the required size and load the builtin key directly
      * into the (now properly sized) slot buffer. */
-    status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_allocate_buffer_to_slot(slot, key_buffer_size);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     status = psa_driver_wrapper_get_builtin_key(
-                slot_number, &attributes,
-                slot->key.data, slot->key.bytes, &key_buffer_length );
-    if( status != PSA_SUCCESS )
+        slot_number, &attributes,
+        slot->key.data, slot->key.bytes, &key_buffer_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
     /* Copy actual key length and core attributes into the slot on success */
     slot->key.bytes = key_buffer_length;
     slot->attr = attributes.core;
 
 exit:
-    if( status != PSA_SUCCESS )
-        psa_remove_key_data_from_memory( slot );
-    return( status );
+    if (status != PSA_SUCCESS) {
+        psa_remove_key_data_from_memory(slot);
+    }
+    return status;
 }
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
-                                        psa_key_slot_t **p_slot )
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+                                       psa_key_slot_t **p_slot)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     *p_slot = NULL;
-    if( ! global_data.key_slots_initialized )
-        return( PSA_ERROR_BAD_STATE );
+    if (!global_data.key_slots_initialized) {
+        return PSA_ERROR_BAD_STATE;
+    }
 
     /*
      * On success, the pointer to the slot is passed directly to the caller
      * thus no need to unlock the key slot here.
      */
-    status = psa_get_and_lock_key_slot_in_memory( key, p_slot );
-    if( status != PSA_ERROR_DOES_NOT_EXIST )
-        return( status );
+    status = psa_get_and_lock_key_slot_in_memory(key, p_slot);
+    if (status != PSA_ERROR_DOES_NOT_EXIST) {
+        return status;
+    }
 
     /* Loading keys from storage requires support for such a mechanism */
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
     defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
     psa_key_id_t volatile_key_id;
 
-    status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_empty_key_slot(&volatile_key_id, p_slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     (*p_slot)->attr.id = key;
     (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
@@ -372,66 +373,66 @@
     status = PSA_ERROR_DOES_NOT_EXIST;
 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
     /* Load keys in the 'builtin' range through their own interface */
-    status = psa_load_builtin_key_into_slot( *p_slot );
+    status = psa_load_builtin_key_into_slot(*p_slot);
 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( status == PSA_ERROR_DOES_NOT_EXIST )
-        status = psa_load_persistent_key_into_slot( *p_slot );
+    if (status == PSA_ERROR_DOES_NOT_EXIST) {
+        status = psa_load_persistent_key_into_slot(*p_slot);
+    }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
-    if( status != PSA_SUCCESS )
-    {
-        psa_wipe_key_slot( *p_slot );
-        if( status == PSA_ERROR_DOES_NOT_EXIST )
+    if (status != PSA_SUCCESS) {
+        psa_wipe_key_slot(*p_slot);
+        if (status == PSA_ERROR_DOES_NOT_EXIST) {
             status = PSA_ERROR_INVALID_HANDLE;
-    }
-    else
+        }
+    } else {
         /* Add implicit usage flags. */
-        psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+        psa_extend_key_usage_flags(&(*p_slot)->attr.policy.usage);
+    }
 
-    return( status );
+    return status;
 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-    return( PSA_ERROR_INVALID_HANDLE );
+    return PSA_ERROR_INVALID_HANDLE;
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 }
 
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot)
 {
-    if( slot == NULL )
-        return( PSA_SUCCESS );
-
-    if( slot->lock_count > 0 )
-    {
-        slot->lock_count--;
-        return( PSA_SUCCESS );
+    if (slot == NULL) {
+        return PSA_SUCCESS;
     }
 
-   /*
-    * As the return error code may not be handled in case of multiple errors,
-    * do our best to report if the lock counter is equal to zero. Assert with
-    * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater
-    * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and
-    * the function is called as part of the execution of a test suite, the
-    * execution of the test suite is stopped in error if the assertion fails.
-    */
-    MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count > 0 );
-    return( PSA_ERROR_CORRUPTION_DETECTED );
+    if (slot->lock_count > 0) {
+        slot->lock_count--;
+        return PSA_SUCCESS;
+    }
+
+    /*
+     * As the return error code may not be handled in case of multiple errors,
+     * do our best to report if the lock counter is equal to zero. Assert with
+     * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater
+     * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and
+     * the function is called as part of the execution of a test suite, the
+     * execution of the test suite is stopped in error if the assertion fails.
+     */
+    MBEDTLS_TEST_HOOK_TEST_ASSERT(slot->lock_count > 0);
+    return PSA_ERROR_CORRUPTION_DETECTED;
 }
 
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
-                                        psa_se_drv_table_entry_t **p_drv )
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+                                       psa_se_drv_table_entry_t **p_drv)
 {
-    if ( psa_key_lifetime_is_external( lifetime ) )
-    {
+    if (psa_key_lifetime_is_external(lifetime)) {
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
         /* Check whether a driver is registered against this lifetime */
-        psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
-        if( driver != NULL )
-        {
-            if (p_drv != NULL)
+        psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime);
+        if (driver != NULL) {
+            if (p_drv != NULL) {
                 *p_drv = driver;
-            return( PSA_SUCCESS );
+            }
+            return PSA_SUCCESS;
         }
 #else /* MBEDTLS_PSA_CRYPTO_SE_C */
         (void) p_drv;
@@ -439,139 +440,138 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
         /* Key location for external keys gets checked by the wrapper */
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
 #else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
         /* No support for external lifetimes at all, or dynamic interface
          * did not find driver for requested lifetime. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        return PSA_ERROR_INVALID_ARGUMENT;
 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-    }
-    else
+    } else {
         /* Local/internal keys are always valid */
-        return( PSA_SUCCESS );
+        return PSA_SUCCESS;
+    }
 }
 
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime)
 {
-    if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
+    if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
         /* Volatile keys are always supported */
-        return( PSA_SUCCESS );
-    }
-    else
-    {
+        return PSA_SUCCESS;
+    } else {
         /* Persistent keys require storage support */
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-        if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        else
-            return( PSA_SUCCESS );
+        if (PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        } else {
+            return PSA_SUCCESS;
+        }
 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-        return( PSA_ERROR_NOT_SUPPORTED );
+        return PSA_ERROR_NOT_SUPPORTED;
 #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
     }
 }
 
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
+psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
 {
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
     defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
     psa_status_t status;
     psa_key_slot_t *slot;
 
-    status = psa_get_and_lock_key_slot( key, &slot );
-    if( status != PSA_SUCCESS )
-    {
+    status = psa_get_and_lock_key_slot(key, &slot);
+    if (status != PSA_SUCCESS) {
         *handle = PSA_KEY_HANDLE_INIT;
-        if( status == PSA_ERROR_INVALID_HANDLE )
+        if (status == PSA_ERROR_INVALID_HANDLE) {
             status = PSA_ERROR_DOES_NOT_EXIST;
+        }
 
-        return( status );
+        return status;
     }
 
     *handle = key;
 
-    return( psa_unlock_key_slot( slot ) );
+    return psa_unlock_key_slot(slot);
 
 #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
     (void) key;
     *handle = PSA_KEY_HANDLE_INIT;
-    return( PSA_ERROR_NOT_SUPPORTED );
+    return PSA_ERROR_NOT_SUPPORTED;
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 }
 
-psa_status_t psa_close_key( psa_key_handle_t handle )
+psa_status_t psa_close_key(psa_key_handle_t handle)
 {
     psa_status_t status;
     psa_key_slot_t *slot;
 
-    if( psa_key_handle_is_null( handle ) )
-        return( PSA_SUCCESS );
-
-    status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
-    if( status != PSA_SUCCESS )
-    {
-        if( status == PSA_ERROR_DOES_NOT_EXIST )
-            status = PSA_ERROR_INVALID_HANDLE;
-
-        return( status );
+    if (psa_key_handle_is_null(handle)) {
+        return PSA_SUCCESS;
     }
-    if( slot->lock_count <= 1 )
-        return( psa_wipe_key_slot( slot ) );
-    else
-        return( psa_unlock_key_slot( slot ) );
+
+    status = psa_get_and_lock_key_slot_in_memory(handle, &slot);
+    if (status != PSA_SUCCESS) {
+        if (status == PSA_ERROR_DOES_NOT_EXIST) {
+            status = PSA_ERROR_INVALID_HANDLE;
+        }
+
+        return status;
+    }
+    if (slot->lock_count <= 1) {
+        return psa_wipe_key_slot(slot);
+    } else {
+        return psa_unlock_key_slot(slot);
+    }
 }
 
-psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
+psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
 {
     psa_status_t status;
     psa_key_slot_t *slot;
 
-    status = psa_get_and_lock_key_slot_in_memory( key, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_get_and_lock_key_slot_in_memory(key, &slot);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
-        ( slot->lock_count <= 1 ) )
-        return( psa_wipe_key_slot( slot ) );
-    else
-        return( psa_unlock_key_slot( slot ) );
+    if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
+        (slot->lock_count <= 1)) {
+        return psa_wipe_key_slot(slot);
+    } else {
+        return psa_unlock_key_slot(slot);
+    }
 }
 
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
+void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
 {
     size_t slot_idx;
 
-    memset( stats, 0, sizeof( *stats ) );
+    memset(stats, 0, sizeof(*stats));
 
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
-        if( psa_is_key_slot_locked( slot ) )
-        {
+    for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) {
+        const psa_key_slot_t *slot = &global_data.key_slots[slot_idx];
+        if (psa_is_key_slot_locked(slot)) {
             ++stats->locked_slots;
         }
-        if( ! psa_is_key_slot_occupied( slot ) )
-        {
+        if (!psa_is_key_slot_occupied(slot)) {
             ++stats->empty_slots;
             continue;
         }
-        if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
+        if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
             ++stats->volatile_slots;
-        else
-        {
-            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+        } else {
+            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
             ++stats->persistent_slots;
-            if( id > stats->max_open_internal_key_id )
+            if (id > stats->max_open_internal_key_id) {
                 stats->max_open_internal_key_id = id;
+            }
         }
-        if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
-            PSA_KEY_LOCATION_LOCAL_STORAGE )
-        {
-            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
+        if (PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime) !=
+            PSA_KEY_LOCATION_LOCAL_STORAGE) {
+            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id);
             ++stats->external_slots;
-            if( id > stats->max_open_external_key_id )
+            if (id > stats->max_open_external_key_id) {
                 stats->max_open_external_key_id = id;
+            }
         }
     }
 }
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index d539bdd..ff8ccde 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -35,8 +35,8 @@
 
 /** The minimum value for a volatile key identifier.
  */
-#define PSA_KEY_ID_VOLATILE_MIN  ( PSA_KEY_ID_VENDOR_MAX - \
-                                   MBEDTLS_PSA_KEY_SLOT_COUNT + 1 )
+#define PSA_KEY_ID_VOLATILE_MIN  (PSA_KEY_ID_VENDOR_MAX - \
+                                  MBEDTLS_PSA_KEY_SLOT_COUNT + 1)
 
 /** The maximum value for a volatile key identifier.
  */
@@ -51,10 +51,10 @@
  * \retval 0
  *         The key identifier is not a volatile key identifier.
  */
-static inline int psa_key_id_is_volatile( psa_key_id_t key_id )
+static inline int psa_key_id_is_volatile(psa_key_id_t key_id)
 {
-    return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) &&
-            ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) );
+    return (key_id >= PSA_KEY_ID_VOLATILE_MIN) &&
+           (key_id <= PSA_KEY_ID_VOLATILE_MAX);
 }
 
 /** Get the description of a key given its identifier and lock it.
@@ -92,20 +92,20 @@
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_DATA_CORRUPT
  */
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
-                                        psa_key_slot_t **p_slot );
+psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
+                                       psa_key_slot_t **p_slot);
 
 /** Initialize the key slot structures.
  *
  * \retval #PSA_SUCCESS
  *         Currently this function always succeeds.
  */
-psa_status_t psa_initialize_key_slots( void );
+psa_status_t psa_initialize_key_slots(void);
 
 /** Delete all data from key slots in memory.
  *
  * This does not affect persistent storage. */
-void psa_wipe_all_key_slots( void );
+void psa_wipe_all_key_slots(void);
 
 /** Find a free key slot.
  *
@@ -122,8 +122,8 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_BAD_STATE
  */
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
-                                     psa_key_slot_t **p_slot );
+psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id,
+                                    psa_key_slot_t **p_slot);
 
 /** Lock a key slot.
  *
@@ -137,14 +137,15 @@
  *             The lock counter already reached its maximum value and was not
  *             increased.
  */
-static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot )
+static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot)
 {
-    if( slot->lock_count >= SIZE_MAX )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
+    if (slot->lock_count >= SIZE_MAX) {
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    }
 
     slot->lock_count++;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /** Unlock a key slot.
@@ -163,7 +164,7 @@
  *             The lock counter was equal to 0.
  *
  */
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot );
+psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot);
 
 /** Test whether a lifetime designates a key in an external cryptoprocessor.
  *
@@ -177,10 +178,10 @@
  *         The lifetime designates a key that is volatile or in internal
  *         storage.
  */
-static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
+static inline int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime)
 {
-    return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
-                != PSA_KEY_LOCATION_LOCAL_STORAGE );
+    return PSA_KEY_LIFETIME_GET_LOCATION(lifetime)
+           != PSA_KEY_LOCATION_LOCAL_STORAGE;
 }
 
 /** Validate a key's location.
@@ -197,8 +198,8 @@
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_ARGUMENT
  */
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
-                                        psa_se_drv_table_entry_t **p_drv );
+psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
+                                       psa_se_drv_table_entry_t **p_drv);
 
 /** Validate the persistence of a key.
  *
@@ -208,7 +209,7 @@
  * \retval #PSA_ERROR_NOT_SUPPORTED The key is persistent but persistent keys
  *             are not supported.
  */
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
+psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime);
 
 /** Validate a key identifier.
  *
@@ -219,6 +220,6 @@
  *
  * \retval <> 0 if the key identifier is valid, 0 otherwise.
  */
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
+int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok);
 
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 3186a36..8225014 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -49,22 +49,22 @@
  * other than storing a key. Currently, the only such file is the random seed
  * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
  * 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
+static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key)
 {
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
     /* Encode the owner in the upper 32 bits. This means that if
      * owner values are nonzero (as they are on a PSA platform),
      * no key file will ever have a value less than 0x100000000, so
      * the whole range 0..0xffffffff is available for non-key files. */
-    uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
-    return(  ( (uint64_t) unsigned_owner_id << 32 ) |
-             MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
+    uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key);
+    return ((uint64_t) unsigned_owner_id << 32) |
+           MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);
 #else
     /* Use the key id directly as a file name.
      * psa_is_key_id_valid() in psa_crypto_slot_management.c
      * is responsible for ensuring that key identifiers do not have a
      * value that is reserved for non-key files. */
-    return( key );
+    return key;
 #endif
 }
 
@@ -86,35 +86,38 @@
  * \retval #PSA_ERROR_DOES_NOT_EXIST
  */
 static psa_status_t psa_crypto_storage_load(
-    const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
+    const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size)
 {
     psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
     struct psa_storage_info_t data_identifier_info;
     size_t data_length = 0;
 
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status  != PSA_SUCCESS )
-        return( status );
+    status = psa_its_get_info(data_identifier, &data_identifier_info);
+    if (status  != PSA_SUCCESS) {
+        return status;
+    }
 
-    status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
-    if( data_size  != data_length )
-        return( PSA_ERROR_DATA_INVALID );
+    status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length);
+    if (data_size  != data_length) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    return( status );
+    return status;
 }
 
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key)
 {
     psa_status_t ret;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
     struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
+    ret = psa_its_get_info(data_identifier, &data_identifier_info);
 
-    if( ret == PSA_ERROR_DOES_NOT_EXIST )
-        return( 0 );
-    return( 1 );
+    if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+        return 0;
+    }
+    return 1;
 }
 
 /**
@@ -134,65 +137,65 @@
  * \retval #PSA_ERROR_STORAGE_FAILURE
  * \retval #PSA_ERROR_DATA_INVALID
  */
-static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
-                                              const uint8_t *data,
-                                              size_t data_length )
+static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key,
+                                             const uint8_t *data,
+                                             size_t data_length)
 {
     psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
     struct psa_storage_info_t data_identifier_info;
 
-    if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_ALREADY_EXISTS );
-
-    status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
-    if( status != PSA_SUCCESS )
-    {
-        return( PSA_ERROR_DATA_INVALID );
+    if (psa_is_key_present_in_storage(key) == 1) {
+        return PSA_ERROR_ALREADY_EXISTS;
     }
 
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status != PSA_SUCCESS )
-    {
+    status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0);
+    if (status != PSA_SUCCESS) {
+        return PSA_ERROR_DATA_INVALID;
+    }
+
+    status = psa_its_get_info(data_identifier, &data_identifier_info);
+    if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    if( data_identifier_info.size != data_length )
-    {
+    if (data_identifier_info.size != data_length) {
         status = PSA_ERROR_DATA_INVALID;
         goto exit;
     }
 
 exit:
-    if( status != PSA_SUCCESS )
-    {
+    if (status != PSA_SUCCESS) {
         /* Remove the file in case we managed to create it but something
          * went wrong. It's ok if the file doesn't exist. If the file exists
          * but the removal fails, we're already reporting an error so there's
          * nothing else we can do. */
-        (void) psa_its_remove( data_identifier );
+        (void) psa_its_remove(data_identifier);
     }
-    return( status );
+    return status;
 }
 
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key)
 {
     psa_status_t ret;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
     struct psa_storage_info_t data_identifier_info;
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ERROR_DOES_NOT_EXIST )
-        return( PSA_SUCCESS );
+    ret = psa_its_get_info(data_identifier, &data_identifier_info);
+    if (ret == PSA_ERROR_DOES_NOT_EXIST) {
+        return PSA_SUCCESS;
+    }
 
-    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
-        return( PSA_ERROR_DATA_INVALID );
+    if (psa_its_remove(data_identifier) != PSA_SUCCESS) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ERROR_DOES_NOT_EXIST )
-        return( PSA_ERROR_DATA_INVALID );
+    ret = psa_its_get_info(data_identifier, &data_identifier_info);
+    if (ret != PSA_ERROR_DOES_NOT_EXIST) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /**
@@ -209,189 +212,200 @@
  */
 static psa_status_t psa_crypto_storage_get_data_length(
     const mbedtls_svc_key_id_t key,
-    size_t *data_length )
+    size_t *data_length)
 {
     psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
+    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key);
     struct psa_storage_info_t data_identifier_info;
 
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_its_get_info(data_identifier, &data_identifier_info);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
     *data_length = (size_t) data_identifier_info.size;
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 /**
  * Persistent key storage magic header.
  */
 #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
-#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
+#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
 
 typedef struct {
     uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
     uint8_t version[4];
-    uint8_t lifetime[sizeof( psa_key_lifetime_t )];
+    uint8_t lifetime[sizeof(psa_key_lifetime_t)];
     uint8_t type[2];
     uint8_t bits[2];
-    uint8_t policy[sizeof( psa_key_policy_t )];
+    uint8_t policy[sizeof(psa_key_policy_t)];
     uint8_t data_len[4];
     uint8_t key_data[];
 } psa_persistent_key_storage_format;
 
-void psa_format_key_data_for_storage( const uint8_t *data,
-                                      const size_t data_length,
-                                      const psa_core_key_attributes_t *attr,
-                                      uint8_t *storage_data )
+void psa_format_key_data_for_storage(const uint8_t *data,
+                                     const size_t data_length,
+                                     const psa_core_key_attributes_t *attr,
+                                     uint8_t *storage_data)
 {
     psa_persistent_key_storage_format *storage_format =
         (psa_persistent_key_storage_format *) storage_data;
 
-    memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
-    MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
-    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
-    MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
-    memcpy( storage_format->key_data, data, data_length );
+    memcpy(storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER,
+           PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH);
+    MBEDTLS_PUT_UINT32_LE(0, storage_format->version, 0);
+    MBEDTLS_PUT_UINT32_LE(attr->lifetime, storage_format->lifetime, 0);
+    MBEDTLS_PUT_UINT16_LE((uint16_t) attr->type, storage_format->type, 0);
+    MBEDTLS_PUT_UINT16_LE((uint16_t) attr->bits, storage_format->bits, 0);
+    MBEDTLS_PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0);
+    MBEDTLS_PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t));
+    MBEDTLS_PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t));
+    MBEDTLS_PUT_UINT32_LE(data_length, storage_format->data_len, 0);
+    memcpy(storage_format->key_data, data, data_length);
 }
 
-static psa_status_t check_magic_header( const uint8_t *data )
+static psa_status_t check_magic_header(const uint8_t *data)
 {
-    if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
-                PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
-        return( PSA_ERROR_DATA_INVALID );
-    return( PSA_SUCCESS );
+    if (memcmp(data, PSA_KEY_STORAGE_MAGIC_HEADER,
+               PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH) != 0) {
+        return PSA_ERROR_DATA_INVALID;
+    }
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
-                                              size_t storage_data_length,
-                                              uint8_t **key_data,
-                                              size_t *key_data_length,
-                                              psa_core_key_attributes_t *attr )
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+                                             size_t storage_data_length,
+                                             uint8_t **key_data,
+                                             size_t *key_data_length,
+                                             psa_core_key_attributes_t *attr)
 {
     psa_status_t status;
     const psa_persistent_key_storage_format *storage_format =
-        (const psa_persistent_key_storage_format *)storage_data;
+        (const psa_persistent_key_storage_format *) storage_data;
     uint32_t version;
 
-    if( storage_data_length < sizeof(*storage_format) )
-        return( PSA_ERROR_DATA_INVALID );
+    if (storage_data_length < sizeof(*storage_format)) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    status = check_magic_header( storage_data );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = check_magic_header(storage_data);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
-    if( version != 0 )
-        return( PSA_ERROR_DATA_INVALID );
+    version = MBEDTLS_GET_UINT32_LE(storage_format->version, 0);
+    if (version != 0) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
-    if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
-        *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
-        return( PSA_ERROR_DATA_INVALID );
+    *key_data_length = MBEDTLS_GET_UINT32_LE(storage_format->data_len, 0);
+    if (*key_data_length > (storage_data_length - sizeof(*storage_format)) ||
+        *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+        return PSA_ERROR_DATA_INVALID;
+    }
 
-    if( *key_data_length == 0 )
-    {
+    if (*key_data_length == 0) {
         *key_data = NULL;
-    }
-    else
-    {
-        *key_data = mbedtls_calloc( 1, *key_data_length );
-        if( *key_data == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( *key_data, storage_format->key_data, *key_data_length );
+    } else {
+        *key_data = mbedtls_calloc(1, *key_data_length);
+        if (*key_data == NULL) {
+            return PSA_ERROR_INSUFFICIENT_MEMORY;
+        }
+        memcpy(*key_data, storage_format->key_data, *key_data_length);
     }
 
-    attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
-    attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
-    attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
-    attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
-    attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
-    attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
+    attr->lifetime = MBEDTLS_GET_UINT32_LE(storage_format->lifetime, 0);
+    attr->type = MBEDTLS_GET_UINT16_LE(storage_format->type, 0);
+    attr->bits = MBEDTLS_GET_UINT16_LE(storage_format->bits, 0);
+    attr->policy.usage = MBEDTLS_GET_UINT32_LE(storage_format->policy, 0);
+    attr->policy.alg = MBEDTLS_GET_UINT32_LE(storage_format->policy, sizeof(uint32_t));
+    attr->policy.alg2 = MBEDTLS_GET_UINT32_LE(storage_format->policy, 2 * sizeof(uint32_t));
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
-                                      const uint8_t *data,
-                                      const size_t data_length )
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+                                     const uint8_t *data,
+                                     const size_t data_length)
 {
     size_t storage_data_length;
     uint8_t *storage_data;
     psa_status_t status;
 
     /* All keys saved to persistent storage always have a key context */
-    if( data == NULL || data_length == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
-        return( PSA_ERROR_INSUFFICIENT_STORAGE );
-    storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
-
-    storage_data = mbedtls_calloc( 1, storage_data_length );
-    if( storage_data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    psa_format_key_data_for_storage( data, data_length, attr, storage_data );
-
-    status = psa_crypto_storage_store( attr->id,
-                                       storage_data, storage_data_length );
-
-    mbedtls_platform_zeroize( storage_data, storage_data_length );
-    mbedtls_free( storage_data );
-
-    return( status );
-}
-
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
-{
-    if( key_data != NULL )
-    {
-        mbedtls_platform_zeroize( key_data, key_data_length );
+    if (data == NULL || data_length == 0) {
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
-    mbedtls_free( key_data );
+
+    if (data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) {
+        return PSA_ERROR_INSUFFICIENT_STORAGE;
+    }
+    storage_data_length = data_length + sizeof(psa_persistent_key_storage_format);
+
+    storage_data = mbedtls_calloc(1, storage_data_length);
+    if (storage_data == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
+
+    psa_format_key_data_for_storage(data, data_length, attr, storage_data);
+
+    status = psa_crypto_storage_store(attr->id,
+                                      storage_data, storage_data_length);
+
+    mbedtls_platform_zeroize(storage_data, storage_data_length);
+    mbedtls_free(storage_data);
+
+    return status;
 }
 
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
-                                      uint8_t **data,
-                                      size_t *data_length )
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
+{
+    if (key_data != NULL) {
+        mbedtls_platform_zeroize(key_data, key_data_length);
+    }
+    mbedtls_free(key_data);
+}
+
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+                                     uint8_t **data,
+                                     size_t *data_length)
 {
     psa_status_t status = PSA_SUCCESS;
     uint8_t *loaded_data;
     size_t storage_data_length = 0;
     mbedtls_svc_key_id_t key = attr->id;
 
-    status = psa_crypto_storage_get_data_length( key, &storage_data_length );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_crypto_storage_get_data_length(key, &storage_data_length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    loaded_data = mbedtls_calloc( 1, storage_data_length );
+    loaded_data = mbedtls_calloc(1, storage_data_length);
 
-    if( loaded_data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
+    if (loaded_data == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
 
-    status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
-    if( status != PSA_SUCCESS )
+    status = psa_crypto_storage_load(key, loaded_data, storage_data_length);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
-    status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
-                                              data, data_length, attr );
+    status = psa_parse_key_data_from_storage(loaded_data, storage_data_length,
+                                             data, data_length, attr);
 
     /* All keys saved to persistent storage always have a key context */
-    if( status == PSA_SUCCESS &&
-        ( *data == NULL || *data_length == 0 ) )
+    if (status == PSA_SUCCESS &&
+        (*data == NULL || *data_length == 0)) {
         status = PSA_ERROR_STORAGE_FAILURE;
+    }
 
 exit:
-    mbedtls_platform_zeroize( loaded_data, storage_data_length );
-    mbedtls_free( loaded_data );
-    return( status );
+    mbedtls_platform_zeroize(loaded_data, storage_data_length);
+    mbedtls_free(loaded_data);
+    return status;
 }
 
 
@@ -404,47 +418,48 @@
 
 psa_crypto_transaction_t psa_crypto_transaction;
 
-psa_status_t psa_crypto_save_transaction( void )
+psa_status_t psa_crypto_save_transaction(void)
 {
     struct psa_storage_info_t p_info;
     psa_status_t status;
-    status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
-    if( status == PSA_SUCCESS )
-    {
+    status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info);
+    if (status == PSA_SUCCESS) {
         /* This shouldn't happen: we're trying to start a transaction while
          * there is still a transaction that hasn't been replayed. */
-        return( PSA_ERROR_CORRUPTION_DETECTED );
+        return PSA_ERROR_CORRUPTION_DETECTED;
+    } else if (status != PSA_ERROR_DOES_NOT_EXIST) {
+        return status;
     }
-    else if( status != PSA_ERROR_DOES_NOT_EXIST )
-        return( status );
-    return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
-                         sizeof( psa_crypto_transaction ),
-                         &psa_crypto_transaction,
-                         0 ) );
+    return psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID,
+                       sizeof(psa_crypto_transaction),
+                       &psa_crypto_transaction,
+                       0);
 }
 
-psa_status_t psa_crypto_load_transaction( void )
+psa_status_t psa_crypto_load_transaction(void)
 {
     psa_status_t status;
     size_t length;
-    status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
-                          sizeof( psa_crypto_transaction ),
-                          &psa_crypto_transaction, &length );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( length != sizeof( psa_crypto_transaction ) )
-        return( PSA_ERROR_DATA_INVALID );
-    return( PSA_SUCCESS );
+    status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
+                         sizeof(psa_crypto_transaction),
+                         &psa_crypto_transaction, &length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+    if (length != sizeof(psa_crypto_transaction)) {
+        return PSA_ERROR_DATA_INVALID;
+    }
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_crypto_stop_transaction( void )
+psa_status_t psa_crypto_stop_transaction(void)
 {
-    psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
+    psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID);
     /* Whether or not updating the storage succeeded, the transaction is
      * finished now. It's too late to go back, so zero out the in-memory
      * data. */
-    memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
-    return( status );
+    memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction));
+    return status;
 }
 
 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
@@ -456,24 +471,21 @@
 /****************************************************************/
 
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
-                                                 size_t seed_size )
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+                                                size_t seed_size)
 {
     psa_status_t status;
     struct psa_storage_info_t p_info;
 
-    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+    status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info);
 
-    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
-    {
-        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-    }
-    else if( PSA_SUCCESS == status )
-    {
+    if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */
+        status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0);
+    } else if (PSA_SUCCESS == status) {
         /* You should not be here. Seed needs to be injected only once */
         status = PSA_ERROR_NOT_PERMITTED;
     }
-    return( status );
+    return status;
 }
 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 970e108..8e108c5 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -35,7 +35,7 @@
 
 /* Limit the maximum key size in storage. This should have no effect
  * since the key size is limited in memory. */
-#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) )
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
 /* Sanity check: a file size must fit in 32 bits. Allow a generous
  * 64kB of metadata. */
 #if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
@@ -72,7 +72,7 @@
  * \retval 1
  *         Persistent data present for slot number
  */
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
+int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key);
 
 /**
  * \brief Format key data and metadata and save to a location for given key
@@ -105,9 +105,9 @@
  * \retval #PSA_ERROR_DATA_INVALID
  * \retval #PSA_ERROR_DATA_CORRUPT
  */
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
-                                      const uint8_t *data,
-                                      const size_t data_length );
+psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
+                                     const uint8_t *data,
+                                     const size_t data_length);
 
 /**
  * \brief Parses key data and metadata and load persistent key for given
@@ -135,9 +135,9 @@
  * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_DOES_NOT_EXIST
  */
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
-                                      uint8_t **data,
-                                      size_t *data_length );
+psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
+                                     uint8_t **data,
+                                     size_t *data_length);
 
 /**
  * \brief Remove persistent data for the given key slot number.
@@ -150,7 +150,7 @@
  *         or the key did not exist.
  * \retval #PSA_ERROR_DATA_INVALID
  */
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
+psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key);
 
 /**
  * \brief Free the temporary buffer allocated by psa_load_persistent_key().
@@ -162,7 +162,7 @@
  * \param key_data_length Size of the key data buffer.
  *
  */
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
+void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length);
 
 /**
  * \brief Formats key data and metadata for persistent storage
@@ -173,10 +173,10 @@
  * \param[out] storage_data Output buffer for the formatted data.
  *
  */
-void psa_format_key_data_for_storage( const uint8_t *data,
-                                      const size_t data_length,
-                                      const psa_core_key_attributes_t *attr,
-                                      uint8_t *storage_data );
+void psa_format_key_data_for_storage(const uint8_t *data,
+                                     const size_t data_length,
+                                     const psa_core_key_attributes_t *attr,
+                                     uint8_t *storage_data);
 
 /**
  * \brief Parses persistent storage data into key data and metadata
@@ -194,11 +194,11 @@
  * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
  * \retval #PSA_ERROR_DATA_INVALID
  */
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
-                                              size_t storage_data_length,
-                                              uint8_t **key_data,
-                                              size_t *key_data_length,
-                                              psa_core_key_attributes_t *attr );
+psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
+                                             size_t storage_data_length,
+                                             uint8_t **key_data,
+                                             size_t *key_data_length,
+                                             psa_core_key_attributes_t *attr);
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 /** This symbol is defined if transaction support is required. */
@@ -220,7 +220,7 @@
  * This has the value 0, so zero-initialization sets a transaction's type to
  * this value.
  */
-#define PSA_CRYPTO_TRANSACTION_NONE             ( (psa_crypto_transaction_type_t) 0x0000 )
+#define PSA_CRYPTO_TRANSACTION_NONE             ((psa_crypto_transaction_type_t) 0x0000)
 
 /** A key creation transaction.
  *
@@ -228,7 +228,7 @@
  * Keys in RAM or in internal storage are created atomically in storage
  * (simple file creation), so they do not need a transaction mechanism.
  */
-#define PSA_CRYPTO_TRANSACTION_CREATE_KEY       ( (psa_crypto_transaction_type_t) 0x0001 )
+#define PSA_CRYPTO_TRANSACTION_CREATE_KEY       ((psa_crypto_transaction_type_t) 0x0001)
 
 /** A key destruction transaction.
  *
@@ -236,7 +236,7 @@
  * Keys in RAM or in internal storage are destroyed atomically in storage
  * (simple file deletion), so they do not need a transaction mechanism.
  */
-#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY      ( (psa_crypto_transaction_type_t) 0x0002 )
+#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY      ((psa_crypto_transaction_type_t) 0x0002)
 
 /** Transaction data.
  *
@@ -274,8 +274,7 @@
  * in psa_crypto.c. If you add a new type of transaction, be
  * sure to add code for it in psa_crypto_recover_transaction().
  */
-typedef union
-{
+typedef union {
     /* Each element of this union must have the following properties
      * to facilitate serialization and deserialization:
      *
@@ -284,8 +283,7 @@
      * - Elements of the struct are arranged such a way that there is
      *   no padding.
      */
-    struct psa_crypto_transaction_unknown_s
-    {
+    struct psa_crypto_transaction_unknown_s {
         psa_crypto_transaction_type_t type;
         uint16_t unused1;
         uint32_t unused2;
@@ -294,8 +292,7 @@
     } unknown;
     /* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
      * #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
-    struct psa_crypto_transaction_key_s
-    {
+    struct psa_crypto_transaction_key_s {
         psa_crypto_transaction_type_t type;
         uint16_t unused1;
         psa_key_lifetime_t lifetime;
@@ -315,7 +312,7 @@
  * \param type          The type of transaction to start.
  */
 static inline void psa_crypto_prepare_transaction(
-    psa_crypto_transaction_type_t type )
+    psa_crypto_transaction_type_t type)
 {
     psa_crypto_transaction.unknown.type = type;
 }
@@ -330,7 +327,7 @@
  * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
  * \retval #PSA_ERROR_STORAGE_FAILURE
  */
-psa_status_t psa_crypto_save_transaction( void );
+psa_status_t psa_crypto_save_transaction(void);
 
 /** Load the transaction data from storage, if any.
  *
@@ -346,7 +343,7 @@
  * \retval #PSA_ERROR_DATA_INVALID
  * \retval #PSA_ERROR_DATA_CORRUPT
  */
-psa_status_t psa_crypto_load_transaction( void );
+psa_status_t psa_crypto_load_transaction(void);
 
 /** Indicate that the current transaction is finished.
  *
@@ -366,13 +363,13 @@
  *         It was impossible to determine whether there was transaction data
  *         in storage, or the transaction data could not be erased.
  */
-psa_status_t psa_crypto_stop_transaction( void );
+psa_status_t psa_crypto_stop_transaction(void);
 
 /** The ITS file identifier for the transaction data.
  *
  * 0xffffffNN = special file; 0x74 = 't' for transaction.
  */
-#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
+#define PSA_CRYPTO_ITS_TRANSACTION_UID ((psa_key_id_t) 0xffffff74)
 
 #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
 
@@ -388,8 +385,8 @@
  * \retval #PSA_ERROR_NOT_PERMITTED
  *         The entropy seed file already exists.
  */
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
-                                                 size_t seed_size );
+psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed,
+                                                size_t seed_size);
 #endif /* MBEDTLS_PSA_INJECT_ENTROPY */
 
 #ifdef __cplusplus
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index a35ac24..9748616 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -42,10 +42,10 @@
 #define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
 #define PSA_ITS_STORAGE_SUFFIX ".psa_its"
 #define PSA_ITS_STORAGE_FILENAME_LENGTH         \
-    ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
-      16 + /*UID (64-bit number in hex)*/                               \
-      sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
-      1 /*terminating null byte*/ )
+    (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 +    /*prefix without terminating 0*/ \
+     16 +  /*UID (64-bit number in hex)*/                               \
+     sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 +    /*suffix without terminating 0*/ \
+     1 /*terminating null byte*/)
 #define PSA_ITS_STORAGE_TEMP \
     PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
 
@@ -59,133 +59,143 @@
  * use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
  * Returns 0 on success, nonzero on failure. */
 #if defined(_WIN32)
-#define rename_replace_existing( oldpath, newpath ) \
-    ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
+#define rename_replace_existing(oldpath, newpath) \
+    (!MoveFileExA(oldpath, newpath, MOVEFILE_REPLACE_EXISTING))
 #else
-#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
+#define rename_replace_existing(oldpath, newpath) rename(oldpath, newpath)
 #endif
 
-typedef struct
-{
+typedef struct {
     uint8_t magic[PSA_ITS_MAGIC_LENGTH];
-    uint8_t size[sizeof( uint32_t )];
-    uint8_t flags[sizeof( psa_storage_create_flags_t )];
+    uint8_t size[sizeof(uint32_t)];
+    uint8_t flags[sizeof(psa_storage_create_flags_t)];
 } psa_its_file_header_t;
 
-static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
+static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename)
 {
     /* Break up the UID into two 32-bit pieces so as not to rely on
      * long long support in snprintf. */
-    mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
-                      "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
-                      PSA_ITS_STORAGE_PREFIX,
-                      (unsigned) ( uid >> 32 ),
-                      (unsigned) ( uid & 0xffffffff ),
-                      PSA_ITS_STORAGE_SUFFIX );
+    mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
+                     "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
+                     PSA_ITS_STORAGE_PREFIX,
+                     (unsigned) (uid >> 32),
+                     (unsigned) (uid & 0xffffffff),
+                     PSA_ITS_STORAGE_SUFFIX);
 }
 
-static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
-                                       struct psa_storage_info_t *p_info,
-                                       FILE **p_stream )
+static psa_status_t psa_its_read_file(psa_storage_uid_t uid,
+                                      struct psa_storage_info_t *p_info,
+                                      FILE **p_stream)
 {
     char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
     psa_its_file_header_t header;
     size_t n;
 
     *p_stream = NULL;
-    psa_its_fill_filename( uid, filename );
-    *p_stream = fopen( filename, "rb" );
-    if( *p_stream == NULL )
-        return( PSA_ERROR_DOES_NOT_EXIST );
+    psa_its_fill_filename(uid, filename);
+    *p_stream = fopen(filename, "rb");
+    if (*p_stream == NULL) {
+        return PSA_ERROR_DOES_NOT_EXIST;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( *p_stream, NULL );
+    mbedtls_setbuf(*p_stream, NULL);
 
-    n = fread( &header, 1, sizeof( header ), *p_stream );
-    if( n != sizeof( header ) )
-        return( PSA_ERROR_DATA_CORRUPT );
-    if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
-                PSA_ITS_MAGIC_LENGTH ) != 0 )
-        return( PSA_ERROR_DATA_CORRUPT );
+    n = fread(&header, 1, sizeof(header), *p_stream);
+    if (n != sizeof(header)) {
+        return PSA_ERROR_DATA_CORRUPT;
+    }
+    if (memcmp(header.magic, PSA_ITS_MAGIC_STRING,
+               PSA_ITS_MAGIC_LENGTH) != 0) {
+        return PSA_ERROR_DATA_CORRUPT;
+    }
 
-    p_info->size = ( header.size[0] |
-                     header.size[1] << 8 |
-                     header.size[2] << 16 |
-                     header.size[3] << 24 );
-    p_info->flags = ( header.flags[0] |
-                      header.flags[1] << 8 |
-                      header.flags[2] << 16 |
-                      header.flags[3] << 24 );
-    return( PSA_SUCCESS );
+    p_info->size = (header.size[0] |
+                    header.size[1] << 8 |
+                    header.size[2] << 16 |
+                    header.size[3] << 24);
+    p_info->flags = (header.flags[0] |
+                     header.flags[1] << 8 |
+                     header.flags[2] << 16 |
+                     header.flags[3] << 24);
+    return PSA_SUCCESS;
 }
 
-psa_status_t psa_its_get_info( psa_storage_uid_t uid,
-                               struct psa_storage_info_t *p_info )
+psa_status_t psa_its_get_info(psa_storage_uid_t uid,
+                              struct psa_storage_info_t *p_info)
 {
     psa_status_t status;
     FILE *stream = NULL;
-    status = psa_its_read_file( uid, p_info, &stream );
-    if( stream != NULL )
-        fclose( stream );
-    return( status );
+    status = psa_its_read_file(uid, p_info, &stream);
+    if (stream != NULL) {
+        fclose(stream);
+    }
+    return status;
 }
 
-psa_status_t psa_its_get( psa_storage_uid_t uid,
-                          uint32_t data_offset,
-                          uint32_t data_length,
-                          void *p_data,
-                          size_t *p_data_length )
+psa_status_t psa_its_get(psa_storage_uid_t uid,
+                         uint32_t data_offset,
+                         uint32_t data_length,
+                         void *p_data,
+                         size_t *p_data_length)
 {
     psa_status_t status;
     FILE *stream = NULL;
     size_t n;
     struct psa_storage_info_t info;
 
-    status = psa_its_read_file( uid, &info, &stream );
-    if( status != PSA_SUCCESS )
+    status = psa_its_read_file(uid, &info, &stream);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
     status = PSA_ERROR_INVALID_ARGUMENT;
-    if( data_offset + data_length < data_offset )
+    if (data_offset + data_length < data_offset) {
         goto exit;
+    }
 #if SIZE_MAX < 0xffffffff
-    if( data_offset + data_length > SIZE_MAX )
+    if (data_offset + data_length > SIZE_MAX) {
         goto exit;
+    }
 #endif
-    if( data_offset + data_length > info.size )
+    if (data_offset + data_length > info.size) {
         goto exit;
+    }
 
     status = PSA_ERROR_STORAGE_FAILURE;
 #if LONG_MAX < 0xffffffff
-    while( data_offset > LONG_MAX )
-    {
-        if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
+    while (data_offset > LONG_MAX) {
+        if (fseek(stream, LONG_MAX, SEEK_CUR) != 0) {
             goto exit;
+        }
         data_offset -= LONG_MAX;
     }
 #endif
-    if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
+    if (fseek(stream, data_offset, SEEK_CUR) != 0) {
         goto exit;
-    n = fread( p_data, 1, data_length, stream );
-    if( n != data_length )
+    }
+    n = fread(p_data, 1, data_length, stream);
+    if (n != data_length) {
         goto exit;
+    }
     status = PSA_SUCCESS;
-    if( p_data_length != NULL )
+    if (p_data_length != NULL) {
         *p_data_length = n;
+    }
 
 exit:
-    if( stream != NULL )
-        fclose( stream );
-    return( status );
+    if (stream != NULL) {
+        fclose(stream);
+    }
+    return status;
 }
 
-psa_status_t psa_its_set( psa_storage_uid_t uid,
-                          uint32_t data_length,
-                          const void *p_data,
-                          psa_storage_create_flags_t create_flags )
+psa_status_t psa_its_set(psa_storage_uid_t uid,
+                         uint32_t data_length,
+                         const void *p_data,
+                         psa_storage_create_flags_t create_flags)
 {
-    if( uid == 0 )
-    {
-        return( PSA_ERROR_INVALID_HANDLE );
+    if (uid == 0) {
+        return PSA_ERROR_INVALID_HANDLE;
     }
 
     psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
@@ -194,64 +204,68 @@
     psa_its_file_header_t header;
     size_t n;
 
-    memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
-    MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
-    MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
+    memcpy(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH);
+    MBEDTLS_PUT_UINT32_LE(data_length, header.size, 0);
+    MBEDTLS_PUT_UINT32_LE(create_flags, header.flags, 0);
 
-    psa_its_fill_filename( uid, filename );
-    stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
+    psa_its_fill_filename(uid, filename);
+    stream = fopen(PSA_ITS_STORAGE_TEMP, "wb");
 
-    if( stream == NULL )
+    if (stream == NULL) {
         goto exit;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf( stream, NULL );
+    mbedtls_setbuf(stream, NULL);
 
     status = PSA_ERROR_INSUFFICIENT_STORAGE;
-    n = fwrite( &header, 1, sizeof( header ), stream );
-    if( n != sizeof( header ) )
+    n = fwrite(&header, 1, sizeof(header), stream);
+    if (n != sizeof(header)) {
         goto exit;
-    if( data_length != 0 )
-    {
-        n = fwrite( p_data, 1, data_length, stream );
-        if( n != data_length )
+    }
+    if (data_length != 0) {
+        n = fwrite(p_data, 1, data_length, stream);
+        if (n != data_length) {
             goto exit;
+        }
     }
     status = PSA_SUCCESS;
 
 exit:
-    if( stream != NULL )
-    {
-        int ret = fclose( stream );
-        if( status == PSA_SUCCESS && ret != 0 )
+    if (stream != NULL) {
+        int ret = fclose(stream);
+        if (status == PSA_SUCCESS && ret != 0) {
             status = PSA_ERROR_INSUFFICIENT_STORAGE;
+        }
     }
-    if( status == PSA_SUCCESS )
-    {
-        if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
+    if (status == PSA_SUCCESS) {
+        if (rename_replace_existing(PSA_ITS_STORAGE_TEMP, filename) != 0) {
             status = PSA_ERROR_STORAGE_FAILURE;
+        }
     }
     /* The temporary file may still exist, but only in failure cases where
      * we're already reporting an error. So there's nothing we can do on
      * failure. If the function succeeded, and in some error cases, the
      * temporary file doesn't exist and so remove() is expected to fail.
      * Thus we just ignore the return status of remove(). */
-    (void) remove( PSA_ITS_STORAGE_TEMP );
-    return( status );
+    (void) remove(PSA_ITS_STORAGE_TEMP);
+    return status;
 }
 
-psa_status_t psa_its_remove( psa_storage_uid_t uid )
+psa_status_t psa_its_remove(psa_storage_uid_t uid)
 {
     char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
     FILE *stream;
-    psa_its_fill_filename( uid, filename );
-    stream = fopen( filename, "rb" );
-    if( stream == NULL )
-        return( PSA_ERROR_DOES_NOT_EXIST );
-    fclose( stream );
-    if( remove( filename ) != 0 )
-        return( PSA_ERROR_STORAGE_FAILURE );
-    return( PSA_SUCCESS );
+    psa_its_fill_filename(uid, filename);
+    stream = fopen(filename, "rb");
+    if (stream == NULL) {
+        return PSA_ERROR_DOES_NOT_EXIST;
+    }
+    fclose(stream);
+    if (remove(filename) != 0) {
+        return PSA_ERROR_STORAGE_FAILURE;
+    }
+    return PSA_SUCCESS;
 }
 
 #endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 6212cb2..eed664f 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -37,21 +37,22 @@
 
 #if !defined(MBEDTLS_RIPEMD160_ALT)
 
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
+void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
+    memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
 }
 
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
+void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
 }
 
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src )
+void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
+                             const mbedtls_ripemd160_context *src)
 {
     *dst = *src;
 }
@@ -59,7 +60,7 @@
 /*
  * RIPEMD-160 context setup
  */
-int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
+int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
 {
     ctx->total[0] = 0;
     ctx->total[1] = 0;
@@ -70,37 +71,36 @@
     ctx->state[3] = 0x10325476;
     ctx->state[4] = 0xC3D2E1F0;
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
 /*
  * Process one block
  */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] )
+int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
+                                       const unsigned char data[64])
 {
-    struct
-    {
+    struct {
         uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
     } local;
 
-    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
-    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
-    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
-    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
-    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
-    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
-    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
-    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
-    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
-    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
-    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
-    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
-    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
-    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
-    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
-    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
+    local.X[0] = MBEDTLS_GET_UINT32_LE(data,  0);
+    local.X[1] = MBEDTLS_GET_UINT32_LE(data,  4);
+    local.X[2] = MBEDTLS_GET_UINT32_LE(data,  8);
+    local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
+    local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
+    local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
+    local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
+    local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
+    local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
+    local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
+    local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
+    local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
+    local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
+    local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
+    local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
+    local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
 
     local.A = local.Ap = ctx->state[0];
     local.B = local.Bp = ctx->state[1];
@@ -108,50 +108,50 @@
     local.D = local.Dp = ctx->state[3];
     local.E = local.Ep = ctx->state[4];
 
-#define F1( x, y, z )   ( (x) ^ (y) ^ (z) )
-#define F2( x, y, z )   ( ( (x) & (y) ) | ( ~(x) & (z) ) )
-#define F3( x, y, z )   ( ( (x) | ~(y) ) ^ (z) )
-#define F4( x, y, z )   ( ( (x) & (z) ) | ( (y) & ~(z) ) )
-#define F5( x, y, z )   ( (x) ^ ( (y) | ~(z) ) )
+#define F1(x, y, z)   ((x) ^ (y) ^ (z))
+#define F2(x, y, z)   (((x) & (y)) | (~(x) & (z)))
+#define F3(x, y, z)   (((x) | ~(y)) ^ (z))
+#define F4(x, y, z)   (((x) & (z)) | ((y) & ~(z)))
+#define F5(x, y, z)   ((x) ^ ((y) | ~(z)))
 
-#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
+#define S(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
 
-#define P( a, b, c, d, e, r, s, f, k )                      \
+#define P(a, b, c, d, e, r, s, f, k)                      \
     do                                                      \
     {                                                       \
-        (a) += f( (b), (c), (d) ) + local.X[r] + (k);       \
-        (a) = S( (a), (s) ) + (e);                          \
-        (c) = S( (c), 10 );                                 \
-    } while( 0 )
+        (a) += f((b), (c), (d)) + local.X[r] + (k);       \
+        (a) = S((a), (s)) + (e);                          \
+        (c) = S((c), 10);                                 \
+    } while (0)
 
-#define P2( a, b, c, d, e, r, s, rp, sp )                               \
+#define P2(a, b, c, d, e, r, s, rp, sp)                               \
     do                                                                  \
     {                                                                   \
-        P( (a), (b), (c), (d), (e), (r), (s), F, K );                   \
-        P( a ## p, b ## p, c ## p, d ## p, e ## p,                      \
-           (rp), (sp), Fp, Kp );                                        \
-    } while( 0 )
+        P((a), (b), (c), (d), (e), (r), (s), F, K);                   \
+        P(a ## p, b ## p, c ## p, d ## p, e ## p,                      \
+          (rp), (sp), Fp, Kp);                                        \
+    } while (0)
 
 #define F   F1
 #define K   0x00000000
 #define Fp  F5
 #define Kp  0x50A28BE6
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 11,  5,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D,  1, 14, 14,  9 );
-    P2( local.D, local.E, local.A, local.B, local.C,  2, 15,  7,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  3, 12,  0, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A,  4,  5,  9, 13 );
-    P2( local.A, local.B, local.C, local.D, local.E,  5,  8,  2, 15 );
-    P2( local.E, local.A, local.B, local.C, local.D,  6,  7, 11, 15 );
-    P2( local.D, local.E, local.A, local.B, local.C,  7,  9,  4,  5 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 11, 13,  7 );
-    P2( local.B, local.C, local.D, local.E, local.A,  9, 13,  6,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D, 11, 15,  8, 11 );
-    P2( local.D, local.E, local.A, local.B, local.C, 12,  6,  1, 14 );
-    P2( local.C, local.D, local.E, local.A, local.B, 13,  7, 10, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  9,  3, 12 );
-    P2( local.A, local.B, local.C, local.D, local.E, 15,  8, 12,  6 );
+    P2(local.A, local.B, local.C, local.D, local.E,  0, 11,  5,  8);
+    P2(local.E, local.A, local.B, local.C, local.D,  1, 14, 14,  9);
+    P2(local.D, local.E, local.A, local.B, local.C,  2, 15,  7,  9);
+    P2(local.C, local.D, local.E, local.A, local.B,  3, 12,  0, 11);
+    P2(local.B, local.C, local.D, local.E, local.A,  4,  5,  9, 13);
+    P2(local.A, local.B, local.C, local.D, local.E,  5,  8,  2, 15);
+    P2(local.E, local.A, local.B, local.C, local.D,  6,  7, 11, 15);
+    P2(local.D, local.E, local.A, local.B, local.C,  7,  9,  4,  5);
+    P2(local.C, local.D, local.E, local.A, local.B,  8, 11, 13,  7);
+    P2(local.B, local.C, local.D, local.E, local.A,  9, 13,  6,  7);
+    P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15,  8);
+    P2(local.E, local.A, local.B, local.C, local.D, 11, 15,  8, 11);
+    P2(local.D, local.E, local.A, local.B, local.C, 12,  6,  1, 14);
+    P2(local.C, local.D, local.E, local.A, local.B, 13,  7, 10, 14);
+    P2(local.B, local.C, local.D, local.E, local.A, 14,  9,  3, 12);
+    P2(local.A, local.B, local.C, local.D, local.E, 15,  8, 12,  6);
 #undef F
 #undef K
 #undef Fp
@@ -161,22 +161,22 @@
 #define K   0x5A827999
 #define Fp  F4
 #define Kp  0x5C4DD124
-    P2( local.E, local.A, local.B, local.C, local.D,  7,  7,  6,  9 );
-    P2( local.D, local.E, local.A, local.B, local.C,  4,  6, 11, 13 );
-    P2( local.C, local.D, local.E, local.A, local.B, 13,  8,  3, 15 );
-    P2( local.B, local.C, local.D, local.E, local.A,  1, 13,  7,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E, 10, 11,  0, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  6,  9, 13,  8 );
-    P2( local.D, local.E, local.A, local.B, local.C, 15,  7,  5,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  3, 15, 10, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  7, 14,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 12, 15,  7 );
-    P2( local.E, local.A, local.B, local.C, local.D,  9, 15,  8, 12 );
-    P2( local.D, local.E, local.A, local.B, local.C,  5,  9, 12,  7 );
-    P2( local.C, local.D, local.E, local.A, local.B,  2, 11,  4,  6 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  7,  9, 15 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 13,  1, 13 );
-    P2( local.E, local.A, local.B, local.C, local.D,  8, 12,  2, 11 );
+    P2(local.E, local.A, local.B, local.C, local.D,  7,  7,  6,  9);
+    P2(local.D, local.E, local.A, local.B, local.C,  4,  6, 11, 13);
+    P2(local.C, local.D, local.E, local.A, local.B, 13,  8,  3, 15);
+    P2(local.B, local.C, local.D, local.E, local.A,  1, 13,  7,  7);
+    P2(local.A, local.B, local.C, local.D, local.E, 10, 11,  0, 12);
+    P2(local.E, local.A, local.B, local.C, local.D,  6,  9, 13,  8);
+    P2(local.D, local.E, local.A, local.B, local.C, 15,  7,  5,  9);
+    P2(local.C, local.D, local.E, local.A, local.B,  3, 15, 10, 11);
+    P2(local.B, local.C, local.D, local.E, local.A, 12,  7, 14,  7);
+    P2(local.A, local.B, local.C, local.D, local.E,  0, 12, 15,  7);
+    P2(local.E, local.A, local.B, local.C, local.D,  9, 15,  8, 12);
+    P2(local.D, local.E, local.A, local.B, local.C,  5,  9, 12,  7);
+    P2(local.C, local.D, local.E, local.A, local.B,  2, 11,  4,  6);
+    P2(local.B, local.C, local.D, local.E, local.A, 14,  7,  9, 15);
+    P2(local.A, local.B, local.C, local.D, local.E, 11, 13,  1, 13);
+    P2(local.E, local.A, local.B, local.C, local.D,  8, 12,  2, 11);
 #undef F
 #undef K
 #undef Fp
@@ -186,22 +186,22 @@
 #define K   0x6ED9EBA1
 #define Fp  F3
 #define Kp  0x6D703EF3
-    P2( local.D, local.E, local.A, local.B, local.C,  3, 11, 15,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B, 10, 13,  5,  7 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  6,  1, 15 );
-    P2( local.A, local.B, local.C, local.D, local.E,  4,  7,  3, 11 );
-    P2( local.E, local.A, local.B, local.C, local.D,  9, 14,  7,  8 );
-    P2( local.D, local.E, local.A, local.B, local.C, 15,  9, 14,  6 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 13,  6,  6 );
-    P2( local.B, local.C, local.D, local.E, local.A,  1, 15,  9, 14 );
-    P2( local.A, local.B, local.C, local.D, local.E,  2, 14, 11, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  7,  8,  8, 13 );
-    P2( local.D, local.E, local.A, local.B, local.C,  0, 13, 12,  5 );
-    P2( local.C, local.D, local.E, local.A, local.B,  6,  6,  2, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 13,  5, 10, 13 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 12,  0, 13 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  7,  4,  7 );
-    P2( local.D, local.E, local.A, local.B, local.C, 12,  5, 13,  5 );
+    P2(local.D, local.E, local.A, local.B, local.C,  3, 11, 15,  9);
+    P2(local.C, local.D, local.E, local.A, local.B, 10, 13,  5,  7);
+    P2(local.B, local.C, local.D, local.E, local.A, 14,  6,  1, 15);
+    P2(local.A, local.B, local.C, local.D, local.E,  4,  7,  3, 11);
+    P2(local.E, local.A, local.B, local.C, local.D,  9, 14,  7,  8);
+    P2(local.D, local.E, local.A, local.B, local.C, 15,  9, 14,  6);
+    P2(local.C, local.D, local.E, local.A, local.B,  8, 13,  6,  6);
+    P2(local.B, local.C, local.D, local.E, local.A,  1, 15,  9, 14);
+    P2(local.A, local.B, local.C, local.D, local.E,  2, 14, 11, 12);
+    P2(local.E, local.A, local.B, local.C, local.D,  7,  8,  8, 13);
+    P2(local.D, local.E, local.A, local.B, local.C,  0, 13, 12,  5);
+    P2(local.C, local.D, local.E, local.A, local.B,  6,  6,  2, 14);
+    P2(local.B, local.C, local.D, local.E, local.A, 13,  5, 10, 13);
+    P2(local.A, local.B, local.C, local.D, local.E, 11, 12,  0, 13);
+    P2(local.E, local.A, local.B, local.C, local.D,  5,  7,  4,  7);
+    P2(local.D, local.E, local.A, local.B, local.C, 12,  5, 13,  5);
 #undef F
 #undef K
 #undef Fp
@@ -211,22 +211,22 @@
 #define K   0x8F1BBCDC
 #define Fp  F2
 #define Kp  0x7A6D76E9
-    P2( local.C, local.D, local.E, local.A, local.B,  1, 11,  8, 15 );
-    P2( local.B, local.C, local.D, local.E, local.A,  9, 12,  6,  5 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 14,  4,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D, 10, 15,  1, 11 );
-    P2( local.D, local.E, local.A, local.B, local.C,  0, 14,  3, 14 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 15, 11, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  9, 15,  6 );
-    P2( local.A, local.B, local.C, local.D, local.E,  4,  8,  0, 14 );
-    P2( local.E, local.A, local.B, local.C, local.D, 13,  9,  5,  6 );
-    P2( local.D, local.E, local.A, local.B, local.C,  3, 14, 12,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  7,  5,  2, 12 );
-    P2( local.B, local.C, local.D, local.E, local.A, 15,  6, 13,  9 );
-    P2( local.A, local.B, local.C, local.D, local.E, 14,  8,  9, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  6,  7,  5 );
-    P2( local.D, local.E, local.A, local.B, local.C,  6,  5, 10, 15 );
-    P2( local.C, local.D, local.E, local.A, local.B,  2, 12, 14,  8 );
+    P2(local.C, local.D, local.E, local.A, local.B,  1, 11,  8, 15);
+    P2(local.B, local.C, local.D, local.E, local.A,  9, 12,  6,  5);
+    P2(local.A, local.B, local.C, local.D, local.E, 11, 14,  4,  8);
+    P2(local.E, local.A, local.B, local.C, local.D, 10, 15,  1, 11);
+    P2(local.D, local.E, local.A, local.B, local.C,  0, 14,  3, 14);
+    P2(local.C, local.D, local.E, local.A, local.B,  8, 15, 11, 14);
+    P2(local.B, local.C, local.D, local.E, local.A, 12,  9, 15,  6);
+    P2(local.A, local.B, local.C, local.D, local.E,  4,  8,  0, 14);
+    P2(local.E, local.A, local.B, local.C, local.D, 13,  9,  5,  6);
+    P2(local.D, local.E, local.A, local.B, local.C,  3, 14, 12,  9);
+    P2(local.C, local.D, local.E, local.A, local.B,  7,  5,  2, 12);
+    P2(local.B, local.C, local.D, local.E, local.A, 15,  6, 13,  9);
+    P2(local.A, local.B, local.C, local.D, local.E, 14,  8,  9, 12);
+    P2(local.E, local.A, local.B, local.C, local.D,  5,  6,  7,  5);
+    P2(local.D, local.E, local.A, local.B, local.C,  6,  5, 10, 15);
+    P2(local.C, local.D, local.E, local.A, local.B,  2, 12, 14,  8);
 #undef F
 #undef K
 #undef Fp
@@ -236,22 +236,22 @@
 #define K   0xA953FD4E
 #define Fp  F1
 #define Kp  0x00000000
-    P2( local.B, local.C, local.D, local.E, local.A,  4,  9, 12,  8 );
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 15, 15,  5 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  5, 10, 12 );
-    P2( local.D, local.E, local.A, local.B, local.C,  9, 11,  4,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  7,  6,  1, 12 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  8,  5,  5 );
-    P2( local.A, local.B, local.C, local.D, local.E,  2, 13,  8, 14 );
-    P2( local.E, local.A, local.B, local.C, local.D, 10, 12,  7,  6 );
-    P2( local.D, local.E, local.A, local.B, local.C, 14,  5,  6,  8 );
-    P2( local.C, local.D, local.E, local.A, local.B,  1, 12,  2, 13 );
-    P2( local.B, local.C, local.D, local.E, local.A,  3, 13, 13,  6 );
-    P2( local.A, local.B, local.C, local.D, local.E,  8, 14, 14,  5 );
-    P2( local.E, local.A, local.B, local.C, local.D, 11, 11,  0, 15 );
-    P2( local.D, local.E, local.A, local.B, local.C,  6,  8,  3, 13 );
-    P2( local.C, local.D, local.E, local.A, local.B, 15,  5,  9, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A, 13,  6, 11, 11 );
+    P2(local.B, local.C, local.D, local.E, local.A,  4,  9, 12,  8);
+    P2(local.A, local.B, local.C, local.D, local.E,  0, 15, 15,  5);
+    P2(local.E, local.A, local.B, local.C, local.D,  5,  5, 10, 12);
+    P2(local.D, local.E, local.A, local.B, local.C,  9, 11,  4,  9);
+    P2(local.C, local.D, local.E, local.A, local.B,  7,  6,  1, 12);
+    P2(local.B, local.C, local.D, local.E, local.A, 12,  8,  5,  5);
+    P2(local.A, local.B, local.C, local.D, local.E,  2, 13,  8, 14);
+    P2(local.E, local.A, local.B, local.C, local.D, 10, 12,  7,  6);
+    P2(local.D, local.E, local.A, local.B, local.C, 14,  5,  6,  8);
+    P2(local.C, local.D, local.E, local.A, local.B,  1, 12,  2, 13);
+    P2(local.B, local.C, local.D, local.E, local.A,  3, 13, 13,  6);
+    P2(local.A, local.B, local.C, local.D, local.E,  8, 14, 14,  5);
+    P2(local.E, local.A, local.B, local.C, local.D, 11, 11,  0, 15);
+    P2(local.D, local.E, local.A, local.B, local.C,  6,  8,  3, 13);
+    P2(local.C, local.D, local.E, local.A, local.B, 15,  5,  9, 11);
+    P2(local.B, local.C, local.D, local.E, local.A, 13,  6, 11, 11);
 #undef F
 #undef K
 #undef Fp
@@ -265,9 +265,9 @@
     ctx->state[0] = local.C;
 
     /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
+    mbedtls_platform_zeroize(&local, sizeof(local));
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
@@ -275,16 +275,17 @@
 /*
  * RIPEMD-160 process buffer
  */
-int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
-                                  const unsigned char *input,
-                                  size_t ilen )
+int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
+                             const unsigned char *input,
+                             size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t fill;
     uint32_t left;
 
-    if( ilen == 0 )
-        return( 0 );
+    if (ilen == 0) {
+        return 0;
+    }
 
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
@@ -292,41 +293,41 @@
     ctx->total[0] += (uint32_t) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
-    if( ctx->total[0] < (uint32_t) ilen )
+    if (ctx->total[0] < (uint32_t) ilen) {
         ctx->total[1]++;
+    }
 
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
+    if (left && ilen >= fill) {
+        memcpy((void *) (ctx->buffer + left), input, fill);
 
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
         left = 0;
     }
 
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 )
-            return( ret );
+    while (ilen >= 64) {
+        if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
+            return ret;
+        }
 
         input += 64;
         ilen  -= 64;
     }
 
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    if (ilen > 0) {
+        memcpy((void *) (ctx->buffer + left), input, ilen);
     }
 
-    return( 0 );
+    return 0;
 }
 
 static const unsigned char ripemd160_padding[64] =
 {
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
@@ -335,39 +336,41 @@
 /*
  * RIPEMD-160 final digest
  */
-int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
-                                  unsigned char output[20] )
+int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
+                             unsigned char output[20])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t last, padn;
     uint32_t high, low;
     unsigned char msglen[8];
 
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
+    high = (ctx->total[0] >> 29)
+           | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
 
-    MBEDTLS_PUT_UINT32_LE( low,  msglen, 0 );
-    MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
+    MBEDTLS_PUT_UINT32_LE(low,  msglen, 0);
+    MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
 
     last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+    padn = (last < 56) ? (56 - last) : (120 - last);
 
-    ret = mbedtls_ripemd160_update( ctx, ripemd160_padding, padn );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ripemd160_update( ctx, msglen, 8 );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ripemd160_update(ctx, msglen, 8);
+    if (ret != 0) {
+        return ret;
+    }
 
-    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
+    MBEDTLS_PUT_UINT32_LE(ctx->state[0], output,  0);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[1], output,  4);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[2], output,  8);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
+    MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* ! MBEDTLS_RIPEMD160_ALT */
@@ -375,28 +378,31 @@
 /*
  * output = RIPEMD-160( input buffer )
  */
-int mbedtls_ripemd160( const unsigned char *input,
-                           size_t ilen,
-                           unsigned char output[20] )
+int mbedtls_ripemd160(const unsigned char *input,
+                      size_t ilen,
+                      unsigned char output[20])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ripemd160_context ctx;
 
-    mbedtls_ripemd160_init( &ctx );
+    mbedtls_ripemd160_init(&ctx);
 
-    if( ( ret = mbedtls_ripemd160_starts( &ctx ) ) != 0 )
+    if ((ret = mbedtls_ripemd160_starts(&ctx)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_ripemd160_update( &ctx, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_ripemd160_update(&ctx, input, ilen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_ripemd160_finish( &ctx, output ) ) != 0 )
+    if ((ret = mbedtls_ripemd160_finish(&ctx, output)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_ripemd160_free( &ctx );
+    mbedtls_ripemd160_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -445,43 +451,46 @@
 /*
  * Checkup routine
  */
-int mbedtls_ripemd160_self_test( int verbose )
+int mbedtls_ripemd160_self_test(int verbose)
 {
     int i, ret = 0;
     unsigned char output[20];
 
-    memset( output, 0, sizeof output );
+    memset(output, 0, sizeof output);
 
-    for( i = 0; i < TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  RIPEMD-160 test #%d: ", i + 1 );
+    for (i = 0; i < TESTS; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  RIPEMD-160 test #%d: ", i + 1);
+        }
 
-        ret = mbedtls_ripemd160( ripemd160_test_str[i],
-                                     ripemd160_test_strlen[i], output );
-        if( ret != 0 )
+        ret = mbedtls_ripemd160(ripemd160_test_str[i],
+                                ripemd160_test_strlen[i], output);
+        if (ret != 0) {
             goto fail;
+        }
 
-        if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
-        {
+        if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
             ret = 1;
             goto fail;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 
 fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/rsa.c b/library/rsa.c
index ae9e68b..df7d797 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -67,61 +67,65 @@
 
 #if !defined(MBEDTLS_RSA_ALT)
 
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E )
+int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
+                       const mbedtls_mpi *N,
+                       const mbedtls_mpi *P, const mbedtls_mpi *Q,
+                       const mbedtls_mpi *D, const mbedtls_mpi *E)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) ||
+        (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) ||
+        (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) ||
+        (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) ||
+        (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
     }
 
-    if( N != NULL )
-        ctx->len = mbedtls_mpi_size( &ctx->N );
+    if (N != NULL) {
+        ctx->len = mbedtls_mpi_size(&ctx->N);
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len )
+int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
+                           unsigned char const *N, size_t N_len,
+                           unsigned char const *P, size_t P_len,
+                           unsigned char const *Q, size_t Q_len,
+                           unsigned char const *D, size_t D_len,
+                           unsigned char const *E, size_t E_len)
 {
     int ret = 0;
 
-    if( N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
-        ctx->len = mbedtls_mpi_size( &ctx->N );
+    if (N != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len));
+        ctx->len = mbedtls_mpi_size(&ctx->N);
     }
 
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
+    if (P != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len));
+    }
 
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
+    if (Q != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len));
+    }
 
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
+    if (D != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len));
+    }
 
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
+    if (E != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len));
+    }
 
 cleanup:
 
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -129,8 +133,8 @@
  * that the RSA primitives will be able to execute without error.
  * It does *not* make guarantees for consistency of the parameters.
  */
-static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
-                              int blinding_needed )
+static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv,
+                             int blinding_needed)
 {
 #if !defined(MBEDTLS_RSA_NO_CRT)
     /* blinding_needed is only used for NO_CRT to decide whether
@@ -138,10 +142,9 @@
     ((void) blinding_needed);
 #endif
 
-    if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
-        ctx->len > MBEDTLS_MPI_MAX_SIZE )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ctx->len != mbedtls_mpi_size(&ctx->N) ||
+        ctx->len > MBEDTLS_MPI_MAX_SIZE) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 
     /*
@@ -150,23 +153,21 @@
 
     /* Modular exponentiation wrt. N is always used for
      * RSA public key operations. */
-    if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
-        mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0  )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 ||
+        mbedtls_mpi_get_bit(&ctx->N, 0) == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
     /* Modular exponentiation for P and Q is only
      * used for private key operations and if CRT
      * is used. */
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (is_priv &&
+        (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
+         mbedtls_mpi_get_bit(&ctx->P, 0) == 0 ||
+         mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 ||
+         mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 #endif /* !MBEDTLS_RSA_NO_CRT */
 
@@ -175,20 +176,21 @@
      */
 
     /* Always need E for public key operations */
-    if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_RSA_NO_CRT)
     /* For private key operations, use D or DP & DQ
      * as (unblinded) exponents. */
-    if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 #else
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (is_priv &&
+        (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 ||
+         mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 #endif /* MBEDTLS_RSA_NO_CRT */
 
@@ -196,28 +198,26 @@
      * so check that P, Q >= 1 if that hasn't yet been
      * done as part of 1. */
 #if defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv && blinding_needed &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (is_priv && blinding_needed &&
+        (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 ||
+         mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 #endif
 
     /* It wouldn't lead to an error if it wasn't satisfied,
      * but check for QP >= 1 nonetheless. */
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv &&
-        mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (is_priv &&
+        mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 #endif
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
+int mbedtls_rsa_complete(mbedtls_rsa_context *ctx)
 {
     int ret = 0;
     int have_N, have_P, have_Q, have_D, have_E;
@@ -226,16 +226,16 @@
 #endif
     int n_missing, pq_missing, d_missing, is_pub, is_priv;
 
-    have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
-    have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
-    have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
-    have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
-    have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
+    have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0);
+    have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0);
+    have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0);
+    have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0);
+    have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0);
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 );
-    have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 );
-    have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 );
+    have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0);
+    have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0);
+    have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0);
 #endif
 
     /*
@@ -256,44 +256,40 @@
     /* These three alternatives are mutually exclusive */
     is_priv = n_missing || pq_missing || d_missing;
 
-    if( !is_priv && !is_pub )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (!is_priv && !is_pub) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /*
      * Step 1: Deduce N if P, Q are provided.
      */
 
-    if( !have_N && have_P && have_Q )
-    {
-        if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
-                                         &ctx->Q ) ) != 0 )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if (!have_N && have_P && have_Q) {
+        if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P,
+                                       &ctx->Q)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
         }
 
-        ctx->len = mbedtls_mpi_size( &ctx->N );
+        ctx->len = mbedtls_mpi_size(&ctx->N);
     }
 
     /*
      * Step 2: Deduce and verify all remaining core parameters.
      */
 
-    if( pq_missing )
-    {
-        ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
-                                         &ctx->P, &ctx->Q );
-        if( ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if (pq_missing) {
+        ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D,
+                                        &ctx->P, &ctx->Q);
+        if (ret != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+        }
 
-    }
-    else if( d_missing )
-    {
-        if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P,
-                                                         &ctx->Q,
-                                                         &ctx->E,
-                                                         &ctx->D ) ) != 0 )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    } else if (d_missing) {
+        if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P,
+                                                       &ctx->Q,
+                                                       &ctx->E,
+                                                       &ctx->D)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
         }
     }
 
@@ -303,12 +299,12 @@
      */
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv && ! ( have_DP && have_DQ && have_QP ) )
-    {
-        ret = mbedtls_rsa_deduce_crt( &ctx->P,  &ctx->Q,  &ctx->D,
-                                      &ctx->DP, &ctx->DQ, &ctx->QP );
-        if( ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if (is_priv && !(have_DP && have_DQ && have_QP)) {
+        ret = mbedtls_rsa_deduce_crt(&ctx->P,  &ctx->Q,  &ctx->D,
+                                     &ctx->DP, &ctx->DQ, &ctx->QP);
+        if (ret != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
+        }
     }
 #endif /* MBEDTLS_RSA_NO_CRT */
 
@@ -316,92 +312,96 @@
      * Step 3: Basic sanity checks
      */
 
-    return( rsa_check_context( ctx, is_priv, 1 ) );
+    return rsa_check_context(ctx, is_priv, 1);
 }
 
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len )
+int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
+                           unsigned char *N, size_t N_len,
+                           unsigned char *P, size_t P_len,
+                           unsigned char *Q, size_t Q_len,
+                           unsigned char *D, size_t D_len,
+                           unsigned char *E, size_t E_len)
 {
     int ret = 0;
     int is_priv;
 
     /* Check if key is private or public */
     is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+        mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
 
-    if( !is_priv )
-    {
+    if (!is_priv) {
         /* If we're trying to export private parameters for a public key,
          * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (P != NULL || Q != NULL || D != NULL) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
     }
 
-    if( N != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
+    if (N != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len));
+    }
 
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
+    if (P != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len));
+    }
 
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
+    if (Q != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len));
+    }
 
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
+    if (D != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len));
+    }
 
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
+    if (E != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len));
+    }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E )
+int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
+                       mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
+                       mbedtls_mpi *D, mbedtls_mpi *E)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int is_priv;
 
     /* Check if key is private or public */
     is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+        mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
 
-    if( !is_priv )
-    {
+    if (!is_priv) {
         /* If we're trying to export private parameters for a public key,
          * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (P != NULL || Q != NULL || D != NULL) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
     }
 
     /* Export all requested core parameters. */
 
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
-    {
-        return( ret );
+    if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) ||
+        (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) ||
+        (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) ||
+        (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) ||
+        (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -410,48 +410,47 @@
  * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt
  * can be used in this case.
  */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
+int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
+                           mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int is_priv;
 
     /* Check if key is private or public */
     is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+        mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 &&
+        mbedtls_mpi_cmp_int(&ctx->E, 0) != 0;
 
-    if( !is_priv )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (!is_priv) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
     /* Export all requested blinding parameters. */
-    if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
-        ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
-        ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) ||
+        (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) ||
+        (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
     }
 #else
-    if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                        DP, DQ, QP ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
+    if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
+                                      DP, DQ, QP)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret);
     }
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Initialize an RSA context
  */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
+void mbedtls_rsa_init(mbedtls_rsa_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
+    memset(ctx, 0, sizeof(mbedtls_rsa_context));
 
     ctx->padding = MBEDTLS_RSA_PKCS_V15;
     ctx->hash_id = MBEDTLS_MD_NONE;
@@ -460,18 +459,17 @@
     /* Set ctx->ver to nonzero to indicate that the mutex has been
      * initialized and will need to be freed. */
     ctx->ver = 1;
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 }
 
 /*
  * Set padding for an existing RSA context
  */
-int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                             mbedtls_md_type_t hash_id )
+int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding,
+                            mbedtls_md_type_t hash_id)
 {
-    switch( padding )
-    {
+    switch (padding) {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
             break;
@@ -482,32 +480,32 @@
             break;
 #endif
         default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 
 #if defined(MBEDTLS_PKCS1_V21)
-    if( ( padding == MBEDTLS_RSA_PKCS_V21 ) &&
-        ( hash_id != MBEDTLS_MD_NONE ) )
-    {
+    if ((padding == MBEDTLS_RSA_PKCS_V21) &&
+        (hash_id != MBEDTLS_MD_NONE)) {
         /* Just make sure this hash is supported in this build. */
-        if( mbedtls_hash_info_psa_from_md( hash_id ) == PSA_ALG_NONE )
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+        if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) {
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
+        }
     }
 #endif /* MBEDTLS_PKCS1_V21 */
 
     ctx->padding = padding;
     ctx->hash_id = hash_id;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Get length in bytes of RSA modulus
  */
 
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
+size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
 {
-    return( ctx->len );
+    return ctx->len;
 }
 
 
@@ -519,10 +517,10 @@
  * This generation method follows the RSA key pair generation procedure of
  * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
  */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 unsigned int nbits, int exponent )
+int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng,
+                        unsigned int nbits, int exponent)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi H, G, L;
@@ -533,15 +531,15 @@
      * the RSA algorithm is less than or equal to 80 bits and therefore an error
      * rate of 2^-80 is sufficient.
      */
-    if( nbits > 1024 )
+    if (nbits > 1024) {
         prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
+    }
 
-    mbedtls_mpi_init( &H );
-    mbedtls_mpi_init( &G );
-    mbedtls_mpi_init( &L );
+    mbedtls_mpi_init(&H);
+    mbedtls_mpi_init(&G);
+    mbedtls_mpi_init(&L);
 
-    if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
-    {
+    if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
         ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
         goto cleanup;
     }
@@ -552,54 +550,56 @@
      * 2.  GCD( E, (P-1)*(Q-1) ) == 1
      * 3.  E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent));
 
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
-                                                prime_quality, f_rng, p_rng ) );
+    do {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1,
+                                              prime_quality, f_rng, p_rng));
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
-                                                prime_quality, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1,
+                                              prime_quality, f_rng, p_rng));
 
         /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
-        if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q));
+        if (mbedtls_mpi_bitlen(&H) <= ((nbits >= 200) ? ((nbits >> 1) - 99) : 0)) {
             continue;
+        }
 
         /* not required by any standards, but some users rely on the fact that P > Q */
-        if( H.s < 0 )
-            mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+        if (H.s < 0) {
+            mbedtls_mpi_swap(&ctx->P, &ctx->Q);
+        }
 
         /* Temporarily replace P,Q by P-1, Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q));
 
         /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H  ) );
-        if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H));
+        if (mbedtls_mpi_cmp_int(&G, 1) != 0) {
             continue;
+        }
 
         /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&L, NULL, &H, &G));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L));
 
-        if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
+        if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) {      // (FIPS 186-4 §B.3.1 criterion 3(a))
             continue;
+        }
 
         break;
-    }
-    while( 1 );
+    } while (1);
 
     /* Restore P,Q */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P,  &ctx->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q,  &ctx->Q, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P,  &ctx->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q,  &ctx->Q, 1));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q));
 
-    ctx->len = mbedtls_mpi_size( &ctx->N );
+    ctx->len = mbedtls_mpi_size(&ctx->N);
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
     /*
@@ -607,29 +607,29 @@
      * DQ = D mod (Q - 1)
      * QP = Q^-1 mod P
      */
-    MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                             &ctx->DP, &ctx->DQ, &ctx->QP ) );
+    MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D,
+                                           &ctx->DP, &ctx->DQ, &ctx->QP));
 #endif /* MBEDTLS_RSA_NO_CRT */
 
     /* Double-check */
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) );
+    MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx));
 
 cleanup:
 
-    mbedtls_mpi_free( &H );
-    mbedtls_mpi_free( &G );
-    mbedtls_mpi_free( &L );
+    mbedtls_mpi_free(&H);
+    mbedtls_mpi_free(&G);
+    mbedtls_mpi_free(&L);
 
-    if( ret != 0 )
-    {
-        mbedtls_rsa_free( ctx );
+    if (ret != 0) {
+        mbedtls_rsa_free(ctx);
 
-        if( ( -ret & ~0x7f ) == 0 )
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret );
-        return( ret );
+        if ((-ret & ~0x7f) == 0) {
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret);
+        }
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_GENPRIME */
@@ -637,120 +637,117 @@
 /*
  * Check a public RSA key
  */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
+int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx)
 {
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
-        mbedtls_mpi_bitlen( &ctx->E )     < 2  ||
-        mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (mbedtls_mpi_bitlen(&ctx->N) < 128) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    return( 0 );
+    if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 ||
+        mbedtls_mpi_bitlen(&ctx->E)     < 2  ||
+        mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+    }
+
+    return 0;
 }
 
 /*
  * Check for the consistency of all fields in an RSA private key context
  */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
+int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx)
 {
-    if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
-        rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (mbedtls_rsa_check_pubkey(ctx) != 0 ||
+        rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
-                                     &ctx->D, &ctx->E, NULL, NULL ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q,
+                                    &ctx->D, &ctx->E, NULL, NULL) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                       &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D,
+                                      &ctx->DP, &ctx->DQ, &ctx->QP) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Check if contexts holding a public and private key match
  */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv )
+int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
+                               const mbedtls_rsa_context *prv)
 {
-    if( mbedtls_rsa_check_pubkey( pub )  != 0 ||
-        mbedtls_rsa_check_privkey( prv ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (mbedtls_rsa_check_pubkey(pub)  != 0 ||
+        mbedtls_rsa_check_privkey(prv) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 ||
+        mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) {
+        return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Do an RSA public key operation
  */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output )
+int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
+                       const unsigned char *input,
+                       unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
     mbedtls_mpi T;
 
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
 
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
+    if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
         ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         goto cleanup;
     }
 
     olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
 
 cleanup:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) );
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -759,63 +756,62 @@
  *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
  *  Berlin Heidelberg, 1996. p. 104-113.
  */
-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+static int rsa_prepare_blinding(mbedtls_rsa_context *ctx,
+                                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     int ret, count = 0;
     mbedtls_mpi R;
 
-    mbedtls_mpi_init( &R );
+    mbedtls_mpi_init(&R);
 
-    if( ctx->Vf.p != NULL )
-    {
+    if (ctx->Vf.p != NULL) {
         /* We already have blinding values, just update them by squaring */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N));
 
         goto cleanup;
     }
 
     /* Unblinding value: Vf = random number, invertible mod N */
     do {
-        if( count++ > 10 )
-        {
+        if (count++ > 10) {
             ret = MBEDTLS_ERR_RSA_RNG_FAILED;
             goto cleanup;
         }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng));
 
         /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
 
         /* At this point, Vi is invertible mod N if and only if both Vf and R
          * are invertible mod N. If one of them isn't, we don't need to know
          * which one, we just loop and choose new values for both of them.
          * (Each iteration succeeds with overwhelming probability.) */
-        ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
-        if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+        ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N);
+        if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
             goto cleanup;
+        }
 
-    } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+    } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
 
     /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N));
 
     /* Blinding value: Vi = Vf^(-e) mod N
      * (Vi already contains Vf^-1 at this point) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN));
 
 
 cleanup:
-    mbedtls_mpi_free( &R );
+    mbedtls_mpi_free(&R);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -842,11 +838,11 @@
 /*
  * Do an RSA private key operation
  */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output )
+int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng,
+                        const unsigned char *input,
+                        unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
@@ -883,103 +879,103 @@
      * checked result; should be the same in the end. */
     mbedtls_mpi I, C;
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if( rsa_check_context( ctx, 1 /* private key checks */,
-                                1 /* blinding on        */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (rsa_check_context(ctx, 1 /* private key checks */,
+                          1 /* blinding on        */) != 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
     /* MPI Initialization */
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&T);
 
-    mbedtls_mpi_init( &P1 );
-    mbedtls_mpi_init( &Q1 );
-    mbedtls_mpi_init( &R );
+    mbedtls_mpi_init(&P1);
+    mbedtls_mpi_init(&Q1);
+    mbedtls_mpi_init(&R);
 
 #if defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_init( &D_blind );
+    mbedtls_mpi_init(&D_blind);
 #else
-    mbedtls_mpi_init( &DP_blind );
-    mbedtls_mpi_init( &DQ_blind );
+    mbedtls_mpi_init(&DP_blind);
+    mbedtls_mpi_init(&DQ_blind);
 #endif
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
+    mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ);
 #endif
 
-    mbedtls_mpi_init( &I );
-    mbedtls_mpi_init( &C );
+    mbedtls_mpi_init(&I);
+    mbedtls_mpi_init(&C);
 
     /* End of MPI initialization */
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len));
+    if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) {
         ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T));
 
     /*
      * Blinding
      * T = T * Vi mod N
      */
-    MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+    MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
 
     /*
      * Exponent blinding
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1));
 
 #if defined(MBEDTLS_RSA_NO_CRT)
     /*
      * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                     f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+                                            f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D));
 
     D = &D_blind;
 #else
     /*
      * DP_blind = ( P - 1 ) * R + DP
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                     f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
-                &ctx->DP ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+                                            f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind,
+                                        &ctx->DP));
 
     DP = &DP_blind;
 
     /*
      * DQ_blind = ( Q - 1 ) * R + DQ
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                     f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
-                &ctx->DQ ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING,
+                                            f_rng, p_rng));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind,
+                                        &ctx->DQ));
 
     DQ = &DQ_blind;
 #endif /* MBEDTLS_RSA_NO_CRT */
 
 #if defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN));
 #else
     /*
      * Faster decryption using the CRT
@@ -988,72 +984,73 @@
      * TQ = input ^ dQ mod Q
      */
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ));
 
     /*
      * T = (TP - TQ) * (Q^-1 mod P) mod P
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P));
 
     /*
      * T = TQ + T * Q
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP));
 #endif /* MBEDTLS_RSA_NO_CRT */
 
     /*
      * Unblind
      * T = T * Vf mod N
      */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N));
 
     /* Verify the result to prevent glitching attacks. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
-                                          &ctx->N, &ctx->RN ) );
-    if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
-    {
+    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E,
+                                        &ctx->N, &ctx->RN));
+    if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) {
         ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
         goto cleanup;
     }
 
     olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen));
 
 cleanup:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    mbedtls_mpi_free( &P1 );
-    mbedtls_mpi_free( &Q1 );
-    mbedtls_mpi_free( &R );
+    mbedtls_mpi_free(&P1);
+    mbedtls_mpi_free(&Q1);
+    mbedtls_mpi_free(&R);
 
 #if defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &D_blind );
+    mbedtls_mpi_free(&D_blind);
 #else
-    mbedtls_mpi_free( &DP_blind );
-    mbedtls_mpi_free( &DQ_blind );
+    mbedtls_mpi_free(&DP_blind);
+    mbedtls_mpi_free(&DQ_blind);
 #endif
 
-    mbedtls_mpi_free( &T );
+    mbedtls_mpi_free(&T);
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
+    mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ);
 #endif
 
-    mbedtls_mpi_free( &C );
-    mbedtls_mpi_free( &I );
+    mbedtls_mpi_free(&C);
+    mbedtls_mpi_free(&I);
 
-    if( ret != 0 && ret >= -0x007f )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) );
+    if (ret != 0 && ret >= -0x007f) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret);
+    }
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_PKCS1_V21)
@@ -1066,8 +1063,8 @@
  * \param slen      length of the source buffer
  * \param md_alg    message digest to use
  */
-static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
-                      size_t slen, mbedtls_md_type_t md_alg )
+static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
+                    size_t slen, mbedtls_md_type_t md_alg)
 {
     unsigned char counter[4];
     unsigned char *p;
@@ -1079,60 +1076,71 @@
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
 
-    mbedtls_md_init( &md_ctx );
-    md_info = mbedtls_md_info_from_type( md_alg );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    mbedtls_md_init(&md_ctx);
+    md_info = mbedtls_md_info_from_type(md_alg);
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    mbedtls_md_init(&md_ctx);
+    if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
         goto exit;
+    }
 
-    hlen = mbedtls_md_get_size( md_info );
+    hlen = mbedtls_md_get_size(md_info);
 #else
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
-    psa_algorithm_t alg = mbedtls_psa_translate_md( md_alg );
+    psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
     psa_status_t status = PSA_SUCCESS;
     size_t out_len;
 
-    hlen = PSA_HASH_LENGTH( alg );
+    hlen = PSA_HASH_LENGTH(alg);
 #endif
 
-    memset( mask, 0, sizeof( mask ) );
-    memset( counter, 0, 4 );
+    memset(mask, 0, sizeof(mask));
+    memset(counter, 0, 4);
 
     /* Generate and apply dbMask */
     p = dst;
 
-    while( dlen > 0 )
-    {
+    while (dlen > 0) {
         use_len = hlen;
-        if( dlen < hlen )
+        if (dlen < hlen) {
             use_len = dlen;
+        }
 
 #if defined(MBEDTLS_MD_C)
-        if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+        if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_update( &md_ctx, src, slen ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_update(&md_ctx, src, slen)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_update( &md_ctx, counter, 4 ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_update(&md_ctx, counter, 4)) != 0) {
             goto exit;
-        if( ( ret = mbedtls_md_finish( &md_ctx, mask ) ) != 0 )
+        }
+        if ((ret = mbedtls_md_finish(&md_ctx, mask)) != 0) {
             goto exit;
+        }
 #else
-        if( ( status = psa_hash_setup( &op, alg ) ) != PSA_SUCCESS )
+        if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
             goto exit;
-        if( ( status = psa_hash_update( &op, src, slen ) ) != PSA_SUCCESS )
+        }
+        if ((status = psa_hash_update(&op, src, slen)) != PSA_SUCCESS) {
             goto exit;
-        if( ( status = psa_hash_update( &op, counter, 4 ) ) != PSA_SUCCESS )
+        }
+        if ((status = psa_hash_update(&op, counter, 4)) != PSA_SUCCESS) {
             goto exit;
-        status = psa_hash_finish( &op, mask, sizeof( mask ), &out_len );
-        if( status != PSA_SUCCESS )
+        }
+        status = psa_hash_finish(&op, mask, sizeof(mask), &out_len);
+        if (status != PSA_SUCCESS) {
             goto exit;
+        }
 #endif
 
-        for( i = 0; i < use_len; ++i )
+        for (i = 0; i < use_len; ++i) {
             *p++ ^= mask[i];
+        }
 
         counter[3]++;
 
@@ -1140,15 +1148,15 @@
     }
 
 exit:
-    mbedtls_platform_zeroize( mask, sizeof( mask ) );
+    mbedtls_platform_zeroize(mask, sizeof(mask));
 #if defined(MBEDTLS_MD_C)
-    mbedtls_md_free( &md_ctx );
+    mbedtls_md_free(&md_ctx);
 
-    return( ret );
+    return ret;
 #else
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif
 }
 
@@ -1162,9 +1170,9 @@
  * \param out       the output buffer - must be large enough for \p md_alg
  * \param md_alg    message digest to use
  */
-static int hash_mprime( const unsigned char *hash, size_t hlen,
-                        const unsigned char *salt, size_t slen,
-                        unsigned char *out, mbedtls_md_type_t md_alg )
+static int hash_mprime(const unsigned char *hash, size_t hlen,
+                       const unsigned char *salt, size_t slen,
+                       unsigned char *out, mbedtls_md_type_t md_alg)
 {
     const unsigned char zeros[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
@@ -1172,51 +1180,63 @@
     mbedtls_md_context_t md_ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+    mbedtls_md_init(&md_ctx);
+    if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_starts(&md_ctx)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, zeros, sizeof( zeros ) ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_update(&md_ctx, zeros, sizeof(zeros))) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, hash, hlen ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_update(&md_ctx, hash, hlen)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_update(&md_ctx, salt, slen)) != 0) {
         goto exit;
-    if( ( ret = mbedtls_md_finish( &md_ctx, out ) ) != 0 )
+    }
+    if ((ret = mbedtls_md_finish(&md_ctx, out)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_md_free( &md_ctx );
+    mbedtls_md_free(&md_ctx);
 
-    return( ret );
+    return ret;
 #else
     psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
-    psa_algorithm_t alg = mbedtls_psa_translate_md( md_alg );
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED ;
-    size_t out_size = PSA_HASH_LENGTH( alg );
+    psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    size_t out_size = PSA_HASH_LENGTH(alg);
     size_t out_len;
 
-    if( ( status = psa_hash_setup( &op, alg ) ) != PSA_SUCCESS )
+    if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
         goto exit;
-    if( ( status = psa_hash_update( &op, zeros, sizeof( zeros ) ) ) != PSA_SUCCESS )
+    }
+    if ((status = psa_hash_update(&op, zeros, sizeof(zeros))) != PSA_SUCCESS) {
         goto exit;
-    if( ( status = psa_hash_update( &op, hash, hlen ) ) != PSA_SUCCESS )
+    }
+    if ((status = psa_hash_update(&op, hash, hlen)) != PSA_SUCCESS) {
         goto exit;
-    if( ( status = psa_hash_update( &op, salt, slen ) ) != PSA_SUCCESS )
+    }
+    if ((status = psa_hash_update(&op, salt, slen)) != PSA_SUCCESS) {
         goto exit;
-    status = psa_hash_finish( &op, out, out_size, &out_len );
-    if( status != PSA_SUCCESS )
+    }
+    status = psa_hash_finish(&op, out, out_size, &out_len);
+    if (status != PSA_SUCCESS) {
         goto exit;
+    }
 
 exit:
-    psa_hash_abort( &op );
+    psa_hash_abort(&op);
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
@@ -1228,27 +1248,28 @@
  * \param ilen      input length
  * \param output    the output buffer - must be large enough for \p md_alg
  */
-static int compute_hash( mbedtls_md_type_t md_alg,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output )
+static int compute_hash(mbedtls_md_type_t md_alg,
+                        const unsigned char *input, size_t ilen,
+                        unsigned char *output)
 {
 #if defined(MBEDTLS_MD_C)
     const mbedtls_md_info_t *md_info;
 
-    md_info = mbedtls_md_info_from_type( md_alg );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    md_info = mbedtls_md_info_from_type(md_alg);
+    if (md_info == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    return( mbedtls_md( md_info, input, ilen, output ) );
+    return mbedtls_md(md_info, input, ilen, output);
 #else
-    psa_algorithm_t alg = mbedtls_psa_translate_md( md_alg );
+    psa_algorithm_t alg = mbedtls_psa_translate_md(md_alg);
     psa_status_t status;
-    size_t out_size = PSA_HASH_LENGTH( alg );
+    size_t out_size = PSA_HASH_LENGTH(alg);
     size_t out_len;
 
-    status = psa_hash_compute( alg, input, ilen, output, out_size, &out_len );
+    status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 #endif /* MBEDTLS_PKCS1_V21 */
@@ -1257,63 +1278,71 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
  */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output )
+int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
+                                   int (*f_rng)(void *, unsigned char *, size_t),
+                                   void *p_rng,
+                                   const unsigned char *label, size_t label_len,
+                                   size_t ilen,
+                                   const unsigned char *input,
+                                   unsigned char *output)
 {
     size_t olen;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = output;
     unsigned int hlen;
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    hlen = mbedtls_hash_info_get_size( (mbedtls_md_type_t) ctx->hash_id );
-    if( hlen == 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+    if (hlen == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     olen = ctx->len;
 
     /* first comparison checks for overflow */
-    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    memset( output, 0, olen );
+    memset(output, 0, olen);
 
     *p++ = 0;
 
     /* Generate a random octet string seed */
-    if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+    if ((ret = f_rng(p_rng, p, hlen)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+    }
 
     p += hlen;
 
     /* Construct DB */
-    ret = compute_hash( (mbedtls_md_type_t) ctx->hash_id, label, label_len, p );
-    if( ret != 0 )
-        return( ret );
+    ret = compute_hash((mbedtls_md_type_t) ctx->hash_id, label, label_len, p);
+    if (ret != 0) {
+        return ret;
+    }
     p += hlen;
     p += olen - 2 * hlen - 2 - ilen;
     *p++ = 1;
-    if( ilen != 0 )
-        memcpy( p, input, ilen );
+    if (ilen != 0) {
+        memcpy(p, input, ilen);
+    }
 
     /* maskedDB: Apply dbMask to DB */
-    if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
-                          ctx->hash_id ) ) != 0 )
-        return( ret );
+    if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen,
+                        ctx->hash_id)) != 0) {
+        return ret;
+    }
 
     /* maskedSeed: Apply seedMask to seed */
-    if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
-                          ctx->hash_id ) ) != 0 )
-        return( ret );
+    if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1,
+                        ctx->hash_id)) != 0) {
+        return ret;
+    }
 
-    return( mbedtls_rsa_public(  ctx, output, output ) );
+    return mbedtls_rsa_public(ctx, output, output);
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
@@ -1321,11 +1350,11 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
  */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng, size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output )
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
+                                        int (*f_rng)(void *, unsigned char *, size_t),
+                                        void *p_rng, size_t ilen,
+                                        const unsigned char *input,
+                                        unsigned char *output)
 {
     size_t nb_pad, olen;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1334,67 +1363,69 @@
     olen = ctx->len;
 
     /* first comparison checks for overflow */
-    if( ilen + 11 < ilen || olen < ilen + 11 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen + 11 < ilen || olen < ilen + 11) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     nb_pad = olen - 3 - ilen;
 
     *p++ = 0;
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     *p++ = MBEDTLS_RSA_CRYPT;
 
-    while( nb_pad-- > 0 )
-    {
+    while (nb_pad-- > 0) {
         int rng_dl = 100;
 
         do {
-            ret = f_rng( p_rng, p, 1 );
-        } while( *p == 0 && --rng_dl && ret == 0 );
+            ret = f_rng(p_rng, p, 1);
+        } while (*p == 0 && --rng_dl && ret == 0);
 
         /* Check if RNG failed to generate data */
-        if( rng_dl == 0 || ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+        if (rng_dl == 0 || ret != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+        }
 
         p++;
     }
 
     *p++ = 0;
-    if( ilen != 0 )
-        memcpy( p, input, ilen );
+    if (ilen != 0) {
+        memcpy(p, input, ilen);
+    }
 
-    return( mbedtls_rsa_public(  ctx, output, output ) );
+    return mbedtls_rsa_public(ctx, output, output);
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 
 /*
  * Add the message padding, then do an RSA operation
  */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output )
+int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng,
+                              size_t ilen,
+                              const unsigned char *input,
+                              unsigned char *output)
 {
-    switch( ctx->padding )
-    {
+    switch (ctx->padding) {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
-                                                        ilen, input, output );
+            return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng,
+                                                       ilen, input, output);
 #endif
 
 #if defined(MBEDTLS_PKCS1_V21)
         case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0,
-                                                   ilen, input, output );
+            return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, NULL, 0,
+                                                  ilen, input, output);
 #endif
 
         default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 }
 
@@ -1402,14 +1433,14 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
  */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len )
+int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
+                                   int (*f_rng)(void *, unsigned char *, size_t),
+                                   void *p_rng,
+                                   const unsigned char *label, size_t label_len,
+                                   size_t *olen,
+                                   const unsigned char *input,
+                                   unsigned char *output,
+                                   size_t output_max_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t ilen, i, pad_len;
@@ -1421,48 +1452,53 @@
     /*
      * Parameters sanity checks
      */
-    if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     ilen = ctx->len;
 
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen < 16 || ilen > sizeof(buf)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    hlen = mbedtls_hash_info_get_size( (mbedtls_md_type_t) ctx->hash_id );
-    if( hlen == 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+    if (hlen == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     // checking for integer underflow
-    if( 2 * hlen + 2 > ilen )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (2 * hlen + 2 > ilen) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /*
      * RSA operation
      */
-    ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+    ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
 
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /*
      * Unmask data and generate lHash
      */
     /* seed: Apply seedMask to maskedSeed */
-    if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
-                          ctx->hash_id ) ) != 0 ||
-    /* DB: Apply dbMask to maskedDB */
-        ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
-                          ctx->hash_id ) ) != 0 )
-    {
+    if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
+                        ctx->hash_id)) != 0 ||
+        /* DB: Apply dbMask to maskedDB */
+        (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
+                        ctx->hash_id)) != 0) {
         goto cleanup;
     }
 
     /* Generate lHash */
-    ret = compute_hash( (mbedtls_md_type_t) ctx->hash_id,
-                        label, label_len, lhash );
-    if( ret != 0 )
+    ret = compute_hash((mbedtls_md_type_t) ctx->hash_id,
+                       label, label_len, lhash);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /*
      * Check contents, in "constant-time"
@@ -1475,17 +1511,17 @@
     p += hlen; /* Skip seed */
 
     /* Check lHash */
-    for( i = 0; i < hlen; i++ )
+    for (i = 0; i < hlen; i++) {
         bad |= lhash[i] ^ *p++;
+    }
 
     /* Get zero-padding len, but always read till end of buffer
      * (minus one, for the 01 byte) */
     pad_len = 0;
     pad_done = 0;
-    for( i = 0; i < ilen - 2 * hlen - 2; i++ )
-    {
+    for (i = 0; i < ilen - 2 * hlen - 2; i++) {
         pad_done |= p[i];
-        pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+        pad_len += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
     }
 
     p += pad_len;
@@ -1497,28 +1533,27 @@
      * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
      * the different error conditions.
      */
-    if( bad != 0 )
-    {
+    if (bad != 0) {
         ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
         goto cleanup;
     }
 
-    if( ilen - ( p - buf ) > output_max_len )
-    {
+    if (ilen - (p - buf) > output_max_len) {
         ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
         goto cleanup;
     }
 
     *olen = ilen - (p - buf);
-    if( *olen != 0 )
-        memcpy( output, p, *olen );
+    if (*olen != 0) {
+        memcpy(output, p, *olen);
+    }
     ret = 0;
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
+    mbedtls_platform_zeroize(lhash, sizeof(lhash));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
@@ -1526,13 +1561,13 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
  */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len )
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
+                                        int (*f_rng)(void *, unsigned char *, size_t),
+                                        void *p_rng,
+                                        size_t *olen,
+                                        const unsigned char *input,
+                                        unsigned char *output,
+                                        size_t output_max_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t ilen;
@@ -1540,67 +1575,69 @@
 
     ilen = ctx->len;
 
-    if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ilen < 16 || ilen > sizeof(buf)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+    ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf);
 
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding( buf, ilen,
-                                                output, output_max_len, olen );
+    ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding(buf, ilen,
+                                               output, output_max_len, olen);
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 
 /*
  * Do an RSA operation, then remove the message padding
  */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len)
+int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng,
+                              size_t *olen,
+                              const unsigned char *input,
+                              unsigned char *output,
+                              size_t output_max_len)
 {
-    switch( ctx->padding )
-    {
+    switch (ctx->padding) {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen,
-                                                input, output, output_max_len );
+            return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, olen,
+                                                       input, output, output_max_len);
 #endif
 
 #if defined(MBEDTLS_PKCS1_V21)
         case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0,
-                                           olen, input, output,
-                                           output_max_len );
+            return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, NULL, 0,
+                                                  olen, input, output,
+                                                  output_max_len);
 #endif
 
         default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 }
 
 #if defined(MBEDTLS_PKCS1_V21)
-static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig )
+static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               int saltlen,
+                               unsigned char *sig)
 {
     size_t olen;
     unsigned char *p = sig;
@@ -1609,127 +1646,132 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t msb;
 
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (f_rng == NULL) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     olen = ctx->len;
 
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
+    if (md_alg != MBEDTLS_MD_NONE) {
         /* Gather length of hash to sign */
-        size_t exp_hashlen = mbedtls_hash_info_get_size( md_alg );
-        if( exp_hashlen == 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+        if (exp_hashlen == 0) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
-        if( hashlen != exp_hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (hashlen != exp_hashlen) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
     }
 
-    hlen = mbedtls_hash_info_get_size( (mbedtls_md_type_t) ctx->hash_id );
-    if( hlen == 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+    if (hlen == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY)
-    {
-       /* Calculate the largest possible salt length, up to the hash size.
-        * Normally this is the hash length, which is the maximum salt length
-        * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
-        * enough room, use the maximum salt length that fits. The constraint is
-        * that the hash length plus the salt length plus 2 bytes must be at most
-        * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
-        * (PKCS#1 v2.2) §9.1.1 step 3. */
+    if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY) {
+        /* Calculate the largest possible salt length, up to the hash size.
+         * Normally this is the hash length, which is the maximum salt length
+         * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
+         * enough room, use the maximum salt length that fits. The constraint is
+         * that the hash length plus the salt length plus 2 bytes must be at most
+         * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
+         * (PKCS#1 v2.2) §9.1.1 step 3. */
         min_slen = hlen - 2;
-        if( olen < hlen + min_slen + 2 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-        else if( olen >= hlen + hlen + 2 )
+        if (olen < hlen + min_slen + 2) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        } else if (olen >= hlen + hlen + 2) {
             slen = hlen;
-        else
+        } else {
             slen = olen - hlen - 2;
-    }
-    else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-    else
-    {
+        }
+    } else if ((saltlen < 0) || (saltlen + hlen + 2 > olen)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    } else {
         slen = (size_t) saltlen;
     }
 
-    memset( sig, 0, olen );
+    memset(sig, 0, olen);
 
     /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+    msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
     p += olen - hlen - slen - 2;
     *p++ = 0x01;
 
     /* Generate salt of length slen in place in the encoded message */
     salt = p;
-    if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
+    if ((ret = f_rng(p_rng, salt, slen)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_RNG_FAILED, ret);
+    }
 
     p += slen;
 
     /* Generate H = Hash( M' ) */
-    ret = hash_mprime( hash, hashlen, salt, slen, p, ctx->hash_id );
-    if( ret != 0 )
-        return( ret );
+    ret = hash_mprime(hash, hashlen, salt, slen, p, ctx->hash_id);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
+    if (msb % 8 == 0) {
         offset = 1;
+    }
 
     /* maskedDB: Apply dbMask to DB */
-    ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen,
-                    ctx->hash_id );
-    if( ret != 0 )
-        return( ret );
+    ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen,
+                   ctx->hash_id);
+    if (ret != 0) {
+        return ret;
+    }
 
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-    sig[0] &= 0xFF >> ( olen * 8 - msb );
+    msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
+    sig[0] &= 0xFF >> (olen * 8 - msb);
 
     p += hlen;
     *p++ = 0xBC;
 
-    return mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig );
+    return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig);
 }
 
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
  * the option to pass in the salt length.
  */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
+                                    int (*f_rng)(void *, unsigned char *, size_t),
+                                    void *p_rng,
+                                    mbedtls_md_type_t md_alg,
+                                    unsigned int hashlen,
+                                    const unsigned char *hash,
+                                    int saltlen,
+                                    unsigned char *sig)
 {
-    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
-                                hashlen, hash, saltlen, sig );
+    return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
+                               hashlen, hash, saltlen, sig);
 }
 
 
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
  */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng,
+                                mbedtls_md_type_t md_alg,
+                                unsigned int hashlen,
+                                const unsigned char *hash,
+                                unsigned char *sig)
 {
-    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
-                                hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
+    return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
+                               hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig);
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
@@ -1755,11 +1797,11 @@
  * - dst points to a buffer of size at least dst_len.
  *
  */
-static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
-                                        unsigned int hashlen,
-                                        const unsigned char *hash,
-                                        size_t dst_len,
-                                        unsigned char *dst )
+static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg,
+                                       unsigned int hashlen,
+                                       const unsigned char *hash,
+                                       size_t dst_len,
+                                       unsigned char *dst)
 {
     size_t oid_size  = 0;
     size_t nb_pad    = dst_len;
@@ -1767,24 +1809,27 @@
     const char *oid  = NULL;
 
     /* Are we signing hashed or raw data? */
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        unsigned char md_size = mbedtls_hash_info_get_size( md_alg );
-        if( md_size == 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (md_alg != MBEDTLS_MD_NONE) {
+        unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
+        if (md_size == 0) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
-        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
-        if( hashlen != md_size )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (hashlen != md_size) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
         /* Double-check that 8 + hashlen + oid_size can be used as a
          * 1-byte ASN.1 length encoding and that there's no overflow. */
-        if( 8 + hashlen + oid_size  >= 0x80         ||
+        if (8 + hashlen + oid_size  >= 0x80         ||
             10 + hashlen            <  hashlen      ||
-            10 + hashlen + oid_size <  10 + hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+            10 + hashlen + oid_size <  10 + hashlen) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
         /*
          * Static bounds check:
@@ -1794,22 +1839,23 @@
          * - Need hashlen bytes for hash
          * - Need oid_size bytes for hash alg OID.
          */
-        if( nb_pad < 10 + hashlen + oid_size )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        if (nb_pad < 10 + hashlen + oid_size) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
         nb_pad -= 10 + hashlen + oid_size;
-    }
-    else
-    {
-        if( nb_pad < hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    } else {
+        if (nb_pad < hashlen) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
 
         nb_pad -= hashlen;
     }
 
     /* Need space for signature header and padding delimiter (3 bytes),
      * and 8 bytes for the minimal padding */
-    if( nb_pad < 3 + 8 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (nb_pad < 3 + 8) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
     nb_pad -= 3;
 
     /* Now nb_pad is the amount of memory to be filled
@@ -1818,15 +1864,14 @@
     /* Write signature header and padding */
     *p++ = 0;
     *p++ = MBEDTLS_RSA_SIGN;
-    memset( p, 0xFF, nb_pad );
+    memset(p, 0xFF, nb_pad);
     p += nb_pad;
     *p++ = 0;
 
     /* Are we signing raw data? */
-    if( md_alg == MBEDTLS_MD_NONE )
-    {
-        memcpy( p, hash, hashlen );
-        return( 0 );
+    if (md_alg == MBEDTLS_MD_NONE) {
+        memcpy(p, hash, hashlen);
+        return 0;
     }
 
     /* Signing hashed data, add corresponding ASN.1 structure
@@ -1843,58 +1888,60 @@
      *                 TAG-OCTET + LEN [ HASH ] ]
      */
     *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x08 + oid_size + hashlen );
+    *p++ = (unsigned char) (0x08 + oid_size + hashlen);
     *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x04 + oid_size );
+    *p++ = (unsigned char) (0x04 + oid_size);
     *p++ = MBEDTLS_ASN1_OID;
     *p++ = (unsigned char) oid_size;
-    memcpy( p, oid, oid_size );
+    memcpy(p, oid, oid_size);
     p += oid_size;
     *p++ = MBEDTLS_ASN1_NULL;
     *p++ = 0x00;
     *p++ = MBEDTLS_ASN1_OCTET_STRING;
     *p++ = (unsigned char) hashlen;
-    memcpy( p, hash, hashlen );
+    memcpy(p, hash, hashlen);
     p += hashlen;
 
     /* Just a sanity-check, should be automatic
      * after the initial bounds check. */
-    if( p != dst + dst_len )
-    {
-        mbedtls_platform_zeroize( dst, dst_len );
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (p != dst + dst_len) {
+        mbedtls_platform_zeroize(dst, dst_len);
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Do an RSA operation to sign the message digest
  */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig )
+int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
+                                      int (*f_rng)(void *, unsigned char *, size_t),
+                                      void *p_rng,
+                                      mbedtls_md_type_t md_alg,
+                                      unsigned int hashlen,
+                                      const unsigned char *hash,
+                                      unsigned char *sig)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *sig_try = NULL, *verif = NULL;
 
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (ctx->padding != MBEDTLS_RSA_PKCS_V15) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /*
      * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
      */
 
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash,
-                                             ctx->len, sig ) ) != 0 )
-        return( ret );
+    if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash,
+                                           ctx->len, sig)) != 0) {
+        return ret;
+    }
 
     /* Private key operation
      *
@@ -1902,70 +1949,70 @@
      * temporary buffer and check it before returning it.
      */
 
-    sig_try = mbedtls_calloc( 1, ctx->len );
-    if( sig_try == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    verif = mbedtls_calloc( 1, ctx->len );
-    if( verif == NULL )
-    {
-        mbedtls_free( sig_try );
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+    sig_try = mbedtls_calloc(1, ctx->len);
+    if (sig_try == NULL) {
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
+    verif = mbedtls_calloc(1, ctx->len);
+    if (verif == NULL) {
+        mbedtls_free(sig_try);
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
-    if( mbedtls_ct_memcmp( verif, sig, ctx->len ) != 0 )
-    {
+    MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif));
+
+    if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) {
         ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
         goto cleanup;
     }
 
-    memcpy( sig, sig_try, ctx->len );
+    memcpy(sig, sig_try, ctx->len);
 
 cleanup:
-    mbedtls_platform_zeroize( sig_try, ctx->len );
-    mbedtls_platform_zeroize( verif, ctx->len );
-    mbedtls_free( sig_try );
-    mbedtls_free( verif );
+    mbedtls_platform_zeroize(sig_try, ctx->len);
+    mbedtls_platform_zeroize(verif, ctx->len);
+    mbedtls_free(sig_try);
+    mbedtls_free(verif);
 
-    if( ret != 0 )
-        memset( sig, '!', ctx->len );
-    return( ret );
+    if (ret != 0) {
+        memset(sig, '!', ctx->len);
+    }
+    return ret;
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 
 /*
  * Do an RSA operation to sign the message digest
  */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig )
+int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           unsigned char *sig)
 {
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->padding )
-    {
+    switch (ctx->padding) {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng,
-                                                      md_alg, hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng,
+                                                     md_alg, hashlen, hash, sig);
 #endif
 
 #if defined(MBEDTLS_PKCS1_V21)
         case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
-                                                hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg,
+                                               hashlen, hash, sig);
 #endif
 
         default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 }
 
@@ -1973,13 +2020,13 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
  */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
+                                      mbedtls_md_type_t md_alg,
+                                      unsigned int hashlen,
+                                      const unsigned char *hash,
+                                      mbedtls_md_type_t mgf1_hash_id,
+                                      int expected_salt_len,
+                                      const unsigned char *sig)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t siglen;
@@ -1988,116 +2035,128 @@
     unsigned char result[MBEDTLS_HASH_MAX_SIZE];
     unsigned int hlen;
     size_t observed_salt_len, msb;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0};
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
 
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     siglen = ctx->len;
 
-    if( siglen < 16 || siglen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (siglen < 16 || siglen > sizeof(buf)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    ret = mbedtls_rsa_public(  ctx, sig, buf );
+    ret = mbedtls_rsa_public(ctx, sig, buf);
 
-    if( ret != 0 )
-        return( ret );
+    if (ret != 0) {
+        return ret;
+    }
 
     p = buf;
 
-    if( buf[siglen - 1] != 0xBC )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /* Gather length of hash to sign */
-        size_t exp_hashlen = mbedtls_hash_info_get_size( md_alg );
-        if( exp_hashlen == 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        if( hashlen != exp_hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (buf[siglen - 1] != 0xBC) {
+        return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 
-    hlen = mbedtls_hash_info_get_size( mgf1_hash_id );
-    if( hlen == 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (md_alg != MBEDTLS_MD_NONE) {
+        /* Gather length of hash to sign */
+        size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+        if (exp_hashlen == 0) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
+
+        if (hashlen != exp_hashlen) {
+            return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+        }
+    }
+
+    hlen = mbedtls_hash_info_get_size(mgf1_hash_id);
+    if (hlen == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /*
      * Note: EMSA-PSS verification is over the length of N - 1 bits
      */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+    msb = mbedtls_mpi_bitlen(&ctx->N) - 1;
 
-    if( buf[0] >> ( 8 - siglen * 8 + msb ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (buf[0] >> (8 - siglen * 8 + msb)) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
-    {
+    if (msb % 8 == 0) {
         p++;
         siglen -= 1;
     }
 
-    if( siglen < hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if (siglen < hlen + 2) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
     hash_start = p + siglen - hlen - 1;
 
-    ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, mgf1_hash_id );
-    if( ret != 0 )
-        return( ret );
+    ret = mgf_mask(p, siglen - hlen - 1, hash_start, hlen, mgf1_hash_id);
+    if (ret != 0) {
+        return ret;
+    }
 
-    buf[0] &= 0xFF >> ( siglen * 8 - msb );
+    buf[0] &= 0xFF >> (siglen * 8 - msb);
 
-    while( p < hash_start - 1 && *p == 0 )
+    while (p < hash_start - 1 && *p == 0) {
         p++;
+    }
 
-    if( *p++ != 0x01 )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    if (*p++ != 0x01) {
+        return MBEDTLS_ERR_RSA_INVALID_PADDING;
+    }
 
     observed_salt_len = hash_start - p;
 
-    if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
-        observed_salt_len != (size_t) expected_salt_len )
-    {
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
+        observed_salt_len != (size_t) expected_salt_len) {
+        return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 
     /*
      * Generate H = Hash( M' )
      */
-    ret = hash_mprime( hash, hashlen, p, observed_salt_len,
-                       result, mgf1_hash_id );
-    if( ret != 0 )
-        return( ret );
+    ret = hash_mprime(hash, hashlen, p, observed_salt_len,
+                      result, mgf1_hash_id);
+    if (ret != 0) {
+        return ret;
+    }
 
-    if( memcmp( hash_start, result, hlen ) != 0 )
-        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+    if (memcmp(hash_start, result, hlen) != 0) {
+        return MBEDTLS_ERR_RSA_VERIFY_FAILED;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
  */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig )
+int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  unsigned int hashlen,
+                                  const unsigned char *hash,
+                                  const unsigned char *sig)
 {
     mbedtls_md_type_t mgf1_hash_id;
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
+    mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE)
                              ? (mbedtls_md_type_t) ctx->hash_id
                              : md_alg;
 
-    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx,
-                                               md_alg, hashlen, hash,
-                                               mgf1_hash_id,
-                                               MBEDTLS_RSA_SALT_LEN_ANY,
-                                               sig ) );
+    return mbedtls_rsa_rsassa_pss_verify_ext(ctx,
+                                             md_alg, hashlen, hash,
+                                             mgf1_hash_id,
+                                             MBEDTLS_RSA_SALT_LEN_ANY,
+                                             sig);
 
 }
 #endif /* MBEDTLS_PKCS1_V21 */
@@ -2106,18 +2165,19 @@
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
  */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig )
+int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
+                                        mbedtls_md_type_t md_alg,
+                                        unsigned int hashlen,
+                                        const unsigned char *hash,
+                                        const unsigned char *sig)
 {
     int ret = 0;
     size_t sig_len;
     unsigned char *encoded = NULL, *encoded_expected = NULL;
 
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
     sig_len = ctx->len;
 
@@ -2125,154 +2185,153 @@
      * Prepare expected PKCS1 v1.5 encoding of hash.
      */
 
-    if( ( encoded          = mbedtls_calloc( 1, sig_len ) ) == NULL ||
-        ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL )
-    {
+    if ((encoded          = mbedtls_calloc(1, sig_len)) == NULL ||
+        (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) {
         ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
         goto cleanup;
     }
 
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len,
-                                             encoded_expected ) ) != 0 )
+    if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len,
+                                           encoded_expected)) != 0) {
         goto cleanup;
+    }
 
     /*
      * Apply RSA primitive to get what should be PKCS1 encoded hash.
      */
 
-    ret = mbedtls_rsa_public( ctx, sig, encoded );
-    if( ret != 0 )
+    ret = mbedtls_rsa_public(ctx, sig, encoded);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /*
      * Compare
      */
 
-    if( ( ret = mbedtls_ct_memcmp( encoded, encoded_expected,
-                                              sig_len ) ) != 0 )
-    {
+    if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected,
+                                 sig_len)) != 0) {
         ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
         goto cleanup;
     }
 
 cleanup:
 
-    if( encoded != NULL )
-    {
-        mbedtls_platform_zeroize( encoded, sig_len );
-        mbedtls_free( encoded );
+    if (encoded != NULL) {
+        mbedtls_platform_zeroize(encoded, sig_len);
+        mbedtls_free(encoded);
     }
 
-    if( encoded_expected != NULL )
-    {
-        mbedtls_platform_zeroize( encoded_expected, sig_len );
-        mbedtls_free( encoded_expected );
+    if (encoded_expected != NULL) {
+        mbedtls_platform_zeroize(encoded_expected, sig_len);
+        mbedtls_free(encoded_expected);
     }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 
 /*
  * Do an RSA operation and check the message digest
  */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig )
+int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
+                             mbedtls_md_type_t md_alg,
+                             unsigned int hashlen,
+                             const unsigned char *hash,
+                             const unsigned char *sig)
 {
-    if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
+    if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) {
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
 
-    switch( ctx->padding )
-    {
+    switch (ctx->padding) {
 #if defined(MBEDTLS_PKCS1_V15)
         case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
-                                                        hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, md_alg,
+                                                       hashlen, hash, sig);
 #endif
 
 #if defined(MBEDTLS_PKCS1_V21)
         case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
-                                                  hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pss_verify(ctx, md_alg,
+                                                 hashlen, hash, sig);
 #endif
 
         default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+            return MBEDTLS_ERR_RSA_INVALID_PADDING;
     }
 }
 
 /*
  * Copy the components of an RSA key
  */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
+int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     dst->len = src->len;
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q));
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ));
 #endif
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN));
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf));
 
     dst->padding = src->padding;
     dst->hash_id = src->hash_id;
 
 cleanup:
-    if( ret != 0 )
-        mbedtls_rsa_free( dst );
+    if (ret != 0) {
+        mbedtls_rsa_free(dst);
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Free the components of an RSA key
  */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
+void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_mpi_free( &ctx->Vi );
-    mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->RN );
-    mbedtls_mpi_free( &ctx->D  );
-    mbedtls_mpi_free( &ctx->Q  );
-    mbedtls_mpi_free( &ctx->P  );
-    mbedtls_mpi_free( &ctx->E  );
-    mbedtls_mpi_free( &ctx->N  );
+    mbedtls_mpi_free(&ctx->Vi);
+    mbedtls_mpi_free(&ctx->Vf);
+    mbedtls_mpi_free(&ctx->RN);
+    mbedtls_mpi_free(&ctx->D);
+    mbedtls_mpi_free(&ctx->Q);
+    mbedtls_mpi_free(&ctx->P);
+    mbedtls_mpi_free(&ctx->E);
+    mbedtls_mpi_free(&ctx->N);
 
 #if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &ctx->RQ );
-    mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->QP );
-    mbedtls_mpi_free( &ctx->DQ );
-    mbedtls_mpi_free( &ctx->DP );
+    mbedtls_mpi_free(&ctx->RQ);
+    mbedtls_mpi_free(&ctx->RP);
+    mbedtls_mpi_free(&ctx->QP);
+    mbedtls_mpi_free(&ctx->DQ);
+    mbedtls_mpi_free(&ctx->DP);
 #endif /* MBEDTLS_RSA_NO_CRT */
 
 #if defined(MBEDTLS_THREADING_C)
     /* Free the mutex, but only if it hasn't been freed already. */
-    if( ctx->ver != 0 )
-    {
-        mbedtls_mutex_free( &ctx->mutex );
+    if (ctx->ver != 0) {
+        mbedtls_mutex_free(&ctx->mutex);
         ctx->ver = 0;
     }
 #endif
@@ -2324,31 +2383,34 @@
                 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
 
 #if defined(MBEDTLS_PKCS1_V15)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
+static int myrand(void *rng_state, unsigned char *output, size_t len)
 {
 #if !defined(__OpenBSD__) && !defined(__NetBSD__)
     size_t i;
 
-    if( rng_state != NULL )
+    if (rng_state != NULL) {
         rng_state  = NULL;
+    }
 
-    for( i = 0; i < len; ++i )
+    for (i = 0; i < len; ++i) {
         output[i] = rand();
+    }
 #else
-    if( rng_state != NULL )
+    if (rng_state != NULL) {
         rng_state = NULL;
+    }
 
-    arc4random_buf( output, len );
+    arc4random_buf(output, len);
 #endif /* !OpenBSD && !NetBSD */
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 
 /*
  * Checkup routine
  */
-int mbedtls_rsa_self_test( int verbose )
+int mbedtls_rsa_self_test(int verbose)
 {
     int ret = 0;
 #if defined(MBEDTLS_PKCS1_V15)
@@ -2363,127 +2425,135 @@
 
     mbedtls_mpi K;
 
-    mbedtls_mpi_init( &K );
-    mbedtls_rsa_init( &rsa );
+    mbedtls_mpi_init(&K);
+    mbedtls_rsa_init(&rsa);
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_N));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, &K, NULL, NULL, NULL, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_P));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, &K, NULL, NULL, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_Q));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, &K, NULL, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_D));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, &K, NULL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_E));
+    MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, NULL, &K));
 
-    MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) );
+    MBEDTLS_MPI_CHK(mbedtls_rsa_complete(&rsa));
 
-    if( verbose != 0 )
-        mbedtls_printf( "  RSA key validation: " );
+    if (verbose != 0) {
+        mbedtls_printf("  RSA key validation: ");
+    }
 
-    if( mbedtls_rsa_check_pubkey(  &rsa ) != 0 ||
-        mbedtls_rsa_check_privkey( &rsa ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_rsa_check_pubkey(&rsa) != 0 ||
+        mbedtls_rsa_check_privkey(&rsa) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 encryption : " );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n  PKCS#1 encryption : ");
+    }
 
-    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
+    memcpy(rsa_plaintext, RSA_PT, PT_LEN);
 
-    if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL,
-                                   PT_LEN, rsa_plaintext,
-                                   rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_rsa_pkcs1_encrypt(&rsa, myrand, NULL,
+                                  PT_LEN, rsa_plaintext,
+                                  rsa_ciphertext) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 decryption : " );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n  PKCS#1 decryption : ");
+    }
 
-    if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL,
-                                   &len, rsa_ciphertext, rsa_decrypted,
-                                   sizeof(rsa_decrypted) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_rsa_pkcs1_decrypt(&rsa, myrand, NULL,
+                                  &len, rsa_ciphertext, rsa_decrypted,
+                                  sizeof(rsa_decrypted)) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (memcmp(rsa_decrypted, rsa_plaintext, len) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 
 #if defined(MBEDTLS_SHA1_C)
-    if( verbose != 0 )
-        mbedtls_printf( "  PKCS#1 data sign  : " );
-
-    if( mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
+    if (verbose != 0) {
+        mbedtls_printf("  PKCS#1 data sign  : ");
     }
 
-    if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
-                                MBEDTLS_MD_SHA1, 20,
-                                sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_sha1(rsa_plaintext, PT_LEN, sha1sum) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
+
+        return 1;
+    }
+
+    if (mbedtls_rsa_pkcs1_sign(&rsa, myrand, NULL,
+                               MBEDTLS_MD_SHA1, 20,
+                               sha1sum, rsa_ciphertext) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 sig. verify: " );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n  PKCS#1 sig. verify: ");
+    }
 
-    if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 20,
-                                  sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
+    if (mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA1, 20,
+                                 sha1sum, rsa_ciphertext) != 0) {
+        if (verbose != 0) {
+            mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto cleanup;
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n");
+    }
 #endif /* MBEDTLS_SHA1_C */
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
 cleanup:
-    mbedtls_mpi_free( &K );
-    mbedtls_rsa_free( &rsa );
+    mbedtls_mpi_free(&K);
+    mbedtls_rsa_free(&rsa);
 #else /* MBEDTLS_PKCS1_V15 */
     ((void) verbose);
 #endif /* MBEDTLS_PKCS1_V15 */
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c
index dff2d93..3451469 100644
--- a/library/rsa_alt_helpers.c
+++ b/library/rsa_alt_helpers.c
@@ -59,9 +59,9 @@
  * of (a) and (b) above to attempt to factor N.
  *
  */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
-                     mbedtls_mpi const *E, mbedtls_mpi const *D,
-                     mbedtls_mpi *P, mbedtls_mpi *Q )
+int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N,
+                              mbedtls_mpi const *E, mbedtls_mpi const *D,
+                              mbedtls_mpi *P, mbedtls_mpi *Q)
 {
     int ret = 0;
 
@@ -74,48 +74,46 @@
     mbedtls_mpi K;  /* Temporary holding the current candidate */
 
     const unsigned char primes[] = { 2,
-           3,    5,    7,   11,   13,   17,   19,   23,
-          29,   31,   37,   41,   43,   47,   53,   59,
-          61,   67,   71,   73,   79,   83,   89,   97,
-         101,  103,  107,  109,  113,  127,  131,  137,
-         139,  149,  151,  157,  163,  167,  173,  179,
-         181,  191,  193,  197,  199,  211,  223,  227,
-         229,  233,  239,  241,  251
-    };
+                                     3,    5,    7,   11,   13,   17,   19,   23,
+                                     29,   31,   37,   41,   43,   47,   53,   59,
+                                     61,   67,   71,   73,   79,   83,   89,   97,
+                                     101,  103,  107,  109,  113,  127,  131,  137,
+                                     139,  149,  151,  157,  163,  167,  173,  179,
+                                     181,  191,  193,  197,  199,  211,  223,  227,
+                                     229,  233,  239,  241,  251 };
 
-    const size_t num_primes = sizeof( primes ) / sizeof( *primes );
+    const size_t num_primes = sizeof(primes) / sizeof(*primes);
 
-    if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (P == NULL || Q == NULL || P->p != NULL || Q->p != NULL) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 ||
-        mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-        mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (mbedtls_mpi_cmp_int(N, 0) <= 0 ||
+        mbedtls_mpi_cmp_int(D, 1) <= 0 ||
+        mbedtls_mpi_cmp_mpi(D, N) >= 0 ||
+        mbedtls_mpi_cmp_int(E, 1) <= 0 ||
+        mbedtls_mpi_cmp_mpi(E, N) >= 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
     /*
      * Initializations and temporary changes
      */
 
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &T );
+    mbedtls_mpi_init(&K);
+    mbedtls_mpi_init(&T);
 
     /* T := DE - 1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D,  E ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, D,  E));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&T, &T, 1));
 
-    if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 )
-    {
+    if ((order = (uint16_t) mbedtls_mpi_lsb(&T)) == 0) {
         ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         goto cleanup;
     }
 
     /* After this operation, T holds the largest odd divisor of DE - 1. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&T, order));
 
     /*
      * Actual work
@@ -123,49 +121,49 @@
 
     /* Skip trying 2 if N == 1 mod 8 */
     attempt = 0;
-    if( N->p[0] % 8 == 1 )
+    if (N->p[0] % 8 == 1) {
         attempt = 1;
+    }
 
-    for( ; attempt < num_primes; ++attempt )
-    {
-        mbedtls_mpi_lset( &K, primes[attempt] );
+    for (; attempt < num_primes; ++attempt) {
+        mbedtls_mpi_lset(&K, primes[attempt]);
 
         /* Check if gcd(K,N) = 1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
-        if( mbedtls_mpi_cmp_int( P, 1 ) != 0 )
+        MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
+        if (mbedtls_mpi_cmp_int(P, 1) != 0) {
             continue;
+        }
 
         /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ...
          * and check whether they have nontrivial GCD with N. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N,
-                             Q /* temporarily use Q for storing Montgomery
-                                * multiplication helper values */ ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &K, &T, N,
+                                            Q /* temporarily use Q for storing Montgomery
+                                               * multiplication helper values */));
 
-        for( iter = 1; iter <= order; ++iter )
-        {
+        for (iter = 1; iter <= order; ++iter) {
             /* If we reach 1 prematurely, there's no point
              * in continuing to square K */
-            if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 )
+            if (mbedtls_mpi_cmp_int(&K, 1) == 0) {
                 break;
+            }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&K, &K, 1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
 
-            if( mbedtls_mpi_cmp_int( P, 1 ) ==  1 &&
-                mbedtls_mpi_cmp_mpi( P, N ) == -1 )
-            {
+            if (mbedtls_mpi_cmp_int(P, 1) ==  1 &&
+                mbedtls_mpi_cmp_mpi(P, N) == -1) {
                 /*
                  * Have found a nontrivial divisor P of N.
                  * Set Q := N / P.
                  */
 
-                MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) );
+                MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(Q, NULL, N, P));
                 goto cleanup;
             }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) );
+            MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &K));
+            MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, N));
         }
 
         /*
@@ -175,8 +173,7 @@
          * Check if that's the case and abort if not, to avoid very long,
          * yet eventually failing, computations if N,D,E were not sane.
          */
-        if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 )
-        {
+        if (mbedtls_mpi_cmp_int(&K, 1) != 0) {
             break;
         }
     }
@@ -185,106 +182,103 @@
 
 cleanup:
 
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &T );
-    return( ret );
+    mbedtls_mpi_free(&K);
+    mbedtls_mpi_free(&T);
+    return ret;
 }
 
 /*
  * Given P, Q and the public exponent E, deduce D.
  * This is essentially a modular inversion.
  */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D )
+int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P,
+                                        mbedtls_mpi const *Q,
+                                        mbedtls_mpi const *E,
+                                        mbedtls_mpi *D)
 {
     int ret = 0;
     mbedtls_mpi K, L;
 
-    if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( E, 0 ) == 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+    if (D == NULL || mbedtls_mpi_cmp_int(D, 0) != 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
+    if (mbedtls_mpi_cmp_int(P, 1) <= 0 ||
+        mbedtls_mpi_cmp_int(Q, 1) <= 0 ||
+        mbedtls_mpi_cmp_int(E, 0) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    mbedtls_mpi_init(&K);
+    mbedtls_mpi_init(&L);
 
     /* Temporarily put K := P-1 and L := Q-1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1));
 
     /* Temporarily put D := gcd(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(D, &K, &L));
 
     /* K := LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &L));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&K, NULL, &K, D));
 
     /* Compute modular inverse of E in LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
+    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(D, E, &K));
 
 cleanup:
 
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
+    mbedtls_mpi_free(&K);
+    mbedtls_mpi_free(&L);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP )
+int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+                           const mbedtls_mpi *D, mbedtls_mpi *DP,
+                           mbedtls_mpi *DQ, mbedtls_mpi *QP)
 {
     int ret = 0;
     mbedtls_mpi K;
-    mbedtls_mpi_init( &K );
+    mbedtls_mpi_init(&K);
 
     /* DP = D mod P-1 */
-    if( DP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
+    if (DP != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DP, D, &K));
     }
 
     /* DQ = D mod Q-1 */
-    if( DQ != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
+    if (DQ != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DQ, D, &K));
     }
 
     /* QP = Q^{-1} mod P */
-    if( QP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
+    if (QP != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(QP, Q, P));
     }
 
 cleanup:
-    mbedtls_mpi_free( &K );
+    mbedtls_mpi_free(&K);
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Check that core RSA parameters are sane.
  */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
+int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P,
+                                const mbedtls_mpi *Q, const mbedtls_mpi *D,
+                                const mbedtls_mpi *E,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng)
 {
     int ret = 0;
     mbedtls_mpi K, L;
 
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
+    mbedtls_mpi_init(&K);
+    mbedtls_mpi_init(&L);
 
     /*
      * Step 1: If PRNG provided, check that P and Q are prime
@@ -296,16 +290,14 @@
      * rate of at most 2^-100 and we are aiming for the same certainty here as
      * well.
      */
-    if( f_rng != NULL && P != NULL &&
-        ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 )
-    {
+    if (f_rng != NULL && P != NULL &&
+        (ret = mbedtls_mpi_is_prime_ext(P, 50, f_rng, p_rng)) != 0) {
         ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
         goto cleanup;
     }
 
-    if( f_rng != NULL && Q != NULL &&
-        ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 )
-    {
+    if (f_rng != NULL && Q != NULL &&
+        (ret = mbedtls_mpi_is_prime_ext(Q, 50, f_rng, p_rng)) != 0) {
         ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
         goto cleanup;
     }
@@ -318,12 +310,10 @@
      * Step 2: Check that 1 < N = P * Q
      */
 
-    if( P != NULL && Q != NULL && N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
-        if( mbedtls_mpi_cmp_int( N, 1 )  <= 0 ||
-            mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
-        {
+    if (P != NULL && Q != NULL && N != NULL) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, P, Q));
+        if (mbedtls_mpi_cmp_int(N, 1)  <= 0 ||
+            mbedtls_mpi_cmp_mpi(&K, N) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
@@ -333,13 +323,11 @@
      * Step 3: Check and 1 < D, E < N if present.
      */
 
-    if( N != NULL && D != NULL && E != NULL )
-    {
-        if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-             mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-        {
+    if (N != NULL && D != NULL && E != NULL) {
+        if (mbedtls_mpi_cmp_int(D, 1) <= 0 ||
+            mbedtls_mpi_cmp_int(E, 1) <= 0 ||
+            mbedtls_mpi_cmp_mpi(D, N) >= 0 ||
+            mbedtls_mpi_cmp_mpi(E, N) >= 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
@@ -349,33 +337,29 @@
      * Step 4: Check that D, E are inverse modulo P-1 and Q-1
      */
 
-    if( P != NULL && Q != NULL && D != NULL && E != NULL )
-    {
-        if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
-        {
+    if (P != NULL && Q != NULL && D != NULL && E != NULL) {
+        if (mbedtls_mpi_cmp_int(P, 1) <= 0 ||
+            mbedtls_mpi_cmp_int(Q, 1) <= 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
 
         /* Compute DE-1 mod P-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, P, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L));
+        if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
 
         /* Compute DE-1 mod Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L));
+        if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
@@ -383,85 +367,75 @@
 
 cleanup:
 
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
+    mbedtls_mpi_free(&K);
+    mbedtls_mpi_free(&L);
 
     /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
-    {
+    if (ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) {
         ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Check that RSA CRT parameters are in accordance with core parameters.
  */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
+int mbedtls_rsa_validate_crt(const mbedtls_mpi *P,  const mbedtls_mpi *Q,
+                             const mbedtls_mpi *D,  const mbedtls_mpi *DP,
+                             const mbedtls_mpi *DQ, const mbedtls_mpi *QP)
 {
     int ret = 0;
 
     mbedtls_mpi K, L;
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
+    mbedtls_mpi_init(&K);
+    mbedtls_mpi_init(&L);
 
     /* Check that DP - D == 0 mod P - 1 */
-    if( DP != NULL )
-    {
-        if( P == NULL )
-        {
+    if (DP != NULL) {
+        if (P == NULL) {
             ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
             goto cleanup;
         }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DP, D));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K));
 
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
+        if (mbedtls_mpi_cmp_int(&L, 0) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
     }
 
     /* Check that DQ - D == 0 mod Q - 1 */
-    if( DQ != NULL )
-    {
-        if( Q == NULL )
-        {
+    if (DQ != NULL) {
+        if (Q == NULL) {
             ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
             goto cleanup;
         }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DQ, D));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K));
 
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
+        if (mbedtls_mpi_cmp_int(&L, 0) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
     }
 
     /* Check that QP * Q - 1 == 0 mod P */
-    if( QP != NULL )
-    {
-        if( P == NULL || Q == NULL )
-        {
+    if (QP != NULL) {
+        if (P == NULL || Q == NULL) {
             ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
             goto cleanup;
         }
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, QP, Q));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, P));
+        if (mbedtls_mpi_cmp_int(&K, 0) != 0) {
             ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
             goto cleanup;
         }
@@ -470,17 +444,16 @@
 cleanup:
 
     /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 &&
+    if (ret != 0 &&
         ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
-        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-    {
+        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
         ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
     }
 
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
+    mbedtls_mpi_free(&K);
+    mbedtls_mpi_free(&L);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_RSA_C */
diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h
index d6fc8e5..3b22ba8 100644
--- a/library/rsa_alt_helpers.h
+++ b/library/rsa_alt_helpers.h
@@ -88,9 +88,9 @@
  *                 use the helper function \c mbedtls_rsa_validate_params.
  *
  */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
-                               mbedtls_mpi const *D,
-                               mbedtls_mpi *P, mbedtls_mpi *Q );
+int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E,
+                              mbedtls_mpi const *D,
+                              mbedtls_mpi *P, mbedtls_mpi *Q);
 
 /**
  * \brief          Compute RSA private exponent from
@@ -113,10 +113,10 @@
  * \note           This function does not check whether P and Q are primes.
  *
  */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D );
+int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P,
+                                        mbedtls_mpi const *Q,
+                                        mbedtls_mpi const *E,
+                                        mbedtls_mpi *D);
 
 
 /**
@@ -139,9 +139,9 @@
  *                 prime and whether D is a valid private exponent.
  *
  */
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP );
+int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q,
+                           const mbedtls_mpi *D, mbedtls_mpi *DP,
+                           mbedtls_mpi *DQ, mbedtls_mpi *QP);
 
 
 /**
@@ -174,11 +174,11 @@
  *                 to perform specific checks only. E.g., calling it with
  *                 (-,P,-,-,-) and a PRNG amounts to a primality check for P.
  */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng );
+int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P,
+                                const mbedtls_mpi *Q, const mbedtls_mpi *D,
+                                const mbedtls_mpi *E,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng);
 
 /**
  * \brief          Check validity of RSA CRT parameters
@@ -209,9 +209,9 @@
  *                 to perform specific checks only. E.g., calling it with the
  *                 parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
  */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
+int mbedtls_rsa_validate_crt(const mbedtls_mpi *P,  const mbedtls_mpi *Q,
+                             const mbedtls_mpi *D,  const mbedtls_mpi *DP,
+                             const mbedtls_mpi *DQ, const mbedtls_mpi *QP);
 
 #ifdef __cplusplus
 }
diff --git a/library/sha1.c b/library/sha1.c
index 5ae818a..4c9cbf5 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -36,21 +36,22 @@
 
 #if !defined(MBEDTLS_SHA1_ALT)
 
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
+    memset(ctx, 0, sizeof(mbedtls_sha1_context));
 }
 
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context));
 }
 
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src )
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
+                        const mbedtls_sha1_context *src)
 {
     *dst = *src;
 }
@@ -58,7 +59,7 @@
 /*
  * SHA-1 context setup
  */
-int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
+int mbedtls_sha1_starts(mbedtls_sha1_context *ctx)
 {
     ctx->total[0] = 0;
     ctx->total[1] = 0;
@@ -69,52 +70,51 @@
     ctx->state[3] = 0x10325476;
     ctx->state[4] = 0xC3D2E1F0;
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] )
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
+                                  const unsigned char data[64])
 {
-    struct
-    {
+    struct {
         uint32_t temp, W[16], A, B, C, D, E;
     } local;
 
-    local.W[ 0] = MBEDTLS_GET_UINT32_BE( data,  0 );
-    local.W[ 1] = MBEDTLS_GET_UINT32_BE( data,  4 );
-    local.W[ 2] = MBEDTLS_GET_UINT32_BE( data,  8 );
-    local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
-    local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
-    local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
-    local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
-    local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
-    local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
-    local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
-    local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
-    local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
-    local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
-    local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
-    local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
-    local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
+    local.W[0] = MBEDTLS_GET_UINT32_BE(data,  0);
+    local.W[1] = MBEDTLS_GET_UINT32_BE(data,  4);
+    local.W[2] = MBEDTLS_GET_UINT32_BE(data,  8);
+    local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12);
+    local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16);
+    local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20);
+    local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24);
+    local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28);
+    local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32);
+    local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36);
+    local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40);
+    local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44);
+    local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48);
+    local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52);
+    local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56);
+    local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60);
 
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
+#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
 
 #define R(t)                                                    \
     (                                                           \
-        local.temp = local.W[( (t) -  3 ) & 0x0F] ^             \
-                     local.W[( (t) -  8 ) & 0x0F] ^             \
-                     local.W[( (t) - 14 ) & 0x0F] ^             \
-                     local.W[  (t)        & 0x0F],              \
-        ( local.W[(t) & 0x0F] = S(local.temp,1) )               \
+        local.temp = local.W[((t) -  3) & 0x0F] ^             \
+                     local.W[((t) -  8) & 0x0F] ^             \
+                     local.W[((t) - 14) & 0x0F] ^             \
+                     local.W[(t)        & 0x0F],              \
+        (local.W[(t) & 0x0F] = S(local.temp, 1))               \
     )
 
-#define P(a,b,c,d,e,x)                                          \
+#define P(a, b, c, d, e, x)                                          \
     do                                                          \
     {                                                           \
-        (e) += S((a),5) + F((b),(c),(d)) + K + (x);             \
-        (b) = S((b),30);                                        \
-    } while( 0 )
+        (e) += S((a), 5) + F((b), (c), (d)) + K + (x);             \
+        (b) = S((b), 30);                                        \
+    } while (0)
 
     local.A = ctx->state[0];
     local.B = ctx->state[1];
@@ -122,110 +122,110 @@
     local.D = ctx->state[3];
     local.E = ctx->state[4];
 
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 #define K 0x5A827999
 
-    P( local.A, local.B, local.C, local.D, local.E, local.W[0]  );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[1]  );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[2]  );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[3]  );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[4]  );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[5]  );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[6]  );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[7]  );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[8]  );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[9]  );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[10] );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[11] );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[12] );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[13] );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[14] );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[15] );
-    P( local.E, local.A, local.B, local.C, local.D, R(16) );
-    P( local.D, local.E, local.A, local.B, local.C, R(17) );
-    P( local.C, local.D, local.E, local.A, local.B, R(18) );
-    P( local.B, local.C, local.D, local.E, local.A, R(19) );
+    P(local.A, local.B, local.C, local.D, local.E, local.W[0]);
+    P(local.E, local.A, local.B, local.C, local.D, local.W[1]);
+    P(local.D, local.E, local.A, local.B, local.C, local.W[2]);
+    P(local.C, local.D, local.E, local.A, local.B, local.W[3]);
+    P(local.B, local.C, local.D, local.E, local.A, local.W[4]);
+    P(local.A, local.B, local.C, local.D, local.E, local.W[5]);
+    P(local.E, local.A, local.B, local.C, local.D, local.W[6]);
+    P(local.D, local.E, local.A, local.B, local.C, local.W[7]);
+    P(local.C, local.D, local.E, local.A, local.B, local.W[8]);
+    P(local.B, local.C, local.D, local.E, local.A, local.W[9]);
+    P(local.A, local.B, local.C, local.D, local.E, local.W[10]);
+    P(local.E, local.A, local.B, local.C, local.D, local.W[11]);
+    P(local.D, local.E, local.A, local.B, local.C, local.W[12]);
+    P(local.C, local.D, local.E, local.A, local.B, local.W[13]);
+    P(local.B, local.C, local.D, local.E, local.A, local.W[14]);
+    P(local.A, local.B, local.C, local.D, local.E, local.W[15]);
+    P(local.E, local.A, local.B, local.C, local.D, R(16));
+    P(local.D, local.E, local.A, local.B, local.C, R(17));
+    P(local.C, local.D, local.E, local.A, local.B, R(18));
+    P(local.B, local.C, local.D, local.E, local.A, R(19));
 
 #undef K
 #undef F
 
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
 #define K 0x6ED9EBA1
 
-    P( local.A, local.B, local.C, local.D, local.E, R(20) );
-    P( local.E, local.A, local.B, local.C, local.D, R(21) );
-    P( local.D, local.E, local.A, local.B, local.C, R(22) );
-    P( local.C, local.D, local.E, local.A, local.B, R(23) );
-    P( local.B, local.C, local.D, local.E, local.A, R(24) );
-    P( local.A, local.B, local.C, local.D, local.E, R(25) );
-    P( local.E, local.A, local.B, local.C, local.D, R(26) );
-    P( local.D, local.E, local.A, local.B, local.C, R(27) );
-    P( local.C, local.D, local.E, local.A, local.B, R(28) );
-    P( local.B, local.C, local.D, local.E, local.A, R(29) );
-    P( local.A, local.B, local.C, local.D, local.E, R(30) );
-    P( local.E, local.A, local.B, local.C, local.D, R(31) );
-    P( local.D, local.E, local.A, local.B, local.C, R(32) );
-    P( local.C, local.D, local.E, local.A, local.B, R(33) );
-    P( local.B, local.C, local.D, local.E, local.A, R(34) );
-    P( local.A, local.B, local.C, local.D, local.E, R(35) );
-    P( local.E, local.A, local.B, local.C, local.D, R(36) );
-    P( local.D, local.E, local.A, local.B, local.C, R(37) );
-    P( local.C, local.D, local.E, local.A, local.B, R(38) );
-    P( local.B, local.C, local.D, local.E, local.A, R(39) );
+    P(local.A, local.B, local.C, local.D, local.E, R(20));
+    P(local.E, local.A, local.B, local.C, local.D, R(21));
+    P(local.D, local.E, local.A, local.B, local.C, R(22));
+    P(local.C, local.D, local.E, local.A, local.B, R(23));
+    P(local.B, local.C, local.D, local.E, local.A, R(24));
+    P(local.A, local.B, local.C, local.D, local.E, R(25));
+    P(local.E, local.A, local.B, local.C, local.D, R(26));
+    P(local.D, local.E, local.A, local.B, local.C, R(27));
+    P(local.C, local.D, local.E, local.A, local.B, R(28));
+    P(local.B, local.C, local.D, local.E, local.A, R(29));
+    P(local.A, local.B, local.C, local.D, local.E, R(30));
+    P(local.E, local.A, local.B, local.C, local.D, R(31));
+    P(local.D, local.E, local.A, local.B, local.C, R(32));
+    P(local.C, local.D, local.E, local.A, local.B, R(33));
+    P(local.B, local.C, local.D, local.E, local.A, R(34));
+    P(local.A, local.B, local.C, local.D, local.E, R(35));
+    P(local.E, local.A, local.B, local.C, local.D, R(36));
+    P(local.D, local.E, local.A, local.B, local.C, R(37));
+    P(local.C, local.D, local.E, local.A, local.B, R(38));
+    P(local.B, local.C, local.D, local.E, local.A, R(39));
 
 #undef K
 #undef F
 
-#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
 #define K 0x8F1BBCDC
 
-    P( local.A, local.B, local.C, local.D, local.E, R(40) );
-    P( local.E, local.A, local.B, local.C, local.D, R(41) );
-    P( local.D, local.E, local.A, local.B, local.C, R(42) );
-    P( local.C, local.D, local.E, local.A, local.B, R(43) );
-    P( local.B, local.C, local.D, local.E, local.A, R(44) );
-    P( local.A, local.B, local.C, local.D, local.E, R(45) );
-    P( local.E, local.A, local.B, local.C, local.D, R(46) );
-    P( local.D, local.E, local.A, local.B, local.C, R(47) );
-    P( local.C, local.D, local.E, local.A, local.B, R(48) );
-    P( local.B, local.C, local.D, local.E, local.A, R(49) );
-    P( local.A, local.B, local.C, local.D, local.E, R(50) );
-    P( local.E, local.A, local.B, local.C, local.D, R(51) );
-    P( local.D, local.E, local.A, local.B, local.C, R(52) );
-    P( local.C, local.D, local.E, local.A, local.B, R(53) );
-    P( local.B, local.C, local.D, local.E, local.A, R(54) );
-    P( local.A, local.B, local.C, local.D, local.E, R(55) );
-    P( local.E, local.A, local.B, local.C, local.D, R(56) );
-    P( local.D, local.E, local.A, local.B, local.C, R(57) );
-    P( local.C, local.D, local.E, local.A, local.B, R(58) );
-    P( local.B, local.C, local.D, local.E, local.A, R(59) );
+    P(local.A, local.B, local.C, local.D, local.E, R(40));
+    P(local.E, local.A, local.B, local.C, local.D, R(41));
+    P(local.D, local.E, local.A, local.B, local.C, R(42));
+    P(local.C, local.D, local.E, local.A, local.B, R(43));
+    P(local.B, local.C, local.D, local.E, local.A, R(44));
+    P(local.A, local.B, local.C, local.D, local.E, R(45));
+    P(local.E, local.A, local.B, local.C, local.D, R(46));
+    P(local.D, local.E, local.A, local.B, local.C, R(47));
+    P(local.C, local.D, local.E, local.A, local.B, R(48));
+    P(local.B, local.C, local.D, local.E, local.A, R(49));
+    P(local.A, local.B, local.C, local.D, local.E, R(50));
+    P(local.E, local.A, local.B, local.C, local.D, R(51));
+    P(local.D, local.E, local.A, local.B, local.C, R(52));
+    P(local.C, local.D, local.E, local.A, local.B, R(53));
+    P(local.B, local.C, local.D, local.E, local.A, R(54));
+    P(local.A, local.B, local.C, local.D, local.E, R(55));
+    P(local.E, local.A, local.B, local.C, local.D, R(56));
+    P(local.D, local.E, local.A, local.B, local.C, R(57));
+    P(local.C, local.D, local.E, local.A, local.B, R(58));
+    P(local.B, local.C, local.D, local.E, local.A, R(59));
 
 #undef K
 #undef F
 
-#define F(x,y,z) ((x) ^ (y) ^ (z))
+#define F(x, y, z) ((x) ^ (y) ^ (z))
 #define K 0xCA62C1D6
 
-    P( local.A, local.B, local.C, local.D, local.E, R(60) );
-    P( local.E, local.A, local.B, local.C, local.D, R(61) );
-    P( local.D, local.E, local.A, local.B, local.C, R(62) );
-    P( local.C, local.D, local.E, local.A, local.B, R(63) );
-    P( local.B, local.C, local.D, local.E, local.A, R(64) );
-    P( local.A, local.B, local.C, local.D, local.E, R(65) );
-    P( local.E, local.A, local.B, local.C, local.D, R(66) );
-    P( local.D, local.E, local.A, local.B, local.C, R(67) );
-    P( local.C, local.D, local.E, local.A, local.B, R(68) );
-    P( local.B, local.C, local.D, local.E, local.A, R(69) );
-    P( local.A, local.B, local.C, local.D, local.E, R(70) );
-    P( local.E, local.A, local.B, local.C, local.D, R(71) );
-    P( local.D, local.E, local.A, local.B, local.C, R(72) );
-    P( local.C, local.D, local.E, local.A, local.B, R(73) );
-    P( local.B, local.C, local.D, local.E, local.A, R(74) );
-    P( local.A, local.B, local.C, local.D, local.E, R(75) );
-    P( local.E, local.A, local.B, local.C, local.D, R(76) );
-    P( local.D, local.E, local.A, local.B, local.C, R(77) );
-    P( local.C, local.D, local.E, local.A, local.B, R(78) );
-    P( local.B, local.C, local.D, local.E, local.A, R(79) );
+    P(local.A, local.B, local.C, local.D, local.E, R(60));
+    P(local.E, local.A, local.B, local.C, local.D, R(61));
+    P(local.D, local.E, local.A, local.B, local.C, R(62));
+    P(local.C, local.D, local.E, local.A, local.B, R(63));
+    P(local.B, local.C, local.D, local.E, local.A, R(64));
+    P(local.A, local.B, local.C, local.D, local.E, R(65));
+    P(local.E, local.A, local.B, local.C, local.D, R(66));
+    P(local.D, local.E, local.A, local.B, local.C, R(67));
+    P(local.C, local.D, local.E, local.A, local.B, R(68));
+    P(local.B, local.C, local.D, local.E, local.A, R(69));
+    P(local.A, local.B, local.C, local.D, local.E, R(70));
+    P(local.E, local.A, local.B, local.C, local.D, R(71));
+    P(local.D, local.E, local.A, local.B, local.C, R(72));
+    P(local.C, local.D, local.E, local.A, local.B, R(73));
+    P(local.B, local.C, local.D, local.E, local.A, R(74));
+    P(local.A, local.B, local.C, local.D, local.E, R(75));
+    P(local.E, local.A, local.B, local.C, local.D, R(76));
+    P(local.D, local.E, local.A, local.B, local.C, R(77));
+    P(local.C, local.D, local.E, local.A, local.B, R(78));
+    P(local.B, local.C, local.D, local.E, local.A, R(79));
 
 #undef K
 #undef F
@@ -237,9 +237,9 @@
     ctx->state[4] += local.E;
 
     /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
+    mbedtls_platform_zeroize(&local, sizeof(local));
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
@@ -247,16 +247,17 @@
 /*
  * SHA-1 process buffer
  */
-int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen )
+int mbedtls_sha1_update(mbedtls_sha1_context *ctx,
+                        const unsigned char *input,
+                        size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t fill;
     uint32_t left;
 
-    if( ilen == 0 )
-        return( 0 );
+    if (ilen == 0) {
+        return 0;
+    }
 
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
@@ -264,41 +265,43 @@
     ctx->total[0] += (uint32_t) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
-    if( ctx->total[0] < (uint32_t) ilen )
+    if (ctx->total[0] < (uint32_t) ilen) {
         ctx->total[1]++;
+    }
 
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
+    if (left && ilen >= fill) {
+        memcpy((void *) (ctx->buffer + left), input, fill);
 
-        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
         left = 0;
     }
 
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
-            return( ret );
+    while (ilen >= 64) {
+        if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) {
+            return ret;
+        }
 
         input += 64;
         ilen  -= 64;
     }
 
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    if (ilen > 0) {
+        memcpy((void *) (ctx->buffer + left), input, ilen);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * SHA-1 final digest
  */
-int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                             unsigned char output[20] )
+int mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
+                        unsigned char output[20])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t used;
@@ -311,45 +314,44 @@
 
     ctx->buffer[used++] = 0x80;
 
-    if( used <= 56 )
-    {
+    if (used <= 56) {
         /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
+        memset(ctx->buffer + used, 0, 56 - used);
+    } else {
         /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 64 - used );
+        memset(ctx->buffer + used, 0, 64 - used);
 
-        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
-        memset( ctx->buffer, 0, 56 );
+        memset(ctx->buffer, 0, 56);
     }
 
     /*
      * Add message length
      */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
+    high = (ctx->total[0] >> 29)
+           | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
 
-    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
+    MBEDTLS_PUT_UINT32_BE(low,  ctx->buffer, 60);
 
-    if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
+        return ret;
+    }
 
     /*
      * Output final state
      */
-    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
+    MBEDTLS_PUT_UINT32_BE(ctx->state[0], output,  0);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[1], output,  4);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[2], output,  8);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA1_ALT */
@@ -357,28 +359,31 @@
 /*
  * output = SHA-1( input buffer )
  */
-int mbedtls_sha1( const unsigned char *input,
-                      size_t ilen,
-                      unsigned char output[20] )
+int mbedtls_sha1(const unsigned char *input,
+                 size_t ilen,
+                 unsigned char output[20])
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha1_context ctx;
 
-    mbedtls_sha1_init( &ctx );
+    mbedtls_sha1_init(&ctx);
 
-    if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
+    if ((ret = mbedtls_sha1_starts(&ctx)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha1_update( &ctx, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_sha1_update(&ctx, input, ilen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha1_finish( &ctx, output ) ) != 0 )
+    if ((ret = mbedtls_sha1_finish(&ctx, output)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_sha1_free( &ctx );
+    mbedtls_sha1_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -410,71 +415,73 @@
 /*
  * Checkup routine
  */
-int mbedtls_sha1_self_test( int verbose )
+int mbedtls_sha1_self_test(int verbose)
 {
     int i, j, buflen, ret = 0;
     unsigned char buf[1024];
     unsigned char sha1sum[20];
     mbedtls_sha1_context ctx;
 
-    mbedtls_sha1_init( &ctx );
+    mbedtls_sha1_init(&ctx);
 
     /*
      * SHA-1
      */
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
+    for (i = 0; i < 3; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  SHA-1 test #%d: ", i + 1);
+        }
 
-        if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
+        if ((ret = mbedtls_sha1_starts(&ctx)) != 0) {
             goto fail;
+        }
 
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
+        if (i == 2) {
+            memset(buf, 'a', buflen = 1000);
 
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha1_update( &ctx, buf, buflen );
-                if( ret != 0 )
+            for (j = 0; j < 1000; j++) {
+                ret = mbedtls_sha1_update(&ctx, buf, buflen);
+                if (ret != 0) {
                     goto fail;
+                }
+            }
+        } else {
+            ret = mbedtls_sha1_update(&ctx, sha1_test_buf[i],
+                                      sha1_test_buflen[i]);
+            if (ret != 0) {
+                goto fail;
             }
         }
-        else
-        {
-            ret = mbedtls_sha1_update( &ctx, sha1_test_buf[i],
-                                           sha1_test_buflen[i] );
-            if( ret != 0 )
-                goto fail;
+
+        if ((ret = mbedtls_sha1_finish(&ctx, sha1sum)) != 0) {
+            goto fail;
         }
 
-        if( ( ret = mbedtls_sha1_finish( &ctx, sha1sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
-        {
+        if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
             ret = 1;
             goto fail;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
     goto exit;
 
 fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
 exit:
-    mbedtls_sha1_free( &ctx );
+    mbedtls_sha1_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */
diff --git a/library/sha256.c b/library/sha256.c
index 6e6a58f..16fd20d 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -36,22 +36,22 @@
 
 #if defined(__aarch64__)
 #  if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
-      defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+    defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
 #    include <arm_neon.h>
 #  endif
 #  if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
 #    if defined(__unix__)
 #      if defined(__linux__)
-         /* Our preferred method of detection is getauxval() */
+/* Our preferred method of detection is getauxval() */
 #        include <sys/auxv.h>
 #      endif
-       /* Use SIGILL on Unix, and fall back to it on Linux */
+/* Use SIGILL on Unix, and fall back to it on Linux */
 #      include <signal.h>
 #    endif
 #  endif
 #elif defined(_M_ARM64)
 #  if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
-      defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+    defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
 #    include <arm64_neon.h>
 #  endif
 #else
@@ -65,24 +65,24 @@
  * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
  */
 #if defined(HWCAP_SHA2)
-static int mbedtls_a64_crypto_sha256_determine_support( void )
+static int mbedtls_a64_crypto_sha256_determine_support(void)
 {
-    return( ( getauxval( AT_HWCAP ) & HWCAP_SHA2 ) ? 1 : 0 );
+    return (getauxval(AT_HWCAP) & HWCAP_SHA2) ? 1 : 0;
 }
 #elif defined(__APPLE__)
-static int mbedtls_a64_crypto_sha256_determine_support( void )
+static int mbedtls_a64_crypto_sha256_determine_support(void)
 {
-    return( 1 );
+    return 1;
 }
 #elif defined(_M_ARM64)
 #define WIN32_LEAN_AND_MEAN
 #include <Windows.h>
 #include <processthreadsapi.h>
 
-static int mbedtls_a64_crypto_sha256_determine_support( void )
+static int mbedtls_a64_crypto_sha256_determine_support(void)
 {
-    return( IsProcessorFeaturePresent( PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE ) ?
-            1 : 0 );
+    return IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) ?
+           1 : 0;
 }
 #elif defined(__unix__) && defined(SIG_SETMASK)
 /* Detection with SIGILL, setjmp() and longjmp() */
@@ -100,39 +100,39 @@
 /*
  * A64 SHA256 support detection via SIGILL
  */
-static void sigill_handler( int signal )
+static void sigill_handler(int signal)
 {
     (void) signal;
-    longjmp( return_from_sigill, 1 );
+    longjmp(return_from_sigill, 1);
 }
 
-static int mbedtls_a64_crypto_sha256_determine_support( void )
+static int mbedtls_a64_crypto_sha256_determine_support(void)
 {
     struct sigaction old_action, new_action;
 
     sigset_t old_mask;
-    if( sigprocmask( 0, NULL, &old_mask ) )
-        return( 0 );
+    if (sigprocmask(0, NULL, &old_mask)) {
+        return 0;
+    }
 
-    sigemptyset( &new_action.sa_mask );
+    sigemptyset(&new_action.sa_mask);
     new_action.sa_flags = 0;
     new_action.sa_handler = sigill_handler;
 
-    sigaction( SIGILL, &new_action, &old_action );
+    sigaction(SIGILL, &new_action, &old_action);
 
     static int ret = 0;
 
-    if( setjmp( return_from_sigill ) == 0 )        /* First return only */
-    {
+    if (setjmp(return_from_sigill) == 0) {         /* First return only */
         /* If this traps, we will return a second time from setjmp() with 1 */
-        asm( "sha256h q0, q0, v0.4s" : : : "v0" );
+        asm ("sha256h q0, q0, v0.4s" : : : "v0");
         ret = 1;
     }
 
-    sigaction( SIGILL, &old_action, NULL );
-    sigprocmask( SIG_SETMASK, &old_mask, NULL );
+    sigaction(SIGILL, &old_action, NULL);
+    sigprocmask(SIG_SETMASK, &old_mask, NULL);
 
-    return( ret );
+    return ret;
 }
 #else
 #warning "No mechanism to detect A64_CRYPTO found, using C code only"
@@ -145,21 +145,22 @@
 
 #define SHA256_BLOCK_SIZE 64
 
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
+    memset(ctx, 0, sizeof(mbedtls_sha256_context));
 }
 
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context));
 }
 
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src )
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
+                          const mbedtls_sha256_context *src)
 {
     *dst = *src;
 }
@@ -167,24 +168,26 @@
 /*
  * SHA-256 context setup
  */
-int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224)
 {
 #if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
-    if( is224 != 0 && is224 != 1 )
+    if (is224 != 0 && is224 != 1) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #elif defined(MBEDTLS_SHA256_C)
-    if( is224 != 0 )
+    if (is224 != 0) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #else /* defined MBEDTLS_SHA224_C only */
-    if( is224 == 0 )
+    if (is224 == 0) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #endif
 
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
-    if( is224 == 0 )
-    {
+    if (is224 == 0) {
 #if defined(MBEDTLS_SHA256_C)
         ctx->state[0] = 0x6A09E667;
         ctx->state[1] = 0xBB67AE85;
@@ -195,9 +198,7 @@
         ctx->state[6] = 0x1F83D9AB;
         ctx->state[7] = 0x5BE0CD19;
 #endif
-    }
-    else
-    {
+    } else {
 #if defined(MBEDTLS_SHA224_C)
         ctx->state[0] = 0xC1059ED8;
         ctx->state[1] = 0x367CD507;
@@ -214,7 +215,7 @@
     ctx->is224 = is224;
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
@@ -249,100 +250,98 @@
 #endif
 
 static size_t mbedtls_internal_sha256_process_many_a64_crypto(
-                  mbedtls_sha256_context *ctx, const uint8_t *msg, size_t len )
+    mbedtls_sha256_context *ctx, const uint8_t *msg, size_t len)
 {
-    uint32x4_t abcd = vld1q_u32( &ctx->state[0] );
-    uint32x4_t efgh = vld1q_u32( &ctx->state[4] );
+    uint32x4_t abcd = vld1q_u32(&ctx->state[0]);
+    uint32x4_t efgh = vld1q_u32(&ctx->state[4]);
 
     size_t processed = 0;
 
-    for( ;
+    for (;
          len >= SHA256_BLOCK_SIZE;
          processed += SHA256_BLOCK_SIZE,
-               msg += SHA256_BLOCK_SIZE,
-               len -= SHA256_BLOCK_SIZE )
-    {
+         msg += SHA256_BLOCK_SIZE,
+         len -= SHA256_BLOCK_SIZE) {
         uint32x4_t tmp, abcd_prev;
 
         uint32x4_t abcd_orig = abcd;
         uint32x4_t efgh_orig = efgh;
 
-        uint32x4_t sched0 = (uint32x4_t) vld1q_u8( msg + 16 * 0 );
-        uint32x4_t sched1 = (uint32x4_t) vld1q_u8( msg + 16 * 1 );
-        uint32x4_t sched2 = (uint32x4_t) vld1q_u8( msg + 16 * 2 );
-        uint32x4_t sched3 = (uint32x4_t) vld1q_u8( msg + 16 * 3 );
+        uint32x4_t sched0 = (uint32x4_t) vld1q_u8(msg + 16 * 0);
+        uint32x4_t sched1 = (uint32x4_t) vld1q_u8(msg + 16 * 1);
+        uint32x4_t sched2 = (uint32x4_t) vld1q_u8(msg + 16 * 2);
+        uint32x4_t sched3 = (uint32x4_t) vld1q_u8(msg + 16 * 3);
 
 #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__  /* Will be true if not defined */
                                                /* Untested on BE */
-        sched0 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched0 ) ) );
-        sched1 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched1 ) ) );
-        sched2 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched2 ) ) );
-        sched3 = vreinterpretq_u32_u8( vrev32q_u8( vreinterpretq_u8_u32( sched3 ) ) );
+        sched0 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(sched0)));
+        sched1 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(sched1)));
+        sched2 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(sched2)));
+        sched3 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(sched3)));
 #endif
 
         /* Rounds 0 to 3 */
-        tmp = vaddq_u32( sched0, vld1q_u32( &K[0] ) );
+        tmp = vaddq_u32(sched0, vld1q_u32(&K[0]));
         abcd_prev = abcd;
-        abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-        efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+        abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+        efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
         /* Rounds 4 to 7 */
-        tmp = vaddq_u32( sched1, vld1q_u32( &K[4] ) );
+        tmp = vaddq_u32(sched1, vld1q_u32(&K[4]));
         abcd_prev = abcd;
-        abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-        efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+        abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+        efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
         /* Rounds 8 to 11 */
-        tmp = vaddq_u32( sched2, vld1q_u32( &K[8] ) );
+        tmp = vaddq_u32(sched2, vld1q_u32(&K[8]));
         abcd_prev = abcd;
-        abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-        efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+        abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+        efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
         /* Rounds 12 to 15 */
-        tmp = vaddq_u32( sched3, vld1q_u32( &K[12] ) );
+        tmp = vaddq_u32(sched3, vld1q_u32(&K[12]));
         abcd_prev = abcd;
-        abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-        efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+        abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+        efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
-        for( int t = 16; t < 64; t += 16 )
-        {
+        for (int t = 16; t < 64; t += 16) {
             /* Rounds t to t + 3 */
-            sched0 = vsha256su1q_u32( vsha256su0q_u32( sched0, sched1 ), sched2, sched3 );
-            tmp = vaddq_u32( sched0, vld1q_u32( &K[t] ) );
+            sched0 = vsha256su1q_u32(vsha256su0q_u32(sched0, sched1), sched2, sched3);
+            tmp = vaddq_u32(sched0, vld1q_u32(&K[t]));
             abcd_prev = abcd;
-            abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-            efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+            abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+            efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
             /* Rounds t + 4 to t + 7 */
-            sched1 = vsha256su1q_u32( vsha256su0q_u32( sched1, sched2 ), sched3, sched0 );
-            tmp = vaddq_u32( sched1, vld1q_u32( &K[t + 4] ) );
+            sched1 = vsha256su1q_u32(vsha256su0q_u32(sched1, sched2), sched3, sched0);
+            tmp = vaddq_u32(sched1, vld1q_u32(&K[t + 4]));
             abcd_prev = abcd;
-            abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-            efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+            abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+            efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
             /* Rounds t + 8 to t + 11 */
-            sched2 = vsha256su1q_u32( vsha256su0q_u32( sched2, sched3 ), sched0, sched1 );
-            tmp = vaddq_u32( sched2, vld1q_u32( &K[t + 8] ) );
+            sched2 = vsha256su1q_u32(vsha256su0q_u32(sched2, sched3), sched0, sched1);
+            tmp = vaddq_u32(sched2, vld1q_u32(&K[t + 8]));
             abcd_prev = abcd;
-            abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-            efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+            abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+            efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
 
             /* Rounds t + 12 to t + 15 */
-            sched3 = vsha256su1q_u32( vsha256su0q_u32( sched3, sched0 ), sched1, sched2 );
-            tmp = vaddq_u32( sched3, vld1q_u32( &K[t + 12] ) );
+            sched3 = vsha256su1q_u32(vsha256su0q_u32(sched3, sched0), sched1, sched2);
+            tmp = vaddq_u32(sched3, vld1q_u32(&K[t + 12]));
             abcd_prev = abcd;
-            abcd = vsha256hq_u32( abcd_prev, efgh, tmp );
-            efgh = vsha256h2q_u32( efgh, abcd_prev, tmp );
+            abcd = vsha256hq_u32(abcd_prev, efgh, tmp);
+            efgh = vsha256h2q_u32(efgh, abcd_prev, tmp);
         }
 
-        abcd = vaddq_u32( abcd, abcd_orig );
-        efgh = vaddq_u32( efgh, efgh_orig );
+        abcd = vaddq_u32(abcd, abcd_orig);
+        efgh = vaddq_u32(efgh, efgh_orig);
     }
 
-    vst1q_u32( &ctx->state[0], abcd );
-    vst1q_u32( &ctx->state[4], efgh );
+    vst1q_u32(&ctx->state[0], abcd);
+    vst1q_u32(&ctx->state[4], efgh);
 
-    return( processed );
+    return processed;
 }
 
 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
@@ -352,11 +351,12 @@
  */
 static
 #endif
-int mbedtls_internal_sha256_process_a64_crypto( mbedtls_sha256_context *ctx,
-        const unsigned char data[SHA256_BLOCK_SIZE] )
+int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx,
+                                               const unsigned char data[SHA256_BLOCK_SIZE])
 {
-    return( ( mbedtls_internal_sha256_process_many_a64_crypto( ctx, data,
-                SHA256_BLOCK_SIZE ) == SHA256_BLOCK_SIZE ) ? 0 : -1 );
+    return (mbedtls_internal_sha256_process_many_a64_crypto(ctx, data,
+                                                            SHA256_BLOCK_SIZE) ==
+            SHA256_BLOCK_SIZE) ? 0 : -1;
 }
 
 #endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
@@ -371,17 +371,17 @@
 #if !defined(MBEDTLS_SHA256_PROCESS_ALT) && \
     !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
 
-#define  SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
-#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
+#define  SHR(x, n) (((x) & 0xFFFFFFFF) >> (n))
+#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n))))
 
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
+#define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^  SHR(x, 3))
+#define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^  SHR(x, 10))
 
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
 
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 
 #define R(t)                                                        \
     (                                                               \
@@ -389,13 +389,13 @@
                      S0(local.W[(t) - 15]) + local.W[(t) - 16]      \
     )
 
-#define P(a,b,c,d,e,f,g,h,x,K)                                      \
+#define P(a, b, c, d, e, f, g, h, x, K)                                      \
     do                                                              \
     {                                                               \
-        local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x);    \
-        local.temp2 = S2(a) + F0((a),(b),(c));                      \
+        local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x);    \
+        local.temp2 = S2(a) + F0((a), (b), (c));                      \
         (d) += local.temp1; (h) = local.temp1 + local.temp2;        \
-    } while( 0 )
+    } while (0)
 
 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
 /*
@@ -404,30 +404,30 @@
  */
 static
 #endif
-int mbedtls_internal_sha256_process_c( mbedtls_sha256_context *ctx,
-                                const unsigned char data[SHA256_BLOCK_SIZE] )
+int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx,
+                                      const unsigned char data[SHA256_BLOCK_SIZE])
 {
-    struct
-    {
+    struct {
         uint32_t temp1, temp2, W[64];
         uint32_t A[8];
     } local;
 
     unsigned int i;
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
         local.A[i] = ctx->state[i];
+    }
 
 #if defined(MBEDTLS_SHA256_SMALLER)
-    for( i = 0; i < 64; i++ )
-    {
-        if( i < 16 )
-            local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
-        else
-            R( i );
+    for (i = 0; i < 64; i++) {
+        if (i < 16) {
+            local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
+        } else {
+            R(i);
+        }
 
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
+        P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+          local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
 
         local.temp1 = local.A[7]; local.A[7] = local.A[6];
         local.A[6] = local.A[5]; local.A[5] = local.A[4];
@@ -436,57 +436,57 @@
         local.A[0] = local.temp1;
     }
 #else /* MBEDTLS_SHA256_SMALLER */
-    for( i = 0; i < 16; i++ )
-        local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
-
-    for( i = 0; i < 16; i += 8 )
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
+    for (i = 0; i < 16; i++) {
+        local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
     }
 
-    for( i = 16; i < 64; i += 8 )
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
+    for (i = 0; i < 16; i += 8) {
+        P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+          local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]);
+        P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+          local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]);
+        P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+          local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]);
+        P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+          local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]);
+        P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+          local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]);
+        P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+          local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]);
+        P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+          local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]);
+        P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+          local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]);
+    }
+
+    for (i = 16; i < 64; i += 8) {
+        P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+          local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]);
+        P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+          local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]);
+        P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+          local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]);
+        P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+          local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]);
+        P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+          local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]);
+        P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+          local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]);
+        P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+          local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]);
+        P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+          local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]);
     }
 #endif /* MBEDTLS_SHA256_SMALLER */
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
         ctx->state[i] += local.A[i];
+    }
 
     /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
+    mbedtls_platform_zeroize(&local, sizeof(local));
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA256_PROCESS_ALT && !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
@@ -495,14 +495,14 @@
 #if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
 
 static size_t mbedtls_internal_sha256_process_many_c(
-                  mbedtls_sha256_context *ctx, const uint8_t *data, size_t len )
+    mbedtls_sha256_context *ctx, const uint8_t *data, size_t len)
 {
     size_t processed = 0;
 
-    while( len >= SHA256_BLOCK_SIZE )
-    {
-        if( mbedtls_internal_sha256_process_c( ctx, data ) != 0 )
-            return( 0 );
+    while (len >= SHA256_BLOCK_SIZE) {
+        if (mbedtls_internal_sha256_process_c(ctx, data) != 0) {
+            return 0;
+        }
 
         data += SHA256_BLOCK_SIZE;
         len  -= SHA256_BLOCK_SIZE;
@@ -510,7 +510,7 @@
         processed += SHA256_BLOCK_SIZE;
     }
 
-    return( processed );
+    return processed;
 }
 
 #endif /* !MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
@@ -518,36 +518,37 @@
 
 #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
 
-static int mbedtls_a64_crypto_sha256_has_support( void )
+static int mbedtls_a64_crypto_sha256_has_support(void)
 {
     static int done = 0;
     static int supported = 0;
 
-    if( !done )
-    {
+    if (!done) {
         supported = mbedtls_a64_crypto_sha256_determine_support();
         done = 1;
     }
 
-    return( supported );
+    return supported;
 }
 
-static size_t mbedtls_internal_sha256_process_many( mbedtls_sha256_context *ctx,
-                  const uint8_t *msg, size_t len )
+static size_t mbedtls_internal_sha256_process_many(mbedtls_sha256_context *ctx,
+                                                   const uint8_t *msg, size_t len)
 {
-    if( mbedtls_a64_crypto_sha256_has_support() )
-        return( mbedtls_internal_sha256_process_many_a64_crypto( ctx, msg, len ) );
-    else
-        return( mbedtls_internal_sha256_process_many_c( ctx, msg, len ) );
+    if (mbedtls_a64_crypto_sha256_has_support()) {
+        return mbedtls_internal_sha256_process_many_a64_crypto(ctx, msg, len);
+    } else {
+        return mbedtls_internal_sha256_process_many_c(ctx, msg, len);
+    }
 }
 
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-        const unsigned char data[SHA256_BLOCK_SIZE] )
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
+                                    const unsigned char data[SHA256_BLOCK_SIZE])
 {
-    if( mbedtls_a64_crypto_sha256_has_support() )
-        return( mbedtls_internal_sha256_process_a64_crypto( ctx, data ) );
-    else
-        return( mbedtls_internal_sha256_process_c( ctx, data ) );
+    if (mbedtls_a64_crypto_sha256_has_support()) {
+        return mbedtls_internal_sha256_process_a64_crypto(ctx, data);
+    } else {
+        return mbedtls_internal_sha256_process_c(ctx, data);
+    }
 }
 
 #endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
@@ -556,16 +557,17 @@
 /*
  * SHA-256 process buffer
  */
-int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
+int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
+                          const unsigned char *input,
+                          size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t fill;
     uint32_t left;
 
-    if( ilen == 0 )
-        return( 0 );
+    if (ilen == 0) {
+        return 0;
+    }
 
     left = ctx->total[0] & 0x3F;
     fill = SHA256_BLOCK_SIZE - left;
@@ -573,43 +575,45 @@
     ctx->total[0] += (uint32_t) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
-    if( ctx->total[0] < (uint32_t) ilen )
+    if (ctx->total[0] < (uint32_t) ilen) {
         ctx->total[1]++;
+    }
 
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
+    if (left && ilen >= fill) {
+        memcpy((void *) (ctx->buffer + left), input, fill);
 
-        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
         left = 0;
     }
 
-    while( ilen >= SHA256_BLOCK_SIZE )
-    {
+    while (ilen >= SHA256_BLOCK_SIZE) {
         size_t processed =
-                    mbedtls_internal_sha256_process_many( ctx, input, ilen );
-        if( processed < SHA256_BLOCK_SIZE )
-            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+            mbedtls_internal_sha256_process_many(ctx, input, ilen);
+        if (processed < SHA256_BLOCK_SIZE) {
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+        }
 
         input += processed;
         ilen  -= processed;
     }
 
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    if (ilen > 0) {
+        memcpy((void *) (ctx->buffer + left), input, ilen);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * SHA-256 final digest
  */
-int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                               unsigned char *output )
+int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
+                          unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t used;
@@ -622,54 +626,54 @@
 
     ctx->buffer[used++] = 0x80;
 
-    if( used <= 56 )
-    {
+    if (used <= 56) {
         /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
+        memset(ctx->buffer + used, 0, 56 - used);
+    } else {
         /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used );
+        memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used);
 
-        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
-        memset( ctx->buffer, 0, 56 );
+        memset(ctx->buffer, 0, 56);
     }
 
     /*
      * Add message length
      */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
+    high = (ctx->total[0] >> 29)
+           | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
 
-    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
+    MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
+    MBEDTLS_PUT_UINT32_BE(low,  ctx->buffer, 60);
 
-    if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
+        return ret;
+    }
 
     /*
      * Output final state
      */
-    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
+    MBEDTLS_PUT_UINT32_BE(ctx->state[0], output,  0);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[1], output,  4);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[2], output,  8);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
+    MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);
 
     int truncated = 0;
 #if defined(MBEDTLS_SHA224_C)
     truncated = ctx->is224;
 #endif
-    if( !truncated )
-        MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
+    if (!truncated) {
+        MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA256_ALT */
@@ -677,40 +681,46 @@
 /*
  * output = SHA-256( input buffer )
  */
-int mbedtls_sha256( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char *output,
-                        int is224 )
+int mbedtls_sha256(const unsigned char *input,
+                   size_t ilen,
+                   unsigned char *output,
+                   int is224)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha256_context ctx;
 
 #if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
-    if( is224 != 0 && is224 != 1 )
+    if (is224 != 0 && is224 != 1) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #elif defined(MBEDTLS_SHA256_C)
-    if( is224 != 0 )
+    if (is224 != 0) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #else /* defined MBEDTLS_SHA224_C only */
-    if( is224 == 0 )
+    if (is224 == 0) {
         return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
+    }
 #endif
 
-    mbedtls_sha256_init( &ctx );
+    mbedtls_sha256_init(&ctx);
 
-    if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
+    if ((ret = mbedtls_sha256_starts(&ctx, is224)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha256_update( &ctx, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_sha256_update(&ctx, input, ilen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha256_finish( &ctx, output ) ) != 0 )
+    if ((ret = mbedtls_sha256_finish(&ctx, output)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_sha256_free( &ctx );
+    mbedtls_sha256_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -776,7 +786,7 @@
 /*
  * Checkup routine
  */
-static int mbedtls_sha256_common_self_test( int verbose, int is224 )
+static int mbedtls_sha256_common_self_test(int verbose, int is224)
 {
     int i, buflen, ret = 0;
     unsigned char *buf;
@@ -784,93 +794,95 @@
     mbedtls_sha256_context ctx;
 
 #if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
-    sha_test_sum_t* sha_test_sum = ( is224 ) ? sha224_test_sum : sha256_test_sum;
+    sha_test_sum_t *sha_test_sum = (is224) ? sha224_test_sum : sha256_test_sum;
 #elif defined(MBEDTLS_SHA256_C)
-    sha_test_sum_t* sha_test_sum = sha256_test_sum;
+    sha_test_sum_t *sha_test_sum = sha256_test_sum;
 #else
-    sha_test_sum_t* sha_test_sum = sha224_test_sum;
+    sha_test_sum_t *sha_test_sum = sha224_test_sum;
 #endif
 
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
+    buf = mbedtls_calloc(1024, sizeof(unsigned char));
+    if (NULL == buf) {
+        if (verbose != 0) {
+            mbedtls_printf("Buffer allocation failed\n");
+        }
 
-        return( 1 );
+        return 1;
     }
 
-    mbedtls_sha256_init( &ctx );
+    mbedtls_sha256_init(&ctx);
 
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 256 - is224 * 32, i + 1 );
+    for (i = 0; i < 3; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  SHA-%d test #%d: ", 256 - is224 * 32, i + 1);
+        }
 
-        if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
+        if ((ret = mbedtls_sha256_starts(&ctx, is224)) != 0) {
             goto fail;
+        }
 
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
+        if (i == 2) {
+            memset(buf, 'a', buflen = 1000);
 
-            for( int j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha256_update( &ctx, buf, buflen );
-                if( ret != 0 )
+            for (int j = 0; j < 1000; j++) {
+                ret = mbedtls_sha256_update(&ctx, buf, buflen);
+                if (ret != 0) {
                     goto fail;
+                }
             }
 
-        }
-        else
-        {
-            ret = mbedtls_sha256_update( &ctx, sha_test_buf[i],
-                                             sha_test_buflen[i] );
-            if( ret != 0 )
-                 goto fail;
+        } else {
+            ret = mbedtls_sha256_update(&ctx, sha_test_buf[i],
+                                        sha_test_buflen[i]);
+            if (ret != 0) {
+                goto fail;
+            }
         }
 
-        if( ( ret = mbedtls_sha256_finish( &ctx, sha256sum ) ) != 0 )
+        if ((ret = mbedtls_sha256_finish(&ctx, sha256sum)) != 0) {
             goto fail;
+        }
 
 
-        if( memcmp( sha256sum, sha_test_sum[i], 32 - is224 * 4 ) != 0 )
-        {
+        if (memcmp(sha256sum, sha_test_sum[i], 32 - is224 * 4) != 0) {
             ret = 1;
             goto fail;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
     goto exit;
 
 fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
 exit:
-    mbedtls_sha256_free( &ctx );
-    mbedtls_free( buf );
+    mbedtls_sha256_free(&ctx);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SHA256_C)
-int mbedtls_sha256_self_test( int verbose )
+int mbedtls_sha256_self_test(int verbose)
 {
-    return mbedtls_sha256_common_self_test( verbose, 0 );
+    return mbedtls_sha256_common_self_test(verbose, 0);
 }
 #endif /* MBEDTLS_SHA256_C */
 
 #if defined(MBEDTLS_SHA224_C)
-int mbedtls_sha224_self_test( int verbose )
+int mbedtls_sha224_self_test(int verbose)
 {
-    return mbedtls_sha256_common_self_test( verbose, 1 );
+    return mbedtls_sha256_common_self_test(verbose, 1);
 }
 #endif /* MBEDTLS_SHA224_C */
 
diff --git a/library/sha512.c b/library/sha512.c
index 46e3dab..0ea6421 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -42,22 +42,22 @@
 
 #if defined(__aarch64__)
 #  if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
-      defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+    defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
 #    include <arm_neon.h>
 #  endif
 #  if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
 #    if defined(__unix__)
 #      if defined(__linux__)
-         /* Our preferred method of detection is getauxval() */
+/* Our preferred method of detection is getauxval() */
 #        include <sys/auxv.h>
 #      endif
-       /* Use SIGILL on Unix, and fall back to it on Linux */
+/* Use SIGILL on Unix, and fall back to it on Linux */
 #      include <signal.h>
 #    endif
 #  endif
 #elif defined(_M_ARM64)
 #  if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
-      defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+    defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
 #    include <arm64_neon.h>
 #  endif
 #else
@@ -71,22 +71,22 @@
  * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
  */
 #if defined(HWCAP_SHA512)
-static int mbedtls_a64_crypto_sha512_determine_support( void )
+static int mbedtls_a64_crypto_sha512_determine_support(void)
 {
-    return( ( getauxval( AT_HWCAP ) & HWCAP_SHA512 ) ? 1 : 0 );
+    return (getauxval(AT_HWCAP) & HWCAP_SHA512) ? 1 : 0;
 }
 #elif defined(__APPLE__)
 #include <sys/types.h>
 #include <sys/sysctl.h>
 
-static int mbedtls_a64_crypto_sha512_determine_support( void )
+static int mbedtls_a64_crypto_sha512_determine_support(void)
 {
     int value = 0;
     size_t value_len = sizeof(value);
 
-    int ret = sysctlbyname( "hw.optional.armv8_2_sha512", &value, &value_len,
-                            NULL, 0 );
-    return( ret == 0 && value != 0 );
+    int ret = sysctlbyname("hw.optional.armv8_2_sha512", &value, &value_len,
+                           NULL, 0);
+    return ret == 0 && value != 0;
 }
 #elif defined(_M_ARM64)
 /*
@@ -115,39 +115,39 @@
 /*
  * A64 SHA512 support detection via SIGILL
  */
-static void sigill_handler( int signal )
+static void sigill_handler(int signal)
 {
     (void) signal;
-    longjmp( return_from_sigill, 1 );
+    longjmp(return_from_sigill, 1);
 }
 
-static int mbedtls_a64_crypto_sha512_determine_support( void )
+static int mbedtls_a64_crypto_sha512_determine_support(void)
 {
     struct sigaction old_action, new_action;
 
     sigset_t old_mask;
-    if( sigprocmask( 0, NULL, &old_mask ) )
-        return( 0 );
+    if (sigprocmask(0, NULL, &old_mask)) {
+        return 0;
+    }
 
-    sigemptyset( &new_action.sa_mask );
+    sigemptyset(&new_action.sa_mask);
     new_action.sa_flags = 0;
     new_action.sa_handler = sigill_handler;
 
-    sigaction( SIGILL, &new_action, &old_action );
+    sigaction(SIGILL, &new_action, &old_action);
 
     static int ret = 0;
 
-    if( setjmp( return_from_sigill ) == 0 )        /* First return only */
-    {
+    if (setjmp(return_from_sigill) == 0) {         /* First return only */
         /* If this traps, we will return a second time from setjmp() with 1 */
-        asm( "sha512h q0, q0, v0.2d" : : : "v0" );
+        asm ("sha512h q0, q0, v0.2d" : : : "v0");
         ret = 1;
     }
 
-    sigaction( SIGILL, &old_action, NULL );
-    sigprocmask( SIG_SETMASK, &old_mask, NULL );
+    sigaction(SIGILL, &old_action, NULL);
+    sigprocmask(SIG_SETMASK, &old_mask, NULL);
 
-    return( ret );
+    return ret;
 }
 #else
 #warning "No mechanism to detect A64_CRYPTO found, using C code only"
@@ -161,7 +161,7 @@
 #define SHA512_BLOCK_SIZE 128
 
 #if defined(MBEDTLS_SHA512_SMALLER)
-static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
+static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i)
 {
     MBEDTLS_PUT_UINT64_BE(n, b, i);
 }
@@ -169,21 +169,22 @@
 #define sha512_put_uint64_be    MBEDTLS_PUT_UINT64_BE
 #endif /* MBEDTLS_SHA512_SMALLER */
 
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
+    memset(ctx, 0, sizeof(mbedtls_sha512_context));
 }
 
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context));
 }
 
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src )
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
+                          const mbedtls_sha512_context *src)
 {
     *dst = *src;
 }
@@ -191,24 +192,26 @@
 /*
  * SHA-512 context setup
  */
-int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
+int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384)
 {
 #if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
-    if( is384 != 0 && is384 != 1 )
+    if (is384 != 0 && is384 != 1) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #elif defined(MBEDTLS_SHA512_C)
-    if( is384 != 0 )
+    if (is384 != 0) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #else /* defined MBEDTLS_SHA384_C only */
-    if( is384 == 0 )
+    if (is384 == 0) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #endif
 
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
-    if( is384 == 0 )
-    {
+    if (is384 == 0) {
 #if defined(MBEDTLS_SHA512_C)
         ctx->state[0] = UL64(0x6A09E667F3BCC908);
         ctx->state[1] = UL64(0xBB67AE8584CAA73B);
@@ -219,9 +222,7 @@
         ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
         ctx->state[7] = UL64(0x5BE0CD19137E2179);
 #endif /* MBEDTLS_SHA512_C */
-    }
-    else
-    {
+    } else {
 #if defined(MBEDTLS_SHA384_C)
         ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
         ctx->state[1] = UL64(0x629A292A367CD507);
@@ -238,7 +239,7 @@
     ctx->is384 = is384;
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_SHA512_PROCESS_ALT)
@@ -310,46 +311,45 @@
  */
 
 #if defined(__clang__) && \
-           (__clang_major__ < 13 || \
-           (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0))
+    (__clang_major__ < 13 || \
+     (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0))
 static inline uint64x2_t vsha512su0q_u64(uint64x2_t x, uint64x2_t y)
 {
-    asm( "sha512su0 %0.2D,%1.2D" : "+w" (x) : "w" (y) );
-    return( x );
+    asm ("sha512su0 %0.2D,%1.2D" : "+w" (x) : "w" (y));
+    return x;
 }
 static inline uint64x2_t vsha512su1q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
 {
-    asm( "sha512su1 %0.2D,%1.2D,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
-    return( x );
+    asm ("sha512su1 %0.2D,%1.2D,%2.2D" : "+w" (x) : "w" (y), "w" (z));
+    return x;
 }
 static inline uint64x2_t vsha512hq_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
 {
-    asm( "sha512h %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
-    return( x );
+    asm ("sha512h %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z));
+    return x;
 }
 static inline uint64x2_t vsha512h2q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
 {
-    asm( "sha512h2 %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
-    return( x );
+    asm ("sha512h2 %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z));
+    return x;
 }
 #endif  /* __clang__ etc */
 
 static size_t mbedtls_internal_sha512_process_many_a64_crypto(
-                  mbedtls_sha512_context *ctx, const uint8_t *msg, size_t len )
+    mbedtls_sha512_context *ctx, const uint8_t *msg, size_t len)
 {
-    uint64x2_t ab = vld1q_u64( &ctx->state[0] );
-    uint64x2_t cd = vld1q_u64( &ctx->state[2] );
-    uint64x2_t ef = vld1q_u64( &ctx->state[4] );
-    uint64x2_t gh = vld1q_u64( &ctx->state[6] );
+    uint64x2_t ab = vld1q_u64(&ctx->state[0]);
+    uint64x2_t cd = vld1q_u64(&ctx->state[2]);
+    uint64x2_t ef = vld1q_u64(&ctx->state[4]);
+    uint64x2_t gh = vld1q_u64(&ctx->state[6]);
 
     size_t processed = 0;
 
-    for ( ;
-          len >= SHA512_BLOCK_SIZE;
-          processed += SHA512_BLOCK_SIZE,
-                msg += SHA512_BLOCK_SIZE,
-                len -= SHA512_BLOCK_SIZE )
-    {
+    for (;
+         len >= SHA512_BLOCK_SIZE;
+         processed += SHA512_BLOCK_SIZE,
+         msg += SHA512_BLOCK_SIZE,
+         len -= SHA512_BLOCK_SIZE) {
         uint64x2_t initial_sum, sum, intermed;
 
         uint64x2_t ab_orig = ab;
@@ -357,161 +357,160 @@
         uint64x2_t ef_orig = ef;
         uint64x2_t gh_orig = gh;
 
-        uint64x2_t s0 = (uint64x2_t) vld1q_u8( msg + 16 * 0 );
-        uint64x2_t s1 = (uint64x2_t) vld1q_u8( msg + 16 * 1 );
-        uint64x2_t s2 = (uint64x2_t) vld1q_u8( msg + 16 * 2 );
-        uint64x2_t s3 = (uint64x2_t) vld1q_u8( msg + 16 * 3 );
-        uint64x2_t s4 = (uint64x2_t) vld1q_u8( msg + 16 * 4 );
-        uint64x2_t s5 = (uint64x2_t) vld1q_u8( msg + 16 * 5 );
-        uint64x2_t s6 = (uint64x2_t) vld1q_u8( msg + 16 * 6 );
-        uint64x2_t s7 = (uint64x2_t) vld1q_u8( msg + 16 * 7 );
+        uint64x2_t s0 = (uint64x2_t) vld1q_u8(msg + 16 * 0);
+        uint64x2_t s1 = (uint64x2_t) vld1q_u8(msg + 16 * 1);
+        uint64x2_t s2 = (uint64x2_t) vld1q_u8(msg + 16 * 2);
+        uint64x2_t s3 = (uint64x2_t) vld1q_u8(msg + 16 * 3);
+        uint64x2_t s4 = (uint64x2_t) vld1q_u8(msg + 16 * 4);
+        uint64x2_t s5 = (uint64x2_t) vld1q_u8(msg + 16 * 5);
+        uint64x2_t s6 = (uint64x2_t) vld1q_u8(msg + 16 * 6);
+        uint64x2_t s7 = (uint64x2_t) vld1q_u8(msg + 16 * 7);
 
 #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__  /* assume LE if these not defined; untested on BE */
-        s0 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s0 ) ) );
-        s1 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s1 ) ) );
-        s2 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s2 ) ) );
-        s3 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s3 ) ) );
-        s4 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s4 ) ) );
-        s5 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s5 ) ) );
-        s6 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s6 ) ) );
-        s7 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s7 ) ) );
+        s0 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s0)));
+        s1 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s1)));
+        s2 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s2)));
+        s3 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s3)));
+        s4 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s4)));
+        s5 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s5)));
+        s6 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s6)));
+        s7 = vreinterpretq_u64_u8(vrev64q_u8(vreinterpretq_u8_u64(s7)));
 #endif
 
         /* Rounds 0 and 1 */
-        initial_sum = vaddq_u64( s0, vld1q_u64( &K[0] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
-        intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
-        gh = vsha512h2q_u64( intermed, cd, ab );
-        cd = vaddq_u64( cd, intermed );
+        initial_sum = vaddq_u64(s0, vld1q_u64(&K[0]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), gh);
+        intermed = vsha512hq_u64(sum, vextq_u64(ef, gh, 1), vextq_u64(cd, ef, 1));
+        gh = vsha512h2q_u64(intermed, cd, ab);
+        cd = vaddq_u64(cd, intermed);
 
         /* Rounds 2 and 3 */
-        initial_sum = vaddq_u64( s1, vld1q_u64( &K[2] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
-        intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
-        ef = vsha512h2q_u64( intermed, ab, gh );
-        ab = vaddq_u64( ab, intermed );
+        initial_sum = vaddq_u64(s1, vld1q_u64(&K[2]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ef);
+        intermed = vsha512hq_u64(sum, vextq_u64(cd, ef, 1), vextq_u64(ab, cd, 1));
+        ef = vsha512h2q_u64(intermed, ab, gh);
+        ab = vaddq_u64(ab, intermed);
 
         /* Rounds 4 and 5 */
-        initial_sum = vaddq_u64( s2, vld1q_u64( &K[4] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
-        intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
-        cd = vsha512h2q_u64( intermed, gh, ef );
-        gh = vaddq_u64( gh, intermed );
+        initial_sum = vaddq_u64(s2, vld1q_u64(&K[4]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), cd);
+        intermed = vsha512hq_u64(sum, vextq_u64(ab, cd, 1), vextq_u64(gh, ab, 1));
+        cd = vsha512h2q_u64(intermed, gh, ef);
+        gh = vaddq_u64(gh, intermed);
 
         /* Rounds 6 and 7 */
-        initial_sum = vaddq_u64( s3, vld1q_u64( &K[6] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
-        intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
-        ab = vsha512h2q_u64( intermed, ef, cd );
-        ef = vaddq_u64( ef, intermed );
+        initial_sum = vaddq_u64(s3, vld1q_u64(&K[6]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ab);
+        intermed = vsha512hq_u64(sum, vextq_u64(gh, ab, 1), vextq_u64(ef, gh, 1));
+        ab = vsha512h2q_u64(intermed, ef, cd);
+        ef = vaddq_u64(ef, intermed);
 
         /* Rounds 8 and 9 */
-        initial_sum = vaddq_u64( s4, vld1q_u64( &K[8] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
-        intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
-        gh = vsha512h2q_u64( intermed, cd, ab );
-        cd = vaddq_u64( cd, intermed );
+        initial_sum = vaddq_u64(s4, vld1q_u64(&K[8]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), gh);
+        intermed = vsha512hq_u64(sum, vextq_u64(ef, gh, 1), vextq_u64(cd, ef, 1));
+        gh = vsha512h2q_u64(intermed, cd, ab);
+        cd = vaddq_u64(cd, intermed);
 
         /* Rounds 10 and 11 */
-        initial_sum = vaddq_u64( s5, vld1q_u64( &K[10] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
-        intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
-        ef = vsha512h2q_u64( intermed, ab, gh );
-        ab = vaddq_u64( ab, intermed );
+        initial_sum = vaddq_u64(s5, vld1q_u64(&K[10]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ef);
+        intermed = vsha512hq_u64(sum, vextq_u64(cd, ef, 1), vextq_u64(ab, cd, 1));
+        ef = vsha512h2q_u64(intermed, ab, gh);
+        ab = vaddq_u64(ab, intermed);
 
         /* Rounds 12 and 13 */
-        initial_sum = vaddq_u64( s6, vld1q_u64( &K[12] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
-        intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
-        cd = vsha512h2q_u64( intermed, gh, ef );
-        gh = vaddq_u64( gh, intermed );
+        initial_sum = vaddq_u64(s6, vld1q_u64(&K[12]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), cd);
+        intermed = vsha512hq_u64(sum, vextq_u64(ab, cd, 1), vextq_u64(gh, ab, 1));
+        cd = vsha512h2q_u64(intermed, gh, ef);
+        gh = vaddq_u64(gh, intermed);
 
         /* Rounds 14 and 15 */
-        initial_sum = vaddq_u64( s7, vld1q_u64( &K[14] ) );
-        sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
-        intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
-        ab = vsha512h2q_u64( intermed, ef, cd );
-        ef = vaddq_u64( ef, intermed );
+        initial_sum = vaddq_u64(s7, vld1q_u64(&K[14]));
+        sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ab);
+        intermed = vsha512hq_u64(sum, vextq_u64(gh, ab, 1), vextq_u64(ef, gh, 1));
+        ab = vsha512h2q_u64(intermed, ef, cd);
+        ef = vaddq_u64(ef, intermed);
 
-        for ( unsigned int t = 16; t < 80; t += 16 )
-        {
+        for (unsigned int t = 16; t < 80; t += 16) {
             /* Rounds t and t + 1 */
-            s0 = vsha512su1q_u64( vsha512su0q_u64( s0, s1 ), s7, vextq_u64( s4, s5, 1 ) );
-            initial_sum = vaddq_u64( s0, vld1q_u64( &K[t] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
-            intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
-            gh = vsha512h2q_u64( intermed, cd, ab );
-            cd = vaddq_u64( cd, intermed );
+            s0 = vsha512su1q_u64(vsha512su0q_u64(s0, s1), s7, vextq_u64(s4, s5, 1));
+            initial_sum = vaddq_u64(s0, vld1q_u64(&K[t]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), gh);
+            intermed = vsha512hq_u64(sum, vextq_u64(ef, gh, 1), vextq_u64(cd, ef, 1));
+            gh = vsha512h2q_u64(intermed, cd, ab);
+            cd = vaddq_u64(cd, intermed);
 
             /* Rounds t + 2 and t + 3 */
-            s1 = vsha512su1q_u64( vsha512su0q_u64( s1, s2 ), s0, vextq_u64( s5, s6, 1 ) );
-            initial_sum = vaddq_u64( s1, vld1q_u64( &K[t + 2] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
-            intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
-            ef = vsha512h2q_u64( intermed, ab, gh );
-            ab = vaddq_u64( ab, intermed );
+            s1 = vsha512su1q_u64(vsha512su0q_u64(s1, s2), s0, vextq_u64(s5, s6, 1));
+            initial_sum = vaddq_u64(s1, vld1q_u64(&K[t + 2]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ef);
+            intermed = vsha512hq_u64(sum, vextq_u64(cd, ef, 1), vextq_u64(ab, cd, 1));
+            ef = vsha512h2q_u64(intermed, ab, gh);
+            ab = vaddq_u64(ab, intermed);
 
             /* Rounds t + 4 and t + 5 */
-            s2 = vsha512su1q_u64( vsha512su0q_u64( s2, s3 ), s1, vextq_u64( s6, s7, 1 ) );
-            initial_sum = vaddq_u64( s2, vld1q_u64( &K[t + 4] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
-            intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
-            cd = vsha512h2q_u64( intermed, gh, ef );
-            gh = vaddq_u64( gh, intermed );
+            s2 = vsha512su1q_u64(vsha512su0q_u64(s2, s3), s1, vextq_u64(s6, s7, 1));
+            initial_sum = vaddq_u64(s2, vld1q_u64(&K[t + 4]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), cd);
+            intermed = vsha512hq_u64(sum, vextq_u64(ab, cd, 1), vextq_u64(gh, ab, 1));
+            cd = vsha512h2q_u64(intermed, gh, ef);
+            gh = vaddq_u64(gh, intermed);
 
             /* Rounds t + 6 and t + 7 */
-            s3 = vsha512su1q_u64( vsha512su0q_u64( s3, s4 ), s2, vextq_u64( s7, s0, 1 ) );
-            initial_sum = vaddq_u64( s3, vld1q_u64( &K[t + 6] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
-            intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
-            ab = vsha512h2q_u64( intermed, ef, cd );
-            ef = vaddq_u64( ef, intermed );
+            s3 = vsha512su1q_u64(vsha512su0q_u64(s3, s4), s2, vextq_u64(s7, s0, 1));
+            initial_sum = vaddq_u64(s3, vld1q_u64(&K[t + 6]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ab);
+            intermed = vsha512hq_u64(sum, vextq_u64(gh, ab, 1), vextq_u64(ef, gh, 1));
+            ab = vsha512h2q_u64(intermed, ef, cd);
+            ef = vaddq_u64(ef, intermed);
 
             /* Rounds t + 8 and t + 9 */
-            s4 = vsha512su1q_u64( vsha512su0q_u64( s4, s5 ), s3, vextq_u64( s0, s1, 1 ) );
-            initial_sum = vaddq_u64( s4, vld1q_u64( &K[t + 8] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
-            intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
-            gh = vsha512h2q_u64( intermed, cd, ab );
-            cd = vaddq_u64( cd, intermed );
+            s4 = vsha512su1q_u64(vsha512su0q_u64(s4, s5), s3, vextq_u64(s0, s1, 1));
+            initial_sum = vaddq_u64(s4, vld1q_u64(&K[t + 8]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), gh);
+            intermed = vsha512hq_u64(sum, vextq_u64(ef, gh, 1), vextq_u64(cd, ef, 1));
+            gh = vsha512h2q_u64(intermed, cd, ab);
+            cd = vaddq_u64(cd, intermed);
 
             /* Rounds t + 10 and t + 11 */
-            s5 = vsha512su1q_u64( vsha512su0q_u64( s5, s6 ), s4, vextq_u64( s1, s2, 1 ) );
-            initial_sum = vaddq_u64( s5, vld1q_u64( &K[t + 10] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
-            intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
-            ef = vsha512h2q_u64( intermed, ab, gh );
-            ab = vaddq_u64( ab, intermed );
+            s5 = vsha512su1q_u64(vsha512su0q_u64(s5, s6), s4, vextq_u64(s1, s2, 1));
+            initial_sum = vaddq_u64(s5, vld1q_u64(&K[t + 10]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ef);
+            intermed = vsha512hq_u64(sum, vextq_u64(cd, ef, 1), vextq_u64(ab, cd, 1));
+            ef = vsha512h2q_u64(intermed, ab, gh);
+            ab = vaddq_u64(ab, intermed);
 
             /* Rounds t + 12 and t + 13 */
-            s6 = vsha512su1q_u64( vsha512su0q_u64( s6, s7 ), s5, vextq_u64( s2, s3, 1 ) );
-            initial_sum = vaddq_u64( s6, vld1q_u64( &K[t + 12] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
-            intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
-            cd = vsha512h2q_u64( intermed, gh, ef );
-            gh = vaddq_u64( gh, intermed );
+            s6 = vsha512su1q_u64(vsha512su0q_u64(s6, s7), s5, vextq_u64(s2, s3, 1));
+            initial_sum = vaddq_u64(s6, vld1q_u64(&K[t + 12]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), cd);
+            intermed = vsha512hq_u64(sum, vextq_u64(ab, cd, 1), vextq_u64(gh, ab, 1));
+            cd = vsha512h2q_u64(intermed, gh, ef);
+            gh = vaddq_u64(gh, intermed);
 
             /* Rounds t + 14 and t + 15 */
-            s7 = vsha512su1q_u64( vsha512su0q_u64( s7, s0 ), s6, vextq_u64( s3, s4, 1 ) );
-            initial_sum = vaddq_u64( s7, vld1q_u64( &K[t + 14] ) );
-            sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
-            intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
-            ab = vsha512h2q_u64( intermed, ef, cd );
-            ef = vaddq_u64( ef, intermed );
+            s7 = vsha512su1q_u64(vsha512su0q_u64(s7, s0), s6, vextq_u64(s3, s4, 1));
+            initial_sum = vaddq_u64(s7, vld1q_u64(&K[t + 14]));
+            sum = vaddq_u64(vextq_u64(initial_sum, initial_sum, 1), ab);
+            intermed = vsha512hq_u64(sum, vextq_u64(gh, ab, 1), vextq_u64(ef, gh, 1));
+            ab = vsha512h2q_u64(intermed, ef, cd);
+            ef = vaddq_u64(ef, intermed);
         }
 
-        ab = vaddq_u64( ab, ab_orig );
-        cd = vaddq_u64( cd, cd_orig );
-        ef = vaddq_u64( ef, ef_orig );
-        gh = vaddq_u64( gh, gh_orig );
+        ab = vaddq_u64(ab, ab_orig);
+        cd = vaddq_u64(cd, cd_orig);
+        ef = vaddq_u64(ef, ef_orig);
+        gh = vaddq_u64(gh, gh_orig);
     }
 
-    vst1q_u64( &ctx->state[0], ab );
-    vst1q_u64( &ctx->state[2], cd );
-    vst1q_u64( &ctx->state[4], ef );
-    vst1q_u64( &ctx->state[6], gh );
+    vst1q_u64(&ctx->state[0], ab);
+    vst1q_u64(&ctx->state[2], cd);
+    vst1q_u64(&ctx->state[4], ef);
+    vst1q_u64(&ctx->state[6], gh);
 
-    return( processed );
+    return processed;
 }
 
 #if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
@@ -521,11 +520,12 @@
  */
 static
 #endif
-int mbedtls_internal_sha512_process_a64_crypto( mbedtls_sha512_context *ctx,
-                              const unsigned char data[SHA512_BLOCK_SIZE] )
+int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx,
+                                               const unsigned char data[SHA512_BLOCK_SIZE])
 {
-    return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, data,
-                SHA512_BLOCK_SIZE ) == SHA512_BLOCK_SIZE ) ? 0 : -1;
+    return (mbedtls_internal_sha512_process_many_a64_crypto(ctx, data,
+                                                            SHA512_BLOCK_SIZE) ==
+            SHA512_BLOCK_SIZE) ? 0 : -1;
 }
 
 #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
@@ -546,54 +546,50 @@
  */
 static
 #endif
-int mbedtls_internal_sha512_process_c( mbedtls_sha512_context *ctx,
-                                       const unsigned char data[SHA512_BLOCK_SIZE] )
+int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx,
+                                      const unsigned char data[SHA512_BLOCK_SIZE])
 {
     int i;
-    struct
-    {
+    struct {
         uint64_t temp1, temp2, W[80];
         uint64_t A[8];
     } local;
 
-#define  SHR(x,n) ((x) >> (n))
-#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
+#define  SHR(x, n) ((x) >> (n))
+#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n))))
 
 #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^  SHR(x, 7))
-#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^  SHR(x, 6))
+#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^  SHR(x, 6))
 
-#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
+#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
 
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
+#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
 
-#define P(a,b,c,d,e,f,g,h,x,K)                                      \
+#define P(a, b, c, d, e, f, g, h, x, K)                                      \
     do                                                              \
     {                                                               \
-        local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x);    \
-        local.temp2 = S2(a) + F0((a),(b),(c));                      \
+        local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x);    \
+        local.temp2 = S2(a) + F0((a), (b), (c));                      \
         (d) += local.temp1; (h) = local.temp1 + local.temp2;        \
-    } while( 0 )
+    } while (0)
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
         local.A[i] = ctx->state[i];
+    }
 
 #if defined(MBEDTLS_SHA512_SMALLER)
-    for( i = 0; i < 80; i++ )
-    {
-        if( i < 16 )
-        {
-            local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
-        }
-        else
-        {
+    for (i = 0; i < 80; i++) {
+        if (i < 16) {
+            local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
+        } else {
             local.W[i] = S1(local.W[i -  2]) + local.W[i -  7] +
-                   S0(local.W[i - 15]) + local.W[i - 16];
+                         S0(local.W[i - 15]) + local.W[i - 16];
         }
 
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
+        P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+          local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
 
         local.temp1 = local.A[7]; local.A[7] = local.A[6];
         local.A[6] = local.A[5]; local.A[5] = local.A[4];
@@ -602,47 +598,44 @@
         local.A[0] = local.temp1;
     }
 #else /* MBEDTLS_SHA512_SMALLER */
-    for( i = 0; i < 16; i++ )
-    {
-        local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
+    for (i = 0; i < 16; i++) {
+        local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
     }
 
-    for( ; i < 80; i++ )
-    {
+    for (; i < 80; i++) {
         local.W[i] = S1(local.W[i -  2]) + local.W[i -  7] +
-               S0(local.W[i - 15]) + local.W[i - 16];
+                     S0(local.W[i - 15]) + local.W[i - 16];
     }
 
     i = 0;
-    do
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); i++;
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], local.W[i], K[i] ); i++;
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], local.W[i], K[i] ); i++;
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], local.W[i], K[i] ); i++;
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], local.W[i], K[i] ); i++;
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], local.W[i], K[i] ); i++;
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], local.W[i], K[i] ); i++;
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], local.W[i], K[i] ); i++;
-    }
-    while( i < 80 );
+    do {
+        P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
+          local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++;
+        P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
+          local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++;
+        P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
+          local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++;
+        P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
+          local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++;
+        P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
+          local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++;
+        P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
+          local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++;
+        P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
+          local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++;
+        P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
+          local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++;
+    } while (i < 80);
 #endif /* MBEDTLS_SHA512_SMALLER */
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
         ctx->state[i] += local.A[i];
+    }
 
     /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
+    mbedtls_platform_zeroize(&local, sizeof(local));
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA512_PROCESS_ALT && !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
@@ -651,14 +644,14 @@
 #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
 
 static size_t mbedtls_internal_sha512_process_many_c(
-                  mbedtls_sha512_context *ctx, const uint8_t *data, size_t len)
+    mbedtls_sha512_context *ctx, const uint8_t *data, size_t len)
 {
     size_t processed = 0;
 
-    while( len >= SHA512_BLOCK_SIZE )
-    {
-        if( mbedtls_internal_sha512_process_c( ctx, data ) != 0)
-            return( 0 );
+    while (len >= SHA512_BLOCK_SIZE) {
+        if (mbedtls_internal_sha512_process_c(ctx, data) != 0) {
+            return 0;
+        }
 
         data += SHA512_BLOCK_SIZE;
         len  -= SHA512_BLOCK_SIZE;
@@ -666,7 +659,7 @@
         processed += SHA512_BLOCK_SIZE;
     }
 
-    return( processed );
+    return processed;
 }
 
 #endif /* !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
@@ -674,36 +667,37 @@
 
 #if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
 
-static int mbedtls_a64_crypto_sha512_has_support( void )
+static int mbedtls_a64_crypto_sha512_has_support(void)
 {
     static int done = 0;
     static int supported = 0;
 
-    if( !done )
-    {
+    if (!done) {
         supported = mbedtls_a64_crypto_sha512_determine_support();
         done = 1;
     }
 
-    return( supported );
+    return supported;
 }
 
-static size_t mbedtls_internal_sha512_process_many( mbedtls_sha512_context *ctx,
-                  const uint8_t *msg, size_t len )
+static size_t mbedtls_internal_sha512_process_many(mbedtls_sha512_context *ctx,
+                                                   const uint8_t *msg, size_t len)
 {
-    if( mbedtls_a64_crypto_sha512_has_support() )
-        return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, msg, len ) );
-    else
-        return( mbedtls_internal_sha512_process_many_c( ctx, msg, len ) );
+    if (mbedtls_a64_crypto_sha512_has_support()) {
+        return mbedtls_internal_sha512_process_many_a64_crypto(ctx, msg, len);
+    } else {
+        return mbedtls_internal_sha512_process_many_c(ctx, msg, len);
+    }
 }
 
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-        const unsigned char data[SHA512_BLOCK_SIZE] )
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
+                                    const unsigned char data[SHA512_BLOCK_SIZE])
 {
-    if( mbedtls_a64_crypto_sha512_has_support() )
-        return( mbedtls_internal_sha512_process_a64_crypto( ctx, data ) );
-    else
-        return( mbedtls_internal_sha512_process_c( ctx, data ) );
+    if (mbedtls_a64_crypto_sha512_has_support()) {
+        return mbedtls_internal_sha512_process_a64_crypto(ctx, data);
+    } else {
+        return mbedtls_internal_sha512_process_c(ctx, data);
+    }
 }
 
 #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
@@ -711,59 +705,62 @@
 /*
  * SHA-512 process buffer
  */
-int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
+int mbedtls_sha512_update(mbedtls_sha512_context *ctx,
+                          const unsigned char *input,
+                          size_t ilen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t fill;
     unsigned int left;
 
-    if( ilen == 0 )
-        return( 0 );
+    if (ilen == 0) {
+        return 0;
+    }
 
     left = (unsigned int) (ctx->total[0] & 0x7F);
     fill = SHA512_BLOCK_SIZE - left;
 
     ctx->total[0] += (uint64_t) ilen;
 
-    if( ctx->total[0] < (uint64_t) ilen )
+    if (ctx->total[0] < (uint64_t) ilen) {
         ctx->total[1]++;
+    }
 
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
+    if (left && ilen >= fill) {
+        memcpy((void *) (ctx->buffer + left), input, fill);
 
-        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
         left = 0;
     }
 
-    while( ilen >= SHA512_BLOCK_SIZE )
-    {
+    while (ilen >= SHA512_BLOCK_SIZE) {
         size_t processed =
-            mbedtls_internal_sha512_process_many( ctx, input, ilen );
-        if( processed < SHA512_BLOCK_SIZE )
-            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+            mbedtls_internal_sha512_process_many(ctx, input, ilen);
+        if (processed < SHA512_BLOCK_SIZE) {
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+        }
 
         input += processed;
         ilen  -= processed;
     }
 
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    if (ilen > 0) {
+        memcpy((void *) (ctx->buffer + left), input, ilen);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * SHA-512 final digest
  */
-int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                               unsigned char *output )
+int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
+                          unsigned char *output)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned used;
@@ -776,56 +773,54 @@
 
     ctx->buffer[used++] = 0x80;
 
-    if( used <= 112 )
-    {
+    if (used <= 112) {
         /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 112 - used );
-    }
-    else
-    {
+        memset(ctx->buffer + used, 0, 112 - used);
+    } else {
         /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used );
+        memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used);
 
-        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+            return ret;
+        }
 
-        memset( ctx->buffer, 0, 112 );
+        memset(ctx->buffer, 0, 112);
     }
 
     /*
      * Add message length
      */
-    high = ( ctx->total[0] >> 61 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
+    high = (ctx->total[0] >> 61)
+           | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
 
-    sha512_put_uint64_be( high, ctx->buffer, 112 );
-    sha512_put_uint64_be( low,  ctx->buffer, 120 );
+    sha512_put_uint64_be(high, ctx->buffer, 112);
+    sha512_put_uint64_be(low,  ctx->buffer, 120);
 
-    if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
+        return ret;
+    }
 
     /*
      * Output final state
      */
-    sha512_put_uint64_be( ctx->state[0], output,  0 );
-    sha512_put_uint64_be( ctx->state[1], output,  8 );
-    sha512_put_uint64_be( ctx->state[2], output, 16 );
-    sha512_put_uint64_be( ctx->state[3], output, 24 );
-    sha512_put_uint64_be( ctx->state[4], output, 32 );
-    sha512_put_uint64_be( ctx->state[5], output, 40 );
+    sha512_put_uint64_be(ctx->state[0], output,  0);
+    sha512_put_uint64_be(ctx->state[1], output,  8);
+    sha512_put_uint64_be(ctx->state[2], output, 16);
+    sha512_put_uint64_be(ctx->state[3], output, 24);
+    sha512_put_uint64_be(ctx->state[4], output, 32);
+    sha512_put_uint64_be(ctx->state[5], output, 40);
 
     int truncated = 0;
 #if defined(MBEDTLS_SHA384_C)
     truncated = ctx->is384;
 #endif
-    if( !truncated )
-    {
-        sha512_put_uint64_be( ctx->state[6], output, 48 );
-        sha512_put_uint64_be( ctx->state[7], output, 56 );
+    if (!truncated) {
+        sha512_put_uint64_be(ctx->state[6], output, 48);
+        sha512_put_uint64_be(ctx->state[7], output, 56);
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* !MBEDTLS_SHA512_ALT */
@@ -833,40 +828,46 @@
 /*
  * output = SHA-512( input buffer )
  */
-int mbedtls_sha512( const unsigned char *input,
-                    size_t ilen,
-                    unsigned char *output,
-                    int is384 )
+int mbedtls_sha512(const unsigned char *input,
+                   size_t ilen,
+                   unsigned char *output,
+                   int is384)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha512_context ctx;
 
 #if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
-    if( is384 != 0 && is384 != 1 )
+    if (is384 != 0 && is384 != 1) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #elif defined(MBEDTLS_SHA512_C)
-    if( is384 != 0 )
+    if (is384 != 0) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #else /* defined MBEDTLS_SHA384_C only */
-    if( is384 == 0 )
+    if (is384 == 0) {
         return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
+    }
 #endif
 
-    mbedtls_sha512_init( &ctx );
+    mbedtls_sha512_init(&ctx);
 
-    if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
+    if ((ret = mbedtls_sha512_starts(&ctx, is384)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha512_update( &ctx, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_sha512_update(&ctx, input, ilen)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = mbedtls_sha512_finish( &ctx, output ) ) != 0 )
+    if ((ret = mbedtls_sha512_finish(&ctx, output)) != 0) {
         goto exit;
+    }
 
 exit:
-    mbedtls_sha512_free( &ctx );
+    mbedtls_sha512_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -877,7 +878,9 @@
 static const unsigned char sha_test_buf[3][113] =
 {
     { "abc" },
-    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
+    {
+        "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+    },
     { "" }
 };
 
@@ -948,9 +951,9 @@
 };
 #endif /* MBEDTLS_SHA512_C */
 
-#define ARRAY_LENGTH( a )   ( sizeof( a ) / sizeof( ( a )[0] ) )
+#define ARRAY_LENGTH(a)   (sizeof(a) / sizeof((a)[0]))
 
-static int mbedtls_sha512_common_self_test( int verbose, int is384 )
+static int mbedtls_sha512_common_self_test(int verbose, int is384)
 {
     int i, buflen, ret = 0;
     unsigned char *buf;
@@ -958,91 +961,93 @@
     mbedtls_sha512_context ctx;
 
 #if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
-    sha_test_sum_t* sha_test_sum = ( is384 ) ? sha384_test_sum : sha512_test_sum;
+    sha_test_sum_t *sha_test_sum = (is384) ? sha384_test_sum : sha512_test_sum;
 #elif defined(MBEDTLS_SHA512_C)
-    sha_test_sum_t* sha_test_sum = sha512_test_sum;
+    sha_test_sum_t *sha_test_sum = sha512_test_sum;
 #else
-    sha_test_sum_t* sha_test_sum = sha384_test_sum;
+    sha_test_sum_t *sha_test_sum = sha384_test_sum;
 #endif
 
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
+    buf = mbedtls_calloc(1024, sizeof(unsigned char));
+    if (NULL == buf) {
+        if (verbose != 0) {
+            mbedtls_printf("Buffer allocation failed\n");
+        }
 
-        return( 1 );
+        return 1;
     }
 
-    mbedtls_sha512_init( &ctx );
+    mbedtls_sha512_init(&ctx);
 
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 512 - is384 * 128, i + 1 );
+    for (i = 0; i < 3; i++) {
+        if (verbose != 0) {
+            mbedtls_printf("  SHA-%d test #%d: ", 512 - is384 * 128, i + 1);
+        }
 
-        if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
+        if ((ret = mbedtls_sha512_starts(&ctx, is384)) != 0) {
             goto fail;
+        }
 
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
+        if (i == 2) {
+            memset(buf, 'a', buflen = 1000);
 
-            for( int j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha512_update( &ctx, buf, buflen );
-                if( ret != 0 )
+            for (int j = 0; j < 1000; j++) {
+                ret = mbedtls_sha512_update(&ctx, buf, buflen);
+                if (ret != 0) {
                     goto fail;
+                }
+            }
+        } else {
+            ret = mbedtls_sha512_update(&ctx, sha_test_buf[i],
+                                        sha_test_buflen[i]);
+            if (ret != 0) {
+                goto fail;
             }
         }
-        else
-        {
-            ret = mbedtls_sha512_update( &ctx, sha_test_buf[i],
-                                             sha_test_buflen[i] );
-            if( ret != 0 )
-                goto fail;
+
+        if ((ret = mbedtls_sha512_finish(&ctx, sha512sum)) != 0) {
+            goto fail;
         }
 
-        if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha512sum, sha_test_sum[i], 64 - is384 * 16 ) != 0 )
-        {
+        if (memcmp(sha512sum, sha_test_sum[i], 64 - is384 * 16) != 0) {
             ret = 1;
             goto fail;
         }
 
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
+        if (verbose != 0) {
+            mbedtls_printf("passed\n");
+        }
     }
 
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
+    if (verbose != 0) {
+        mbedtls_printf("\n");
+    }
 
     goto exit;
 
 fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
+    if (verbose != 0) {
+        mbedtls_printf("failed\n");
+    }
 
 exit:
-    mbedtls_sha512_free( &ctx );
-    mbedtls_free( buf );
+    mbedtls_sha512_free(&ctx);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SHA512_C)
-int mbedtls_sha512_self_test( int verbose )
+int mbedtls_sha512_self_test(int verbose)
 {
-    return mbedtls_sha512_common_self_test( verbose, 0 );
+    return mbedtls_sha512_common_self_test(verbose, 0);
 }
 #endif /* MBEDTLS_SHA512_C */
 
 #if defined(MBEDTLS_SHA384_C)
-int mbedtls_sha384_self_test( int verbose )
+int mbedtls_sha384_self_test(int verbose)
 {
-    return mbedtls_sha512_common_self_test( verbose, 1 );
+    return mbedtls_sha512_common_self_test(verbose, 1);
 }
 #endif /* MBEDTLS_SHA384_C */
 
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 8405d27..7c16e10 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -32,101 +32,103 @@
 
 #include <string.h>
 
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache)
 {
-    memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
+    memset(cache, 0, sizeof(mbedtls_ssl_cache_context));
 
     cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
     cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &cache->mutex );
+    mbedtls_mutex_init(&cache->mutex);
 #endif
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cache_find_entry( mbedtls_ssl_cache_context *cache,
-                                 unsigned char const *session_id,
-                                 size_t session_id_len,
-                                 mbedtls_ssl_cache_entry **dst )
+static int ssl_cache_find_entry(mbedtls_ssl_cache_context *cache,
+                                unsigned char const *session_id,
+                                size_t session_id_len,
+                                mbedtls_ssl_cache_entry **dst)
 {
     int ret = 1;
 #if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL );
+    mbedtls_time_t t = mbedtls_time(NULL);
 #endif
     mbedtls_ssl_cache_entry *cur;
 
-    for( cur = cache->chain; cur != NULL; cur = cur->next )
-    {
+    for (cur = cache->chain; cur != NULL; cur = cur->next) {
 #if defined(MBEDTLS_HAVE_TIME)
-        if( cache->timeout != 0 &&
-            (int) ( t - cur->timestamp ) > cache->timeout )
+        if (cache->timeout != 0 &&
+            (int) (t - cur->timestamp) > cache->timeout) {
             continue;
+        }
 #endif
 
-        if( session_id_len != cur->session_id_len ||
-            memcmp( session_id, cur->session_id,
-                    cur->session_id_len ) != 0 )
-        {
+        if (session_id_len != cur->session_id_len ||
+            memcmp(session_id, cur->session_id,
+                   cur->session_id_len) != 0) {
             continue;
         }
 
         break;
     }
 
-    if( cur != NULL )
-    {
+    if (cur != NULL) {
         *dst = cur;
         ret = 0;
     }
 
-    return( ret );
+    return ret;
 }
 
 
-int mbedtls_ssl_cache_get( void *data,
-                           unsigned char const *session_id,
-                           size_t session_id_len,
-                           mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_get(void *data,
+                          unsigned char const *session_id,
+                          size_t session_id_len,
+                          mbedtls_ssl_session *session)
 {
     int ret = 1;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
     mbedtls_ssl_cache_entry *entry;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
-        return( 1 );
+    if (mbedtls_mutex_lock(&cache->mutex) != 0) {
+        return 1;
+    }
 #endif
 
-    ret = ssl_cache_find_entry( cache, session_id, session_id_len, &entry );
-    if( ret != 0 )
+    ret = ssl_cache_find_entry(cache, session_id, session_id_len, &entry);
+    if (ret != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_ssl_session_load( session,
-                                    entry->session,
-                                    entry->session_len );
-    if( ret != 0 )
+    ret = mbedtls_ssl_session_load(session,
+                                   entry->session,
+                                   entry->session_len);
+    if (ret != 0) {
         goto exit;
+    }
 
     ret = 0;
 
 exit:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
         ret = 1;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cache_pick_writing_slot( mbedtls_ssl_cache_context *cache,
-                                        unsigned char const *session_id,
-                                        size_t session_id_len,
-                                        mbedtls_ssl_cache_entry **dst )
+static int ssl_cache_pick_writing_slot(mbedtls_ssl_cache_context *cache,
+                                       unsigned char const *session_id,
+                                       size_t session_id_len,
+                                       mbedtls_ssl_cache_entry **dst)
 {
 #if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
+    mbedtls_time_t t = mbedtls_time(NULL), oldest = 0;
 #endif /* MBEDTLS_HAVE_TIME */
 
     mbedtls_ssl_cache_entry *old = NULL;
@@ -142,12 +144,10 @@
      * entry, both of which will be used later. */
 
     last = NULL;
-    for( cur = cache->chain; cur != NULL; cur = cur->next )
-    {
+    for (cur = cache->chain; cur != NULL; cur = cur->next) {
         count++;
-        if( session_id_len == cur->session_id_len &&
-            memcmp( session_id, cur->session_id, cur->session_id_len ) == 0 )
-        {
+        if (session_id_len == cur->session_id_len &&
+            memcmp(session_id, cur->session_id, cur->session_id_len) == 0) {
             goto found;
         }
         last = cur;
@@ -161,16 +161,13 @@
      */
 
 #if defined(MBEDTLS_HAVE_TIME)
-    for( cur = cache->chain; cur != NULL; cur = cur->next )
-    {
-        if( cache->timeout != 0 &&
-            (int) ( t - cur->timestamp ) > cache->timeout )
-        {
+    for (cur = cache->chain; cur != NULL; cur = cur->next) {
+        if (cache->timeout != 0 &&
+            (int) (t - cur->timestamp) > cache->timeout) {
             goto found;
         }
 
-        if( oldest == 0 || cur->timestamp < oldest )
-        {
+        if (oldest == 0 || cur->timestamp < oldest) {
             oldest = cur->timestamp;
             old = cur;
         }
@@ -179,18 +176,19 @@
 
     /* Check 3: Is there free space in the cache? */
 
-    if( count < cache->max_entries )
-    {
+    if (count < cache->max_entries) {
         /* Create new entry */
-        cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
-        if( cur == NULL )
-            return( 1 );
+        cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry));
+        if (cur == NULL) {
+            return 1;
+        }
 
         /* Append to the end of the linked list. */
-        if( last == NULL )
+        if (last == NULL) {
             cache->chain = cur;
-        else
+        } else {
             last->next = cur;
+        }
 
         goto found;
     }
@@ -200,16 +198,16 @@
      * (if present) or cache-order. */
 
 #if defined(MBEDTLS_HAVE_TIME)
-    if( old == NULL )
-    {
+    if (old == NULL) {
         /* This should only happen on an ill-configured cache
          * with max_entries == 0. */
-        return( 1 );
+        return 1;
     }
 #else /* MBEDTLS_HAVE_TIME */
     /* Reuse first entry in chain, but move to last place. */
-    if( cache->chain == NULL )
-        return( 1 );
+    if (cache->chain == NULL) {
+        return 1;
+    }
 
     old = cache->chain;
     cache->chain = old->next;
@@ -227,23 +225,22 @@
 #endif
 
     /* If we're reusing an entry, free it first. */
-    if( cur->session != NULL )
-    {
-        mbedtls_free( cur->session );
+    if (cur->session != NULL) {
+        mbedtls_free(cur->session);
         cur->session = NULL;
         cur->session_len = 0;
-        memset( cur->session_id, 0, sizeof( cur->session_id ) );
+        memset(cur->session_id, 0, sizeof(cur->session_id));
         cur->session_id_len = 0;
     }
 
     *dst = cur;
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_cache_set( void *data,
-                           unsigned char const *session_id,
-                           size_t session_id_len,
-                           const mbedtls_ssl_session *session )
+int mbedtls_ssl_cache_set(void *data,
+                          unsigned char const *session_id,
+                          size_t session_id_len,
+                          const mbedtls_ssl_session *session)
 {
     int ret = 1;
     mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
@@ -253,47 +250,47 @@
     unsigned char *session_serialized = NULL;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    ret = ssl_cache_pick_writing_slot( cache,
-                                       session_id, session_id_len,
-                                       &cur );
-    if( ret != 0 )
+    ret = ssl_cache_pick_writing_slot(cache,
+                                      session_id, session_id_len,
+                                      &cur);
+    if (ret != 0) {
         goto exit;
+    }
 
     /* Check how much space we need to serialize the session
      * and allocate a sufficiently large buffer. */
-    ret = mbedtls_ssl_session_save( session, NULL, 0, &session_serialized_len );
-    if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
-    {
+    ret = mbedtls_ssl_session_save(session, NULL, 0, &session_serialized_len);
+    if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
         ret = 1;
         goto exit;
     }
 
-    session_serialized = mbedtls_calloc( 1, session_serialized_len );
-    if( session_serialized == NULL )
-    {
+    session_serialized = mbedtls_calloc(1, session_serialized_len);
+    if (session_serialized == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto exit;
     }
 
     /* Now serialize the session into the allocated buffer. */
-    ret = mbedtls_ssl_session_save( session,
-                                    session_serialized,
-                                    session_serialized_len,
-                                    &session_serialized_len );
-    if( ret != 0 )
+    ret = mbedtls_ssl_session_save(session,
+                                   session_serialized,
+                                   session_serialized_len,
+                                   &session_serialized_len);
+    if (ret != 0) {
         goto exit;
+    }
 
-    if( session_id_len > sizeof( cur->session_id ) )
-    {
+    if (session_id_len > sizeof(cur->session_id)) {
         ret = 1;
         goto exit;
     }
     cur->session_id_len = session_id_len;
-    memcpy( cur->session_id, session_id, session_id_len );
+    memcpy(cur->session_id, session_id, session_id_len);
 
     cur->session = session_serialized;
     cur->session_len = session_serialized_len;
@@ -303,53 +300,56 @@
 
 exit:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&cache->mutex) != 0) {
         ret = 1;
+    }
 #endif
 
-    if( session_serialized != NULL )
-    {
-        mbedtls_platform_zeroize( session_serialized, session_serialized_len );
-        mbedtls_free( session_serialized );
+    if (session_serialized != NULL) {
+        mbedtls_platform_zeroize(session_serialized, session_serialized_len);
+        mbedtls_free(session_serialized);
         session_serialized = NULL;
     }
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout)
 {
-    if( timeout < 0 ) timeout = 0;
+    if (timeout < 0) {
+        timeout = 0;
+    }
 
     cache->timeout = timeout;
 }
 #endif /* MBEDTLS_HAVE_TIME */
 
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max)
 {
-    if( max < 0 ) max = 0;
+    if (max < 0) {
+        max = 0;
+    }
 
     cache->max_entries = max;
 }
 
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache)
 {
     mbedtls_ssl_cache_entry *cur, *prv;
 
     cur = cache->chain;
 
-    while( cur != NULL )
-    {
+    while (cur != NULL) {
         prv = cur;
         cur = cur->next;
 
-        mbedtls_free( prv->session );
-        mbedtls_free( prv );
+        mbedtls_free(prv->session);
+        mbedtls_free(prv);
     }
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &cache->mutex );
+    mbedtls_mutex_free(&cache->mutex);
 #endif
     cache->chain = NULL;
 }
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a83527f..33789c4 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -295,30 +295,30 @@
 #if defined(MBEDTLS_GCM_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
-    MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
-    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
-    0,
-    MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
+      MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+      0,
+      MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
-    MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
-    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
-    0,
-    MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+      0,
+      MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #endif /* MBEDTLS_GCM_C */
 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
-    MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
-    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
-    0,
-    MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+      0,
+      MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
     { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
-    MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
-    MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
-    MBEDTLS_CIPHERSUITE_SHORT_TAG,
-    MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
+      MBEDTLS_CIPHERSUITE_SHORT_TAG,
+      MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CCM_C */
 #endif /* MBEDTLS_AES_C */
 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
@@ -458,13 +458,15 @@
 #if defined(MBEDTLS_CAMELLIA_C)
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+      "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+      "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -473,13 +475,15 @@
 
 #if defined(MBEDTLS_GCM_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+      "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+      "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -544,13 +548,15 @@
 #if defined(MBEDTLS_CAMELLIA_C)
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+      "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+      "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -559,13 +565,15 @@
 
 #if defined(MBEDTLS_GCM_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+      "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+      "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -849,13 +857,15 @@
 #if defined(MBEDTLS_CAMELLIA_C)
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+      "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+      "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -864,13 +874,15 @@
 
 #if defined(MBEDTLS_GCM_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+      "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+      "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -935,13 +947,15 @@
 #if defined(MBEDTLS_CAMELLIA_C)
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+      "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+      "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -950,13 +964,15 @@
 
 #if defined(MBEDTLS_GCM_C)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+      "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+      "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1211,14 +1227,16 @@
 #if defined(MBEDTLS_CAMELLIA_C)
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+      "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+      "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1445,28 +1463,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1478,28 +1498,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
+      "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
+      "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
+      "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
+      "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1511,28 +1533,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
+      "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
+      "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+      "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
+      "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1544,28 +1568,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1577,28 +1603,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1608,16 +1636,18 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
+      "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
+      "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1629,28 +1659,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1662,28 +1694,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1695,28 +1729,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+      "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+      "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+      "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+      "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1728,28 +1764,30 @@
 
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+      "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
+      "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+      "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
 #endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
+      "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
       0,
       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
@@ -1766,43 +1804,40 @@
 };
 
 #if defined(MBEDTLS_SSL_CIPHERSUITES)
-const int *mbedtls_ssl_list_ciphersuites( void )
+const int *mbedtls_ssl_list_ciphersuites(void)
 {
-    return( ciphersuite_preference );
+    return ciphersuite_preference;
 }
 #else
-#define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
-                            sizeof( ciphersuite_definitions[0]  )
+#define MAX_CIPHERSUITES    sizeof(ciphersuite_definitions) /         \
+    sizeof(ciphersuite_definitions[0])
 static int supported_ciphersuites[MAX_CIPHERSUITES];
 static int supported_init = 0;
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
+static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
 {
-    (void)cs_info;
+    (void) cs_info;
 
-    return( 0 );
+    return 0;
 }
 
-const int *mbedtls_ssl_list_ciphersuites( void )
+const int *mbedtls_ssl_list_ciphersuites(void)
 {
     /*
      * On initial call filter out all ciphersuites not supported by current
      * build based on presence in the ciphersuite_definitions.
      */
-    if( supported_init == 0 )
-    {
+    if (supported_init == 0) {
         const int *p;
         int *q;
 
-        for( p = ciphersuite_preference, q = supported_ciphersuites;
+        for (p = ciphersuite_preference, q = supported_ciphersuites;
              *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
-             p++ )
-        {
+             p++) {
             const mbedtls_ssl_ciphersuite_t *cs_info;
-            if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
-                !ciphersuite_is_removed( cs_info ) )
-            {
+            if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
+                !ciphersuite_is_removed(cs_info)) {
                 *(q++) = *p;
             }
         }
@@ -1811,69 +1846,72 @@
         supported_init = 1;
     }
 
-    return( supported_ciphersuites );
+    return supported_ciphersuites;
 }
 #endif /* MBEDTLS_SSL_CIPHERSUITES */
 
 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
-                                                const char *ciphersuite_name )
+    const char *ciphersuite_name)
 {
     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
 
-    if( NULL == ciphersuite_name )
-        return( NULL );
+    if (NULL == ciphersuite_name) {
+        return NULL;
+    }
 
-    while( cur->id != 0 )
-    {
-        if( 0 == strcmp( cur->name, ciphersuite_name ) )
-            return( cur );
+    while (cur->id != 0) {
+        if (0 == strcmp(cur->name, ciphersuite_name)) {
+            return cur;
+        }
 
         cur++;
     }
 
-    return( NULL );
+    return NULL;
 }
 
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
 {
     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
 
-    while( cur->id != 0 )
-    {
-        if( cur->id == ciphersuite )
-            return( cur );
+    while (cur->id != 0) {
+        if (cur->id == ciphersuite) {
+            return cur;
+        }
 
         cur++;
     }
 
-    return( NULL );
+    return NULL;
 }
 
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
 {
     const mbedtls_ssl_ciphersuite_t *cur;
 
-    cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+    cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
 
-    if( cur == NULL )
-        return( "unknown" );
+    if (cur == NULL) {
+        return "unknown";
+    }
 
-    return( cur->name );
+    return cur->name;
 }
 
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
 {
     const mbedtls_ssl_ciphersuite_t *cur;
 
-    cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
+    cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
 
-    if( cur == NULL )
-        return( 0 );
+    if (cur == NULL) {
+        return 0;
+    }
 
-    return( cur->id );
+    return cur->id;
 }
 
-size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info )
+size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1881,105 +1919,102 @@
     psa_algorithm_t alg;
     size_t key_bits;
 
-    status = mbedtls_ssl_cipher_to_psa( info->cipher,
-                        info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
-                        &alg, &key_type, &key_bits );
+    status = mbedtls_ssl_cipher_to_psa(info->cipher,
+                                       info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
+                                       &alg, &key_type, &key_bits);
 
-    if( status != PSA_SUCCESS )
+    if (status != PSA_SUCCESS) {
         return 0;
+    }
 
     return key_bits;
 #else
     const mbedtls_cipher_info_t * const cipher_info =
-      mbedtls_cipher_info_from_type( info->cipher );
+        mbedtls_cipher_info_from_type(info->cipher);
 
-    return( mbedtls_cipher_info_get_key_bitlen( cipher_info ) );
+    return mbedtls_cipher_info_get_key_bitlen(cipher_info);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 }
 
 #if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( MBEDTLS_PK_RSA );
+            return MBEDTLS_PK_RSA;
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
+            return MBEDTLS_PK_ECDSA;
 
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( MBEDTLS_PK_ECKEY );
+            return MBEDTLS_PK_ECKEY;
 
         default:
-            return( MBEDTLS_PK_NONE );
+            return MBEDTLS_PK_NONE;
     }
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg( const mbedtls_ssl_ciphersuite_t *info )
+psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( PSA_ALG_RSA_PKCS1V15_CRYPT );
+            return PSA_ALG_RSA_PKCS1V15_CRYPT;
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return( PSA_ALG_RSA_PKCS1V15_SIGN(
-                        mbedtls_hash_info_psa_from_md( info->mac ) ) );
+            return PSA_ALG_RSA_PKCS1V15_SIGN(
+                mbedtls_hash_info_psa_from_md(info->mac));
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( info->mac ) ) );
+            return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac));
 
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( PSA_ALG_ECDH );
+            return PSA_ALG_ECDH;
 
         default:
-            return( PSA_ALG_NONE );
+            return PSA_ALG_NONE;
     }
 }
 
-psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage( const mbedtls_ssl_ciphersuite_t *info )
+psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( PSA_KEY_USAGE_DECRYPT );
+            return PSA_KEY_USAGE_DECRYPT;
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( PSA_KEY_USAGE_SIGN_HASH );
+            return PSA_KEY_USAGE_SIGN_HASH;
 
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( PSA_KEY_USAGE_DERIVE );
+            return PSA_KEY_USAGE_DERIVE;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return( MBEDTLS_PK_RSA );
+            return MBEDTLS_PK_RSA;
 
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
+            return MBEDTLS_PK_ECDSA;
 
         default:
-            return( MBEDTLS_PK_NONE );
+            return MBEDTLS_PK_NONE;
     }
 }
 
@@ -1987,37 +2022,35 @@
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->key_exchange )
-    {
+    switch (info->key_exchange) {
         case MBEDTLS_KEY_EXCHANGE_PSK:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 925d0c2..ab897c4 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -37,26 +37,27 @@
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   const unsigned char *end,
-                                   size_t *olen )
+static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
+                                  unsigned char *buf,
+                                  const unsigned char *end,
+                                  size_t *olen)
 {
     unsigned char *p = buf;
     size_t hostname_len;
 
     *olen = 0;
 
-    if( ssl->hostname == NULL )
-        return( 0 );
+    if (ssl->hostname == NULL) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding server name extension: %s",
-          ssl->hostname ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding server name extension: %s",
+                           ssl->hostname));
 
-    hostname_len = strlen( ssl->hostname );
+    hostname_len = strlen(ssl->hostname);
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
 
     /*
      * Sect. 3, RFC 6066 (TLS Extensions Definitions)
@@ -84,28 +85,28 @@
      * } ServerNameList;
      *
      */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SERVERNAME, p, 0);
     p += 2;
 
-    MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(hostname_len + 5, p, 0);
     p += 2;
 
-    MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(hostname_len + 3, p, 0);
     p += 2;
 
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
+    *p++ = MBEDTLS_BYTE_0(MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME);
 
-    MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
     p += 2;
 
-    memcpy( p, ssl->hostname, hostname_len );
+    memcpy(p, ssl->hostname, hostname_len);
 
     *olen = hostname_len + 9;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SERVERNAME );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SERVERNAME);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
@@ -124,26 +125,27 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                               unsigned char *buf,
-                               const unsigned char *end,
-                               size_t *out_len )
+static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+                              unsigned char *buf,
+                              const unsigned char *end,
+                              size_t *out_len)
 {
     unsigned char *p = buf;
 
     *out_len = 0;
 
-    if( ssl->conf->alpn_list == NULL )
-        return( 0 );
+    if (ssl->conf->alpn_list == NULL) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension"));
 
 
     /* Check we have enough space for the extension type (2 bytes), the
      * extension length (2 bytes) and the protocol_name_list length (2 bytes).
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0);
     /* Skip writing extension and list length for now */
     p += 6;
 
@@ -154,32 +156,31 @@
      *     ProtocolName protocol_name_list<2..2^16-1>
      * } ProtocolNameList;
      */
-    for( const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-    {
+    for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
         /*
          * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
          * protocol names is less than 255.
          */
-        size_t protocol_name_len = strlen( *cur );
+        size_t protocol_name_len = strlen(*cur);
 
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + protocol_name_len );
-        *p++ = (unsigned char)protocol_name_len;
-        memcpy( p, *cur, protocol_name_len );
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + protocol_name_len);
+        *p++ = (unsigned char) protocol_name_len;
+        memcpy(p, *cur, protocol_name_len);
         p += protocol_name_len;
     }
 
     *out_len = p - buf;
 
     /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    MBEDTLS_PUT_UINT16_BE( *out_len - 6, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4);
 
     /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
-    MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(*out_len - 4, buf, 2);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
@@ -225,54 +226,52 @@
  * DHE groups are not supported yet.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           const unsigned char *end,
-                                           size_t *out_len )
+static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
+                                          unsigned char *buf,
+                                          const unsigned char *end,
+                                          size_t *out_len)
 {
-    unsigned char *p = buf ;
+    unsigned char *p = buf;
     unsigned char *named_group_list; /* Start of named_group_list */
     size_t named_group_list_len;     /* Length of named_group_list */
-    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
 
     *out_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported_groups extension"));
 
     /* Check if we have space for header and length fields:
      * - extension_type            (2 bytes)
      * - extension_data_length     (2 bytes)
      * - named_group_list_length   (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
     p += 6;
 
     named_group_list = p;
 
-    if( group_list == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    if (group_list == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
+    }
 
-    for( ; *group_list != 0; group_list++ )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got supported group(%04x)", *group_list ) );
+    for (; *group_list != 0; group_list++) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
 
 #if defined(MBEDTLS_ECP_C)
-        if( ( mbedtls_ssl_conf_is_tls13_enabled( ssl->conf ) &&
-              mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) ) ||
-            ( mbedtls_ssl_conf_is_tls12_enabled( ssl->conf ) &&
-              mbedtls_ssl_tls12_named_group_is_ecdhe( *group_list ) ) )
-        {
-            if( mbedtls_ssl_get_ecp_group_id_from_tls_id( *group_list ) ==
-                MBEDTLS_ECP_DP_NONE )
-            {
+        if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
+             mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
+            (mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
+             mbedtls_ssl_tls12_named_group_is_ecdhe(*group_list))) {
+            if (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) ==
+                MBEDTLS_ECP_DP_NONE) {
                 continue;
             }
-            MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-            MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+            MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+            MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
             p += 2;
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
-                        mbedtls_ssl_get_curve_name_from_tls_id( *group_list ),
-                        *group_list ) );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
+                                      mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
+                                      *group_list));
         }
 #endif /* MBEDTLS_ECP_C */
         /* Add DHE groups here */
@@ -281,30 +280,29 @@
 
     /* Length of named_group_list */
     named_group_list_len = p - named_group_list;
-    if( named_group_list_len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No group available." ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (named_group_list_len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("No group available."));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* Write extension_type */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0);
     /* Write extension_data_length */
-    MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(named_group_list_len + 2, buf, 2);
     /* Write length of named_group_list */
-    MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(named_group_list_len, buf, 4);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension",
-                           buf + 4, named_group_list_len + 2 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension",
+                          buf + 4, named_group_list_len + 2);
 
     *out_len = p - buf;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-        ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS );
+        ssl, MBEDTLS_TLS_EXT_SUPPORTED_GROUPS);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
@@ -312,11 +310,11 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_write_client_hello_cipher_suites(
-            mbedtls_ssl_context *ssl,
-            unsigned char *buf,
-            unsigned char *end,
-            int *tls12_uses_ec,
-            size_t *out_len )
+    mbedtls_ssl_context *ssl,
+    unsigned char *buf,
+    unsigned char *end,
+    int *tls12_uses_ec,
+    size_t *out_len)
 {
     unsigned char *p = buf;
     const int *ciphersuite_list;
@@ -337,38 +335,38 @@
     ciphersuite_list = ssl->conf->ciphersuite_list;
 
     /* Check there is space for the cipher suite list length (2 bytes). */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     p += 2;
 
     /* Write cipher_suites
      * CipherSuite cipher_suites<2..2^16-2>;
      */
     cipher_suites = p;
-    for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
-    {
+    for (size_t i = 0; ciphersuite_list[i] != 0; i++) {
         int cipher_suite = ciphersuite_list[i];
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
 
-        if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
-                                              ssl->handshake->min_tls_version,
-                                              ssl->tls_version ) != 0 )
+        if (mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
+                                             ssl->handshake->min_tls_version,
+                                             ssl->tls_version) != 0) {
             continue;
+        }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-        *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
+        (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+        defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+        *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
 #endif
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x, %s",
-                                    (unsigned int) cipher_suite,
-                                    ciphersuite_info->name ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %04x, %s",
+                                  (unsigned int) cipher_suite,
+                                  ciphersuite_info->name));
 
         /* Check there is space for the cipher suite identifier (2 bytes). */
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( cipher_suite, p, 0 );
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+        MBEDTLS_PUT_UINT16_BE(cipher_suite, p, 0);
         p += 2;
     }
 
@@ -377,27 +375,26 @@
      */
     int renegotiating = 0;
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
+    renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE);
 #endif
-    if( !renegotiating )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
+    if (!renegotiating) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV"));
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+        MBEDTLS_PUT_UINT16_BE(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0);
         p += 2;
     }
 
     /* Write the cipher_suites length in number of bytes */
     cipher_suites_len = p - cipher_suites;
-    MBEDTLS_PUT_UINT16_BE( cipher_suites_len, buf, 0 );
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-                           ( "client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
-                             cipher_suites_len/2 ) );
+    MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0);
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites",
+                           cipher_suites_len/2));
 
     /* Output the total length of cipher_suites field. */
     *out_len = p - buf;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -430,11 +427,11 @@
  * } ClientHello;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        unsigned char *end,
-                                        size_t *out_len,
-                                        size_t *binders_len )
+static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
+                                       unsigned char *buf,
+                                       unsigned char *end,
+                                       size_t *out_len,
+                                       size_t *binders_len)
 {
     int ret;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -449,15 +446,15 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     unsigned char propose_tls12 =
-        ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
+        (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2)
         &&
-        ( MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version );
+        (MBEDTLS_SSL_VERSION_TLS1_2 <= ssl->tls_version);
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     unsigned char propose_tls13 =
-        ( handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 )
+        (handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3)
         &&
-        ( MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version );
+        (MBEDTLS_SSL_VERSION_TLS1_3 <= ssl->tls_version);
 #endif
 
     /*
@@ -465,9 +462,9 @@
      *
      * In all cases this is the TLS 1.2 version.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-    mbedtls_ssl_write_version( p, ssl->conf->transport,
-                               MBEDTLS_SSL_VERSION_TLS1_2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+    mbedtls_ssl_write_version(p, ssl->conf->transport,
+                              MBEDTLS_SSL_VERSION_TLS1_2);
     p += 2;
 
     /* ...
@@ -478,10 +475,10 @@
      * the handshake->randbytes buffer and are copied here into the output
      * buffer.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
-    memcpy( p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
-                           p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
+    memcpy(p, handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes",
+                          p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
     p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
 
     /* TLS 1.2:
@@ -500,13 +497,13 @@
      * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
      * and are copied here into the output buffer.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, ssl->session_negotiate->id_len + 1 );
-    *p++ = (unsigned char)ssl->session_negotiate->id_len;
-    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, ssl->session_negotiate->id_len + 1);
+    *p++ = (unsigned char) ssl->session_negotiate->id_len;
+    memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len);
     p += ssl->session_negotiate->id_len;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
-                              ssl->session_negotiate->id_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id,
+                          ssl->session_negotiate->id_len);
 
     /* DTLS 1.2 ONLY
      * ...
@@ -514,38 +511,36 @@
      * ...
      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
         uint8_t cookie_len = 0;
 #else
         uint16_t cookie_len = 0;
 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
 
-        if( handshake->cookie != NULL )
-        {
-            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                                   handshake->cookie,
-                                   handshake->cookie_len );
+        if (handshake->cookie != NULL) {
+            MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie",
+                                  handshake->cookie,
+                                  handshake->cookie_len);
             cookie_len = handshake->cookie_len;
         }
 
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, cookie_len + 1 );
-        *p++ = ( unsigned char )cookie_len;
-        if( cookie_len > 0 )
-        {
-            memcpy( p, handshake->cookie, cookie_len );
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, cookie_len + 1);
+        *p++ = (unsigned char) cookie_len;
+        if (cookie_len > 0) {
+            memcpy(p, handshake->cookie, cookie_len);
             p += cookie_len;
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
 
     /* Write cipher_suites */
-    ret = ssl_write_client_hello_cipher_suites( ssl, p, end,
-                                                &tls12_uses_ec,
-                                                &output_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_write_client_hello_cipher_suites(ssl, p, end,
+                                               &tls12_uses_ec,
+                                               &output_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += output_len;
 
     /* Write legacy_compression_methods (TLS 1.3) or
@@ -558,7 +553,7 @@
      * For TLS 1.2 ClientHello, for security reasons we do not support
      * compression anymore, thus also just the 'null' compression method.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     *p++ = 1;
     *p++ = MBEDTLS_SSL_COMPRESS_NULL;
 
@@ -570,80 +565,82 @@
 #endif
 
     /* First write extensions, then the total length */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     p_extensions_len = p;
     p += 2;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     /* Write server name extension */
-    ret = ssl_write_hostname_ext( ssl, p, end, &output_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_write_hostname_ext(ssl, p, end, &output_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += output_len;
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ALPN)
-    ret = ssl_write_alpn_ext( ssl, p, end, &output_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_write_alpn_ext(ssl, p, end, &output_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += output_len;
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( propose_tls13 )
-    {
-        ret = mbedtls_ssl_tls13_write_client_hello_exts( ssl, p, end,
-                                                         &output_len );
-        if( ret != 0 )
-            return( ret );
+    if (propose_tls13) {
+        ret = mbedtls_ssl_tls13_write_client_hello_exts(ssl, p, end,
+                                                        &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if(
+    if (
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-        ( propose_tls13 &&
-          mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) ||
+        (propose_tls13 &&
+         mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) ||
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        ( propose_tls12 && tls12_uses_ec ) ||
+        (propose_tls12 && tls12_uses_ec) ||
 #endif
-        0 )
-    {
-        ret = ssl_write_supported_groups_ext( ssl, p, end, &output_len );
-        if( ret != 0 )
-            return( ret );
+        0) {
+        ret = ssl_write_supported_groups_ext(ssl, p, end, &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-    if(
+    if (
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-        ( propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) ||
+        (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) ||
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         propose_tls12 ||
 #endif
-       0 )
-    {
-        ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
-        if( ret != 0 )
-            return( ret );
+        0) {
+        ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( propose_tls12 )
-    {
-        ret = mbedtls_ssl_tls12_write_client_hello_exts( ssl, p, end,
-                                                         tls12_uses_ec,
-                                                         &output_len );
-        if( ret != 0 )
-            return( ret );
+    if (propose_tls12) {
+        ret = mbedtls_ssl_tls12_write_client_hello_exts(ssl, p, end,
+                                                        tls12_uses_ec,
+                                                        &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -652,12 +649,12 @@
     /* The "pre_shared_key" extension (RFC 8446 Section 4.2.11)
      * MUST be the last extension in the ClientHello.
      */
-    if( propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) )
-    {
+    if (propose_tls13 && mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) {
         ret = mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
-                  ssl, p, end, &output_len, binders_len );
-        if( ret != 0 )
-            return( ret );
+            ssl, p, end, &output_len, binders_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -665,28 +662,27 @@
     /* Write the length of the list of extensions. */
     extensions_len = p - p_extensions_len - 2;
 
-    if( extensions_len == 0 )
-       p = p_extensions_len;
-    else
-    {
-        MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" \
-                                    MBEDTLS_PRINTF_SIZET, extensions_len ) );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions",
-                                  p_extensions_len, extensions_len );
+    if (extensions_len == 0) {
+        p = p_extensions_len;
+    } else {
+        MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
+        MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" \
+                                  MBEDTLS_PRINTF_SIZET, extensions_len));
+        MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions",
+                              p_extensions_len, extensions_len);
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     MBEDTLS_SSL_PRINT_EXTS(
-        3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions );
+        3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions);
 #endif
 
     *out_len = p - buf;
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_generate_random( mbedtls_ssl_context *ssl )
+static int ssl_generate_random(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *randbytes = ssl->handshake->randbytes;
@@ -704,52 +700,50 @@
      * TLS 1.3 case:
      * opaque Random[32];
      */
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
 #if defined(MBEDTLS_HAVE_TIME)
-        mbedtls_time_t gmt_unix_time = mbedtls_time( NULL );
-        MBEDTLS_PUT_UINT32_BE( gmt_unix_time, randbytes, 0 );
+        mbedtls_time_t gmt_unix_time = mbedtls_time(NULL);
+        MBEDTLS_PUT_UINT32_BE(gmt_unix_time, randbytes, 0);
         gmt_unix_time_len = 4;
 
-        MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
-               (long long) gmt_unix_time ) );
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+                               (long long) gmt_unix_time));
 #endif /* MBEDTLS_HAVE_TIME */
     }
 
-    ret = ssl->conf->f_rng( ssl->conf->p_rng,
-                            randbytes + gmt_unix_time_len,
-                            MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len );
-    return( ret );
+    ret = ssl->conf->f_rng(ssl->conf->p_rng,
+                           randbytes + gmt_unix_time_len,
+                           MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
+static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
 {
     int ret;
     size_t session_id_len;
     mbedtls_ssl_session *session_negotiate = ssl->session_negotiate;
 
-    if( session_negotiate == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (session_negotiate == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_HAVE_TIME)
 
     /* Check if a tls13 ticket has been configured. */
-    if( ssl->handshake->resume != 0 &&
+    if (ssl->handshake->resume != 0 &&
         session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
-        session_negotiate->ticket != NULL )
-    {
-        mbedtls_time_t now = mbedtls_time( NULL );
-        uint64_t age = (uint64_t)( now - session_negotiate->ticket_received );
-        if( session_negotiate->ticket_received > now ||
-            age > session_negotiate->ticket_lifetime )
-        {
+        session_negotiate->ticket != NULL) {
+        mbedtls_time_t now = mbedtls_time(NULL);
+        uint64_t age = (uint64_t) (now - session_negotiate->ticket_received);
+        if (session_negotiate->ticket_received > now ||
+            age > session_negotiate->ticket_lifetime) {
             /* Without valid ticket, disable session resumption.*/
             MBEDTLS_SSL_DEBUG_MSG(
-                3, ( "Ticket expired, disable session resumption" ) );
+                3, ("Ticket expired, disable session resumption"));
             ssl->handshake->resume = 0;
         }
     }
@@ -757,30 +751,26 @@
           MBEDTLS_SSL_SESSION_TICKETS &&
           MBEDTLS_HAVE_TIME */
 
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
+    if (ssl->conf->f_rng == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+        return MBEDTLS_ERR_SSL_NO_RNG;
     }
 
     /* Bet on the highest configured version if we are not in a TLS 1.2
      * renegotiation or session resumption.
      */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         ssl->handshake->min_tls_version = ssl->tls_version;
-    else
+    } else
 #endif
     {
-        if( ssl->handshake->resume )
-        {
-             ssl->tls_version = session_negotiate->tls_version;
-             ssl->handshake->min_tls_version = ssl->tls_version;
-        }
-        else
-        {
-             ssl->tls_version = ssl->conf->max_tls_version;
-             ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
+        if (ssl->handshake->resume) {
+            ssl->tls_version = session_negotiate->tls_version;
+            ssl->handshake->min_tls_version = ssl->tls_version;
+        } else {
+            ssl->tls_version = ssl->conf->max_tls_version;
+            ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
         }
     }
 
@@ -790,15 +780,14 @@
      * (RFC 6347 4.2.1).
      */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->handshake->cookie == NULL ) )
+    if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+        (ssl->handshake->cookie == NULL))
 #endif
     {
-        ret = ssl_generate_random( ssl );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "Random bytes generation failed", ret );
-            return( ret );
+        ret = ssl_generate_random(ssl);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret);
+            return ret;
         }
     }
 
@@ -811,32 +800,29 @@
     session_id_len = session_negotiate->id_len;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        if( session_id_len < 16 || session_id_len > 32 ||
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
+        if (session_id_len < 16 || session_id_len > 32 ||
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
             ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
 #endif
-            ssl->handshake->resume == 0 )
-        {
+            ssl->handshake->resume == 0) {
             session_id_len = 0;
         }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    /*
-     * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
-     * generate and include a Session ID in the TLS ClientHello."
-     */
+        /*
+         * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
+         * generate and include a Session ID in the TLS ClientHello."
+         */
         int renegotiating = 0;
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+        if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
             renegotiating = 1;
+        }
 #endif
-        if( !renegotiating )
-        {
-            if( ( session_negotiate->ticket != NULL ) &&
-                ( session_negotiate->ticket_len != 0 ) )
-            {
+        if (!renegotiating) {
+            if ((session_negotiate->ticket != NULL) &&
+                (session_negotiate->ticket_len != 0)) {
                 session_id_len = 32;
             }
         }
@@ -845,8 +831,7 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         /*
          * Create a legacy session identifier for the purpose of middlebox
          * compatibility only if one has not been created already, which is
@@ -867,18 +852,15 @@
     }
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
-    if( session_id_len != session_negotiate->id_len )
-    {
+    if (session_id_len != session_negotiate->id_len) {
         session_negotiate->id_len = session_id_len;
-        if( session_id_len > 0 )
-        {
-            ret = ssl->conf->f_rng( ssl->conf->p_rng,
-                                    session_negotiate->id,
-                                    session_id_len );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "creating session id failed", ret );
-                return( ret );
+        if (session_id_len > 0) {
+            ret = ssl->conf->f_rng(ssl->conf->p_rng,
+                                   session_negotiate->id,
+                                   session_id_len);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret);
+                return ret;
             }
         }
     }
@@ -886,64 +868,58 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3  &&
-        ssl->handshake->resume )
-    {
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3  &&
+        ssl->handshake->resume) {
         int hostname_mismatch = ssl->hostname != NULL ||
                                 session_negotiate->hostname != NULL;
-        if( ssl->hostname != NULL && session_negotiate->hostname != NULL )
-        {
+        if (ssl->hostname != NULL && session_negotiate->hostname != NULL) {
             hostname_mismatch = strcmp(
-                ssl->hostname, session_negotiate->hostname ) != 0;
+                ssl->hostname, session_negotiate->hostname) != 0;
         }
 
-        if( hostname_mismatch )
-        {
+        if (hostname_mismatch) {
             MBEDTLS_SSL_DEBUG_MSG(
-                1, ( "Hostname mismatch the session ticket, "
-                     "disable session resumption." ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+                1, ("Hostname mismatch the session ticket, "
+                    "disable session resumption."));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
-    }
-    else
-    {
-        return mbedtls_ssl_session_set_hostname( session_negotiate,
-                                                 ssl->hostname );
+    } else {
+        return mbedtls_ssl_session_set_hostname(session_negotiate,
+                                                ssl->hostname);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
           MBEDTLS_SSL_SESSION_TICKETS &&
           MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
-    return( 0 );
+    return 0;
 }
 /*
  * Write ClientHello handshake message.
  * Handler for MBEDTLS_SSL_CLIENT_HELLO
  */
-int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     unsigned char *buf;
     size_t buf_len, msg_len, binders_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello"));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_prepare_client_hello( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_prepare_client_hello(ssl));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
-                                ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+                             ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                             &buf, &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_write_client_hello_body( ssl, buf,
-                                                       buf + buf_len,
-                                                       &msg_len,
-                                                       &binders_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_write_client_hello_body(ssl, buf,
+                                                     buf + buf_len,
+                                                     &msg_len,
+                                                     &binders_len));
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->out_msglen = msg_len + 4;
-        mbedtls_ssl_send_flight_completed( ssl );
+        mbedtls_ssl_send_flight_completed(ssl);
 
         /*
          * The two functions below may try to send data on the network and
@@ -954,48 +930,44 @@
          * that we will not write and send again a ClientHello when we
          * eventually succeed in sending the pending data.
          */
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
 
-        if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+            return ret;
         }
 
-        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
     {
 
-        mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                            msg_len );
-        ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len );
+        mbedtls_ssl_add_hs_hdr_to_checksum(ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                           msg_len);
+        ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
-        if( binders_len > 0 )
-        {
+        if (binders_len > 0) {
             MBEDTLS_SSL_PROC_CHK(
                 mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
-                      ssl, buf + msg_len - binders_len, buf + msg_len ) );
-            ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len,
-                                             binders_len );
+                    ssl, buf + msg_len - binders_len, buf + msg_len));
+            ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
+                                            binders_len);
         }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
-                                                                buf_len,
-                                                                msg_len ) );
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl,
+                                                              buf_len,
+                                                              msg_len));
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
     }
 
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello"));
     return ret;
 }
 
diff --git a/library/ssl_client.h b/library/ssl_client.h
index be4d067..f57bea3 100644
--- a/library/ssl_client.h
+++ b/library/ssl_client.h
@@ -29,6 +29,6 @@
 #include <stddef.h>
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl);
 
 #endif /* MBEDTLS_SSL_CLIENT_H */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index a996174..b7eead4 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -57,14 +57,14 @@
  * Cookies are formed of a 4-bytes timestamp (or serial number) and
  * an HMAC of timestamp and client ID.
  */
-#define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
+#define COOKIE_LEN      (4 + COOKIE_HMAC_LEN)
 
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
+void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-    mbedtls_md_init( &ctx->hmac_ctx );
+    mbedtls_md_init(&ctx->hmac_ctx);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if !defined(MBEDTLS_HAVE_TIME)
     ctx->serial = 0;
@@ -73,80 +73,83 @@
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
+void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay)
 {
     ctx->timeout = delay;
 }
 
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
+void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_destroy_key( ctx->psa_hmac_key );
+    psa_destroy_key(ctx->psa_hmac_key);
 #else
-    mbedtls_md_free( &ctx->hmac_ctx );
+    mbedtls_md_free(&ctx->hmac_ctx);
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
+    mbedtls_mutex_free(&ctx->mutex);
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
 }
 
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t alg;
 
-    (void)f_rng;
-    (void)p_rng;
+    (void) f_rng;
+    (void) p_rng;
 
-    alg = mbedtls_hash_info_psa_from_md( COOKIE_MD );
-    if( alg == 0 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    alg = mbedtls_hash_info_psa_from_md(COOKIE_MD);
+    if (alg == 0) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
-                                               COOKIE_HMAC_LEN );
+    ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(alg),
+                                              COOKIE_HMAC_LEN);
 
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
-                                          PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
-    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
+                            PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_algorithm(&attributes, ctx->psa_hmac_alg);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+    psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(COOKIE_MD_OUTLEN));
 
-    if( ( status = psa_generate_key( &attributes,
-                                     &ctx->psa_hmac_key ) ) != PSA_SUCCESS )
-    {
-        return psa_ssl_status_to_mbedtls( status );
+    if ((status = psa_generate_key(&attributes,
+                                   &ctx->psa_hmac_key)) != PSA_SUCCESS) {
+        return psa_ssl_status_to_mbedtls(status);
     }
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char key[COOKIE_MD_OUTLEN];
 
-    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
-        return( ret );
+    if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key));
+    if (ret != 0) {
+        return ret;
+    }
 
-    mbedtls_platform_zeroize( key, sizeof( key ) );
+    mbedtls_platform_zeroize(key, sizeof(key));
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -154,36 +157,35 @@
  * Generate the HMAC part of a cookie
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
-                            const unsigned char time[4],
-                            unsigned char **p, unsigned char *end,
-                            const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx,
+                           const unsigned char time[4],
+                           unsigned char **p, unsigned char *end,
+                           const unsigned char *cli_id, size_t cli_id_len)
 {
     unsigned char hmac_out[COOKIE_MD_OUTLEN];
 
-    MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN);
 
-    if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
-        mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (mbedtls_md_hmac_reset(hmac_ctx) != 0 ||
+        mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 ||
+        mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 ||
+        mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
+    memcpy(*p, hmac_out, COOKIE_HMAC_LEN);
     *p += COOKIE_HMAC_LEN;
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 
 /*
  * Generate cookie for DTLS ClientHello verification
  */
-int mbedtls_ssl_cookie_write( void *p_ctx,
-                      unsigned char **p, unsigned char *end,
-                      const unsigned char *cli_id, size_t cli_id_len )
+int mbedtls_ssl_cookie_write(void *p_ctx,
+                             unsigned char **p, unsigned char *end,
+                             const unsigned char *cli_id, size_t cli_id_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
@@ -194,13 +196,14 @@
     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
     unsigned long t;
 
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ctx == NULL || cli_id == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN);
 
 #if defined(MBEDTLS_HAVE_TIME)
-    t = (unsigned long) mbedtls_time( NULL );
+    t = (unsigned long) mbedtls_time(NULL);
 #else
     t = ctx->serial++;
 #endif
@@ -209,33 +212,29 @@
     *p += 4;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_mac_sign_setup( &operation, ctx->psa_hmac_key,
-                                 ctx->psa_hmac_alg );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
+                                ctx->psa_hmac_alg);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_update( &operation, *p - 4, 4 );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_update(&operation, *p - 4, 4);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_update( &operation, cli_id, cli_id_len );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_update(&operation, cli_id, cli_id_len);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
-                                  &sign_mac_length );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN,
+                                 &sign_mac_length);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
@@ -244,35 +243,38 @@
     ret = 0;
 #else
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
+    }
 #endif
 
-    ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
-                           p, end, cli_id, cli_id_len );
+    ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4,
+                          p, end, cli_id, cli_id_len);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
+                                 MBEDTLS_ERR_THREADING_MUTEX_ERROR);
+    }
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
-    status = psa_mac_abort( &operation );
-    if( status != PSA_SUCCESS )
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_abort(&operation);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    return( ret );
+    return ret;
 }
 
 /*
  * Check a cookie
  */
-int mbedtls_ssl_cookie_check( void *p_ctx,
-                      const unsigned char *cookie, size_t cookie_len,
-                      const unsigned char *cli_id, size_t cli_id_len )
+int mbedtls_ssl_cookie_check(void *p_ctx,
+                             const unsigned char *cookie, size_t cookie_len,
+                             const unsigned char *cli_id, size_t cli_id_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
@@ -285,99 +287,98 @@
     mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
     unsigned long cur_time, cookie_time;
 
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ctx == NULL || cli_id == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( cookie_len != COOKIE_LEN )
-        return( -1 );
+    if (cookie_len != COOKIE_LEN) {
+        return -1;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_mac_verify_setup( &operation, ctx->psa_hmac_key,
-                                   ctx->psa_hmac_alg );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
+                                  ctx->psa_hmac_alg);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_update( &operation, cookie, 4 );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_update(&operation, cookie, 4);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_update( &operation, cli_id,
-                             cli_id_len );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_update(&operation, cli_id,
+                            cli_id_len);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
-    status = psa_mac_verify_finish( &operation, cookie + 4,
-                                    COOKIE_HMAC_LEN );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_verify_finish(&operation, cookie + 4,
+                                   COOKIE_HMAC_LEN);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto exit;
     }
 
     ret = 0;
 #else
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
-#endif
-
-    if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
-                         &p, p + sizeof( ref_hmac ),
-                         cli_id, cli_id_len ) != 0 )
-        ret = -1;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                                 MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
     }
 #endif
 
-    if( ret != 0 )
-        goto exit;
+    if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie,
+                        &p, p + sizeof(ref_hmac),
+                        cli_id, cli_id_len) != 0) {
+        ret = -1;
+    }
 
-    if( mbedtls_ct_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
-    {
+#if defined(MBEDTLS_THREADING_C)
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
+                                MBEDTLS_ERR_THREADING_MUTEX_ERROR);
+    }
+#endif
+
+    if (ret != 0) {
+        goto exit;
+    }
+
+    if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) {
         ret = -1;
         goto exit;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_HAVE_TIME)
-    cur_time = (unsigned long) mbedtls_time( NULL );
+    cur_time = (unsigned long) mbedtls_time(NULL);
 #else
     cur_time = ctx->serial;
 #endif
 
-    cookie_time = ( (unsigned long) cookie[0] << 24 ) |
-                  ( (unsigned long) cookie[1] << 16 ) |
-                  ( (unsigned long) cookie[2] <<  8 ) |
-                  ( (unsigned long) cookie[3]       );
+    cookie_time = ((unsigned long) cookie[0] << 24) |
+                  ((unsigned long) cookie[1] << 16) |
+                  ((unsigned long) cookie[2] <<  8) |
+                  ((unsigned long) cookie[3]);
 
-    if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
-    {
+    if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) {
         ret = -1;
         goto exit;
     }
 
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_mac_abort( &operation );
-    if( status != PSA_SUCCESS )
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_mac_abort(&operation);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+    }
 #else
-    mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
+    mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 4412f8e..4d2a170 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -31,43 +31,43 @@
 #include "ssl_misc.h"
 
 
-const char *mbedtls_ssl_states_str( mbedtls_ssl_states in );
+const char *mbedtls_ssl_states_str(mbedtls_ssl_states in);
 
-const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in );
+const char *mbedtls_ssl_protocol_version_str(mbedtls_ssl_protocol_version in);
 
-const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in );
+const char *mbedtls_tls_prf_types_str(mbedtls_tls_prf_types in);
 
-const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in );
+const char *mbedtls_ssl_key_export_type_str(mbedtls_ssl_key_export_type in);
 
-const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
+const char *mbedtls_ssl_sig_alg_to_str(uint16_t in);
 
-const char *mbedtls_ssl_named_group_to_str( uint16_t in );
+const char *mbedtls_ssl_named_group_to_str(uint16_t in);
 
-const char *mbedtls_ssl_get_extension_name( unsigned int extension_type );
+const char *mbedtls_ssl_get_extension_name(unsigned int extension_type);
 
-void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
-                                   int level, const char *file, int line,
-                                   int hs_msg_type, uint32_t extensions_mask,
-                                   const char *extra );
-
-void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
+void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
                                   int level, const char *file, int line,
-                                  int hs_msg_type, unsigned int extension_type,
-                                  const char *extra_msg0, const char *extra_msg1 );
+                                  int hs_msg_type, uint32_t extensions_mask,
+                                  const char *extra);
 
-#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extensions_mask )            \
-            mbedtls_ssl_print_extensions( ssl, level, __FILE__, __LINE__,       \
-                                          hs_msg_type, extensions_mask, NULL )
+void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
+                                 int level, const char *file, int line,
+                                 int hs_msg_type, unsigned int extension_type,
+                                 const char *extra_msg0, const char *extra_msg1);
 
-#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra )      \
-            mbedtls_ssl_print_extension( ssl, level, __FILE__, __LINE__,        \
-                                         hs_msg_type, extension_type,           \
-                                         extra, NULL )
+#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask)            \
+    mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__,       \
+                                 hs_msg_type, extensions_mask, NULL)
+
+#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra)      \
+    mbedtls_ssl_print_extension(ssl, level, __FILE__, __LINE__,        \
+                                hs_msg_type, extension_type,           \
+                                extra, NULL)
 #else
 
-#define MBEDTLS_SSL_PRINT_EXTS( level, hs_msg_type, extension_mask )
+#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extension_mask)
 
-#define MBEDTLS_SSL_PRINT_EXT( level, hs_msg_type, extension_type, extra )
+#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra)
 
 #endif /* MBEDTLS_DEBUG_C */
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d558e38..16eccfc 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -71,7 +71,7 @@
 #define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
 
 /* Faked handshake message identity for HelloRetryRequest. */
-#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST ( -MBEDTLS_SSL_HS_SERVER_HELLO )
+#define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST (-MBEDTLS_SSL_HS_SERVER_HELLO)
 
 /*
  * Internal identity of handshake extensions
@@ -108,10 +108,10 @@
 #define MBEDTLS_SSL_EXT_ID_SESSION_TICKET             27
 
 /* Utility for translating IANA extension type. */
-uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type );
-uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type );
+uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type);
+uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
 /* Macros used to define mask constants */
-#define MBEDTLS_SSL_EXT_MASK( id )       ( 1ULL << ( MBEDTLS_SSL_EXT_ID_##id ) )
+#define MBEDTLS_SSL_EXT_MASK(id)       (1ULL << (MBEDTLS_SSL_EXT_ID_##id))
 /* Reset value of extension mask */
 #define MBEDTLS_SSL_EXT_MASK_NONE                                              0
 
@@ -136,81 +136,81 @@
 
 /* Extensions that are not recognized by TLS 1.3 */
 #define MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED                               \
-            ( MBEDTLS_SSL_EXT_MASK( SUPPORTED_POINT_FORMATS )                | \
-              MBEDTLS_SSL_EXT_MASK( ENCRYPT_THEN_MAC )                       | \
-              MBEDTLS_SSL_EXT_MASK( EXTENDED_MASTER_SECRET )                 | \
-              MBEDTLS_SSL_EXT_MASK( SESSION_TICKET )                         | \
-              MBEDTLS_SSL_EXT_MASK( TRUNCATED_HMAC )                         | \
-              MBEDTLS_SSL_EXT_MASK( UNRECOGNIZED ) )
+    (MBEDTLS_SSL_EXT_MASK(SUPPORTED_POINT_FORMATS)                | \
+     MBEDTLS_SSL_EXT_MASK(ENCRYPT_THEN_MAC)                       | \
+     MBEDTLS_SSL_EXT_MASK(EXTENDED_MASTER_SECRET)                 | \
+     MBEDTLS_SSL_EXT_MASK(SESSION_TICKET)                         | \
+     MBEDTLS_SSL_EXT_MASK(TRUNCATED_HMAC)                         | \
+     MBEDTLS_SSL_EXT_MASK(UNRECOGNIZED))
 
 /* RFC 8446 section 4.2. Allowed extensions for ClientHello */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH                                  \
-            ( MBEDTLS_SSL_EXT_MASK( SERVERNAME )                             | \
-              MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH )                    | \
-              MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST )                         | \
-              MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS )                       | \
-              MBEDTLS_SSL_EXT_MASK( SIG_ALG )                                | \
-              MBEDTLS_SSL_EXT_MASK( USE_SRTP )                               | \
-              MBEDTLS_SSL_EXT_MASK( HEARTBEAT )                              | \
-              MBEDTLS_SSL_EXT_MASK( ALPN )                                   | \
-              MBEDTLS_SSL_EXT_MASK( SCT )                                    | \
-              MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE )                          | \
-              MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE )                         | \
-              MBEDTLS_SSL_EXT_MASK( PADDING )                                | \
-              MBEDTLS_SSL_EXT_MASK( KEY_SHARE )                              | \
-              MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY )                         | \
-              MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES )                 | \
-              MBEDTLS_SSL_EXT_MASK( EARLY_DATA )                             | \
-              MBEDTLS_SSL_EXT_MASK( COOKIE )                                 | \
-              MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS )                     | \
-              MBEDTLS_SSL_EXT_MASK( CERT_AUTH )                              | \
-              MBEDTLS_SSL_EXT_MASK( POST_HANDSHAKE_AUTH )                    | \
-              MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT )                           | \
-              MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+    (MBEDTLS_SSL_EXT_MASK(SERVERNAME)                             | \
+     MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH)                    | \
+     MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST)                         | \
+     MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS)                       | \
+     MBEDTLS_SSL_EXT_MASK(SIG_ALG)                                | \
+     MBEDTLS_SSL_EXT_MASK(USE_SRTP)                               | \
+     MBEDTLS_SSL_EXT_MASK(HEARTBEAT)                              | \
+     MBEDTLS_SSL_EXT_MASK(ALPN)                                   | \
+     MBEDTLS_SSL_EXT_MASK(SCT)                                    | \
+     MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE)                          | \
+     MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE)                         | \
+     MBEDTLS_SSL_EXT_MASK(PADDING)                                | \
+     MBEDTLS_SSL_EXT_MASK(KEY_SHARE)                              | \
+     MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)                         | \
+     MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)                 | \
+     MBEDTLS_SSL_EXT_MASK(EARLY_DATA)                             | \
+     MBEDTLS_SSL_EXT_MASK(COOKIE)                                 | \
+     MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS)                     | \
+     MBEDTLS_SSL_EXT_MASK(CERT_AUTH)                              | \
+     MBEDTLS_SSL_EXT_MASK(POST_HANDSHAKE_AUTH)                    | \
+     MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT)                           | \
+     MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
 
 /* RFC 8446 section 4.2. Allowed extensions for EncryptedExtensions */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE                                  \
-            ( MBEDTLS_SSL_EXT_MASK( SERVERNAME )                             | \
-              MBEDTLS_SSL_EXT_MASK( MAX_FRAGMENT_LENGTH )                    | \
-              MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS )                       | \
-              MBEDTLS_SSL_EXT_MASK( USE_SRTP )                               | \
-              MBEDTLS_SSL_EXT_MASK( HEARTBEAT )                              | \
-              MBEDTLS_SSL_EXT_MASK( ALPN )                                   | \
-              MBEDTLS_SSL_EXT_MASK( CLI_CERT_TYPE )                          | \
-              MBEDTLS_SSL_EXT_MASK( SERV_CERT_TYPE )                         | \
-              MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
+    (MBEDTLS_SSL_EXT_MASK(SERVERNAME)                             | \
+     MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH)                    | \
+     MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS)                       | \
+     MBEDTLS_SSL_EXT_MASK(USE_SRTP)                               | \
+     MBEDTLS_SSL_EXT_MASK(HEARTBEAT)                              | \
+     MBEDTLS_SSL_EXT_MASK(ALPN)                                   | \
+     MBEDTLS_SSL_EXT_MASK(CLI_CERT_TYPE)                          | \
+     MBEDTLS_SSL_EXT_MASK(SERV_CERT_TYPE)                         | \
+     MBEDTLS_SSL_EXT_MASK(EARLY_DATA))
 
 /* RFC 8446 section 4.2. Allowed extensions for CertificateRequest */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR                                  \
-            ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST )                         | \
-              MBEDTLS_SSL_EXT_MASK( SIG_ALG )                                | \
-              MBEDTLS_SSL_EXT_MASK( SCT )                                    | \
-              MBEDTLS_SSL_EXT_MASK( CERT_AUTH )                              | \
-              MBEDTLS_SSL_EXT_MASK( OID_FILTERS )                            | \
-              MBEDTLS_SSL_EXT_MASK( SIG_ALG_CERT )                           | \
-              MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+    (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST)                         | \
+     MBEDTLS_SSL_EXT_MASK(SIG_ALG)                                | \
+     MBEDTLS_SSL_EXT_MASK(SCT)                                    | \
+     MBEDTLS_SSL_EXT_MASK(CERT_AUTH)                              | \
+     MBEDTLS_SSL_EXT_MASK(OID_FILTERS)                            | \
+     MBEDTLS_SSL_EXT_MASK(SIG_ALG_CERT)                           | \
+     MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
 
 /* RFC 8446 section 4.2. Allowed extensions for Certificate */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT                                  \
-            ( MBEDTLS_SSL_EXT_MASK( STATUS_REQUEST )                         | \
-              MBEDTLS_SSL_EXT_MASK( SCT ) )
+    (MBEDTLS_SSL_EXT_MASK(STATUS_REQUEST)                         | \
+     MBEDTLS_SSL_EXT_MASK(SCT))
 
 /* RFC 8446 section 4.2. Allowed extensions for ServerHello */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH                                  \
-            ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE )                              | \
-              MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY )                         | \
-              MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+    (MBEDTLS_SSL_EXT_MASK(KEY_SHARE)                              | \
+     MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)                         | \
+     MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS))
 
 /* RFC 8446 section 4.2. Allowed extensions for HelloRetryRequest */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR                                 \
-            ( MBEDTLS_SSL_EXT_MASK( KEY_SHARE )                              | \
-              MBEDTLS_SSL_EXT_MASK( COOKIE )                                 | \
-              MBEDTLS_SSL_EXT_MASK( SUPPORTED_VERSIONS ) )
+    (MBEDTLS_SSL_EXT_MASK(KEY_SHARE)                              | \
+     MBEDTLS_SSL_EXT_MASK(COOKIE)                                 | \
+     MBEDTLS_SSL_EXT_MASK(SUPPORTED_VERSIONS))
 
 /* RFC 8446 section 4.2. Allowed extensions for NewSessionTicket */
 #define MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST                                 \
-            ( MBEDTLS_SSL_EXT_MASK( EARLY_DATA )                             | \
-              MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED )
+    (MBEDTLS_SSL_EXT_MASK(EARLY_DATA)                             | \
+     MBEDTLS_SSL_TLS1_3_EXT_MASK_UNRECOGNIZED)
 
 /*
  * Helper macros for function call with return check.
@@ -218,25 +218,25 @@
 /*
  * Exit when return non-zero value
  */
-#define MBEDTLS_SSL_PROC_CHK( f )                               \
+#define MBEDTLS_SSL_PROC_CHK(f)                               \
     do {                                                        \
-        ret = ( f );                                            \
-        if( ret != 0 )                                          \
+        ret = (f);                                            \
+        if (ret != 0)                                          \
         {                                                       \
             goto cleanup;                                       \
         }                                                       \
-    } while( 0 )
+    } while (0)
 /*
  * Exit when return negative value
  */
-#define MBEDTLS_SSL_PROC_CHK_NEG( f )                           \
+#define MBEDTLS_SSL_PROC_CHK_NEG(f)                           \
     do {                                                        \
-        ret = ( f );                                            \
-        if( ret < 0 )                                           \
+        ret = (f);                                            \
+        if (ret < 0)                                           \
         {                                                       \
             goto cleanup;                                       \
         }                                                       \
-    } while( 0 )
+    } while (0)
 
 /*
  * DTLS retransmission states, see RFC 6347 4.2.4
@@ -260,10 +260,10 @@
 
 /* This macro determines whether CBC is supported. */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
-    ( defined(MBEDTLS_AES_C)      ||                                  \
-      defined(MBEDTLS_CAMELLIA_C) ||                                  \
-      defined(MBEDTLS_ARIA_C)     ||                                  \
-      defined(MBEDTLS_DES_C) )
+    (defined(MBEDTLS_AES_C)      ||                                  \
+    defined(MBEDTLS_CAMELLIA_C) ||                                  \
+    defined(MBEDTLS_ARIA_C)     ||                                  \
+    defined(MBEDTLS_DES_C))
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 
@@ -275,7 +275,7 @@
 
 /* This macro determines whether the CBC construct used in TLS 1.2 is supported. */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-      defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
 #endif
 
@@ -318,17 +318,17 @@
 #define MBEDTLS_SSL_MAX_CID_EXPANSION        0
 #endif
 
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_MAX_IV_LENGTH +          \
-                                       MBEDTLS_SSL_MAC_ADD +            \
-                                       MBEDTLS_SSL_PADDING_ADD +        \
-                                       MBEDTLS_SSL_MAX_CID_EXPANSION    \
-                                       )
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD (MBEDTLS_MAX_IV_LENGTH +          \
+                                      MBEDTLS_SSL_MAC_ADD +            \
+                                      MBEDTLS_SSL_PADDING_ADD +        \
+                                      MBEDTLS_SSL_MAX_CID_EXPANSION    \
+                                      )
 
-#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                     ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
+#define MBEDTLS_SSL_IN_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+                                    (MBEDTLS_SSL_IN_CONTENT_LEN))
 
-#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                      ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+#define MBEDTLS_SSL_OUT_PAYLOAD_LEN (MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+                                     (MBEDTLS_SSL_OUT_CONTENT_LEN))
 
 /* The maximum number of buffered handshake messages. */
 #define MBEDTLS_SSL_MAX_BUFFERED_HS 4
@@ -339,8 +339,8 @@
  */
 #define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN (                            \
         (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN)   \
-        ? ( MBEDTLS_SSL_OUT_CONTENT_LEN )                            \
-        : ( MBEDTLS_SSL_IN_CONTENT_LEN )                             \
+        ? (MBEDTLS_SSL_OUT_CONTENT_LEN)                            \
+        : (MBEDTLS_SSL_IN_CONTENT_LEN)                             \
         )
 
 /* Maximum size in bytes of list in signature algorithms ext., RFC 5246/8446 */
@@ -359,7 +359,7 @@
 #define MBEDTLS_TLS_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( sig, hash ) (( hash << 8 ) | sig)
+#define MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(sig, hash) ((hash << 8) | sig)
 #define MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg & 0xFF)
 #define MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(alg) (alg >> 8)
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -395,20 +395,20 @@
 
 #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 #define MBEDTLS_SSL_IN_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+    ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN))
 #else
 #define MBEDTLS_SSL_IN_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
-      + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
+    ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_IN_PAYLOAD_LEN) \
+     + (MBEDTLS_SSL_CID_IN_LEN_MAX))
 #endif
 
 #if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 #define MBEDTLS_SSL_OUT_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+    ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN))
 #else
 #define MBEDTLS_SSL_OUT_BUFFER_LEN                               \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN )    \
-      + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
+    ((MBEDTLS_SSL_HEADER_LEN) + (MBEDTLS_SSL_OUT_PAYLOAD_LEN)    \
+     + (MBEDTLS_SSL_CID_OUT_LEN_MAX))
 #endif
 
 #define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
@@ -428,7 +428,7 @@
  *
  * \return         Current maximum fragment length for the output buffer.
  */
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the maximum fragment length (payload, in bytes) for
@@ -444,31 +444,31 @@
  *
  * \return         Current maximum fragment length for the output buffer.
  */
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx)
 {
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    return mbedtls_ssl_get_output_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
-               + MBEDTLS_SSL_CID_OUT_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    return mbedtls_ssl_get_output_max_frag_len(ctx)
+           + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+           + MBEDTLS_SSL_CID_OUT_LEN_MAX;
 #else
-    return mbedtls_ssl_get_output_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+    return mbedtls_ssl_get_output_max_frag_len(ctx)
+           + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
 #endif
 }
 
-static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
+static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx)
 {
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    return mbedtls_ssl_get_input_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
-               + MBEDTLS_SSL_CID_IN_LEN_MAX;
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    return mbedtls_ssl_get_input_max_frag_len(ctx)
+           + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+           + MBEDTLS_SSL_CID_IN_LEN_MAX;
 #else
-    return mbedtls_ssl_get_input_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
+    return mbedtls_ssl_get_input_max_frag_len(ctx)
+           + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
 #endif
 }
 #endif
@@ -492,36 +492,34 @@
  * \return       Zero if the needed space is available in the buffer, non-zero
  *               otherwise.
  */
-#if ! defined(MBEDTLS_TEST_HOOKS)
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
-                                           const uint8_t *end, size_t need )
+#if !defined(MBEDTLS_TEST_HOOKS)
+static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
+                                          const uint8_t *end, size_t need)
 {
-    return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+    return (cur > end) || (need > (size_t) (end - cur));
 }
 #else
-typedef struct
-{
+typedef struct {
     const uint8_t *cur;
     const uint8_t *end;
     size_t need;
 } mbedtls_ssl_chk_buf_ptr_args;
 
 void mbedtls_ssl_set_chk_buf_ptr_fail_args(
-    const uint8_t *cur, const uint8_t *end, size_t need );
-void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void );
+    const uint8_t *cur, const uint8_t *end, size_t need);
+void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args );
+int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args);
 
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
-                                           const uint8_t *end, size_t need )
+static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur,
+                                          const uint8_t *end, size_t need)
 {
-    if( ( cur > end ) || ( need > (size_t)( end - cur ) ) )
-    {
-        mbedtls_ssl_set_chk_buf_ptr_fail_args( cur, end, need );
-        return( 1 );
+    if ((cur > end) || (need > (size_t) (end - cur))) {
+        mbedtls_ssl_set_chk_buf_ptr_fail_args(cur, end, need);
+        return 1;
     }
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_TEST_HOOKS */
 
@@ -535,13 +533,13 @@
  * \param need   Needed space in bytes.
  *
  */
-#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need )                        \
+#define MBEDTLS_SSL_CHK_BUF_PTR(cur, end, need)                        \
     do {                                                                 \
-        if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+        if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0) \
         {                                                                \
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );                  \
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;                  \
         }                                                                \
-    } while( 0 )
+    } while (0)
 
 /**
  * \brief        This macro checks if the remaining length in an input buffer is
@@ -557,26 +555,26 @@
  * \param need   Needed length in bytes.
  *
  */
-#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need )                          \
+#define MBEDTLS_SSL_CHK_BUF_READ_PTR(cur, end, need)                          \
     do {                                                                        \
-        if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 )        \
+        if (mbedtls_ssl_chk_buf_ptr((cur), (end), (need)) != 0)        \
         {                                                                       \
-            MBEDTLS_SSL_DEBUG_MSG( 1,                                           \
-                                   ( "missing input data in %s", __func__ ) );  \
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );       \
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );                             \
+            MBEDTLS_SSL_DEBUG_MSG(1,                                           \
+                                  ("missing input data in %s", __func__));  \
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                         MBEDTLS_ERR_SSL_DECODE_ERROR);       \
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;                             \
         }                                                                       \
-    } while( 0 )
+    } while (0)
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-typedef int  mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
-                                     const char *label,
-                                     const unsigned char *random, size_t rlen,
-                                     unsigned char *dstbuf, size_t dlen );
+typedef int  mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen,
+                                    const char *label,
+                                    const unsigned char *random, size_t rlen,
+                                    unsigned char *dstbuf, size_t dlen);
 
 /* cipher.h exports the maximum IV, key and block length from
  * all ciphers enabled in the config, regardless of whether those
@@ -602,16 +600,15 @@
  * \brief   The data structure holding the cryptographic material (key and IV)
  *          used for record protection in TLS 1.3.
  */
-struct mbedtls_ssl_key_set
-{
+struct mbedtls_ssl_key_set {
     /*! The key for client->server records. */
-    unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+    unsigned char client_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
     /*! The key for server->client records. */
-    unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
+    unsigned char server_write_key[MBEDTLS_SSL_MAX_KEY_LENGTH];
     /*! The IV  for client->server records. */
-    unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+    unsigned char client_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
     /*! The IV  for server->client records. */
-    unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
+    unsigned char server_write_iv[MBEDTLS_SSL_MAX_IV_LENGTH];
 
     size_t key_len; /*!< The length of client_write_key and
                      *   server_write_key, in Bytes. */
@@ -620,24 +617,21 @@
 };
 typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
 
-typedef struct
-{
-    unsigned char binder_key                  [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+typedef struct {
+    unsigned char binder_key[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    unsigned char client_early_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    unsigned char early_exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
 } mbedtls_ssl_tls13_early_secrets;
 
-typedef struct
-{
-    unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-    unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+typedef struct {
+    unsigned char client_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    unsigned char server_handshake_traffic_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
 } mbedtls_ssl_tls13_handshake_secrets;
 
 /*
  * This structure contains the parameters only needed during handshake.
  */
-struct mbedtls_ssl_handshake_params
-{
+struct mbedtls_ssl_handshake_params {
     /* Frequently-used boolean or byte fields (placed early to take
      * advantage of smaller code size for indirect access on Arm Thumb) */
     uint8_t resume;                     /*!<  session resume indicator*/
@@ -819,16 +813,14 @@
     mbedtls_pk_context peer_pubkey;     /*!< The public key from the peer.  */
 #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-    struct
-    {
+    struct {
         size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
                                       *   buffers used for message buffering. */
 
         uint8_t seen_ccs;               /*!< Indicates if a CCS message has
                                          *   been seen in the current flight. */
 
-        struct mbedtls_ssl_hs_buffer
-        {
+        struct mbedtls_ssl_hs_buffer {
             unsigned is_valid      : 1;
             unsigned is_fragmented : 1;
             unsigned is_complete   : 1;
@@ -836,8 +828,7 @@
             size_t data_len;
         } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
 
-        struct
-        {
+        struct {
             unsigned char *data;
             size_t len;
             unsigned epoch;
@@ -846,8 +837,8 @@
     } buffering;
 
 #if defined(MBEDTLS_SSL_CLI_C) && \
-    ( defined(MBEDTLS_SSL_PROTO_DTLS) || \
-      defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+    (defined(MBEDTLS_SSL_PROTO_DTLS) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_3))
     unsigned char *cookie;              /*!< HelloVerifyRequest cookie for DTLS
                                          *   HelloRetryRequest cookie for TLS 1.3 */
 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -885,7 +876,7 @@
     unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
                                               flight being received          */
     mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
-                                              resending messages             */
+                                                   resending messages             */
     unsigned char alt_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN]; /*!<  Alternative record epoch/counter
                                                                       for resending messages         */
 
@@ -896,7 +887,7 @@
                          *   has been negotiated. Possible values are
                          *   #MBEDTLS_SSL_CID_ENABLED and
                          *   #MBEDTLS_SSL_CID_DISABLED. */
-    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
+    unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];   /*! The peer's CID */
     uint8_t peer_cid_len;                                  /*!< The length of
                                                             *   \c peer_cid.  */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -942,11 +933,9 @@
      * State-local variables used during the processing
      * of a specific handshake state.
      */
-    union
-    {
+    union {
         /* Outgoing Finished message */
-        struct
-        {
+        struct {
             uint8_t preparation_done;
 
             /* Buffer holding digest of the handshake up to
@@ -956,8 +945,7 @@
         } finished_out;
 
         /* Incoming Finished message */
-        struct
-        {
+        struct {
             uint8_t preparation_done;
 
             /* Buffer holding digest of the handshake up to but
@@ -972,10 +960,10 @@
 
     unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
                             MBEDTLS_SERVER_HELLO_RANDOM_LEN];
-                                        /*!<  random bytes            */
+    /*!<  random bytes            */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
-                                        /*!<  premaster secret        */
+    /*!<  premaster secret        */
     size_t pmslen;                      /*!<  premaster length        */
 #endif
 
@@ -990,11 +978,10 @@
 
     /** TLS 1.3 transform for encrypted handshake messages. */
     mbedtls_ssl_transform *transform_handshake;
-    union
-    {
-        unsigned char early    [MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    union {
+        unsigned char early[MBEDTLS_TLS1_3_MD_MAX_SIZE];
         unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
-        unsigned char app      [MBEDTLS_TLS1_3_MD_MAX_SIZE];
+        unsigned char app[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     } tls13_master_secrets;
 
     mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
@@ -1104,8 +1091,7 @@
  *   in other transformations.
  *
  */
-struct mbedtls_ssl_transform
-{
+struct mbedtls_ssl_transform {
     /*
      * Session specific crypto layer
      */
@@ -1149,8 +1135,8 @@
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     uint8_t in_cid_len;
     uint8_t out_cid_len;
-    unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
-    unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
+    unsigned char in_cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+    unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -1159,7 +1145,7 @@
      * see ssl_tls12_populate_transform() */
     unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
                             MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
-                            /*!< ServerHello.random+ClientHello.random */
+    /*!< ServerHello.random+ClientHello.random */
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 };
 
@@ -1168,13 +1154,13 @@
  * Equivalently, return 0 if a separate MAC is used, 1 otherwise.
  */
 static inline int mbedtls_ssl_transform_uses_aead(
-        const mbedtls_ssl_transform *transform )
+    const mbedtls_ssl_transform *transform)
 {
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    return( transform->maclen == 0 && transform->taglen != 0 );
+    return transform->maclen == 0 && transform->taglen != 0;
 #else
     (void) transform;
-    return( 1 );
+    return 1;
 #endif
 }
 
@@ -1204,8 +1190,7 @@
 #define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
 #endif
 
-typedef struct
-{
+typedef struct {
     uint8_t ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN];  /* In TLS:  The implicit record sequence number.
                                                     * In DTLS: The 2-byte epoch followed by
                                                     *          the 6-byte sequence number.
@@ -1228,7 +1213,7 @@
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     uint8_t cid_len;        /* Length of the CID (0 if not present)          */
-    unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID                 */
+    unsigned char cid[MBEDTLS_SSL_CID_LEN_MAX];   /* The CID                 */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 } mbedtls_record;
 
@@ -1236,8 +1221,7 @@
 /*
  * List of certificate + private key pairs
  */
-struct mbedtls_ssl_key_cert
-{
+struct mbedtls_ssl_key_cert {
     mbedtls_x509_crt *cert;                 /*!< cert                       */
     mbedtls_pk_context *key;                /*!< private key                */
     mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
@@ -1248,8 +1232,7 @@
 /*
  * List of handshake messages kept around for resending
  */
-struct mbedtls_ssl_flight_item
-{
+struct mbedtls_ssl_flight_item {
     unsigned char *p;       /*!< message, including handshake headers   */
     size_t len;             /*!< length of p                            */
     unsigned char type;     /*!< type of the message: handshake or CCS  */
@@ -1270,11 +1253,11 @@
  * \param[out]  out_len Length of the data written into the buffer \p buf
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               const unsigned char *end,
-                                               int uses_ec,
-                                               size_t *out_len );
+int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              const unsigned char *end,
+                                              int uses_ec,
+                                              size_t *out_len);
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
@@ -1291,8 +1274,8 @@
  *          identifier as defined in the TLS 1.2 HashAlgorithm enumeration.
  */
 unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
-                mbedtls_ssl_context *ssl,
-                unsigned int sig_alg );
+    mbedtls_ssl_context *ssl,
+    unsigned int sig_alg);
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
           MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -1303,7 +1286,7 @@
  *
  * \param transform SSL transform context
  */
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform);
 
 /**
  * \brief           Free referenced items in an SSL handshake context and clear
@@ -1311,42 +1294,42 @@
  *
  * \param ssl       SSL context
  */
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl);
 
 /* set inbound transform of ssl context */
-void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
-                                        mbedtls_ssl_transform *transform );
+void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl,
+                                       mbedtls_ssl_transform *transform);
 
 /* set outbound transform of ssl context */
-void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
-                                         mbedtls_ssl_transform *transform );
+void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_transform *transform);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
-static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
-                                                    mbedtls_ssl_states state )
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
+static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
+                                                   mbedtls_ssl_states state)
 {
-    ssl->state = ( int ) state;
+    ssl->state = (int) state;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
 
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2  */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
 
 /**
  * \brief       Update record layer
@@ -1425,81 +1408,81 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
-                             unsigned update_hs_digest );
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+                            unsigned update_hs_digest);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want);
 
 /*
  * Write handshake message header
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
-                                     unsigned char **buf, size_t *buf_len );
+int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type,
+                                    unsigned char **buf, size_t *buf_len);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
-                                         int update_checksum,
-                                         int force_flush );
-static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
+                                        int update_checksum,
+                                        int force_flush);
+static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) );
+    return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */);
 }
 
 /*
  * Write handshake message tail
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
-                                      size_t buf_len, size_t msg_len );
+int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl,
+                                     size_t buf_len, size_t msg_len);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl);
 
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
+                                   const mbedtls_ssl_ciphersuite_t *ciphersuite_info);
 
 /*
  * Update checksum of handshake messages.
  */
-void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         unsigned char const *msg,
-                                         size_t msg_len );
+void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
+                                        unsigned hs_type,
+                                        unsigned char const *msg,
+                                        size_t msg_len);
 
-void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         size_t total_hs_len );
+void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
+                                        unsigned hs_type,
+                                        size_t total_hs_len);
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
-                                      mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
+                                     mbedtls_key_exchange_type_t key_ex);
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 #if defined(MBEDTLS_SSL_CLI_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
+int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf);
 #endif
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
@@ -1510,15 +1493,17 @@
  * Return an opaque PSK
  */
 static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
-    const mbedtls_ssl_context *ssl )
+    const mbedtls_ssl_context *ssl)
 {
-    if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
-        return( ssl->handshake->psk_opaque );
+    if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+        return ssl->handshake->psk_opaque;
+    }
 
-    if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
-        return( ssl->conf->psk_opaque );
+    if (!mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) {
+        return ssl->conf->psk_opaque;
+    }
 
-    return( MBEDTLS_SVC_KEY_ID_INIT );
+    return MBEDTLS_SVC_KEY_ID_INIT;
 }
 #else
 /**
@@ -1527,53 +1512,46 @@
  * 2. static PSK configured by \c mbedtls_ssl_conf_psk()
  * Return a code and update the pair (PSK, PSK length) passed to this function
  */
-static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
-    const unsigned char **psk, size_t *psk_len )
+static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl,
+                                      const unsigned char **psk, size_t *psk_len)
 {
-    if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
-    {
+    if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) {
         *psk = ssl->handshake->psk;
         *psk_len = ssl->handshake->psk_len;
-    }
-
-    else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
-    {
+    } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) {
         *psk = ssl->conf->psk;
         *psk_len = ssl->conf->psk_len;
-    }
-
-    else
-    {
+    } else {
         *psk = NULL;
         *psk_len = 0;
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
 #if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type);
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
 #endif
 
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash);
+unsigned char mbedtls_ssl_hash_from_md_alg(int md);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
 #endif
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
+int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
 #if defined(MBEDTLS_ECP_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
 #endif
 
 /**
@@ -1592,9 +1570,9 @@
  *                  The function can be called with both parameters as NULL
  *                  simply to check if a specific TLS ID is supported.
  */
-int mbedtls_ssl_get_psa_curve_info_from_tls_id( uint16_t tls_id,
-                                                psa_ecc_family_t *family,
-                                                size_t* bits );
+int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
+                                               psa_ecc_family_t *family,
+                                               size_t *bits);
 
 /**
  * \brief Return \c mbedtls_ecp_group_id for the specified TLS ID.
@@ -1603,7 +1581,7 @@
  * \return          Proper \c mbedtls_ecp_group_id if the TLS ID is supported,
  *                  or MBEDTLS_ECP_DP_NONE otherwise
  */
-mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id( uint16_t tls_id );
+mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id);
 
 /**
  * \brief Return TLS ID for the specified \c mbedtls_ecp_group_id.
@@ -1612,7 +1590,7 @@
  * \return          Proper TLS ID if the \c mbedtls_ecp_group_id is supported,
  *                  or 0 otherwise
  */
-uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id( mbedtls_ecp_group_id grp_id );
+uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id);
 
 #if defined(MBEDTLS_DEBUG_C)
 /**
@@ -1622,15 +1600,14 @@
  * \return          A pointer to a const string with the proper name. If TLS
  *                  ID is not supported, a NULL pointer is returned instead.
  */
-const char* mbedtls_ssl_get_curve_name_from_tls_id( uint16_t tls_id );
+const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id);
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
-                                                    ( const uint16_t srtp_profile_value )
+    (const uint16_t srtp_profile_value)
 {
-    switch( srtp_profile_value )
-    {
+    switch (srtp_profile_value) {
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
         case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
@@ -1638,33 +1615,35 @@
             return srtp_profile_value;
         default: break;
     }
-    return( MBEDTLS_TLS_SRTP_UNSET );
+    return MBEDTLS_TLS_SRTP_UNSET;
 }
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_key_cert *key_cert;
 
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+    if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
         key_cert = ssl->handshake->key_cert;
-    else
+    } else {
         key_cert = ssl->conf->key_cert;
+    }
 
-    return( key_cert == NULL ? NULL : key_cert->key );
+    return key_cert == NULL ? NULL : key_cert->key;
 }
 
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_key_cert *key_cert;
 
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+    if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) {
         key_cert = ssl->handshake->key_cert;
-    else
+    } else {
         key_cert = ssl->conf->key_cert;
+    }
 
-    return( key_cert == NULL ? NULL : key_cert->cert );
+    return key_cert == NULL ? NULL : key_cert->cert;
 }
 
 /*
@@ -1677,159 +1656,159 @@
  * Return 0 if everything is OK, -1 if not.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags );
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+                                 const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                                 int cert_endpoint,
+                                 uint32_t *flags);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-void mbedtls_ssl_write_version( unsigned char version[2], int transport,
-                                mbedtls_ssl_protocol_version tls_version );
-uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
-                                   int transport );
+void mbedtls_ssl_write_version(unsigned char version[2], int transport,
+                               mbedtls_ssl_protocol_version tls_version);
+uint16_t mbedtls_ssl_read_version(const unsigned char version[2],
+                                  int transport);
 
-static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl)
 {
 #if !defined(MBEDTLS_SSL_PROTO_DTLS)
     ((void) ssl);
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        return( 13 );
-    }
-    else
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return 13;
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
-        return( 5 );
+        return 5;
     }
 }
 
-static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl)
 {
-    return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
+    return (size_t) (ssl->out_iv - ssl->out_hdr);
 }
 
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 12 );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return 12;
+    }
 #else
     ((void) ssl);
 #endif
-    return( 4 );
+    return 4;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl);
 #endif
 
 /* Visible for testing purposes only */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl);
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl);
 #endif
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
-                              const mbedtls_ssl_session *src );
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+                             const mbedtls_ssl_session *src);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                            unsigned char *hash, size_t *hashlen,
-                                            unsigned char *data, size_t data_len,
-                                            mbedtls_md_type_t md_alg );
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+                                           unsigned char *hash, size_t *hashlen,
+                                           unsigned char *data, size_t data_len,
+                                           mbedtls_md_type_t md_alg);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #ifdef __cplusplus
 }
 #endif
 
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng );
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+                            mbedtls_ssl_transform *transform,
+                            mbedtls_record *rec,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec );
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+                            mbedtls_ssl_transform *transform,
+                            mbedtls_record *rec);
 
 /* Length of the "epoch" field in the record header */
-static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
+static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 2 );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return 2;
+    }
 #else
     ((void) ssl);
 #endif
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl);
 
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
-                              mbedtls_ssl_transform *transform );
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+                                     mbedtls_ssl_transform *transform);
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
-void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
-                                          int partial );
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial);
+void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
+                                         int partial);
 
 /*
  * Send pending alert
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl);
 
 /*
  * Set pending fatal alert flag.
  */
-void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
-                                   unsigned char alert_type,
-                                   int alert_reason );
+void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl,
+                                  unsigned char alert_type,
+                                  int alert_reason);
 
 /* Alias of mbedtls_ssl_pend_fatal_alert */
-#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
-            mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
+#define MBEDTLS_SSL_PEND_FATAL_ALERT(type, user_return_value)         \
+    mbedtls_ssl_pend_fatal_alert(ssl, type, user_return_value)
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl);
 #endif
 
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl);
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight);
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 /**
@@ -1837,61 +1816,61 @@
  */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-static inline int mbedtls_ssl_conf_is_tls13_only( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls13_only(const mbedtls_ssl_config *conf)
 {
-    return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
-            conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
+    return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+           conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3;
 }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-static inline int mbedtls_ssl_conf_is_tls12_only( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls12_only(const mbedtls_ssl_config *conf)
 {
-    return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
-            conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 );
+    return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+           conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_2;
 }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-static inline int mbedtls_ssl_conf_is_tls13_enabled( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls13_enabled(const mbedtls_ssl_config *conf)
 {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
-            conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3 );
+    return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_3 &&
+           conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3;
 #else
     ((void) conf);
-    return( 0 );
+    return 0;
 #endif
 }
 
-static inline int mbedtls_ssl_conf_is_tls12_enabled( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_tls12_enabled(const mbedtls_ssl_config *conf)
 {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    return( conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
-            conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2 );
+    return conf->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 &&
+           conf->max_tls_version >= MBEDTLS_SSL_VERSION_TLS1_2;
 #else
     ((void) conf);
-    return( 0 );
+    return 0;
 #endif
 }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_config *conf )
+static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13(const mbedtls_ssl_config *conf)
 {
-    return( conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
-            conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 );
+    return conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+           conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
-                        MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
+    MBEDTLS_SERVER_HELLO_RANDOM_LEN];
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl);
+void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Given an SSL context and its associated configuration, write the TLS
@@ -1903,10 +1882,10 @@
  * \param[out]  out_len Length of the data written into the buffer \p buf
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               unsigned char *end,
-                                               size_t *out_len );
+int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *out_len);
 
 /**
  * \brief           TLS 1.3 client side state machine entry
@@ -1914,7 +1893,7 @@
  * \param ssl       SSL context
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl);
 
 /**
  * \brief           TLS 1.3 server side state machine entry
@@ -1922,46 +1901,46 @@
  * \param ssl       SSL context
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl);
 
 
 /*
  * Helper functions around key exchange modes.
  */
-static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
-                                                               int kex_mode_mask )
+static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
+                                                              int kex_mode_mask)
 {
-    return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
+    return (ssl->conf->tls13_kex_modes & kex_mode_mask) != 0;
 }
 
-static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_enabled(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
+    return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+                                                  MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
 }
 
-static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+    return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+                                                  MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
 }
 
-static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+    return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+                                                  MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
 }
 
-static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+    return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+                                                  MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
 }
 
-static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+    return mbedtls_ssl_conf_tls13_check_kex_modes(ssl,
+                                                  MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
 }
 
 #if defined(MBEDTLS_SSL_SRV_C) && \
@@ -1976,41 +1955,41 @@
  * \return 0 if at least one of the key exchange modes is supported,
  *         !=0 otherwise.
  */
-static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
-                                                          int kex_modes_mask )
+static inline unsigned mbedtls_ssl_tls13_check_kex_modes(mbedtls_ssl_context *ssl,
+                                                         int kex_modes_mask)
 {
-    return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 );
+    return (ssl->handshake->tls13_kex_modes & kex_modes_mask) == 0;
 }
 
-static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_psk_enabled(mbedtls_ssl_context *ssl)
 {
-    return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
+    return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+                                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK);
 }
 
 static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled(
-                                                    mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+    return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+                                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
 }
 
-static inline int mbedtls_ssl_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_ephemeral_enabled(mbedtls_ssl_context *ssl)
 {
-    return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+    return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+                                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL);
 }
 
-static inline int mbedtls_ssl_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_ephemeral_enabled(mbedtls_ssl_context *ssl)
 {
-    return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+    return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+                                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
 }
 
-static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_psk_enabled(mbedtls_ssl_context *ssl)
 {
-    return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+    return !mbedtls_ssl_tls13_check_kex_modes(ssl,
+                                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
 }
 #endif /* MBEDTLS_SSL_SRV_C &&
           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -2021,68 +2000,68 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_check_received_extension(
-        mbedtls_ssl_context *ssl,
-        int hs_msg_type,
-        unsigned int received_extension_type,
-        uint32_t hs_msg_allowed_extensions_mask );
+    mbedtls_ssl_context *ssl,
+    int hs_msg_type,
+    unsigned int received_extension_type,
+    uint32_t hs_msg_allowed_extensions_mask);
 
 static inline void mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-                       mbedtls_ssl_context *ssl, unsigned int extension_type )
+    mbedtls_ssl_context *ssl, unsigned int extension_type)
 {
     ssl->handshake->sent_extensions |=
-        mbedtls_ssl_get_extension_mask( extension_type );
+        mbedtls_ssl_get_extension_mask(extension_type);
 }
 
 /*
  * Helper functions to check the selected key exchange mode.
  */
 static inline int mbedtls_ssl_tls13_key_exchange_mode_check(
-    mbedtls_ssl_context *ssl, int kex_mask )
+    mbedtls_ssl_context *ssl, int kex_mask)
 {
-    return( ( ssl->handshake->key_exchange_mode & kex_mask ) != 0 );
+    return (ssl->handshake->key_exchange_mode & kex_mask) != 0;
 }
 
 static inline int mbedtls_ssl_tls13_key_exchange_mode_with_psk(
-    mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
+    return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
+                                                     MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL);
 }
 
 static inline int mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(
-    mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_tls13_key_exchange_mode_check( ssl,
-                   MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+    return mbedtls_ssl_tls13_key_exchange_mode_check(ssl,
+                                                     MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL);
 }
 
 /*
  * Fetch TLS 1.3 handshake message header
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                           unsigned hs_type,
-                                           unsigned char **buf,
-                                           size_t *buf_len );
+int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl,
+                                          unsigned hs_type,
+                                          unsigned char **buf,
+                                          size_t *buf_len);
 
 /*
  * Handler of TLS 1.3 server certificate message
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
 /*
  * Handler of TLS 1.3 write Certificate message
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl);
 
 /*
  * Handler of TLS 1.3 write Certificate Verify message
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl);
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
@@ -2090,32 +2069,32 @@
  * Generic handler of Certificate Verify
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl);
 
 /*
  * Write of dummy-CCS's for middlebox compatibility
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_ECDH_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
-                mbedtls_ssl_context *ssl,
-                uint16_t named_group,
-                unsigned char *buf,
-                unsigned char *end,
-                size_t *out_len );
+    mbedtls_ssl_context *ssl,
+    uint16_t named_group,
+    unsigned char *buf,
+    unsigned char *end,
+    size_t *out_len);
 #endif /* MBEDTLS_ECDH_C */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
-                                            unsigned char *buf,
-                                            const unsigned char *end,
-                                            size_t *out_len );
+int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
+                                           unsigned char *buf,
+                                           const unsigned char *end,
+                                           size_t *out_len);
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2125,24 +2104,24 @@
  * Write Signature Algorithm extension
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
-                                   const unsigned char *end, size_t *out_len );
+int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf,
+                                  const unsigned char *end, size_t *out_len);
 /*
  * Parse TLS Signature Algorithm extension
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   const unsigned char *end );
+int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  const unsigned char *end);
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 /* Get handshake transcript */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
-                                          const mbedtls_md_type_t md,
-                                          unsigned char *dst,
-                                          size_t dst_len,
-                                          size_t *olen );
+int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
+                                         const mbedtls_md_type_t md,
+                                         unsigned char *dst,
+                                         size_t dst_len,
+                                         size_t *olen);
 
 /*
  * Return supported groups.
@@ -2155,87 +2134,89 @@
  * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked.
  *
  */
-static inline const void *mbedtls_ssl_get_groups( const mbedtls_ssl_context *ssl )
+static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl)
 {
     #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C)
-    return( ssl->conf->group_list );
+    return ssl->conf->group_list;
     #else
-    if( ( ssl->handshake != NULL ) && ( ssl->handshake->group_list != NULL ) )
-        return( ssl->handshake->group_list );
-    else
-        return( ssl->conf->group_list );
+    if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) {
+        return ssl->handshake->group_list;
+    } else {
+        return ssl->conf->group_list;
+    }
     #endif
 }
 
 /*
  * Helper functions for NamedGroup.
  */
-static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
 {
     /*
      * RFC 8422 section 5.1.1
      */
-    return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519    ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1   ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1   ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448      ||
-            /* Below deprecated curves should be removed with notice to users */
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 );
+    return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519    ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1   ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1   ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448      ||
+           /* Below deprecated curves should be removed with notice to users */
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1;
 }
 
-static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group)
 {
-    return( named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519    ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
-            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 );
+    return named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X25519    ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ||
+           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448;
 }
 
-static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_dhe(uint16_t named_group)
 {
-    return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
-            named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
+    return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
+           named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
 }
 
 static inline int mbedtls_ssl_named_group_is_offered(
-                        const mbedtls_ssl_context *ssl, uint16_t named_group )
+    const mbedtls_ssl_context *ssl, uint16_t named_group)
 {
-    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
 
-    if( group_list == NULL )
-        return( 0 );
-
-    for( ; *group_list != 0; group_list++ )
-    {
-        if( *group_list == named_group )
-            return( 1 );
+    if (group_list == NULL) {
+        return 0;
     }
 
-    return( 0 );
+    for (; *group_list != 0; group_list++) {
+        if (*group_list == named_group) {
+            return 1;
+        }
+    }
+
+    return 0;
 }
 
-static inline int mbedtls_ssl_named_group_is_supported( uint16_t named_group )
+static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
 {
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
-    {
-        if( mbedtls_ssl_get_ecp_group_id_from_tls_id( named_group ) !=
-                        MBEDTLS_ECP_DP_NONE )
-            return( 1 );
+    if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) {
+        if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) !=
+            MBEDTLS_ECP_DP_NONE) {
+            return 1;
+        }
     }
 #else
     ((void) named_group);
 #endif /* MBEDTLS_ECDH_C */
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2251,48 +2232,47 @@
  *
  */
 static inline const void *mbedtls_ssl_get_sig_algs(
-                                                const mbedtls_ssl_context *ssl )
+    const mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    if( ssl->handshake != NULL &&
+    if (ssl->handshake != NULL &&
         ssl->handshake->sig_algs_heap_allocated == 1 &&
-        ssl->handshake->sig_algs != NULL )
-    {
-        return( ssl->handshake->sig_algs );
+        ssl->handshake->sig_algs != NULL) {
+        return ssl->handshake->sig_algs;
     }
 #endif
-    return( ssl->conf->sig_algs );
+    return ssl->conf->sig_algs;
 
 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
     ((void) ssl);
-    return( NULL );
+    return NULL;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl,
-                                                   uint16_t own_sig_alg )
+static inline int mbedtls_ssl_sig_alg_is_received(const mbedtls_ssl_context *ssl,
+                                                  uint16_t own_sig_alg)
 {
     const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
-    if( sig_alg == NULL )
-        return( 0 );
-
-    for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
-    {
-        if( *sig_alg == own_sig_alg )
-            return( 1 );
+    if (sig_alg == NULL) {
+        return 0;
     }
-    return( 0 );
+
+    for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) {
+        if (*sig_alg == own_sig_alg) {
+            return 1;
+        }
+    }
+    return 0;
 }
 
 static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
-                                                    const uint16_t sig_alg )
+    const uint16_t sig_alg)
 {
-    switch( sig_alg )
-    {
+    switch (sig_alg) {
 #if defined(MBEDTLS_ECDSA_C)
 #if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
@@ -2323,17 +2303,16 @@
 #endif /* PSA_WANT_ALG_SHA_512 */
 #endif /* MBEDTLS_PKCS1_V21 */
         default:
-            return( 0 );
+            return 0;
     }
-    return( 1 );
+    return 1;
 
 }
 
 static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
-                                                    const uint16_t sig_alg )
+    const uint16_t sig_alg)
 {
-    switch( sig_alg )
-    {
+    switch (sig_alg) {
 #if defined(MBEDTLS_PKCS1_V15)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
@@ -2349,44 +2328,45 @@
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #endif /* MBEDTLS_PKCS1_V15 */
         default:
-            return( mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
-                                                                    sig_alg ) );
+            return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
+                sig_alg);
     }
-    return( 1 );
+    return 1;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
-                                                    mbedtls_pk_context *key );
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
+                                                   mbedtls_pk_context *key);
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
-                                                  uint16_t proposed_sig_alg )
+static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl,
+                                                 uint16_t proposed_sig_alg)
 {
-    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
-    if( sig_alg == NULL )
-        return( 0 );
-
-    for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
-    {
-        if( *sig_alg == proposed_sig_alg )
-            return( 1 );
+    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
+    if (sig_alg == NULL) {
+        return 0;
     }
-    return( 0 );
+
+    for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) {
+        if (*sig_alg == proposed_sig_alg) {
+            return 1;
+        }
+    }
+    return 0;
 }
 
 static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
-    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg)
 {
-    *pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
-    *md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
+    *pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff);
+    *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff);
 
-    if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
-        return( 0 );
+    if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) {
+        return 0;
+    }
 
-    switch( sig_alg )
-    {
+    switch (sig_alg) {
 #if defined(MBEDTLS_PKCS1_V21)
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
@@ -2407,22 +2387,21 @@
             break;
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #endif /* MBEDTLS_PKCS1_V21 */
-            default:
-                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-        }
-        return( 0 );
+        default:
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
-                                                    const uint16_t sig_alg )
+    const uint16_t sig_alg)
 {
     /* High byte is hash */
-    unsigned char hash = MBEDTLS_BYTE_1( sig_alg );
-    unsigned char sig = MBEDTLS_BYTE_0( sig_alg );
+    unsigned char hash = MBEDTLS_BYTE_1(sig_alg);
+    unsigned char sig = MBEDTLS_BYTE_0(sig_alg);
 
-    switch( hash )
-    {
+    switch (hash) {
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_MD5:
             break;
@@ -2454,11 +2433,10 @@
 #endif
 
         default:
-            return( 0 );
+            return 0;
     }
 
-    switch( sig )
-    {
+    switch (sig) {
 #if defined(MBEDTLS_RSA_C)
         case MBEDTLS_SSL_SIG_RSA:
             break;
@@ -2469,35 +2447,33 @@
             break;
 #endif
 
-    default:
-        return( 0 );
+        default:
+            return 0;
     }
 
-    return( 1 );
+    return 1;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 static inline int mbedtls_ssl_sig_alg_is_supported(
-                                                const mbedtls_ssl_context *ssl,
-                                                const uint16_t sig_alg )
+    const mbedtls_ssl_context *ssl,
+    const uint16_t sig_alg)
 {
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        return( mbedtls_ssl_tls12_sig_alg_is_supported( sig_alg ) );
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
+        return mbedtls_ssl_tls12_sig_alg_is_supported(sig_alg);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
-       return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) );
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+        return mbedtls_ssl_tls13_sig_alg_is_supported(sig_alg);
     }
 #endif
     ((void) ssl);
     ((void) sig_alg);
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
@@ -2526,11 +2502,11 @@
  * \return                     PSA_SUCCESS on success or PSA_ERROR_NOT_SUPPORTED if
  *                             conversion is not supported.
  */
-psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
-                                    size_t taglen,
-                                    psa_algorithm_t *alg,
-                                    psa_key_type_t *key_type,
-                                    size_t *key_size );
+psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type,
+                                       size_t taglen,
+                                       psa_algorithm_t *alg,
+                                       psa_key_type_t *key_type,
+                                       size_t *key_size);
 
 /**
  * \brief       Convert given PSA status to mbedtls error code.
@@ -2539,26 +2515,25 @@
  *
  * \return             corresponding mbedtls error code
  */
-static inline int psa_ssl_status_to_mbedtls( psa_status_t status )
+static inline int psa_ssl_status_to_mbedtls(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_SUCCESS:
-            return( 0 );
+            return 0;
         case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
         case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         case PSA_ERROR_INVALID_SIGNATURE:
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         case PSA_ERROR_BAD_STATE:
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         case PSA_ERROR_BUFFER_TOO_SMALL:
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         default:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2584,9 +2559,9 @@
  * \return               0 on success or a negative error code in case of failure
  */
 int mbedtls_psa_ecjpake_read_round(
-                                    psa_pake_operation_t *pake_ctx,
-                                    const unsigned char *buf,
-                                    size_t len, mbedtls_ecjpake_rounds_t round );
+    psa_pake_operation_t *pake_ctx,
+    const unsigned char *buf,
+    size_t len, mbedtls_ecjpake_rounds_t round);
 
 /**
  * \brief       Write the first round of key exchange into the provided output
@@ -2602,10 +2577,10 @@
  * \return               0 on success or a negative error code in case of failure
  */
 int mbedtls_psa_ecjpake_write_round(
-                                    psa_pake_operation_t *pake_ctx,
-                                    unsigned char *buf,
-                                    size_t len, size_t *olen,
-                                    mbedtls_ecjpake_rounds_t round );
+    psa_pake_operation_t *pake_ctx,
+    unsigned char *buf,
+    size_t len, size_t *olen,
+    mbedtls_ecjpake_rounds_t round);
 
 #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
 
@@ -2620,40 +2595,38 @@
 } mbedtls_ssl_mode_t;
 
 mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
-        const mbedtls_ssl_transform *transform );
+    const mbedtls_ssl_transform *transform);
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
 mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
-        int encrypt_then_mac,
-        const mbedtls_ssl_ciphersuite_t *suite );
+    int encrypt_then_mac,
+    const mbedtls_ssl_ciphersuite_t *suite);
 #else
 mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
-        const mbedtls_ssl_ciphersuite_t *suite );
+    const mbedtls_ssl_ciphersuite_t *suite);
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
 
 #if defined(MBEDTLS_ECDH_C)
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               size_t buf_len );
+int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t buf_len);
 
 #endif /* MBEDTLS_ECDH_C */
 
 static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
-        mbedtls_ssl_context *ssl, int cipher_suite )
+    mbedtls_ssl_context *ssl, int cipher_suite)
 {
     const int *ciphersuite_list = ssl->conf->ciphersuite_list;
 
     /* Check whether we have offered this ciphersuite */
-    for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
-    {
-        if( ciphersuite_list[i] == cipher_suite )
-        {
-            return( 1 );
+    for (size_t i = 0; ciphersuite_list[i] != 0; i++) {
+        if (ciphersuite_list[i] == cipher_suite) {
+            return 1;
         }
     }
-    return( 0 );
+    return 0;
 }
 
 /**
@@ -2671,35 +2644,35 @@
     const mbedtls_ssl_context *ssl,
     const mbedtls_ssl_ciphersuite_t *suite_info,
     mbedtls_ssl_protocol_version min_tls_version,
-    mbedtls_ssl_protocol_version max_tls_version );
+    mbedtls_ssl_protocol_version max_tls_version);
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
-                                       const unsigned char *buf,
-                                       const unsigned char *end );
+int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf,
+                                      const unsigned char *end);
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                                const unsigned char *buf,
-                                const unsigned char *end );
+int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+                               const unsigned char *buf,
+                               const unsigned char *end);
 
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                                unsigned char *buf,
-                                unsigned char *end,
-                                size_t *out_len );
+int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+                               unsigned char *buf,
+                               unsigned char *end,
+                               size_t *out_len);
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_TEST_HOOKS)
 int mbedtls_ssl_check_dtls_clihlo_cookie(
-                           mbedtls_ssl_context *ssl,
-                           const unsigned char *cli_id, size_t cli_id_len,
-                           const unsigned char *in, size_t in_len,
-                           unsigned char *obuf, size_t buf_len, size_t *olen );
+    mbedtls_ssl_context *ssl,
+    const unsigned char *cli_id, size_t cli_id_len,
+    const unsigned char *in, size_t in_len,
+    unsigned char *obuf, size_t buf_len, size_t *olen);
 #endif
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -2720,7 +2693,7 @@
 int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
     mbedtls_ssl_context *ssl,
     unsigned char *buf, unsigned char *end,
-    size_t *out_len, size_t *binders_len );
+    size_t *out_len, size_t *binders_len);
 
 /**
  * \brief Given an SSL context and its associated configuration, write the TLS
@@ -2734,7 +2707,7 @@
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
     mbedtls_ssl_context *ssl,
-    unsigned char *buf, unsigned char *end );
+    unsigned char *buf, unsigned char *end);
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
@@ -2742,8 +2715,8 @@
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
     defined(MBEDTLS_SSL_CLI_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
-                                      const char *hostname );
+int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session,
+                                     const char *hostname);
 #endif
 
 #endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 194c326..4ebc8cb 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -48,78 +48,74 @@
 #include "mbedtls/oid.h"
 #endif
 
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
+static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
 
 /*
  * Start a timer.
  * Passing millisecs = 0 cancels a running timer.
  */
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
+void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs)
 {
-    if( ssl->f_set_timer == NULL )
+    if (ssl->f_set_timer == NULL) {
         return;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
-    ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs));
+    ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs);
 }
 
 /*
  * Return -1 is timer is expired, 0 if it isn't.
  */
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl)
 {
-    if( ssl->f_get_timer == NULL )
-        return( 0 );
-
-    if( ssl->f_get_timer( ssl->p_timer ) == 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
-        return( -1 );
+    if (ssl->f_get_timer == NULL) {
+        return 0;
     }
 
-    return( 0 );
+    if (ssl->f_get_timer(ssl->p_timer) == 2) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired"));
+        return -1;
+    }
+
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
-                                    unsigned char *buf,
-                                    size_t len,
-                                    mbedtls_record *rec );
+static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
+                                   unsigned char *buf,
+                                   size_t len,
+                                   mbedtls_record *rec);
 
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
-                              unsigned char *buf,
-                              size_t buflen )
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+                             unsigned char *buf,
+                             size_t buflen)
 {
     int ret = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record"));
+    MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen);
 
     /* We don't support record checking in TLS because
      * there doesn't seem to be a usecase for it.
      */
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
         ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         goto exit;
     }
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    else
-    {
+    else {
         mbedtls_record rec;
 
-        ret = ssl_parse_record_header( ssl, buf, buflen, &rec );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret );
+        ret = ssl_parse_record_header(ssl, buf, buflen, &rec);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret);
             goto exit;
         }
 
-        if( ssl->transform_in != NULL )
-        {
-            ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret );
+        if (ssl->transform_in != NULL) {
+            ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret);
                 goto exit;
             }
         }
@@ -129,18 +125,17 @@
 exit:
     /* On success, we have decrypted the buffer in-place, so make
      * sure we don't leak any plaintext data. */
-    mbedtls_platform_zeroize( buf, buflen );
+    mbedtls_platform_zeroize(buf, buflen);
 
     /* For the purpose of this API, treat messages with unexpected CID
      * as well as such from future epochs as unexpected. */
-    if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
-        ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
-    {
+    if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
+        ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record"));
+    return ret;
 }
 
 #define SSL_DONT_FORCE_FLUSH 0
@@ -149,65 +144,66 @@
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
 /* Forward declarations for functions related to message buffering. */
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
-                                     uint8_t slot );
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
+static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
+                                    uint8_t slot);
+static void ssl_free_buffered_record(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_message(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_record(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_message(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
-                                     mbedtls_record const *rec );
+static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
+                                    mbedtls_record const *rec);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
+static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl);
 
-static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
+static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl)
 {
-    size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
+    size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     size_t out_buf_len = ssl->out_buf_len;
 #else
     size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
 #endif
 
-    if( mtu != 0 && mtu < out_buf_len )
-        return( mtu );
+    if (mtu != 0 && mtu < out_buf_len) {
+        return mtu;
+    }
 
-    return( out_buf_len );
+    return out_buf_len;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
+static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl)
 {
     size_t const bytes_written = ssl->out_left;
-    size_t const mtu           = ssl_get_maximum_datagram_size( ssl );
+    size_t const mtu           = ssl_get_maximum_datagram_size(ssl);
 
     /* Double-check that the write-index hasn't gone
      * past what we can transmit in a single datagram. */
-    if( bytes_written > mtu )
-    {
+    if (bytes_written > mtu) {
         /* Should never happen... */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    return( (int) ( mtu - bytes_written ) );
+    return (int) (mtu - bytes_written);
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
+static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t remaining, expansion;
     size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
+    const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
 
-    if( max_len > mfl )
+    if (max_len > mfl) {
         max_len = mfl;
+    }
 
     /* By the standard (RFC 6066 Sect. 4), the MFL extension
      * only limits the maximum record payload size, so in theory
@@ -218,30 +214,35 @@
      * The following reduction of max_len makes sure that we never
      * write datagrams larger than MFL + Record Expansion Overhead.
      */
-    if( max_len <= ssl->out_left )
-        return( 0 );
+    if (max_len <= ssl->out_left) {
+        return 0;
+    }
 
     max_len -= ssl->out_left;
 #endif
 
-    ret = ssl_get_remaining_space_in_datagram( ssl );
-    if( ret < 0 )
-        return( ret );
+    ret = ssl_get_remaining_space_in_datagram(ssl);
+    if (ret < 0) {
+        return ret;
+    }
     remaining = (size_t) ret;
 
-    ret = mbedtls_ssl_get_record_expansion( ssl );
-    if( ret < 0 )
-        return( ret );
+    ret = mbedtls_ssl_get_record_expansion(ssl);
+    if (ret < 0) {
+        return ret;
+    }
     expansion = (size_t) ret;
 
-    if( remaining <= expansion )
-        return( 0 );
+    if (remaining <= expansion) {
+        return 0;
+    }
 
     remaining -= expansion;
-    if( remaining >= max_len )
+    if (remaining >= max_len) {
         remaining = max_len;
+    }
 
-    return( (int) remaining );
+    return (int) remaining;
 }
 
 /*
@@ -249,12 +250,13 @@
  * returning -1 if the maximum value has already been reached.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
+static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl)
 {
     uint32_t new_timeout;
 
-    if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
-        return( -1 );
+    if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) {
+        return -1;
+    }
 
     /* Implement the final paragraph of RFC 6347 section 4.1.1.1
      * in the following way: after the initial transmission and a first
@@ -262,33 +264,31 @@
      * This value is guaranteed to be deliverable (if not guaranteed to be
      * delivered) of any compliant IPv4 (and IPv6) network, and should work
      * on most non-IP stacks too. */
-    if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
-    {
+    if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) {
         ssl->handshake->mtu = 508;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu));
     }
 
     new_timeout = 2 * ssl->handshake->retransmit_timeout;
 
     /* Avoid arithmetic overflow and range overflow */
-    if( new_timeout < ssl->handshake->retransmit_timeout ||
-        new_timeout > ssl->conf->hs_timeout_max )
-    {
+    if (new_timeout < ssl->handshake->retransmit_timeout ||
+        new_timeout > ssl->conf->hs_timeout_max) {
         new_timeout = ssl->conf->hs_timeout_max;
     }
 
     ssl->handshake->retransmit_timeout = new_timeout;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
-                        (unsigned long) ssl->handshake->retransmit_timeout ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs",
+                              (unsigned long) ssl->handshake->retransmit_timeout));
 
-    return( 0 );
+    return 0;
 }
 
-static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
+static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl)
 {
     ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
-                        (unsigned long) ssl->handshake->retransmit_timeout ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs",
+                              (unsigned long) ssl->handshake->retransmit_timeout));
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -298,10 +298,10 @@
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
-static size_t ssl_compute_padding_length( size_t len,
-                                          size_t granularity )
+static size_t ssl_compute_padding_length(size_t len,
+                                         size_t granularity)
 {
-    return( ( granularity - ( len + 1 ) % granularity ) % granularity );
+    return (granularity - (len + 1) % granularity) % granularity;
 }
 
 /* This functions transforms a (D)TLS plaintext fragment and a record content
@@ -333,52 +333,54 @@
  *    for the expansion.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_build_inner_plaintext( unsigned char *content,
-                                      size_t *content_size,
-                                      size_t remaining,
-                                      uint8_t rec_type,
-                                      size_t pad )
+static int ssl_build_inner_plaintext(unsigned char *content,
+                                     size_t *content_size,
+                                     size_t remaining,
+                                     uint8_t rec_type,
+                                     size_t pad)
 {
     size_t len = *content_size;
 
     /* Write real content type */
-    if( remaining == 0 )
-        return( -1 );
-    content[ len ] = rec_type;
+    if (remaining == 0) {
+        return -1;
+    }
+    content[len] = rec_type;
     len++;
     remaining--;
 
-    if( remaining < pad )
-        return( -1 );
-    memset( content + len, 0, pad );
+    if (remaining < pad) {
+        return -1;
+    }
+    memset(content + len, 0, pad);
     len += pad;
     remaining -= pad;
 
     *content_size = len;
-    return( 0 );
+    return 0;
 }
 
 /* This function parses a (D)TLSInnerPlaintext structure.
  * See ssl_build_inner_plaintext() for details. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_inner_plaintext( unsigned char const *content,
-                                          size_t *content_size,
-                                          uint8_t *rec_type )
+static int ssl_parse_inner_plaintext(unsigned char const *content,
+                                     size_t *content_size,
+                                     uint8_t *rec_type)
 {
     size_t remaining = *content_size;
 
     /* Determine length of padding by skipping zeroes from the back. */
-    do
-    {
-        if( remaining == 0 )
-            return( -1 );
+    do {
+        if (remaining == 0) {
+            return -1;
+        }
         remaining--;
-    } while( content[ remaining ] == 0 );
+    } while (content[remaining] == 0);
 
     *content_size = remaining;
-    *rec_type = content[ remaining ];
+    *rec_type = content[remaining];
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3 */
 
@@ -433,12 +435,12 @@
  *    2: length_of_DTLSInnerPlaintext
  *
  */
-static void ssl_extract_add_data_from_record( unsigned char* add_data,
-                                              size_t *add_data_len,
-                                              mbedtls_record *rec,
-                                              mbedtls_ssl_protocol_version
-                                              tls_version,
-                                              size_t taglen )
+static void ssl_extract_add_data_from_record(unsigned char *add_data,
+                                             size_t *add_data_len,
+                                             mbedtls_record *rec,
+                                             mbedtls_ssl_protocol_version
+                                             tls_version,
+                                             size_t taglen)
 {
     /* Several types of ciphers have been defined for use with TLS and DTLS,
      * and the MAC calculations for those ciphers differ slightly. Further
@@ -527,7 +529,7 @@
      *                cid +
      *                cid_length +
      *                length_of_DTLSInnerPlaintext
-    */
+     */
 
     unsigned char *cur = add_data;
     size_t ad_len_field = rec->data_len;
@@ -538,26 +540,23 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         /* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
          * which differs from the length of the TLSInnerPlaintext
          * by the length of the authentication tag. */
         ad_len_field += taglen;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
     {
         ((void) tls_version);
         ((void) taglen);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-    MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
-        if( rec->cid_len != 0 )
-        {
+        MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+        if (rec->cid_len != 0) {
             // seq_num_placeholder
-            memcpy( cur, seq_num_placeholder, sizeof(seq_num_placeholder) );
-            cur += sizeof( seq_num_placeholder );
+            memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder));
+            cur += sizeof(seq_num_placeholder);
 
             // tls12_cid type
             *cur = rec->type;
@@ -566,13 +565,12 @@
             // cid_length
             *cur = rec->cid_len;
             cur++;
-        }
-        else
+        } else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         {
             // epoch + sequence number
-            memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
-            cur += sizeof( rec->ctr );
+            memcpy(cur, rec->ctr, sizeof(rec->ctr));
+            cur += sizeof(rec->ctr);
         }
     }
 
@@ -581,14 +579,13 @@
     cur++;
 
     // version
-    memcpy( cur, rec->ver, sizeof( rec->ver ) );
-    cur += sizeof( rec->ver );
+    memcpy(cur, rec->ver, sizeof(rec->ver));
+    cur += sizeof(rec->ver);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
     MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1
 
-    if (rec->cid_len != 0)
-    {
+    if (rec->cid_len != 0) {
         // CID
         memcpy(cur, rec->cid, rec->cid_len);
         cur += rec->cid_len;
@@ -600,29 +597,26 @@
         // length of inner plaintext
         MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
         cur += 2;
-    }
-    else
+    } else
 #elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
     MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
 
-    if( rec->cid_len != 0 )
-    {
+    if (rec->cid_len != 0) {
         // epoch + sequence number
         memcpy(cur, rec->ctr, sizeof(rec->ctr));
         cur += sizeof(rec->ctr);
 
         // CID
-        memcpy( cur, rec->cid, rec->cid_len );
+        memcpy(cur, rec->cid, rec->cid_len);
         cur += rec->cid_len;
 
         // length of inner plaintext
-        MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
+        MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
         cur += 2;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     {
-        MBEDTLS_PUT_UINT16_BE( ad_len_field, cur, 0 );
+        MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
         cur += 2;
     }
 
@@ -634,9 +628,9 @@
     defined(MBEDTLS_CHACHAPOLY_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_transform_aead_dynamic_iv_is_explicit(
-                                mbedtls_ssl_transform const *transform )
+    mbedtls_ssl_transform const *transform)
 {
-    return( transform->ivlen != transform->fixed_ivlen );
+    return transform->ivlen != transform->fixed_ivlen;
 }
 
 /* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV )
@@ -662,34 +656,34 @@
  * which has to be ensured by the caller. If this precondition
  * violated, the behavior of this function is undefined.
  */
-static void ssl_build_record_nonce( unsigned char *dst_iv,
-                                    size_t dst_iv_len,
-                                    unsigned char const *fixed_iv,
-                                    size_t fixed_iv_len,
-                                    unsigned char const *dynamic_iv,
-                                    size_t dynamic_iv_len )
+static void ssl_build_record_nonce(unsigned char *dst_iv,
+                                   size_t dst_iv_len,
+                                   unsigned char const *fixed_iv,
+                                   size_t fixed_iv_len,
+                                   unsigned char const *dynamic_iv,
+                                   size_t dynamic_iv_len)
 {
     /* Start with Fixed IV || 0 */
-    memset( dst_iv, 0, dst_iv_len );
-    memcpy( dst_iv, fixed_iv, fixed_iv_len );
+    memset(dst_iv, 0, dst_iv_len);
+    memcpy(dst_iv, fixed_iv, fixed_iv_len);
 
     dst_iv += dst_iv_len - dynamic_iv_len;
-    mbedtls_xor( dst_iv, dst_iv, dynamic_iv, dynamic_iv_len );
+    mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len);
 }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
 
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
+int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
+                            mbedtls_ssl_transform *transform,
+                            mbedtls_record *rec,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng)
 {
     mbedtls_ssl_mode_t ssl_mode;
     int auth_done = 0;
-    unsigned char * data;
+    unsigned char *data;
     /* For an explanation of the additional data length see
-    * the description of ssl_extract_add_data_from_record().
-    */
+     * the description of ssl_extract_add_data_from_record().
+     */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     unsigned char add_data[23 + MBEDTLS_SSL_CID_OUT_LEN_MAX];
 #else
@@ -706,46 +700,43 @@
 
     /* The PRNG is used for dynamic IV generation that's used
      * for CBC transformations in TLS 1.2. */
-#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-       defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2))
     ((void) f_rng);
     ((void) p_rng);
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf"));
 
-    if( transform == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (transform == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
-    if( rec == NULL
+    if (rec == NULL
         || rec->buf == NULL
         || rec->buf_len < rec->data_offset
         || rec->buf_len - rec->data_offset < rec->data_len
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         || rec->cid_len != 0
 #endif
-        )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        ) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    ssl_mode = mbedtls_ssl_get_mode_from_transform( transform );
+    ssl_mode = mbedtls_ssl_get_mode_from_transform(transform);
 
     data = rec->buf + rec->data_offset;
-    post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
-                           data, rec->data_len );
+    post_avail = rec->buf_len - (rec->data_len + rec->data_offset);
+    MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload",
+                          data, rec->data_len);
 
-    if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
-                                    " too large, maximum %" MBEDTLS_PRINTF_SIZET,
-                                    rec->data_len,
-                                    (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET
+                                  " too large, maximum %" MBEDTLS_PRINTF_SIZET,
+                                  rec->data_len,
+                                  (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /* The following two code paths implement the (D)TLSInnerPlaintext
@@ -761,18 +752,16 @@
      * is hence no risk of double-addition of the inner plaintext.
      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         size_t padding =
-            ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
-        if( ssl_build_inner_plaintext( data,
-                                       &rec->data_len,
-                                       post_avail,
-                                       rec->type,
-                                       padding ) != 0 )
-        {
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+            ssl_compute_padding_length(rec->data_len,
+                                       MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
+        if (ssl_build_inner_plaintext(data,
+                                      &rec->data_len,
+                                      post_avail,
+                                      rec->type,
+                                      padding) != 0) {
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
         rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
@@ -784,14 +773,13 @@
      * Add CID information
      */
     rec->cid_len = transform->out_cid_len;
-    memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
+    memcpy(rec->cid, transform->out_cid, transform->out_cid_len);
+    MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len);
 
-    if( rec->cid_len != 0 )
-    {
+    if (rec->cid_len != 0) {
         size_t padding =
-            ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
+            ssl_compute_padding_length(rec->data_len,
+                                       MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
         /*
          * Wrap plaintext into DTLSInnerPlaintext structure.
          * See ssl_build_inner_plaintext() for more information.
@@ -799,32 +787,29 @@
          * Note that this changes `rec->data_len`, and hence
          * `post_avail` needs to be recalculated afterwards.
          */
-        if( ssl_build_inner_plaintext( data,
-                        &rec->data_len,
-                        post_avail,
-                        rec->type,
-                        padding ) != 0 )
-        {
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (ssl_build_inner_plaintext(data,
+                                      &rec->data_len,
+                                      post_avail,
+                                      rec->type,
+                                      padding) != 0) {
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
         rec->type = MBEDTLS_SSL_MSG_CID;
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-    post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
+    post_avail = rec->buf_len - (rec->data_len + rec->data_offset);
 
     /*
      * Add MAC before if needed
      */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
-        ssl_mode == MBEDTLS_SSL_MODE_CBC )
-    {
-        if( post_avail < transform->maclen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
+        ssl_mode == MBEDTLS_SSL_MODE_CBC) {
+        if (post_avail < transform->maclen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         unsigned char mac[MBEDTLS_SSL_MAC_ADD];
@@ -835,66 +820,74 @@
         size_t sign_mac_length = 0;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->tls_version,
-                                          transform->taglen );
+        ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+                                         transform->tls_version,
+                                         transform->taglen);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
-                                     transform->psa_mac_alg );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_sign_setup(&operation, transform->psa_mac_enc,
+                                    transform->psa_mac_alg);
+        if (status != PSA_SUCCESS) {
             goto hmac_failed_etm_disabled;
+        }
 
-        status = psa_mac_update( &operation, add_data, add_data_len );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_update(&operation, add_data, add_data_len);
+        if (status != PSA_SUCCESS) {
             goto hmac_failed_etm_disabled;
+        }
 
-        status = psa_mac_update( &operation, data, rec->data_len );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_update(&operation, data, rec->data_len);
+        if (status != PSA_SUCCESS) {
             goto hmac_failed_etm_disabled;
+        }
 
-        status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
-                                      &sign_mac_length );
-        if( status != PSA_SUCCESS )
+        status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD,
+                                     &sign_mac_length);
+        if (status != PSA_SUCCESS) {
             goto hmac_failed_etm_disabled;
+        }
 #else
-        ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
-                                      add_data_len );
-        if( ret != 0 )
+        ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data,
+                                     add_data_len);
+        if (ret != 0) {
             goto hmac_failed_etm_disabled;
-        ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, data, rec->data_len );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len);
+        if (ret != 0) {
             goto hmac_failed_etm_disabled;
-        ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
+        if (ret != 0) {
             goto hmac_failed_etm_disabled;
-        ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
+        if (ret != 0) {
             goto hmac_failed_etm_disabled;
+        }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        memcpy( data + rec->data_len, mac, transform->maclen );
+        memcpy(data + rec->data_len, mac, transform->maclen);
 #endif
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
-                               transform->maclen );
+        MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len,
+                              transform->maclen);
 
         rec->data_len += transform->maclen;
         post_avail -= transform->maclen;
         auth_done++;
 
-    hmac_failed_etm_disabled:
-        mbedtls_platform_zeroize( mac, transform->maclen );
+hmac_failed_etm_disabled:
+        mbedtls_platform_zeroize(mac, transform->maclen);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        ret = psa_ssl_status_to_mbedtls( status );
-        status = psa_mac_abort( &operation );
-        if( ret == 0 && status != PSA_SUCCESS )
-            ret = psa_ssl_status_to_mbedtls( status );
+        ret = psa_ssl_status_to_mbedtls(status);
+        status = psa_mac_abort(&operation);
+        if (ret == 0 && status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+        }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
-            return( ret );
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret);
+            return ret;
         }
     }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -903,38 +896,34 @@
      * Encrypt
      */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-    if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                                    "including %d bytes of padding",
-                                    rec->data_len, 0 ) );
+    if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+                                                                                    "including %d bytes of padding",
+                                  rec->data_len, 0));
 
         /* The only supported stream cipher is "NULL",
          * so there's nothing to do here.*/
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
 
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
     defined(MBEDTLS_CHACHAPOLY_C)
-    if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
         unsigned char iv[12];
         unsigned char *dynamic_iv;
         size_t dynamic_iv_len;
         int dynamic_iv_is_explicit =
-            ssl_transform_aead_dynamic_iv_is_explicit( transform );
+            ssl_transform_aead_dynamic_iv_is_explicit(transform);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
         /* Check that there's space for the authentication tag. */
-        if( post_avail < transform->taglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (post_avail < transform->taglen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
         /*
@@ -950,95 +939,89 @@
          *       record sequence number here in all cases.
          */
         dynamic_iv     = rec->ctr;
-        dynamic_iv_len = sizeof( rec->ctr );
+        dynamic_iv_len = sizeof(rec->ctr);
 
-        ssl_build_record_nonce( iv, sizeof( iv ),
-                                transform->iv_enc,
-                                transform->fixed_ivlen,
-                                dynamic_iv,
-                                dynamic_iv_len );
+        ssl_build_record_nonce(iv, sizeof(iv),
+                               transform->iv_enc,
+                               transform->fixed_ivlen,
+                               dynamic_iv,
+                               dynamic_iv_len);
 
         /*
          * Build additional data for AEAD encryption.
          * This depends on the TLS version.
          */
-        ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->tls_version,
-                                          transform->taglen );
+        ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+                                         transform->tls_version,
+                                         transform->taglen);
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
-                               iv, transform->ivlen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
-                               dynamic_iv,
-                               dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                               add_data, add_data_len );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                                    "including 0 bytes of padding",
-                                    rec->data_len ) );
+        MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)",
+                              iv, transform->ivlen);
+        MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)",
+                              dynamic_iv,
+                              dynamic_iv_is_explicit ? dynamic_iv_len : 0);
+        MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD",
+                              add_data, add_data_len);
+        MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+                                                                                    "including 0 bytes of padding",
+                                  rec->data_len));
 
         /*
          * Encrypt and authenticate
          */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_aead_encrypt( transform->psa_key_enc,
-                               transform->psa_alg,
-                               iv, transform->ivlen,
-                               add_data, add_data_len,
-                               data, rec->data_len,
-                               data, rec->buf_len - (data - rec->buf),
-                               &rec->data_len );
+        status = psa_aead_encrypt(transform->psa_key_enc,
+                                  transform->psa_alg,
+                                  iv, transform->ivlen,
+                                  add_data, add_data_len,
+                                  data, rec->data_len,
+                                  data, rec->buf_len - (data - rec->buf),
+                                  &rec->data_len);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret);
+            return ret;
         }
 #else
-        if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
-                   iv, transform->ivlen,
-                   add_data, add_data_len,
-                   data, rec->data_len,                     /* src */
-                   data, rec->buf_len - (data - rec->buf),  /* dst */
-                   &rec->data_len,
-                   transform->taglen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret );
-            return( ret );
+        if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc,
+                                                   iv, transform->ivlen,
+                                                   add_data, add_data_len,
+                                                   data, rec->data_len, /* src */
+                                                   data, rec->buf_len - (data - rec->buf), /* dst */
+                                                   &rec->data_len,
+                                                   transform->taglen)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
-                               data + rec->data_len - transform->taglen,
-                               transform->taglen );
+        MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag",
+                              data + rec->data_len - transform->taglen,
+                              transform->taglen);
         /* Account for authentication tag. */
         post_avail -= transform->taglen;
 
         /*
          * Prefix record content with dynamic IV in case it is explicit.
          */
-        if( dynamic_iv_is_explicit != 0 )
-        {
-            if( rec->data_offset < dynamic_iv_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (dynamic_iv_is_explicit != 0) {
+            if (rec->data_offset < dynamic_iv_len) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+                return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
             }
 
-            memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len );
+            memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len);
             rec->data_offset -= dynamic_iv_len;
             rec->data_len    += dynamic_iv_len;
         }
 
         auth_done++;
-    }
-    else
+    } else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-    if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
-        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t padlen, i;
         size_t olen;
@@ -1050,19 +1033,20 @@
 
         /* Currently we're always using minimal padding
          * (up to 255 bytes would be allowed). */
-        padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
-        if( padlen == transform->ivlen )
+        padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen;
+        if (padlen == transform->ivlen) {
             padlen = 0;
-
-        /* Check there's enough space in the buffer for the padding. */
-        if( post_avail < padlen + 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
-        for( i = 0; i <= padlen; i++ )
+        /* Check there's enough space in the buffer for the padding. */
+        if (post_avail < padlen + 1) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+        }
+
+        for (i = 0; i <= padlen; i++) {
             data[rec->data_len + i] = (unsigned char) padlen;
+        }
 
         rec->data_len += padlen + 1;
         post_avail -= padlen + 1;
@@ -1072,96 +1056,90 @@
          * Prepend per-record IV for block cipher in TLS v1.2 as per
          * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
          */
-        if( f_rng == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (f_rng == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        if( rec->data_offset < transform->ivlen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (rec->data_offset < transform->ivlen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
         /*
          * Generate IV
          */
-        ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
-        if( ret != 0 )
-            return( ret );
+        ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+        if (ret != 0) {
+            return ret;
+        }
 
-        memcpy( data - transform->ivlen, transform->iv_enc, transform->ivlen );
+        memcpy(data - transform->ivlen, transform->iv_enc, transform->ivlen);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                            "including %" MBEDTLS_PRINTF_SIZET
-                            " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
-                            rec->data_len, transform->ivlen,
-                            padlen + 1 ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+                                                                                    "including %"
+                                  MBEDTLS_PRINTF_SIZET
+                                  " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
+                                  rec->data_len, transform->ivlen,
+                                  padlen + 1));
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_cipher_encrypt_setup( &cipher_op,
-                                    transform->psa_key_enc, transform->psa_alg );
+        status = psa_cipher_encrypt_setup(&cipher_op,
+                                          transform->psa_key_enc, transform->psa_alg);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_encrypt_setup", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret);
+            return ret;
         }
 
-        status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
+        status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
+            return ret;
 
         }
 
-        status = psa_cipher_update( &cipher_op,
-                                    data, rec->data_len,
-                                    data, rec->data_len, &olen );
+        status = psa_cipher_update(&cipher_op,
+                                   data, rec->data_len,
+                                   data, rec->data_len, &olen);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
+            return ret;
 
         }
 
-        status = psa_cipher_finish( &cipher_op,
-                                    data + olen, rec->data_len - olen,
-                                    &part_len );
+        status = psa_cipher_finish(&cipher_op,
+                                   data + olen, rec->data_len - olen,
+                                   &part_len);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
+            return ret;
 
         }
 
         olen += part_len;
 #else
-        if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
-                                   transform->iv_enc,
-                                   transform->ivlen,
-                                   data, rec->data_len,
-                                   data, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
+        if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
+                                        transform->iv_enc,
+                                        transform->ivlen,
+                                        data, rec->data_len,
+                                        data, &olen)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        if( rec->data_len != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (rec->data_len != olen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         data             -= transform->ivlen;
@@ -1169,8 +1147,7 @@
         rec->data_len    += transform->ivlen;
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        if( auth_done == 0 )
-        {
+        if (auth_done == 0) {
             unsigned char mac[MBEDTLS_SSL_MAC_ADD];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
             psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
@@ -1180,99 +1157,104 @@
             /* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length))
              */
 
-            if( post_avail < transform->maclen)
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+            if (post_avail < transform->maclen) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
+                return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
             }
 
-            ssl_extract_add_data_from_record( add_data, &add_data_len,
-                                              rec, transform->tls_version,
-                                              transform->taglen );
+            ssl_extract_add_data_from_record(add_data, &add_data_len,
+                                             rec, transform->tls_version,
+                                             transform->taglen);
 
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
-            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
-                                   add_data_len );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
+            MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
+                                  add_data_len);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
-                                         transform->psa_mac_alg );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_sign_setup(&operation, transform->psa_mac_enc,
+                                        transform->psa_mac_alg);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            status = psa_mac_update( &operation, add_data, add_data_len );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_update(&operation, add_data, add_data_len);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            status = psa_mac_update( &operation, data, rec->data_len );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_update(&operation, data, rec->data_len);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
-                                          &sign_mac_length );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_sign_finish(&operation, mac, MBEDTLS_SSL_MAC_ADD,
+                                         &sign_mac_length);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 #else
 
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
-                                          add_data_len );
-            if( ret != 0 )
+            ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data,
+                                         add_data_len);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
-                                          data, rec->data_len );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_update(&transform->md_ctx_enc,
+                                         data, rec->data_len);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
+            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            memcpy( data + rec->data_len, mac, transform->maclen );
+            memcpy(data + rec->data_len, mac, transform->maclen);
 
             rec->data_len += transform->maclen;
             post_avail -= transform->maclen;
             auth_done++;
 
-        hmac_failed_etm_enabled:
-            mbedtls_platform_zeroize( mac, transform->maclen );
+hmac_failed_etm_enabled:
+            mbedtls_platform_zeroize(mac, transform->maclen);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            ret = psa_ssl_status_to_mbedtls( status );
-            status = psa_mac_abort( &operation );
-            if( ret == 0 && status != PSA_SUCCESS )
-                ret = psa_ssl_status_to_mbedtls( status );
+            ret = psa_ssl_status_to_mbedtls(status);
+            status = psa_mac_abort(&operation);
+            if (ret == 0 && status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+            }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
-                return( ret );
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret);
+                return ret;
             }
         }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* Make extra sure authentication was performed, exactly once */
-    if( auth_done != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (auth_done != 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf"));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec )
+int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
+                            mbedtls_ssl_transform *transform,
+                            mbedtls_record *rec)
 {
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD)
     size_t olen;
@@ -1284,10 +1266,10 @@
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
     size_t padlen = 0, correct = 1;
 #endif
-    unsigned char* data;
+    unsigned char *data;
     /* For an explanation of the additional data length see
-    * the description of ssl_extract_add_data_from_record().
-    */
+     * the description of ssl_extract_add_data_from_record().
+     */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     unsigned char add_data[23 + MBEDTLS_SSL_CID_IN_LEN_MAX];
 #else
@@ -1300,43 +1282,38 @@
     ((void) ssl);
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
-    if( rec == NULL                     ||
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf"));
+    if (rec == NULL                     ||
         rec->buf == NULL                ||
         rec->buf_len < rec->data_offset ||
-        rec->buf_len - rec->data_offset < rec->data_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        rec->buf_len - rec->data_offset < rec->data_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     data = rec->buf + rec->data_offset;
-    ssl_mode = mbedtls_ssl_get_mode_from_transform( transform );
+    ssl_mode = mbedtls_ssl_get_mode_from_transform(transform);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     /*
      * Match record's CID with incoming CID.
      */
-    if( rec->cid_len != transform->in_cid_len ||
-        memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
+    if (rec->cid_len != transform->in_cid_len ||
+        memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) {
+        return MBEDTLS_ERR_SSL_UNEXPECTED_CID;
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM)
-    if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
         /* The only supported stream cipher is "NULL",
          * so there's nothing to do here.*/
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
     defined(MBEDTLS_CHACHAPOLY_C)
-    if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
         unsigned char iv[12];
         unsigned char *dynamic_iv;
         size_t dynamic_iv_len;
@@ -1352,57 +1329,52 @@
          *       can be chosen freely - in particular, it need not
          *       agree with the record sequence number.
          */
-        dynamic_iv_len = sizeof( rec->ctr );
-        if( ssl_transform_aead_dynamic_iv_is_explicit( transform ) == 1 )
-        {
-            if( rec->data_len < dynamic_iv_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
-                                            " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
-                                            rec->data_len,
-                                            dynamic_iv_len ) );
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        dynamic_iv_len = sizeof(rec->ctr);
+        if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) {
+            if (rec->data_len < dynamic_iv_len) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+                                          " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
+                                          rec->data_len,
+                                          dynamic_iv_len));
+                return MBEDTLS_ERR_SSL_INVALID_MAC;
             }
             dynamic_iv = data;
 
             data += dynamic_iv_len;
             rec->data_offset += dynamic_iv_len;
             rec->data_len    -= dynamic_iv_len;
-        }
-        else
-        {
+        } else {
             dynamic_iv = rec->ctr;
         }
 
         /* Check that there's space for the authentication tag. */
-        if( rec->data_len < transform->taglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
-                                        ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
-                                        rec->data_len,
-                                        transform->taglen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        if (rec->data_len < transform->taglen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+                                      ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
+                                      rec->data_len,
+                                      transform->taglen));
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
         }
         rec->data_len -= transform->taglen;
 
         /*
          * Prepare nonce from dynamic and static parts.
          */
-        ssl_build_record_nonce( iv, sizeof( iv ),
-                                transform->iv_dec,
-                                transform->fixed_ivlen,
-                                dynamic_iv,
-                                dynamic_iv_len );
+        ssl_build_record_nonce(iv, sizeof(iv),
+                               transform->iv_dec,
+                               transform->fixed_ivlen,
+                               dynamic_iv,
+                               dynamic_iv_len);
 
         /*
          * Build additional data for AEAD encryption.
          * This depends on the TLS version.
          */
-        ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->tls_version,
-                                          transform->taglen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                               add_data, add_data_len );
+        ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+                                         transform->tls_version,
+                                         transform->taglen);
+        MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD",
+                              add_data, add_data_len);
 
         /* Because of the check above, we know that there are
          * explicit_iv_len Bytes preceding data, and taglen
@@ -1410,60 +1382,56 @@
          * the debug message and the invocation of
          * mbedtls_cipher_auth_decrypt_ext() below. */
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
-                               transform->taglen );
+        MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen);
+        MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len,
+                              transform->taglen);
 
         /*
          * Decrypt and authenticate
          */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_aead_decrypt( transform->psa_key_dec,
-                               transform->psa_alg,
-                               iv, transform->ivlen,
-                               add_data, add_data_len,
-                               data, rec->data_len + transform->taglen,
-                               data, rec->buf_len - (data - rec->buf),
-                               &olen );
+        status = psa_aead_decrypt(transform->psa_key_dec,
+                                  transform->psa_alg,
+                                  iv, transform->ivlen,
+                                  add_data, add_data_len,
+                                  data, rec->data_len + transform->taglen,
+                                  data, rec->buf_len - (data - rec->buf),
+                                  &olen);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_decrypt", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret);
+            return ret;
         }
 #else
-        if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
-                  iv, transform->ivlen,
-                  add_data, add_data_len,
-                  data, rec->data_len + transform->taglen,          /* src */
-                  data, rec->buf_len - (data - rec->buf), &olen,    /* dst */
-                  transform->taglen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt_ext", ret );
+        if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec,
+                                                   iv, transform->ivlen,
+                                                   add_data, add_data_len,
+                                                   data, rec->data_len + transform->taglen, /* src */
+                                                   data, rec->buf_len - (data - rec->buf), &olen, /* dst */
+                                                   transform->taglen)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret);
 
-            if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+            if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
+                return MBEDTLS_ERR_SSL_INVALID_MAC;
+            }
 
-            return( ret );
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         auth_done++;
 
         /* Double-check that AEAD decryption doesn't change content length. */
-        if( olen != rec->data_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (olen != rec->data_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-    if( ssl_mode == MBEDTLS_SSL_MODE_CBC ||
-        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
+        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
         size_t minlen = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1500,31 +1468,30 @@
          * lower bound minlen + maclen + 1 on the record size, which
          * we test for in the second check below.
          */
-        if( rec->data_len < minlen + transform->ivlen ||
-            rec->data_len < minlen + transform->maclen + 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
-                                        ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
-                                        "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
-                                "+ 1 ) ( + expl IV )", rec->data_len,
-                                transform->ivlen,
-                                transform->maclen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        if (rec->data_len < minlen + transform->ivlen ||
+            rec->data_len < minlen + transform->maclen + 1) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+                                      ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
+                                      "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
+                                                                          "+ 1 ) ( + expl IV )",
+                                      rec->data_len,
+                                      transform->ivlen,
+                                      transform->maclen));
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
         }
 
         /*
          * Authenticate before decrypt if enabled
          */
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
-        {
+        if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
             psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
 #else
             unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac"));
 
             /* Update data_len in tandem with add_data.
              *
@@ -1537,78 +1504,86 @@
              *
              * Further, we still know that data_len > minlen */
             rec->data_len -= transform->maclen;
-            ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                              transform->tls_version,
-                                              transform->taglen );
+            ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+                                             transform->tls_version,
+                                             transform->taglen);
 
             /* Calculate expected MAC. */
-            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
-                                   add_data_len );
+            MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data,
+                                  add_data_len);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            status = psa_mac_verify_setup( &operation, transform->psa_mac_dec,
-                                           transform->psa_mac_alg );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_verify_setup(&operation, transform->psa_mac_dec,
+                                          transform->psa_mac_alg);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            status = psa_mac_update( &operation, add_data, add_data_len );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_update(&operation, add_data, add_data_len);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            status = psa_mac_update( &operation, data, rec->data_len );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_update(&operation, data, rec->data_len);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 
             /* Compare expected MAC with MAC at the end of the record. */
-            status = psa_mac_verify_finish( &operation, data + rec->data_len,
-                                            transform->maclen );
-            if( status != PSA_SUCCESS )
+            status = psa_mac_verify_finish(&operation, data + rec->data_len,
+                                           transform->maclen);
+            if (status != PSA_SUCCESS) {
                 goto hmac_failed_etm_enabled;
+            }
 #else
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
-                                          add_data_len );
-            if( ret != 0 )
+            ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data,
+                                         add_data_len);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_dec,
-                                    data, rec->data_len );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_update(&transform->md_ctx_dec,
+                                         data, rec->data_len);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
-            ret = mbedtls_md_hmac_reset( &transform->md_ctx_dec );
-            if( ret != 0 )
+            }
+            ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec);
+            if (ret != 0) {
                 goto hmac_failed_etm_enabled;
+            }
 
-            MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", data + rec->data_len,
-                                   transform->maclen );
-            MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
-                                   transform->maclen );
+            MBEDTLS_SSL_DEBUG_BUF(4, "message  mac", data + rec->data_len,
+                                  transform->maclen);
+            MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect,
+                                  transform->maclen);
 
             /* Compare expected MAC with MAC at the end of the record. */
-            if( mbedtls_ct_memcmp( data + rec->data_len, mac_expect,
-                                              transform->maclen ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+            if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect,
+                                  transform->maclen) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
                 ret = MBEDTLS_ERR_SSL_INVALID_MAC;
                 goto hmac_failed_etm_enabled;
             }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
             auth_done++;
 
-        hmac_failed_etm_enabled:
+hmac_failed_etm_enabled:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            ret = psa_ssl_status_to_mbedtls( status );
-            status = psa_mac_abort( &operation );
-            if( ret == 0 && status != PSA_SUCCESS )
-                ret = psa_ssl_status_to_mbedtls( status );
+            ret = psa_ssl_status_to_mbedtls(status);
+            status = psa_mac_abort(&operation);
+            if (ret == 0 && status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+            }
 #else
-            mbedtls_platform_zeroize( mac_expect, transform->maclen );
+            mbedtls_platform_zeroize(mac_expect, transform->maclen);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-            if( ret != 0 )
-            {
-                if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_hmac_xxx", ret );
-                return( ret );
+            if (ret != 0) {
+                if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) {
+                    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret);
+                }
+                return ret;
             }
         }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
@@ -1620,12 +1595,11 @@
         /* We know from above that data_len > minlen >= 0,
          * so the following check in particular implies that
          * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
-        if( rec->data_len % transform->ivlen != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
-                                        ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
-                                        rec->data_len, transform->ivlen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        if (rec->data_len % transform->ivlen != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+                                      ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
+                                      rec->data_len, transform->ivlen));
+            return MBEDTLS_ERR_SSL_INVALID_MAC;
         }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1633,7 +1607,7 @@
          * Initialize for prepended IV for block cipher in TLS v1.2
          */
         /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
-        memcpy( transform->iv_dec, data, transform->ivlen );
+        memcpy(transform->iv_dec, data, transform->ivlen);
 
         data += transform->ivlen;
         rec->data_offset += transform->ivlen;
@@ -1643,64 +1617,58 @@
         /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        status = psa_cipher_decrypt_setup( &cipher_op,
-                                    transform->psa_key_dec, transform->psa_alg );
+        status = psa_cipher_decrypt_setup(&cipher_op,
+                                          transform->psa_key_dec, transform->psa_alg);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_decrypt_setup", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret);
+            return ret;
         }
 
-        status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
+        status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_set_iv", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
+            return ret;
         }
 
-        status = psa_cipher_update( &cipher_op,
-                                    data, rec->data_len,
-                                    data, rec->data_len, &olen );
+        status = psa_cipher_update(&cipher_op,
+                                   data, rec->data_len,
+                                   data, rec->data_len, &olen);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_update", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
+            return ret;
         }
 
-        status = psa_cipher_finish( &cipher_op,
-                                    data + olen, rec->data_len - olen,
-                                    &part_len );
+        status = psa_cipher_finish(&cipher_op,
+                                   data + olen, rec->data_len - olen,
+                                   &part_len);
 
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_cipher_finish", ret );
-            return( ret );
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
+            return ret;
         }
 
         olen += part_len;
 #else
 
-        if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec,
-                                   transform->iv_dec, transform->ivlen,
-                                   data, rec->data_len, data, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
+        if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec,
+                                        transform->iv_dec, transform->ivlen,
+                                        data, rec->data_len, data, &olen)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         /* Double-check that length hasn't changed during decryption. */
-        if( rec->data_len != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (rec->data_len != olen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         /* Safe since data_len >= minlen + maclen + 1, so after having
@@ -1709,31 +1677,27 @@
          * >= ivlen ). */
         padlen = data[rec->data_len - 1];
 
-        if( auth_done == 1 )
-        {
+        if (auth_done == 1) {
             const size_t mask = mbedtls_ct_size_mask_ge(
-                                rec->data_len,
-                                padlen + 1 );
+                rec->data_len,
+                padlen + 1);
             correct &= mask;
             padlen  &= mask;
-        }
-        else
-        {
+        } else {
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-            if( rec->data_len < transform->maclen + padlen + 1 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
-                                            ") < maclen (%" MBEDTLS_PRINTF_SIZET
-                                            ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
-                                            rec->data_len,
-                                            transform->maclen,
-                                            padlen + 1 ) );
+            if (rec->data_len < transform->maclen + padlen + 1) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET
+                                          ") < maclen (%" MBEDTLS_PRINTF_SIZET
+                                          ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
+                                          rec->data_len,
+                                          transform->maclen,
+                                          padlen + 1));
             }
 #endif
 
             const size_t mask = mbedtls_ct_size_mask_ge(
-                                rec->data_len,
-                                transform->maclen + padlen + 1 );
+                rec->data_len,
+                transform->maclen + padlen + 1);
             correct &= mask;
             padlen  &= mask;
         }
@@ -1745,38 +1709,38 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         /* The padding check involves a series of up to 256
-            * consecutive memory reads at the end of the record
-            * plaintext buffer. In order to hide the length and
-            * validity of the padding, always perform exactly
-            * `min(256,plaintext_len)` reads (but take into account
-            * only the last `padlen` bytes for the padding check). */
+         * consecutive memory reads at the end of the record
+         * plaintext buffer. In order to hide the length and
+         * validity of the padding, always perform exactly
+         * `min(256,plaintext_len)` reads (but take into account
+         * only the last `padlen` bytes for the padding check). */
         size_t pad_count = 0;
-        volatile unsigned char* const check = data;
+        volatile unsigned char * const check = data;
 
         /* Index of first padding byte; it has been ensured above
-            * that the subtraction is safe. */
+         * that the subtraction is safe. */
         size_t const padding_idx = rec->data_len - padlen;
         size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256;
         size_t const start_idx = rec->data_len - num_checks;
         size_t idx;
 
-        for( idx = start_idx; idx < rec->data_len; idx++ )
-        {
+        for (idx = start_idx; idx < rec->data_len; idx++) {
             /* pad_count += (idx >= padding_idx) &&
-                *              (check[idx] == padlen - 1);
-                */
-            const size_t mask = mbedtls_ct_size_mask_ge( idx, padding_idx );
-            const size_t equal = mbedtls_ct_size_bool_eq( check[idx],
-                                                          padlen - 1 );
+             *              (check[idx] == padlen - 1);
+             */
+            const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx);
+            const size_t equal = mbedtls_ct_size_bool_eq(check[idx],
+                                                         padlen - 1);
             pad_count += mask & equal;
         }
-        correct &= mbedtls_ct_size_bool_eq( pad_count, padlen );
+        correct &= mbedtls_ct_size_bool_eq(pad_count, padlen);
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-        if( padlen > 0 && correct == 0 )
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+        if (padlen > 0 && correct == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
+        }
 #endif
-        padlen &= mbedtls_ct_size_mask( correct );
+        padlen &= mbedtls_ct_size_mask(correct);
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
@@ -1785,17 +1749,16 @@
          * padlen hasn't been changed and the previous assertion
          * data_len >= padlen still holds. */
         rec->data_len -= padlen;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
-                           data, rec->data_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption",
+                          data, rec->data_len);
 #endif
 
     /*
@@ -1803,8 +1766,7 @@
      * Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
      */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( auth_done == 0 )
-    {
+    if (auth_done == 0) {
         unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
         unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
 
@@ -1822,109 +1784,108 @@
          * hence data_len >= maclen in any case.
          */
         rec->data_len -= transform->maclen;
-        ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->tls_version,
-                                          transform->taglen );
+        ssl_extract_add_data_from_record(add_data, &add_data_len, rec,
+                                         transform->tls_version,
+                                         transform->taglen);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         /*
-        * The next two sizes are the minimum and maximum values of
-        * data_len over all padlen values.
-        *
-        * They're independent of padlen, since we previously did
-        * data_len -= padlen.
-        *
-        * Note that max_len + maclen is never more than the buffer
-        * length, as we previously did in_msglen -= maclen too.
-        */
+         * The next two sizes are the minimum and maximum values of
+         * data_len over all padlen values.
+         *
+         * They're independent of padlen, since we previously did
+         * data_len -= padlen.
+         *
+         * Note that max_len + maclen is never more than the buffer
+         * length, as we previously did in_msglen -= maclen too.
+         */
         const size_t max_len = rec->data_len + padlen;
-        const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+        const size_t min_len = (max_len > 256) ? max_len - 256 : 0;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        ret = mbedtls_ct_hmac( transform->psa_mac_dec,
-                               transform->psa_mac_alg,
-                               add_data, add_data_len,
-                               data, rec->data_len, min_len, max_len,
-                               mac_expect );
+        ret = mbedtls_ct_hmac(transform->psa_mac_dec,
+                              transform->psa_mac_alg,
+                              add_data, add_data_len,
+                              data, rec->data_len, min_len, max_len,
+                              mac_expect);
 #else
-        ret = mbedtls_ct_hmac( &transform->md_ctx_dec,
-                               add_data, add_data_len,
-                               data, rec->data_len, min_len, max_len,
-                               mac_expect );
+        ret = mbedtls_ct_hmac(&transform->md_ctx_dec,
+                              add_data, add_data_len,
+                              data, rec->data_len, min_len, max_len,
+                              mac_expect);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret);
             goto hmac_failed_etm_disabled;
         }
 
-        mbedtls_ct_memcpy_offset( mac_peer, data,
-                                  rec->data_len,
-                                  min_len, max_len,
-                                  transform->maclen );
+        mbedtls_ct_memcpy_offset(mac_peer, data,
+                                 rec->data_len,
+                                 min_len, max_len,
+                                 transform->maclen);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-        MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", mac_peer, transform->maclen );
+        MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen);
+        MBEDTLS_SSL_DEBUG_BUF(4, "message  mac", mac_peer, transform->maclen);
 #endif
 
-        if( mbedtls_ct_memcmp( mac_peer, mac_expect,
-                                          transform->maclen ) != 0 )
-        {
+        if (mbedtls_ct_memcmp(mac_peer, mac_expect,
+                              transform->maclen) != 0) {
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
 #endif
             correct = 0;
         }
         auth_done++;
 
-    hmac_failed_etm_disabled:
-        mbedtls_platform_zeroize( mac_peer, transform->maclen );
-        mbedtls_platform_zeroize( mac_expect, transform->maclen );
-        if( ret != 0 )
-            return( ret );
+hmac_failed_etm_disabled:
+        mbedtls_platform_zeroize(mac_peer, transform->maclen);
+        mbedtls_platform_zeroize(mac_expect, transform->maclen);
+        if (ret != 0) {
+            return ret;
+        }
     }
 
     /*
      * Finally check the correct flag
      */
-    if( correct == 0 )
-        return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    if (correct == 0) {
+        return MBEDTLS_ERR_SSL_INVALID_MAC;
+    }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
 
     /* Make extra sure authentication was performed, exactly once */
-    if( auth_done != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (auth_done != 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         /* Remove inner padding and infer true content type. */
-        ret = ssl_parse_inner_plaintext( data, &rec->data_len,
-                                         &rec->type );
+        ret = ssl_parse_inner_plaintext(data, &rec->data_len,
+                                        &rec->type);
 
-        if( ret != 0 )
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (ret != 0) {
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
+        }
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( rec->cid_len != 0 )
-    {
-        ret = ssl_parse_inner_plaintext( data, &rec->data_len,
-                                         &rec->type );
-        if( ret != 0 )
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (rec->cid_len != 0) {
+        ret = ssl_parse_inner_plaintext(data, &rec->data_len,
+                                        &rec->type);
+        if (ret != 0) {
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
+        }
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf"));
 
-    return( 0 );
+    return 0;
 }
 
 #undef MAC_NONE
@@ -1946,7 +1907,7 @@
  * For DTLS, it is up to the caller to set ssl->next_record_offset when
  * they're done reading a record.
  */
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
+int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -1956,23 +1917,20 @@
     size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input"));
 
-    if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() "));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    if( nb_want > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (nb_want > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         uint32_t timeout;
 
         /*
@@ -1985,40 +1943,36 @@
         /*
          * Move to the next record in the already read datagram if applicable
          */
-        if( ssl->next_record_offset != 0 )
-        {
-            if( ssl->in_left < ssl->next_record_offset )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (ssl->next_record_offset != 0) {
+            if (ssl->in_left < ssl->next_record_offset) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
 
             ssl->in_left -= ssl->next_record_offset;
 
-            if( ssl->in_left != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
-                                            MBEDTLS_PRINTF_SIZET,
-                                    ssl->next_record_offset ) );
-                memmove( ssl->in_hdr,
-                         ssl->in_hdr + ssl->next_record_offset,
-                         ssl->in_left );
+            if (ssl->in_left != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %"
+                                          MBEDTLS_PRINTF_SIZET,
+                                          ssl->next_record_offset));
+                memmove(ssl->in_hdr,
+                        ssl->in_hdr + ssl->next_record_offset,
+                        ssl->in_left);
             }
 
             ssl->next_record_offset = 0;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
-                                    ", nb_want: %" MBEDTLS_PRINTF_SIZET,
-                       ssl->in_left, nb_want ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+                                  ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+                                  ssl->in_left, nb_want));
 
         /*
          * Done if we already have enough data.
          */
-        if( nb_want <= ssl->in_left)
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
-            return( 0 );
+        if (nb_want <= ssl->in_left) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input"));
+            return 0;
         }
 
         /*
@@ -2026,10 +1980,9 @@
          * are not at the beginning of a new record, the caller did something
          * wrong.
          */
-        if( ssl->in_left != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (ssl->in_left != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         /*
@@ -2037,195 +1990,182 @@
          * This avoids by-passing the timer when repeatedly receiving messages
          * that will end up being dropped.
          */
-        if( mbedtls_ssl_check_timer( ssl ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) );
+        if (mbedtls_ssl_check_timer(ssl) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired"));
             ret = MBEDTLS_ERR_SSL_TIMEOUT;
-        }
-        else
-        {
-            len = in_buf_len - ( ssl->in_hdr - ssl->in_buf );
+        } else {
+            len = in_buf_len - (ssl->in_hdr - ssl->in_buf);
 
-            if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
+            if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
                 timeout = ssl->handshake->retransmit_timeout;
-            else
+            } else {
                 timeout = ssl->conf->read_timeout;
+            }
 
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout));
 
-            if( ssl->f_recv_timeout != NULL )
-                ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
-                                                                    timeout );
-            else
-                ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
+            if (ssl->f_recv_timeout != NULL) {
+                ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len,
+                                          timeout);
+            } else {
+                ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len);
+            }
 
-            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+            MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
 
-            if( ret == 0 )
-                return( MBEDTLS_ERR_SSL_CONN_EOF );
+            if (ret == 0) {
+                return MBEDTLS_ERR_SSL_CONN_EOF;
+            }
         }
 
-        if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
-            mbedtls_ssl_set_timer( ssl, 0 );
+        if (ret == MBEDTLS_ERR_SSL_TIMEOUT) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("timeout"));
+            mbedtls_ssl_set_timer(ssl, 0);
 
-            if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-            {
-                if( ssl_double_retransmit_timeout( ssl ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
-                    return( MBEDTLS_ERR_SSL_TIMEOUT );
+            if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+                if (ssl_double_retransmit_timeout(ssl) != 0) {
+                    MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout"));
+                    return MBEDTLS_ERR_SSL_TIMEOUT;
                 }
 
-                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
-                    return( ret );
+                if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret);
+                    return ret;
                 }
 
-                return( MBEDTLS_ERR_SSL_WANT_READ );
+                return MBEDTLS_ERR_SSL_WANT_READ;
             }
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-            else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-                     ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-            {
-                if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
-                                           ret );
-                    return( ret );
+            else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+                     ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+                if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request",
+                                          ret);
+                    return ret;
                 }
 
-                return( MBEDTLS_ERR_SSL_WANT_READ );
+                return MBEDTLS_ERR_SSL_WANT_READ;
             }
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
         }
 
-        if( ret < 0 )
-            return( ret );
+        if (ret < 0) {
+            return ret;
+        }
 
         ssl->in_left = ret;
-    }
-    else
+    } else
 #endif
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
-                                    ", nb_want: %" MBEDTLS_PRINTF_SIZET,
-                       ssl->in_left, nb_want ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+                                  ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+                                  ssl->in_left, nb_want));
 
-        while( ssl->in_left < nb_want )
-        {
+        while (ssl->in_left < nb_want) {
             len = nb_want - ssl->in_left;
 
-            if( mbedtls_ssl_check_timer( ssl ) != 0 )
+            if (mbedtls_ssl_check_timer(ssl) != 0) {
                 ret = MBEDTLS_ERR_SSL_TIMEOUT;
-            else
-            {
-                if( ssl->f_recv_timeout != NULL )
-                {
-                    ret = ssl->f_recv_timeout( ssl->p_bio,
-                                               ssl->in_hdr + ssl->in_left, len,
-                                               ssl->conf->read_timeout );
-                }
-                else
-                {
-                    ret = ssl->f_recv( ssl->p_bio,
-                                       ssl->in_hdr + ssl->in_left, len );
+            } else {
+                if (ssl->f_recv_timeout != NULL) {
+                    ret = ssl->f_recv_timeout(ssl->p_bio,
+                                              ssl->in_hdr + ssl->in_left, len,
+                                              ssl->conf->read_timeout);
+                } else {
+                    ret = ssl->f_recv(ssl->p_bio,
+                                      ssl->in_hdr + ssl->in_left, len);
                 }
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
-                                        ", nb_want: %" MBEDTLS_PRINTF_SIZET,
-                                        ssl->in_left, nb_want ) );
-            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET
+                                      ", nb_want: %" MBEDTLS_PRINTF_SIZET,
+                                      ssl->in_left, nb_want));
+            MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret);
 
-            if( ret == 0 )
-                return( MBEDTLS_ERR_SSL_CONN_EOF );
+            if (ret == 0) {
+                return MBEDTLS_ERR_SSL_CONN_EOF;
+            }
 
-            if( ret < 0 )
-                return( ret );
+            if (ret < 0) {
+                return ret;
+            }
 
-            if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
-                    ret, len ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            if ((size_t) ret > len || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+                MBEDTLS_SSL_DEBUG_MSG(1,
+                                      ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
+                                       " were requested",
+                                       ret, len));
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
 
             ssl->in_left += ret;
         }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input"));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Flush any data not yet written
  */
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output"));
 
-    if( ssl->f_send == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->f_send == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() "));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /* Avoid incrementing counter if data is flushed */
-    if( ssl->out_left == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
-        return( 0 );
+    if (ssl->out_left == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output"));
+        return 0;
     }
 
-    while( ssl->out_left > 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
-                                    ", out_left: %" MBEDTLS_PRINTF_SIZET,
-                       mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
+    while (ssl->out_left > 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET
+                                  ", out_left: %" MBEDTLS_PRINTF_SIZET,
+                                  mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left));
 
         buf = ssl->out_hdr - ssl->out_left;
-        ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
+        ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left);
 
-        MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
+        MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret);
 
-        if( ret <= 0 )
-            return( ret );
+        if (ret <= 0) {
+            return ret;
+        }
 
-        if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
-                ret, ssl->out_left ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if ((size_t) ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int) SIZE_MAX)) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET
+                                   " bytes were sent",
+                                   ret, ssl->out_left));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         ssl->out_left -= ret;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->out_hdr = ssl->out_buf;
-    }
-    else
+    } else
 #endif
     {
         ssl->out_hdr = ssl->out_buf + 8;
     }
-    mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+    mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output"));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2236,64 +2176,61 @@
  * Append current handshake message to current outgoing flight
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_flight_append( mbedtls_ssl_context *ssl )
+static int ssl_flight_append(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_flight_item *msg;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight",
-                           ssl->out_msg, ssl->out_msglen );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append"));
+    MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight",
+                          ssl->out_msg, ssl->out_msglen);
 
     /* Allocate space for current message */
-    if( ( msg = mbedtls_calloc( 1, sizeof(  mbedtls_ssl_flight_item ) ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
-                            sizeof( mbedtls_ssl_flight_item ) ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+                                  sizeof(mbedtls_ssl_flight_item)));
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
-                                    ssl->out_msglen ) );
-        mbedtls_free( msg );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+                                  ssl->out_msglen));
+        mbedtls_free(msg);
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
     /* Copy current handshake message with headers */
-    memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
+    memcpy(msg->p, ssl->out_msg, ssl->out_msglen);
     msg->len = ssl->out_msglen;
     msg->type = ssl->out_msgtype;
     msg->next = NULL;
 
     /* Append to the current flight */
-    if( ssl->handshake->flight == NULL )
+    if (ssl->handshake->flight == NULL) {
         ssl->handshake->flight = msg;
-    else
-    {
+    } else {
         mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
-        while( cur->next != NULL )
+        while (cur->next != NULL) {
             cur = cur->next;
+        }
         cur->next = msg;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append"));
+    return 0;
 }
 
 /*
  * Free the current flight of handshake messages
  */
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight )
+void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight)
 {
     mbedtls_ssl_flight_item *cur = flight;
     mbedtls_ssl_flight_item *next;
 
-    while( cur != NULL )
-    {
+    while (cur != NULL) {
         next = cur->next;
 
-        mbedtls_free( cur->p );
-        mbedtls_free( cur );
+        mbedtls_free(cur->p);
+        mbedtls_free(cur);
 
         cur = next;
     }
@@ -2303,18 +2240,17 @@
  * Swap transform_out and out_ctr with the alternative ones
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_swap_epochs( mbedtls_ssl_context *ssl )
+static int ssl_swap_epochs(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_transform *tmp_transform;
     unsigned char tmp_out_ctr[MBEDTLS_SSL_SEQUENCE_NUMBER_LEN];
 
-    if( ssl->transform_out == ssl->handshake->alt_transform_out )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
-        return( 0 );
+    if (ssl->transform_out == ssl->handshake->alt_transform_out) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs"));
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs"));
 
     /* Swap transforms */
     tmp_transform                     = ssl->transform_out;
@@ -2322,32 +2258,32 @@
     ssl->handshake->alt_transform_out = tmp_transform;
 
     /* Swap epoch + sequence_number */
-    memcpy( tmp_out_ctr, ssl->cur_out_ctr, sizeof( tmp_out_ctr ) );
-    memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr,
-            sizeof( ssl->cur_out_ctr ) );
-    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,
-            sizeof( ssl->handshake->alt_out_ctr ) );
+    memcpy(tmp_out_ctr, ssl->cur_out_ctr, sizeof(tmp_out_ctr));
+    memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr,
+           sizeof(ssl->cur_out_ctr));
+    memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr,
+           sizeof(ssl->handshake->alt_out_ctr));
 
     /* Adjust to the newly activated transform */
-    mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+    mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Retransmit the current flight of messages.
  */
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_resend(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend"));
 
-    ret = mbedtls_ssl_flight_transmit( ssl );
+    ret = mbedtls_ssl_flight_transmit(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend"));
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2357,121 +2293,117 @@
  * WANT_WRITE, causing us to exit this function and come back later.
  * This function must be called until state is no longer SENDING.
  */
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit"));
 
-    if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
+    if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission"));
 
         ssl->handshake->cur_msg = ssl->handshake->flight;
         ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
-        ret = ssl_swap_epochs( ssl );
-        if( ret != 0 )
-            return( ret );
+        ret = ssl_swap_epochs(ssl);
+        if (ret != 0) {
+            return ret;
+        }
 
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
     }
 
-    while( ssl->handshake->cur_msg != NULL )
-    {
+    while (ssl->handshake->cur_msg != NULL) {
         size_t max_frag_len;
         const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
 
         int const is_finished =
-            ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
-              cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
+            (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+             cur->p[0] == MBEDTLS_SSL_HS_FINISHED);
 
         int const force_flush = ssl->disable_datagram_packing == 1 ?
-            SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
+                                SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
 
         /* Swap epochs before sending Finished: we can't do it after
          * sending ChangeCipherSpec, in case write returns WANT_READ.
          * Must be done before copying, may change out_msg pointer */
-        if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
-            ret = ssl_swap_epochs( ssl );
-            if( ret != 0 )
-                return( ret );
+        if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message"));
+            ret = ssl_swap_epochs(ssl);
+            if (ret != 0) {
+                return ret;
+            }
         }
 
-        ret = ssl_get_remaining_payload_in_datagram( ssl );
-        if( ret < 0 )
-            return( ret );
+        ret = ssl_get_remaining_payload_in_datagram(ssl);
+        if (ret < 0) {
+            return ret;
+        }
         max_frag_len = (size_t) ret;
 
         /* CCS is copied as is, while HS messages may need fragmentation */
-        if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
-        {
-            if( max_frag_len == 0 )
-            {
-                if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-                    return( ret );
+        if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+            if (max_frag_len == 0) {
+                if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+                    return ret;
+                }
 
                 continue;
             }
 
-            memcpy( ssl->out_msg, cur->p, cur->len );
+            memcpy(ssl->out_msg, cur->p, cur->len);
             ssl->out_msglen  = cur->len;
             ssl->out_msgtype = cur->type;
 
             /* Update position inside current message */
             ssl->handshake->cur_msg_p += cur->len;
-        }
-        else
-        {
+        } else {
             const unsigned char * const p = ssl->handshake->cur_msg_p;
             const size_t hs_len = cur->len - 12;
-            const size_t frag_off = p - ( cur->p + 12 );
+            const size_t frag_off = p - (cur->p + 12);
             const size_t rem_len = hs_len - frag_off;
             size_t cur_hs_frag_len, max_hs_frag_len;
 
-            if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
-            {
-                if( is_finished )
-                {
-                    ret = ssl_swap_epochs( ssl );
-                    if( ret != 0 )
-                        return( ret );
+            if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) {
+                if (is_finished) {
+                    ret = ssl_swap_epochs(ssl);
+                    if (ret != 0) {
+                        return ret;
+                    }
                 }
 
-                if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-                    return( ret );
+                if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+                    return ret;
+                }
 
                 continue;
             }
             max_hs_frag_len = max_frag_len - 12;
 
             cur_hs_frag_len = rem_len > max_hs_frag_len ?
-                max_hs_frag_len : rem_len;
+                              max_hs_frag_len : rem_len;
 
-            if( frag_off == 0 && cur_hs_frag_len != hs_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
-                                            (unsigned) cur_hs_frag_len,
-                                            (unsigned) max_hs_frag_len ) );
+            if (frag_off == 0 && cur_hs_frag_len != hs_len) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)",
+                                          (unsigned) cur_hs_frag_len,
+                                          (unsigned) max_hs_frag_len));
             }
 
             /* Messages are stored with handshake headers as if not fragmented,
              * copy beginning of headers then fill fragmentation fields.
              * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
-            memcpy( ssl->out_msg, cur->p, 6 );
+            memcpy(ssl->out_msg, cur->p, 6);
 
-            ssl->out_msg[6] = MBEDTLS_BYTE_2( frag_off );
-            ssl->out_msg[7] = MBEDTLS_BYTE_1( frag_off );
-            ssl->out_msg[8] = MBEDTLS_BYTE_0( frag_off );
+            ssl->out_msg[6] = MBEDTLS_BYTE_2(frag_off);
+            ssl->out_msg[7] = MBEDTLS_BYTE_1(frag_off);
+            ssl->out_msg[8] = MBEDTLS_BYTE_0(frag_off);
 
-            ssl->out_msg[ 9] = MBEDTLS_BYTE_2( cur_hs_frag_len );
-            ssl->out_msg[10] = MBEDTLS_BYTE_1( cur_hs_frag_len );
-            ssl->out_msg[11] = MBEDTLS_BYTE_0( cur_hs_frag_len );
+            ssl->out_msg[9] = MBEDTLS_BYTE_2(cur_hs_frag_len);
+            ssl->out_msg[10] = MBEDTLS_BYTE_1(cur_hs_frag_len);
+            ssl->out_msg[11] = MBEDTLS_BYTE_0(cur_hs_frag_len);
 
-            MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
+            MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12);
 
             /* Copy the handshake message content and set records fields */
-            memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
+            memcpy(ssl->out_msg + 12, p, cur_hs_frag_len);
             ssl->out_msglen = cur_hs_frag_len + 12;
             ssl->out_msgtype = cur->type;
 
@@ -2480,52 +2412,47 @@
         }
 
         /* If done with the current message move to the next one if any */
-        if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
-        {
-            if( cur->next != NULL )
-            {
+        if (ssl->handshake->cur_msg_p >= cur->p + cur->len) {
+            if (cur->next != NULL) {
                 ssl->handshake->cur_msg = cur->next;
                 ssl->handshake->cur_msg_p = cur->next->p + 12;
-            }
-            else
-            {
+            } else {
                 ssl->handshake->cur_msg = NULL;
                 ssl->handshake->cur_msg_p = NULL;
             }
         }
 
         /* Actually send the message out */
-        if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+            return ret;
         }
     }
 
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-    /* Update state and set timer */
-    if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    else
-    {
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
-        mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+    if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
+    /* Update state and set timer */
+    if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
+    } else {
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+        mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
+    }
 
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit"));
+
+    return 0;
 }
 
 /*
  * To be called when the last message of an incoming flight is received.
  */
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl)
 {
     /* We won't need to resend that one any more */
-    mbedtls_ssl_flight_free( ssl->handshake->flight );
+    mbedtls_ssl_flight_free(ssl->handshake->flight);
     ssl->handshake->flight = NULL;
     ssl->handshake->cur_msg = NULL;
 
@@ -2536,43 +2463,41 @@
     ssl->handshake->buffering.seen_ccs = 0;
 
     /* Clear future message buffering structure. */
-    mbedtls_ssl_buffering_free( ssl );
+    mbedtls_ssl_buffering_free(ssl);
 
     /* Cancel timer */
-    mbedtls_ssl_set_timer( ssl, 0 );
+    mbedtls_ssl_set_timer(ssl, 0);
 
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
-    {
+    if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    }
-    else
+    } else {
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+    }
 }
 
 /*
  * To be called when the last message of an outgoing flight is send.
  */
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl)
 {
-    ssl_reset_retransmit_timeout( ssl );
-    mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+    ssl_reset_retransmit_timeout(ssl);
+    mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout);
 
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
-    {
+    if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) {
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    }
-    else
+    } else {
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+    }
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 /*
  * Handshake layer functions
  */
-int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
-                                     unsigned char **buf, size_t *buf_len )
+int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type,
+                                    unsigned char **buf, size_t *buf_len)
 {
     /*
      * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 )
@@ -2587,7 +2512,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = hs_type;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2612,43 +2537,40 @@
  *      (including handshake headers but excluding record headers)
  *   - ssl->out_msg: the record contents (handshake headers + content)
  */
-int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
-                                         int update_checksum,
-                                         int force_flush )
+int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
+                                        int update_checksum,
+                                        int force_flush)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t hs_len = ssl->out_msglen - 4;
     const unsigned char hs_type = ssl->out_msg[0];
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message"));
 
     /*
      * Sanity checks
      */
-    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE          &&
-        ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE          &&
+        ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* Whenever we send anything different from a
      * HelloRequest we should be in a handshake - double check. */
-    if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST ) &&
-        ssl->handshake == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+          hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST) &&
+        ssl->handshake == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->handshake != NULL &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #endif
 
@@ -2660,24 +2582,22 @@
      *
      * Note: We deliberately do not check for the MTU or MFL here.
      */
-    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
-                                    "size %" MBEDTLS_PRINTF_SIZET
-                                    ", maximum %" MBEDTLS_PRINTF_SIZET,
-                                    ssl->out_msglen,
-                                    (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: "
+                                  "size %" MBEDTLS_PRINTF_SIZET
+                                  ", maximum %" MBEDTLS_PRINTF_SIZET,
+                                  ssl->out_msglen,
+                                  (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /*
      * Fill handshake headers
      */
-    if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        ssl->out_msg[1] = MBEDTLS_BYTE_2( hs_len );
-        ssl->out_msg[2] = MBEDTLS_BYTE_1( hs_len );
-        ssl->out_msg[3] = MBEDTLS_BYTE_0( hs_len );
+    if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+        ssl->out_msg[1] = MBEDTLS_BYTE_2(hs_len);
+        ssl->out_msg[2] = MBEDTLS_BYTE_1(hs_len);
+        ssl->out_msg[3] = MBEDTLS_BYTE_0(hs_len);
 
         /*
          * DTLS has additional fields in the Handshake layer,
@@ -2687,74 +2607,67 @@
          *      uint24 fragment_length;
          */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
             /* Make room for the additional DTLS fields */
-            if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
-                              "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
-                               hs_len,
-                               (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
-                return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+            if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: "
+                                          "size %" MBEDTLS_PRINTF_SIZET ", maximum %"
+                                          MBEDTLS_PRINTF_SIZET,
+                                          hs_len,
+                                          (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN - 12)));
+                return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
             }
 
-            memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
+            memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len);
             ssl->out_msglen += 8;
 
             /* Write message_seq and update it, except for HelloRequest */
-            if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
-            {
-                MBEDTLS_PUT_UINT16_BE( ssl->handshake->out_msg_seq, ssl->out_msg, 4 );
-                ++( ssl->handshake->out_msg_seq );
-            }
-            else
-            {
+            if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) {
+                MBEDTLS_PUT_UINT16_BE(ssl->handshake->out_msg_seq, ssl->out_msg, 4);
+                ++(ssl->handshake->out_msg_seq);
+            } else {
                 ssl->out_msg[4] = 0;
                 ssl->out_msg[5] = 0;
             }
 
             /* Handshake hashes are computed without fragmentation,
              * so set frag_offset = 0 and frag_len = hs_len for now */
-            memset( ssl->out_msg + 6, 0x00, 3 );
-            memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
+            memset(ssl->out_msg + 6, 0x00, 3);
+            memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3);
         }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
         /* Update running hashes of handshake messages seen */
-        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0 )
-            ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
+        if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) {
+            ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen);
+        }
     }
 
     /* Either send now, or just save to be sent (and resent) later */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
-    {
-        if( ( ret = ssl_flight_append( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
-            return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+          hs_type          == MBEDTLS_SSL_HS_HELLO_REQUEST)) {
+        if ((ret = ssl_flight_append(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif
     {
-        if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret);
+            return ret;
         }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message"));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
-                                      size_t buf_len, size_t msg_len )
+int mbedtls_ssl_finish_handshake_msg(mbedtls_ssl_context *ssl,
+                                     size_t buf_len, size_t msg_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t msg_with_header_len;
@@ -2763,10 +2676,10 @@
     /* Add reserved 4 bytes for handshake header */
     msg_with_header_len = msg_len + 4;
     ssl->out_msglen = msg_with_header_len;
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0, 0 ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_handshake_msg_ext(ssl, 0, 0));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -2781,16 +2694,15 @@
  *  - ssl->out_msglen: length of the record content (excl headers)
  *  - ssl->out_msg: record content
  */
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
+int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush)
 {
     int ret, done = 0;
     size_t len = ssl->out_msglen;
     int flush = force_flush;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record"));
 
-    if( !done )
-    {
+    if (!done) {
         unsigned i;
         size_t protected_record_size;
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@@ -2804,26 +2716,26 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         /* TLS 1.3 still uses the TLS 1.2 version identifier
          * for backwards compatibility. */
-        if( tls_ver == MBEDTLS_SSL_VERSION_TLS1_3 )
+        if (tls_ver == MBEDTLS_SSL_VERSION_TLS1_3) {
             tls_ver = MBEDTLS_SSL_VERSION_TLS1_2;
+        }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-        mbedtls_ssl_write_version( ssl->out_hdr + 1, ssl->conf->transport,
-                                   tls_ver );
+        mbedtls_ssl_write_version(ssl->out_hdr + 1, ssl->conf->transport,
+                                  tls_ver);
 
-        memcpy( ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
-        MBEDTLS_PUT_UINT16_BE( len, ssl->out_len, 0);
+        memcpy(ssl->out_ctr, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
+        MBEDTLS_PUT_UINT16_BE(len, ssl->out_len, 0);
 
-        if( ssl->transform_out != NULL )
-        {
+        if (ssl->transform_out != NULL) {
             mbedtls_record rec;
 
             rec.buf         = ssl->out_iv;
-            rec.buf_len     = out_buf_len - ( ssl->out_iv - ssl->out_buf );
+            rec.buf_len     = out_buf_len - (ssl->out_iv - ssl->out_buf);
             rec.data_len    = ssl->out_msglen;
             rec.data_offset = ssl->out_msg - rec.buf;
 
-            memcpy( &rec.ctr[0], ssl->out_ctr, sizeof( rec.ctr ) );
-            mbedtls_ssl_write_version( rec.ver, ssl->conf->transport, tls_ver );
+            memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr));
+            mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver);
             rec.type = ssl->out_msgtype;
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2831,43 +2743,40 @@
             rec.cid_len = 0;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-            if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
-                                         ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
-                return( ret );
+            if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
+                                               ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
+                return ret;
             }
 
-            if( rec.data_offset != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            if (rec.data_offset != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
 
             /* Update the record content type and CID. */
             ssl->out_msgtype = rec.type;
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
-            memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+            memcpy(ssl->out_cid, rec.cid, rec.cid_len);
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
             ssl->out_msglen = len = rec.data_len;
-            MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->out_len, 0 );
+            MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->out_len, 0);
         }
 
-        protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl );
+        protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
         /* In case of DTLS, double-check that we don't exceed
          * the remaining space in the datagram. */
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            ret = ssl_get_remaining_space_in_datagram( ssl );
-            if( ret < 0 )
-                return( ret );
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            ret = ssl_get_remaining_space_in_datagram(ssl);
+            if (ret < 0) {
+                return ret;
+            }
 
-            if( protected_record_size > (size_t) ret )
-            {
+            if (protected_record_size > (size_t) ret) {
                 /* Should never happen */
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
         }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -2875,133 +2784,131 @@
         /* Now write the potentially updated record content type. */
         ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
-                                    "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
-                                    ssl->out_hdr[0], ssl->out_hdr[1],
-                                    ssl->out_hdr[2], len ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, "
+                                  "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
+                                  ssl->out_hdr[0], ssl->out_hdr[1],
+                                  ssl->out_hdr[2], len));
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
-                               ssl->out_hdr, protected_record_size );
+        MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network",
+                              ssl->out_hdr, protected_record_size);
 
         ssl->out_left += protected_record_size;
         ssl->out_hdr  += protected_record_size;
-        mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out );
+        mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out);
 
-        for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- )
-            if( ++ssl->cur_out_ctr[i - 1] != 0 )
+        for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) {
+            if (++ssl->cur_out_ctr[i - 1] != 0) {
                 break;
+            }
+        }
 
         /* The loop goes to its end if the counter is wrapping */
-        if( i == mbedtls_ssl_ep_len( ssl ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        if (i == mbedtls_ssl_ep_len(ssl)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap"));
+            return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
         }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        flush == SSL_DONT_FORCE_FLUSH )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        flush == SSL_DONT_FORCE_FLUSH) {
         size_t remaining;
-        ret = ssl_get_remaining_payload_in_datagram( ssl );
-        if( ret < 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
-                                   ret );
-            return( ret );
+        ret = ssl_get_remaining_payload_in_datagram(ssl);
+        if (ret < 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram",
+                                  ret);
+            return ret;
         }
 
         remaining = (size_t) ret;
-        if( remaining == 0 )
-        {
+        if (remaining == 0) {
             flush = SSL_FORCE_FLUSH;
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
+        } else {
+            MBEDTLS_SSL_DEBUG_MSG(2,
+                                  ("Still %u bytes available in current datagram",
+                                   (unsigned) remaining));
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    if( ( flush == SSL_FORCE_FLUSH ) &&
-        ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
-        return( ret );
+    if ((flush == SSL_FORCE_FLUSH) &&
+        (ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record"));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
+static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl)
 {
-    if( ssl->in_msglen < ssl->in_hslen ||
-        memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
-        memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
-    {
-        return( 1 );
+    if (ssl->in_msglen < ssl->in_hslen ||
+        memcmp(ssl->in_msg + 6, "\0\0\0",        3) != 0 ||
+        memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) {
+        return 1;
     }
-    return( 0 );
+    return 0;
 }
 
-static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl)
 {
-    return( ( ssl->in_msg[9] << 16  ) |
-            ( ssl->in_msg[10] << 8  ) |
-              ssl->in_msg[11] );
+    return (ssl->in_msg[9] << 16) |
+           (ssl->in_msg[10] << 8) |
+           ssl->in_msg[11];
 }
 
-static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl)
 {
-    return( ( ssl->in_msg[6] << 16 ) |
-            ( ssl->in_msg[7] << 8  ) |
-              ssl->in_msg[8] );
+    return (ssl->in_msg[6] << 16) |
+           (ssl->in_msg[7] << 8) |
+           ssl->in_msg[8];
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
+static int ssl_check_hs_header(mbedtls_ssl_context const *ssl)
 {
     uint32_t msg_len, frag_off, frag_len;
 
-    msg_len  = ssl_get_hs_total_len( ssl );
-    frag_off = ssl_get_hs_frag_off( ssl );
-    frag_len = ssl_get_hs_frag_len( ssl );
+    msg_len  = ssl_get_hs_total_len(ssl);
+    frag_off = ssl_get_hs_frag_off(ssl);
+    frag_len = ssl_get_hs_frag_len(ssl);
 
-    if( frag_off > msg_len )
-        return( -1 );
+    if (frag_off > msg_len) {
+        return -1;
+    }
 
-    if( frag_len > msg_len - frag_off )
-        return( -1 );
+    if (frag_len > msg_len - frag_off) {
+        return -1;
+    }
 
-    if( frag_len + 12 > ssl->in_msglen )
-        return( -1 );
+    if (frag_len + 12 > ssl->in_msglen) {
+        return -1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Mark bits in bitmask (used for DTLS HS reassembly)
  */
-static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
+static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len)
 {
     unsigned int start_bits, end_bits;
 
-    start_bits = 8 - ( offset % 8 );
-    if( start_bits != 8 )
-    {
+    start_bits = 8 - (offset % 8);
+    if (start_bits != 8) {
         size_t first_byte_idx = offset / 8;
 
         /* Special case */
-        if( len <= start_bits )
-        {
-            for( ; len != 0; len-- )
-                mask[first_byte_idx] |= 1 << ( start_bits - len );
+        if (len <= start_bits) {
+            for (; len != 0; len--) {
+                mask[first_byte_idx] |= 1 << (start_bits - len);
+            }
 
             /* Avoid potential issues with offset or len becoming invalid */
             return;
@@ -3010,134 +2917,134 @@
         offset += start_bits; /* Now offset % 8 == 0 */
         len -= start_bits;
 
-        for( ; start_bits != 0; start_bits-- )
-            mask[first_byte_idx] |= 1 << ( start_bits - 1 );
+        for (; start_bits != 0; start_bits--) {
+            mask[first_byte_idx] |= 1 << (start_bits - 1);
+        }
     }
 
     end_bits = len % 8;
-    if( end_bits != 0 )
-    {
-        size_t last_byte_idx = ( offset + len ) / 8;
+    if (end_bits != 0) {
+        size_t last_byte_idx = (offset + len) / 8;
 
         len -= end_bits; /* Now len % 8 == 0 */
 
-        for( ; end_bits != 0; end_bits-- )
-            mask[last_byte_idx] |= 1 << ( 8 - end_bits );
+        for (; end_bits != 0; end_bits--) {
+            mask[last_byte_idx] |= 1 << (8 - end_bits);
+        }
     }
 
-    memset( mask + offset / 8, 0xFF, len / 8 );
+    memset(mask + offset / 8, 0xFF, len / 8);
 }
 
 /*
  * Check that bitmask is full
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_bitmask_check( unsigned char *mask, size_t len )
+static int ssl_bitmask_check(unsigned char *mask, size_t len)
 {
     size_t i;
 
-    for( i = 0; i < len / 8; i++ )
-        if( mask[i] != 0xFF )
-            return( -1 );
+    for (i = 0; i < len / 8; i++) {
+        if (mask[i] != 0xFF) {
+            return -1;
+        }
+    }
 
-    for( i = 0; i < len % 8; i++ )
-        if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
-            return( -1 );
+    for (i = 0; i < len % 8; i++) {
+        if ((mask[len / 8] & (1 << (7 - i))) == 0) {
+            return -1;
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /* msg_len does not include the handshake header */
-static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
-                                              unsigned add_bitmap )
+static size_t ssl_get_reassembly_buffer_size(size_t msg_len,
+                                             unsigned add_bitmap)
 {
     size_t alloc_len;
 
     alloc_len  = 12;                                 /* Handshake header */
     alloc_len += msg_len;                            /* Content buffer   */
 
-    if( add_bitmap )
-        alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap       */
+    if (add_bitmap) {
+        alloc_len += msg_len / 8 + (msg_len % 8 != 0);   /* Bitmap       */
 
-    return( alloc_len );
+    }
+    return alloc_len;
 }
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
+static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl)
 {
-    return( ( ssl->in_msg[1] << 16 ) |
-            ( ssl->in_msg[2] << 8  ) |
-              ssl->in_msg[3] );
+    return (ssl->in_msg[1] << 16) |
+           (ssl->in_msg[2] << 8) |
+           ssl->in_msg[3];
 }
 
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
 {
-    if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
-                            ssl->in_msglen ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET,
+                                  ssl->in_msglen));
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
-    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
+    ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
-                        " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
-                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen ="
+                              " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %"
+                              MBEDTLS_PRINTF_SIZET,
+                              ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen));
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+        unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
 
-        if( ssl_check_hs_header( ssl ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (ssl_check_hs_header(ssl) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header"));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
-        if( ssl->handshake != NULL &&
-           ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 &&
-                recv_msg_seq != ssl->handshake->in_msg_seq ) ||
-             ( mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
-                ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
-        {
-            if( recv_msg_seq > ssl->handshake->in_msg_seq )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
-                                            recv_msg_seq,
-                                            ssl->handshake->in_msg_seq ) );
-                return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+        if (ssl->handshake != NULL &&
+            ((mbedtls_ssl_is_handshake_over(ssl) == 0 &&
+              recv_msg_seq != ssl->handshake->in_msg_seq) ||
+             (mbedtls_ssl_is_handshake_over(ssl) == 1 &&
+              ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) {
+            if (recv_msg_seq > ssl->handshake->in_msg_seq) {
+                MBEDTLS_SSL_DEBUG_MSG(2,
+                                      (
+                                          "received future handshake message of sequence number %u (next %u)",
+                                          recv_msg_seq,
+                                          ssl->handshake->in_msg_seq));
+                return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
             }
 
             /* Retransmit only on last message from previous flight, to avoid
              * too many retransmissions.
              * Besides, No sane server ever retransmits HelloVerifyRequest */
-            if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
-                ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
-                                    "message_seq = %u, start_of_flight = %u",
-                                    recv_msg_seq,
-                                    ssl->handshake->in_flight_start_seq ) );
+            if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
+                ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, "
+                                          "message_seq = %u, start_of_flight = %u",
+                                          recv_msg_seq,
+                                          ssl->handshake->in_flight_start_seq));
 
-                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
-                    return( ret );
+                if ((ret = mbedtls_ssl_resend(ssl)) != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret);
+                    return ret;
                 }
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
-                                    "message_seq = %u, expected = %u",
-                                    recv_msg_seq,
-                                    ssl->handshake->in_msg_seq ) );
+            } else {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: "
+                                          "message_seq = %u, expected = %u",
+                                          recv_msg_seq,
+                                          ssl->handshake->in_msg_seq));
             }
 
-            return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
         }
         /* Wait until message completion to increment in_msg_seq */
 
@@ -3145,38 +3052,33 @@
          * messages; the commonality is that both handshake fragments and
          * future messages cannot be forwarded immediately to the
          * handshake logic layer. */
-        if( ssl_hs_is_proper_fragment( ssl ) == 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
-            return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+        if (ssl_hs_is_proper_fragment(ssl) == 1) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message"));
+            return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     /* With TLS we don't handle fragmentation (for now) */
-    if( ssl->in_msglen < ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (ssl->in_msglen < ssl->in_hslen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported"));
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
-    if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL )
-    {
-        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+    if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) {
+        ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
     }
 
     /* Handshake message is complete, increment counter */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake != NULL) {
         unsigned offset;
         mbedtls_ssl_hs_buffer *hs_buf;
 
@@ -3188,18 +3090,17 @@
          */
 
         /* Free first entry */
-        ssl_buffering_free_slot( ssl, 0 );
+        ssl_buffering_free_slot(ssl, 0);
 
         /* Shift all other entries */
-        for( offset = 0, hs_buf = &hs->buffering.hs[0];
+        for (offset = 0, hs_buf = &hs->buffering.hs[0];
              offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
-             offset++, hs_buf++ )
-        {
+             offset++, hs_buf++) {
             *hs_buf = *(hs_buf + 1);
         }
 
         /* Create a fresh last entry */
-        memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+        memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
     }
 #endif
 }
@@ -3215,24 +3116,24 @@
  * not seen yet).
  */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl)
 {
     ssl->in_window_top = 0;
     ssl->in_window = 0;
 }
 
-static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
+static inline uint64_t ssl_load_six_bytes(unsigned char *buf)
 {
-    return( ( (uint64_t) buf[0] << 40 ) |
-            ( (uint64_t) buf[1] << 32 ) |
-            ( (uint64_t) buf[2] << 24 ) |
-            ( (uint64_t) buf[3] << 16 ) |
-            ( (uint64_t) buf[4] <<  8 ) |
-            ( (uint64_t) buf[5]       ) );
+    return ((uint64_t) buf[0] << 40) |
+           ((uint64_t) buf[1] << 32) |
+           ((uint64_t) buf[2] << 24) |
+           ((uint64_t) buf[3] << 16) |
+           ((uint64_t) buf[4] <<  8) |
+           ((uint64_t) buf[5]);
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr )
+static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *original_in_ctr;
@@ -3243,7 +3144,7 @@
     // use counter from record
     ssl->in_ctr = record_in_ctr;
 
-    ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl );
+    ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl);
 
     // restore the counter
     ssl->in_ctr = original_in_ctr;
@@ -3254,60 +3155,62 @@
 /*
  * Return 0 if sequence number is acceptable, -1 otherwise
  */
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl )
+int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl)
 {
-    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+    uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
     uint64_t bit;
 
-    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
-        return( 0 );
+    if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
+        return 0;
+    }
 
-    if( rec_seqnum > ssl->in_window_top )
-        return( 0 );
+    if (rec_seqnum > ssl->in_window_top) {
+        return 0;
+    }
 
     bit = ssl->in_window_top - rec_seqnum;
 
-    if( bit >= 64 )
-        return( -1 );
+    if (bit >= 64) {
+        return -1;
+    }
 
-    if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
-        return( -1 );
+    if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) {
+        return -1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Update replay window on new validated record
  */
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl)
 {
-    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+    uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2);
 
-    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+    if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) {
         return;
+    }
 
-    if( rec_seqnum > ssl->in_window_top )
-    {
+    if (rec_seqnum > ssl->in_window_top) {
         /* Update window_top and the contents of the window */
         uint64_t shift = rec_seqnum - ssl->in_window_top;
 
-        if( shift >= 64 )
+        if (shift >= 64) {
             ssl->in_window = 1;
-        else
-        {
+        } else {
             ssl->in_window <<= shift;
             ssl->in_window |= 1;
         }
 
         ssl->in_window_top = rec_seqnum;
-    }
-    else
-    {
+    } else {
         /* Mark that number as seen in the current window */
         uint64_t bit = ssl->in_window_top - rec_seqnum;
 
-        if( bit < 64 ) /* Always true, but be extra sure */
+        if (bit < 64) { /* Always true, but be extra sure */
             ssl->in_window |= (uint64_t) 1 << bit;
+        }
     }
 }
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
@@ -3327,10 +3230,10 @@
 MBEDTLS_CHECK_RETURN_CRITICAL
 MBEDTLS_STATIC_TESTABLE
 int mbedtls_ssl_check_dtls_clihlo_cookie(
-                           mbedtls_ssl_context *ssl,
-                           const unsigned char *cli_id, size_t cli_id_len,
-                           const unsigned char *in, size_t in_len,
-                           unsigned char *obuf, size_t buf_len, size_t *olen )
+    mbedtls_ssl_context *ssl,
+    const unsigned char *cli_id, size_t cli_id_len,
+    const unsigned char *in, size_t in_len,
+    unsigned char *obuf, size_t buf_len, size_t *olen)
 {
     size_t sid_len, cookie_len, epoch, fragment_offset;
     unsigned char *p;
@@ -3361,56 +3264,51 @@
      *
      * Minimum length is 61 bytes.
      */
-    MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: in_len=%u",
-                                (unsigned) in_len ) );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "cli_id", cli_id, cli_id_len );
-    if( in_len < 61 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: record too short" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: in_len=%u",
+                              (unsigned) in_len));
+    MBEDTLS_SSL_DEBUG_BUF(4, "cli_id", cli_id, cli_id_len);
+    if (in_len < 61) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: record too short"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    epoch = MBEDTLS_GET_UINT16_BE( in, 3 );
-    fragment_offset = MBEDTLS_GET_UINT24_BE( in, 19 );
+    epoch = MBEDTLS_GET_UINT16_BE(in, 3);
+    fragment_offset = MBEDTLS_GET_UINT24_BE(in, 19);
 
-    if( in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 ||
-        fragment_offset != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: not a good ClientHello" ) );
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "    type=%u epoch=%u fragment_offset=%u",
-                                    in[0], (unsigned) epoch,
-                                    (unsigned) fragment_offset ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || epoch != 0 ||
+        fragment_offset != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: not a good ClientHello"));
+        MBEDTLS_SSL_DEBUG_MSG(4, ("    type=%u epoch=%u fragment_offset=%u",
+                                  in[0], (unsigned) epoch,
+                                  (unsigned) fragment_offset));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     sid_len = in[59];
-    if( 59 + 1 + sid_len + 1 > in_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: sid_len=%u > %u",
-                                    (unsigned) sid_len,
-                                    (unsigned) in_len - 61 ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (59 + 1 + sid_len + 1 > in_len) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: sid_len=%u > %u",
+                                  (unsigned) sid_len,
+                                  (unsigned) in_len - 61));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 4, "sid received from network",
-                           in + 60, sid_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "sid received from network",
+                          in + 60, sid_len);
 
     cookie_len = in[60 + sid_len];
-    if( 59 + 1 + sid_len + 1 + cookie_len > in_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: cookie_len=%u > %u",
-                                    (unsigned) cookie_len,
-                                    (unsigned) ( in_len - sid_len - 61 ) ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (59 + 1 + sid_len + 1 + cookie_len > in_len) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: cookie_len=%u > %u",
+                                  (unsigned) cookie_len,
+                                  (unsigned) (in_len - sid_len - 61)));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "cookie received from network",
-                           in + sid_len + 61, cookie_len );
-    if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
-                                   in + sid_len + 61, cookie_len,
-                                   cli_id, cli_id_len ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "check cookie: valid" ) );
-        return( 0 );
+    MBEDTLS_SSL_DEBUG_BUF(4, "cookie received from network",
+                          in + sid_len + 61, cookie_len);
+    if (ssl->conf->f_cookie_check(ssl->conf->p_cookie,
+                                  in + sid_len + 61, cookie_len,
+                                  cli_id, cli_id_len) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("check cookie: valid"));
+        return 0;
     }
 
     /*
@@ -3433,36 +3331,36 @@
      *
      * Minimum length is 28.
      */
-    if( buf_len < 28 )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (buf_len < 28) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
 
     /* Copy most fields and adapt others */
-    memcpy( obuf, in, 25 );
+    memcpy(obuf, in, 25);
     obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
     obuf[25] = 0xfe;
     obuf[26] = 0xff;
 
     /* Generate and write actual cookie */
     p = obuf + 28;
-    if( ssl->conf->f_cookie_write( ssl->conf->p_cookie,
-                                   &p, obuf + buf_len,
-                                   cli_id, cli_id_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (ssl->conf->f_cookie_write(ssl->conf->p_cookie,
+                                  &p, obuf + buf_len,
+                                  cli_id, cli_id_len) != 0) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     *olen = p - obuf;
 
     /* Go back and fill length fields */
-    obuf[27] = (unsigned char)( *olen - 28 );
+    obuf[27] = (unsigned char) (*olen - 28);
 
-    obuf[14] = obuf[22] = MBEDTLS_BYTE_2( *olen - 25 );
-    obuf[15] = obuf[23] = MBEDTLS_BYTE_1( *olen - 25 );
-    obuf[16] = obuf[24] = MBEDTLS_BYTE_0( *olen - 25 );
+    obuf[14] = obuf[22] = MBEDTLS_BYTE_2(*olen - 25);
+    obuf[15] = obuf[23] = MBEDTLS_BYTE_1(*olen - 25);
+    obuf[16] = obuf[24] = MBEDTLS_BYTE_0(*olen - 25);
 
-    MBEDTLS_PUT_UINT16_BE( *olen - 13, obuf, 11 );
+    MBEDTLS_PUT_UINT16_BE(*olen - 13, obuf, 11);
 
-    return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+    return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED;
 }
 
 /*
@@ -3486,73 +3384,68 @@
  * errors, and is the right thing to do in both cases).
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
+static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ssl->conf->f_cookie_write == NULL ||
-        ssl->conf->f_cookie_check == NULL )
-    {
+    if (ssl->conf->f_cookie_write == NULL ||
+        ssl->conf->f_cookie_check == NULL) {
         /* If we can't use cookies to verify reachability of the peer,
          * drop the record. */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
-                                    "can't check reconnect validity" ) );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, "
+                                  "can't check reconnect validity"));
+        return 0;
     }
 
     ret = mbedtls_ssl_check_dtls_clihlo_cookie(
-            ssl,
-            ssl->cli_id, ssl->cli_id_len,
-            ssl->in_buf, ssl->in_left,
-            ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
+        ssl,
+        ssl->cli_id, ssl->cli_id_len,
+        ssl->in_buf, ssl->in_left,
+        ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len);
 
-    MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret );
+    MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_ssl_check_dtls_clihlo_cookie", ret);
 
-    if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
-    {
+    if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
         int send_ret;
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
-                                  ssl->out_buf, len );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest"));
+        MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network",
+                              ssl->out_buf, len);
         /* Don't check write errors as we can't do anything here.
          * If the error is permanent we'll catch it later,
          * if it's not, then hopefully it'll work next time. */
-        send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
-        MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
+        send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len);
+        MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret);
         (void) send_ret;
 
-        return( 0 );
+        return 0;
     }
 
-    if( ret == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
-        if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
-            return( ret );
+    if (ret == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context"));
+        if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "reset", ret);
+            return ret;
         }
 
-        return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
+        return MBEDTLS_ERR_SSL_CLIENT_RECONNECT;
     }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_record_type( uint8_t record_type )
+static int ssl_check_record_type(uint8_t record_type)
 {
-    if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
+    if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE &&
         record_type != MBEDTLS_SSL_MSG_ALERT &&
         record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
-        record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
-    {
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -3575,10 +3468,10 @@
  * the first record from a datagram but are still waiting for the others.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
-                                    unsigned char *buf,
-                                    size_t len,
-                                    mbedtls_record *rec )
+static int ssl_parse_record_header(mbedtls_ssl_context const *ssl,
+                                   unsigned char *buf,
+                                   size_t len,
+                                   mbedtls_record *rec)
 {
     mbedtls_ssl_protocol_version tls_version;
 
@@ -3610,38 +3503,36 @@
      */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
         rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len;
     }
 
-    if( len < rec_hdr_len_offset + rec_hdr_len_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header of length %u",
-                 (unsigned) len,
-                 (unsigned)( rec_hdr_len_len + rec_hdr_len_len ) ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (len < rec_hdr_len_offset + rec_hdr_len_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              (
+                                  "datagram of length %u too small to hold DTLS record header of length %u",
+                                  (unsigned) len,
+                                  (unsigned) (rec_hdr_len_len + rec_hdr_len_len)));
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
     /*
      * Parse and validate record content type
      */
 
-    rec->type = buf[ rec_hdr_type_offset ];
+    rec->type = buf[rec_hdr_type_offset];
 
     /* Check record content type */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     rec->cid_len = 0;
 
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->conf->cid_len != 0                                &&
-        rec->type == MBEDTLS_SSL_MSG_CID )
-    {
+        rec->type == MBEDTLS_SSL_MSG_CID) {
         /* Shift pointers to account for record header including CID
          * struct {
          *   ContentType outer_type = tls12_cid;
@@ -3660,62 +3551,58 @@
         rec_hdr_cid_len = ssl->conf->cid_len;
         rec_hdr_len_offset += rec_hdr_cid_len;
 
-        if( len < rec_hdr_len_offset + rec_hdr_len_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header including CID, length %u",
-                (unsigned) len,
-                (unsigned)( rec_hdr_len_offset + rec_hdr_len_len ) ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (len < rec_hdr_len_offset + rec_hdr_len_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  (
+                                      "datagram of length %u too small to hold DTLS record header including CID, length %u",
+                                      (unsigned) len,
+                                      (unsigned) (rec_hdr_len_offset + rec_hdr_len_len)));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
         /* configured CID len is guaranteed at most 255, see
          * MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */
         rec->cid_len = (uint8_t) rec_hdr_cid_len;
-        memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
-    }
-    else
+        memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len);
+    } else
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
     {
-        if( ssl_check_record_type( rec->type ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type %u",
-                                        (unsigned) rec->type ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (ssl_check_record_type(rec->type)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u",
+                                      (unsigned) rec->type));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
     }
 
     /*
      * Parse and validate record version
      */
-    rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
-    rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
-    tls_version = mbedtls_ssl_read_version( buf + rec_hdr_version_offset,
-                                            ssl->conf->transport );
+    rec->ver[0] = buf[rec_hdr_version_offset + 0];
+    rec->ver[1] = buf[rec_hdr_version_offset + 1];
+    tls_version = mbedtls_ssl_read_version(buf + rec_hdr_version_offset,
+                                           ssl->conf->transport);
 
-    if( tls_version > ssl->conf->max_tls_version )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS version mismatch: got %u, expected max %u",
-                                    (unsigned) tls_version,
-                                    (unsigned) ssl->conf->max_tls_version) );
+    if (tls_version > ssl->conf->max_tls_version) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("TLS version mismatch: got %u, expected max %u",
+                                  (unsigned) tls_version,
+                                  (unsigned) ssl->conf->max_tls_version));
 
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
     /*
      * Parse/Copy record sequence number.
      */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         /* Copy explicit record sequence number from input buffer. */
-        memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
-                rec_hdr_ctr_len );
-    }
-    else
+        memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset,
+               rec_hdr_ctr_len);
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
         /* Copy implicit record sequence number from SSL context structure. */
-        memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
+        memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len);
     }
 
     /*
@@ -3723,19 +3610,20 @@
      */
 
     rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len;
-    rec->data_len    = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) |
-                       ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
+    rec->data_len    = ((size_t) buf[rec_hdr_len_offset + 0] << 8) |
+                       ((size_t) buf[rec_hdr_len_offset + 1] << 0);
+    MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
-                                "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET,
-                                rec->type, (unsigned)tls_version, rec->data_len ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, "
+                              "version = [0x%x], msglen = %" MBEDTLS_PRINTF_SIZET,
+                              rec->type, (unsigned) tls_version, rec->data_len));
 
     rec->buf     = buf;
     rec->buf_len = rec->data_offset + rec->data_len;
 
-    if( rec->data_len == 0 )
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (rec->data_len == 0) {
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
+    }
 
     /*
      * DTLS-related tests.
@@ -3750,61 +3638,58 @@
      * record leads to the entire datagram being dropped.
      */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1];
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1];
 
         /* Check that the datagram is large enough to contain a record
          * of the advertised length. */
-        if( len < rec->data_offset + rec->data_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram of length %u too small to contain record of advertised length %u.",
-                             (unsigned) len,
-                             (unsigned)( rec->data_offset + rec->data_len ) ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (len < rec->data_offset + rec->data_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  (
+                                      "Datagram of length %u too small to contain record of advertised length %u.",
+                                      (unsigned) len,
+                                      (unsigned) (rec->data_offset + rec->data_len)));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
         /* Records from other, non-matching epochs are silently discarded.
          * (The case of same-port Client reconnects must be considered in
          *  the caller). */
-        if( rec_epoch != ssl->in_epoch )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
-                                        "expected %u, received %lu",
-                                        ssl->in_epoch, (unsigned long) rec_epoch ) );
+        if (rec_epoch != ssl->in_epoch) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: "
+                                      "expected %u, received %lu",
+                                      ssl->in_epoch, (unsigned long) rec_epoch));
 
             /* Records from the next epoch are considered for buffering
              * (concretely: early Finished messages). */
-            if( rec_epoch == (unsigned) ssl->in_epoch + 1 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
-                return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+            if (rec_epoch == (unsigned) ssl->in_epoch + 1) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering"));
+                return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
             }
 
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+            return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
         }
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
         /* For records from the correct epoch, check whether their
          * sequence number has been seen before. */
-        else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl,
-            &rec->ctr[0] ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+        else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl,
+                                                      &rec->ctr[0]) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record"));
+            return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
         }
 #endif
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    return( 0 );
+    return 0;
 }
 
 
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl )
+static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl)
 {
-    unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
+    unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1];
 
     /*
      * Check for an epoch 0 ClientHello. We can't use in_msg here to
@@ -3812,19 +3697,18 @@
      * have an active transform (possibly iv_len != 0), so use the
      * fact that the record header len is 13 instead.
      */
-    if( rec_epoch == 0 &&
+    if (rec_epoch == 0 &&
         ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
+        mbedtls_ssl_is_handshake_over(ssl) == 1 &&
         ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
         ssl->in_left > 13 &&
-        ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
-                                    "from the same port" ) );
-        return( ssl_handle_possible_reconnect( ssl ) );
+        ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect "
+                                  "from the same port"));
+        return ssl_handle_possible_reconnect(ssl);
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
 
@@ -3832,13 +3716,13 @@
  * If applicable, decrypt record content
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_record_content( mbedtls_ssl_context *ssl,
-                                       mbedtls_record *rec )
+static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
+                                      mbedtls_record *rec)
 {
     int ret, done = 0;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
-                           rec->buf, rec->buf_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "input record from network",
+                          rec->buf, rec->buf_len);
 
     /*
      * In TLS 1.3, always treat ChangeCipherSpec records
@@ -3846,44 +3730,40 @@
      * check the length and content and ignore them.
      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( ssl->transform_in != NULL &&
-        ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
-        if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+    if (ssl->transform_in != NULL &&
+        ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+        if (rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
             done = 1;
+        }
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    if( !done && ssl->transform_in != NULL )
-    {
+    if (!done && ssl->transform_in != NULL) {
         unsigned char const old_msg_type = rec->type;
 
-        if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in,
-                                             rec ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+        if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in,
+                                           rec)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
+            if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
                 ssl->conf->ignore_unexpected_cid
-                    == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) );
+                == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) {
+                MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID"));
                 ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
             }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-            return( ret );
+            return ret;
         }
 
-        if( old_msg_type != rec->type )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d",
-                                        old_msg_type, rec->type ) );
+        if (old_msg_type != rec->type) {
+            MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d",
+                                      old_msg_type, rec->type));
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
-                               rec->buf + rec->data_offset, rec->data_len );
+        MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt",
+                              rec->buf + rec->data_offset, rec->data_len);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         /* We have already checked the record content type
@@ -3893,22 +3773,19 @@
          * Since with the use of CIDs, the record content type
          * might change during decryption, re-check the record
          * content type, but treat a failure as fatal this time. */
-        if( ssl_check_record_type( rec->type ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (ssl_check_record_type(rec->type)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type"));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-        if( rec->data_len == 0 )
-        {
+        if (rec->data_len == 0) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
-                && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA )
-            {
+            if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2
+                && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
                 /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
-                return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+                MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype));
+                return MBEDTLS_ERR_SSL_INVALID_RECORD;
             }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
@@ -3918,61 +3795,55 @@
              * Three or more empty messages may be a DoS attack
              * (excessive CPU consumption).
              */
-            if( ssl->nb_zero > 3 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
-                                            "messages, possible DoS attack" ) );
+            if (ssl->nb_zero > 3) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty "
+                                          "messages, possible DoS attack"));
                 /* Treat the records as if they were not properly authenticated,
                  * thereby failing the connection if we see more than allowed
                  * by the configured bad MAC threshold. */
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+                return MBEDTLS_ERR_SSL_INVALID_MAC;
             }
-        }
-        else
+        } else {
             ssl->nb_zero = 0;
+        }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
             ; /* in_ctr read from peer, not maintained internally */
-        }
-        else
+        } else
 #endif
         {
             unsigned i;
-            for( i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
-                 i > mbedtls_ssl_ep_len( ssl ); i-- )
-            {
-                if( ++ssl->in_ctr[i - 1] != 0 )
+            for (i = MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
+                 i > mbedtls_ssl_ep_len(ssl); i--) {
+                if (++ssl->in_ctr[i - 1] != 0) {
                     break;
+                }
             }
 
             /* The loop goes to its end iff the counter is wrapping */
-            if( i == mbedtls_ssl_ep_len( ssl ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
-                return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+            if (i == mbedtls_ssl_ep_len(ssl)) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap"));
+                return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
             }
         }
 
     }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        mbedtls_ssl_dtls_replay_update( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_dtls_replay_update(ssl);
     }
 #endif
 
     /* Check actual (decrypted) record content length against
      * configured maximum. */
-    if( rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (rec->data_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length"));
+        return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -3985,131 +3856,125 @@
 
 /* Helper functions for mbedtls_ssl_read_record(). */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
+static int ssl_consume_current_message(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_next_record( mbedtls_ssl_context *ssl );
+static int ssl_get_next_record(mbedtls_ssl_context *ssl);
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
+static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl);
 
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
-                             unsigned update_hs_digest )
+int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
+                            unsigned update_hs_digest)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record"));
 
-    if( ssl->keep_current_message == 0 )
-    {
+    if (ssl->keep_current_message == 0) {
         do {
 
-            ret = ssl_consume_current_message( ssl );
-            if( ret != 0 )
-                return( ret );
+            ret = ssl_consume_current_message(ssl);
+            if (ret != 0) {
+                return ret;
+            }
 
-            if( ssl_record_is_in_progress( ssl ) == 0 )
-            {
+            if (ssl_record_is_in_progress(ssl) == 0) {
                 int dtls_have_buffered = 0;
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
                 /* We only check for buffered messages if the
                  * current datagram is fully consumed. */
-                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-                    ssl_next_record_is_in_datagram( ssl ) == 0 )
-                {
-                    if( ssl_load_buffered_message( ssl ) == 0 )
+                if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+                    ssl_next_record_is_in_datagram(ssl) == 0) {
+                    if (ssl_load_buffered_message(ssl) == 0) {
                         dtls_have_buffered = 1;
+                    }
                 }
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-                if( dtls_have_buffered == 0 )
-                {
-                    ret = ssl_get_next_record( ssl );
-                    if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+                if (dtls_have_buffered == 0) {
+                    ret = ssl_get_next_record(ssl);
+                    if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) {
                         continue;
+                    }
 
-                    if( ret != 0 )
-                    {
-                        MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
-                        return( ret );
+                    if (ret != 0) {
+                        MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret);
+                        return ret;
                     }
                 }
             }
 
-            ret = mbedtls_ssl_handle_message_type( ssl );
+            ret = mbedtls_ssl_handle_message_type(ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-            if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
-            {
+            if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
                 /* Buffer future message */
-                ret = ssl_buffer_message( ssl );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_buffer_message(ssl);
+                if (ret != 0) {
+                    return ret;
+                }
 
                 ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
             }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-        } while( MBEDTLS_ERR_SSL_NON_FATAL           == ret  ||
-                 MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
+        } while (MBEDTLS_ERR_SSL_NON_FATAL           == ret  ||
+                 MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret);
 
-        if( 0 != ret )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
-            return( ret );
+        if (0 != ret) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret);
+            return ret;
         }
 
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            update_hs_digest == 1 )
-        {
-            mbedtls_ssl_update_handshake_status( ssl );
+        if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            update_hs_digest == 1) {
+            mbedtls_ssl_update_handshake_status(ssl);
         }
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message"));
         ssl->keep_current_message = 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record"));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
+static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl)
 {
-    if( ssl->in_left > ssl->next_record_offset )
-        return( 1 );
+    if (ssl->in_left > ssl->next_record_offset) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
+static int ssl_load_buffered_message(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
-    mbedtls_ssl_hs_buffer * hs_buf;
+    mbedtls_ssl_hs_buffer *hs_buf;
     int ret = 0;
 
-    if( hs == NULL )
-        return( -1 );
+    if (hs == NULL) {
+        return -1;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_message"));
 
-    if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
-        ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
-    {
+    if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
+        ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
         /* Check if we have seen a ChangeCipherSpec before.
          * If yes, synthesize a CCS record. */
-        if( !hs->buffering.seen_ccs )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
+        if (!hs->buffering.seen_ccs) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight"));
             ret = -1;
             goto exit;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message"));
         ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
         ssl->in_msglen = 1;
         ssl->in_msg[0] = 1;
@@ -4126,14 +3991,12 @@
     /* Debug only */
     {
         unsigned offset;
-        for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
-        {
+        for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) {
             hs_buf = &hs->buffering.hs[offset];
-            if( hs_buf->is_valid == 1 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
-                            hs->in_msg_seq + offset,
-                            hs_buf->is_complete ? "fully" : "partially" ) );
+            if (hs_buf->is_valid == 1) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.",
+                                          hs->in_msg_seq + offset,
+                                          hs_buf->is_complete ? "fully" : "partially"));
             }
         }
     }
@@ -4142,105 +4005,100 @@
     /* Check if we have buffered and/or fully reassembled the
      * next handshake message. */
     hs_buf = &hs->buffering.hs[0];
-    if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
-    {
+    if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) {
         /* Synthesize a record containing the buffered HS message. */
-        size_t msg_len = ( hs_buf->data[1] << 16 ) |
-                         ( hs_buf->data[2] << 8  ) |
-                           hs_buf->data[3];
+        size_t msg_len = (hs_buf->data[1] << 16) |
+                         (hs_buf->data[2] << 8) |
+                         hs_buf->data[3];
 
         /* Double-check that we haven't accidentally buffered
          * a message that doesn't fit into the input buffer. */
-        if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
-                               hs_buf->data, msg_len + 12 );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load"));
+        MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)",
+                              hs_buf->data, msg_len + 12);
 
         ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
         ssl->in_hslen   = msg_len + 12;
         ssl->in_msglen  = msg_len + 12;
-        memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
+        memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen);
 
         ret = 0;
         goto exit;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
-                                    hs->in_msg_seq ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered",
+                                  hs->in_msg_seq));
     }
 
     ret = -1;
 
 exit:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message"));
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
-                                  size_t desired )
+static int ssl_buffer_make_space(mbedtls_ssl_context *ssl,
+                                 size_t desired)
 {
     int offset;
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available",
-                                (unsigned) desired ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available",
+                              (unsigned) desired));
 
     /* Get rid of future records epoch first, if such exist. */
-    ssl_free_buffered_record( ssl );
+    ssl_free_buffered_record(ssl);
 
     /* Check if we have enough space available now. */
-    if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
-                     hs->buffering.total_bytes_buffered ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) );
-        return( 0 );
+    if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                    hs->buffering.total_bytes_buffered)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record"));
+        return 0;
     }
 
     /* We don't have enough space to buffer the next expected handshake
      * message. Remove buffers used for future messages to gain space,
      * starting with the most distant one. */
-    for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
-         offset >= 0; offset-- )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
-                                    offset ) );
+    for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
+         offset >= 0; offset--) {
+        MBEDTLS_SSL_DEBUG_MSG(2,
+                              (
+                                  "Free buffering slot %d to make space for reassembly of next handshake message",
+                                  offset));
 
-        ssl_buffering_free_slot( ssl, (uint8_t) offset );
+        ssl_buffering_free_slot(ssl, (uint8_t) offset);
 
         /* Check if we have enough space available now. */
-        if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
-                         hs->buffering.total_bytes_buffered ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) );
-            return( 0 );
+        if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                        hs->buffering.total_bytes_buffered)) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages"));
+            return 0;
         }
     }
 
-    return( -1 );
+    return -1;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_message( mbedtls_ssl_context *ssl )
+static int ssl_buffer_message(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
-    if( hs == NULL )
-        return( 0 );
+    if (hs == NULL) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message"));
 
-    switch( ssl->in_msgtype )
-    {
+    switch (ssl->in_msgtype) {
         case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message"));
 
             hs->buffering.seen_ccs = 1;
             break;
@@ -4248,113 +4106,115 @@
         case MBEDTLS_SSL_MSG_HANDSHAKE:
         {
             unsigned recv_msg_seq_offset;
-            unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+            unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5];
             mbedtls_ssl_hs_buffer *hs_buf;
             size_t msg_len = ssl->in_hslen - 12;
 
             /* We should never receive an old handshake
              * message - double-check nonetheless. */
-            if( recv_msg_seq < ssl->handshake->in_msg_seq )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            if (recv_msg_seq < ssl->handshake->in_msg_seq) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
 
             recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
-            if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
-            {
+            if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) {
                 /* Silently ignore -- message too far in the future */
-                MBEDTLS_SSL_DEBUG_MSG( 2,
-                 ( "Ignore future HS message with sequence number %u, "
-                   "buffering window %u - %u",
-                   recv_msg_seq, ssl->handshake->in_msg_seq,
-                   ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
+                MBEDTLS_SSL_DEBUG_MSG(2,
+                                      ("Ignore future HS message with sequence number %u, "
+                                       "buffering window %u - %u",
+                                       recv_msg_seq, ssl->handshake->in_msg_seq,
+                                       ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS -
+                                       1));
 
                 goto exit;
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
-                                        recv_msg_seq, recv_msg_seq_offset ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ",
+                                      recv_msg_seq, recv_msg_seq_offset));
 
-            hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
+            hs_buf = &hs->buffering.hs[recv_msg_seq_offset];
 
             /* Check if the buffering for this seq nr has already commenced. */
-            if( !hs_buf->is_valid )
-            {
+            if (!hs_buf->is_valid) {
                 size_t reassembly_buf_sz;
 
                 hs_buf->is_fragmented =
-                    ( ssl_hs_is_proper_fragment( ssl ) == 1 );
+                    (ssl_hs_is_proper_fragment(ssl) == 1);
 
                 /* We copy the message back into the input buffer
                  * after reassembly, so check that it's not too large.
                  * This is an implementation-specific limitation
                  * and not one from the standard, hence it is not
                  * checked in ssl_check_hs_header(). */
-                if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
-                {
+                if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) {
                     /* Ignore message */
                     goto exit;
                 }
 
                 /* Check if we have enough space to buffer the message. */
-                if( hs->buffering.total_bytes_buffered >
-                    MBEDTLS_SSL_DTLS_MAX_BUFFERING )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                if (hs->buffering.total_bytes_buffered >
+                    MBEDTLS_SSL_DTLS_MAX_BUFFERING) {
+                    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+                    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
                 }
 
-                reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
-                                                       hs_buf->is_fragmented );
+                reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len,
+                                                                   hs_buf->is_fragmented);
 
-                if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
-                                          hs->buffering.total_bytes_buffered ) )
-                {
-                    if( recv_msg_seq_offset > 0 )
-                    {
+                if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                                         hs->buffering.total_bytes_buffered)) {
+                    if (recv_msg_seq_offset > 0) {
                         /* If we can't buffer a future message because
                          * of space limitations -- ignore. */
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
-                                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
-                                                    " (already %" MBEDTLS_PRINTF_SIZET
-                                                    " bytes buffered) -- ignore\n",
-                             msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
-                             hs->buffering.total_bytes_buffered ) );
+                        MBEDTLS_SSL_DEBUG_MSG(2,
+                                              ("Buffering of future message of size %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " would exceed the compile-time limit %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " (already %" MBEDTLS_PRINTF_SIZET
+                                               " bytes buffered) -- ignore\n",
+                                               msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                                               hs->buffering.total_bytes_buffered));
                         goto exit;
-                    }
-                    else
-                    {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
-                                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
-                                                    " (already %" MBEDTLS_PRINTF_SIZET
-                                                    " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
-                             msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
-                             hs->buffering.total_bytes_buffered ) );
+                    } else {
+                        MBEDTLS_SSL_DEBUG_MSG(2,
+                                              ("Buffering of future message of size %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " would exceed the compile-time limit %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " (already %" MBEDTLS_PRINTF_SIZET
+                                               " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+                                               msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                                               hs->buffering.total_bytes_buffered));
                     }
 
-                    if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
-                    {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
-                                                    " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
-                                                    " the compile-time limit %" MBEDTLS_PRINTF_SIZET
-                                                    " (already %" MBEDTLS_PRINTF_SIZET
-                                                    " bytes buffered) -- fail\n",
-                             msg_len,
-                             reassembly_buf_sz,
-                             (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
-                             hs->buffering.total_bytes_buffered ) );
+                    if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) {
+                        MBEDTLS_SSL_DEBUG_MSG(2,
+                                              ("Reassembly of next message of size %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " (%" MBEDTLS_PRINTF_SIZET
+                                               " with bitmap) would exceed"
+                                               " the compile-time limit %"
+                                               MBEDTLS_PRINTF_SIZET
+                                               " (already %" MBEDTLS_PRINTF_SIZET
+                                               " bytes buffered) -- fail\n",
+                                               msg_len,
+                                               reassembly_buf_sz,
+                                               (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                                               hs->buffering.total_bytes_buffered));
                         ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
                         goto exit;
                     }
                 }
 
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
-                                            msg_len ) );
+                MBEDTLS_SSL_DEBUG_MSG(2,
+                                      ("initialize reassembly, total length = %"
+                                       MBEDTLS_PRINTF_SIZET,
+                                       msg_len));
 
-                hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
-                if( hs_buf->data == NULL )
-                {
+                hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz);
+                if (hs_buf->data == NULL) {
                     ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
                     goto exit;
                 }
@@ -4362,27 +4222,23 @@
 
                 /* Prepare final header: copy msg_type, length and message_seq,
                  * then add standardised fragment_offset and fragment_length */
-                memcpy( hs_buf->data, ssl->in_msg, 6 );
-                memset( hs_buf->data + 6, 0, 3 );
-                memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
+                memcpy(hs_buf->data, ssl->in_msg, 6);
+                memset(hs_buf->data + 6, 0, 3);
+                memcpy(hs_buf->data + 9, hs_buf->data + 1, 3);
 
                 hs_buf->is_valid = 1;
 
                 hs->buffering.total_bytes_buffered += reassembly_buf_sz;
-            }
-            else
-            {
+            } else {
                 /* Make sure msg_type and length are consistent */
-                if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
+                if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) {
+                    MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore"));
                     /* Ignore */
                     goto exit;
                 }
             }
 
-            if( !hs_buf->is_complete )
-            {
+            if (!hs_buf->is_complete) {
                 size_t frag_len, frag_off;
                 unsigned char * const msg = hs_buf->data + 12;
 
@@ -4392,28 +4248,25 @@
 
                 /* Validation of header fields already done in
                  * mbedtls_ssl_prepare_handshake_record(). */
-                frag_off = ssl_get_hs_frag_off( ssl );
-                frag_len = ssl_get_hs_frag_len( ssl );
+                frag_off = ssl_get_hs_frag_off(ssl);
+                frag_len = ssl_get_hs_frag_len(ssl);
 
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
-                                            ", length = %" MBEDTLS_PRINTF_SIZET,
-                                            frag_off, frag_len ) );
-                memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
+                MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
+                                          ", length = %" MBEDTLS_PRINTF_SIZET,
+                                          frag_off, frag_len));
+                memcpy(msg + frag_off, ssl->in_msg + 12, frag_len);
 
-                if( hs_buf->is_fragmented )
-                {
+                if (hs_buf->is_fragmented) {
                     unsigned char * const bitmask = msg + msg_len;
-                    ssl_bitmask_set( bitmask, frag_off, frag_len );
-                    hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
-                                                               msg_len ) == 0 );
-                }
-                else
-                {
+                    ssl_bitmask_set(bitmask, frag_off, frag_len);
+                    hs_buf->is_complete = (ssl_bitmask_check(bitmask,
+                                                             msg_len) == 0);
+                } else {
                     hs_buf->is_complete = 1;
                 }
 
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
-                                   hs_buf->is_complete ? "" : "not yet " ) );
+                MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete",
+                                          hs_buf->is_complete ? "" : "not yet "));
             }
 
             break;
@@ -4426,13 +4279,13 @@
 
 exit:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message"));
+    return ret;
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
+static int ssl_consume_current_message(mbedtls_ssl_context *ssl)
 {
     /*
      * Consume last content-layer message and potentially
@@ -4457,15 +4310,13 @@
      */
 
     /* Case (1): Handshake messages */
-    if( ssl->in_hslen != 0 )
-    {
+    if (ssl->in_hslen != 0) {
         /* Hard assertion to be sure that no application data
          * is in flight, as corrupting ssl->in_msglen during
          * ssl->in_offt != NULL is fatal. */
-        if( ssl->in_offt != NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (ssl->in_offt != NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         /*
@@ -4489,68 +4340,64 @@
          *     bounds after handling a DTLS message with an unexpected
          *     sequence number, see mbedtls_ssl_prepare_handshake_record.
          */
-        if( ssl->in_hslen < ssl->in_msglen )
-        {
+        if (ssl->in_hslen < ssl->in_msglen) {
             ssl->in_msglen -= ssl->in_hslen;
-            memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
-                     ssl->in_msglen );
+            memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen,
+                    ssl->in_msglen);
 
-            MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
-                                   ssl->in_msg, ssl->in_msglen );
-        }
-        else
-        {
+            MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record",
+                                  ssl->in_msg, ssl->in_msglen);
+        } else {
             ssl->in_msglen = 0;
         }
 
         ssl->in_hslen   = 0;
     }
     /* Case (4): Application data */
-    else if( ssl->in_offt != NULL )
-    {
-        return( 0 );
+    else if (ssl->in_offt != NULL) {
+        return 0;
     }
     /* Everything else (CCS & Alerts) */
-    else
-    {
+    else {
         ssl->in_msglen = 0;
     }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
+static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl)
 {
-    if( ssl->in_msglen > 0 )
-        return( 1 );
+    if (ssl->in_msglen > 0) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
+static void ssl_free_buffered_record(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
-    if( hs == NULL )
+    if (hs == NULL) {
         return;
+    }
 
-    if( hs->buffering.future_record.data != NULL )
-    {
+    if (hs->buffering.future_record.data != NULL) {
         hs->buffering.total_bytes_buffered -=
             hs->buffering.future_record.len;
 
-        mbedtls_free( hs->buffering.future_record.data );
+        mbedtls_free(hs->buffering.future_record.data);
         hs->buffering.future_record.data = NULL;
     }
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
+static int ssl_load_buffered_record(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
-    unsigned char * rec;
+    unsigned char *rec;
     size_t rec_len;
     unsigned rec_epoch;
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
@@ -4558,88 +4405,92 @@
 #else
     size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
 #endif
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 0 );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return 0;
+    }
 
-    if( hs == NULL )
-        return( 0 );
+    if (hs == NULL) {
+        return 0;
+    }
 
     rec       = hs->buffering.future_record.data;
     rec_len   = hs->buffering.future_record.len;
     rec_epoch = hs->buffering.future_record.epoch;
 
-    if( rec == NULL )
-        return( 0 );
+    if (rec == NULL) {
+        return 0;
+    }
 
     /* Only consider loading future records if the
      * input buffer is empty. */
-    if( ssl_next_record_is_in_datagram( ssl ) == 1 )
-        return( 0 );
+    if (ssl_next_record_is_in_datagram(ssl) == 1) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record"));
 
-    if( rec_epoch != ssl->in_epoch )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) );
+    if (rec_epoch != ssl->in_epoch) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch."));
         goto exit;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load"));
 
     /* Double-check that the record is not too large */
-    if( rec_len > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (rec_len > in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    memcpy( ssl->in_hdr, rec, rec_len );
+    memcpy(ssl->in_hdr, rec, rec_len);
     ssl->in_left = rec_len;
     ssl->next_record_offset = 0;
 
-    ssl_free_buffered_record( ssl );
+    ssl_free_buffered_record(ssl);
 
 exit:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record"));
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
-                                     mbedtls_record const *rec )
+static int ssl_buffer_future_record(mbedtls_ssl_context *ssl,
+                                    mbedtls_record const *rec)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
     /* Don't buffer future records outside handshakes. */
-    if( hs == NULL )
-        return( 0 );
+    if (hs == NULL) {
+        return 0;
+    }
 
     /* Only buffer handshake records (we are only interested
      * in Finished messages). */
-    if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE )
-        return( 0 );
+    if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        return 0;
+    }
 
     /* Don't buffer more than one future epoch record. */
-    if( hs->buffering.future_record.data != NULL )
-        return( 0 );
+    if (hs->buffering.future_record.data != NULL) {
+        return 0;
+    }
 
     /* Don't buffer record if there's not enough buffering space remaining. */
-    if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
-                         hs->buffering.total_bytes_buffered ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
-                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
-                                    " (already %" MBEDTLS_PRINTF_SIZET
-                                    " bytes buffered) -- ignore\n",
-                        rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
-                        hs->buffering.total_bytes_buffered ) );
-        return( 0 );
+    if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                        hs->buffering.total_bytes_buffered)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
+                                  " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+                                  " (already %" MBEDTLS_PRINTF_SIZET
+                                  " bytes buffered) -- ignore\n",
+                                  rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                                  hs->buffering.total_bytes_buffered));
+        return 0;
     }
 
     /* Buffer record */
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
-                                ssl->in_epoch + 1U ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u",
+                              ssl->in_epoch + 1U));
+    MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len);
 
     /* ssl_parse_record_header() only considers records
      * of the next epoch as candidates for buffering. */
@@ -4647,24 +4498,23 @@
     hs->buffering.future_record.len   = rec->buf_len;
 
     hs->buffering.future_record.data =
-        mbedtls_calloc( 1, hs->buffering.future_record.len );
-    if( hs->buffering.future_record.data == NULL )
-    {
+        mbedtls_calloc(1, hs->buffering.future_record.len);
+    if (hs->buffering.future_record.data == NULL) {
         /* If we run out of RAM trying to buffer a
          * record from the next epoch, just ignore. */
-        return( 0 );
+        return 0;
     }
 
-    memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len );
+    memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len);
 
     hs->buffering.total_bytes_buffered += rec->buf_len;
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_next_record( mbedtls_ssl_context *ssl )
+static int ssl_get_next_record(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_record rec;
@@ -4676,44 +4526,41 @@
      * the length of the buffered record, so that
      * the calls to ssl_fetch_input() below will
      * essentially be no-ops. */
-    ret = ssl_load_buffered_record( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_load_buffered_record(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /* Ensure that we have enough space available for the default form
      * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS,
      * with no space for CIDs counted in). */
-    ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
+    ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl));
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+        return ret;
     }
 
-    ret = ssl_parse_record_header( ssl, ssl->in_hdr, ssl->in_left, &rec );
-    if( ret != 0 )
-    {
+    ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec);
+    if (ret != 0) {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
-            {
-                ret = ssl_buffer_future_record( ssl, &rec );
-                if( ret != 0 )
-                    return( ret );
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) {
+                ret = ssl_buffer_future_record(ssl, &rec);
+                if (ret != 0) {
+                    return ret;
+                }
 
                 /* Fall through to handling of unexpected records */
                 ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
             }
 
-            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
-            {
+            if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) {
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
                 /* Reset in pointers to default state for TLS/DTLS records,
                  * assuming no CID and no offset between record content and
                  * record plaintext. */
-                mbedtls_ssl_update_in_pointers( ssl );
+                mbedtls_ssl_update_in_pointers(ssl);
 
                 /* Setup internal message pointers from record structure. */
                 ssl->in_msgtype = rec.type;
@@ -4723,59 +4570,53 @@
                 ssl->in_iv  = ssl->in_msg = ssl->in_len + 2;
                 ssl->in_msglen = rec.data_len;
 
-                ret = ssl_check_client_reconnect( ssl );
-                MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_check_client_reconnect(ssl);
+                MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret);
+                if (ret != 0) {
+                    return ret;
+                }
 #endif
 
                 /* Skip unexpected record (but not whole datagram) */
                 ssl->next_record_offset = rec.buf_len;
 
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
-                                            "(header)" ) );
-            }
-            else
-            {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record "
+                                          "(header)"));
+            } else {
                 /* Skip invalid record and the rest of the datagram */
                 ssl->next_record_offset = 0;
                 ssl->in_left = 0;
 
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
-                                            "(header)" ) );
+                MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record "
+                                          "(header)"));
             }
 
             /* Get next record */
-            return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
-        }
-        else
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+        } else
 #endif
         {
-            return( ret );
+            return ret;
         }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         /* Remember offset of next record within datagram. */
         ssl->next_record_offset = rec.buf_len;
-        if( ssl->next_record_offset < ssl->in_left )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
+        if (ssl->next_record_offset < ssl->in_left) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram"));
         }
-    }
-    else
+    } else
 #endif
     {
         /*
          * Fetch record contents from underlying transport.
          */
-        ret = mbedtls_ssl_fetch_input( ssl, rec.buf_len );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-            return( ret );
+        ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+            return ret;
         }
 
         ssl->in_left = 0;
@@ -4785,36 +4626,30 @@
      * Decrypt record contents.
      */
 
-    if( ( ret = ssl_prepare_record_content( ssl, &rec ) ) != 0 )
-    {
+    if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
             /* Silently discard invalid records */
-            if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            {
+            if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
                 /* Except when waiting for Finished as a bad mac here
                  * probably means something went wrong in the handshake
                  * (eg wrong psk used, mitm downgrade attempt, etc.) */
-                if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
-                    ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
-                {
+                if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
+                    ssl->state == MBEDTLS_SSL_SERVER_FINISHED) {
 #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
-                    if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-                    {
-                        mbedtls_ssl_send_alert_message( ssl,
-                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+                    if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+                        mbedtls_ssl_send_alert_message(ssl,
+                                                       MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                                       MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC);
                     }
 #endif
-                    return( ret );
+                    return ret;
                 }
 
-                if( ssl->conf->badmac_limit != 0 &&
-                    ++ssl->badmac_seen >= ssl->conf->badmac_limit )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
-                    return( MBEDTLS_ERR_SSL_INVALID_MAC );
+                if (ssl->conf->badmac_limit != 0 &&
+                    ++ssl->badmac_seen >= ssl->conf->badmac_limit) {
+                    MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC"));
+                    return MBEDTLS_ERR_SSL_INVALID_MAC;
                 }
 
                 /* As above, invalid records cause
@@ -4823,25 +4658,23 @@
                 ssl->next_record_offset = 0;
                 ssl->in_left = 0;
 
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
-                return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+                MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)"));
+                return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
             }
 
-            return( ret );
-        }
-        else
+            return ret;
+        } else
 #endif
         {
             /* Error out (and send alert) on invalid records */
 #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
-            if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            {
-                mbedtls_ssl_send_alert_message( ssl,
-                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                        MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+            if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+                mbedtls_ssl_send_alert_message(ssl,
+                                               MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                               MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC);
             }
 #endif
-            return( ret );
+            return ret;
         }
     }
 
@@ -4849,7 +4682,7 @@
     /* Reset in pointers to default state for TLS/DTLS records,
      * assuming no CID and no offset between record content and
      * record plaintext. */
-    mbedtls_ssl_update_in_pointers( ssl );
+    mbedtls_ssl_update_in_pointers(ssl);
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     ssl->in_len = ssl->in_cid + rec.cid_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -4865,113 +4698,100 @@
     ssl->in_hdr[0] = rec.type;
     ssl->in_msg    = rec.buf + rec.data_offset;
     ssl->in_msglen = rec.data_len;
-    MBEDTLS_PUT_UINT16_BE( rec.data_len, ssl->in_len, 0 );
+    MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0);
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /*
      * Handle particular types of records
      */
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
-        {
-            return( ret );
+    if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+        if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) {
+            return ret;
         }
     }
 
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
-    {
-        if( ssl->in_msglen != 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
-                           ssl->in_msglen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+        if (ssl->in_msglen != 1) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
+                                      ssl->in_msglen));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
-        if( ssl->in_msg[0] != 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x",
-                                        ssl->in_msg[0] ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        if (ssl->in_msg[0] != 1) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x",
+                                      ssl->in_msg[0]));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
             ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC    &&
-            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
-        {
-            if( ssl->handshake == NULL )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) {
+            if (ssl->handshake == NULL) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake"));
+                return MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
-            return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember"));
+            return MBEDTLS_ERR_SSL_EARLY_MESSAGE;
         }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-        if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-        {
+        if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" ) );
-            return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"));
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
 #else
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
         }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
     }
 
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
-    {
-        if( ssl->in_msglen != 2 )
-        {
+    if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
+        if (ssl->in_msglen != 2) {
             /* Note: Standard allows for more than one 2 byte alert
                to be packed in a single message, but Mbed TLS doesn't
                currently support this. */
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
-                           ssl->in_msglen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
+                                      ssl->in_msglen));
+            return MBEDTLS_ERR_SSL_INVALID_RECORD;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
-                       ssl->in_msg[0], ssl->in_msg[1] ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]",
+                                  ssl->in_msg[0], ssl->in_msg[1]));
 
         /*
          * Ignore non-fatal alerts, except close_notify and no_renegotiation
          */
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
-                           ssl->in_msg[1] ) );
-            return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
+        if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)",
+                                      ssl->in_msg[1]));
+            return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE;
         }
 
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
-            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
-            return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
+        if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message"));
+            return MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY;
         }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
-            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a no renegotiation alert" ) );
+        if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("is a no renegotiation alert"));
             /* Will be handled when trying to parse ServerHello */
-            return( 0 );
+            return 0;
         }
 #endif
         /* Silently ignore: fetch new message */
@@ -4979,75 +4799,73 @@
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         /* Drop unexpected ApplicationData records,
          * except at the beginning of renegotiations */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
-            mbedtls_ssl_is_handshake_over( ssl ) == 0
+        if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+            mbedtls_ssl_is_handshake_over(ssl) == 0
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-            && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-                   ssl->state == MBEDTLS_SSL_SERVER_HELLO )
+            && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+                 ssl->state == MBEDTLS_SSL_SERVER_HELLO)
 #endif
-            )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
-            return( MBEDTLS_ERR_SSL_NON_FATAL );
+            ) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData"));
+            return MBEDTLS_ERR_SSL_NON_FATAL;
         }
 
-        if( ssl->handshake != NULL &&
-            mbedtls_ssl_is_handshake_over( ssl ) == 1 )
-        {
-            mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
+        if (ssl->handshake != NULL &&
+            mbedtls_ssl_is_handshake_over(ssl) == 1) {
+            mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_send_alert_message( ssl,
-                  MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                  MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) );
+    return mbedtls_ssl_send_alert_message(ssl,
+                                          MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                          MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
 }
 
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
-                            unsigned char level,
-                            unsigned char message )
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+                                   unsigned char level,
+                                   unsigned char message)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( ssl->out_left != 0 )
-        return( mbedtls_ssl_flush_output( ssl ) );
+    if (ssl->out_left != 0) {
+        return mbedtls_ssl_flush_output(ssl);
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message"));
+    MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
     ssl->out_msglen = 2;
     ssl->out_msg[0] = level;
     ssl->out_msg[1] = message;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+        return ret;
     }
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message"));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
     ssl->out_msglen  = 1;
@@ -5055,35 +4873,32 @@
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec"));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec"));
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
     /* CCS records are only accepted if they have length 1 and content '1',
@@ -5093,39 +4908,36 @@
      * Switch to our negotiated transform and session parameters for inbound
      * data.
      */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data"));
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     ssl->transform_in = ssl->transform_negotiate;
 #endif
     ssl->session_in = ssl->session_negotiate;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-        mbedtls_ssl_dtls_replay_reset( ssl );
+        mbedtls_ssl_dtls_replay_reset(ssl);
 #endif
 
         /* Increment epoch */
-        if( ++ssl->in_epoch == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
+        if (++ssl->in_epoch == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap"));
             /* This is highly unlikely to happen for legitimate reasons, so
                treat it as an attack and don't send an alert. */
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+            return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
 
-    mbedtls_ssl_update_in_pointers( ssl );
+    mbedtls_ssl_update_in_pointers(ssl);
 
     ssl->state++;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec"));
 
-    return( 0 );
+    return 0;
 }
 
 /* Once ssl->out_hdr as the address of the beginning of the
@@ -5137,29 +4949,28 @@
  */
 
 static size_t ssl_transform_get_explicit_iv_len(
-                        mbedtls_ssl_transform const *transform )
+    mbedtls_ssl_transform const *transform)
 {
-    return( transform->ivlen - transform->fixed_ivlen );
+    return transform->ivlen - transform->fixed_ivlen;
 }
 
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
-                                      mbedtls_ssl_transform *transform )
+void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl,
+                                     mbedtls_ssl_transform *transform)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->out_ctr = ssl->out_hdr +  3;
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         ssl->out_cid = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
         ssl->out_len = ssl->out_cid;
-        if( transform != NULL )
+        if (transform != NULL) {
             ssl->out_len += transform->out_cid_len;
+        }
 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->out_len = ssl->out_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->out_iv  = ssl->out_len + 2;
-    }
-    else
+    } else
 #endif
     {
         ssl->out_len = ssl->out_hdr + 3;
@@ -5171,8 +4982,9 @@
 
     ssl->out_msg = ssl->out_iv;
     /* Adjust out_msg to make space for explicit IV, if used. */
-    if( transform != NULL )
-        ssl->out_msg += ssl_transform_get_explicit_iv_len( transform );
+    if (transform != NULL) {
+        ssl->out_msg += ssl_transform_get_explicit_iv_len(transform);
+    }
 }
 
 /* Once ssl->in_hdr as the address of the beginning of the
@@ -5183,7 +4995,7 @@
  *       and the caller has to make sure there's space for this.
  */
 
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl)
 {
     /* This function sets the pointers to match the case
      * of unprotected TLS/DTLS records, with both  ssl->in_iv
@@ -5196,8 +5008,7 @@
      */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         /* This sets the header pointers to match records
          * without CID. When we receive a record containing
          * a CID, the fields are shifted accordingly in
@@ -5210,8 +5021,7 @@
         ssl->in_len = ssl->in_ctr + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         ssl->in_iv  = ssl->in_len + 2;
-    }
-    else
+    } else
 #endif
     {
         ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
@@ -5230,16 +5040,14 @@
  * Setup an SSL context
  */
 
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl)
 {
     /* Set the incoming and outgoing record pointers. */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->out_hdr = ssl->out_buf;
         ssl->in_hdr  = ssl->in_buf;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
         ssl->out_ctr = ssl->out_buf;
@@ -5248,29 +5056,28 @@
     }
 
     /* Derive other internal pointers. */
-    mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
-    mbedtls_ssl_update_in_pointers ( ssl );
+    mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */);
+    mbedtls_ssl_update_in_pointers(ssl);
 }
 
 /*
  * SSL get accessors
  */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl)
 {
-    return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
+    return ssl->in_offt == NULL ? 0 : ssl->in_msglen;
 }
 
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl)
 {
     /*
      * Case A: We're currently holding back
      * a message for further processing.
      */
 
-    if( ssl->keep_current_message == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) );
-        return( 1 );
+    if (ssl->keep_current_message == 1) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing"));
+        return 1;
     }
 
     /*
@@ -5278,11 +5085,10 @@
      */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->in_left > ssl->next_record_offset )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
-        return( 1 );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->in_left > ssl->next_record_offset) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram"));
+        return 1;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -5290,19 +5096,18 @@
      * Case C: A handshake message is being processed.
      */
 
-    if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) );
-        return( 1 );
+    if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) {
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("ssl_check_pending: more handshake messages within current record"));
+        return 1;
     }
 
     /*
      * Case D: An application data message is being processed
      */
-    if( ssl->in_offt != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) );
-        return( 1 );
+    if (ssl->in_offt != NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed"));
+        return 1;
     }
 
     /*
@@ -5311,12 +5116,12 @@
      * we implement support for multiple alerts in single records.
      */
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending"));
+    return 0;
 }
 
 
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl)
 {
     size_t transform_expansion = 0;
     const mbedtls_ssl_transform *transform = ssl->transform_out;
@@ -5326,27 +5131,25 @@
     psa_key_type_t key_type;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
+    size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl);
 
-    if( transform == NULL )
-        return( (int) out_hdr_len );
+    if (transform == NULL) {
+        return (int) out_hdr_len;
+    }
 
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if ( transform->psa_alg == PSA_ALG_GCM ||
-         transform->psa_alg == PSA_ALG_CCM ||
-         transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ) ||
-         transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ||
-         transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
-    {
+    if (transform->psa_alg == PSA_ALG_GCM ||
+        transform->psa_alg == PSA_ALG_CCM ||
+        transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) ||
+        transform->psa_alg == PSA_ALG_CHACHA20_POLY1305 ||
+        transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) {
         transform_expansion = transform->minlen;
-    }
-    else if ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
-    {
-        (void) psa_get_key_attributes( transform->psa_key_enc, &attr );
-        key_type = psa_get_key_type( &attr );
+    } else if (transform->psa_alg == PSA_ALG_CBC_NO_PADDING) {
+        (void) psa_get_key_attributes(transform->psa_key_enc, &attr);
+        key_type = psa_get_key_type(&attr);
 
-        block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
+        block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
 
         /* Expansion due to the addition of the MAC. */
         transform_expansion += transform->maclen;
@@ -5361,15 +5164,13 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         transform_expansion += block_size;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #else
-    switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
-    {
+    switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) {
         case MBEDTLS_MODE_GCM:
         case MBEDTLS_MODE_CCM:
         case MBEDTLS_MODE_CHACHAPOLY:
@@ -5380,7 +5181,7 @@
         case MBEDTLS_MODE_CBC:
 
             block_size = mbedtls_cipher_get_block_size(
-                &transform->cipher_ctx_enc );
+                &transform->cipher_ctx_enc);
 
             /* Expansion due to the addition of the MAC. */
             transform_expansion += transform->maclen;
@@ -5399,17 +5200,18 @@
             break;
 
         default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( transform->out_cid_len != 0 )
+    if (transform->out_cid_len != 0) {
         transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION;
+    }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-    return( (int)( out_hdr_len + transform_expansion ) );
+    return (int) (out_hdr_len + transform_expansion);
 }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -5417,33 +5219,31 @@
  * Check record counters and renegotiate if they're above the limit.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
+static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl)
 {
-    size_t ep_len = mbedtls_ssl_ep_len( ssl );
+    size_t ep_len = mbedtls_ssl_ep_len(ssl);
     int in_ctr_cmp;
     int out_ctr_cmp;
 
-    if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ||
+    if (mbedtls_ssl_is_handshake_over(ssl) == 0 ||
         ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
-        ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
-    {
-        return( 0 );
+        ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
+        return 0;
     }
 
-    in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
+    in_ctr_cmp = memcmp(ssl->in_ctr + ep_len,
+                        &ssl->conf->renego_period[ep_len],
+                        MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len);
+    out_ctr_cmp = memcmp(&ssl->cur_out_ctr[ep_len],
                          &ssl->conf->renego_period[ep_len],
-                         MBEDTLS_SSL_SEQUENCE_NUMBER_LEN - ep_len );
-    out_ctr_cmp = memcmp( &ssl->cur_out_ctr[ep_len],
-                          &ssl->conf->renego_period[ep_len],
-                          sizeof( ssl->cur_out_ctr ) - ep_len );
+                         sizeof(ssl->cur_out_ctr) - ep_len);
 
-    if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
-    {
-        return( 0 );
+    if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) {
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
-    return( mbedtls_ssl_renegotiate( ssl ) );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate"));
+    return mbedtls_ssl_renegotiate(ssl);
 }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -5451,42 +5251,41 @@
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl)
 {
 
-    if( ( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) ) ||
-        ( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ) )
-    {
-        return( 0 );
+    if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) ||
+        (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) {
+        return 0;
     }
 
     ssl->keep_current_message = 1;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "NewSessionTicket received" ) );
-    mbedtls_ssl_handshake_set_state( ssl,
-                                     MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
+    mbedtls_ssl_handshake_set_state(ssl,
+                                    MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
 
-    return( MBEDTLS_ERR_SSL_WANT_READ );
+    return MBEDTLS_ERR_SSL_WANT_READ;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
 {
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "received post-handshake message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message"));
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        int ret = ssl_tls13_check_new_session_ticket( ssl );
-        if( ret != 0 )
-            return( ret );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        int ret = ssl_tls13_check_new_session_ticket(ssl);
+        if (ret != 0) {
+            return ret;
+        }
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
     /* Fail in all other cases. */
-    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
@@ -5501,7 +5300,7 @@
  * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read().
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls12_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -5512,135 +5311,125 @@
      */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-        ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
-          ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+        (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
+         ssl->in_hslen  != mbedtls_ssl_hs_hdr_len(ssl))) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)"));
 
         /* With DTLS, drop the packet (probably from last handshake) */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            return( 0 );
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            return 0;
         }
 #endif
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 #endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+        ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)"));
 
         /* With DTLS, drop the packet (probably from last handshake) */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            return( 0 );
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            return 0;
         }
 #endif
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     /* Determine whether renegotiation attempt should be accepted */
-    if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
-            ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-              ssl->conf->allow_legacy_renegotiation ==
-              MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) )
-    {
+    if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
+          (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+           ssl->conf->allow_legacy_renegotiation ==
+           MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) {
         /*
          * Accept renegotiation request
          */
 
         /* DTLS clients need to know renego is server-initiated */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-            ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-        {
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+            ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
             ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
         }
 #endif
-        ret = mbedtls_ssl_start_renegotiation( ssl );
-        if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-            ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation",
-                                   ret );
-            return( ret );
+        ret = mbedtls_ssl_start_renegotiation(ssl);
+        if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+            ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation",
+                                  ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
     {
         /*
          * Refuse renegotiation
          */
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert"));
 
-        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                         MBEDTLS_SSL_ALERT_LEVEL_WARNING,
-                         MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
-        {
-            return( ret );
+        if ((ret = mbedtls_ssl_send_alert_message(ssl,
+                                                  MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+                                                  MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION)) != 0) {
+            return ret;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
 {
     /* Check protocol version and dispatch accordingly. */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
-        return( ssl_tls13_handle_hs_message_post_handshake( ssl ) );
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+        return ssl_tls13_handle_hs_message_post_handshake(ssl);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        return( ssl_tls12_handle_hs_message_post_handshake( ssl ) );
+    if (ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) {
+        return ssl_tls12_handle_hs_message_post_handshake(ssl);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
     /* Should never happen */
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
 /*
  * Receive application data decrypted from the SSL layer
  */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> read"));
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-            return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+            return ret;
+        }
 
-        if( ssl->handshake != NULL &&
-            ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-        {
-            if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-                return( ret );
+        if (ssl->handshake != NULL &&
+            ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+            if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+                return ret;
+            }
         }
     }
 #endif
@@ -5658,69 +5447,61 @@
      */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ret = ssl_check_ctr_renegotiate( ssl );
-    if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-        ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
-        return( ret );
+    ret = ssl_check_ctr_renegotiate(ssl);
+    if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+        ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret);
+        return ret;
     }
 #endif
 
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        ret = mbedtls_ssl_handshake( ssl );
-        if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-            ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
+    if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+        ret = mbedtls_ssl_handshake(ssl);
+        if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+            ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+            return ret;
         }
     }
 
     /* Loop as long as no application data record is available */
-    while( ssl->in_offt == NULL )
-    {
+    while (ssl->in_offt == NULL) {
         /* Start timer if not already running */
-        if( ssl->f_get_timer != NULL &&
-            ssl->f_get_timer( ssl->p_timer ) == -1 )
-        {
-            mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout );
+        if (ssl->f_get_timer != NULL &&
+            ssl->f_get_timer(ssl->p_timer) == -1) {
+            mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout);
         }
 
-        if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
-                return( 0 );
+        if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+            if (ret == MBEDTLS_ERR_SSL_CONN_EOF) {
+                return 0;
+            }
 
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-            return( ret );
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+            return ret;
         }
 
-        if( ssl->in_msglen  == 0 &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
-        {
+        if (ssl->in_msglen  == 0 &&
+            ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
             /*
              * OpenSSL sends empty messages to randomize the IV
              */
-            if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-            {
-                if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
-                    return( 0 );
+            if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+                if (ret == MBEDTLS_ERR_SSL_CONN_EOF) {
+                    return 0;
+                }
 
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-                return( ret );
+                MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+                return ret;
             }
         }
 
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-        {
-            ret = ssl_handle_hs_message_post_handshake( ssl );
-            if( ret != 0)
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_handle_hs_message_post_handshake",
-                                          ret );
-                return( ret );
+        if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) {
+            ret = ssl_handle_hs_message_post_handshake(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_handle_hs_message_post_handshake",
+                                      ret);
+                return ret;
             }
 
             /* At this point, we don't know whether the renegotiation triggered
@@ -5747,84 +5528,75 @@
             continue;
         }
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-        else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-        {
-            if( ssl->conf->renego_max_records >= 0 )
-            {
-                if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
-                                        "but not honored by client" ) );
-                    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+            if (ssl->conf->renego_max_records >= 0) {
+                if (++ssl->renego_records_seen > ssl->conf->renego_max_records) {
+                    MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, "
+                                              "but not honored by client"));
+                    return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
                 }
             }
         }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
         /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
-            return( MBEDTLS_ERR_SSL_WANT_READ );
+        if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert"));
+            return MBEDTLS_ERR_SSL_WANT_READ;
         }
 
-        if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message"));
+            return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         }
 
         ssl->in_offt = ssl->in_msg;
 
         /* We're going to return something now, cancel timer,
          * except if handshake (renegotiation) is in progress */
-        if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
-            mbedtls_ssl_set_timer( ssl, 0 );
+        if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
+            mbedtls_ssl_set_timer(ssl, 0);
+        }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
         /* If we requested renego but received AppData, resend HelloRequest.
          * Do it now, after setting in_offt, to avoid taking this branch
          * again if ssl_write_hello_request() returns WANT_WRITE */
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-        {
-            if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request",
-                                       ret );
-                return( ret );
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+            if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request",
+                                      ret);
+                return ret;
             }
         }
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     }
 
-    n = ( len < ssl->in_msglen )
+    n = (len < ssl->in_msglen)
         ? len : ssl->in_msglen;
 
-    memcpy( buf, ssl->in_offt, n );
+    memcpy(buf, ssl->in_offt, n);
     ssl->in_msglen -= n;
 
     /* Zeroising the plaintext buffer to erase unused application data
        from the memory. */
-    mbedtls_platform_zeroize( ssl->in_offt, n );
+    mbedtls_platform_zeroize(ssl->in_offt, n);
 
-    if( ssl->in_msglen == 0 )
-    {
+    if (ssl->in_msglen == 0) {
         /* all bytes consumed */
         ssl->in_offt = NULL;
         ssl->keep_current_message = 0;
-    }
-    else
-    {
+    } else {
         /* more data available */
         ssl->in_offt += n;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= read"));
 
-    return( (int) n );
+    return (int) n;
 }
 
 /*
@@ -5840,50 +5612,42 @@
  * corresponding return code is 0 on success.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_real( mbedtls_ssl_context *ssl,
-                           const unsigned char *buf, size_t len )
+static int ssl_write_real(mbedtls_ssl_context *ssl,
+                          const unsigned char *buf, size_t len)
 {
-    int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
+    int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
     const size_t max_len = (size_t) ret;
 
-    if( ret < 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
-        return( ret );
+    if (ret < 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret);
+        return ret;
     }
 
-    if( len > max_len )
-    {
+    if (len > max_len) {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
-                                "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
-                                " > %" MBEDTLS_PRINTF_SIZET,
-                                len, max_len ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        }
-        else
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) "
+                                      "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
+                                      " > %" MBEDTLS_PRINTF_SIZET,
+                                      len, max_len));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        } else
 #endif
-            len = max_len;
+        len = max_len;
     }
 
-    if( ssl->out_left != 0 )
-    {
+    if (ssl->out_left != 0) {
         /*
          * The user has previously tried to send the data and
          * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
          * written. In this case, we expect the high-level write function
          * (e.g. mbedtls_ssl_write()) to be called with the same parameters
          */
-        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret);
+            return ret;
         }
-    }
-    else
-    {
+    } else {
         /*
          * The user is trying to send a message the first time, so we need to
          * copy the data into the internal buffers and setup the data structure
@@ -5891,153 +5655,152 @@
          */
         ssl->out_msglen  = len;
         ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
-        memcpy( ssl->out_msg, buf, len );
+        memcpy(ssl->out_msg, buf, len);
 
-        if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
+            return ret;
         }
     }
 
-    return( (int) len );
+    return (int) len;
 }
 
 /*
  * Write application data (public-facing wrapper)
  */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write"));
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
-        return( ret );
+    if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret);
+        return ret;
     }
 #endif
 
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
+    if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+        if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+            return ret;
         }
     }
 
-    ret = ssl_write_real( ssl, buf, len );
+    ret = ssl_write_real(ssl, buf, len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write"));
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Notify the peer that the connection is being closed
  */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify"));
 
-    if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
-    {
-        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                        MBEDTLS_SSL_ALERT_LEVEL_WARNING,
-                        MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
-            return( ret );
+    if (mbedtls_ssl_is_handshake_over(ssl) == 1) {
+        if ((ret = mbedtls_ssl_send_alert_message(ssl,
+                                                  MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+                                                  MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret);
+            return ret;
         }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify"));
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform)
 {
-    if( transform == NULL )
+    if (transform == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_destroy_key( transform->psa_key_enc );
-    psa_destroy_key( transform->psa_key_dec );
+    psa_destroy_key(transform->psa_key_enc);
+    psa_destroy_key(transform->psa_key_dec);
 #else
-    mbedtls_cipher_free( &transform->cipher_ctx_enc );
-    mbedtls_cipher_free( &transform->cipher_ctx_dec );
+    mbedtls_cipher_free(&transform->cipher_ctx_enc);
+    mbedtls_cipher_free(&transform->cipher_ctx_dec);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_destroy_key( transform->psa_mac_enc );
-    psa_destroy_key( transform->psa_mac_dec );
+    psa_destroy_key(transform->psa_mac_enc);
+    psa_destroy_key(transform->psa_mac_dec);
 #else
-    mbedtls_md_free( &transform->md_ctx_enc );
-    mbedtls_md_free( &transform->md_ctx_dec );
+    mbedtls_md_free(&transform->md_ctx_enc);
+    mbedtls_md_free(&transform->md_ctx_dec);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif
 
-    mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
+    mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform));
 }
 
-void mbedtls_ssl_set_inbound_transform( mbedtls_ssl_context *ssl,
-                                        mbedtls_ssl_transform *transform )
+void mbedtls_ssl_set_inbound_transform(mbedtls_ssl_context *ssl,
+                                       mbedtls_ssl_transform *transform)
 {
     ssl->transform_in = transform;
-    memset( ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    memset(ssl->in_ctr, 0, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
 }
 
-void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
-                                         mbedtls_ssl_transform *transform )
+void mbedtls_ssl_set_outbound_transform(mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_transform *transform)
 {
     ssl->transform_out = transform;
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl)
 {
     unsigned offset;
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
-    if( hs == NULL )
+    if (hs == NULL) {
         return;
+    }
 
-    ssl_free_buffered_record( ssl );
+    ssl_free_buffered_record(ssl);
 
-    for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
-        ssl_buffering_free_slot( ssl, offset );
+    for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) {
+        ssl_buffering_free_slot(ssl, offset);
+    }
 }
 
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
-                                     uint8_t slot )
+static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl,
+                                    uint8_t slot)
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
     mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
 
-    if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+    if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) {
         return;
+    }
 
-    if( hs_buf->is_valid == 1 )
-    {
+    if (hs_buf->is_valid == 1) {
         hs->buffering.total_bytes_buffered -= hs_buf->data_len;
-        mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
-        mbedtls_free( hs_buf->data );
-        memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+        mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len);
+        mbedtls_free(hs_buf->data);
+        memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
     }
 }
 
@@ -6052,27 +5815,29 @@
  * 1.x <-> 3.x+1    for x != 0 (DTLS 1.2 based on TLS 1.2)
  *                  DTLS 1.0 is stored as TLS 1.1 internally
  */
-void mbedtls_ssl_write_version( unsigned char version[2], int transport,
-                                mbedtls_ssl_protocol_version tls_version )
+void mbedtls_ssl_write_version(unsigned char version[2], int transport,
+                               mbedtls_ssl_protocol_version tls_version)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         tls_version =
-          ~( tls_version - ( tls_version == 0x0302 ? 0x0202 : 0x0201 ) );
+            ~(tls_version - (tls_version == 0x0302 ? 0x0202 : 0x0201));
+    }
 #else
     ((void) transport);
 #endif
-    MBEDTLS_PUT_UINT16_BE( tls_version, version, 0 );
+    MBEDTLS_PUT_UINT16_BE(tls_version, version, 0);
 }
 
-uint16_t mbedtls_ssl_read_version( const unsigned char version[2],
-                                   int transport )
+uint16_t mbedtls_ssl_read_version(const unsigned char version[2],
+                                  int transport)
 {
-    uint16_t tls_version = MBEDTLS_GET_UINT16_BE( version, 0 );
+    uint16_t tls_version = MBEDTLS_GET_UINT16_BE(version, 0);
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         tls_version =
-          ~( tls_version - ( tls_version == 0xfeff ? 0x0202 : 0x0201 ) );
+            ~(tls_version - (tls_version == 0xfeff ? 0x0202 : 0x0201));
+    }
 #else
     ((void) transport);
 #endif
@@ -6085,38 +5850,39 @@
  * !0,  if mbedtls_ssl_send_alert_message() returned in error, the error code it
  *      returned, ssl->alert_reason otherwise.
  */
-int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handle_pending_alert(mbedtls_ssl_context *ssl)
 {
     int ret;
 
     /* No pending alert, return success*/
-    if( ssl->send_alert == 0 )
-        return( 0 );
+    if (ssl->send_alert == 0) {
+        return 0;
+    }
 
-    ret = mbedtls_ssl_send_alert_message( ssl,
-                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                ssl->alert_type );
+    ret = mbedtls_ssl_send_alert_message(ssl,
+                                         MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                         ssl->alert_type);
 
     /* If mbedtls_ssl_send_alert_message() returned with MBEDTLS_ERR_SSL_WANT_WRITE,
      * do not clear the alert to be able to send it later.
      */
-    if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
-    {
+    if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
         ssl->send_alert = 0;
     }
 
-    if( ret != 0 )
-        return( ret );
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( ssl->alert_reason );
+    return ssl->alert_reason;
 }
 
 /*
  * Set pending fatal alert flag.
  */
-void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
-                                   unsigned char alert_type,
-                                   int alert_reason )
+void mbedtls_ssl_pend_fatal_alert(mbedtls_ssl_context *ssl,
+                                  unsigned char alert_type,
+                                  int alert_reason)
 {
     ssl->send_alert = 1;
     ssl->alert_type = alert_type;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e39563b..ba9dbd5 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -33,12 +33,12 @@
 /*
  * Initialize context
  */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
+void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
+    memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context));
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
+    mbedtls_mutex_init(&ctx->mutex);
 #endif
 }
 
@@ -49,23 +49,23 @@
 #define TICKET_CRYPT_LEN_BYTES   2
 #define TICKET_AUTH_TAG_BYTES   16
 
-#define TICKET_MIN_LEN ( TICKET_KEY_NAME_BYTES  +        \
-                         TICKET_IV_BYTES        +        \
-                         TICKET_CRYPT_LEN_BYTES +        \
-                         TICKET_AUTH_TAG_BYTES )
-#define TICKET_ADD_DATA_LEN ( TICKET_KEY_NAME_BYTES  +        \
-                              TICKET_IV_BYTES        +        \
-                              TICKET_CRYPT_LEN_BYTES )
+#define TICKET_MIN_LEN (TICKET_KEY_NAME_BYTES  +        \
+                        TICKET_IV_BYTES        +        \
+                        TICKET_CRYPT_LEN_BYTES +        \
+                        TICKET_AUTH_TAG_BYTES)
+#define TICKET_ADD_DATA_LEN (TICKET_KEY_NAME_BYTES  +        \
+                             TICKET_IV_BYTES        +        \
+                             TICKET_CRYPT_LEN_BYTES)
 
 /*
  * Generate/update a key
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
-                               unsigned char index )
+static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,
+                              unsigned char index)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char buf[MAX_KEY_BYTES] = {0};
+    unsigned char buf[MAX_KEY_BYTES] = { 0 };
     mbedtls_ssl_ticket_key *key = ctx->keys + index;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -73,85 +73,83 @@
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
-    key->generation_time = mbedtls_time( NULL );
+    key->generation_time = mbedtls_time(NULL);
 #endif
 
-    if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
-        return( ret );
+    if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {
+        return ret;
+    }
 
-    if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
-        return( ret );
+    if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_set_key_usage_flags( &attributes,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-    psa_set_key_algorithm( &attributes, key->alg );
-    psa_set_key_type( &attributes, key->key_type );
-    psa_set_key_bits( &attributes, key->key_bits );
+    psa_set_key_usage_flags(&attributes,
+                            PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+    psa_set_key_algorithm(&attributes, key->alg);
+    psa_set_key_type(&attributes, key->key_type);
+    psa_set_key_bits(&attributes, key->key_bits);
 
     ret = psa_ssl_status_to_mbedtls(
-            psa_import_key( &attributes, buf,
-                            PSA_BITS_TO_BYTES( key->key_bits ),
-                            &key->key ) );
+        psa_import_key(&attributes, buf,
+                       PSA_BITS_TO_BYTES(key->key_bits),
+                       &key->key));
 #else
     /* With GCM and CCM, same context can encrypt & decrypt */
-    ret = mbedtls_cipher_setkey( &key->ctx, buf,
-                                 mbedtls_cipher_get_key_bitlen( &key->ctx ),
-                                 MBEDTLS_ENCRYPT );
+    ret = mbedtls_cipher_setkey(&key->ctx, buf,
+                                mbedtls_cipher_get_key_bitlen(&key->ctx),
+                                MBEDTLS_ENCRYPT);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Rotate/generate keys if necessary
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
+static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)
 {
 #if !defined(MBEDTLS_HAVE_TIME)
     ((void) ctx);
 #else
-    if( ctx->ticket_lifetime != 0 )
-    {
-        mbedtls_time_t current_time = mbedtls_time( NULL );
+    if (ctx->ticket_lifetime != 0) {
+        mbedtls_time_t current_time = mbedtls_time(NULL);
         mbedtls_time_t key_time = ctx->keys[ctx->active].generation_time;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 #endif
 
-        if( current_time >= key_time &&
-            (uint64_t) ( current_time - key_time ) < ctx->ticket_lifetime )
-        {
-            return( 0 );
+        if (current_time >= key_time &&
+            (uint64_t) (current_time - key_time) < ctx->ticket_lifetime) {
+            return 0;
         }
 
         ctx->active = 1 - ctx->active;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( status = psa_destroy_key( ctx->keys[ctx->active].key ) ) != PSA_SUCCESS )
-        {
-            return psa_ssl_status_to_mbedtls( status );
+        if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(status);
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        return( ssl_ticket_gen_key( ctx, ctx->active ) );
-    }
-    else
+        return ssl_ticket_gen_key(ctx, ctx->active);
+    } else
 #endif /* MBEDTLS_HAVE_TIME */
-        return( 0 );
+    return 0;
 }
 
 /*
  * Rotate active session ticket encryption key
  */
-int mbedtls_ssl_ticket_rotate( mbedtls_ssl_ticket_context *ctx,
-    const unsigned char *name, size_t nlength,
-    const unsigned char *k, size_t klength,
-    uint32_t lifetime )
+int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,
+                              const unsigned char *name, size_t nlength,
+                              const unsigned char *k, size_t klength,
+                              uint32_t lifetime)
 {
     const unsigned char idx = 1 - ctx->active;
     mbedtls_ssl_ticket_key * const key = ctx->keys + idx;
@@ -162,43 +160,43 @@
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     const size_t bitlen = key->key_bits;
 #else
-    const int bitlen = mbedtls_cipher_get_key_bitlen( &key->ctx );
+    const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx);
 #endif
 
-    if( nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t)bitlen )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    if (nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t) bitlen) {
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( status = psa_destroy_key( key->key ) ) != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
-        return( ret );
+    if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        return ret;
     }
 
-    psa_set_key_usage_flags( &attributes,
-                             PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-    psa_set_key_algorithm( &attributes, key->alg );
-    psa_set_key_type( &attributes, key->key_type );
-    psa_set_key_bits( &attributes, key->key_bits );
+    psa_set_key_usage_flags(&attributes,
+                            PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+    psa_set_key_algorithm(&attributes, key->alg);
+    psa_set_key_type(&attributes, key->key_type);
+    psa_set_key_bits(&attributes, key->key_bits);
 
-    if( ( status = psa_import_key( &attributes, k,
-                                   PSA_BITS_TO_BYTES( key->key_bits ),
-                                   &key->key ) ) != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
-        return( ret );
+    if ((status = psa_import_key(&attributes, k,
+                                 PSA_BITS_TO_BYTES(key->key_bits),
+                                 &key->key)) != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        return ret;
     }
 #else
-    ret = mbedtls_cipher_setkey( &key->ctx, k, bitlen, MBEDTLS_ENCRYPT );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT);
+    if (ret != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     ctx->active = idx;
     ctx->ticket_lifetime = lifetime;
-    memcpy( key->name, name, TICKET_KEY_NAME_BYTES );
+    memcpy(key->name, name, TICKET_KEY_NAME_BYTES);
 #if defined(MBEDTLS_HAVE_TIME)
-    key->generation_time = mbedtls_time( NULL );
+    key->generation_time = mbedtls_time(NULL);
 #endif
     return 0;
 }
@@ -206,10 +204,10 @@
 /*
  * Setup context for actual use
  */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-    mbedtls_cipher_type_t cipher,
-    uint32_t lifetime )
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                             mbedtls_cipher_type_t cipher,
+                             uint32_t lifetime)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t key_bits;
@@ -222,27 +220,29 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( mbedtls_ssl_cipher_to_psa( cipher, TICKET_AUTH_TAG_BYTES,
-                                   &alg, &key_type, &key_bits ) != PSA_SUCCESS )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( PSA_ALG_IS_AEAD( alg ) == 0 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-#else
-    cipher_info = mbedtls_cipher_info_from_type( cipher );
-
-    if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
-        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM &&
-        mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CHACHAPOLY )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES,
+                                  &alg, &key_type, &key_bits) != PSA_SUCCESS) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    key_bits = mbedtls_cipher_info_get_key_bitlen( cipher_info );
+    if (PSA_ALG_IS_AEAD(alg) == 0) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+#else
+    cipher_info = mbedtls_cipher_info_from_type(cipher);
+
+    if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM &&
+        mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CCM &&
+        mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CHACHAPOLY) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+
+    key_bits = mbedtls_cipher_info_get_key_bitlen(cipher_info);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( key_bits > 8 * MAX_KEY_BYTES )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (key_bits > 8 * MAX_KEY_BYTES) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     ctx->f_rng = f_rng;
     ctx->p_rng = p_rng;
@@ -258,20 +258,21 @@
     ctx->keys[1].key_type = key_type;
     ctx->keys[1].key_bits = key_bits;
 #else
-    if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
-        return( ret );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
-        ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) {
+        return ret;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+    if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 ||
+        (ret = ssl_ticket_gen_key(ctx, 1)) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
@@ -288,12 +289,12 @@
  * authenticated data.
  */
 
-int mbedtls_ssl_ticket_write( void *p_ticket,
-                              const mbedtls_ssl_session *session,
-                              unsigned char *start,
-                              const unsigned char *end,
-                              size_t *tlen,
-                              uint32_t *ticket_lifetime )
+int mbedtls_ssl_ticket_write(void *p_ticket,
+                             const mbedtls_ssl_session *session,
+                             unsigned char *start,
+                             const unsigned char *end,
+                             size_t *tlen,
+                             uint32_t *ticket_lifetime)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_ticket_context *ctx = p_ticket;
@@ -310,66 +311,66 @@
 
     *tlen = 0;
 
-    if( ctx == NULL || ctx->f_rng == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->f_rng == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
      * in addition to session itself, that will be checked when writing it. */
-    MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+    if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
         goto cleanup;
+    }
 
     key = &ctx->keys[ctx->active];
 
     *ticket_lifetime = ctx->ticket_lifetime;
 
-    memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES );
+    memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES);
 
-    if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 )
+    if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {
         goto cleanup;
+    }
 
     /* Dump session state */
-    if( ( ret = mbedtls_ssl_session_save( session,
-                                          state, end - state,
-                                          &clear_len ) ) != 0 ||
-        (unsigned long) clear_len > 65535 )
-    {
-         goto cleanup;
+    if ((ret = mbedtls_ssl_session_save(session,
+                                        state, end - state,
+                                        &clear_len)) != 0 ||
+        (unsigned long) clear_len > 65535) {
+        goto cleanup;
     }
-    MBEDTLS_PUT_UINT16_BE( clear_len, state_len_bytes, 0 );
+    MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0);
 
     /* Encrypt and authenticate */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( status = psa_aead_encrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
-                                     key_name, TICKET_ADD_DATA_LEN,
-                                     state, clear_len,
-                                     state, end - state,
-                                     &ciph_len ) ) != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    if ((status = psa_aead_encrypt(key->key, key->alg, iv, TICKET_IV_BYTES,
+                                   key_name, TICKET_ADD_DATA_LEN,
+                                   state, clear_len,
+                                   state, end - state,
+                                   &ciph_len)) != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto cleanup;
     }
 #else
-    if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
-                    iv, TICKET_IV_BYTES,
-                    /* Additional data: key name, IV and length */
-                    key_name, TICKET_ADD_DATA_LEN,
-                    state, clear_len,
-                    state, end - state, &ciph_len,
-                    TICKET_AUTH_TAG_BYTES ) ) != 0 )
-    {
+    if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx,
+                                               iv, TICKET_IV_BYTES,
+                                               /* Additional data: key name, IV and length */
+                                               key_name, TICKET_ADD_DATA_LEN,
+                                               state, clear_len,
+                                               state, end - state, &ciph_len,
+                                               TICKET_AUTH_TAG_BYTES)) != 0) {
         goto cleanup;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
-    {
+    if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) {
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         goto cleanup;
     }
@@ -378,36 +379,39 @@
 
 cleanup:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Select key based on name
  */
 static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
-        mbedtls_ssl_ticket_context *ctx,
-        const unsigned char name[4] )
+    mbedtls_ssl_ticket_context *ctx,
+    const unsigned char name[4])
 {
     unsigned char i;
 
-    for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
-        if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
-            return( &ctx->keys[i] );
+    for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) {
+        if (memcmp(name, ctx->keys[i].name, 4) == 0) {
+            return &ctx->keys[i];
+        }
+    }
 
-    return( NULL );
+    return NULL;
 }
 
 /*
  * Load session ticket (see mbedtls_ssl_ticket_write for structure)
  */
-int mbedtls_ssl_ticket_parse( void *p_ticket,
-                              mbedtls_ssl_session *session,
-                              unsigned char *buf,
-                              size_t len )
+int mbedtls_ssl_ticket_parse(void *p_ticket,
+                             mbedtls_ssl_session *session,
+                             unsigned char *buf,
+                             size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_ticket_context *ctx = p_ticket;
@@ -422,31 +426,33 @@
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 #endif
 
-    if( ctx == NULL || ctx->f_rng == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ctx == NULL || ctx->f_rng == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( len < TICKET_MIN_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (len < TICKET_MIN_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
+        return ret;
+    }
 #endif
 
-    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+    if ((ret = ssl_ticket_update_keys(ctx)) != 0) {
         goto cleanup;
+    }
 
-    enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
+    enc_len = (enc_len_p[0] << 8) | enc_len_p[1];
 
-    if( len != TICKET_MIN_LEN + enc_len )
-    {
+    if (len != TICKET_MIN_LEN + enc_len) {
         ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         goto cleanup;
     }
 
     /* Select key */
-    if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
-    {
+    if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) {
         /* We can't know for sure but this is a likely option unless we're
          * under attack - this is only informative anyway */
         ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
@@ -455,48 +461,46 @@
 
     /* Decrypt and authenticate */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( status = psa_aead_decrypt( key->key, key->alg, iv, TICKET_IV_BYTES,
-                                     key_name, TICKET_ADD_DATA_LEN,
-                                     ticket, enc_len + TICKET_AUTH_TAG_BYTES,
-                                     ticket, enc_len, &clear_len ) ) != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+    if ((status = psa_aead_decrypt(key->key, key->alg, iv, TICKET_IV_BYTES,
+                                   key_name, TICKET_ADD_DATA_LEN,
+                                   ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+                                   ticket, enc_len, &clear_len)) != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
         goto cleanup;
     }
 #else
-    if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
-                    iv, TICKET_IV_BYTES,
-                    /* Additional data: key name, IV and length */
-                    key_name, TICKET_ADD_DATA_LEN,
-                    ticket, enc_len + TICKET_AUTH_TAG_BYTES,
-                    ticket, enc_len, &clear_len,
-                    TICKET_AUTH_TAG_BYTES ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
+    if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx,
+                                               iv, TICKET_IV_BYTES,
+                                               /* Additional data: key name, IV and length */
+                                               key_name, TICKET_ADD_DATA_LEN,
+                                               ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+                                               ticket, enc_len, &clear_len,
+                                               TICKET_AUTH_TAG_BYTES)) != 0) {
+        if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
             ret = MBEDTLS_ERR_SSL_INVALID_MAC;
+        }
 
         goto cleanup;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( clear_len != enc_len )
-    {
+    if (clear_len != enc_len) {
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         goto cleanup;
     }
 
     /* Actually load session */
-    if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 )
+    if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) {
         goto cleanup;
+    }
 
 #if defined(MBEDTLS_HAVE_TIME)
     {
         /* Check for expiration */
-        mbedtls_time_t current_time = mbedtls_time( NULL );
+        mbedtls_time_t current_time = mbedtls_time(NULL);
 
-        if( current_time < session->start ||
-            (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
-        {
+        if (current_time < session->start ||
+            (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) {
             ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
             goto cleanup;
         }
@@ -505,31 +509,32 @@
 
 cleanup:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Free context
  */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
+void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_destroy_key( ctx->keys[0].key );
-    psa_destroy_key( ctx->keys[1].key );
+    psa_destroy_key(ctx->keys[0].key);
+    psa_destroy_key(ctx->keys[1].key);
 #else
-    mbedtls_cipher_free( &ctx->keys[0].ctx );
-    mbedtls_cipher_free( &ctx->keys[1].ctx );
+    mbedtls_cipher_free(&ctx->keys[0].ctx);
+    mbedtls_cipher_free(&ctx->keys[1].ctx);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
+    mbedtls_mutex_free(&ctx->mutex);
 #endif
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context));
 }
 
 #endif /* MBEDTLS_SSL_TICKET_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 35565de..bd8fd8c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -56,23 +56,23 @@
 static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
 
 void mbedtls_ssl_set_chk_buf_ptr_fail_args(
-    const uint8_t *cur, const uint8_t *end, size_t need )
+    const uint8_t *cur, const uint8_t *end, size_t need)
 {
     chk_buf_ptr_fail_args.cur = cur;
     chk_buf_ptr_fail_args.end = end;
     chk_buf_ptr_fail_args.need = need;
 }
 
-void mbedtls_ssl_reset_chk_buf_ptr_fail_args( void )
+void mbedtls_ssl_reset_chk_buf_ptr_fail_args(void)
 {
-    memset( &chk_buf_ptr_fail_args, 0, sizeof( chk_buf_ptr_fail_args ) );
+    memset(&chk_buf_ptr_fail_args, 0, sizeof(chk_buf_ptr_fail_args));
 }
 
-int mbedtls_ssl_cmp_chk_buf_ptr_fail_args( mbedtls_ssl_chk_buf_ptr_args *args )
+int mbedtls_ssl_cmp_chk_buf_ptr_fail_args(mbedtls_ssl_chk_buf_ptr_args *args)
 {
-    return( ( chk_buf_ptr_fail_args.cur  != args->cur  ) ||
-            ( chk_buf_ptr_fail_args.end  != args->end  ) ||
-            ( chk_buf_ptr_fail_args.need != args->need ) );
+    return (chk_buf_ptr_fail_args.cur  != args->cur) ||
+           (chk_buf_ptr_fail_args.end  != args->end) ||
+           (chk_buf_ptr_fail_args.need != args->need);
 }
 #endif /* MBEDTLS_TEST_HOOKS */
 
@@ -81,121 +81,118 @@
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 /* Top-level Connection ID API */
 
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf,
-                          size_t len,
-                          int ignore_other_cid )
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf,
+                         size_t len,
+                         int ignore_other_cid)
 {
-    if( len > MBEDTLS_SSL_CID_IN_LEN_MAX )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
-        ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL &&
+        ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     conf->ignore_unexpected_cid = ignore_other_cid;
     conf->cid_len = len;
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
-                         int enable,
-                         unsigned char const *own_cid,
-                         size_t own_cid_len )
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+                        int enable,
+                        unsigned char const *own_cid,
+                        size_t own_cid_len)
 {
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     ssl->negotiate_cid = enable;
-    if( enable == MBEDTLS_SSL_CID_DISABLED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) );
-        return( 0 );
+    if (enable == MBEDTLS_SSL_CID_DISABLED) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension."));
+        return 0;
     }
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension."));
+    MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len);
 
-    if( own_cid_len != ssl->conf->cid_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config",
-                                    (unsigned) own_cid_len,
-                                    (unsigned) ssl->conf->cid_len ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (own_cid_len != ssl->conf->cid_len) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config",
+                                  (unsigned) own_cid_len,
+                                  (unsigned) ssl->conf->cid_len));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    memcpy( ssl->own_cid, own_cid, own_cid_len );
+    memcpy(ssl->own_cid, own_cid, own_cid_len);
     /* Truncation is not an issue here because
      * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
     ssl->own_cid_len = (uint8_t) own_cid_len;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_get_own_cid( mbedtls_ssl_context *ssl,
-                              int *enabled,
-                              unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
-                              size_t *own_cid_len )
+int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
+                            int *enabled,
+                            unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+                            size_t *own_cid_len)
 {
     *enabled = MBEDTLS_SSL_CID_DISABLED;
 
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     /* We report MBEDTLS_SSL_CID_DISABLED in case the CID length is
      * zero as this is indistinguishable from not requesting to use
      * the CID extension. */
-    if( ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-        return( 0 );
+    if (ssl->own_cid_len == 0 || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
+        return 0;
+    }
 
-    if( own_cid_len != NULL )
-    {
+    if (own_cid_len != NULL) {
         *own_cid_len = ssl->own_cid_len;
-        if( own_cid != NULL )
-            memcpy( own_cid, ssl->own_cid, ssl->own_cid_len );
+        if (own_cid != NULL) {
+            memcpy(own_cid, ssl->own_cid, ssl->own_cid_len);
+        }
     }
 
     *enabled = MBEDTLS_SSL_CID_ENABLED;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
-                     int *enabled,
-                     unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
-                     size_t *peer_cid_len )
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+                             int *enabled,
+                             unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+                             size_t *peer_cid_len)
 {
     *enabled = MBEDTLS_SSL_CID_DISABLED;
 
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
-        mbedtls_ssl_is_handshake_over( ssl ) == 0 )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+        mbedtls_ssl_is_handshake_over(ssl) == 0) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
      * were used, but client and server requested the empty CID.
      * This is indistinguishable from not using the CID extension
      * in the first place. */
-    if( ssl->transform_in->in_cid_len  == 0 &&
-        ssl->transform_in->out_cid_len == 0 )
-    {
-        return( 0 );
+    if (ssl->transform_in->in_cid_len  == 0 &&
+        ssl->transform_in->out_cid_len == 0) {
+        return 0;
     }
 
-    if( peer_cid_len != NULL )
-    {
+    if (peer_cid_len != NULL) {
         *peer_cid_len = ssl->transform_in->out_cid_len;
-        if( peer_cid != NULL )
-        {
-            memcpy( peer_cid, ssl->transform_in->out_cid,
-                    ssl->transform_in->out_cid_len );
+        if (peer_cid != NULL) {
+            memcpy(peer_cid, ssl->transform_in->out_cid,
+                   ssl->transform_in->out_cid_len);
         }
     }
 
     *enabled = MBEDTLS_SSL_CID_ENABLED;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
@@ -210,31 +207,30 @@
  *    } MaxFragmentLength;
  * and we add 0 -> extension unused
  */
-static unsigned int ssl_mfl_code_to_length( int mfl )
+static unsigned int ssl_mfl_code_to_length(int mfl)
 {
-    switch( mfl )
-    {
-    case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
-        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
-    case MBEDTLS_SSL_MAX_FRAG_LEN_512:
-        return 512;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
-        return 1024;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
-        return 2048;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
-        return 4096;
-    default:
-        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
+    switch (mfl) {
+        case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
+            return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN;
+        case MBEDTLS_SSL_MAX_FRAG_LEN_512:
+            return 512;
+        case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
+            return 1024;
+        case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
+            return 2048;
+        case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
+            return 4096;
+        default:
+            return MBEDTLS_TLS_EXT_ADV_CONTENT_LEN;
     }
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
-                              const mbedtls_ssl_session *src )
+int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst,
+                             const mbedtls_ssl_session *src)
 {
-    mbedtls_ssl_session_free( dst );
-    memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
+    mbedtls_ssl_session_free(dst);
+    memcpy(dst, src, sizeof(mbedtls_ssl_session));
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
     dst->ticket = NULL;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
@@ -246,34 +242,33 @@
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    if( src->peer_cert != NULL )
-    {
+    if (src->peer_cert != NULL) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-        dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
-        if( dst->peer_cert == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+        if (dst->peer_cert == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        mbedtls_x509_crt_init( dst->peer_cert );
+        mbedtls_x509_crt_init(dst->peer_cert);
 
-        if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
-                                        src->peer_cert->raw.len ) ) != 0 )
-        {
-            mbedtls_free( dst->peer_cert );
+        if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p,
+                                              src->peer_cert->raw.len)) != 0) {
+            mbedtls_free(dst->peer_cert);
             dst->peer_cert = NULL;
-            return( ret );
+            return ret;
         }
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( src->peer_cert_digest != NULL )
-    {
+    if (src->peer_cert_digest != NULL) {
         dst->peer_cert_digest =
-            mbedtls_calloc( 1, src->peer_cert_digest_len );
-        if( dst->peer_cert_digest == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+            mbedtls_calloc(1, src->peer_cert_digest_len);
+        if (dst->peer_cert_digest == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( dst->peer_cert_digest, src->peer_cert_digest,
-                src->peer_cert_digest_len );
+        memcpy(dst->peer_cert_digest, src->peer_cert_digest,
+               src->peer_cert_digest_len);
         dst->peer_cert_digest_type = src->peer_cert_digest_type;
         dst->peer_cert_digest_len = src->peer_cert_digest_len;
     }
@@ -282,47 +277,48 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    if( src->ticket != NULL )
-    {
-        dst->ticket = mbedtls_calloc( 1, src->ticket_len );
-        if( dst->ticket == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if (src->ticket != NULL) {
+        dst->ticket = mbedtls_calloc(1, src->ticket_len);
+        if (dst->ticket == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( dst->ticket, src->ticket, src->ticket_len );
+        memcpy(dst->ticket, src->ticket, src->ticket_len);
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( src->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (src->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        ret = mbedtls_ssl_session_set_hostname( dst, src->hostname );
-        if( ret != 0 )
-            return ( ret );
+        ret = mbedtls_ssl_session_set_hostname(dst, src->hostname);
+        if (ret != 0) {
+            return ret;
+        }
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
           MBEDTLS_SSL_SERVER_NAME_INDICATION */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old )
+static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old)
 {
-    unsigned char* resized_buffer = mbedtls_calloc( 1, len_new );
-    if( resized_buffer == NULL )
+    unsigned char *resized_buffer = mbedtls_calloc(1, len_new);
+    if (resized_buffer == NULL) {
         return -1;
+    }
 
     /* We want to copy len_new bytes when downsizing the buffer, and
      * len_old bytes when upsizing, so we choose the smaller of two sizes,
      * to fit one buffer into another. Size checks, ensuring that no data is
      * lost, are done outside of this function. */
-    memcpy( resized_buffer, *buffer,
-            ( len_new < *len_old ) ? len_new : *len_old );
-    mbedtls_platform_zeroize( *buffer, *len_old );
-    mbedtls_free( *buffer );
+    memcpy(resized_buffer, *buffer,
+           (len_new < *len_old) ? len_new : *len_old);
+    mbedtls_platform_zeroize(*buffer, *len_old);
+    mbedtls_free(*buffer);
 
     *buffer = resized_buffer;
     *len_old = len_new;
@@ -330,60 +326,49 @@
     return 0;
 }
 
-static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
-                                    size_t in_buf_new_len,
-                                    size_t out_buf_new_len )
+static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing,
+                                   size_t in_buf_new_len,
+                                   size_t out_buf_new_len)
 {
     int modified = 0;
     size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
     size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
-    if( ssl->in_buf != NULL )
-    {
+    if (ssl->in_buf != NULL) {
         written_in = ssl->in_msg - ssl->in_buf;
         iv_offset_in = ssl->in_iv - ssl->in_buf;
         len_offset_in = ssl->in_len - ssl->in_buf;
-        if( downsizing ?
+        if (downsizing ?
             ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len :
-            ssl->in_buf_len < in_buf_new_len )
-        {
-            if( resize_buffer( &ssl->in_buf, in_buf_new_len, &ssl->in_buf_len ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
-                                            in_buf_new_len ) );
+            ssl->in_buf_len < in_buf_new_len) {
+            if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory"));
+            } else {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
+                                          in_buf_new_len));
                 modified = 1;
             }
         }
     }
 
-    if( ssl->out_buf != NULL )
-    {
+    if (ssl->out_buf != NULL) {
         written_out = ssl->out_msg - ssl->out_buf;
         iv_offset_out = ssl->out_iv - ssl->out_buf;
         len_offset_out = ssl->out_len - ssl->out_buf;
-        if( downsizing ?
+        if (downsizing ?
             ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len :
-            ssl->out_buf_len < out_buf_new_len )
-        {
-            if( resize_buffer( &ssl->out_buf, out_buf_new_len, &ssl->out_buf_len ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
-                                            out_buf_new_len ) );
+            ssl->out_buf_len < out_buf_new_len) {
+            if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory"));
+            } else {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
+                                          out_buf_new_len));
                 modified = 1;
             }
         }
     }
-    if( modified )
-    {
+    if (modified) {
         /* Update pointers here to avoid doing it twice. */
-        mbedtls_ssl_reset_in_out_pointers( ssl );
+        mbedtls_ssl_reset_in_out_pointers(ssl);
         /* Fields below might not be properly updated with record
          * splitting or with CID, so they are manually updated here. */
         ssl->out_msg = ssl->out_buf + written_out;
@@ -400,12 +385,12 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen );
+typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen,
+                          const char *label,
+                          const unsigned char *random, size_t rlen,
+                          unsigned char *dstbuf, size_t dlen);
 
-static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id );
+static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id);
 
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 
@@ -415,104 +400,101 @@
                           unsigned char *, size_t);
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
-                                   int ciphersuite,
-                                   const unsigned char master[48],
+static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
+                                        int ciphersuite,
+                                        const unsigned char master[48],
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-                                   int encrypt_then_mac,
+                                        int encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-                                   ssl_tls_prf_t tls_prf,
-                                   const unsigned char randbytes[64],
-                                   mbedtls_ssl_protocol_version tls_version,
-                                   unsigned endpoint,
-                                   const mbedtls_ssl_context *ssl );
+                                        ssl_tls_prf_t tls_prf,
+                                        const unsigned char randbytes[64],
+                                        mbedtls_ssl_protocol_version tls_version,
+                                        unsigned endpoint,
+                                        const mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha256( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen );
-static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
-
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
-
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha384( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen );
-
-static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
-static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
-#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
-
-static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
-                                      unsigned char *buf,
-                                      size_t buf_len );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls12_session_load( mbedtls_ssl_session *session,
-                                   const unsigned char *buf,
-                                   size_t len );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
-
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
-
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
-
-int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
-                          const unsigned char *secret, size_t slen,
+static int tls_prf_sha256(const unsigned char *secret, size_t slen,
                           const char *label,
                           const unsigned char *random, size_t rlen,
-                          unsigned char *dstbuf, size_t dlen )
+                          unsigned char *dstbuf, size_t dlen);
+static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
+
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
+
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int tls_prf_sha384(const unsigned char *secret, size_t slen,
+                          const char *label,
+                          const unsigned char *random, size_t rlen,
+                          unsigned char *dstbuf, size_t dlen);
+
+static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
+
+static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session,
+                                     unsigned char *buf,
+                                     size_t buf_len);
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls12_session_load(mbedtls_ssl_session *session,
+                                  const unsigned char *buf,
+                                  size_t len);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t);
+
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
+#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
+
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
+
+int  mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+                         const unsigned char *secret, size_t slen,
+                         const char *label,
+                         const unsigned char *random, size_t rlen,
+                         unsigned char *dstbuf, size_t dlen)
 {
     mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
 
-    switch( prf )
-    {
+    switch (prf) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_TLS_PRF_SHA384:
             tls_prf = tls_prf_sha384;
-        break;
+            break;
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_TLS_PRF_SHA256:
             tls_prf = tls_prf_sha256;
-        break;
+            break;
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    default:
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        default:
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
-    return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
+    return tls_prf(secret, slen, label, random, rlen, dstbuf, dlen);
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
+static void ssl_clear_peer_cert(mbedtls_ssl_session *session)
 {
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    if( session->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( session->peer_cert );
-        mbedtls_free( session->peer_cert );
+    if (session->peer_cert != NULL) {
+        mbedtls_x509_crt_free(session->peer_cert);
+        mbedtls_free(session->peer_cert);
         session->peer_cert = NULL;
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( session->peer_cert_digest != NULL )
-    {
+    if (session->peer_cert_digest != NULL) {
         /* Zeroization is not necessary. */
-        mbedtls_free( session->peer_cert_digest );
+        mbedtls_free(session->peer_cert_digest);
         session->peer_cert_digest      = NULL;
         session->peer_cert_digest_type = MBEDTLS_MD_NONE;
         session->peer_cert_digest_len  = 0;
@@ -521,99 +503,98 @@
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-uint32_t mbedtls_ssl_get_extension_id( unsigned int extension_type )
+uint32_t mbedtls_ssl_get_extension_id(unsigned int extension_type)
 {
-    switch( extension_type )
-    {
+    switch (extension_type) {
         case MBEDTLS_TLS_EXT_SERVERNAME:
-            return( MBEDTLS_SSL_EXT_ID_SERVERNAME );
+            return MBEDTLS_SSL_EXT_ID_SERVERNAME;
 
         case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-            return( MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH );
+            return MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH;
 
         case MBEDTLS_TLS_EXT_STATUS_REQUEST:
-            return( MBEDTLS_SSL_EXT_ID_STATUS_REQUEST );
+            return MBEDTLS_SSL_EXT_ID_STATUS_REQUEST;
 
         case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
-            return( MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS );
+            return MBEDTLS_SSL_EXT_ID_SUPPORTED_GROUPS;
 
         case MBEDTLS_TLS_EXT_SIG_ALG:
-            return( MBEDTLS_SSL_EXT_ID_SIG_ALG );
+            return MBEDTLS_SSL_EXT_ID_SIG_ALG;
 
         case MBEDTLS_TLS_EXT_USE_SRTP:
-            return( MBEDTLS_SSL_EXT_ID_USE_SRTP );
+            return MBEDTLS_SSL_EXT_ID_USE_SRTP;
 
         case MBEDTLS_TLS_EXT_HEARTBEAT:
-            return( MBEDTLS_SSL_EXT_ID_HEARTBEAT );
+            return MBEDTLS_SSL_EXT_ID_HEARTBEAT;
 
         case MBEDTLS_TLS_EXT_ALPN:
-            return( MBEDTLS_SSL_EXT_ID_ALPN );
+            return MBEDTLS_SSL_EXT_ID_ALPN;
 
         case MBEDTLS_TLS_EXT_SCT:
-            return( MBEDTLS_SSL_EXT_ID_SCT );
+            return MBEDTLS_SSL_EXT_ID_SCT;
 
         case MBEDTLS_TLS_EXT_CLI_CERT_TYPE:
-            return( MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE );
+            return MBEDTLS_SSL_EXT_ID_CLI_CERT_TYPE;
 
         case MBEDTLS_TLS_EXT_SERV_CERT_TYPE:
-            return( MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE );
+            return MBEDTLS_SSL_EXT_ID_SERV_CERT_TYPE;
 
         case MBEDTLS_TLS_EXT_PADDING:
-            return( MBEDTLS_SSL_EXT_ID_PADDING );
+            return MBEDTLS_SSL_EXT_ID_PADDING;
 
         case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
-            return( MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY );
+            return MBEDTLS_SSL_EXT_ID_PRE_SHARED_KEY;
 
         case MBEDTLS_TLS_EXT_EARLY_DATA:
-            return( MBEDTLS_SSL_EXT_ID_EARLY_DATA );
+            return MBEDTLS_SSL_EXT_ID_EARLY_DATA;
 
         case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
-            return( MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS );
+            return MBEDTLS_SSL_EXT_ID_SUPPORTED_VERSIONS;
 
         case MBEDTLS_TLS_EXT_COOKIE:
-            return( MBEDTLS_SSL_EXT_ID_COOKIE );
+            return MBEDTLS_SSL_EXT_ID_COOKIE;
 
         case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
-            return( MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES );
+            return MBEDTLS_SSL_EXT_ID_PSK_KEY_EXCHANGE_MODES;
 
         case MBEDTLS_TLS_EXT_CERT_AUTH:
-            return( MBEDTLS_SSL_EXT_ID_CERT_AUTH );
+            return MBEDTLS_SSL_EXT_ID_CERT_AUTH;
 
         case MBEDTLS_TLS_EXT_OID_FILTERS:
-            return( MBEDTLS_SSL_EXT_ID_OID_FILTERS );
+            return MBEDTLS_SSL_EXT_ID_OID_FILTERS;
 
         case MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH:
-            return( MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH );
+            return MBEDTLS_SSL_EXT_ID_POST_HANDSHAKE_AUTH;
 
         case MBEDTLS_TLS_EXT_SIG_ALG_CERT:
-            return( MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT );
+            return MBEDTLS_SSL_EXT_ID_SIG_ALG_CERT;
 
         case MBEDTLS_TLS_EXT_KEY_SHARE:
-            return( MBEDTLS_SSL_EXT_ID_KEY_SHARE );
+            return MBEDTLS_SSL_EXT_ID_KEY_SHARE;
 
         case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
-            return( MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC );
+            return MBEDTLS_SSL_EXT_ID_TRUNCATED_HMAC;
 
         case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-            return( MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS );
+            return MBEDTLS_SSL_EXT_ID_SUPPORTED_POINT_FORMATS;
 
         case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-            return( MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC );
+            return MBEDTLS_SSL_EXT_ID_ENCRYPT_THEN_MAC;
 
         case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-            return( MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET );
+            return MBEDTLS_SSL_EXT_ID_EXTENDED_MASTER_SECRET;
 
         case MBEDTLS_TLS_EXT_SESSION_TICKET:
-            return( MBEDTLS_SSL_EXT_ID_SESSION_TICKET );
+            return MBEDTLS_SSL_EXT_ID_SESSION_TICKET;
 
     }
 
-    return( MBEDTLS_SSL_EXT_ID_UNRECOGNIZED );
+    return MBEDTLS_SSL_EXT_ID_UNRECOGNIZED;
 }
 
-uint32_t mbedtls_ssl_get_extension_mask( unsigned int extension_type )
+uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type)
 {
-    return( 1 << mbedtls_ssl_get_extension_id( extension_type ) );
+    return 1 << mbedtls_ssl_get_extension_id(extension_type);
 }
 
 #if defined(MBEDTLS_DEBUG_C)
@@ -648,7 +629,7 @@
     [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = "session_ticket"
 };
 
-static unsigned int extension_type_table[]={
+static unsigned int extension_type_table[] = {
     [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
     [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
     [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
@@ -679,168 +660,164 @@
     [MBEDTLS_SSL_EXT_ID_SESSION_TICKET] = MBEDTLS_TLS_EXT_SESSION_TICKET
 };
 
-const char *mbedtls_ssl_get_extension_name( unsigned int extension_type )
+const char *mbedtls_ssl_get_extension_name(unsigned int extension_type)
 {
-    return( extension_name_table[
-                mbedtls_ssl_get_extension_id( extension_type ) ] );
+    return extension_name_table[
+        mbedtls_ssl_get_extension_id(extension_type)];
 }
 
-static const char *ssl_tls13_get_hs_msg_name( int hs_msg_type )
+static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type)
 {
-    switch( hs_msg_type )
-    {
+    switch (hs_msg_type) {
         case MBEDTLS_SSL_HS_CLIENT_HELLO:
-            return( "ClientHello" );
+            return "ClientHello";
         case MBEDTLS_SSL_HS_SERVER_HELLO:
-            return( "ServerHello" );
+            return "ServerHello";
         case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
-            return( "HelloRetryRequest" );
+            return "HelloRetryRequest";
         case MBEDTLS_SSL_HS_NEW_SESSION_TICKET:
-            return( "NewSessionTicket" );
+            return "NewSessionTicket";
         case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
-            return( "EncryptedExtensions" );
+            return "EncryptedExtensions";
         case MBEDTLS_SSL_HS_CERTIFICATE:
-            return( "Certificate" );
+            return "Certificate";
         case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST:
-            return( "CertificateRequest" );
+            return "CertificateRequest";
     }
-    return( "Unknown" );
+    return "Unknown";
 }
 
-void mbedtls_ssl_print_extension( const mbedtls_ssl_context *ssl,
-                                  int level, const char *file, int line,
-                                  int hs_msg_type, unsigned int extension_type,
-                                  const char *extra_msg0, const char *extra_msg1 )
+void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl,
+                                 int level, const char *file, int line,
+                                 int hs_msg_type, unsigned int extension_type,
+                                 const char *extra_msg0, const char *extra_msg1)
 {
     const char *extra_msg;
-    if( extra_msg0 && extra_msg1 )
-    {
+    if (extra_msg0 && extra_msg1) {
         mbedtls_debug_print_msg(
             ssl, level, file, line,
             "%s: %s(%u) extension %s %s.",
-            ssl_tls13_get_hs_msg_name( hs_msg_type ),
-            mbedtls_ssl_get_extension_name( extension_type ),
+            ssl_tls13_get_hs_msg_name(hs_msg_type),
+            mbedtls_ssl_get_extension_name(extension_type),
             extension_type,
-            extra_msg0, extra_msg1 );
+            extra_msg0, extra_msg1);
         return;
     }
 
     extra_msg = extra_msg0 ? extra_msg0 : extra_msg1;
-    if( extra_msg )
-    {
+    if (extra_msg) {
         mbedtls_debug_print_msg(
             ssl, level, file, line,
-            "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
-            mbedtls_ssl_get_extension_name( extension_type ), extension_type,
-            extra_msg );
+            "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type),
+            mbedtls_ssl_get_extension_name(extension_type), extension_type,
+            extra_msg);
         return;
     }
 
     mbedtls_debug_print_msg(
         ssl, level, file, line,
-        "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name( hs_msg_type ),
-        mbedtls_ssl_get_extension_name( extension_type ), extension_type );
+        "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type),
+        mbedtls_ssl_get_extension_name(extension_type), extension_type);
 }
 
-void mbedtls_ssl_print_extensions( const mbedtls_ssl_context *ssl,
-                                   int level, const char *file, int line,
-                                   int hs_msg_type, uint32_t extensions_mask,
-                                   const char *extra )
+void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
+                                  int level, const char *file, int line,
+                                  int hs_msg_type, uint32_t extensions_mask,
+                                  const char *extra)
 {
 
-    for( unsigned i = 0;
-         i < sizeof( extension_name_table ) / sizeof( extension_name_table[0] );
-         i++ )
-    {
+    for (unsigned i = 0;
+         i < sizeof(extension_name_table) / sizeof(extension_name_table[0]);
+         i++) {
         mbedtls_ssl_print_extension(
             ssl, level, file, line, hs_msg_type, extension_type_table[i],
-            extensions_mask & ( 1 << i ) ? "exists" : "does not exist", extra );
+            extensions_mask & (1 << i) ? "exists" : "does not exist", extra);
     }
 }
 
 #endif /* MBEDTLS_DEBUG_C */
 
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
+void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
+                                   const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
 {
     ((void) ciphersuite_info);
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+    if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
         ssl->handshake->update_checksum = ssl_update_checksum_sha384;
-    else
+    } else
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
+    if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) {
         ssl->handshake->update_checksum = ssl_update_checksum_sha256;
-    else
+    } else
 #endif
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
         return;
     }
 }
 
-void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         size_t total_hs_len )
+void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
+                                        unsigned hs_type,
+                                        size_t total_hs_len)
 {
     unsigned char hs_hdr[4];
 
     /* Build HS header for checksum update. */
-    hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
-    hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
-    hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
-    hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
+    hs_hdr[0] = MBEDTLS_BYTE_0(hs_type);
+    hs_hdr[1] = MBEDTLS_BYTE_2(total_hs_len);
+    hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len);
+    hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len);
 
-    ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
+    ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
 }
 
-void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
-                                         unsigned hs_type,
-                                         unsigned char const *msg,
-                                         size_t msg_len )
+void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
+                                        unsigned hs_type,
+                                        unsigned char const *msg,
+                                        size_t msg_len)
 {
-    mbedtls_ssl_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
-    ssl->handshake->update_checksum( ssl, msg, msg_len );
+    mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
+    ssl->handshake->update_checksum(ssl, msg, msg_len);
 }
 
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
 {
     ((void) ssl);
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_abort( &ssl->handshake->fin_sha256_psa );
-    psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+    psa_hash_abort(&ssl->handshake->fin_sha256_psa);
+    psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
 #else
-    mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+    mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
 #endif
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_abort( &ssl->handshake->fin_sha384_psa );
-    psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+    psa_hash_abort(&ssl->handshake->fin_sha384_psa);
+    psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
 #else
-    mbedtls_sha512_starts( &ssl->handshake->fin_sha384, 1 );
+    mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
 #endif
 #endif
 }
 
-static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
-                                       const unsigned char *buf, size_t len )
+static void ssl_update_checksum_start(mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+    psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
 #else
-    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+    mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
 #endif
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+    psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
 #else
-    mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
+    mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
 #endif
 #endif
 #if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
@@ -852,66 +829,66 @@
 }
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf, size_t len )
+static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
+                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
+    psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
 #else
-    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+    mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
 #endif
 }
 #endif
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf, size_t len )
+static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
+                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
+    psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
 #else
-    mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
+    mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
 #endif
 }
 #endif
 
-static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake)
 {
-    memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
+    memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params));
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     handshake->fin_sha256_psa = psa_hash_operation_init();
-    psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+    psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256);
 #else
-    mbedtls_sha256_init(   &handshake->fin_sha256    );
-    mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
+    mbedtls_sha256_init(&handshake->fin_sha256);
+    mbedtls_sha256_starts(&handshake->fin_sha256, 0);
 #endif
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     handshake->fin_sha384_psa = psa_hash_operation_init();
-    psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+    psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384);
 #else
-    mbedtls_sha512_init(   &handshake->fin_sha384    );
-    mbedtls_sha512_starts( &handshake->fin_sha384, 1 );
+    mbedtls_sha512_init(&handshake->fin_sha384);
+    mbedtls_sha512_starts(&handshake->fin_sha384, 1);
 #endif
 #endif
 
     handshake->update_checksum = ssl_update_checksum_start;
 
 #if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_init( &handshake->dhm_ctx );
+    mbedtls_dhm_init(&handshake->dhm_ctx);
 #endif
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
-    mbedtls_ecdh_init( &handshake->ecdh_ctx );
+    mbedtls_ecdh_init(&handshake->ecdh_ctx);
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     handshake->psa_pake_ctx = psa_pake_operation_init();
     handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-    mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
+    mbedtls_ecjpake_init(&handshake->ecjpake_ctx);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_SSL_CLI_C)
     handshake->ecjpake_cache = NULL;
@@ -920,7 +897,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
+    mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx);
 #endif
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -929,20 +906,20 @@
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
     !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_pk_init( &handshake->peer_pubkey );
+    mbedtls_pk_init(&handshake->peer_pubkey);
 #endif
 }
 
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
+void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform)
 {
-    memset( transform, 0, sizeof(mbedtls_ssl_transform) );
+    memset(transform, 0, sizeof(mbedtls_ssl_transform));
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
     transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-    mbedtls_cipher_init( &transform->cipher_ctx_enc );
-    mbedtls_cipher_init( &transform->cipher_ctx_dec );
+    mbedtls_cipher_init(&transform->cipher_ctx_enc);
+    mbedtls_cipher_init(&transform->cipher_ctx_dec);
 #endif
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
@@ -950,106 +927,105 @@
     transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
     transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-    mbedtls_md_init( &transform->md_ctx_enc );
-    mbedtls_md_init( &transform->md_ctx_dec );
+    mbedtls_md_init(&transform->md_ctx_enc);
+    mbedtls_md_init(&transform->md_ctx_dec);
 #endif
 #endif
 }
 
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
 {
-    memset( session, 0, sizeof(mbedtls_ssl_session) );
+    memset(session, 0, sizeof(mbedtls_ssl_session));
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handshake_init( mbedtls_ssl_context *ssl )
+static int ssl_handshake_init(mbedtls_ssl_context *ssl)
 {
     /* Clear old handshake information if present */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->transform_negotiate )
-        mbedtls_ssl_transform_free( ssl->transform_negotiate );
+    if (ssl->transform_negotiate) {
+        mbedtls_ssl_transform_free(ssl->transform_negotiate);
+    }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    if( ssl->session_negotiate )
-        mbedtls_ssl_session_free( ssl->session_negotiate );
-    if( ssl->handshake )
-        mbedtls_ssl_handshake_free( ssl );
+    if (ssl->session_negotiate) {
+        mbedtls_ssl_session_free(ssl->session_negotiate);
+    }
+    if (ssl->handshake) {
+        mbedtls_ssl_handshake_free(ssl);
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     /*
      * Either the pointers are now NULL or cleared properly and can be freed.
      * Now allocate missing structures.
      */
-    if( ssl->transform_negotiate == NULL )
-    {
-        ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
+    if (ssl->transform_negotiate == NULL) {
+        ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-    if( ssl->session_negotiate == NULL )
-    {
-        ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
+    if (ssl->session_negotiate == NULL) {
+        ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session));
     }
 
-    if( ssl->handshake == NULL )
-    {
-        ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
+    if (ssl->handshake == NULL) {
+        ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params));
     }
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     /* If the buffers are too small - reallocate */
 
-    handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
-                                    MBEDTLS_SSL_OUT_BUFFER_LEN );
+    handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN,
+                           MBEDTLS_SSL_OUT_BUFFER_LEN);
 #endif
 
     /* All pointers should exist and can be directly freed without issue */
-    if( ssl->handshake           == NULL ||
+    if (ssl->handshake           == NULL ||
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         ssl->transform_negotiate == NULL ||
 #endif
-        ssl->session_negotiate   == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
+        ssl->session_negotiate   == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed"));
 
-        mbedtls_free( ssl->handshake );
+        mbedtls_free(ssl->handshake);
         ssl->handshake = NULL;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        mbedtls_free( ssl->transform_negotiate );
+        mbedtls_free(ssl->transform_negotiate);
         ssl->transform_negotiate = NULL;
 #endif
 
-        mbedtls_free( ssl->session_negotiate );
+        mbedtls_free(ssl->session_negotiate);
         ssl->session_negotiate = NULL;
 
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
     /* Initialize structures */
-    mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_handshake_params_init( ssl->handshake );
+    mbedtls_ssl_session_init(ssl->session_negotiate);
+    ssl_handshake_params_init(ssl->handshake);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    mbedtls_ssl_transform_init( ssl->transform_negotiate );
+    mbedtls_ssl_transform_init(ssl->transform_negotiate);
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_SSL_SESSION_TICKETS)
     ssl->handshake->new_session_tickets_count =
-        ssl->conf->new_session_tickets_count ;
+        ssl->conf->new_session_tickets_count;
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         ssl->handshake->alt_transform_out = ssl->transform_out;
 
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
             ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
-        else
+        } else {
             ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+        }
 
-        mbedtls_ssl_set_timer( ssl, 0 );
+        mbedtls_ssl_set_timer(ssl, 0);
     }
 #endif
 
@@ -1061,27 +1037,26 @@
 #if defined(MBEDTLS_ECP_C)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
     /* Heap allocate and translate curve_list from internal to IANA group ids */
-    if ( ssl->conf->curve_list != NULL )
-    {
+    if (ssl->conf->curve_list != NULL) {
         size_t length;
         const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
 
-        for( length = 0;  ( curve_list[length] != MBEDTLS_ECP_DP_NONE ) &&
-                          ( length < MBEDTLS_ECP_DP_MAX ); length++ ) {}
+        for (length = 0;  (curve_list[length] != MBEDTLS_ECP_DP_NONE) &&
+             (length < MBEDTLS_ECP_DP_MAX); length++) {
+        }
 
         /* Leave room for zero termination */
-        uint16_t *group_list = mbedtls_calloc( length + 1, sizeof(uint16_t) );
-        if ( group_list == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t));
+        if (group_list == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        for( size_t i = 0; i < length; i++ )
-        {
+        for (size_t i = 0; i < length; i++) {
             uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
-                                curve_list[i] );
-            if ( tls_id == 0 )
-            {
-                mbedtls_free( group_list );
-                return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+                curve_list[i]);
+            if (tls_id == 0) {
+                mbedtls_free(group_list);
+                return MBEDTLS_ERR_SSL_BAD_CONFIG;
             }
             group_list[i] = tls_id;
         }
@@ -1090,9 +1065,7 @@
 
         ssl->handshake->group_list = group_list;
         ssl->handshake->group_list_heap_allocated = 1;
-    }
-    else
-    {
+    } else {
         ssl->handshake->group_list = ssl->conf->group_list;
         ssl->handshake->group_list_heap_allocated = 0;
     }
@@ -1104,77 +1077,78 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     /* Heap allocate and translate sig_hashes from internal hash identifiers to
        signature algorithms IANA identifiers.  */
-    if ( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) &&
-         ssl->conf->sig_hashes != NULL )
-    {
+    if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) &&
+        ssl->conf->sig_hashes != NULL) {
         const int *md;
         const int *sig_hashes = ssl->conf->sig_hashes;
         size_t sig_algs_len = 0;
         uint16_t *p;
 
 #if defined(static_assert)
-        static_assert( MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
-                       <= ( SIZE_MAX - ( 2 * sizeof(uint16_t) ) ),
-                       "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big" );
+        static_assert(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
+                      <= (SIZE_MAX - (2 * sizeof(uint16_t))),
+                      "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big");
 #endif
 
-        for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-        {
-            if( mbedtls_ssl_hash_from_md_alg( *md ) == MBEDTLS_SSL_HASH_NONE )
+        for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
+            if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
                 continue;
+            }
 #if defined(MBEDTLS_ECDSA_C)
-            sig_algs_len += sizeof( uint16_t );
+            sig_algs_len += sizeof(uint16_t);
 #endif
 
 #if defined(MBEDTLS_RSA_C)
-            sig_algs_len += sizeof( uint16_t );
+            sig_algs_len += sizeof(uint16_t);
 #endif
-            if( sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN )
-                return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+            if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) {
+                return MBEDTLS_ERR_SSL_BAD_CONFIG;
+            }
         }
 
-        if( sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN )
-            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+        if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) {
+            return MBEDTLS_ERR_SSL_BAD_CONFIG;
+        }
 
-        ssl->handshake->sig_algs = mbedtls_calloc( 1, sig_algs_len +
-                                                      sizeof( uint16_t ));
-        if( ssl->handshake->sig_algs == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
+                                                  sizeof(uint16_t));
+        if (ssl->handshake->sig_algs == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        p = (uint16_t *)ssl->handshake->sig_algs;
-        for( md = sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-        {
-            unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
-            if( hash == MBEDTLS_SSL_HASH_NONE )
+        p = (uint16_t *) ssl->handshake->sig_algs;
+        for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
+            unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md);
+            if (hash == MBEDTLS_SSL_HASH_NONE) {
                 continue;
+            }
 #if defined(MBEDTLS_ECDSA_C)
-            *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
+            *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
             p++;
 #endif
 #if defined(MBEDTLS_RSA_C)
-            *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
+            *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA);
             p++;
 #endif
         }
         *p = MBEDTLS_TLS_SIG_NONE;
         ssl->handshake->sig_algs_heap_allocated = 1;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     {
         ssl->handshake->sig_algs_heap_allocated = 0;
     }
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /* Dummy cookie callbacks for defaults */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_write_dummy( void *ctx,
-                      unsigned char **p, unsigned char *end,
-                      const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_write_dummy(void *ctx,
+                                  unsigned char **p, unsigned char *end,
+                                  const unsigned char *cli_id, size_t cli_id_len)
 {
     ((void) ctx);
     ((void) p);
@@ -1182,13 +1156,13 @@
     ((void) cli_id);
     ((void) cli_id_len);
 
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_check_dummy( void *ctx,
-                      const unsigned char *cookie, size_t cookie_len,
-                      const unsigned char *cli_id, size_t cli_id_len )
+static int ssl_cookie_check_dummy(void *ctx,
+                                  const unsigned char *cookie, size_t cookie_len,
+                                  const unsigned char *cli_id, size_t cli_id_len)
 {
     ((void) ctx);
     ((void) cookie);
@@ -1196,77 +1170,72 @@
     ((void) cli_id);
     ((void) cli_id_len);
 
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
 /*
  * Initialize an SSL context
  */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl)
 {
-    memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
+    memset(ssl, 0, sizeof(mbedtls_ssl_context));
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
+static int ssl_conf_version_check(const mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_config *conf = ssl->conf;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( mbedtls_ssl_conf_is_tls13_only( conf ) )
-    {
-        if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-             MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
-             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (mbedtls_ssl_conf_is_tls13_only(conf)) {
+        if (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS 1.3 is not yet supported."));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls13 only."));
+        return 0;
     }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( mbedtls_ssl_conf_is_tls12_only( conf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
-        return( 0 );
+    if (mbedtls_ssl_conf_is_tls12_only(conf)) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is tls12 only."));
+        return 0;
     }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) )
-    {
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-             MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2" ) );
-             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (mbedtls_ssl_conf_is_hybrid_tls12_tls13(conf)) {
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS not yet supported in Hybrid TLS 1.3 + TLS 1.2"));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
 
-        if( conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        if (conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("TLS 1.3 server is not supported yet."));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
 
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is TLS 1.3 or TLS 1.2." ) );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("The SSL configuration is TLS 1.3 or TLS 1.2."));
+        return 0;
     }
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "The SSL configuration is invalid." ) );
-    return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("The SSL configuration is invalid."));
+    return MBEDTLS_ERR_SSL_BAD_CONFIG;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_conf_check(const mbedtls_ssl_context *ssl)
 {
     int ret;
-    ret = ssl_conf_version_check( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_conf_version_check(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     /* RFC 8446 section 4.4.3
@@ -1278,31 +1247,30 @@
      * bad config.
      *
      */
-    if( mbedtls_ssl_conf_tls13_ephemeral_enabled(
-            (mbedtls_ssl_context *)ssl )                            &&
+    if (mbedtls_ssl_conf_tls13_ephemeral_enabled(
+            (mbedtls_ssl_context *) ssl)                            &&
         ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT                &&
         ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3    &&
         ssl->conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3    &&
-        ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
-    {
+        ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
         MBEDTLS_SSL_DEBUG_MSG(
-            1, ( "Optional verify auth mode "
-                 "is not available for TLS 1.3 client" ) );
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+            1, ("Optional verify auth mode "
+                "is not available for TLS 1.3 client"));
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
     /* Space for further checks */
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Setup an SSL context
  */
 
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
-                       const mbedtls_ssl_config *conf )
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
+                      const mbedtls_ssl_config *conf)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
@@ -1310,8 +1278,9 @@
 
     ssl->conf = conf;
 
-    if( ( ret = ssl_conf_check( ssl ) ) != 0 )
-        return( ret );
+    if ((ret = ssl_conf_check(ssl)) != 0) {
+        return ret;
+    }
 
     /*
      * Prepare base structures
@@ -1323,10 +1292,9 @@
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     ssl->in_buf_len = in_buf_len;
 #endif
-    ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
-    if( ssl->in_buf == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
+    ssl->in_buf = mbedtls_calloc(1, in_buf_len);
+    if (ssl->in_buf == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len));
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto error;
     }
@@ -1334,28 +1302,28 @@
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     ssl->out_buf_len = out_buf_len;
 #endif
-    ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
-    if( ssl->out_buf == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
+    ssl->out_buf = mbedtls_calloc(1, out_buf_len);
+    if (ssl->out_buf == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len));
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto error;
     }
 
-    mbedtls_ssl_reset_in_out_pointers( ssl );
+    mbedtls_ssl_reset_in_out_pointers(ssl);
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-    memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) );
+    memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info));
 #endif
 
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+    if ((ret = ssl_handshake_init(ssl)) != 0) {
         goto error;
+    }
 
-    return( 0 );
+    return 0;
 
 error:
-    mbedtls_free( ssl->in_buf );
-    mbedtls_free( ssl->out_buf );
+    mbedtls_free(ssl->in_buf);
+    mbedtls_free(ssl->out_buf);
 
     ssl->conf = NULL;
 
@@ -1378,7 +1346,7 @@
     ssl->out_iv = NULL;
     ssl->out_msg = NULL;
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -1388,8 +1356,8 @@
  * If partial is non-zero, keep data in the input buffer and client ID.
  * (Use when a DTLS client reconnects from the same port.)
  */
-void mbedtls_ssl_session_reset_msg_layer( mbedtls_ssl_context *ssl,
-                                          int partial )
+void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl,
+                                         int partial)
 {
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
     size_t in_buf_len = ssl->in_buf_len;
@@ -1404,9 +1372,9 @@
 #endif
 
     /* Cancel any possibly running timer */
-    mbedtls_ssl_set_timer( ssl, 0 );
+    mbedtls_ssl_set_timer(ssl, 0);
 
-    mbedtls_ssl_reset_in_out_pointers( ssl );
+    mbedtls_ssl_reset_in_out_pointers(ssl);
 
     /* Reset incoming message parsing */
     ssl->in_offt    = NULL;
@@ -1423,10 +1391,9 @@
 #endif
 
     /* Keep current datagram if partial == 1 */
-    if( partial == 0 )
-    {
+    if (partial == 0) {
         ssl->in_left = 0;
-        memset( ssl->in_buf, 0, in_buf_len );
+        memset(ssl->in_buf, 0, in_buf_len);
     }
 
     ssl->send_alert = 0;
@@ -1435,51 +1402,49 @@
     ssl->out_msgtype = 0;
     ssl->out_msglen  = 0;
     ssl->out_left    = 0;
-    memset( ssl->out_buf, 0, out_buf_len );
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    memset(ssl->out_buf, 0, out_buf_len);
+    memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
     ssl->transform_out = NULL;
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    mbedtls_ssl_dtls_replay_reset( ssl );
+    mbedtls_ssl_dtls_replay_reset(ssl);
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
+    if (ssl->transform) {
+        mbedtls_ssl_transform_free(ssl->transform);
+        mbedtls_free(ssl->transform);
         ssl->transform = NULL;
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_transform_free( ssl->transform_application );
-    mbedtls_free( ssl->transform_application );
+    mbedtls_ssl_transform_free(ssl->transform_application);
+    mbedtls_free(ssl->transform_application);
     ssl->transform_application = NULL;
 
-    if( ssl->handshake != NULL )
-    {
+    if (ssl->handshake != NULL) {
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-        mbedtls_ssl_transform_free( ssl->handshake->transform_earlydata );
-        mbedtls_free( ssl->handshake->transform_earlydata );
+        mbedtls_ssl_transform_free(ssl->handshake->transform_earlydata);
+        mbedtls_free(ssl->handshake->transform_earlydata);
         ssl->handshake->transform_earlydata = NULL;
 #endif
 
-        mbedtls_ssl_transform_free( ssl->handshake->transform_handshake );
-        mbedtls_free( ssl->handshake->transform_handshake );
+        mbedtls_ssl_transform_free(ssl->handshake->transform_handshake);
+        mbedtls_free(ssl->handshake->transform_handshake);
         ssl->handshake->transform_handshake = NULL;
     }
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 }
 
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
 
-    mbedtls_ssl_session_reset_msg_layer( ssl, partial );
+    mbedtls_ssl_session_reset_msg_layer(ssl, partial);
 
     /* Reset renegotiation state */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -1487,17 +1452,16 @@
     ssl->renego_records_seen = 0;
 
     ssl->verify_data_len = 0;
-    memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
-    memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+    memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
+    memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN);
 #endif
     ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
 
     ssl->session_in  = NULL;
     ssl->session_out = NULL;
-    if( ssl->session )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
+    if (ssl->session) {
+        mbedtls_ssl_session_free(ssl->session);
+        mbedtls_free(ssl->session);
         ssl->session = NULL;
     }
 
@@ -1508,108 +1472,108 @@
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     int free_cli_id = 1;
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
-    free_cli_id = ( partial == 0 );
+    free_cli_id = (partial == 0);
 #endif
-    if( free_cli_id )
-    {
-        mbedtls_free( ssl->cli_id );
+    if (free_cli_id) {
+        mbedtls_free(ssl->cli_id);
         ssl->cli_id = NULL;
         ssl->cli_id_len = 0;
     }
 #endif
 
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
+    if ((ret = ssl_handshake_init(ssl)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Reset an initialized and used SSL context for re-use while retaining
  * all application-set variables, function pointers and data.
  */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
 {
-    return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+    return mbedtls_ssl_session_reset_int(ssl, 0);
 }
 
 /*
  * SSL set accessors
  */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint)
 {
     conf->endpoint   = endpoint;
 }
 
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport)
 {
     conf->transport = transport;
 }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode)
 {
     conf->anti_replay = mode;
 }
 #endif
 
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit)
 {
     conf->badmac_limit = limit;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
-                                       unsigned allow_packing )
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+                                      unsigned allow_packing)
 {
     ssl->disable_datagram_packing = !allow_packing;
 }
 
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
-                                         uint32_t min, uint32_t max )
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf,
+                                        uint32_t min, uint32_t max)
 {
     conf->hs_timeout_min = min;
     conf->hs_timeout_max = max;
 }
 #endif
 
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode)
 {
     conf->authmode   = authmode;
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf,
+                             int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                             void *p_vrfy)
 {
     conf->f_vrfy      = f_vrfy;
     conf->p_vrfy      = p_vrfy;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng )
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng)
 {
     conf->f_rng      = f_rng;
     conf->p_rng      = p_rng;
 }
 
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
-                  void (*f_dbg)(void *, int, const char *, int, const char *),
-                  void  *p_dbg )
+void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
+                          void (*f_dbg)(void *, int, const char *, int, const char *),
+                          void  *p_dbg)
 {
     conf->f_dbg      = f_dbg;
     conf->p_dbg      = p_dbg;
 }
 
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
-        void *p_bio,
-        mbedtls_ssl_send_t *f_send,
-        mbedtls_ssl_recv_t *f_recv,
-        mbedtls_ssl_recv_timeout_t *f_recv_timeout )
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+                         void *p_bio,
+                         mbedtls_ssl_send_t *f_send,
+                         mbedtls_ssl_recv_t *f_recv,
+                         mbedtls_ssl_recv_timeout_t *f_recv_timeout)
 {
     ssl->p_bio          = p_bio;
     ssl->f_send         = f_send;
@@ -1618,35 +1582,35 @@
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu)
 {
     ssl->mtu = mtu;
 }
 #endif
 
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout)
 {
     conf->read_timeout   = timeout;
 }
 
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
-                               void *p_timer,
-                               mbedtls_ssl_set_timer_t *f_set_timer,
-                               mbedtls_ssl_get_timer_t *f_get_timer )
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+                              void *p_timer,
+                              mbedtls_ssl_set_timer_t *f_set_timer,
+                              mbedtls_ssl_get_timer_t *f_get_timer)
 {
     ssl->p_timer        = p_timer;
     ssl->f_set_timer    = f_set_timer;
     ssl->f_get_timer    = f_get_timer;
 
     /* Make sure we start with no timer running */
-    mbedtls_ssl_set_timer( ssl, 0 );
+    mbedtls_ssl_set_timer(ssl, 0);
 }
 
 #if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-                                     void *p_cache,
-                                     mbedtls_ssl_cache_get_t *f_get_cache,
-                                     mbedtls_ssl_cache_set_t *f_set_cache )
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+                                    void *p_cache,
+                                    mbedtls_ssl_cache_get_t *f_get_cache,
+                                    mbedtls_ssl_cache_set_t *f_set_cache)
 {
     conf->p_cache = p_cache;
     conf->f_get_cache = f_get_cache;
@@ -1655,71 +1619,70 @@
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl == NULL ||
+    if (ssl == NULL ||
         session == NULL ||
         ssl->session_negotiate == NULL ||
-        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    if( ssl->handshake->resume == 1 )
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (ssl->handshake->resume == 1) {
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-                    mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );
+            mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
 
-        if( mbedtls_ssl_validate_ciphersuite(
+        if (mbedtls_ssl_validate_ciphersuite(
                 ssl, ciphersuite_info, MBEDTLS_SSL_VERSION_TLS1_3,
-                MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid TLS 1.3 ciphersuite.",
-                                        session->ciphersuite ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+                MBEDTLS_SSL_VERSION_TLS1_3) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(4, ("%d is not a valid TLS 1.3 ciphersuite.",
+                                      session->ciphersuite));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
-                                          session ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate,
+                                        session)) != 0) {
+        return ret;
+    }
 
     ssl->handshake->resume = 1;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                    const int *ciphersuites )
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+                                   const int *ciphersuites)
 {
     conf->ciphersuite_list = ciphersuites;
 }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
-                                                const int kex_modes )
+void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf,
+                                               const int kex_modes)
 {
     conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-void mbedtls_ssl_tls13_conf_early_data( mbedtls_ssl_config *conf,
-                                        int early_data_enabled )
+void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
+                                       int early_data_enabled)
 {
     conf->early_data_enabled = early_data_enabled;
 }
 
 #if defined(MBEDTLS_SSL_SRV_C)
 void mbedtls_ssl_tls13_conf_max_early_data_size(
-         mbedtls_ssl_config *conf, uint32_t max_early_data_size )
+    mbedtls_ssl_config *conf, uint32_t max_early_data_size)
 {
     conf->max_early_data_size = max_early_data_size;
 }
@@ -1729,74 +1692,71 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    const mbedtls_x509_crt_profile *profile )
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+                                   const mbedtls_x509_crt_profile *profile)
 {
     conf->cert_profile = profile;
 }
 
-static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
+static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert)
 {
     mbedtls_ssl_key_cert *cur = key_cert, *next;
 
-    while( cur != NULL )
-    {
+    while (cur != NULL) {
         next = cur->next;
-        mbedtls_free( cur );
+        mbedtls_free(cur);
         cur = next;
     }
 }
 
 /* Append a new keycert entry to a (possibly empty) list */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
-                                mbedtls_x509_crt *cert,
-                                mbedtls_pk_context *key )
+static int ssl_append_key_cert(mbedtls_ssl_key_cert **head,
+                               mbedtls_x509_crt *cert,
+                               mbedtls_pk_context *key)
 {
     mbedtls_ssl_key_cert *new_cert;
 
-    if( cert == NULL )
-    {
+    if (cert == NULL) {
         /* Free list if cert is null */
-        ssl_key_cert_free( *head );
+        ssl_key_cert_free(*head);
         *head = NULL;
-        return( 0 );
+        return 0;
     }
 
-    new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
-    if( new_cert == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert));
+    if (new_cert == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
 
     new_cert->cert = cert;
     new_cert->key  = key;
     new_cert->next = NULL;
 
     /* Update head if the list was null, else add to the end */
-    if( *head == NULL )
-    {
+    if (*head == NULL) {
         *head = new_cert;
-    }
-    else
-    {
+    } else {
         mbedtls_ssl_key_cert *cur = *head;
-        while( cur->next != NULL )
+        while (cur->next != NULL) {
             cur = cur->next;
+        }
         cur->next = new_cert;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
                               mbedtls_x509_crt *own_cert,
-                              mbedtls_pk_context *pk_key )
+                              mbedtls_pk_context *pk_key)
 {
-    return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
+    return ssl_append_key_cert(&conf->key_cert, own_cert, pk_key);
 }
 
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
                                mbedtls_x509_crt *ca_chain,
-                               mbedtls_x509_crl *ca_crl )
+                               mbedtls_x509_crl *ca_crl)
 {
     conf->ca_chain   = ca_chain;
     conf->ca_crl     = ca_crl;
@@ -1810,9 +1770,9 @@
 }
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
-                             mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                             void *p_ca_cb )
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+                            mbedtls_x509_crt_ca_cb_t f_ca_cb,
+                            void *p_ca_cb)
 {
     conf->f_ca_cb = f_ca_cb;
     conf->p_ca_cb = p_ca_cb;
@@ -1826,48 +1786,48 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-const unsigned char *mbedtls_ssl_get_hs_sni( mbedtls_ssl_context *ssl,
-                                             size_t *name_len )
+const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl,
+                                            size_t *name_len)
 {
     *name_len = ssl->handshake->sni_name_len;
-    return( ssl->handshake->sni_name );
+    return ssl->handshake->sni_name;
 }
 
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
-                                 mbedtls_x509_crt *own_cert,
-                                 mbedtls_pk_context *pk_key )
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+                                mbedtls_x509_crt *own_cert,
+                                mbedtls_pk_context *pk_key)
 {
-    return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
-                                 own_cert, pk_key ) );
+    return ssl_append_key_cert(&ssl->handshake->sni_key_cert,
+                               own_cert, pk_key);
 }
 
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
-                                  mbedtls_x509_crt *ca_chain,
-                                  mbedtls_x509_crl *ca_crl )
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *ca_chain,
+                                 mbedtls_x509_crl *ca_crl)
 {
     ssl->handshake->sni_ca_chain   = ca_chain;
     ssl->handshake->sni_ca_crl     = ca_crl;
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
-void mbedtls_ssl_set_hs_dn_hints( mbedtls_ssl_context *ssl,
-                                  const mbedtls_x509_crt *crt)
+void mbedtls_ssl_set_hs_dn_hints(mbedtls_ssl_context *ssl,
+                                 const mbedtls_x509_crt *crt)
 {
     ssl->handshake->dn_hints = crt;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
-                                  int authmode )
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl,
+                                 int authmode)
 {
     ssl->handshake->sni_authmode = authmode;
 }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl,
+                            int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                            void *p_vrfy)
 {
     ssl->f_vrfy = f_vrfy;
     ssl->p_vrfy = p_vrfy;
@@ -1878,169 +1838,177 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
-                                                mbedtls_ssl_context *ssl,
-                                                mbedtls_svc_key_id_t pwd )
+    mbedtls_ssl_context *ssl,
+    mbedtls_svc_key_id_t pwd)
 {
     psa_status_t status;
     psa_pake_role_t psa_role;
     psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
 
-    psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE );
-    psa_pake_cs_set_primitive( &cipher_suite,
-                               PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC,
-                                                   PSA_ECC_FAMILY_SECP_R1,
-                                                   256) );
-    psa_pake_cs_set_hash( &cipher_suite, PSA_ALG_SHA_256 );
+    psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
+    psa_pake_cs_set_primitive(&cipher_suite,
+                              PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC,
+                                                 PSA_ECC_FAMILY_SECP_R1,
+                                                 256));
+    psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
 
-    status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite );
-    if( status != PSA_SUCCESS )
+    status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite);
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
         psa_role = PSA_PAKE_ROLE_SERVER;
-    else
+    } else {
         psa_role = PSA_PAKE_ROLE_CLIENT;
+    }
 
-    status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role );
-    if( status != PSA_SUCCESS )
+    status = psa_pake_set_role(&ssl->handshake->psa_pake_ctx, psa_role);
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
-    status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, pwd );
-    if( status != PSA_SUCCESS )
+    status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd);
+    if (status != PSA_SUCCESS) {
         return status;
+    }
 
     ssl->handshake->psa_pake_ctx_is_ok = 1;
 
-    return ( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len )
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+                                        const unsigned char *pw,
+                                        size_t pw_len)
 {
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status;
 
-    if( ssl->handshake == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    /* Empty password is not valid  */
-    if( ( pw == NULL) || ( pw_len == 0 ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
-    psa_set_key_algorithm( &attributes, PSA_ALG_JPAKE );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD );
-
-    status = psa_import_key( &attributes, pw, pw_len,
-                                &ssl->handshake->psa_pake_password );
-    if( status != PSA_SUCCESS )
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
-    status = mbedtls_ssl_set_hs_ecjpake_password_common( ssl,
-                                        ssl->handshake->psa_pake_password );
-    if( status != PSA_SUCCESS )
-    {
-        psa_destroy_key( ssl->handshake->psa_pake_password );
-        psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    if (ssl->handshake == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    /* Empty password is not valid  */
+    if ((pw == NULL) || (pw_len == 0)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
+
+    status = psa_import_key(&attributes, pw, pw_len,
+                            &ssl->handshake->psa_pake_password);
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+    }
+
+    status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl,
+                                                        ssl->handshake->psa_pake_password);
+    if (status != PSA_SUCCESS) {
+        psa_destroy_key(ssl->handshake->psa_pake_password);
+        psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+    }
+
+    return 0;
 }
 
-int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
-                                                mbedtls_svc_key_id_t pwd )
+int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
+                                               mbedtls_svc_key_id_t pwd)
 {
     psa_status_t status;
 
-    if( ssl->handshake == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( mbedtls_svc_key_id_is_null( pwd ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    status = mbedtls_ssl_set_hs_ecjpake_password_common( ssl, pwd );
-    if( status != PSA_SUCCESS )
-    {
-        psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    if (ssl->handshake == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    return( 0 );
+    if (mbedtls_svc_key_id_is_null(pwd)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+
+    status = mbedtls_ssl_set_hs_ecjpake_password_common(ssl, pwd);
+    if (status != PSA_SUCCESS) {
+        psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+    }
+
+    return 0;
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len )
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+                                        const unsigned char *pw,
+                                        size_t pw_len)
 {
     mbedtls_ecjpake_role role;
 
-    if( ssl->handshake == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->handshake == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     /* Empty password is not valid  */
-    if( ( pw == NULL) || ( pw_len == 0 ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((pw == NULL) || (pw_len == 0)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
         role = MBEDTLS_ECJPAKE_SERVER;
-    else
+    } else {
         role = MBEDTLS_ECJPAKE_CLIENT;
+    }
 
-    return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
-                                   role,
-                                   MBEDTLS_MD_SHA256,
-                                   MBEDTLS_ECP_DP_SECP256R1,
-                                   pw, pw_len ) );
+    return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
+                                 role,
+                                 MBEDTLS_MD_SHA256,
+                                 MBEDTLS_ECP_DP_SECP256R1,
+                                 pw, pw_len);
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
+int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf)
 {
-    if( conf->psk_identity     == NULL ||
-        conf->psk_identity_len == 0     )
-    {
-        return( 0 );
+    if (conf->psk_identity     == NULL ||
+        conf->psk_identity_len == 0) {
+        return 0;
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
-        return( 1 );
+    if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
+        return 1;
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( conf->psk != NULL && conf->psk_len != 0 )
-        return( 1 );
+    if (conf->psk != NULL && conf->psk_len != 0) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
+static void ssl_conf_remove_psk(mbedtls_ssl_config *conf)
 {
     /* Remove reference to existing PSK, if any. */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
-    {
+    if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
         /* The maintenance of the PSK key slot is the
          * user's responsibility. */
         conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    if( conf->psk != NULL )
-    {
-        mbedtls_platform_zeroize( conf->psk, conf->psk_len );
+    if (conf->psk != NULL) {
+        mbedtls_platform_zeroize(conf->psk, conf->psk_len);
 
-        mbedtls_free( conf->psk );
+        mbedtls_free(conf->psk);
         conf->psk = NULL;
         conf->psk_len = 0;
     }
 
     /* Remove reference to PSK identity, if any. */
-    if( conf->psk_identity != NULL )
-    {
-        mbedtls_free( conf->psk_identity );
+    if (conf->psk_identity != NULL) {
+        mbedtls_free(conf->psk_identity);
         conf->psk_identity = NULL;
         conf->psk_identity_len = 0;
     }
@@ -2051,87 +2019,90 @@
  * to make a copy of it in the SSL config.
  * On failure, the PSK identity in the config remains unset. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf,
-                                      unsigned char const *psk_identity,
-                                      size_t psk_identity_len )
+static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf,
+                                     unsigned char const *psk_identity,
+                                     size_t psk_identity_len)
 {
     /* Identity len will be encoded on two bytes */
-    if( psk_identity               == NULL ||
+    if (psk_identity               == NULL ||
         psk_identity_len           == 0    ||
-        ( psk_identity_len >> 16 ) != 0    ||
-        psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        (psk_identity_len >> 16) != 0    ||
+        psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    conf->psk_identity = mbedtls_calloc( 1, psk_identity_len );
-    if( conf->psk_identity == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    conf->psk_identity = mbedtls_calloc(1, psk_identity_len);
+    if (conf->psk_identity == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
 
     conf->psk_identity_len = psk_identity_len;
-    memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
+    memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len);
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
-                const unsigned char *psk, size_t psk_len,
-                const unsigned char *psk_identity, size_t psk_identity_len )
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+                         const unsigned char *psk, size_t psk_len,
+                         const unsigned char *psk_identity, size_t psk_identity_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* We currently only support one PSK, raw or opaque. */
-    if( mbedtls_ssl_conf_has_static_psk( conf ) )
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (mbedtls_ssl_conf_has_static_psk(conf)) {
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
 
     /* Check and set raw PSK */
-    if( psk == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    if( psk_len == 0 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    if( psk_len > MBEDTLS_PSK_MAX_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (psk == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    if (psk_len == 0) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
     conf->psk_len = psk_len;
-    memcpy( conf->psk, psk, conf->psk_len );
+    memcpy(conf->psk, psk, conf->psk_len);
 
     /* Check and set PSK Identity */
-    ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len );
-    if( ret != 0 )
-        ssl_conf_remove_psk( conf );
+    ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len);
+    if (ret != 0) {
+        ssl_conf_remove_psk(conf);
+    }
 
-    return( ret );
+    return ret;
 }
 
-static void ssl_remove_psk( mbedtls_ssl_context *ssl )
+static void ssl_remove_psk(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
-    {
+    if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
         /* The maintenance of the external PSK key slot is the
          * user's responsibility. */
-        if( ssl->handshake->psk_opaque_is_internal )
-        {
-            psa_destroy_key( ssl->handshake->psk_opaque );
+        if (ssl->handshake->psk_opaque_is_internal) {
+            psa_destroy_key(ssl->handshake->psk_opaque);
             ssl->handshake->psk_opaque_is_internal = 0;
         }
         ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
     }
 #else
-    if( ssl->handshake->psk != NULL )
-    {
-        mbedtls_platform_zeroize( ssl->handshake->psk,
-                                  ssl->handshake->psk_len );
-        mbedtls_free( ssl->handshake->psk );
+    if (ssl->handshake->psk != NULL) {
+        mbedtls_platform_zeroize(ssl->handshake->psk,
+                                 ssl->handshake->psk_len);
+        mbedtls_free(ssl->handshake->psk);
         ssl->handshake->psk_len = 0;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 }
 
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
-                            const unsigned char *psk, size_t psk_len )
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+                           const unsigned char *psk, size_t psk_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t key_attributes = psa_key_attributes_init();
@@ -2140,100 +2111,107 @@
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( psk == NULL || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (psk == NULL || ssl->handshake == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( psk_len > MBEDTLS_PSK_MAX_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (psk_len > MBEDTLS_PSK_MAX_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl_remove_psk( ssl );
+    ssl_remove_psk(ssl);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-            alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_384 );
-        else
-            alg = PSA_ALG_TLS12_PSK_TO_MS( PSA_ALG_SHA_256 );
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
+        if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+            alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+        } else {
+            alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+        }
+        psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
-        alg = PSA_ALG_HKDF_EXTRACT( PSA_ALG_ANY_HASH );
-        psa_set_key_usage_flags( &key_attributes,
-                                 PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
+    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+        alg = PSA_ALG_HKDF_EXTRACT(PSA_ALG_ANY_HASH);
+        psa_set_key_usage_flags(&key_attributes,
+                                PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    psa_set_key_algorithm( &key_attributes, alg );
-    psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+    psa_set_key_algorithm(&key_attributes, alg);
+    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
 
-    status = psa_import_key( &key_attributes, psk, psk_len, &key );
-    if( status != PSA_SUCCESS )
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    status = psa_import_key(&key_attributes, psk, psk_len, &key);
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+    }
 
     /* Allow calling psa_destroy_key() on psk remove */
     ssl->handshake->psk_opaque_is_internal = 1;
-    return mbedtls_ssl_set_hs_psk_opaque( ssl, key );
+    return mbedtls_ssl_set_hs_psk_opaque(ssl, key);
 #else
-    if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
 
     ssl->handshake->psk_len = psk_len;
-    memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
+    memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
 
-    return( 0 );
+    return 0;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 mbedtls_svc_key_id_t psk,
-                                 const unsigned char *psk_identity,
-                                 size_t psk_identity_len )
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+                                mbedtls_svc_key_id_t psk,
+                                const unsigned char *psk_identity,
+                                size_t psk_identity_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* We currently only support one PSK, raw or opaque. */
-    if( mbedtls_ssl_conf_has_static_psk( conf ) )
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (mbedtls_ssl_conf_has_static_psk(conf)) {
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
 
     /* Check and set opaque PSK */
-    if( mbedtls_svc_key_id_is_null( psk ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mbedtls_svc_key_id_is_null(psk)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
     conf->psk_opaque = psk;
 
     /* Check and set PSK Identity */
-    ret = ssl_conf_set_psk_identity( conf, psk_identity,
-                                     psk_identity_len );
-    if( ret != 0 )
-        ssl_conf_remove_psk( conf );
+    ret = ssl_conf_set_psk_identity(conf, psk_identity,
+                                    psk_identity_len);
+    if (ret != 0) {
+        ssl_conf_remove_psk(conf);
+    }
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   mbedtls_svc_key_id_t psk )
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
+                                  mbedtls_svc_key_id_t psk)
 {
-    if( ( mbedtls_svc_key_id_is_null( psk ) ) ||
-        ( ssl->handshake == NULL ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((mbedtls_svc_key_id_is_null(psk)) ||
+        (ssl->handshake == NULL)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl_remove_psk( ssl );
+    ssl_remove_psk(ssl);
     ssl->handshake->psk_opaque = psk;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
-                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
-                     size_t),
-                     void *p_psk )
+void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
+                             int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+                                          size_t),
+                             void *p_psk)
 {
     conf->f_psk = f_psk;
     conf->p_psk = p_psk;
@@ -2244,64 +2222,67 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
-        psa_algorithm_t alg )
+    psa_algorithm_t alg)
 {
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( alg == PSA_ALG_CBC_NO_PADDING )
-        return( MBEDTLS_SSL_MODE_CBC );
+    if (alg == PSA_ALG_CBC_NO_PADDING) {
+        return MBEDTLS_SSL_MODE_CBC;
+    }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-    if( PSA_ALG_IS_AEAD( alg ) )
-        return( MBEDTLS_SSL_MODE_AEAD );
-    return( MBEDTLS_SSL_MODE_STREAM );
+    if (PSA_ALG_IS_AEAD(alg)) {
+        return MBEDTLS_SSL_MODE_AEAD;
+    }
+    return MBEDTLS_SSL_MODE_STREAM;
 }
 
 #else /* MBEDTLS_USE_PSA_CRYPTO */
 
 static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
-        mbedtls_cipher_mode_t mode )
+    mbedtls_cipher_mode_t mode)
 {
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( mode == MBEDTLS_MODE_CBC )
-        return( MBEDTLS_SSL_MODE_CBC );
+    if (mode == MBEDTLS_MODE_CBC) {
+        return MBEDTLS_SSL_MODE_CBC;
+    }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
 
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
     defined(MBEDTLS_CHACHAPOLY_C)
-    if( mode == MBEDTLS_MODE_GCM ||
+    if (mode == MBEDTLS_MODE_GCM ||
         mode == MBEDTLS_MODE_CCM ||
-        mode == MBEDTLS_MODE_CHACHAPOLY )
-        return( MBEDTLS_SSL_MODE_AEAD );
+        mode == MBEDTLS_MODE_CHACHAPOLY) {
+        return MBEDTLS_SSL_MODE_AEAD;
+    }
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
 
-    return( MBEDTLS_SSL_MODE_STREAM );
+    return MBEDTLS_SSL_MODE_STREAM;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
     mbedtls_ssl_mode_t base_mode,
-    int encrypt_then_mac )
+    int encrypt_then_mac)
 {
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-    if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
-        base_mode == MBEDTLS_SSL_MODE_CBC )
-    {
-        return( MBEDTLS_SSL_MODE_CBC_ETM );
+    if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+        base_mode == MBEDTLS_SSL_MODE_CBC) {
+        return MBEDTLS_SSL_MODE_CBC_ETM;
     }
 #else
     (void) encrypt_then_mac;
 #endif
-    return( base_mode );
+    return base_mode;
 }
 
 mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
-                    const mbedtls_ssl_transform *transform )
+    const mbedtls_ssl_transform *transform)
 {
     mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            transform->psa_alg
+        transform->psa_alg
 #else
-            mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc )
+        mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)
 #endif
         );
 
@@ -2309,14 +2290,14 @@
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
     encrypt_then_mac = transform->encrypt_then_mac;
 #endif
-    return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
+    return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac);
 }
 
 mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-        int encrypt_then_mac,
+    int encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-        const mbedtls_ssl_ciphersuite_t *suite )
+    const mbedtls_ssl_ciphersuite_t *suite)
 {
     mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
 
@@ -2325,24 +2306,24 @@
     psa_algorithm_t alg;
     psa_key_type_t type;
     size_t size;
-    status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
-    if( status == PSA_SUCCESS )
-        base_mode = mbedtls_ssl_get_base_mode( alg );
+    status = mbedtls_ssl_cipher_to_psa(suite->cipher, 0, &alg, &type, &size);
+    if (status == PSA_SUCCESS) {
+        base_mode = mbedtls_ssl_get_base_mode(alg);
+    }
 #else
     const mbedtls_cipher_info_t *cipher =
-            mbedtls_cipher_info_from_type( suite->cipher );
-    if( cipher != NULL )
-    {
+        mbedtls_cipher_info_from_type(suite->cipher);
+    if (cipher != NULL) {
         base_mode =
             mbedtls_ssl_get_base_mode(
-                mbedtls_cipher_info_get_mode( cipher ) );
+                mbedtls_cipher_info_get_mode(cipher));
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
     int encrypt_then_mac = 0;
 #endif
-    return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
+    return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac);
 }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -2372,16 +2353,16 @@
  */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
-                                   unsigned char *buf,
-                                   size_t buf_len,
-                                   size_t *olen )
+static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
+                                  unsigned char *buf,
+                                  size_t buf_len,
+                                  size_t *olen)
 {
     unsigned char *p = buf;
 #if defined(MBEDTLS_SSL_CLI_C) && \
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    size_t hostname_len = ( session->hostname == NULL ) ?
-                            0 : strlen( session->hostname ) + 1;
+    size_t hostname_len = (session->hostname == NULL) ?
+                          0 : strlen(session->hostname) + 1;
 #endif
     size_t needed =   1                             /* endpoint */
                     + 2                             /* ciphersuite */
@@ -2390,8 +2371,9 @@
                     + 1;                            /* resumption_key length */
     *olen = 0;
 
-    if( session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
     needed += session->resumption_key_len;  /* resumption_key */
 
 #if defined(MBEDTLS_HAVE_TIME)
@@ -2399,216 +2381,220 @@
 #endif
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
         needed +=  2                        /* hostname_len */
-               + hostname_len;              /* hostname */
+                  + hostname_len;           /* hostname */
 #endif
 
         needed +=   4                       /* ticket_lifetime */
                   + 2;                      /* ticket_len */
 
         /* Check size_t overflow */
-        if( session->ticket_len > SIZE_MAX - needed )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (session->ticket_len > SIZE_MAX - needed) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         needed += session->ticket_len;      /* ticket */
     }
 #endif /* MBEDTLS_SSL_CLI_C */
 
     *olen = needed;
-    if( needed > buf_len )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (needed > buf_len) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
 
     p[0] = session->endpoint;
-    MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 1 );
-    MBEDTLS_PUT_UINT32_BE( session->ticket_age_add, p, 3 );
+    MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 1);
+    MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 3);
     p[7] = session->ticket_flags;
 
     /* save resumption_key */
     p[8] = session->resumption_key_len;
     p += 9;
-    memcpy( p, session->resumption_key, session->resumption_key_len );
+    memcpy(p, session->resumption_key, session->resumption_key_len);
     p += session->resumption_key_len;
 
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
-    if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        MBEDTLS_PUT_UINT64_BE( (uint64_t) session->start, p, 0 );
+    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0);
         p += 8;
     }
 #endif /* MBEDTLS_HAVE_TIME */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
         p += 2;
-        if( hostname_len > 0 )
-        {
+        if (hostname_len > 0) {
             /* save host name */
-            memcpy( p, session->hostname, hostname_len );
+            memcpy(p, session->hostname, hostname_len);
             p += hostname_len;
         }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_HAVE_TIME)
-        MBEDTLS_PUT_UINT64_BE( (uint64_t) session->ticket_received, p, 0 );
+        MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_received, p, 0);
         p += 8;
 #endif
-        MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
+        MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
         p += 4;
 
-        MBEDTLS_PUT_UINT16_BE( session->ticket_len, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0);
         p += 2;
 
-        if( session->ticket != NULL && session->ticket_len > 0 )
-        {
-            memcpy( p, session->ticket, session->ticket_len );
+        if (session->ticket != NULL && session->ticket_len > 0) {
+            memcpy(p, session->ticket, session->ticket_len);
             p += session->ticket_len;
         }
     }
 #endif /* MBEDTLS_SSL_CLI_C */
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_session_load( mbedtls_ssl_session *session,
-                                   const unsigned char *buf,
-                                   size_t len )
+static int ssl_tls13_session_load(mbedtls_ssl_session *session,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
     const unsigned char *p = buf;
     const unsigned char *end = buf + len;
 
-    if( end - p < 9 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (end - p < 9) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
     session->endpoint = p[0];
-    session->ciphersuite = MBEDTLS_GET_UINT16_BE( p, 1 );
-    session->ticket_age_add = MBEDTLS_GET_UINT32_BE( p, 3 );
+    session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 1);
+    session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 3);
     session->ticket_flags = p[7];
 
     /* load resumption_key */
     session->resumption_key_len = p[8];
     p += 9;
 
-    if( end - p < session->resumption_key_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (end - p < session->resumption_key_len) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    if( sizeof( session->resumption_key ) < session->resumption_key_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    memcpy( session->resumption_key, p, session->resumption_key_len );
+    if (sizeof(session->resumption_key) < session->resumption_key_len) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    memcpy(session->resumption_key, p, session->resumption_key_len);
     p += session->resumption_key_len;
 
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
-    if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( end - p < 8 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        session->start = MBEDTLS_GET_UINT64_BE( p, 0 );
+    if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        if (end - p < 8) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        session->start = MBEDTLS_GET_UINT64_BE(p, 0);
         p += 8;
     }
 #endif /* MBEDTLS_HAVE_TIME */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
-    defined(MBEDTLS_SSL_SESSION_TICKETS)
+        defined(MBEDTLS_SSL_SESSION_TICKETS)
         size_t hostname_len;
         /* load host name */
-        if( end - p < 2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        hostname_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+        if (end - p < 2) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        hostname_len = MBEDTLS_GET_UINT16_BE(p, 0);
         p += 2;
 
-        if( end - p < ( long int )hostname_len )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        if( hostname_len > 0 )
-        {
-            session->hostname = mbedtls_calloc( 1, hostname_len );
-            if( session->hostname == NULL )
-                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-            memcpy( session->hostname, p, hostname_len );
+        if (end - p < (long int) hostname_len) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        if (hostname_len > 0) {
+            session->hostname = mbedtls_calloc(1, hostname_len);
+            if (session->hostname == NULL) {
+                return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+            }
+            memcpy(session->hostname, p, hostname_len);
             p += hostname_len;
         }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
           MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_HAVE_TIME)
-        if( end - p < 8 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        session->ticket_received = MBEDTLS_GET_UINT64_BE( p, 0 );
+        if (end - p < 8) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        session->ticket_received = MBEDTLS_GET_UINT64_BE(p, 0);
         p += 8;
 #endif
-        if( end - p < 4 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        session->ticket_lifetime = MBEDTLS_GET_UINT32_BE( p, 0 );
+        if (end - p < 4) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
         p += 4;
 
-        if( end - p <  2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        session->ticket_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+        if (end - p <  2) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0);
         p += 2;
 
-        if( end - p < ( long int )session->ticket_len )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        if( session->ticket_len > 0 )
-        {
-            session->ticket = mbedtls_calloc( 1, session->ticket_len );
-            if( session->ticket == NULL )
-                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-            memcpy( session->ticket, p, session->ticket_len );
+        if (end - p < (long int) session->ticket_len) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        if (session->ticket_len > 0) {
+            session->ticket = mbedtls_calloc(1, session->ticket_len);
+            if (session->ticket == NULL) {
+                return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+            }
+            memcpy(session->ticket, p, session->ticket_len);
             p += session->ticket_len;
         }
     }
 #endif /* MBEDTLS_SSL_CLI_C */
 
-    return( 0 );
+    return 0;
 
 }
 #else /* MBEDTLS_SSL_SESSION_TICKETS */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
-                                   unsigned char *buf,
-                                   size_t buf_len,
-                                   size_t *olen )
+static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
+                                  unsigned char *buf,
+                                  size_t buf_len,
+                                  size_t *olen)
 {
     ((void) session);
     ((void) buf);
     ((void) buf_len);
     *olen = 0;
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 
-static int ssl_tls13_session_load( const mbedtls_ssl_session *session,
-                                   unsigned char *buf,
-                                   size_t buf_len )
+static int ssl_tls13_session_load(const mbedtls_ssl_session *session,
+                                  unsigned char *buf,
+                                  size_t buf_len)
 {
     ((void) session);
     ((void) buf);
     ((void) buf_len);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 #endif /* !MBEDTLS_SSL_SESSION_TICKETS */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_type,
-                                    size_t taglen,
-                                    psa_algorithm_t *alg,
-                                    psa_key_type_t *key_type,
-                                    size_t *key_size )
+psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type,
+                                       size_t taglen,
+                                       psa_algorithm_t *alg,
+                                       psa_key_type_t *key_type,
+                                       size_t *key_size)
 {
-    switch ( mbedtls_cipher_type )
-    {
+    switch (mbedtls_cipher_type) {
         case MBEDTLS_CIPHER_AES_128_CBC:
             *alg = PSA_ALG_CBC_NO_PADDING;
             *key_type = PSA_KEY_TYPE_AES;
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_AES_128_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_AES;
             *key_size = 128;
             break;
@@ -2618,7 +2604,7 @@
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_AES_192_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_AES;
             *key_size = 192;
             break;
@@ -2633,7 +2619,7 @@
             *key_size = 256;
             break;
         case MBEDTLS_CIPHER_AES_256_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_AES;
             *key_size = 256;
             break;
@@ -2648,7 +2634,7 @@
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_ARIA_128_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_ARIA;
             *key_size = 128;
             break;
@@ -2658,7 +2644,7 @@
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_ARIA_192_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_ARIA;
             *key_size = 192;
             break;
@@ -2673,7 +2659,7 @@
             *key_size = 256;
             break;
         case MBEDTLS_CIPHER_ARIA_256_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_ARIA;
             *key_size = 256;
             break;
@@ -2688,7 +2674,7 @@
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_CAMELLIA_128_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_CAMELLIA;
             *key_size = 128;
             break;
@@ -2698,7 +2684,7 @@
             *key_size = 128;
             break;
         case MBEDTLS_CIPHER_CAMELLIA_192_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_CAMELLIA;
             *key_size = 192;
             break;
@@ -2713,7 +2699,7 @@
             *key_size = 256;
             break;
         case MBEDTLS_CIPHER_CAMELLIA_256_CCM:
-            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) : PSA_ALG_CCM;
+            *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM;
             *key_type = PSA_KEY_TYPE_CAMELLIA;
             *key_size = 256;
             break;
@@ -2741,44 +2727,42 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
-                                   const unsigned char *dhm_P, size_t P_len,
-                                   const unsigned char *dhm_G, size_t G_len )
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+                                  const unsigned char *dhm_P, size_t P_len,
+                                  const unsigned char *dhm_G, size_t G_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_mpi_free( &conf->dhm_P );
-    mbedtls_mpi_free( &conf->dhm_G );
+    mbedtls_mpi_free(&conf->dhm_P);
+    mbedtls_mpi_free(&conf->dhm_G);
 
-    if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
-    {
-        mbedtls_mpi_free( &conf->dhm_P );
-        mbedtls_mpi_free( &conf->dhm_G );
-        return( ret );
+    if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 ||
+        (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) {
+        mbedtls_mpi_free(&conf->dhm_P);
+        mbedtls_mpi_free(&conf->dhm_G);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_mpi_free( &conf->dhm_P );
-    mbedtls_mpi_free( &conf->dhm_G );
+    mbedtls_mpi_free(&conf->dhm_P);
+    mbedtls_mpi_free(&conf->dhm_G);
 
-    if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
-                                       &conf->dhm_P ) ) != 0 ||
-        ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
-                                       &conf->dhm_G ) ) != 0 )
-    {
-        mbedtls_mpi_free( &conf->dhm_P );
-        mbedtls_mpi_free( &conf->dhm_G );
-        return( ret );
+    if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P,
+                                     &conf->dhm_P)) != 0 ||
+        (ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G,
+                                     &conf->dhm_G)) != 0) {
+        mbedtls_mpi_free(&conf->dhm_P);
+        mbedtls_mpi_free(&conf->dhm_G);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
 
@@ -2786,8 +2770,8 @@
 /*
  * Set the minimum length for Diffie-Hellman parameters
  */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
-                                      unsigned int bitlen )
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+                                     unsigned int bitlen)
 {
     conf->dhm_min_bitlen = bitlen;
 }
@@ -2798,16 +2782,16 @@
 /*
  * Set allowed/preferred hashes for handshake signatures
  */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
-                                  const int *hashes )
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
+                                 const int *hashes)
 {
     conf->sig_hashes = hashes;
 }
 #endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
 
 /* Configure allowed signature algorithms for handshake */
-void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
-                                const uint16_t* sig_algs )
+void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
+                               const uint16_t *sig_algs)
 {
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
     conf->sig_hashes = NULL;
@@ -2826,8 +2810,8 @@
  * stored in ssl->handshake->group_list.
  *
  */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                             const mbedtls_ecp_group_id *curve_list )
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+                             const mbedtls_ecp_group_id *curve_list)
 {
     conf->curve_list = curve_list;
     conf->group_list = NULL;
@@ -2838,8 +2822,8 @@
 /*
  * Set the allowed groups
  */
-void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf,
-                              const uint16_t *group_list )
+void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
+                             const uint16_t *group_list)
 {
 #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
     conf->curve_list = NULL;
@@ -2848,56 +2832,53 @@
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
 {
     /* Initialize to suppress unnecessary compiler warning */
     size_t hostname_len = 0;
 
     /* Check if new hostname is valid before
      * making any change to current one */
-    if( hostname != NULL )
-    {
-        hostname_len = strlen( hostname );
+    if (hostname != NULL) {
+        hostname_len = strlen(hostname);
 
-        if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
     }
 
     /* Now it's clear that we will overwrite the old hostname,
      * so we can free it safely */
 
-    if( ssl->hostname != NULL )
-    {
-        mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
-        mbedtls_free( ssl->hostname );
+    if (ssl->hostname != NULL) {
+        mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
+        mbedtls_free(ssl->hostname);
     }
 
     /* Passing NULL as hostname shall clear the old one */
 
-    if( hostname == NULL )
-    {
+    if (hostname == NULL) {
         ssl->hostname = NULL;
-    }
-    else
-    {
-        ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
-        if( ssl->hostname == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    } else {
+        ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
+        if (ssl->hostname == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( ssl->hostname, hostname, hostname_len );
+        memcpy(ssl->hostname, hostname, hostname_len);
 
         ssl->hostname[hostname_len] = '\0';
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
-                  int (*f_sni)(void *, mbedtls_ssl_context *,
-                                const unsigned char *, size_t),
-                  void *p_sni )
+void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
+                          int (*f_sni)(void *, mbedtls_ssl_context *,
+                                       const unsigned char *, size_t),
+                          void *p_sni)
 {
     conf->f_sni = f_sni;
     conf->p_sni = p_sni;
@@ -2905,7 +2886,7 @@
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
 {
     size_t cur_len, tot_len;
     const char **p;
@@ -2916,183 +2897,172 @@
      * We check lengths now rather than later.
      */
     tot_len = 0;
-    for( p = protos; *p != NULL; p++ )
-    {
-        cur_len = strlen( *p );
+    for (p = protos; *p != NULL; p++) {
+        cur_len = strlen(*p);
         tot_len += cur_len;
 
-        if( ( cur_len == 0 ) ||
-            ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
-            ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if ((cur_len == 0) ||
+            (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) ||
+            (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
     }
 
     conf->alpn_list = protos;
 
-    return( 0 );
+    return 0;
 }
 
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl)
 {
-    return( ssl->alpn_chosen );
+    return ssl->alpn_chosen;
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
-                                                int support_mki_value )
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+                                               int support_mki_value)
 {
     conf->dtls_srtp_mki_support = support_mki_value;
 }
 
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
-                                         unsigned char *mki_value,
-                                         uint16_t mki_len )
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+                                        unsigned char *mki_value,
+                                        uint16_t mki_len)
 {
-    if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED )
-    {
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) {
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
-    memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len );
+    memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len);
     ssl->dtls_srtp_info.mki_len = mki_len;
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
-                                                    const mbedtls_ssl_srtp_profile *profiles )
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf,
+                                                   const mbedtls_ssl_srtp_profile *profiles)
 {
     const mbedtls_ssl_srtp_profile *p;
     size_t list_size = 0;
 
     /* check the profiles list: all entry must be valid,
      * its size cannot be more than the total number of supported profiles, currently 4 */
-    for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
-                       list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
-         p++ )
-    {
-        if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET )
-        {
+    for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET &&
+         list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH;
+         p++) {
+        if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) {
             list_size++;
-        }
-        else
-        {
+        } else {
             /* unsupported value, stop parsing and set the size to an error value */
             list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1;
         }
     }
 
-    if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH )
-    {
-                conf->dtls_srtp_profile_list = NULL;
-                conf->dtls_srtp_profile_list_len = 0;
-                return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) {
+        conf->dtls_srtp_profile_list = NULL;
+        conf->dtls_srtp_profile_list_len = 0;
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     conf->dtls_srtp_profile_list = profiles;
     conf->dtls_srtp_profile_list_len = list_size;
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
-                                                   mbedtls_dtls_srtp_info *dtls_srtp_info )
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl,
+                                                  mbedtls_dtls_srtp_info *dtls_srtp_info)
 {
     dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile;
     /* do not copy the mki value if there is no chosen profile */
-    if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
-    {
+    if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) {
         dtls_srtp_info->mki_len = 0;
-    }
-    else
-    {
+    } else {
         dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len;
-        memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
-                ssl->dtls_srtp_info.mki_len );
+        memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value,
+               ssl->dtls_srtp_info.mki_len);
     }
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor)
 {
     conf->max_tls_version = (major << 8) | minor;
 }
 
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor)
 {
     conf->min_tls_version = (major << 8) | minor;
 }
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 #if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
-                                          char cert_req_ca_list )
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+                                       char cert_req_ca_list)
 {
     conf->cert_req_ca_list = cert_req_ca_list;
 }
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm)
 {
     conf->encrypt_then_mac = etm;
 }
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems)
 {
     conf->extended_ms = ems;
 }
 #endif
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code)
 {
-    if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
-        ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
+        ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     conf->mfl_code = mfl_code;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy)
 {
     conf->allow_legacy_renegotiation = allow_legacy;
 }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation)
 {
     conf->disable_renegotiation = renegotiation;
 }
 
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records)
 {
     conf->renego_max_records = max_records;
 }
 
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
-                                   const unsigned char period[8] )
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+                                           const unsigned char period[8])
 {
-    memcpy( conf->renego_period, period, 8 );
+    memcpy(conf->renego_period, period, 8);
 }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 #if defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets)
 {
     conf->session_tickets = use_tickets;
 }
@@ -3101,17 +3071,17 @@
 #if defined(MBEDTLS_SSL_SRV_C)
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
-void mbedtls_ssl_conf_new_session_tickets( mbedtls_ssl_config *conf,
-                                           uint16_t num_tickets )
+void mbedtls_ssl_conf_new_session_tickets(mbedtls_ssl_config *conf,
+                                          uint16_t num_tickets)
 {
     conf->new_session_tickets_count = num_tickets;
 }
 #endif
 
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_ticket_write_t *f_ticket_write,
-        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
-        void *p_ticket )
+void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
+                                         mbedtls_ssl_ticket_write_t *f_ticket_write,
+                                         mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+                                         void *p_ticket)
 {
     conf->f_ticket_write = f_ticket_write;
     conf->f_ticket_parse = f_ticket_parse;
@@ -3120,9 +3090,9 @@
 #endif
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
-                                     mbedtls_ssl_export_keys_t *f_export_keys,
-                                     void *p_export_keys )
+void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
+                                    mbedtls_ssl_export_keys_t *f_export_keys,
+                                    void *p_export_keys)
 {
     ssl->f_export_keys = f_export_keys;
     ssl->p_export_keys = p_export_keys;
@@ -3135,7 +3105,7 @@
     mbedtls_ssl_async_decrypt_t *f_async_decrypt,
     mbedtls_ssl_async_resume_t *f_async_resume,
     mbedtls_ssl_async_cancel_t *f_async_cancel,
-    void *async_config_data )
+    void *async_config_data)
 {
     conf->f_async_sign_start = f_async_sign;
     conf->f_async_decrypt_start = f_async_decrypt;
@@ -3144,169 +3114,168 @@
     conf->p_async_config_data = async_config_data;
 }
 
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf)
 {
-    return( conf->p_async_config_data );
+    return conf->p_async_config_data;
 }
 
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl )
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl)
 {
-    if( ssl->handshake == NULL )
-        return( NULL );
-    else
-        return( ssl->handshake->user_async_ctx );
+    if (ssl->handshake == NULL) {
+        return NULL;
+    } else {
+        return ssl->handshake->user_async_ctx;
+    }
 }
 
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
-                                 void *ctx )
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl,
+                                          void *ctx)
 {
-    if( ssl->handshake != NULL )
+    if (ssl->handshake != NULL) {
         ssl->handshake->user_async_ctx = ctx;
+    }
 }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 /*
  * SSL get accessors
  */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl)
 {
-    if( ssl->session != NULL )
-        return( ssl->session->verify_result );
+    if (ssl->session != NULL) {
+        return ssl->session->verify_result;
+    }
 
-    if( ssl->session_negotiate != NULL )
-        return( ssl->session_negotiate->verify_result );
+    if (ssl->session_negotiate != NULL) {
+        return ssl->session_negotiate->verify_result;
+    }
 
-    return( 0xFFFFFFFF );
+    return 0xFFFFFFFF;
 }
 
-int mbedtls_ssl_get_ciphersuite_id_from_ssl( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_ciphersuite_id_from_ssl(const mbedtls_ssl_context *ssl)
 {
-    if( ssl == NULL || ssl->session == NULL )
-        return( 0 );
+    if (ssl == NULL || ssl->session == NULL) {
+        return 0;
+    }
 
-    return( ssl->session->ciphersuite );
+    return ssl->session->ciphersuite;
 }
 
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl)
 {
-    if( ssl == NULL || ssl->session == NULL )
-        return( NULL );
+    if (ssl == NULL || ssl->session == NULL) {
+        return NULL;
+    }
 
-    return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+    return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite);
 }
 
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        switch( ssl->tls_version )
-        {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        switch (ssl->tls_version) {
             case MBEDTLS_SSL_VERSION_TLS1_2:
-                return( "DTLSv1.2" );
+                return "DTLSv1.2";
             default:
-                return( "unknown (DTLS)" );
+                return "unknown (DTLS)";
         }
     }
 #endif
 
-    switch( ssl->tls_version )
-    {
+    switch (ssl->tls_version) {
         case MBEDTLS_SSL_VERSION_TLS1_2:
-            return( "TLSv1.2" );
+            return "TLSv1.2";
         case MBEDTLS_SSL_VERSION_TLS1_3:
-            return( "TLSv1.3" );
+            return "TLSv1.3";
         default:
-            return( "unknown" );
+            return "unknown";
     }
 }
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl)
 {
     size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
     size_t read_mfl;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-        ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
-    {
-        return ssl_mfl_code_to_length( ssl->conf->mfl_code );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+        ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) {
+        return ssl_mfl_code_to_length(ssl->conf->mfl_code);
     }
 #endif
 
     /* Check if a smaller max length was negotiated */
-    if( ssl->session_out != NULL )
-    {
-        read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
-        if( read_mfl < max_len )
-        {
+    if (ssl->session_out != NULL) {
+        read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
+        if (read_mfl < max_len) {
             max_len = read_mfl;
         }
     }
 
     /* During a handshake, use the value being negotiated */
-    if( ssl->session_negotiate != NULL )
-    {
-        read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
-        if( read_mfl < max_len )
-        {
+    if (ssl->session_negotiate != NULL) {
+        read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
+        if (read_mfl < max_len) {
             max_len = read_mfl;
         }
     }
 
-    return( max_len );
+    return max_len;
 }
 
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl)
 {
     size_t max_len;
 
     /*
      * Assume mfl_code is correct since it was checked when set
      */
-    max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
+    max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code);
 
     /* Check if a smaller max length was negotiated */
-    if( ssl->session_out != NULL &&
-        ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
-    {
-        max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
+    if (ssl->session_out != NULL &&
+        ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) {
+        max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code);
     }
 
     /* During a handshake, use the value being negotiated */
-    if( ssl->session_negotiate != NULL &&
-        ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
-    {
-        max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+    if (ssl->session_negotiate != NULL &&
+        ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) {
+        max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code);
     }
 
-    return( max_len );
+    return max_len;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
+size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl)
 {
     /* Return unlimited mtu for client hello messages to avoid fragmentation. */
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-        ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
-          ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
-        return ( 0 );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+        (ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
+         ssl->state == MBEDTLS_SSL_SERVER_HELLO)) {
+        return 0;
+    }
 
-    if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
-        return( ssl->mtu );
+    if (ssl->handshake == NULL || ssl->handshake->mtu == 0) {
+        return ssl->mtu;
+    }
 
-    if( ssl->mtu == 0 )
-        return( ssl->handshake->mtu );
+    if (ssl->mtu == 0) {
+        return ssl->handshake->mtu;
+    }
 
-    return( ssl->mtu < ssl->handshake->mtu ?
-            ssl->mtu : ssl->handshake->mtu );
+    return ssl->mtu < ssl->handshake->mtu ?
+           ssl->mtu : ssl->handshake->mtu;
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl)
 {
     size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
 
@@ -3316,30 +3285,31 @@
 #endif
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
+    const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl);
 
-    if( max_len > mfl )
+    if (max_len > mfl) {
         max_len = mfl;
+    }
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( mbedtls_ssl_get_current_mtu( ssl ) != 0 )
-    {
-        const size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
-        const int ret = mbedtls_ssl_get_record_expansion( ssl );
+    if (mbedtls_ssl_get_current_mtu(ssl) != 0) {
+        const size_t mtu = mbedtls_ssl_get_current_mtu(ssl);
+        const int ret = mbedtls_ssl_get_record_expansion(ssl);
         const size_t overhead = (size_t) ret;
 
-        if( ret < 0 )
-            return( ret );
-
-        if( mtu <= overhead )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        if (ret < 0) {
+            return ret;
         }
 
-        if( max_len > mtu - overhead )
+        if (mtu <= overhead) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion"));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+        }
+
+        if (max_len > mtu - overhead) {
             max_len = mtu - overhead;
+        }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -3348,10 +3318,10 @@
     ((void) ssl);
 #endif
 
-    return( (int) max_len );
+    return (int) max_len;
 }
 
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
+int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl)
 {
     size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
 
@@ -3360,41 +3330,42 @@
 #endif
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
+    const size_t mfl = mbedtls_ssl_get_input_max_frag_len(ssl);
 
-    if( max_len > mfl )
+    if (max_len > mfl) {
         max_len = mfl;
+    }
 #endif
 
-    return( (int) max_len );
+    return (int) max_len;
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl)
 {
-    if( ssl == NULL || ssl->session == NULL )
-        return( NULL );
+    if (ssl == NULL || ssl->session == NULL) {
+        return NULL;
+    }
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    return( ssl->session->peer_cert );
+    return ssl->session->peer_cert;
 #else
-    return( NULL );
+    return NULL;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_session *dst )
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
+                            mbedtls_ssl_session *dst)
 {
     int ret;
 
-    if( ssl == NULL ||
+    if (ssl == NULL ||
         dst == NULL ||
         ssl->session == NULL ||
-        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer
@@ -3408,16 +3379,18 @@
      * Check whether we have already exported the current session,
      * and fail if so.
      */
-    if( ssl->session->exported == 1 )
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    if (ssl->session->exported == 1) {
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    }
 
-    ret = mbedtls_ssl_session_copy( dst, ssl->session );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_session_copy(dst, ssl->session);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Remember that we've exported the session. */
     ssl->session->exported = 1;
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
@@ -3475,20 +3448,21 @@
 #define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT        5
 
 #define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG                           \
-    ( (uint16_t) (                                                      \
-        ( SSL_SERIALIZED_SESSION_CONFIG_TIME          << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT          ) | \
-        ( SSL_SERIALIZED_SESSION_CONFIG_CRT           << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT           ) | \
-        ( SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT ) | \
-        ( SSL_SERIALIZED_SESSION_CONFIG_MFL           << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT           ) | \
-        ( SSL_SERIALIZED_SESSION_CONFIG_ETM           << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT           ) | \
-        ( SSL_SERIALIZED_SESSION_CONFIG_TICKET        << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT        ) ) )
+    ((uint16_t) (                                                      \
+         (SSL_SERIALIZED_SESSION_CONFIG_TIME << SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT) | \
+         (SSL_SERIALIZED_SESSION_CONFIG_CRT << SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT) | \
+         (SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET << \
+             SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \
+         (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \
+         (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
+         (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
 
 static unsigned char ssl_serialized_session_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+    MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
 };
 
 /*
@@ -3528,11 +3502,11 @@
  */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_session_save( const mbedtls_ssl_session *session,
-                             unsigned char omit_header,
-                             unsigned char *buf,
-                             size_t buf_len,
-                             size_t *olen )
+static int ssl_session_save(const mbedtls_ssl_session *session,
+                            unsigned char omit_header,
+                            unsigned char *buf,
+                            size_t buf_len,
+                            size_t *olen)
 {
     unsigned char *p = buf;
     size_t used = 0;
@@ -3541,21 +3515,20 @@
     size_t out_len;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #endif
-    if( session == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (session == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    if( !omit_header )
-    {
+    if (!omit_header) {
         /*
          * Add Mbed TLS version identifier
          */
-        used += sizeof( ssl_serialized_session_header );
+        used += sizeof(ssl_serialized_session_header);
 
-        if( used <= buf_len )
-        {
-            memcpy( p, ssl_serialized_session_header,
-                    sizeof( ssl_serialized_session_header ) );
-            p += sizeof( ssl_serialized_session_header );
+        if (used <= buf_len) {
+            memcpy(p, ssl_serialized_session_header,
+                   sizeof(ssl_serialized_session_header));
+            p += sizeof(ssl_serialized_session_header);
         }
     }
 
@@ -3563,50 +3536,50 @@
      * TLS version identifier
      */
     used += 1;
-    if( used <= buf_len )
-    {
-        *p++ = MBEDTLS_BYTE_0( session->tls_version );
+    if (used <= buf_len) {
+        *p++ = MBEDTLS_BYTE_0(session->tls_version);
     }
 
     /* Forward to version-specific serialization routine. */
     remaining_len = (buf_len >= used) ? buf_len - used : 0;
-    switch( session->tls_version )
-    {
+    switch (session->tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    case MBEDTLS_SSL_VERSION_TLS1_2:
-        used += ssl_tls12_session_save( session, p, remaining_len );
-        break;
+        case MBEDTLS_SSL_VERSION_TLS1_2:
+            used += ssl_tls12_session_save(session, p, remaining_len);
+            break;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    case MBEDTLS_SSL_VERSION_TLS1_3:
-        ret = ssl_tls13_session_save( session, p, remaining_len, &out_len );
-        if( ret != 0 && ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
-            return( ret );
-        used += out_len;
-        break;
+        case MBEDTLS_SSL_VERSION_TLS1_3:
+            ret = ssl_tls13_session_save(session, p, remaining_len, &out_len);
+            if (ret != 0 && ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+                return ret;
+            }
+            used += out_len;
+            break;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    default:
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        default:
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
     *olen = used;
-    if( used > buf_len )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (used > buf_len) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Public wrapper for ssl_session_save()
  */
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen )
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+                             unsigned char *buf,
+                             size_t buf_len,
+                             size_t *olen)
 {
-    return( ssl_session_save( session, 0, buf, buf_len, olen ) );
+    return ssl_session_save(session, 0, buf, buf_len, olen);
 }
 
 /*
@@ -3616,82 +3589,83 @@
  * case of error, and has an extra option omit_header.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_session_load( mbedtls_ssl_session *session,
-                             unsigned char omit_header,
-                             const unsigned char *buf,
-                             size_t len )
+static int ssl_session_load(mbedtls_ssl_session *session,
+                            unsigned char omit_header,
+                            const unsigned char *buf,
+                            size_t len)
 {
     const unsigned char *p = buf;
     const unsigned char * const end = buf + len;
     size_t remaining_len;
 
 
-    if( session == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (session == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    if( !omit_header )
-    {
+    if (!omit_header) {
         /*
          * Check Mbed TLS version identifier
          */
 
-        if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        if( memcmp( p, ssl_serialized_session_header,
-                    sizeof( ssl_serialized_session_header ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+        if ((size_t) (end - p) < sizeof(ssl_serialized_session_header)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
-        p += sizeof( ssl_serialized_session_header );
+
+        if (memcmp(p, ssl_serialized_session_header,
+                   sizeof(ssl_serialized_session_header)) != 0) {
+            return MBEDTLS_ERR_SSL_VERSION_MISMATCH;
+        }
+        p += sizeof(ssl_serialized_session_header);
     }
 
     /*
      * TLS version identifier
      */
-    if( 1 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (1 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
     session->tls_version = 0x0300 | *p++;
 
     /* Dispatch according to TLS version. */
-    remaining_len = ( end - p );
-    switch( session->tls_version )
-    {
+    remaining_len = (end - p);
+    switch (session->tls_version) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    case MBEDTLS_SSL_VERSION_TLS1_2:
-        return( ssl_tls12_session_load( session, p, remaining_len ) );
+        case MBEDTLS_SSL_VERSION_TLS1_2:
+            return ssl_tls12_session_load(session, p, remaining_len);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    case MBEDTLS_SSL_VERSION_TLS1_3:
-        return( ssl_tls13_session_load( session, p, remaining_len ) );
+        case MBEDTLS_SSL_VERSION_TLS1_3:
+            return ssl_tls13_session_load(session, p, remaining_len);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    default:
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        default:
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 }
 
 /*
  * Deserialize session: public wrapper for error cleaning
  */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
-                              const unsigned char *buf,
-                              size_t len )
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+                             const unsigned char *buf,
+                             size_t len)
 {
-    int ret = ssl_session_load( session, 0, buf, len );
+    int ret = ssl_session_load(session, 0, buf, len);
 
-    if( ret != 0 )
-        mbedtls_ssl_session_free( session );
+    if (ret != 0) {
+        mbedtls_ssl_session_free(session);
+    }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Perform a single step of the SSL handshake
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
+static int ssl_prepare_handshake_step(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -3710,143 +3684,143 @@
      * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
      * alert occurred.
      */
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) {
+        return ret;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-            return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) {
+        if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+            return ret;
+        }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl            == NULL                       ||
+    if (ssl            == NULL                       ||
         ssl->conf      == NULL                       ||
         ssl->handshake == NULL                       ||
-        ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER  )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    ret = ssl_prepare_handshake_step( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_prepare_handshake_step(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_handle_pending_alert( ssl );
-    if( ret != 0 )
+    ret = mbedtls_ssl_handle_pending_alert(ssl);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
      * MBEDTLS_SSL_IS_SERVER, this is the return code we give */
     ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %s",
-                                    mbedtls_ssl_states_str( ssl->state ) ) );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %s",
+                                  mbedtls_ssl_states_str(ssl->state)));
 
-        switch( ssl->state )
-        {
+        switch (ssl->state) {
             case MBEDTLS_SSL_HELLO_REQUEST:
                 ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
                 ret = 0;
                 break;
 
             case MBEDTLS_SSL_CLIENT_HELLO:
-                ret = mbedtls_ssl_write_client_hello( ssl );
+                ret = mbedtls_ssl_write_client_hello(ssl);
                 break;
 
             default:
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-                if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-                    ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
-                else
-                    ret = mbedtls_ssl_handshake_client_step( ssl );
+                if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+                    ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
+                } else {
+                    ret = mbedtls_ssl_handshake_client_step(ssl);
+                }
 #elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
-                ret = mbedtls_ssl_handshake_client_step( ssl );
+                ret = mbedtls_ssl_handshake_client_step(ssl);
 #else
-                ret = mbedtls_ssl_tls13_handshake_client_step( ssl );
+                ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
 #endif
         }
     }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-        if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
-            ret = mbedtls_ssl_tls13_handshake_server_step( ssl );
+        if (mbedtls_ssl_conf_is_tls13_only(ssl->conf)) {
+            ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
+        }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
-            ret = mbedtls_ssl_handshake_server_step( ssl );
+        if (mbedtls_ssl_conf_is_tls12_only(ssl->conf)) {
+            ret = mbedtls_ssl_handshake_server_step(ssl);
+        }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     }
 #endif
 
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         /* handshake_step return error. And it is same
          * with alert_reason.
          */
-        if( ssl->send_alert )
-        {
-            ret = mbedtls_ssl_handle_pending_alert( ssl );
+        if (ssl->send_alert) {
+            ret = mbedtls_ssl_handle_pending_alert(ssl);
             goto cleanup;
         }
     }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
  * Perform the SSL handshake
  */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
 
     /* Sanity checks */
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
-                                     "mbedtls_ssl_set_timer_cb() for DTLS" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("You must use "
+                                  "mbedtls_ssl_set_timer_cb() for DTLS"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake"));
 
     /* Main handshake loop */
-    while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        ret = mbedtls_ssl_handshake_step( ssl );
+    while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+        ret = mbedtls_ssl_handshake_step(ssl);
 
-        if( ret != 0 )
+        if (ret != 0) {
             break;
+        }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake"));
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3855,25 +3829,24 @@
  * Write HelloRequest to request renegotiation on server
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
+static int ssl_write_hello_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request"));
 
     ssl->out_msglen  = 4;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_REQUEST;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SRV_C */
 
@@ -3886,67 +3859,69 @@
  * If the handshake doesn't complete due to waiting for I/O, it will continue
  * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
  */
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate"));
 
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
+    if ((ret = ssl_handshake_init(ssl)) != 0) {
+        return ret;
+    }
 
     /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
      * the ServerHello will have message_seq = 1" */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-    {
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) {
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
             ssl->handshake->out_msg_seq = 1;
-        else
+        } else {
             ssl->handshake->in_msg_seq = 1;
+        }
     }
 #endif
 
     ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
     ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
 
-    if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate"));
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Renegotiate current connection on client,
  * or request renegotiation on server
  */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl == NULL || ssl->conf == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_SSL_SRV_C)
     /* On server, just send the request */
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
 
         /* Did we already try/start sending HelloRequest? */
-        if( ssl->out_left != 0 )
-            return( mbedtls_ssl_flush_output( ssl ) );
+        if (ssl->out_left != 0) {
+            return mbedtls_ssl_flush_output(ssl);
+        }
 
-        return( ssl_write_hello_request( ssl ) );
+        return ssl_write_hello_request(ssl);
     }
 #endif /* MBEDTLS_SSL_SRV_C */
 
@@ -3955,108 +3930,104 @@
      * On client, either start the renegotiation process or,
      * if already in progress, continue the handshake
      */
-    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
-        if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret );
-            return( ret );
+    if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+        if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
-    }
-    else
-    {
-        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
+
+        if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret);
+            return ret;
+        }
+    } else {
+        if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret);
+            return ret;
         }
     }
 #endif /* MBEDTLS_SSL_CLI_C */
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    if( handshake == NULL )
+    if (handshake == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_ECP_C)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    if ( ssl->handshake->group_list_heap_allocated )
-        mbedtls_free( (void*) handshake->group_list );
+    if (ssl->handshake->group_list_heap_allocated) {
+        mbedtls_free((void *) handshake->group_list);
+    }
     handshake->group_list = NULL;
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    if ( ssl->handshake->sig_algs_heap_allocated )
-        mbedtls_free( (void*) handshake->sig_algs );
+    if (ssl->handshake->sig_algs_heap_allocated) {
+        mbedtls_free((void *) handshake->sig_algs);
+    }
     handshake->sig_algs = NULL;
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( ssl->handshake->certificate_request_context )
-    {
-        mbedtls_free( (void*) handshake->certificate_request_context );
+    if (ssl->handshake->certificate_request_context) {
+        mbedtls_free((void *) handshake->certificate_request_context);
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
-    {
-        ssl->conf->f_async_cancel( ssl );
+    if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) {
+        ssl->conf->f_async_cancel(ssl);
         handshake->async_in_progress = 0;
     }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_abort( &handshake->fin_sha256_psa );
+    psa_hash_abort(&handshake->fin_sha256_psa);
 #else
-    mbedtls_sha256_free( &handshake->fin_sha256 );
+    mbedtls_sha256_free(&handshake->fin_sha256);
 #endif
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_abort( &handshake->fin_sha384_psa );
+    psa_hash_abort(&handshake->fin_sha384_psa);
 #else
-    mbedtls_sha512_free(   &handshake->fin_sha384    );
+    mbedtls_sha512_free(&handshake->fin_sha384);
 #endif
 #endif
 
 #if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_free( &handshake->dhm_ctx );
+    mbedtls_dhm_free(&handshake->dhm_ctx);
 #endif
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)
-    mbedtls_ecdh_free( &handshake->ecdh_ctx );
+    mbedtls_ecdh_free(&handshake->ecdh_ctx);
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_pake_abort( &handshake->psa_pake_ctx );
+    psa_pake_abort(&handshake->psa_pake_ctx);
     /*
      * Opaque keys are not stored in the handshake's data and it's the user
      * responsibility to destroy them. Clear ones, instead, are created by
      * the TLS library and should be destroyed at the same level
      */
-    if( ! mbedtls_svc_key_id_is_null( handshake->psa_pake_password ) )
-    {
-        psa_destroy_key( handshake->psa_pake_password );
+    if (!mbedtls_svc_key_id_is_null(handshake->psa_pake_password)) {
+        psa_destroy_key(handshake->psa_pake_password);
     }
     handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-    mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
+    mbedtls_ecjpake_free(&handshake->ecjpake_ctx);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_SSL_CLI_C)
-    mbedtls_free( handshake->ecjpake_cache );
+    mbedtls_free(handshake->ecjpake_cache);
     handshake->ecjpake_cache = NULL;
     handshake->ecjpake_cache_len = 0;
 #endif
@@ -4065,27 +4036,24 @@
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     /* explicit void pointer cast for buggy MS compiler */
-    mbedtls_free( (void *) handshake->curves_tls_id );
+    mbedtls_free((void *) handshake->curves_tls_id);
 #endif
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
-    {
+    if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
         /* The maintenance of the external PSK key slot is the
          * user's responsibility. */
-        if( ssl->handshake->psk_opaque_is_internal )
-        {
-            psa_destroy_key( ssl->handshake->psk_opaque );
+        if (ssl->handshake->psk_opaque_is_internal) {
+            psa_destroy_key(ssl->handshake->psk_opaque);
             ssl->handshake->psk_opaque_is_internal = 0;
         }
         ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
     }
 #else
-    if( handshake->psk != NULL )
-    {
-        mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
-        mbedtls_free( handshake->psk );
+    if (handshake->psk != NULL) {
+        mbedtls_platform_zeroize(handshake->psk, handshake->psk_len);
+        mbedtls_free(handshake->psk);
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
@@ -4096,46 +4064,46 @@
      * Free only the linked list wrapper, not the keys themselves
      * since the belong to the SNI callback
      */
-    ssl_key_cert_free( handshake->sni_key_cert );
+    ssl_key_cert_free(handshake->sni_key_cert);
 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
-    if( handshake->ecrs_peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( handshake->ecrs_peer_cert );
-        mbedtls_free( handshake->ecrs_peer_cert );
+    mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx);
+    if (handshake->ecrs_peer_cert != NULL) {
+        mbedtls_x509_crt_free(handshake->ecrs_peer_cert);
+        mbedtls_free(handshake->ecrs_peer_cert);
     }
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) &&        \
     !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_pk_free( &handshake->peer_pubkey );
+    mbedtls_pk_free(&handshake->peer_pubkey);
 #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
 #if defined(MBEDTLS_SSL_CLI_C) && \
-    ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
-    mbedtls_free( handshake->cookie );
+    (defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
+    mbedtls_free(handshake->cookie);
 #endif /* MBEDTLS_SSL_CLI_C &&
           ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    mbedtls_ssl_flight_free( handshake->flight );
-    mbedtls_ssl_buffering_free( ssl );
+    mbedtls_ssl_flight_free(handshake->flight);
+    mbedtls_ssl_buffering_free(ssl);
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_ECDH_C) && \
-    ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
-    if( handshake->ecdh_psa_privkey_is_external == 0 )
-        psa_destroy_key( handshake->ecdh_psa_privkey );
+    (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
+    if (handshake->ecdh_psa_privkey_is_external == 0) {
+        psa_destroy_key(handshake->ecdh_psa_privkey);
+    }
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_transform_free( handshake->transform_handshake );
-    mbedtls_free( handshake->transform_handshake );
+    mbedtls_ssl_transform_free(handshake->transform_handshake);
+    mbedtls_free(handshake->transform_handshake);
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    mbedtls_ssl_transform_free( handshake->transform_earlydata );
-    mbedtls_free( handshake->transform_earlydata );
+    mbedtls_ssl_transform_free(handshake->transform_earlydata);
+    mbedtls_free(handshake->transform_earlydata);
 #endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
@@ -4145,33 +4113,34 @@
      * processes datagrams and the fact that a datagram is allowed to have
      * several records in it, it is possible that the I/O buffers are not
      * empty at this stage */
-    handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ),
-                                    mbedtls_ssl_get_output_buflen( ssl ) );
+    handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl),
+                           mbedtls_ssl_get_output_buflen(ssl));
 #endif
 
     /* mbedtls_platform_zeroize MUST be last one in this function */
-    mbedtls_platform_zeroize( handshake,
-                              sizeof( mbedtls_ssl_handshake_params ) );
+    mbedtls_platform_zeroize(handshake,
+                             sizeof(mbedtls_ssl_handshake_params));
 }
 
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
 {
-    if( session == NULL )
+    if (session == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    ssl_clear_peer_cert( session );
+    ssl_clear_peer_cert(session);
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    mbedtls_free( session->hostname );
+    mbedtls_free(session->hostname);
 #endif
-    mbedtls_free( session->ticket );
+    mbedtls_free(session->ticket);
 #endif
 
-    mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
+    mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session));
 }
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -4202,22 +4171,25 @@
 #define SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT                  3
 
 #define SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG   \
-    ( (uint32_t) (                              \
-        ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID     << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT     ) | \
-        ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT      << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT      ) | \
-        ( SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY       << SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT       ) | \
-        ( SSL_SERIALIZED_CONTEXT_CONFIG_ALPN                   << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT                   ) | \
-        0u ) )
+    ((uint32_t) (                              \
+         (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID << \
+             SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT) | \
+         (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT << \
+             SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT) | \
+         (SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY << \
+             SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT) | \
+         (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
+         0u))
 
 static unsigned char ssl_serialized_context_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
-    MBEDTLS_BYTE_1( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_BYTE_0( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG ),
-    MBEDTLS_BYTE_2( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
-    MBEDTLS_BYTE_1( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
-    MBEDTLS_BYTE_0( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG ),
+    MBEDTLS_BYTE_1(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+    MBEDTLS_BYTE_0(SSL_SERIALIZED_SESSION_CONFIG_BITFLAG),
+    MBEDTLS_BYTE_2(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
+    MBEDTLS_BYTE_1(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
+    MBEDTLS_BYTE_0(SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG),
 };
 
 /*
@@ -4258,10 +4230,10 @@
  *  4. value was temporary (eg content of input buffer)
  *  5. value will be provided by the user again (eg I/O callbacks and context)
  */
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen )
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+                             unsigned char *buf,
+                             size_t buf_len,
+                             size_t *olen)
 {
     unsigned char *p = buf;
     size_t used = 0;
@@ -4277,89 +4249,80 @@
      * (only DTLS) but are currently used to simplify the implementation.
      */
     /* The initial handshake must be over */
-    if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mbedtls_ssl_is_handshake_over(ssl) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
-    if( ssl->handshake != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->handshake != NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* Double-check that sub-structures are indeed ready */
-    if( ssl->transform == NULL || ssl->session == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->transform == NULL || ssl->session == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* There must be no pending incoming or outgoing data */
-    if( mbedtls_ssl_check_pending( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mbedtls_ssl_check_pending(ssl) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
-    if( ssl->out_left != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->out_left != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* Protocol must be DTLS, not TLS */
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* Version must be 1.2 */
-    if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* We must be using an AEAD ciphersuite */
-    if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
     /* Renegotiation must not be enabled */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled"));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 #endif
 
     /*
      * Version and format identifier
      */
-    used += sizeof( ssl_serialized_context_header );
+    used += sizeof(ssl_serialized_context_header);
 
-    if( used <= buf_len )
-    {
-        memcpy( p, ssl_serialized_context_header,
-                sizeof( ssl_serialized_context_header ) );
-        p += sizeof( ssl_serialized_context_header );
+    if (used <= buf_len) {
+        memcpy(p, ssl_serialized_context_header,
+               sizeof(ssl_serialized_context_header));
+        p += sizeof(ssl_serialized_context_header);
     }
 
     /*
      * Session (length + data)
      */
-    ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len );
-    if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
-        return( ret );
+    ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len);
+    if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+        return ret;
+    }
 
     used += 4 + session_len;
-    if( used <= buf_len )
-    {
-        MBEDTLS_PUT_UINT32_BE( session_len, p, 0 );
+    if (used <= buf_len) {
+        MBEDTLS_PUT_UINT32_BE(session_len, p, 0);
         p += 4;
 
-        ret = ssl_session_save( ssl->session, 1,
-                                p, session_len, &session_len );
-        if( ret != 0 )
-            return( ret );
+        ret = ssl_session_save(ssl->session, 1,
+                               p, session_len, &session_len);
+        if (ret != 0) {
+            return ret;
+        }
 
         p += session_len;
     }
@@ -4367,24 +4330,22 @@
     /*
      * Transform
      */
-    used += sizeof( ssl->transform->randbytes );
-    if( used <= buf_len )
-    {
-        memcpy( p, ssl->transform->randbytes,
-           sizeof( ssl->transform->randbytes ) );
-        p += sizeof( ssl->transform->randbytes );
+    used += sizeof(ssl->transform->randbytes);
+    if (used <= buf_len) {
+        memcpy(p, ssl->transform->randbytes,
+               sizeof(ssl->transform->randbytes));
+        p += sizeof(ssl->transform->randbytes);
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
-    if( used <= buf_len )
-    {
+    if (used <= buf_len) {
         *p++ = ssl->transform->in_cid_len;
-        memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
+        memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len);
         p += ssl->transform->in_cid_len;
 
         *p++ = ssl->transform->out_cid_len;
-        memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
+        memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len);
         p += ssl->transform->out_cid_len;
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -4393,44 +4354,39 @@
      * Saved fields from top-level ssl_context structure
      */
     used += 4;
-    if( used <= buf_len )
-    {
-        MBEDTLS_PUT_UINT32_BE( ssl->badmac_seen, p, 0 );
+    if (used <= buf_len) {
+        MBEDTLS_PUT_UINT32_BE(ssl->badmac_seen, p, 0);
         p += 4;
     }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     used += 16;
-    if( used <= buf_len )
-    {
-        MBEDTLS_PUT_UINT64_BE( ssl->in_window_top, p, 0 );
+    if (used <= buf_len) {
+        MBEDTLS_PUT_UINT64_BE(ssl->in_window_top, p, 0);
         p += 8;
 
-        MBEDTLS_PUT_UINT64_BE( ssl->in_window, p, 0 );
+        MBEDTLS_PUT_UINT64_BE(ssl->in_window, p, 0);
         p += 8;
     }
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     used += 1;
-    if( used <= buf_len )
-    {
+    if (used <= buf_len) {
         *p++ = ssl->disable_datagram_packing;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     used += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
-    if( used <= buf_len )
-    {
-        memcpy( p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN );
+    if (used <= buf_len) {
+        memcpy(p, ssl->cur_out_ctr, MBEDTLS_SSL_SEQUENCE_NUMBER_LEN);
         p += MBEDTLS_SSL_SEQUENCE_NUMBER_LEN;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     used += 2;
-    if( used <= buf_len )
-    {
-        MBEDTLS_PUT_UINT16_BE( ssl->mtu, p, 0 );
+    if (used <= buf_len) {
+        MBEDTLS_PUT_UINT16_BE(ssl->mtu, p, 0);
         p += 2;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -4438,17 +4394,15 @@
 #if defined(MBEDTLS_SSL_ALPN)
     {
         const uint8_t alpn_len = ssl->alpn_chosen
-                               ? (uint8_t) strlen( ssl->alpn_chosen )
+                               ? (uint8_t) strlen(ssl->alpn_chosen)
                                : 0;
 
         used += 1 + alpn_len;
-        if( used <= buf_len )
-        {
+        if (used <= buf_len) {
             *p++ = alpn_len;
 
-            if( ssl->alpn_chosen != NULL )
-            {
-                memcpy( p, ssl->alpn_chosen, alpn_len );
+            if (ssl->alpn_chosen != NULL) {
+                memcpy(p, ssl->alpn_chosen, alpn_len);
                 p += alpn_len;
             }
         }
@@ -4460,12 +4414,13 @@
      */
     *olen = used;
 
-    if( used > buf_len )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (used > buf_len) {
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+    }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used );
+    MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used);
 
-    return( mbedtls_ssl_session_reset_int( ssl, 0 ) );
+    return mbedtls_ssl_session_reset_int(ssl, 0);
 }
 
 /*
@@ -4475,9 +4430,9 @@
  * case of error.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_context_load( mbedtls_ssl_context *ssl,
-                             const unsigned char *buf,
-                             size_t len )
+static int ssl_context_load(mbedtls_ssl_context *ssl,
+                            const unsigned char *buf,
+                            size_t len)
 {
     const unsigned char *p = buf;
     const unsigned char * const end = buf + len;
@@ -4493,52 +4448,51 @@
      * (Checking session is useful because it won't be NULL if we're
      * renegotiating, or if the user mistakenly loaded a session first.)
      */
-    if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
-        ssl->session != NULL )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
+        ssl->session != NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /*
      * We can't check that the config matches the initial one, but we can at
      * least check it matches the requirements for serializing.
      */
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
         ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
         ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
         ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
 #endif
-        0 )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        0) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len);
 
     /*
      * Check version identifier
      */
-    if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( memcmp( p, ssl_serialized_context_header,
-                sizeof( ssl_serialized_context_header ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+    if ((size_t) (end - p) < sizeof(ssl_serialized_context_header)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
-    p += sizeof( ssl_serialized_context_header );
+
+    if (memcmp(p, ssl_serialized_context_header,
+               sizeof(ssl_serialized_context_header)) != 0) {
+        return MBEDTLS_ERR_SSL_VERSION_MISMATCH;
+    }
+    p += sizeof(ssl_serialized_context_header);
 
     /*
      * Session
      */
-    if( (size_t)( end - p ) < 4 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 4) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    session_len = ( (size_t) p[0] << 24 ) |
-                  ( (size_t) p[1] << 16 ) |
-                  ( (size_t) p[2] <<  8 ) |
-                  ( (size_t) p[3]       );
+    session_len = ((size_t) p[0] << 24) |
+                  ((size_t) p[1] << 16) |
+                  ((size_t) p[2] <<  8) |
+                  ((size_t) p[3]);
     p += 4;
 
     /* This has been allocated by ssl_handshake_init(), called by
@@ -4548,14 +4502,14 @@
     ssl->session_out = ssl->session;
     ssl->session_negotiate = NULL;
 
-    if( (size_t)( end - p ) < session_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < session_len) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ret = ssl_session_load( ssl->session, 1, p, session_len );
-    if( ret != 0 )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        return( ret );
+    ret = ssl_session_load(ssl->session, 1, p, session_len);
+    if (ret != 0) {
+        mbedtls_ssl_session_free(ssl->session);
+        return ret;
     }
 
     p += session_len;
@@ -4574,106 +4528,117 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
-    if( prf_func == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    prf_func = ssl_tls12prf_from_cs(ssl->session->ciphersuite);
+    if (prf_func == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     /* Read random bytes and populate structure */
-    if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < sizeof(ssl->transform->randbytes)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ret = ssl_tls12_populate_transform( ssl->transform,
-                  ssl->session->ciphersuite,
-                  ssl->session->master,
+    ret = ssl_tls12_populate_transform(ssl->transform,
+                                       ssl->session->ciphersuite,
+                                       ssl->session->master,
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-                  ssl->session->encrypt_then_mac,
+                                       ssl->session->encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-                  prf_func,
-                  p, /* currently pointing to randbytes */
-                  MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
-                  ssl->conf->endpoint,
-                  ssl );
-    if( ret != 0 )
-        return( ret );
+                                       prf_func,
+                                       p, /* currently pointing to randbytes */
+                                       MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
+                                       ssl->conf->endpoint,
+                                       ssl);
+    if (ret != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    p += sizeof( ssl->transform->randbytes );
+    p += sizeof(ssl->transform->randbytes);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     /* Read connection IDs and store them */
-    if( (size_t)( end - p ) < 1 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 1) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     ssl->transform->in_cid_len = *p++;
 
-    if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < ssl->transform->in_cid_len + 1u) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
+    memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len);
     p += ssl->transform->in_cid_len;
 
     ssl->transform->out_cid_len = *p++;
 
-    if( (size_t)( end - p ) < ssl->transform->out_cid_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < ssl->transform->out_cid_len) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
+    memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len);
     p += ssl->transform->out_cid_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
     /*
      * Saved fields from top-level ssl_context structure
      */
-    if( (size_t)( end - p ) < 4 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 4) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) |
-                       ( (uint32_t) p[1] << 16 ) |
-                       ( (uint32_t) p[2] <<  8 ) |
-                       ( (uint32_t) p[3]       );
+    ssl->badmac_seen = ((uint32_t) p[0] << 24) |
+                       ((uint32_t) p[1] << 16) |
+                       ((uint32_t) p[2] <<  8) |
+                       ((uint32_t) p[3]);
     p += 4;
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    if( (size_t)( end - p ) < 16 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 16) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl->in_window_top = ( (uint64_t) p[0] << 56 ) |
-                         ( (uint64_t) p[1] << 48 ) |
-                         ( (uint64_t) p[2] << 40 ) |
-                         ( (uint64_t) p[3] << 32 ) |
-                         ( (uint64_t) p[4] << 24 ) |
-                         ( (uint64_t) p[5] << 16 ) |
-                         ( (uint64_t) p[6] <<  8 ) |
-                         ( (uint64_t) p[7]       );
+    ssl->in_window_top = ((uint64_t) p[0] << 56) |
+                         ((uint64_t) p[1] << 48) |
+                         ((uint64_t) p[2] << 40) |
+                         ((uint64_t) p[3] << 32) |
+                         ((uint64_t) p[4] << 24) |
+                         ((uint64_t) p[5] << 16) |
+                         ((uint64_t) p[6] <<  8) |
+                         ((uint64_t) p[7]);
     p += 8;
 
-    ssl->in_window = ( (uint64_t) p[0] << 56 ) |
-                     ( (uint64_t) p[1] << 48 ) |
-                     ( (uint64_t) p[2] << 40 ) |
-                     ( (uint64_t) p[3] << 32 ) |
-                     ( (uint64_t) p[4] << 24 ) |
-                     ( (uint64_t) p[5] << 16 ) |
-                     ( (uint64_t) p[6] <<  8 ) |
-                     ( (uint64_t) p[7]       );
+    ssl->in_window = ((uint64_t) p[0] << 56) |
+                     ((uint64_t) p[1] << 48) |
+                     ((uint64_t) p[2] << 40) |
+                     ((uint64_t) p[3] << 32) |
+                     ((uint64_t) p[4] << 24) |
+                     ((uint64_t) p[5] << 16) |
+                     ((uint64_t) p[6] <<  8) |
+                     ((uint64_t) p[7]);
     p += 8;
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( (size_t)( end - p ) < 1 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 1) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     ssl->disable_datagram_packing = *p++;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    if( (size_t)( end - p ) < sizeof( ssl->cur_out_ctr ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    memcpy( ssl->cur_out_ctr, p, sizeof( ssl->cur_out_ctr ) );
-    p += sizeof( ssl->cur_out_ctr );
+    if ((size_t) (end - p) < sizeof(ssl->cur_out_ctr)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+    memcpy(ssl->cur_out_ctr, p, sizeof(ssl->cur_out_ctr));
+    p += sizeof(ssl->cur_out_ctr);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( (size_t)( end - p ) < 2 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if ((size_t) (end - p) < 2) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl->mtu = ( p[0] << 8 ) | p[1];
+    ssl->mtu = (p[0] << 8) | p[1];
     p += 2;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -4682,19 +4647,17 @@
         uint8_t alpn_len;
         const char **cur;
 
-        if( (size_t)( end - p ) < 1 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if ((size_t) (end - p) < 1) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         alpn_len = *p++;
 
-        if( alpn_len != 0 && ssl->conf->alpn_list != NULL )
-        {
+        if (alpn_len != 0 && ssl->conf->alpn_list != NULL) {
             /* alpn_chosen should point to an item in the configured list */
-            for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-            {
-                if( strlen( *cur ) == alpn_len &&
-                    memcmp( p, cur, alpn_len ) == 0 )
-                {
+            for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+                if (strlen(*cur) == alpn_len &&
+                    memcmp(p, cur, alpn_len) == 0) {
                     ssl->alpn_chosen = *cur;
                     break;
                 }
@@ -4702,8 +4665,9 @@
         }
 
         /* can only happen on conf mismatch */
-        if( alpn_len != 0 && ssl->alpn_chosen == NULL )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (alpn_len != 0 && ssl->alpn_chosen == NULL) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         p += alpn_len;
     }
@@ -4720,7 +4684,7 @@
 
     /* Adjust pointers for header fields of outgoing records to
      * the given transform, accounting for explicit IV and CID. */
-    mbedtls_ssl_update_out_pointers( ssl, ssl->transform );
+    mbedtls_ssl_update_out_pointers(ssl, ssl->transform);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->in_epoch = 1;
@@ -4730,129 +4694,125 @@
      * which we don't want - otherwise we'd end up freeing the wrong transform
      * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform()
      * inappropriately. */
-    if( ssl->handshake != NULL )
-    {
-        mbedtls_ssl_handshake_free( ssl );
-        mbedtls_free( ssl->handshake );
+    if (ssl->handshake != NULL) {
+        mbedtls_ssl_handshake_free(ssl);
+        mbedtls_free(ssl->handshake);
         ssl->handshake = NULL;
     }
 
     /*
      * Done - should have consumed entire buffer
      */
-    if( p != end )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (p != end) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Deserialize context: public wrapper for error cleaning
  */
-int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
-                              const unsigned char *buf,
-                              size_t len )
+int mbedtls_ssl_context_load(mbedtls_ssl_context *context,
+                             const unsigned char *buf,
+                             size_t len)
 {
-    int ret = ssl_context_load( context, buf, len );
+    int ret = ssl_context_load(context, buf, len);
 
-    if( ret != 0 )
-        mbedtls_ssl_free( context );
+    if (ret != 0) {
+        mbedtls_ssl_free(context);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 
 /*
  * Free an SSL context
  */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
 {
-    if( ssl == NULL )
+    if (ssl == NULL) {
         return;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> free"));
 
-    if( ssl->out_buf != NULL )
-    {
+    if (ssl->out_buf != NULL) {
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
         size_t out_buf_len = ssl->out_buf_len;
 #else
         size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
 #endif
 
-        mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
-        mbedtls_free( ssl->out_buf );
+        mbedtls_platform_zeroize(ssl->out_buf, out_buf_len);
+        mbedtls_free(ssl->out_buf);
         ssl->out_buf = NULL;
     }
 
-    if( ssl->in_buf != NULL )
-    {
+    if (ssl->in_buf != NULL) {
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
         size_t in_buf_len = ssl->in_buf_len;
 #else
         size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
 #endif
 
-        mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
-        mbedtls_free( ssl->in_buf );
+        mbedtls_platform_zeroize(ssl->in_buf, in_buf_len);
+        mbedtls_free(ssl->in_buf);
         ssl->in_buf = NULL;
     }
 
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
+    if (ssl->transform) {
+        mbedtls_ssl_transform_free(ssl->transform);
+        mbedtls_free(ssl->transform);
     }
 
-    if( ssl->handshake )
-    {
-        mbedtls_ssl_handshake_free( ssl );
-        mbedtls_free( ssl->handshake );
+    if (ssl->handshake) {
+        mbedtls_ssl_handshake_free(ssl);
+        mbedtls_free(ssl->handshake);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        mbedtls_ssl_transform_free( ssl->transform_negotiate );
-        mbedtls_free( ssl->transform_negotiate );
+        mbedtls_ssl_transform_free(ssl->transform_negotiate);
+        mbedtls_free(ssl->transform_negotiate);
 #endif
 
-        mbedtls_ssl_session_free( ssl->session_negotiate );
-        mbedtls_free( ssl->session_negotiate );
+        mbedtls_ssl_session_free(ssl->session_negotiate);
+        mbedtls_free(ssl->session_negotiate);
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_transform_free( ssl->transform_application );
-    mbedtls_free( ssl->transform_application );
+    mbedtls_ssl_transform_free(ssl->transform_application);
+    mbedtls_free(ssl->transform_application);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    if( ssl->session )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
+    if (ssl->session) {
+        mbedtls_ssl_session_free(ssl->session);
+        mbedtls_free(ssl->session);
     }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( ssl->hostname != NULL )
-    {
-        mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
-        mbedtls_free( ssl->hostname );
+    if (ssl->hostname != NULL) {
+        mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
+        mbedtls_free(ssl->hostname);
     }
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    mbedtls_free( ssl->cli_id );
+    mbedtls_free(ssl->cli_id);
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= free"));
 
     /* Actually clear after last debug message */
-    mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
+    mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context));
 }
 
 /*
  * Initialize mbedtls_ssl_config
  */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
 {
-    memset( conf, 0, sizeof( mbedtls_ssl_config ) );
+    memset(conf, 0, sizeof(mbedtls_ssl_config));
 }
 
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
@@ -4925,17 +4885,23 @@
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&&
           MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+    defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif \
+    /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif \
+    /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif \
+    /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
@@ -4957,35 +4923,35 @@
 static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_ECDSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 #if defined(MBEDTLS_RSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512),
 #endif
 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_ECDSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 #if defined(MBEDTLS_RSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_ECDSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 #if defined(MBEDTLS_RSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
     MBEDTLS_TLS_SIG_NONE
@@ -5006,9 +4972,11 @@
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&&
           MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
+#endif \
+    /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
@@ -5022,18 +4990,18 @@
 static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_ECDSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #if defined(MBEDTLS_RSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 #if defined(MBEDTLS_ECDSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #if defined(MBEDTLS_RSA_C)
-    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
+    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
     MBEDTLS_TLS_SIG_NONE
@@ -5056,24 +5024,23 @@
 /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
  * to make sure there are no duplicated signature algorithm entries. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_no_sig_alg_duplication( uint16_t * sig_algs )
+static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs)
 {
     size_t i, j;
     int ret = 0;
 
-    for( i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ )
-    {
-        for( j = 0; j < i; j++ )
-        {
-            if( sig_algs[i] != sig_algs[j] )
+    for (i = 0; sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) {
+        for (j = 0; j < i; j++) {
+            if (sig_algs[i] != sig_algs[j]) {
                 continue;
-            mbedtls_printf( " entry(%04x,%" MBEDTLS_PRINTF_SIZET
-                            ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n",
-                            sig_algs[i], j, i );
+            }
+            mbedtls_printf(" entry(%04x,%" MBEDTLS_PRINTF_SIZET
+                           ") is duplicated at %" MBEDTLS_PRINTF_SIZET "\n",
+                           sig_algs[i], j, i);
             ret = -1;
         }
     }
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -5081,52 +5048,47 @@
 /*
  * Load default in mbedtls_ssl_config
  */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
-                                 int endpoint, int transport, int preset )
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+                                int endpoint, int transport, int preset)
 {
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #endif
 
 #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-    if( ssl_check_no_sig_alg_duplication( ssl_preset_suiteb_sig_algs ) )
-    {
-        mbedtls_printf( "ssl_preset_suiteb_sig_algs has duplicated entries\n" );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) {
+        mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n");
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
-    if( ssl_check_no_sig_alg_duplication( ssl_preset_default_sig_algs ) )
-    {
-        mbedtls_printf( "ssl_preset_default_sig_algs has duplicated entries\n" );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    if (ssl_check_no_sig_alg_duplication(ssl_preset_default_sig_algs)) {
+        mbedtls_printf("ssl_preset_default_sig_algs has duplicated entries\n");
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_suiteb_sig_algs ) )
-    {
-        mbedtls_printf( "ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n" );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_suiteb_sig_algs)) {
+        mbedtls_printf("ssl_tls12_preset_suiteb_sig_algs has duplicated entries\n");
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
-    if( ssl_check_no_sig_alg_duplication( ssl_tls12_preset_default_sig_algs ) )
-    {
-        mbedtls_printf( "ssl_tls12_preset_default_sig_algs has duplicated entries\n" );
-        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    if (ssl_check_no_sig_alg_duplication(ssl_tls12_preset_default_sig_algs)) {
+        mbedtls_printf("ssl_tls12_preset_default_sig_algs has duplicated entries\n");
+        return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 #endif /* MBEDTLS_DEBUG_C && MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
     /* Use the functions here so that they are covered in tests,
      * but otherwise access member directly for efficiency */
-    mbedtls_ssl_conf_endpoint( conf, endpoint );
-    mbedtls_ssl_conf_transport( conf, transport );
+    mbedtls_ssl_conf_endpoint(conf, endpoint);
+    mbedtls_ssl_conf_transport(conf, transport);
 
     /*
      * Things that are common to all presets
      */
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
         conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
         conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
@@ -5163,23 +5125,21 @@
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
-    memset( conf->renego_period,     0x00, 2 );
-    memset( conf->renego_period + 2, 0xFF, 6 );
+    memset(conf->renego_period,     0x00, 2);
+    memset(conf->renego_period + 2, 0xFF, 6);
 #endif
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-    if( endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_SERVER) {
         const unsigned char dhm_p[] =
             MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
         const unsigned char dhm_g[] =
             MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
 
-        if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
-                                                    dhm_p, sizeof( dhm_p ),
-                                                    dhm_g, sizeof( dhm_g ) ) ) != 0 )
-        {
-            return( ret );
+        if ((ret = mbedtls_ssl_conf_dh_param_bin(conf,
+                                                 dhm_p, sizeof(dhm_p),
+                                                 dhm_g, sizeof(dhm_g))) != 0) {
+            return ret;
         }
     }
 #endif
@@ -5187,16 +5147,16 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    mbedtls_ssl_tls13_conf_early_data( conf, MBEDTLS_SSL_EARLY_DATA_DISABLED );
+    mbedtls_ssl_tls13_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED);
 #if defined(MBEDTLS_SSL_SRV_C)
     mbedtls_ssl_tls13_conf_max_early_data_size(
-        conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE );
+        conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE);
 #endif
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
     mbedtls_ssl_conf_new_session_tickets(
-        conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
+        conf, MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS);
 #endif
     /*
      * Allow all TLS 1.3 key exchange modes by default.
@@ -5204,26 +5164,20 @@
     conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM  )
-    {
+    if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
         conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
 #else
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 #endif
-    }
-    else
-    {
+    } else {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
-        if( endpoint == MBEDTLS_SSL_IS_CLIENT )
-        {
+        if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
             conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
             conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-        }
-        else
-        /* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
-        {
+        } else {
+            /* Hybrid TLS 1.2 / 1.3 is not supported on server side yet */
             conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
             conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
         }
@@ -5234,15 +5188,14 @@
         conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
         conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
 #else
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 #endif
     }
 
     /*
      * Preset-specific defaults
      */
-    switch( preset )
-    {
+    switch (preset) {
         /*
          * NSA Suite B
          */
@@ -5256,11 +5209,11 @@
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            if( mbedtls_ssl_conf_is_tls12_only( conf ) )
+            if (mbedtls_ssl_conf_is_tls12_only(conf)) {
                 conf->sig_algs = ssl_tls12_preset_suiteb_sig_algs;
-            else
+            } else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-                conf->sig_algs = ssl_preset_suiteb_sig_algs;
+            conf->sig_algs = ssl_preset_suiteb_sig_algs;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -5282,11 +5235,11 @@
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            if( mbedtls_ssl_conf_is_tls12_only( conf ) )
+            if (mbedtls_ssl_conf_is_tls12_only(conf)) {
                 conf->sig_algs = ssl_tls12_preset_default_sig_algs;
-            else
+            } else
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-                conf->sig_algs = ssl_preset_default_sig_algs;
+            conf->sig_algs = ssl_preset_default_sig_algs;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -5299,95 +5252,93 @@
 #endif
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Free mbedtls_ssl_config
  */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
 {
 #if defined(MBEDTLS_DHM_C)
-    mbedtls_mpi_free( &conf->dhm_P );
-    mbedtls_mpi_free( &conf->dhm_G );
+    mbedtls_mpi_free(&conf->dhm_P);
+    mbedtls_mpi_free(&conf->dhm_G);
 #endif
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
-    {
+    if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
         conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    if( conf->psk != NULL )
-    {
-        mbedtls_platform_zeroize( conf->psk, conf->psk_len );
-        mbedtls_free( conf->psk );
+    if (conf->psk != NULL) {
+        mbedtls_platform_zeroize(conf->psk, conf->psk_len);
+        mbedtls_free(conf->psk);
         conf->psk = NULL;
         conf->psk_len = 0;
     }
 
-    if( conf->psk_identity != NULL )
-    {
-        mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len );
-        mbedtls_free( conf->psk_identity );
+    if (conf->psk_identity != NULL) {
+        mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len);
+        mbedtls_free(conf->psk_identity);
         conf->psk_identity = NULL;
         conf->psk_identity_len = 0;
     }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    ssl_key_cert_free( conf->key_cert );
+    ssl_key_cert_free(conf->key_cert);
 #endif
 
-    mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
+    mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config));
 }
 
 #if defined(MBEDTLS_PK_C) && \
-    ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
+    (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C))
 /*
  * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
  */
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
+unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
 {
 #if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
-        return( MBEDTLS_SSL_SIG_RSA );
+    if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) {
+        return MBEDTLS_SSL_SIG_RSA;
+    }
 #endif
 #if defined(MBEDTLS_ECDSA_C)
-    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
-        return( MBEDTLS_SSL_SIG_ECDSA );
+    if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
+        return MBEDTLS_SSL_SIG_ECDSA;
+    }
 #endif
-    return( MBEDTLS_SSL_SIG_ANON );
+    return MBEDTLS_SSL_SIG_ANON;
 }
 
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
+unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type)
 {
-    switch( type ) {
+    switch (type) {
         case MBEDTLS_PK_RSA:
-            return( MBEDTLS_SSL_SIG_RSA );
+            return MBEDTLS_SSL_SIG_RSA;
         case MBEDTLS_PK_ECDSA:
         case MBEDTLS_PK_ECKEY:
-            return( MBEDTLS_SSL_SIG_ECDSA );
+            return MBEDTLS_SSL_SIG_ECDSA;
         default:
-            return( MBEDTLS_SSL_SIG_ANON );
+            return MBEDTLS_SSL_SIG_ANON;
     }
 }
 
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
 {
-    switch( sig )
-    {
+    switch (sig) {
 #if defined(MBEDTLS_RSA_C)
         case MBEDTLS_SSL_SIG_RSA:
-            return( MBEDTLS_PK_RSA );
+            return MBEDTLS_PK_RSA;
 #endif
 #if defined(MBEDTLS_ECDSA_C)
         case MBEDTLS_SSL_SIG_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
+            return MBEDTLS_PK_ECDSA;
 #endif
         default:
-            return( MBEDTLS_PK_NONE );
+            return MBEDTLS_PK_NONE;
     }
 }
 #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
@@ -5395,72 +5346,70 @@
 /*
  * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
  */
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
 {
-    switch( hash )
-    {
+    switch (hash) {
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_MD5:
-            return( MBEDTLS_MD_MD5 );
+            return MBEDTLS_MD_MD5;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA1:
-            return( MBEDTLS_MD_SHA1 );
+            return MBEDTLS_MD_SHA1;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA224:
-            return( MBEDTLS_MD_SHA224 );
+            return MBEDTLS_MD_SHA224;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA256:
-            return( MBEDTLS_MD_SHA256 );
+            return MBEDTLS_MD_SHA256;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA384:
-            return( MBEDTLS_MD_SHA384 );
+            return MBEDTLS_MD_SHA384;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA512:
-            return( MBEDTLS_MD_SHA512 );
+            return MBEDTLS_MD_SHA512;
 #endif
         default:
-            return( MBEDTLS_MD_NONE );
+            return MBEDTLS_MD_NONE;
     }
 }
 
 /*
  * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
  */
-unsigned char mbedtls_ssl_hash_from_md_alg( int md )
+unsigned char mbedtls_ssl_hash_from_md_alg(int md)
 {
-    switch( md )
-    {
+    switch (md) {
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_MD5:
-            return( MBEDTLS_SSL_HASH_MD5 );
+            return MBEDTLS_SSL_HASH_MD5;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_SHA1:
-            return( MBEDTLS_SSL_HASH_SHA1 );
+            return MBEDTLS_SSL_HASH_SHA1;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_SHA224:
-            return( MBEDTLS_SSL_HASH_SHA224 );
+            return MBEDTLS_SSL_HASH_SHA224;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_SHA256:
-            return( MBEDTLS_SSL_HASH_SHA256 );
+            return MBEDTLS_SSL_HASH_SHA256;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_SHA384:
-            return( MBEDTLS_SSL_HASH_SHA384 );
+            return MBEDTLS_SSL_HASH_SHA384;
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_MD_SHA512:
-            return( MBEDTLS_SSL_HASH_SHA512 );
+            return MBEDTLS_SSL_HASH_SHA512;
 #endif
         default:
-            return( MBEDTLS_SSL_HASH_NONE );
+            return MBEDTLS_SSL_HASH_NONE;
     }
 }
 
@@ -5468,38 +5417,40 @@
  * Check if a curve proposed by the peer is in our list.
  * Return 0 if we're willing to use it, -1 otherwise.
  */
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id )
+int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id)
 {
-    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
 
-    if( group_list == NULL )
-        return( -1 );
-
-    for( ; *group_list != 0; group_list++ )
-    {
-        if( *group_list == tls_id )
-            return( 0 );
+    if (group_list == NULL) {
+        return -1;
     }
 
-    return( -1 );
+    for (; *group_list != 0; group_list++) {
+        if (*group_list == tls_id) {
+            return 0;
+        }
+    }
+
+    return -1;
 }
 
 #if defined(MBEDTLS_ECP_C)
 /*
  * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id.
  */
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
 {
-    uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( grp_id );
+    uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
 
-    if ( tls_id == 0 )
+    if (tls_id == 0) {
         return -1;
+    }
 
-    return mbedtls_ssl_check_curve_tls_id( ssl, tls_id );
+    return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
 }
 #endif /* MBEDTLS_ECP_C */
 
-#if defined( MBEDTLS_DEBUG_C )
+#if defined(MBEDTLS_DEBUG_C)
 #define EC_NAME(_name_)     _name_
 #else
 #define EC_NAME(_name_)     NULL
@@ -5510,63 +5461,63 @@
     mbedtls_ecp_group_id ecp_group_id;
     psa_ecc_family_t psa_family;
     uint16_t bits;
-    const char* name;
+    const char *name;
 } tls_id_match_table[] =
 {
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
-    { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, EC_NAME( "secp521r1" ) },
+    { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, EC_NAME("secp521r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-    { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, EC_NAME( "brainpoolP512r1" ) },
+    { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, EC_NAME("brainpoolP512r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
-    { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, EC_NAME( "secp384r1" ) },
+    { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, EC_NAME("secp384r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-    { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, EC_NAME( "brainpoolP384r1" ) },
+    { 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, EC_NAME("brainpoolP384r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
-    { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, EC_NAME( "secp256r1" ) },
+    { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, EC_NAME("secp256r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
-    { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, EC_NAME( "secp256k1" ) },
+    { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, EC_NAME("secp256k1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-    { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, EC_NAME( "brainpoolP256r1" ) },
+    { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, EC_NAME("brainpoolP256r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
-    { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, EC_NAME( "secp224r1" ) },
+    { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, EC_NAME("secp224r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
-    { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, EC_NAME( "secp224k1" ) },
+    { 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, EC_NAME("secp224k1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
-    { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, EC_NAME( "secp192r1" ) },
+    { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, EC_NAME("secp192r1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
-    { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, EC_NAME( "secp192k1" ) },
+    { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, EC_NAME("secp192k1") },
 #endif
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
-    { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255, EC_NAME( "x25519" ) },
+    { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255, EC_NAME("x25519") },
 #endif
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
-    { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, EC_NAME( "x448" ) },
+    { 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, EC_NAME("x448") },
 #endif
     { 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
 };
 
-int mbedtls_ssl_get_psa_curve_info_from_tls_id( uint16_t tls_id,
-                                                psa_ecc_family_t *family,
-                                                size_t* bits )
+int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
+                                               psa_ecc_family_t *family,
+                                               size_t *bits)
 {
-    for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
-    {
-        if( tls_id_match_table[i].tls_id == tls_id )
-        {
-            if( family != NULL )
+    for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+        if (tls_id_match_table[i].tls_id == tls_id) {
+            if (family != NULL) {
                 *family = tls_id_match_table[i].psa_family;
-            if( bits != NULL )
+            }
+            if (bits != NULL) {
                 *bits = tls_id_match_table[i].bits;
+            }
             return PSA_SUCCESS;
         }
     }
@@ -5574,36 +5525,36 @@
     return PSA_ERROR_NOT_SUPPORTED;
 }
 
-mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id( uint16_t tls_id )
+mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id)
 {
-    for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
-    {
-        if( tls_id_match_table[i].tls_id == tls_id )
+    for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+        if (tls_id_match_table[i].tls_id == tls_id) {
             return tls_id_match_table[i].ecp_group_id;
+        }
     }
 
     return MBEDTLS_ECP_DP_NONE;
 }
 
-uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id( mbedtls_ecp_group_id grp_id )
+uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id)
 {
-    for( int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE;
-            i++ )
-    {
-        if( tls_id_match_table[i].ecp_group_id == grp_id )
+    for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE;
+         i++) {
+        if (tls_id_match_table[i].ecp_group_id == grp_id) {
             return tls_id_match_table[i].tls_id;
+        }
     }
 
     return 0;
 }
 
 #if defined(MBEDTLS_DEBUG_C)
-const char* mbedtls_ssl_get_curve_name_from_tls_id( uint16_t tls_id )
+const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
 {
-    for( int i = 0; tls_id_match_table[i].tls_id != 0; i++ )
-    {
-        if( tls_id_match_table[i].tls_id == tls_id )
+    for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
+        if (tls_id_match_table[i].tls_id == tls_id) {
             return tls_id_match_table[i].name;
+        }
     }
 
     return NULL;
@@ -5611,21 +5562,19 @@
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags )
+int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
+                                 const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                                 int cert_endpoint,
+                                 uint32_t *flags)
 {
     int ret = 0;
     int usage = 0;
     const char *ext_oid;
     size_t ext_len;
 
-    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
         /* Server part of the key exchange */
-        switch( ciphersuite->key_exchange )
-        {
+        switch (ciphersuite->key_exchange) {
             case MBEDTLS_KEY_EXCHANGE_RSA:
             case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
                 usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
@@ -5650,46 +5599,39 @@
             case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
                 usage = 0;
         }
-    }
-    else
-    {
+    } else {
         /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
         usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
     }
 
-    if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
-    {
+    if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) {
         *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
         ret = -1;
     }
 
-    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
         ext_oid = MBEDTLS_OID_SERVER_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
-    }
-    else
-    {
+        ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
+    } else {
         ext_oid = MBEDTLS_OID_CLIENT_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+        ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
     }
 
-    if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
-    {
+    if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) {
         *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
         ret = -1;
     }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
-                                          const mbedtls_md_type_t md,
-                                          unsigned char *dst,
-                                          size_t dst_len,
-                                          size_t *olen )
+int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
+                                         const mbedtls_md_type_t md,
+                                         unsigned char *dst,
+                                         size_t dst_len,
+                                         size_t *olen)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_hash_operation_t *hash_operation_to_clone;
@@ -5697,60 +5639,61 @@
 
     *olen = 0;
 
-    switch( md )
-    {
+    switch (md) {
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    case MBEDTLS_MD_SHA384:
-        hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
-        break;
+        case MBEDTLS_MD_SHA384:
+            hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
+            break;
 #endif
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    case MBEDTLS_MD_SHA256:
-        hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
-        break;
+        case MBEDTLS_MD_SHA256:
+            hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
+            break;
 #endif
 
-    default:
+        default:
+            goto exit;
+    }
+
+    status = psa_hash_clone(hash_operation_to_clone, &hash_operation);
+    if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    status = psa_hash_clone( hash_operation_to_clone, &hash_operation );
-    if( status != PSA_SUCCESS )
+    status = psa_hash_finish(&hash_operation, dst, dst_len, olen);
+    if (status != PSA_SUCCESS) {
         goto exit;
-
-    status = psa_hash_finish( &hash_operation, dst, dst_len, olen );
-    if( status != PSA_SUCCESS )
-        goto exit;
+    }
 
 exit:
 #if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
     !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     (void) ssl;
 #endif
-    return( psa_ssl_status_to_mbedtls( status ) );
+    return psa_ssl_status_to_mbedtls(status);
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
-                                                unsigned char *dst,
-                                                size_t dst_len,
-                                                size_t *olen )
+static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
+                                               unsigned char *dst,
+                                               size_t dst_len,
+                                               size_t *olen)
 {
     int ret;
     mbedtls_sha512_context sha512;
 
-    if( dst_len < 48 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (dst_len < 48) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    mbedtls_sha512_init( &sha512 );
-    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha384 );
+    mbedtls_sha512_init(&sha512);
+    mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384);
 
-    if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
+    if ((ret = mbedtls_sha512_finish(&sha512, dst)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha512_finish", ret);
         goto exit;
     }
 
@@ -5758,30 +5701,30 @@
 
 exit:
 
-    mbedtls_sha512_free( &sha512 );
-    return( ret );
+    mbedtls_sha512_free(&sha512);
+    return ret;
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
-                                                unsigned char *dst,
-                                                size_t dst_len,
-                                                size_t *olen )
+static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl,
+                                               unsigned char *dst,
+                                               size_t dst_len,
+                                               size_t *olen)
 {
     int ret;
     mbedtls_sha256_context sha256;
 
-    if( dst_len < 32 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (dst_len < 32) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    mbedtls_sha256_init( &sha256 );
-    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+    mbedtls_sha256_init(&sha256);
+    mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
 
-    if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
+    if ((ret = mbedtls_sha256_finish(&sha256, dst)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha256_finish", ret);
         goto exit;
     }
 
@@ -5789,41 +5732,40 @@
 
 exit:
 
-    mbedtls_sha256_free( &sha256 );
-    return( ret );
+    mbedtls_sha256_free(&sha256);
+    return ret;
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
-int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
-                                          const mbedtls_md_type_t md,
-                                          unsigned char *dst,
-                                          size_t dst_len,
-                                          size_t *olen )
+int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
+                                         const mbedtls_md_type_t md,
+                                         unsigned char *dst,
+                                         size_t dst_len,
+                                         size_t *olen)
 {
-    switch( md )
-    {
+    switch (md) {
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    case MBEDTLS_MD_SHA384:
-        return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+        case MBEDTLS_MD_SHA384:
+            return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    case MBEDTLS_MD_SHA256:
-        return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+        case MBEDTLS_MD_SHA256:
+            return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen);
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
-    default:
+        default:
 #if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
-    !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    (void) ssl;
-    (void) dst;
-    (void) dst_len;
-    (void) olen;
+            !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+            (void) ssl;
+            (void) dst;
+            (void) dst_len;
+            (void) olen;
 #endif
-        break;
+            break;
     }
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
@@ -5869,9 +5811,9 @@
  * `SignatureScheme` field of TLS 1.3
  *
  */
-int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   const unsigned char *end )
+int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t supported_sig_algs_len = 0;
@@ -5879,61 +5821,56 @@
     uint16_t sig_alg;
     uint32_t common_idx = 0;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    supported_sig_algs_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    supported_sig_algs_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    memset( ssl->handshake->received_sig_algs, 0,
-            sizeof(ssl->handshake->received_sig_algs) );
+    memset(ssl->handshake->received_sig_algs, 0,
+           sizeof(ssl->handshake->received_sig_algs));
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, supported_sig_algs_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, supported_sig_algs_len);
     supported_sig_algs_end = p + supported_sig_algs_len;
-    while( p < supported_sig_algs_end )
-    {
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, supported_sig_algs_end, 2 );
-        sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 );
+    while (p < supported_sig_algs_end) {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, supported_sig_algs_end, 2);
+        sig_alg = MBEDTLS_GET_UINT16_BE(p, 0);
         p += 2;
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x %s",
-                                    sig_alg,
-                                    mbedtls_ssl_sig_alg_to_str( sig_alg ) ) );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("received signature algorithm: 0x%x %s",
+                                  sig_alg,
+                                  mbedtls_ssl_sig_alg_to_str(sig_alg)));
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
-            ( ! ( mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) &&
-                  mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) ) )
-        {
+        if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+            (!(mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg) &&
+               mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)))) {
             continue;
         }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s",
-                                    mbedtls_ssl_sig_alg_to_str( sig_alg ) ) );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("valid signature algorithm: %s",
+                                  mbedtls_ssl_sig_alg_to_str(sig_alg)));
 
-        if( common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE )
-        {
+        if (common_idx + 1 < MBEDTLS_RECEIVED_SIG_ALGS_SIZE) {
             ssl->handshake->received_sig_algs[common_idx] = sig_alg;
             common_idx += 1;
         }
     }
     /* Check that we consumed all the message. */
-    if( p != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "Signature algorithms extension length misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("Signature algorithms extension length misaligned"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if( common_idx == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature algorithm in common" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (common_idx == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("no signature algorithm in common"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     ssl->handshake->received_sig_algs[common_idx] = MBEDTLS_TLS_SIG_NONE;
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -5942,79 +5879,78 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
-static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
-                                              mbedtls_svc_key_id_t key,
-                                              psa_algorithm_t alg,
-                                              const unsigned char* raw_psk, size_t raw_psk_length,
-                                              const unsigned char* seed, size_t seed_length,
-                                              const unsigned char* label, size_t label_length,
-                                              const unsigned char* other_secret,
-                                              size_t other_secret_length,
-                                              size_t capacity )
+static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation,
+                                             mbedtls_svc_key_id_t key,
+                                             psa_algorithm_t alg,
+                                             const unsigned char *raw_psk, size_t raw_psk_length,
+                                             const unsigned char *seed, size_t seed_length,
+                                             const unsigned char *label, size_t label_length,
+                                             const unsigned char *other_secret,
+                                             size_t other_secret_length,
+                                             size_t capacity)
 {
     psa_status_t status;
 
-    status = psa_key_derivation_setup( derivation, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_key_derivation_setup(derivation, alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
-    {
-        status = psa_key_derivation_input_bytes( derivation,
-                                                 PSA_KEY_DERIVATION_INPUT_SEED,
-                                                 seed, seed_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        if ( other_secret != NULL )
-        {
-            status = psa_key_derivation_input_bytes( derivation,
-                                        PSA_KEY_DERIVATION_INPUT_OTHER_SECRET,
-                                        other_secret, other_secret_length );
-            if( status != PSA_SUCCESS )
-                return( status );
+    if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
+        status = psa_key_derivation_input_bytes(derivation,
+                                                PSA_KEY_DERIVATION_INPUT_SEED,
+                                                seed, seed_length);
+        if (status != PSA_SUCCESS) {
+            return status;
         }
 
-        if( mbedtls_svc_key_id_is_null( key ) )
-        {
+        if (other_secret != NULL) {
+            status = psa_key_derivation_input_bytes(derivation,
+                                                    PSA_KEY_DERIVATION_INPUT_OTHER_SECRET,
+                                                    other_secret, other_secret_length);
+            if (status != PSA_SUCCESS) {
+                return status;
+            }
+        }
+
+        if (mbedtls_svc_key_id_is_null(key)) {
             status = psa_key_derivation_input_bytes(
                 derivation, PSA_KEY_DERIVATION_INPUT_SECRET,
-                raw_psk, raw_psk_length );
-        }
-        else
-        {
+                raw_psk, raw_psk_length);
+        } else {
             status = psa_key_derivation_input_key(
-                derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key );
+                derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key);
         }
-        if( status != PSA_SUCCESS )
-            return( status );
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
 
-        status = psa_key_derivation_input_bytes( derivation,
-                                                 PSA_KEY_DERIVATION_INPUT_LABEL,
-                                                 label, label_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-    }
-    else
-    {
-        return( PSA_ERROR_NOT_SUPPORTED );
+        status = psa_key_derivation_input_bytes(derivation,
+                                                PSA_KEY_DERIVATION_INPUT_LABEL,
+                                                label, label_length);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+    } else {
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    status = psa_key_derivation_set_capacity( derivation, capacity );
-    if( status != PSA_SUCCESS )
-        return( status );
+    status = psa_key_derivation_set_capacity(derivation, capacity);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
 
-    return( PSA_SUCCESS );
+    return PSA_SUCCESS;
 }
 
 #if defined(PSA_WANT_ALG_SHA_384) || \
     defined(PSA_WANT_ALG_SHA_256)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic( mbedtls_md_type_t md_type,
-                            const unsigned char *secret, size_t slen,
-                            const char *label,
-                            const unsigned char *random, size_t rlen,
-                            unsigned char *dstbuf, size_t dlen )
+static int tls_prf_generic(mbedtls_md_type_t md_type,
+                           const unsigned char *secret, size_t slen,
+                           const char *label,
+                           const unsigned char *random, size_t rlen,
+                           unsigned char *dstbuf, size_t dlen)
 {
     psa_status_t status;
     psa_algorithm_t alg;
@@ -6022,10 +5958,11 @@
     psa_key_derivation_operation_t derivation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
 
-    if( md_type == MBEDTLS_MD_SHA384 )
+    if (md_type == MBEDTLS_MD_SHA384) {
         alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384);
-    else
+    } else {
         alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256);
+    }
 
     /* Normally a "secret" should be long enough to be impossible to
      * find by brute force, and in particular should not be empty. But
@@ -6034,67 +5971,66 @@
      * Since the key API doesn't allow importing a key of length 0,
      * keep master_key=0, which setup_psa_key_derivation() understands
      * to mean a 0-length "secret" input. */
-    if( slen != 0 )
-    {
+    if (slen != 0) {
         psa_key_attributes_t key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, alg );
-        psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+        psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+        psa_set_key_algorithm(&key_attributes, alg);
+        psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
 
-        status = psa_import_key( &key_attributes, secret, slen, &master_key );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        status = psa_import_key(&key_attributes, secret, slen, &master_key);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        }
     }
 
-    status = setup_psa_key_derivation( &derivation,
-                                       master_key, alg,
-                                       NULL, 0,
-                                       random, rlen,
-                                       (unsigned char const *) label,
-                                       (size_t) strlen( label ),
-                                       NULL, 0,
-                                       dlen );
-    if( status != PSA_SUCCESS )
-    {
-        psa_key_derivation_abort( &derivation );
-        psa_destroy_key( master_key );
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    status = setup_psa_key_derivation(&derivation,
+                                      master_key, alg,
+                                      NULL, 0,
+                                      random, rlen,
+                                      (unsigned char const *) label,
+                                      (size_t) strlen(label),
+                                      NULL, 0,
+                                      dlen);
+    if (status != PSA_SUCCESS) {
+        psa_key_derivation_abort(&derivation);
+        psa_destroy_key(master_key);
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
     }
 
-    status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen );
-    if( status != PSA_SUCCESS )
-    {
-        psa_key_derivation_abort( &derivation );
-        psa_destroy_key( master_key );
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen);
+    if (status != PSA_SUCCESS) {
+        psa_key_derivation_abort(&derivation);
+        psa_destroy_key(master_key);
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
     }
 
-    status = psa_key_derivation_abort( &derivation );
-    if( status != PSA_SUCCESS )
-    {
-        psa_destroy_key( master_key );
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    status = psa_key_derivation_abort(&derivation);
+    if (status != PSA_SUCCESS) {
+        psa_destroy_key(master_key);
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
     }
 
-    if( ! mbedtls_svc_key_id_is_null( master_key ) )
-        status = psa_destroy_key( master_key );
-    if( status != PSA_SUCCESS )
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+    if (!mbedtls_svc_key_id_is_null(master_key)) {
+        status = psa_destroy_key(master_key);
+    }
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */
 #else /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_MD_C) &&       \
-    ( defined(MBEDTLS_SHA256_C) || \
-      defined(MBEDTLS_SHA384_C) )
+    (defined(MBEDTLS_SHA256_C) || \
+    defined(MBEDTLS_SHA384_C))
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic( mbedtls_md_type_t md_type,
-                            const unsigned char *secret, size_t slen,
-                            const char *label,
-                            const unsigned char *random, size_t rlen,
-                            unsigned char *dstbuf, size_t dlen )
+static int tls_prf_generic(mbedtls_md_type_t md_type,
+                           const unsigned char *secret, size_t slen,
+                           const char *label,
+                           const unsigned char *random, size_t rlen,
+                           unsigned char *dstbuf, size_t dlen)
 {
     size_t nb;
     size_t i, j, k, md_len;
@@ -6105,106 +6041,117 @@
     mbedtls_md_context_t md_ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_md_init( &md_ctx );
+    mbedtls_md_init(&md_ctx);
 
-    if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    md_len = mbedtls_md_get_size( md_info );
+    md_len = mbedtls_md_get_size(md_info);
 
-    tmp_len = md_len + strlen( label ) + rlen;
-    tmp = mbedtls_calloc( 1, tmp_len );
-    if( tmp == NULL )
-    {
+    tmp_len = md_len + strlen(label) + rlen;
+    tmp = mbedtls_calloc(1, tmp_len);
+    if (tmp == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto exit;
     }
 
-    nb = strlen( label );
-    memcpy( tmp + md_len, label, nb );
-    memcpy( tmp + md_len + nb, random, rlen );
+    nb = strlen(label);
+    memcpy(tmp + md_len, label, nb);
+    memcpy(tmp + md_len + nb, random, rlen);
     nb += rlen;
 
     /*
      * Compute P_<hash>(secret, label + random)[0..dlen]
      */
-    if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+    if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
         goto exit;
+    }
 
-    ret = mbedtls_md_hmac_starts( &md_ctx, secret, slen );
-    if( ret != 0 )
+    ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
+    if (ret != 0) {
         goto exit;
-    ret = mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
-    if( ret != 0 )
+    }
+    ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
+    if (ret != 0) {
         goto exit;
-    ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
-    if( ret != 0 )
+    }
+    ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+    if (ret != 0) {
         goto exit;
+    }
 
-    for( i = 0; i < dlen; i += md_len )
-    {
-        ret = mbedtls_md_hmac_reset ( &md_ctx );
-        if( ret != 0 )
+    for (i = 0; i < dlen; i += md_len) {
+        ret = mbedtls_md_hmac_reset(&md_ctx);
+        if (ret != 0) {
             goto exit;
-        ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb);
+        if (ret != 0) {
             goto exit;
-        ret = mbedtls_md_hmac_finish( &md_ctx, h_i );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
+        if (ret != 0) {
             goto exit;
+        }
 
-        ret = mbedtls_md_hmac_reset ( &md_ctx );
-        if( ret != 0 )
+        ret = mbedtls_md_hmac_reset(&md_ctx);
+        if (ret != 0) {
             goto exit;
-        ret = mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len);
+        if (ret != 0) {
             goto exit;
-        ret = mbedtls_md_hmac_finish( &md_ctx, tmp );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
+        if (ret != 0) {
             goto exit;
+        }
 
-        k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
+        k = (i + md_len > dlen) ? dlen % md_len : md_len;
 
-        for( j = 0; j < k; j++ )
+        for (j = 0; j < k; j++) {
             dstbuf[i + j]  = h_i[j];
+        }
     }
 
 exit:
-    mbedtls_md_free( &md_ctx );
+    mbedtls_md_free(&md_ctx);
 
-    if ( tmp != NULL )
-        mbedtls_platform_zeroize( tmp, tmp_len );
+    if (tmp != NULL) {
+        mbedtls_platform_zeroize(tmp, tmp_len);
+    }
 
-    mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
+    mbedtls_platform_zeroize(h_i, sizeof(h_i));
 
-    mbedtls_free( tmp );
+    mbedtls_free(tmp);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_MD_C && ( MBEDTLS_SHA256_C || MBEDTLS_SHA384_C ) */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha256( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen )
+static int tls_prf_sha256(const unsigned char *secret, size_t slen,
+                          const char *label,
+                          const unsigned char *random, size_t rlen,
+                          unsigned char *dstbuf, size_t dlen)
 {
-    return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
-                             label, random, rlen, dstbuf, dlen ) );
+    return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen,
+                           label, random, rlen, dstbuf, dlen);
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_sha384( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen )
+static int tls_prf_sha384(const unsigned char *secret, size_t slen,
+                          const char *label,
+                          const unsigned char *random, size_t rlen,
+                          unsigned char *dstbuf, size_t dlen)
 {
-    return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
-                             label, random, rlen, dstbuf, dlen ) );
+    return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
+                           label, random, rlen, dstbuf, dlen);
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
@@ -6218,17 +6165,15 @@
  * - the tls_prf, calc_verify and calc_finished members of handshake structure
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
-                                   mbedtls_md_type_t hash )
+static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
+                                  mbedtls_md_type_t hash)
 {
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( hash == MBEDTLS_MD_SHA384 )
-    {
+    if (hash == MBEDTLS_MD_SHA384) {
         handshake->tls_prf = tls_prf_sha384;
         handshake->calc_verify = ssl_calc_verify_tls_sha384;
         handshake->calc_finished = ssl_calc_finished_tls_sha384;
-    }
-    else
+    } else
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     {
@@ -6241,11 +6186,11 @@
     {
         (void) handshake;
         (void) hash;
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #endif
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -6263,9 +6208,9 @@
  *      PSA-PSA: conf
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
-                               unsigned char *master,
-                               const mbedtls_ssl_context *ssl )
+static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
+                              unsigned char *master,
+                              const mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -6296,33 +6241,30 @@
 #if !defined(MBEDTLS_DEBUG_C) &&                    \
     !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !(defined(MBEDTLS_USE_PSA_CRYPTO) &&            \
-      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
     ssl = NULL; /* make sure we don't use it except for those cases */
     (void) ssl;
 #endif
 
-    if( handshake->resume != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
-        return( 0 );
+    if (handshake->resume != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)"));
+        return 0;
     }
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
-    {
+    if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
         lbl  = "extended master secret";
         seed = session_hash;
-        handshake->calc_verify( ssl, session_hash, &seed_len );
+        handshake->calc_verify(ssl, session_hash, &seed_len);
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
-                                  session_hash, seed_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret",
+                              session_hash, seed_len);
     }
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                   \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( handshake->ciphersuite_info ) == 1 )
-    {
+    if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) {
         /* Perform PSK-to-MS expansion in a single step. */
         psa_status_t status;
         psa_algorithm_t alg;
@@ -6331,20 +6273,20 @@
             PSA_KEY_DERIVATION_OPERATION_INIT;
         mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion"));
 
-        psk = mbedtls_ssl_get_opaque_psk( ssl );
+        psk = mbedtls_ssl_get_opaque_psk(ssl);
 
-        if( hash_alg == MBEDTLS_MD_SHA384 )
+        if (hash_alg == MBEDTLS_MD_SHA384) {
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
-        else
+        } else {
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+        }
 
         size_t other_secret_len = 0;
-        unsigned char* other_secret = NULL;
+        unsigned char *other_secret = NULL;
 
-        switch( handshake->ciphersuite_info->key_exchange )
-        {
+        switch (handshake->ciphersuite_info->key_exchange) {
             /* Provide other secret.
              * Other secret is stored in premaster, where first 2 bytes hold the
              * length of the other key.
@@ -6363,130 +6305,121 @@
                 break;
         }
 
-        status = setup_psa_key_derivation( &derivation, psk, alg,
-                                           ssl->conf->psk, ssl->conf->psk_len,
-                                           seed, seed_len,
-                                           (unsigned char const *) lbl,
-                                           (size_t) strlen( lbl ),
-                                           other_secret, other_secret_len,
-                                           master_secret_len );
-        if( status != PSA_SUCCESS )
-        {
-            psa_key_derivation_abort( &derivation );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        status = setup_psa_key_derivation(&derivation, psk, alg,
+                                          ssl->conf->psk, ssl->conf->psk_len,
+                                          seed, seed_len,
+                                          (unsigned char const *) lbl,
+                                          (size_t) strlen(lbl),
+                                          other_secret, other_secret_len,
+                                          master_secret_len);
+        if (status != PSA_SUCCESS) {
+            psa_key_derivation_abort(&derivation);
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         }
 
-        status = psa_key_derivation_output_bytes( &derivation,
-                                                  master,
-                                                  master_secret_len );
-        if( status != PSA_SUCCESS )
-        {
-            psa_key_derivation_abort( &derivation );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        status = psa_key_derivation_output_bytes(&derivation,
+                                                 master,
+                                                 master_secret_len);
+        if (status != PSA_SUCCESS) {
+            psa_key_derivation_abort(&derivation);
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         }
 
-        status = psa_key_derivation_abort( &derivation );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-    }
-    else
+        status = psa_key_derivation_abort(&derivation);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        }
+    } else
 #endif
     {
 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                              \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-        {
+        defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
             psa_status_t status;
             psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS;
             psa_key_derivation_operation_t derivation =
                 PSA_KEY_DERIVATION_OPERATION_INIT;
 
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PMS KDF for ECJPAKE" ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PMS KDF for ECJPAKE"));
 
             handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE;
 
-            status = psa_key_derivation_setup( &derivation, alg );
-            if( status != PSA_SUCCESS )
-                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
-            status = psa_key_derivation_set_capacity( &derivation,
-                                            PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE );
-            if( status != PSA_SUCCESS )
-            {
-                psa_key_derivation_abort( &derivation );
-                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            status = psa_key_derivation_setup(&derivation, alg);
+            if (status != PSA_SUCCESS) {
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            status = psa_pake_get_implicit_key( &handshake->psa_pake_ctx,
-                                                &derivation );
-            if( status != PSA_SUCCESS )
-            {
-                psa_key_derivation_abort( &derivation );
-                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            status = psa_key_derivation_set_capacity(&derivation,
+                                                     PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE);
+            if (status != PSA_SUCCESS) {
+                psa_key_derivation_abort(&derivation);
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            status = psa_key_derivation_output_bytes( &derivation,
-                                                      handshake->premaster,
-                                                      handshake->pmslen );
-            if( status != PSA_SUCCESS )
-            {
-                psa_key_derivation_abort( &derivation );
-                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx,
+                                               &derivation);
+            if (status != PSA_SUCCESS) {
+                psa_key_derivation_abort(&derivation);
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            status = psa_key_derivation_abort( &derivation );
-            if( status != PSA_SUCCESS )
-            {
-                return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            status = psa_key_derivation_output_bytes(&derivation,
+                                                     handshake->premaster,
+                                                     handshake->pmslen);
+            if (status != PSA_SUCCESS) {
+                psa_key_derivation_abort(&derivation);
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+            }
+
+            status = psa_key_derivation_abort(&derivation);
+            if (status != PSA_SUCCESS) {
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
         }
 #endif
-        ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
-                                  lbl, seed, seed_len,
-                                  master,
-                                  master_secret_len );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
-            return( ret );
+        ret = handshake->tls_prf(handshake->premaster, handshake->pmslen,
+                                 lbl, seed, seed_len,
+                                 master,
+                                 master_secret_len);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "prf", ret);
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret",
-                               handshake->premaster,
-                               handshake->pmslen );
+        MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret",
+                              handshake->premaster,
+                              handshake->pmslen);
 
-        mbedtls_platform_zeroize( handshake->premaster,
-                                  sizeof(handshake->premaster) );
+        mbedtls_platform_zeroize(handshake->premaster,
+                                 sizeof(handshake->premaster));
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys"));
 
     /* Set PRF, calc_verify and calc_finished function pointers */
-    ret = ssl_set_handshake_prfs( ssl->handshake,
-                                  ciphersuite_info->mac );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret );
-        return( ret );
+    ret = ssl_set_handshake_prfs(ssl->handshake,
+                                 ciphersuite_info->mac);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret);
+        return ret;
     }
 
     /* Compute master secret if needed */
-    ret = ssl_compute_master( ssl->handshake,
-                              ssl->session_negotiate->master,
-                              ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret );
-        return( ret );
+    ret = ssl_compute_master(ssl->handshake,
+                             ssl->session_negotiate->master,
+                             ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret);
+        return ret;
     }
 
     /* Swap the client and server random values:
@@ -6494,43 +6427,41 @@
      * - key derivation wants server+client (RFC 5246 6.3) */
     {
         unsigned char tmp[64];
-        memcpy( tmp, ssl->handshake->randbytes, 64 );
-        memcpy( ssl->handshake->randbytes, tmp + 32, 32 );
-        memcpy( ssl->handshake->randbytes + 32, tmp, 32 );
-        mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+        memcpy(tmp, ssl->handshake->randbytes, 64);
+        memcpy(ssl->handshake->randbytes, tmp + 32, 32);
+        memcpy(ssl->handshake->randbytes + 32, tmp, 32);
+        mbedtls_platform_zeroize(tmp, sizeof(tmp));
     }
 
     /* Populate transform structure */
-    ret = ssl_tls12_populate_transform( ssl->transform_negotiate,
-                                        ssl->session_negotiate->ciphersuite,
-                                        ssl->session_negotiate->master,
+    ret = ssl_tls12_populate_transform(ssl->transform_negotiate,
+                                       ssl->session_negotiate->ciphersuite,
+                                       ssl->session_negotiate->master,
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-                                        ssl->session_negotiate->encrypt_then_mac,
+                                       ssl->session_negotiate->encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-                                        ssl->handshake->tls_prf,
-                                        ssl->handshake->randbytes,
-                                        ssl->tls_version,
-                                        ssl->conf->endpoint,
-                                        ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls12_populate_transform", ret );
-        return( ret );
+                                       ssl->handshake->tls_prf,
+                                       ssl->handshake->randbytes,
+                                       ssl->tls_version,
+                                       ssl->conf->endpoint,
+                                       ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls12_populate_transform", ret);
+        return ret;
     }
 
     /* We no longer need Server/ClientHello.random values */
-    mbedtls_platform_zeroize( ssl->handshake->randbytes,
-                      sizeof( ssl->handshake->randbytes ) );
+    mbedtls_platform_zeroize(ssl->handshake->randbytes,
+                             sizeof(ssl->handshake->randbytes));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys"));
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
+int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
 {
-    switch( md )
-    {
+    switch (md) {
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
         case MBEDTLS_SSL_HASH_SHA384:
             ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -6542,108 +6473,104 @@
             break;
 #endif
         default:
-            return( -1 );
+            return -1;
     }
 #if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
     !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     (void) ssl;
 #endif
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
-                                 unsigned char *hash,
-                                 size_t *hlen )
+void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
+                                unsigned char *hash,
+                                size_t *hlen)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     size_t hash_size;
     psa_status_t status;
     psa_hash_operation_t sha256_psa = psa_hash_operation_init();
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
-    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256"));
+    status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
         return;
     }
 
-    status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+    status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
         return;
     }
 
     *hlen = 32;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
 #else
     mbedtls_sha256_context sha256;
 
-    mbedtls_sha256_init( &sha256 );
+    mbedtls_sha256_init(&sha256);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256"));
 
-    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
-    mbedtls_sha256_finish( &sha256, hash );
+    mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
+    mbedtls_sha256_finish(&sha256, hash);
 
     *hlen = 32;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+    MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
 
-    mbedtls_sha256_free( &sha256 );
+    mbedtls_sha256_free(&sha256);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     return;
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
-                                 unsigned char *hash,
-                                 size_t *hlen )
+void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
+                                unsigned char *hash,
+                                size_t *hlen)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     size_t hash_size;
     psa_status_t status;
     psa_hash_operation_t sha384_psa = psa_hash_operation_init();
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) );
-    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384"));
+    status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
         return;
     }
 
-    status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+    status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
         return;
     }
 
     *hlen = 48;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
 #else
     mbedtls_sha512_context sha512;
 
-    mbedtls_sha512_init( &sha512 );
+    mbedtls_sha512_init(&sha512);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384"));
 
-    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha384 );
-    mbedtls_sha512_finish( &sha512, hash );
+    mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384);
+    mbedtls_sha512_finish(&sha512, hash);
 
     *hlen = 48;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+    MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
 
-    mbedtls_sha512_free( &sha512 );
+    mbedtls_sha512_free(&sha512);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     return;
 }
@@ -6651,16 +6578,15 @@
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                      \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
+int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex)
 {
     unsigned char *p = ssl->handshake->premaster;
-    unsigned char *end = p + sizeof( ssl->handshake->premaster );
+    unsigned char *end = p + sizeof(ssl->handshake->premaster);
     const unsigned char *psk = NULL;
     size_t psk_len = 0;
-    int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len );
+    int psk_ret = mbedtls_ssl_get_psk(ssl, &psk, &psk_len);
 
-    if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
-    {
+    if (psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) {
         /*
          * This should never happen because the existence of a PSK is always
          * checked before calling this function.
@@ -6668,10 +6594,9 @@
          * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with
          * the shared secret without PSK.
          */
-        if ( key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
     }
 
@@ -6683,133 +6608,125 @@
      * with "other_secret" depending on the particular key exchange
      */
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
-    {
-        if( end - p < 2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) {
+        if (end - p < 2) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
-        MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
         p += 2;
 
-        if( end < p || (size_t)( end - p ) < psk_len )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (end < p || (size_t) (end - p) < psk_len) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
-        memset( p, 0, psk_len );
+        memset(p, 0, psk_len);
         p += psk_len;
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
+    if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
         /*
          * other_secret already set by the ClientKeyExchange message,
          * and is 48 bytes long
          */
-        if( end - p < 2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (end - p < 2) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         *p++ = 0;
         *p++ = 48;
         p += 48;
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
+    if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t len;
 
         /* Write length only when we know the actual value */
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      p + 2, end - ( p + 2 ), &len,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
+        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+                                           p + 2, end - (p + 2), &len,
+                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+            return ret;
         }
-        MBEDTLS_PUT_UINT16_BE( len, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(len, p, 0);
         p += 2 + len;
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
+    if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t zlen;
 
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
-                                       p + 2, end - ( p + 2 ),
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-            return( ret );
+        if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen,
+                                            p + 2, end - (p + 2),
+                                            ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
+            return ret;
         }
 
-        MBEDTLS_PUT_UINT16_BE( zlen, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(zlen, p, 0);
         p += 2 + zlen;
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Z );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_Z);
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* opaque psk<0..2^16-1>; */
-    if( end - p < 2 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (end - p < 2) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_PUT_UINT16_BE( psk_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(psk_len, p, 0);
     p += 2;
 
-    if( end < p || (size_t)( end - p ) < psk_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (end < p || (size_t) (end - p) < psk_len) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    memcpy( p, psk, psk_len );
+    memcpy(p, psk, psk_len);
     p += psk_len;
 
     ssl->handshake->pmslen = p - ssl->handshake->premaster;
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
+static int ssl_write_hello_request(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl)
 {
     /* If renegotiation is not enforced, retransmit until we would reach max
      * timeout if we were using the usual handshake doubling scheme */
-    if( ssl->conf->renego_max_records < 0 )
-    {
+    if (ssl->conf->renego_max_records < 0) {
         uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
         unsigned char doublings = 1;
 
-        while( ratio != 0 )
-        {
+        while (ratio != 0) {
             ++doublings;
             ratio >>= 1;
         }
 
-        if( ++ssl->renego_records_seen > doublings )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
-            return( 0 );
+        if (++ssl->renego_records_seen > doublings) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request"));
+            return 0;
         }
     }
 
-    return( ssl_write_hello_request( ssl ) );
+    return ssl_write_hello_request(ssl);
 }
 #endif
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
@@ -6819,46 +6736,44 @@
  */
 #if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /* No certificate support -> dummy functions */
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
 
-    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+    if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate"));
 
-    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+    if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
 #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 /* Some certificate support -> implement write and parse */
 
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     size_t i, n;
@@ -6866,39 +6781,34 @@
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
 
-    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+    if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        if( ssl->handshake->client_auth == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        if (ssl->handshake->client_auth == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
             ssl->state++;
-            return( 0 );
+            return 0;
         }
     }
 #endif /* MBEDTLS_SSL_CLI_C */
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( mbedtls_ssl_own_cert( ssl ) == NULL )
-        {
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        if (mbedtls_ssl_own_cert(ssl) == NULL) {
             /* Should never happen because we shouldn't have picked the
              * ciphersuite if we don't have a certificate. */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
     }
 #endif
 
-    MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
+    MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl));
 
     /*
      *     0  .  0    handshake type
@@ -6910,30 +6820,28 @@
      *    n+3 . ...   upper level cert, etc.
      */
     i = 7;
-    crt = mbedtls_ssl_own_cert( ssl );
+    crt = mbedtls_ssl_own_cert(ssl);
 
-    while( crt != NULL )
-    {
+    while (crt != NULL) {
         n = crt->raw.len;
-        if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
-                                        " > %" MBEDTLS_PRINTF_SIZET,
-                           i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET
+                                      " > %" MBEDTLS_PRINTF_SIZET,
+                                      i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
-        ssl->out_msg[i    ] = MBEDTLS_BYTE_2( n );
-        ssl->out_msg[i + 1] = MBEDTLS_BYTE_1( n );
-        ssl->out_msg[i + 2] = MBEDTLS_BYTE_0( n );
+        ssl->out_msg[i] = MBEDTLS_BYTE_2(n);
+        ssl->out_msg[i + 1] = MBEDTLS_BYTE_1(n);
+        ssl->out_msg[i + 2] = MBEDTLS_BYTE_0(n);
 
-        i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
+        i += 3; memcpy(ssl->out_msg + i, crt->raw.p, n);
         i += n; crt = crt->next;
     }
 
-    ssl->out_msg[4]  = MBEDTLS_BYTE_2( i - 7 );
-    ssl->out_msg[5]  = MBEDTLS_BYTE_1( i - 7 );
-    ssl->out_msg[6]  = MBEDTLS_BYTE_0( i - 7 );
+    ssl->out_msg[4]  = MBEDTLS_BYTE_2(i - 7);
+    ssl->out_msg[5]  = MBEDTLS_BYTE_1(i - 7);
+    ssl->out_msg[6]  = MBEDTLS_BYTE_0(i - 7);
 
     ssl->out_msglen  = i;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -6941,40 +6849,41 @@
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate"));
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
-                                         unsigned char *crt_buf,
-                                         size_t crt_buf_len )
+static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
+                                        unsigned char *crt_buf,
+                                        size_t crt_buf_len)
 {
     mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
 
-    if( peer_crt == NULL )
-        return( -1 );
+    if (peer_crt == NULL) {
+        return -1;
+    }
 
-    if( peer_crt->raw.len != crt_buf_len )
-        return( -1 );
+    if (peer_crt->raw.len != crt_buf_len) {
+        return -1;
+    }
 
-    return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) );
+    return memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len);
 }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
-                                         unsigned char *crt_buf,
-                                         size_t crt_buf_len )
+static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl,
+                                        unsigned char *crt_buf,
+                                        size_t crt_buf_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char const * const peer_cert_digest =
@@ -6982,22 +6891,25 @@
     mbedtls_md_type_t const peer_cert_digest_type =
         ssl->session->peer_cert_digest_type;
     mbedtls_md_info_t const * const digest_info =
-        mbedtls_md_info_from_type( peer_cert_digest_type );
+        mbedtls_md_info_from_type(peer_cert_digest_type);
     unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
     size_t digest_len;
 
-    if( peer_cert_digest == NULL || digest_info == NULL )
-        return( -1 );
+    if (peer_cert_digest == NULL || digest_info == NULL) {
+        return -1;
+    }
 
-    digest_len = mbedtls_md_get_size( digest_info );
-    if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
-        return( -1 );
+    digest_len = mbedtls_md_get_size(digest_info);
+    if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) {
+        return -1;
+    }
 
-    ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
-    if( ret != 0 )
-        return( -1 );
+    ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest);
+    if (ret != 0) {
+        return -1;
+    }
 
-    return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+    return memcmp(tmp_digest, peer_cert_digest, digest_len);
 }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
@@ -7007,131 +6919,121 @@
  * perform basic checks, but leave actual verification to the caller
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
-                                        mbedtls_x509_crt *chain )
+static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
+                                       mbedtls_x509_crt *chain)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
-    int crt_cnt=0;
+    int crt_cnt = 0;
 #endif
     size_t i, n;
     uint8_t alert;
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE  )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    i = mbedtls_ssl_hs_hdr_len( ssl );
+    i = mbedtls_ssl_hs_hdr_len(ssl);
 
     /*
      * Same message structure as in mbedtls_ssl_write_certificate()
      */
-    n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
+    n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2];
 
-    if( ssl->in_msg[i] != 0 ||
-        ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_msg[i] != 0 ||
+        ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */
     i += 3;
 
     /* Iterate through and parse the CRTs in the provided chain. */
-    while( i < ssl->in_hslen )
-    {
+    while (i < ssl->in_hslen) {
         /* Check that there's room for the next CRT's length fields. */
-        if ( i + 3 > ssl->in_hslen ) {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl,
-                              MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                              MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (i + 3 > ssl->in_hslen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+            mbedtls_ssl_send_alert_message(ssl,
+                                           MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
         /* In theory, the CRT can be up to 2**24 Bytes, but we don't support
          * anything beyond 2**16 ~ 64K. */
-        if( ssl->in_msg[i] != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl,
-                            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT );
-            return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+        if (ssl->in_msg[i] != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+            mbedtls_ssl_send_alert_message(ssl,
+                                           MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT);
+            return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
         }
 
         /* Read length of the next CRT in the chain. */
-        n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
+        n = ((unsigned int) ssl->in_msg[i + 1] << 8)
             | (unsigned int) ssl->in_msg[i + 2];
         i += 3;
 
-        if( n < 128 || i + n > ssl->in_hslen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl,
-                                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                 MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (n < 128 || i + n > ssl->in_hslen) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+            mbedtls_ssl_send_alert_message(ssl,
+                                           MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
         /* Check if we're handling the first CRT in the chain. */
 #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
-        if( crt_cnt++ == 0 &&
+        if (crt_cnt++ == 0 &&
             ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
+            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
             /* During client-side renegotiation, check that the server's
              * end-CRTs hasn't changed compared to the initial handshake,
              * mitigating the triple handshake attack. On success, reuse
              * the original end-CRT instead of parsing it again. */
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) );
-            if( ssl_check_peer_crt_unchanged( ssl,
-                                              &ssl->in_msg[i],
-                                              n ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
-                mbedtls_ssl_send_alert_message( ssl,
-                                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
-                return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation"));
+            if (ssl_check_peer_crt_unchanged(ssl,
+                                             &ssl->in_msg[i],
+                                             n) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation"));
+                mbedtls_ssl_send_alert_message(ssl,
+                                               MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                               MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED);
+                return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
             }
 
             /* Now we can safely free the original chain. */
-            ssl_clear_peer_cert( ssl->session );
+            ssl_clear_peer_cert(ssl->session);
         }
 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
 
         /* Parse the next certificate in the chain. */
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n );
+        ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n);
 #else
         /* If we don't need to store the CRT chain permanently, parse
          * it in-place from the input buffer instead of making a copy. */
-        ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n );
+        ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n);
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-        switch( ret )
-        {
+        switch (ret) {
             case 0: /*ok*/
             case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
                 /* Ignore certificate with an unknown algorithm: maybe a
@@ -7148,35 +7050,35 @@
 
             default:
                 alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-            crt_parse_der_failed:
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
-                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-                return( ret );
+crt_parse_der_failed:
+                mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert);
+                MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret);
+                return ret;
         }
 
         i += n;
     }
 
-    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain);
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_SRV_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
+static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl)
 {
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-        return( -1 );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        return -1;
+    }
 
-    if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+    if (ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len(ssl) &&
         ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
         ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
-        memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer has no certificate" ) );
-        return( 0 );
+        memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate"));
+        return 0;
     }
-    return( -1 );
+    return -1;
 }
 #endif /* MBEDTLS_SSL_SRV_C */
 
@@ -7189,40 +7091,40 @@
 #define SSL_CERTIFICATE_EXPECTED 0
 #define SSL_CERTIFICATE_SKIP     1
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
-                                             int authmode )
+static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
+                                            int authmode)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
-        return( SSL_CERTIFICATE_SKIP );
+    if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
+        return SSL_CERTIFICATE_SKIP;
+    }
 
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-            return( SSL_CERTIFICATE_SKIP );
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+            return SSL_CERTIFICATE_SKIP;
+        }
 
-        if( authmode == MBEDTLS_SSL_VERIFY_NONE )
-        {
+        if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
             ssl->session_negotiate->verify_result =
                 MBEDTLS_X509_BADCERT_SKIP_VERIFY;
-            return( SSL_CERTIFICATE_SKIP );
+            return SSL_CERTIFICATE_SKIP;
         }
     }
 #else
     ((void) authmode);
 #endif /* MBEDTLS_SSL_SRV_C */
 
-    return( SSL_CERTIFICATE_EXPECTED );
+    return SSL_CERTIFICATE_EXPECTED;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
-                                         int authmode,
-                                         mbedtls_x509_crt *chain,
-                                         void *rs_ctx )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
+                                        int authmode,
+                                        mbedtls_x509_crt *chain,
+                                        void *rs_ctx)
 {
     int ret = 0;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -7232,18 +7134,16 @@
     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
     void *p_vrfy;
 
-    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
-        return( 0 );
+    if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
+        return 0;
+    }
 
-    if( ssl->f_vrfy != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
+    if (ssl->f_vrfy != NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
         f_vrfy = ssl->f_vrfy;
         p_vrfy = ssl->p_vrfy;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback"));
         f_vrfy = ssl->conf->f_vrfy;
         p_vrfy = ssl->conf->p_vrfy;
     }
@@ -7252,12 +7152,11 @@
      * Main check: verify certificate
      */
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-    if( ssl->conf->f_ca_cb != NULL )
-    {
+    if (ssl->conf->f_ca_cb != NULL) {
         ((void) rs_ctx);
         have_ca_chain = 1;
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification"));
         ret = mbedtls_x509_crt_verify_with_ca_cb(
             chain,
             ssl->conf->f_ca_cb,
@@ -7265,29 +7164,27 @@
             ssl->conf->cert_profile,
             ssl->hostname,
             &ssl->session_negotiate->verify_result,
-            f_vrfy, p_vrfy );
-    }
-    else
+            f_vrfy, p_vrfy);
+    } else
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
     {
         mbedtls_x509_crt *ca_chain;
         mbedtls_x509_crl *ca_crl;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_ca_chain != NULL )
-        {
+        if (ssl->handshake->sni_ca_chain != NULL) {
             ca_chain = ssl->handshake->sni_ca_chain;
             ca_crl   = ssl->handshake->sni_ca_crl;
-        }
-        else
+        } else
 #endif
         {
             ca_chain = ssl->conf->ca_chain;
             ca_crl   = ssl->conf->ca_crl;
         }
 
-        if( ca_chain != NULL )
+        if (ca_chain != NULL) {
             have_ca_chain = 1;
+        }
 
         ret = mbedtls_x509_crt_verify_restartable(
             chain,
@@ -7295,17 +7192,17 @@
             ssl->conf->cert_profile,
             ssl->hostname,
             &ssl->session_negotiate->verify_result,
-            f_vrfy, p_vrfy, rs_ctx );
+            f_vrfy, p_vrfy, rs_ctx);
     }
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
     }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-        return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+    if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
+        return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+    }
 #endif
 
     /*
@@ -7319,39 +7216,37 @@
         /* If certificate uses an EC key, make sure the curve is OK.
          * This is a public key, so it can't be opaque, so can_do() is a good
          * enough check to ensure pk_ec() is safe to use here. */
-        if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
-        {
+        if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
             /* and in the unlikely case the above assumption no longer holds
              * we are making sure that pk_ec() here does not return a NULL
              */
-            const mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *pk );
-            if( ec == NULL )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_pk_ec() returned NULL" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            const mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
+            if (ec == NULL) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec() returned NULL"));
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
             }
 
-            if( mbedtls_ssl_check_curve( ssl, ec->grp.id ) != 0 )
-            {
+            if (mbedtls_ssl_check_curve(ssl, ec->grp.id) != 0) {
                 ssl->session_negotiate->verify_result |=
                     MBEDTLS_X509_BADCERT_BAD_KEY;
 
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
-                if( ret == 0 )
+                MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
+                if (ret == 0) {
                     ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+                }
             }
         }
     }
 #endif /* MBEDTLS_ECP_C */
 
-    if( mbedtls_ssl_check_cert_usage( chain,
-                                      ciphersuite_info,
-                                      ! ssl->conf->endpoint,
-                                      &ssl->session_negotiate->verify_result ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
-        if( ret == 0 )
+    if (mbedtls_ssl_check_cert_usage(chain,
+                                     ciphersuite_info,
+                                     !ssl->conf->endpoint,
+                                     &ssl->session_negotiate->verify_result) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
+        if (ret == 0) {
             ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+        }
     }
 
     /* mbedtls_x509_crt_verify_with_profile is supposed to report a
@@ -7360,122 +7255,115 @@
      * of error codes, including those from the user provided f_vrfy
      * functions, are treated as fatal and lead to a failure of
      * ssl_parse_certificate even if verification was optional. */
-    if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-        ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-          ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) )
-    {
+    if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+         ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
         ret = 0;
     }
 
-    if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+    if (have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
         ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
     }
 
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         uint8_t alert;
 
         /* The certificate may have been rejected for several reasons.
            Pick one and send the corresponding alert. Which alert to send
            may be a subject of debate in some cases. */
-        if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
+        if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) {
             alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
             alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
             alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
             alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
-        else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
+        } else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
             alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
-        else
+        } else {
             alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        alert );
+        }
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       alert);
     }
 
 #if defined(MBEDTLS_DEBUG_C)
-    if( ssl->session_negotiate->verify_result != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
-                                    (unsigned int) ssl->session_negotiate->verify_result ) );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+    if (ssl->session_negotiate->verify_result != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
+                                  (unsigned int) ssl->session_negotiate->verify_result));
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
     }
 #endif /* MBEDTLS_DEBUG_C */
 
-    return( ret );
+    return ret;
 }
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl,
-                                         unsigned char *start, size_t len )
+static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl,
+                                        unsigned char *start, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     /* Remember digest of the peer's end-CRT. */
     ssl->session_negotiate->peer_cert_digest =
-        mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN );
-    if( ssl->session_negotiate->peer_cert_digest == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
-                                    MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) );
-        mbedtls_ssl_send_alert_message( ssl,
-                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+        mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
+    if (ssl->session_negotiate->peer_cert_digest == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed",
+                                  MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN));
+        mbedtls_ssl_send_alert_message(ssl,
+                                       MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
 
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    ret = mbedtls_md( mbedtls_md_info_from_type(
-                          MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ),
-                      start, len,
-                      ssl->session_negotiate->peer_cert_digest );
+    ret = mbedtls_md(mbedtls_md_info_from_type(
+                         MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
+                     start, len,
+                     ssl->session_negotiate->peer_cert_digest);
 
     ssl->session_negotiate->peer_cert_digest_type =
         MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
     ssl->session_negotiate->peer_cert_digest_len =
         MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl,
-                                     unsigned char *start, size_t len )
+static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl,
+                                    unsigned char *start, size_t len)
 {
     unsigned char *end = start + len;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Make a copy of the peer's raw public key. */
-    mbedtls_pk_init( &ssl->handshake->peer_pubkey );
-    ret = mbedtls_pk_parse_subpubkey( &start, end,
-                                      &ssl->handshake->peer_pubkey );
-    if( ret != 0 )
-    {
+    mbedtls_pk_init(&ssl->handshake->peer_pubkey);
+    ret = mbedtls_pk_parse_subpubkey(&start, end,
+                                     &ssl->handshake->peer_pubkey);
+    if (ret != 0) {
         /* We should have parsed the public key before. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     int crt_expected;
@@ -7489,40 +7377,37 @@
     void *rs_ctx = NULL;
     mbedtls_x509_crt *chain = NULL;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate"));
 
-    crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
-    if( crt_expected == SSL_CERTIFICATE_SKIP )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+    crt_expected = ssl_parse_certificate_coordinate(ssl, authmode);
+    if (crt_expected == SSL_CERTIFICATE_SKIP) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
         goto exit;
     }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
-    {
+    if (ssl->handshake->ecrs_enabled &&
+        ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) {
         chain = ssl->handshake->ecrs_peer_cert;
         ssl->handshake->ecrs_peer_cert = NULL;
         goto crt_verify;
     }
 #endif
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
         /* mbedtls_ssl_read_record may have sent an alert already. We
            let it decide whether to alert. */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
         goto exit;
     }
 
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 )
-    {
+    if (ssl_srv_check_client_no_crt_notification(ssl) == 0) {
         ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
 
-        if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL )
+        if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) {
             ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
+        }
 
         goto exit;
     }
@@ -7530,39 +7415,42 @@
 
     /* Clear existing peer CRT structure in case we tried to
      * reuse a session but it failed, and allocate a new one. */
-    ssl_clear_peer_cert( ssl->session_negotiate );
+    ssl_clear_peer_cert(ssl->session_negotiate);
 
-    chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
-    if( chain == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
-                                    sizeof( mbedtls_x509_crt ) ) );
-        mbedtls_ssl_send_alert_message( ssl,
-                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+    chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+    if (chain == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
+                                  sizeof(mbedtls_x509_crt)));
+        mbedtls_ssl_send_alert_message(ssl,
+                                       MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
 
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto exit;
     }
-    mbedtls_x509_crt_init( chain );
+    mbedtls_x509_crt_init(chain);
 
-    ret = ssl_parse_certificate_chain( ssl, chain );
-    if( ret != 0 )
+    ret = ssl_parse_certificate_chain(ssl, chain);
+    if (ret != 0) {
         goto exit;
+    }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled)
+    if (ssl->handshake->ecrs_enabled) {
         ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
+    }
 
 crt_verify:
-    if( ssl->handshake->ecrs_enabled)
+    if (ssl->handshake->ecrs_enabled) {
         rs_ctx = &ssl->handshake->ecrs_ctx;
+    }
 #endif
 
-    ret = ssl_parse_certificate_verify( ssl, authmode,
-                                        chain, rs_ctx );
-    if( ret != 0 )
+    ret = ssl_parse_certificate_verify(ssl, authmode,
+                                       chain, rs_ctx);
+    if (ret != 0) {
         goto exit;
+    }
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     {
@@ -7582,17 +7470,19 @@
 
         /* Free the CRT structures before computing
          * digest and copying the peer's public key. */
-        mbedtls_x509_crt_free( chain );
-        mbedtls_free( chain );
+        mbedtls_x509_crt_free(chain);
+        mbedtls_free(chain);
         chain = NULL;
 
-        ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len );
-        if( ret != 0 )
+        ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len);
+        if (ret != 0) {
             goto exit;
+        }
 
-        ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len );
-        if( ret != 0 )
+        ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len);
+        if (ret != 0) {
             goto exit;
+        }
     }
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     /* Pass ownership to session structure. */
@@ -7600,34 +7490,33 @@
     chain = NULL;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));
 
 exit:
 
-    if( ret == 0 )
+    if (ret == 0) {
         ssl->state++;
+    }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
-    {
+    if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
         ssl->handshake->ecrs_peer_cert = chain;
         chain = NULL;
     }
 #endif
 
-    if( chain != NULL )
-    {
-        mbedtls_x509_crt_free( chain );
-        mbedtls_free( chain );
+    if (chain != NULL) {
+        mbedtls_x509_crt_free(chain);
+        mbedtls_free(chain);
     }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 static void ssl_calc_finished_tls_sha256(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+    mbedtls_ssl_context *ssl, unsigned char *buf, int from)
 {
     int len = 12;
     const char *sender;
@@ -7641,39 +7530,38 @@
 #endif
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
+    if (!session) {
         session = ssl->session;
+    }
 
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+    sender = (from == MBEDTLS_SSL_IS_CLIENT)
              ? "client finished"
              : "server finished";
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     sha256_psa = psa_hash_operation_init();
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256"));
 
-    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+    status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
         return;
     }
 
-    status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+    status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
         return;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
 #else
 
-    mbedtls_sha256_init( &sha256 );
+    mbedtls_sha256_init(&sha256);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc  finished tls sha256"));
 
-    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+    mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
 
     /*
      * TLSv1.2:
@@ -7682,29 +7570,29 @@
      */
 
 #if !defined(MBEDTLS_SHA256_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
-                   sha256.state, sizeof( sha256.state ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *)
+                          sha256.state, sizeof(sha256.state));
 #endif
 
-    mbedtls_sha256_finish( &sha256, padbuf );
-    mbedtls_sha256_free( &sha256 );
+    mbedtls_sha256_finish(&sha256, padbuf);
+    mbedtls_sha256_free(&sha256);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    ssl->handshake->tls_prf( session->master, 48, sender,
-                             padbuf, 32, buf, len );
+    ssl->handshake->tls_prf(session->master, 48, sender,
+                            padbuf, 32, buf, len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
 
-    mbedtls_platform_zeroize(  padbuf, sizeof(  padbuf ) );
+    mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc  finished"));
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
 
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 static void ssl_calc_finished_tls_sha384(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+    mbedtls_ssl_context *ssl, unsigned char *buf, int from)
 {
     int len = 12;
     const char *sender;
@@ -7718,38 +7606,37 @@
 #endif
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
+    if (!session) {
         session = ssl->session;
+    }
 
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+    sender = (from == MBEDTLS_SSL_IS_CLIENT)
                 ? "client finished"
                 : "server finished";
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     sha384_psa = psa_hash_operation_init();
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384"));
 
-    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+    status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
         return;
     }
 
-    status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+    status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
         return;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
 #else
-    mbedtls_sha512_init( &sha512 );
+    mbedtls_sha512_init(&sha512);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha384" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc  finished tls sha384"));
 
-    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha384 );
+    mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384);
 
     /*
      * TLSv1.2:
@@ -7758,59 +7645,57 @@
      */
 
 #if !defined(MBEDTLS_SHA512_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
-                   sha512.state, sizeof( sha512.state ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *)
+                          sha512.state, sizeof(sha512.state));
 #endif
-    mbedtls_sha512_finish( &sha512, padbuf );
+    mbedtls_sha512_finish(&sha512, padbuf);
 
-    mbedtls_sha512_free( &sha512 );
+    mbedtls_sha512_free(&sha512);
 #endif
 
-    ssl->handshake->tls_prf( session->master, 48, sender,
-                             padbuf, 48, buf, len );
+    ssl->handshake->tls_prf(session->master, 48, sender,
+                            padbuf, 48, buf, len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
 
-    mbedtls_platform_zeroize(  padbuf, sizeof( padbuf ) );
+    mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc  finished"));
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
 
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
 {
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free"));
 
     /*
      * Free our handshake params
      */
-    mbedtls_ssl_handshake_free( ssl );
-    mbedtls_free( ssl->handshake );
+    mbedtls_ssl_handshake_free(ssl);
+    mbedtls_free(ssl->handshake);
     ssl->handshake = NULL;
 
     /*
      * Free the previous transform and switch in the current one
      */
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
+    if (ssl->transform) {
+        mbedtls_ssl_transform_free(ssl->transform);
+        mbedtls_free(ssl->transform);
     }
     ssl->transform = ssl->transform_negotiate;
     ssl->transform_negotiate = NULL;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free"));
 }
 
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl)
 {
     int resume = ssl->handshake->resume;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup"));
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
+    if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
         ssl->renego_status =  MBEDTLS_SSL_RENEGOTIATION_DONE;
         ssl->renego_records_seen = 0;
     }
@@ -7819,16 +7704,15 @@
     /*
      * Free the previous session and switch in the current one
      */
-    if( ssl->session )
-    {
+    if (ssl->session) {
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
         /* RFC 7366 3.1: keep the EtM state */
         ssl->session_negotiate->encrypt_then_mac =
-                  ssl->session->encrypt_then_mac;
+            ssl->session->encrypt_then_mac;
 #endif
 
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
+        mbedtls_ssl_session_free(ssl->session);
+        mbedtls_free(ssl->session);
     }
     ssl->session = ssl->session_negotiate;
     ssl->session_negotiate = NULL;
@@ -7836,46 +7720,44 @@
     /*
      * Add cache entry
      */
-    if( ssl->conf->f_set_cache != NULL &&
+    if (ssl->conf->f_set_cache != NULL &&
         ssl->session->id_len != 0 &&
-        resume == 0 )
-    {
-        if( ssl->conf->f_set_cache( ssl->conf->p_cache,
-                                    ssl->session->id,
-                                    ssl->session->id_len,
-                                    ssl->session ) != 0 )
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
+        resume == 0) {
+        if (ssl->conf->f_set_cache(ssl->conf->p_cache,
+                                   ssl->session->id,
+                                   ssl->session->id_len,
+                                   ssl->session) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session"));
+        }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->flight != NULL )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->flight != NULL) {
         /* Cancel handshake timer */
-        mbedtls_ssl_set_timer( ssl, 0 );
+        mbedtls_ssl_set_timer(ssl, 0);
 
         /* Keep last flight around in case we need to resend it:
          * we need the handshake and transform structures for that */
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform"));
+    } else
 #endif
-        mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
+    mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
 
     ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
 }
 
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
 {
     int ret, hash_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished"));
 
-    mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate );
+    mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
 
-    ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
+    ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
 
     /*
      * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
@@ -7887,7 +7769,7 @@
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     ssl->verify_data_len = hash_len;
-    memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+    memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len);
 #endif
 
     ssl->out_msglen  = 4 + hash_len;
@@ -7898,167 +7780,163 @@
      * In case of session resuming, invert the client and server
      * ChangeCipherSpec messages order.
      */
-    if( ssl->handshake->resume != 0 )
-    {
+    if (ssl->handshake->resume != 0) {
 #if defined(MBEDTLS_SSL_CLI_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
             ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+        }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
             ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+        }
 #endif
-    }
-    else
+    } else {
         ssl->state++;
+    }
 
     /*
      * Switch to our negotiated transform and session parameters for outbound
      * data.
      */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data"));
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         unsigned char i;
 
         /* Remember current epoch settings for resending */
         ssl->handshake->alt_transform_out = ssl->transform_out;
-        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
-                sizeof( ssl->handshake->alt_out_ctr ) );
+        memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr,
+               sizeof(ssl->handshake->alt_out_ctr));
 
         /* Set sequence_number to zero */
-        memset( &ssl->cur_out_ctr[2], 0, sizeof( ssl->cur_out_ctr ) - 2 );
+        memset(&ssl->cur_out_ctr[2], 0, sizeof(ssl->cur_out_ctr) - 2);
 
 
         /* Increment epoch */
-        for( i = 2; i > 0; i-- )
-            if( ++ssl->cur_out_ctr[i - 1] != 0 )
+        for (i = 2; i > 0; i--) {
+            if (++ssl->cur_out_ctr[i - 1] != 0) {
                 break;
+            }
+        }
 
         /* The loop goes to its end iff the counter is wrapping */
-        if( i == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        if (i == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap"));
+            return MBEDTLS_ERR_SSL_COUNTER_WRAPPING;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+    memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr));
 
     ssl->transform_out = ssl->transform_negotiate;
     ssl->session_out = ssl->session_negotiate;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_send_flight_completed(ssl);
+    }
 #endif
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
-        return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+        return ret;
     }
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished"));
 
-    return( 0 );
+    return 0;
 }
 
 #define SSL_MAX_HASH_LEN 12
 
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned int hash_len = 12;
     unsigned char buf[SSL_MAX_HASH_LEN];
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished"));
 
-    ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
+    ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
         goto exit;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         goto exit;
     }
 
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED  )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         goto exit;
     }
 
-    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+    if (ssl->in_hslen  != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
         ret = MBEDTLS_ERR_SSL_DECODE_ERROR;
         goto exit;
     }
 
-    if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
-                      buf, hash_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+    if (mbedtls_ct_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl),
+                          buf, hash_len) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR);
         ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         goto exit;
     }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     ssl->verify_data_len = hash_len;
-    memcpy( ssl->peer_verify_data, buf, hash_len );
+    memcpy(ssl->peer_verify_data, buf, hash_len);
 #endif
 
-    if( ssl->handshake->resume != 0 )
-    {
+    if (ssl->handshake->resume != 0) {
 #if defined(MBEDTLS_SSL_CLI_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
             ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+        }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
             ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+        }
 #endif
-    }
-    else
+    } else {
         ssl->state++;
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_recv_flight_completed(ssl);
+    }
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished"));
 
 exit:
-    mbedtls_platform_zeroize( buf, hash_len );
-    return( ret );
+    mbedtls_platform_zeroize(buf, hash_len);
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -8066,19 +7944,20 @@
  * Helper to get TLS 1.2 PRF from ciphersuite
  * (Duplicates bits of logic from ssl_set_handshake_prfs().)
  */
-static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
+static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id)
 {
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
-             mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+        mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-        return( tls_prf_sha384 );
-    else
+    if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+        return tls_prf_sha384;
+    } else
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     {
-        if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
-            return( tls_prf_sha256 );
+        if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
+            return tls_prf_sha256;
+        }
     }
 #endif
 #if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
@@ -8086,28 +7965,24 @@
     (void) ciphersuite_info;
 #endif
 
-    return( NULL );
+    return NULL;
 }
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 
-static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf)
 {
     ((void) tls_prf);
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( tls_prf == tls_prf_sha384 )
-    {
-        return( MBEDTLS_SSL_TLS_PRF_SHA384 );
-    }
-    else
+    if (tls_prf == tls_prf_sha384) {
+        return MBEDTLS_SSL_TLS_PRF_SHA384;
+    } else
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( tls_prf == tls_prf_sha256 )
-    {
-        return( MBEDTLS_SSL_TLS_PRF_SHA256 );
-    }
-    else
+    if (tls_prf == tls_prf_sha256) {
+        return MBEDTLS_SSL_TLS_PRF_SHA256;
+    } else
 #endif
-    return( MBEDTLS_SSL_TLS_PRF_NONE );
+    return MBEDTLS_SSL_TLS_PRF_NONE;
 }
 
 /*
@@ -8131,17 +8006,17 @@
  *        - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
-                                   int ciphersuite,
-                                   const unsigned char master[48],
+static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
+                                        int ciphersuite,
+                                        const unsigned char master[48],
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-                                   int encrypt_then_mac,
+                                        int encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-                                   ssl_tls_prf_t tls_prf,
-                                   const unsigned char randbytes[64],
-                                   mbedtls_ssl_protocol_version tls_version,
-                                   unsigned endpoint,
-                                   const mbedtls_ssl_context *ssl )
+                                        ssl_tls_prf_t tls_prf,
+                                        const unsigned char randbytes[64],
+                                        mbedtls_ssl_protocol_version tls_version,
+                                        unsigned endpoint,
+                                        const mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     unsigned char keyblk[256];
@@ -8170,8 +8045,7 @@
 
 #if !defined(MBEDTLS_DEBUG_C) && \
     !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( ssl->f_export_keys == NULL )
-    {
+    if (ssl->f_export_keys == NULL) {
         ssl = NULL; /* make sure we don't use it except for these cases */
         (void) ssl;
     }
@@ -8186,113 +8060,106 @@
     transform->tls_version = tls_version;
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
+    memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes));
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
+    if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
         /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
          * generation separate. This should never happen. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
     /*
      * Get various info structures
      */
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
-    if( ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
-                                    ciphersuite ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
+    if (ciphersuite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found",
+                                  ciphersuite));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite(
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-                                        encrypt_then_mac,
+        encrypt_then_mac,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
-                                        ciphersuite_info );
+        ciphersuite_info);
 
-    if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
+    if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
         transform->taglen =
             ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+    }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher,
-                                 transform->taglen,
-                                 &alg,
-                                 &key_type,
-                                 &key_bits ) ) != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret );
+    if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
+                                            transform->taglen,
+                                            &alg,
+                                            &key_type,
+                                            &key_bits)) != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
         goto end;
     }
 #else
-    cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
-    if( cipher_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
-                                    ciphersuite_info->cipher ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
+    if (cipher_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
+                                  ciphersuite_info->cipher));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mac_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac );
-    if( mac_alg == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_hash_info_psa_from_md for %u not found",
-                            (unsigned) ciphersuite_info->mac ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+    if (mac_alg == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found",
+                                  (unsigned) ciphersuite_info->mac));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 #else
-    md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
-    if( md_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
-                            (unsigned) ciphersuite_info->mac ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
+    if (md_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found",
+                                  (unsigned) ciphersuite_info->mac));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     /* Copy own and peer's CID if the use of the CID
      * extension has been negotiated. */
-    if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+    if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform"));
 
         transform->in_cid_len = ssl->own_cid_len;
-        memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
-                               transform->in_cid_len );
+        memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len);
+        MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid,
+                              transform->in_cid_len);
 
         transform->out_cid_len = ssl->handshake->peer_cid_len;
-        memcpy( transform->out_cid, ssl->handshake->peer_cid,
-                ssl->handshake->peer_cid_len );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
-                               transform->out_cid_len );
+        memcpy(transform->out_cid, ssl->handshake->peer_cid,
+               ssl->handshake->peer_cid_len);
+        MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid,
+                              transform->out_cid_len);
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
     /*
      * Compute key block using the PRF
      */
-    ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
-        return( ret );
+    ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "prf", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
-                           mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s",
+                              mbedtls_ssl_get_ciphersuite_name(ciphersuite)));
+    MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48);
+    MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64);
+    MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256);
 
     /*
      * Determine the appropriate key, IV and MAC length.
@@ -8301,14 +8168,13 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     keylen = PSA_BITS_TO_BYTES(key_bits);
 #else
-    keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
 #endif
 
 #if defined(MBEDTLS_GCM_C) ||                           \
     defined(MBEDTLS_CCM_C) ||                           \
     defined(MBEDTLS_CHACHAPOLY_C)
-    if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
-    {
+    if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
         size_t explicit_ivlen;
 
         transform->maclen = 0;
@@ -8326,30 +8192,29 @@
 
         int is_chachapoly = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        is_chachapoly = ( key_type == PSA_KEY_TYPE_CHACHA20 );
+        is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20);
 #else
-        is_chachapoly = ( mbedtls_cipher_info_get_mode( cipher_info )
-                == MBEDTLS_MODE_CHACHAPOLY );
+        is_chachapoly = (mbedtls_cipher_info_get_mode(cipher_info)
+                         == MBEDTLS_MODE_CHACHAPOLY);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        if( is_chachapoly )
+        if (is_chachapoly) {
             transform->fixed_ivlen = 12;
-        else
+        } else {
             transform->fixed_ivlen = 4;
+        }
 
         /* Minimum length of encrypted record */
         explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
         transform->minlen = explicit_ivlen + transform->taglen;
-    }
-    else
+    } else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
+    if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
         ssl_mode == MBEDTLS_SSL_MODE_CBC ||
-        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
-    {
+        ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
+        size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
 #else
         size_t block_size = cipher_info->block_size;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -8359,30 +8224,28 @@
         mac_key_len = PSA_HASH_LENGTH(mac_alg);
 #else
         /* Initialize HMAC contexts */
-        if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
-            ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+        if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 ||
+            (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
             goto end;
         }
 
         /* Get MAC length */
-        mac_key_len = mbedtls_md_get_size( md_info );
+        mac_key_len = mbedtls_md_get_size(md_info);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
         transform->maclen = mac_key_len;
 
         /* IV length */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        transform->ivlen = PSA_CIPHER_IV_LENGTH( key_type, alg );
+        transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
 #else
         transform->ivlen = cipher_info->iv_size;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         /* Minimum length */
-        if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
+        if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
             transform->minlen = transform->maclen;
-        else
-        {
+        } else {
             /*
              * GenericBlockCipher:
              * 1. if EtM is in use: one block plus MAC
@@ -8390,174 +8253,153 @@
              * 2. IV
              */
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-            if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
-            {
+            if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
                 transform->minlen = transform->maclen
-                                  + block_size;
-            }
-            else
+                                    + block_size;
+            } else
 #endif
             {
                 transform->minlen = transform->maclen
-                                  + block_size
-                                  - transform->maclen % block_size;
+                                    + block_size
+                                    - transform->maclen % block_size;
             }
 
-            if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-            {
+            if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
                 transform->minlen += transform->ivlen;
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            } else {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
                 ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
                 goto end;
             }
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
-                                (unsigned) keylen,
-                                (unsigned) transform->minlen,
-                                (unsigned) transform->ivlen,
-                                (unsigned) transform->maclen ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+                              (unsigned) keylen,
+                              (unsigned) transform->minlen,
+                              (unsigned) transform->ivlen,
+                              (unsigned) transform->maclen));
 
     /*
      * Finally setup the cipher contexts, IVs and MAC secrets.
      */
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
         key1 = keyblk + mac_key_len * 2;
         key2 = keyblk + mac_key_len * 2 + keylen;
 
         mac_enc = keyblk;
         mac_dec = keyblk + mac_key_len;
 
-        iv_copy_len = ( transform->fixed_ivlen ) ?
-                            transform->fixed_ivlen : transform->ivlen;
-        memcpy( transform->iv_enc, key2 + keylen,  iv_copy_len );
-        memcpy( transform->iv_dec, key2 + keylen + iv_copy_len,
-                iv_copy_len );
-    }
-    else
+        iv_copy_len = (transform->fixed_ivlen) ?
+                      transform->fixed_ivlen : transform->ivlen;
+        memcpy(transform->iv_enc, key2 + keylen,  iv_copy_len);
+        memcpy(transform->iv_dec, key2 + keylen + iv_copy_len,
+               iv_copy_len);
+    } else
 #endif /* MBEDTLS_SSL_CLI_C */
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_SERVER) {
         key1 = keyblk + mac_key_len * 2 + keylen;
         key2 = keyblk + mac_key_len * 2;
 
         mac_enc = keyblk + mac_key_len;
         mac_dec = keyblk;
 
-        iv_copy_len = ( transform->fixed_ivlen ) ?
-                            transform->fixed_ivlen : transform->ivlen;
-        memcpy( transform->iv_dec, key1 + keylen,  iv_copy_len );
-        memcpy( transform->iv_enc, key1 + keylen + iv_copy_len,
-                iv_copy_len );
-    }
-    else
+        iv_copy_len = (transform->fixed_ivlen) ?
+                      transform->fixed_ivlen : transform->ivlen;
+        memcpy(transform->iv_dec, key1 + keylen,  iv_copy_len);
+        memcpy(transform->iv_enc, key1 + keylen + iv_copy_len,
+               iv_copy_len);
+    } else
 #endif /* MBEDTLS_SSL_SRV_C */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         goto end;
     }
 
-    if( ssl != NULL && ssl->f_export_keys != NULL )
-    {
-        ssl->f_export_keys( ssl->p_export_keys,
-                            MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
-                            master, 48,
-                            randbytes + 32,
-                            randbytes,
-                            tls_prf_get_type( tls_prf ) );
+    if (ssl != NULL && ssl->f_export_keys != NULL) {
+        ssl->f_export_keys(ssl->p_export_keys,
+                           MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET,
+                           master, 48,
+                           randbytes + 32,
+                           randbytes,
+                           tls_prf_get_type(tls_prf));
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     transform->psa_alg = alg;
 
-    if ( alg != MBEDTLS_SSL_NULL_CIPHER )
-    {
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
-        psa_set_key_algorithm( &attributes, alg );
-        psa_set_key_type( &attributes, key_type );
+    if (alg != MBEDTLS_SSL_NULL_CIPHER) {
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+        psa_set_key_algorithm(&attributes, alg);
+        psa_set_key_type(&attributes, key_type);
 
-        if( ( status = psa_import_key( &attributes,
-                                key1,
-                                PSA_BITS_TO_BYTES( key_bits ),
-                                &transform->psa_key_enc ) ) != PSA_SUCCESS )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 3, "psa_import_key", (int)status );
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+        if ((status = psa_import_key(&attributes,
+                                     key1,
+                                     PSA_BITS_TO_BYTES(key_bits),
+                                     &transform->psa_key_enc)) != PSA_SUCCESS) {
+            MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status);
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
             goto end;
         }
 
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
 
-        if( ( status = psa_import_key( &attributes,
-                                key2,
-                                PSA_BITS_TO_BYTES( key_bits ),
-                                &transform->psa_key_dec ) ) != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret );
+        if ((status = psa_import_key(&attributes,
+                                     key2,
+                                     PSA_BITS_TO_BYTES(key_bits),
+                                     &transform->psa_key_dec)) != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
             goto end;
         }
     }
 #else
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
-                                 cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
+                                    cipher_info)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
         goto end;
     }
 
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
-                                 cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
+                                    cipher_info)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
         goto end;
     }
 
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
-                               (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1,
+                                     (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
         goto end;
     }
 
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
-                               (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
-                               MBEDTLS_DECRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2,
+                                     (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
+                                     MBEDTLS_DECRYPT)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
         goto end;
     }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
-    {
-        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
-                                             MBEDTLS_PADDING_NONE ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+    if (mbedtls_cipher_info_get_mode(cipher_info) == MBEDTLS_MODE_CBC) {
+        if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc,
+                                                   MBEDTLS_PADDING_NONE)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
             goto end;
         }
 
-        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
-                                             MBEDTLS_PADDING_NONE ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+        if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec,
+                                                   MBEDTLS_PADDING_NONE)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
             goto end;
         }
     }
@@ -8567,51 +8409,51 @@
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
     /* For HMAC-based ciphersuites, initialize the HMAC transforms.
        For AEAD-based ciphersuites, there is nothing to do here. */
-    if( mac_key_len != 0 )
-    {
+    if (mac_key_len != 0) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        transform->psa_mac_alg = PSA_ALG_HMAC( mac_alg );
+        transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg);
 
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-        psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( mac_alg ) );
-        psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+        psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(mac_alg));
+        psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
 
-        if( ( status = psa_import_key( &attributes,
-                                       mac_enc, mac_key_len,
-                                       &transform->psa_mac_enc ) ) != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+        if ((status = psa_import_key(&attributes,
+                                     mac_enc, mac_key_len,
+                                     &transform->psa_mac_enc)) != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
             goto end;
         }
 
-        if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) ||
-            ( ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING )
+        if ((transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER) ||
+            ((transform->psa_alg == PSA_ALG_CBC_NO_PADDING)
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-              && ( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
+             && (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED)
 #endif
-            ) )
+            )) {
             /* mbedtls_ct_hmac() requires the key to be exportable */
-            psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
-                                                  PSA_KEY_USAGE_VERIFY_HASH );
-        else
-            psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+            psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
+                                    PSA_KEY_USAGE_VERIFY_HASH);
+        } else {
+            psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
+        }
 
-        if( ( status = psa_import_key( &attributes,
-                                       mac_dec, mac_key_len,
-                                       &transform->psa_mac_dec ) ) != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+        if ((status = psa_import_key(&attributes,
+                                     mac_dec, mac_key_len,
+                                     &transform->psa_mac_dec)) != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
             goto end;
         }
 #else
-        ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        if( ret != 0 )
+        ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len);
+        if (ret != 0) {
             goto end;
-        ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
-        if( ret != 0 )
+        }
+        ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len);
+        if (ret != 0) {
             goto end;
+        }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -8620,16 +8462,16 @@
     ((void) mac_enc);
 
 end:
-    mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
-    return( ret );
+    mbedtls_platform_zeroize(keyblk, sizeof(keyblk));
+    return ret;
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
     defined(MBEDTLS_USE_PSA_CRYPTO)
 int mbedtls_psa_ecjpake_read_round(
-                                    psa_pake_operation_t *pake_ctx,
-                                    const unsigned char *buf,
-                                    size_t len, mbedtls_ecjpake_rounds_t round )
+    psa_pake_operation_t *pake_ctx,
+    const unsigned char *buf,
+    size_t len, mbedtls_ecjpake_rounds_t round)
 {
     psa_status_t status;
     size_t input_offset = 0;
@@ -8637,45 +8479,42 @@
      * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice
      * At round two perform a single cycle
      */
-    unsigned int remaining_steps = ( round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1;
+    unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1;
 
-    for( ; remaining_steps > 0; remaining_steps-- )
-    {
-        for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
+    for (; remaining_steps > 0; remaining_steps--) {
+        for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
              step <= PSA_PAKE_STEP_ZK_PROOF;
-             ++step )
-        {
+             ++step) {
             /* Length is stored at the first byte */
             size_t length = buf[input_offset];
             input_offset += 1;
 
-            if( input_offset + length > len )
-            {
+            if (input_offset + length > len) {
                 return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
             }
 
-            status = psa_pake_input( pake_ctx, step,
-                                     buf + input_offset, length );
-            if( status != PSA_SUCCESS)
-            {
-                return psa_ssl_status_to_mbedtls( status );
+            status = psa_pake_input(pake_ctx, step,
+                                    buf + input_offset, length);
+            if (status != PSA_SUCCESS) {
+                return psa_ssl_status_to_mbedtls(status);
             }
 
             input_offset += length;
         }
     }
 
-    if( input_offset != len )
+    if (input_offset != len) {
         return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_psa_ecjpake_write_round(
-                                    psa_pake_operation_t *pake_ctx,
-                                    unsigned char *buf,
-                                    size_t len, size_t *olen,
-                                    mbedtls_ecjpake_rounds_t round )
+    psa_pake_operation_t *pake_ctx,
+    unsigned char *buf,
+    size_t len, size_t *olen,
+    mbedtls_ecjpake_rounds_t round)
 {
     psa_status_t status;
     size_t output_offset = 0;
@@ -8684,25 +8523,22 @@
      * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice
      * At round two perform a single cycle
      */
-    unsigned int remaining_steps = ( round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1;
+    unsigned int remaining_steps = (round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1;
 
-    for( ; remaining_steps > 0; remaining_steps-- )
-    {
-        for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
-            step <= PSA_PAKE_STEP_ZK_PROOF;
-            ++step )
-        {
+    for (; remaining_steps > 0; remaining_steps--) {
+        for (psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE;
+             step <= PSA_PAKE_STEP_ZK_PROOF;
+             ++step) {
             /*
              * For each step, prepend 1 byte with the length of the data as
              * given by psa_pake_output().
              */
-            status = psa_pake_output( pake_ctx, step,
-                                        buf + output_offset + 1,
-                                        len - output_offset - 1,
-                                        &output_len );
-            if( status != PSA_SUCCESS )
-            {
-                return( psa_ssl_status_to_mbedtls( status ) );
+            status = psa_pake_output(pake_ctx, step,
+                                     buf + output_offset + 1,
+                                     len - output_offset - 1,
+                                     &output_len);
+            if (status != PSA_SUCCESS) {
+                return psa_ssl_status_to_mbedtls(status);
             }
 
             *(buf + output_offset) = (uint8_t) output_len;
@@ -8713,86 +8549,80 @@
 
     *olen = output_offset;
 
-    return( 0 );
+    return 0;
 }
 #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                            unsigned char *hash, size_t *hashlen,
-                                            unsigned char *data, size_t data_len,
-                                            mbedtls_md_type_t md_alg )
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+                                           unsigned char *hash, size_t *hashlen,
+                                           unsigned char *data, size_t data_len,
+                                           mbedtls_md_type_t md_alg)
 {
     psa_status_t status;
     psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
-    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( md_alg );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange"));
 
-    if( ( status = psa_hash_setup( &hash_operation,
-                                   hash_alg ) ) != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
+    if ((status = psa_hash_setup(&hash_operation,
+                                 hash_alg)) != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status);
         goto exit;
     }
 
-    if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
-                                    64 ) ) != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+    if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes,
+                                  64)) != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status);
         goto exit;
     }
 
-    if( ( status = psa_hash_update( &hash_operation,
-                                    data, data_len ) ) != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
+    if ((status = psa_hash_update(&hash_operation,
+                                  data, data_len)) != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status);
         goto exit;
     }
 
-    if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
-                                    hashlen ) ) != PSA_SUCCESS )
-    {
-         MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
-         goto exit;
+    if ((status = psa_hash_finish(&hash_operation, hash, PSA_HASH_MAX_SIZE,
+                                  hashlen)) != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status);
+        goto exit;
     }
 
 exit:
-    if( status != PSA_SUCCESS )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        switch( status )
-        {
+    if (status != PSA_SUCCESS) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+        switch (status) {
             case PSA_ERROR_NOT_SUPPORTED:
-                return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+                return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
             case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
             case PSA_ERROR_BUFFER_TOO_SMALL:
-                return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+                return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
             case PSA_ERROR_INSUFFICIENT_MEMORY:
-                return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+                return MBEDTLS_ERR_MD_ALLOC_FAILED;
             default:
-                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+                return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         }
     }
-    return( 0 );
+    return 0;
 }
 
 #else
 
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                            unsigned char *hash, size_t *hashlen,
-                                            unsigned char *data, size_t data_len,
-                                            mbedtls_md_type_t md_alg )
+int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
+                                           unsigned char *hash, size_t *hashlen,
+                                           unsigned char *data, size_t data_len,
+                                           mbedtls_md_type_t md_alg)
 {
     int ret = 0;
     mbedtls_md_context_t ctx;
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-    *hashlen = mbedtls_md_get_size( md_info );
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
+    *hashlen = mbedtls_md_get_size(md_info);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange"));
 
-    mbedtls_md_init( &ctx );
+    mbedtls_md_init(&ctx);
 
     /*
      * digitally-signed struct {
@@ -8801,40 +8631,36 @@
      *     ServerDHParams params;
      * };
      */
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+    if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
         goto exit;
     }
-    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
+    if ((ret = mbedtls_md_starts(&ctx)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret);
         goto exit;
     }
-    if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+    if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
         goto exit;
     }
-    if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
+    if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
         goto exit;
     }
-    if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
+    if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
         goto exit;
     }
 
 exit:
-    mbedtls_md_free( &ctx );
+    mbedtls_md_free(&ctx);
 
-    if( ret != 0 )
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+    if (ret != 0) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -8842,52 +8668,52 @@
 
 /* Find the preferred hash for a given signature algorithm. */
 unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
-                mbedtls_ssl_context *ssl,
-                unsigned int sig_alg )
+    mbedtls_ssl_context *ssl,
+    unsigned int sig_alg)
 {
     unsigned int i;
     uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
 
-    if( sig_alg == MBEDTLS_SSL_SIG_ANON )
-        return( MBEDTLS_SSL_HASH_NONE );
+    if (sig_alg == MBEDTLS_SSL_SIG_ANON) {
+        return MBEDTLS_SSL_HASH_NONE;
+    }
 
-    for( i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++ )
-    {
+    for (i = 0; received_sig_algs[i] != MBEDTLS_TLS_SIG_NONE; i++) {
         unsigned int hash_alg_received =
-                    MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(
-                        received_sig_algs[i] );
+            MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(
+                received_sig_algs[i]);
         unsigned int sig_alg_received =
-                    MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(
-                        received_sig_algs[i] );
+            MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(
+                received_sig_algs[i]);
 
-        if( sig_alg == sig_alg_received )
-        {
+        if (sig_alg == sig_alg_received) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            if( ssl->handshake->key_cert && ssl->handshake->key_cert->key )
-            {
+            if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
                 psa_algorithm_t psa_hash_alg =
-                                mbedtls_hash_info_psa_from_md( hash_alg_received );
+                    mbedtls_hash_info_psa_from_md(hash_alg_received);
 
-                if( sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
-                    ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
-                                             PSA_ALG_ECDSA( psa_hash_alg ),
-                                             PSA_KEY_USAGE_SIGN_HASH ) )
+                if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
+                    !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
+                                           PSA_ALG_ECDSA(psa_hash_alg),
+                                           PSA_KEY_USAGE_SIGN_HASH)) {
                     continue;
+                }
 
-                if( sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
-                    ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
-                                             PSA_ALG_RSA_PKCS1V15_SIGN(
-                                                            psa_hash_alg ),
-                                             PSA_KEY_USAGE_SIGN_HASH ) )
+                if (sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
+                    !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
+                                           PSA_ALG_RSA_PKCS1V15_SIGN(
+                                               psa_hash_alg),
+                                           PSA_KEY_USAGE_SIGN_HASH)) {
                     continue;
+                }
             }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            return( hash_alg_received );
+            return hash_alg_received;
         }
     }
 
-    return( MBEDTLS_SSL_HASH_NONE );
+    return MBEDTLS_SSL_HASH_NONE;
 }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -8909,9 +8735,9 @@
  * } serialized_session_tls12;
  *
  */
-static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
-                                      unsigned char *buf,
-                                      size_t buf_len )
+static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session,
+                                     unsigned char *buf,
+                                     size_t buf_len)
 {
     unsigned char *p = buf;
     size_t used = 0;
@@ -8931,11 +8757,10 @@
 #if defined(MBEDTLS_HAVE_TIME)
     used += 8;
 
-    if( used <= buf_len )
-    {
+    if (used <= buf_len) {
         start = (uint64_t) session->start;
 
-        MBEDTLS_PUT_UINT64_BE( start, p, 0 );
+        MBEDTLS_PUT_UINT64_BE(start, p, 0);
         p += 8;
     }
 #endif /* MBEDTLS_HAVE_TIME */
@@ -8944,24 +8769,23 @@
      * Basic mandatory fields
      */
     used += 2   /* ciphersuite */
-          + 1   /* id_len */
-          + sizeof( session->id )
-          + sizeof( session->master )
-          + 4;  /* verify_result */
+            + 1 /* id_len */
+            + sizeof(session->id)
+            + sizeof(session->master)
+            + 4; /* verify_result */
 
-    if( used <= buf_len )
-    {
-        MBEDTLS_PUT_UINT16_BE( session->ciphersuite, p, 0 );
+    if (used <= buf_len) {
+        MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0);
         p += 2;
 
-        *p++ = MBEDTLS_BYTE_0( session->id_len );
-        memcpy( p, session->id, 32 );
+        *p++ = MBEDTLS_BYTE_0(session->id_len);
+        memcpy(p, session->id, 32);
         p += 32;
 
-        memcpy( p, session->master, 48 );
+        memcpy(p, session->master, 48);
         p += 48;
 
-        MBEDTLS_PUT_UINT32_BE( session->verify_result, p, 0 );
+        MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0);
         p += 4;
     }
 
@@ -8970,43 +8794,37 @@
      */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    if( session->peer_cert == NULL )
+    if (session->peer_cert == NULL) {
         cert_len = 0;
-    else
+    } else {
         cert_len = session->peer_cert->raw.len;
+    }
 
     used += 3 + cert_len;
 
-    if( used <= buf_len )
-    {
-        *p++ = MBEDTLS_BYTE_2( cert_len );
-        *p++ = MBEDTLS_BYTE_1( cert_len );
-        *p++ = MBEDTLS_BYTE_0( cert_len );
+    if (used <= buf_len) {
+        *p++ = MBEDTLS_BYTE_2(cert_len);
+        *p++ = MBEDTLS_BYTE_1(cert_len);
+        *p++ = MBEDTLS_BYTE_0(cert_len);
 
-        if( session->peer_cert != NULL )
-        {
-            memcpy( p, session->peer_cert->raw.p, cert_len );
+        if (session->peer_cert != NULL) {
+            memcpy(p, session->peer_cert->raw.p, cert_len);
             p += cert_len;
         }
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( session->peer_cert_digest != NULL )
-    {
+    if (session->peer_cert_digest != NULL) {
         used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len;
-        if( used <= buf_len )
-        {
+        if (used <= buf_len) {
             *p++ = (unsigned char) session->peer_cert_digest_type;
             *p++ = (unsigned char) session->peer_cert_digest_len;
-            memcpy( p, session->peer_cert_digest,
-                    session->peer_cert_digest_len );
+            memcpy(p, session->peer_cert_digest,
+                   session->peer_cert_digest_len);
             p += session->peer_cert_digest_len;
         }
-    }
-    else
-    {
+    } else {
         used += 2;
-        if( used <= buf_len )
-        {
+        if (used <= buf_len) {
             *p++ = (unsigned char) MBEDTLS_MD_NONE;
             *p++ = 0;
         }
@@ -9020,19 +8838,17 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
     used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */
 
-    if( used <= buf_len )
-    {
-        *p++ = MBEDTLS_BYTE_2( session->ticket_len );
-        *p++ = MBEDTLS_BYTE_1( session->ticket_len );
-        *p++ = MBEDTLS_BYTE_0( session->ticket_len );
+    if (used <= buf_len) {
+        *p++ = MBEDTLS_BYTE_2(session->ticket_len);
+        *p++ = MBEDTLS_BYTE_1(session->ticket_len);
+        *p++ = MBEDTLS_BYTE_0(session->ticket_len);
 
-        if( session->ticket != NULL )
-        {
-            memcpy( p, session->ticket, session->ticket_len );
+        if (session->ticket != NULL) {
+            memcpy(p, session->ticket, session->ticket_len);
             p += session->ticket_len;
         }
 
-        MBEDTLS_PUT_UINT32_BE( session->ticket_lifetime, p, 0 );
+        MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0);
         p += 4;
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
@@ -9043,24 +8859,26 @@
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     used += 1;
 
-    if( used <= buf_len )
+    if (used <= buf_len) {
         *p++ = session->mfl_code;
+    }
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     used += 1;
 
-    if( used <= buf_len )
-        *p++ = MBEDTLS_BYTE_0( session->encrypt_then_mac );
+    if (used <= buf_len) {
+        *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac);
+    }
 #endif
 
-    return( used );
+    return used;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls12_session_load( mbedtls_ssl_session *session,
-                                   const unsigned char *buf,
-                                   size_t len )
+static int ssl_tls12_session_load(mbedtls_ssl_session *session,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
 #if defined(MBEDTLS_HAVE_TIME)
     uint64_t start;
@@ -9078,17 +8896,18 @@
      * Time
      */
 #if defined(MBEDTLS_HAVE_TIME)
-    if( 8 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (8 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    start = ( (uint64_t) p[0] << 56 ) |
-            ( (uint64_t) p[1] << 48 ) |
-            ( (uint64_t) p[2] << 40 ) |
-            ( (uint64_t) p[3] << 32 ) |
-            ( (uint64_t) p[4] << 24 ) |
-            ( (uint64_t) p[5] << 16 ) |
-            ( (uint64_t) p[6] <<  8 ) |
-            ( (uint64_t) p[7]       );
+    start = ((uint64_t) p[0] << 56) |
+            ((uint64_t) p[1] << 48) |
+            ((uint64_t) p[2] << 40) |
+            ((uint64_t) p[3] << 32) |
+            ((uint64_t) p[4] << 24) |
+            ((uint64_t) p[5] << 16) |
+            ((uint64_t) p[6] <<  8) |
+            ((uint64_t) p[7]);
     p += 8;
 
     session->start = (time_t) start;
@@ -9097,23 +8916,24 @@
     /*
      * Basic mandatory fields
      */
-    if( 2 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (2 + 1 + 32 + 48 + 4 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    session->ciphersuite = ( p[0] << 8 ) | p[1];
+    session->ciphersuite = (p[0] << 8) | p[1];
     p += 2;
 
     session->id_len = *p++;
-    memcpy( session->id, p, 32 );
+    memcpy(session->id, p, 32);
     p += 32;
 
-    memcpy( session->master, p, 48 );
+    memcpy(session->master, p, 48);
     p += 48;
 
-    session->verify_result = ( (uint32_t) p[0] << 24 ) |
-                             ( (uint32_t) p[1] << 16 ) |
-                             ( (uint32_t) p[2] <<  8 ) |
-                             ( (uint32_t) p[3]       );
+    session->verify_result = ((uint32_t) p[0] << 24) |
+                             ((uint32_t) p[1] << 16) |
+                             ((uint32_t) p[2] <<  8) |
+                             ((uint32_t) p[3]);
     p += 4;
 
     /* Immediately clear invalid pointer values that have been read, in case
@@ -9135,64 +8955,69 @@
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /* Deserialize CRT from the end of the ticket. */
-    if( 3 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (3 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+    cert_len = (p[0] << 16) | (p[1] << 8) | p[2];
     p += 3;
 
-    if( cert_len != 0 )
-    {
+    if (cert_len != 0) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-        if( cert_len > (size_t)( end - p ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (cert_len > (size_t) (end - p)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
-        session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+        session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
 
-        if( session->peer_cert == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        if (session->peer_cert == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        mbedtls_x509_crt_init( session->peer_cert );
+        mbedtls_x509_crt_init(session->peer_cert);
 
-        if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
-                                                p, cert_len ) ) != 0 )
-        {
-            mbedtls_x509_crt_free( session->peer_cert );
-            mbedtls_free( session->peer_cert );
+        if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert,
+                                              p, cert_len)) != 0) {
+            mbedtls_x509_crt_free(session->peer_cert);
+            mbedtls_free(session->peer_cert);
             session->peer_cert = NULL;
-            return( ret );
+            return ret;
         }
 
         p += cert_len;
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     /* Deserialize CRT digest from the end of the ticket. */
-    if( 2 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (2 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     session->peer_cert_digest_type = (mbedtls_md_type_t) *p++;
     session->peer_cert_digest_len  = (size_t) *p++;
 
-    if( session->peer_cert_digest_len != 0 )
-    {
+    if (session->peer_cert_digest_len != 0) {
         const mbedtls_md_info_t *md_info =
-            mbedtls_md_info_from_type( session->peer_cert_digest_type );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+            mbedtls_md_info_from_type(session->peer_cert_digest_type);
+        if (md_info == NULL) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
+        if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
-        if( session->peer_cert_digest_len > (size_t)( end - p ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (session->peer_cert_digest_len > (size_t) (end - p)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
         session->peer_cert_digest =
-            mbedtls_calloc( 1, session->peer_cert_digest_len );
-        if( session->peer_cert_digest == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+            mbedtls_calloc(1, session->peer_cert_digest_len);
+        if (session->peer_cert_digest == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( session->peer_cert_digest, p,
-                session->peer_cert_digest_len );
+        memcpy(session->peer_cert_digest, p,
+               session->peer_cert_digest_len);
         p += session->peer_cert_digest_len;
     }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -9202,32 +9027,35 @@
      * Session ticket and associated data
      */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    if( 3 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (3 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+    session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2];
     p += 3;
 
-    if( session->ticket_len != 0 )
-    {
-        if( session->ticket_len > (size_t)( end - p ) )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (session->ticket_len != 0) {
+        if (session->ticket_len > (size_t) (end - p)) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
 
-        session->ticket = mbedtls_calloc( 1, session->ticket_len );
-        if( session->ticket == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        session->ticket = mbedtls_calloc(1, session->ticket_len);
+        if (session->ticket == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( session->ticket, p, session->ticket_len );
+        memcpy(session->ticket, p, session->ticket_len);
         p += session->ticket_len;
     }
 
-    if( 4 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (4 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) |
-                               ( (uint32_t) p[1] << 16 ) |
-                               ( (uint32_t) p[2] <<  8 ) |
-                               ( (uint32_t) p[3]       );
+    session->ticket_lifetime = ((uint32_t) p[0] << 24) |
+                               ((uint32_t) p[1] << 16) |
+                               ((uint32_t) p[2] <<  8) |
+                               ((uint32_t) p[3]);
     p += 4;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
@@ -9235,24 +9063,27 @@
      * Misc extension-related info
      */
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    if( 1 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (1 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     session->mfl_code = *p++;
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    if( 1 > (size_t)( end - p ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (1 > (size_t) (end - p)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     session->encrypt_then_mac = *p++;
 #endif
 
     /* Done, should have consumed entire buffer */
-    if( p != end )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (p != end) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
@@ -9260,44 +9091,43 @@
     const mbedtls_ssl_context *ssl,
     const mbedtls_ssl_ciphersuite_t *suite_info,
     mbedtls_ssl_protocol_version min_tls_version,
-    mbedtls_ssl_protocol_version max_tls_version )
+    mbedtls_ssl_protocol_version max_tls_version)
 {
     (void) ssl;
 
-    if( suite_info == NULL )
-        return( -1 );
+    if (suite_info == NULL) {
+        return -1;
+    }
 
-    if( ( suite_info->min_tls_version > max_tls_version ) ||
-        ( suite_info->max_tls_version < min_tls_version ) )
-    {
-        return( -1 );
+    if ((suite_info->min_tls_version > max_tls_version) ||
+        (suite_info->max_tls_version < min_tls_version)) {
+        return -1;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-        ssl->handshake->psa_pake_ctx_is_ok != 1 )
+    if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+        ssl->handshake->psa_pake_ctx_is_ok != 1)
 #else
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-        mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+    if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+        mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
-        return( -1 );
+        return -1;
     }
 #endif
 
     /* Don't suggest PSK-based ciphersuite if no PSK is available. */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
-        mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
-    {
-        return( -1 );
+    if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) &&
+        mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
+        return -1;
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@@ -9342,8 +9172,8 @@
  * `SignatureScheme` field of TLS 1.3
  *
  */
-int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
-                                   const unsigned char *end, size_t *out_len )
+int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf,
+                                  const unsigned char *end, size_t *out_len)
 {
     unsigned char *p = buf;
     unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
@@ -9351,58 +9181,58 @@
 
     *out_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("adding signature_algorithms extension"));
 
     /* Check if we have space for header and length field:
      * - extension_type         (2 bytes)
      * - extension_data_length  (2 bytes)
      * - supported_signature_algorithms_length   (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
     p += 6;
 
     /*
      * Write supported_signature_algorithms
      */
     supported_sig_alg = p;
-    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
-    if( sig_alg == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
+    if (sig_alg == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
+    }
 
-    for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "got signature scheme [%x] %s",
-                                    *sig_alg,
-                                    mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
-        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+    for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("got signature scheme [%x] %s",
+                                  *sig_alg,
+                                  mbedtls_ssl_sig_alg_to_str(*sig_alg)));
+        if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) {
             continue;
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+        }
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+        MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0);
         p += 2;
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "sent signature scheme [%x] %s",
-                                    *sig_alg,
-                                    mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("sent signature scheme [%x] %s",
+                                  *sig_alg,
+                                  mbedtls_ssl_sig_alg_to_str(*sig_alg)));
     }
 
     /* Length of supported_signature_algorithms */
     supported_sig_alg_len = p - supported_sig_alg;
-    if( supported_sig_alg_len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (supported_sig_alg_len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined."));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
-    MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
-    MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SIG_ALG, buf, 0);
+    MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2);
+    MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4);
 
     *out_len = p - buf;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_SIG_ALG );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG);
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
@@ -9428,32 +9258,30 @@
  *     } ServerNameList;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
-                                       const unsigned char *buf,
-                                       const unsigned char *end )
+int mbedtls_ssl_parse_server_name_ext(mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf,
+                                      const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
     size_t server_name_list_len, hostname_len;
     const unsigned char *server_name_list_end;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension"));
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    server_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    server_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, server_name_list_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, server_name_list_len);
     server_name_list_end = p + server_name_list_len;
-    while( p < server_name_list_end )
-    {
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end, 3 );
-        hostname_len = MBEDTLS_GET_UINT16_BE( p, 1 );
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end,
-                                      hostname_len + 3 );
+    while (p < server_name_list_end) {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end, 3);
+        hostname_len = MBEDTLS_GET_UINT16_BE(p, 1);
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, server_name_list_end,
+                                     hostname_len + 3);
 
-        if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
-        {
+        if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) {
             /* sni_name is intended to be used only during the parsing of the
              * ClientHello message (it is reset to NULL before the end of
              * the message parsing). Thus it is ok to just point to the
@@ -9461,32 +9289,32 @@
              */
             ssl->handshake->sni_name = p + 3;
             ssl->handshake->sni_name_len = hostname_len;
-            if( ssl->conf->f_sni == NULL )
-                return( 0 );
-            ret = ssl->conf->f_sni( ssl->conf->p_sni,
-                                    ssl, p + 3, hostname_len );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME,
-                                              MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
-                return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
+            if (ssl->conf->f_sni == NULL) {
+                return 0;
             }
-            return( 0 );
+            ret = ssl->conf->f_sni(ssl->conf->p_sni,
+                                   ssl, p + 3, hostname_len);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret);
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME,
+                                             MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME);
+                return MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME;
+            }
+            return 0;
         }
 
         p += hostname_len + 3;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                                const unsigned char *buf,
-                                const unsigned char *end )
+int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+                               const unsigned char *buf,
+                               const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t protocol_name_list_len;
@@ -9495,8 +9323,9 @@
     size_t protocol_name_len;
 
     /* If ALPN not configured, just ignore the extension */
-    if( ssl->conf->alpn_list == NULL )
-        return( 0 );
+    if (ssl->conf->alpn_list == NULL) {
+        return 0;
+    }
 
     /*
      * RFC7301, section 3.1
@@ -9512,44 +9341,39 @@
      * protocol_name_len         1 bytes
      * protocol_name             >=1 byte
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4);
 
-    protocol_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, protocol_name_list_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len);
     protocol_name_list = p;
     protocol_name_list_end = p + protocol_name_list_len;
 
     /* Validate peer's list (lengths) */
-    while( p < protocol_name_list_end )
-    {
+    while (p < protocol_name_list_end) {
         protocol_name_len = *p++;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end,
-                                      protocol_name_len );
-        if( protocol_name_len == 0 )
-        {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end,
+                                     protocol_name_len);
+        if (protocol_name_len == 0) {
             MBEDTLS_SSL_PEND_FATAL_ALERT(
                 MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
         p += protocol_name_len;
     }
 
     /* Use our order of preference */
-    for( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ )
-    {
-        size_t const alpn_len = strlen( *alpn );
+    for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+        size_t const alpn_len = strlen(*alpn);
         p = protocol_name_list;
-        while( p < protocol_name_list_end )
-        {
+        while (p < protocol_name_list_end) {
             protocol_name_len = *p++;
-            if( protocol_name_len == alpn_len &&
-                memcmp( p, *alpn, alpn_len ) == 0 )
-            {
+            if (protocol_name_len == alpn_len &&
+                memcmp(p, *alpn, alpn_len) == 0) {
                 ssl->alpn_chosen = *alpn;
-                return( 0 );
+                return 0;
             }
 
             p += protocol_name_len;
@@ -9558,29 +9382,28 @@
 
     /* If we get here, no match was found */
     MBEDTLS_SSL_PEND_FATAL_ALERT(
-            MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL,
-            MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL );
-    return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL );
+        MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL,
+        MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL);
+    return MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL;
 }
 
-int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                                unsigned char *buf,
-                                unsigned char *end,
-                                size_t *out_len )
+int mbedtls_ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
+                               unsigned char *buf,
+                               unsigned char *end,
+                               size_t *out_len)
 {
     unsigned char *p = buf;
     size_t protocol_name_len;
     *out_len = 0;
 
-    if( ssl->alpn_chosen == NULL )
-    {
-        return( 0 );
+    if (ssl->alpn_chosen == NULL) {
+        return 0;
     }
 
-    protocol_name_len = strlen( ssl->alpn_chosen );
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 + protocol_name_len );
+    protocol_name_len = strlen(ssl->alpn_chosen);
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7 + protocol_name_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server side, adding alpn extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server side, adding alpn extension"));
     /*
      * 0 . 1    ext identifier
      * 2 . 3    ext length
@@ -9588,24 +9411,24 @@
      * 6 . 6    protocol name length
      * 7 . 7+n  protocol name
      */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ALPN, p, 0);
 
     *out_len = 7 + protocol_name_len;
 
-    MBEDTLS_PUT_UINT16_BE( protocol_name_len + 3, p, 2 );
-    MBEDTLS_PUT_UINT16_BE( protocol_name_len + 1, p, 4 );
+    MBEDTLS_PUT_UINT16_BE(protocol_name_len + 3, p, 2);
+    MBEDTLS_PUT_UINT16_BE(protocol_name_len + 1, p, 4);
     /* Note: the length of the chosen protocol has been checked to be less
      * than 255 bytes in `mbedtls_ssl_conf_alpn_protocols`.
      */
-    p[6] = MBEDTLS_BYTE_0( protocol_name_len );
+    p[6] = MBEDTLS_BYTE_0(protocol_name_len);
 
-    memcpy( p + 7, ssl->alpn_chosen, protocol_name_len );
+    memcpy(p + 7, ssl->alpn_chosen, protocol_name_len);
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_ALPN );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_ALPN);
 #endif
 
-    return ( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
@@ -9613,46 +9436,43 @@
     defined(MBEDTLS_SSL_SESSION_TICKETS) && \
     defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
     defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
-                                      const char *hostname )
+int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session,
+                                     const char *hostname)
 {
     /* Initialize to suppress unnecessary compiler warning */
     size_t hostname_len = 0;
 
     /* Check if new hostname is valid before
      * making any change to current one */
-    if( hostname != NULL )
-    {
-        hostname_len = strlen( hostname );
+    if (hostname != NULL) {
+        hostname_len = strlen(hostname);
 
-        if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        }
     }
 
     /* Now it's clear that we will overwrite the old hostname,
      * so we can free it safely */
-    if( session->hostname != NULL )
-    {
-        mbedtls_platform_zeroize( session->hostname,
-                                  strlen( session->hostname ) );
-        mbedtls_free( session->hostname );
+    if (session->hostname != NULL) {
+        mbedtls_platform_zeroize(session->hostname,
+                                 strlen(session->hostname));
+        mbedtls_free(session->hostname);
     }
 
     /* Passing NULL as hostname shall clear the old one */
-    if( hostname == NULL )
-    {
+    if (hostname == NULL) {
         session->hostname = NULL;
-    }
-    else
-    {
-        session->hostname = mbedtls_calloc( 1, hostname_len + 1 );
-        if( session->hostname == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    } else {
+        session->hostname = mbedtls_calloc(1, hostname_len + 1);
+        if (session->hostname == NULL) {
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        }
 
-        memcpy( session->hostname, hostname, hostname_len );
+        memcpy(session->hostname, hostname, hostname_len);
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
           MBEDTLS_SSL_SESSION_TICKETS &&
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 30b6481..b427ae9 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -51,10 +51,10 @@
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        const unsigned char *end,
-                                        size_t *olen )
+static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
+                                       unsigned char *buf,
+                                       const unsigned char *end,
+                                       size_t *olen)
 {
     unsigned char *p = buf;
 
@@ -63,29 +63,30 @@
     /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
      * initial ClientHello, in which case also adding the renegotiation
      * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
-    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        return( 0 );
+    if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding renegotiation extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding renegotiation extension"));
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len);
 
     /*
      * Secure renegotiation
      */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0);
     p += 2;
 
     *p++ = 0x00;
-    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
-    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
+    *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len + 1);
+    *p++ = MBEDTLS_BYTE_0(ssl->verify_data_len);
 
-    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+    memcpy(p, ssl->own_verify_data, ssl->verify_data_len);
 
     *olen = 5 + ssl->verify_data_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
@@ -93,21 +94,21 @@
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                  unsigned char *buf,
-                                                  const unsigned char *end,
-                                                  size_t *olen )
+static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+                                                 unsigned char *buf,
+                                                 const unsigned char *end,
+                                                 size_t *olen)
 {
     unsigned char *p = buf;
     (void) ssl; /* ssl used for debugging only */
 
     *olen = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding supported_point_formats extension" ) );
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding supported_point_formats extension"));
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -118,17 +119,17 @@
 
     *olen = 6;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf,
-                                       const unsigned char *end,
-                                       size_t *olen )
+static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl,
+                                      unsigned char *buf,
+                                      const unsigned char *end,
+                                      size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -138,19 +139,21 @@
 
     /* Skip costly extension if we can't use EC J-PAKE anyway */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ssl->handshake->psa_pake_ctx_is_ok != 1 )
-        return( 0 );
+    if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
+        return 0;
+    }
 #else
-    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-        return( 0 );
+    if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
+        return 0;
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding ecjpake_kkpp extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding ecjpake_kkpp extension"));
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
     p += 2;
 
     /*
@@ -158,69 +161,63 @@
      * We don't want to compute fresh values every time (both for performance
      * and consistency reasons), so cache the extension content.
      */
-    if( ssl->handshake->ecjpake_cache == NULL ||
-        ssl->handshake->ecjpake_cache_len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
+    if (ssl->handshake->ecjpake_cache == NULL ||
+        ssl->handshake->ecjpake_cache_len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters"));
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
-                                                p + 2, end - p - 2, &kkpp_len,
-                                                MBEDTLS_ECJPAKE_ROUND_ONE );
-        if ( ret != 0 )
-        {
-            psa_destroy_key( ssl->handshake->psa_pake_password );
-            psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-            MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret );
-            return( ret );
+                                              p + 2, end - p - 2, &kkpp_len,
+                                              MBEDTLS_ECJPAKE_ROUND_ONE);
+        if (ret != 0) {
+            psa_destroy_key(ssl->handshake->psa_pake_password);
+            psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
+            return ret;
         }
 #else
-        ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
-                                               p + 2, end - p - 2, &kkpp_len,
-                                               ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1 ,
-                "mbedtls_ecjpake_write_round_one", ret );
-            return( ret );
+        ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
+                                              p + 2, end - p - 2, &kkpp_len,
+                                              ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1,
+                                  "mbedtls_ecjpake_write_round_one", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
-        if( ssl->handshake->ecjpake_cache == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);
+        if (ssl->handshake->ecjpake_cache == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed"));
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
         }
 
-        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
+        memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len);
         ssl->handshake->ecjpake_cache_len = kkpp_len;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters"));
 
         kkpp_len = ssl->handshake->ecjpake_cache_len;
-        MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len );
+        MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len);
 
-        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
+        memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len);
     }
 
-    MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
     p += 2;
 
     *olen = kkpp_len + 4;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
-                              unsigned char *buf,
-                              const unsigned char *end,
-                              size_t *olen )
+static int ssl_write_cid_ext(mbedtls_ssl_context *ssl,
+                             unsigned char *buf,
+                             const unsigned char *end,
+                             size_t *olen)
 {
     unsigned char *p = buf;
     size_t ext_len;
@@ -229,56 +226,56 @@
      *   struct {
      *      opaque cid<0..2^8-1>;
      *   } ConnectionId;
-    */
+     */
 
     *olen = 0;
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
-        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-    {
-        return( 0 );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
+        return 0;
     }
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension"));
 
     /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
      * which is at most 255, so the increment cannot overflow. */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned) (ssl->own_cid_len + 5));
 
     /* Add extension ID + size */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0);
     p += 2;
     ext_len = (size_t) ssl->own_cid_len + 1;
-    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
     p += 2;
 
     *p++ = (uint8_t) ssl->own_cid_len;
-    memcpy( p, ssl->own_cid, ssl->own_cid_len );
+    memcpy(p, ssl->own_cid, ssl->own_cid_len);
 
     *olen = ssl->own_cid_len + 5;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              const unsigned char *end,
-                                              size_t *olen )
+static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+                                             unsigned char *buf,
+                                             const unsigned char *end,
+                                             size_t *olen)
 {
     unsigned char *p = buf;
 
     *olen = 0;
 
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
-        return( 0 );
+    if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding max_fragment_length extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding max_fragment_length extension"));
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -288,30 +285,31 @@
 
     *olen = 5;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           const unsigned char *end,
-                                           size_t *olen )
+static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+                                          unsigned char *buf,
+                                          const unsigned char *end,
+                                          size_t *olen)
 {
     unsigned char *p = buf;
 
     *olen = 0;
 
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
-        return( 0 );
+    if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding encrypt_then_mac extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding encrypt_then_mac extension"));
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -319,30 +317,31 @@
 
     *olen = 4;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                      unsigned char *buf,
-                                      const unsigned char *end,
-                                      size_t *olen )
+static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl,
+                                     unsigned char *buf,
+                                     const unsigned char *end,
+                                     size_t *olen)
 {
     unsigned char *p = buf;
 
     *olen = 0;
 
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
-        return( 0 );
+    if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding extended_master_secret extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding extended_master_secret extension"));
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -350,59 +349,61 @@
 
     *olen = 4;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         const unsigned char *end,
-                                         size_t *olen )
+static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        const unsigned char *end,
+                                        size_t *olen)
 {
     unsigned char *p = buf;
     size_t tlen = ssl->session_negotiate->ticket_len;
 
     *olen = 0;
 
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
-        return( 0 );
+    if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding session ticket extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding session ticket extension"));
 
     /* The addition is safe here since the ticket length is 16 bit. */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0);
     p += 2;
 
-    MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(tlen, p, 0);
     p += 2;
 
     *olen = 4;
 
-    if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
-        return( 0 );
+    if (ssl->session_negotiate->ticket == NULL || tlen == 0) {
+        return 0;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen));
 
-    memcpy( p, ssl->session_negotiate->ticket, tlen );
+    memcpy(p, ssl->session_negotiate->ticket, tlen);
 
     *olen += tlen;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   const unsigned char *end,
-                                   size_t *olen )
+static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl,
+                                  unsigned char *buf,
+                                  const unsigned char *end,
+                                  size_t *olen)
 {
     unsigned char *p = buf;
     size_t protection_profiles_index = 0, ext_len = 0;
@@ -410,11 +411,10 @@
 
     *olen = 0;
 
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
-        ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
-    {
-        return( 0 );
+    if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+        (ssl->conf->dtls_srtp_profile_list == NULL) ||
+        (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+        return 0;
     }
 
     /* RFC 5764 section 4.1.1
@@ -426,28 +426,27 @@
      * } UseSRTPData;
      * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
      */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
-    {
+    if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
         mki_len = ssl->dtls_srtp_info.mki_len;
     }
     /* Extension length = 2 bytes for profiles length,
      *                    ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
      *                    1 byte for srtp_mki vector length and the mki_len value
      */
-    ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
+    ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension"));
 
     /* Check there is room in the buffer for the extension + 4 bytes
      * - the extension tag (2 bytes)
      * - the extension length (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, p, 0);
     p += 2;
 
-    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
     p += 2;
 
     /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
@@ -459,47 +458,42 @@
      *                        >> 8 ) & 0xFF );
      */
     *p++ = 0;
-    *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
+    *p++ = MBEDTLS_BYTE_0(2 * ssl->conf->dtls_srtp_profile_list_len);
 
-    for( protection_profiles_index=0;
+    for (protection_profiles_index = 0;
          protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
-         protection_profiles_index++ )
-    {
+         protection_profiles_index++) {
         profile_value = mbedtls_ssl_check_srtp_profile_value
-                ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] );
-        if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
-                                        profile_value ) );
-            MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
+                            (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]);
+        if (profile_value != MBEDTLS_TLS_SRTP_UNSET) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x",
+                                      profile_value));
+            MBEDTLS_PUT_UINT16_BE(profile_value, p, 0);
             p += 2;
-        }
-        else
-        {
+        } else {
             /*
              * Note: we shall never arrive here as protection profiles
              * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function
              */
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                    ( "client hello, "
-                      "illegal DTLS-SRTP protection profile %d",
-                      ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
-                    ) );
-            return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("client hello, "
+                                   "illegal DTLS-SRTP protection profile %d",
+                                   ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
+                                  ));
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         }
     }
 
     *p++ = mki_len & 0xFF;
 
-    if( mki_len != 0 )
-    {
-        memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len );
+    if (mki_len != 0) {
+        memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len);
         /*
          * Increment p to point to the current position.
          */
         p += mki_len;
-        MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki",  ssl->dtls_srtp_info.mki_value,
-                               ssl->dtls_srtp_info.mki_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "sending mki",  ssl->dtls_srtp_info.mki_value,
+                              ssl->dtls_srtp_info.mki_len);
     }
 
     /*
@@ -512,15 +506,15 @@
      */
     *olen = p - buf;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               const unsigned char *end,
-                                               int uses_ec,
-                                               size_t *out_len )
+int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              const unsigned char *end,
+                                              int uses_ec,
+                                              size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -537,425 +531,396 @@
     /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
      * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ( ret = ssl_write_renegotiation_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_renegotiation_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( uses_ec )
-    {
-        if( ( ret = ssl_write_supported_point_formats_ext( ssl, p, end,
-                                                           &ext_len ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
-            return( ret );
+    if (uses_ec) {
+        if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
+                                                         &ext_len)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret);
+            return ret;
         }
         p += ext_len;
     }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( ( ret = ssl_write_cid_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_cid_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    if( ( ret = ssl_write_max_fragment_length_ext( ssl, p, end,
-                                                   &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_max_fragment_length_ext(ssl, p, end,
+                                                 &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    if( ( ret = ssl_write_extended_ms_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_extended_ms_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-    if( ( ret = ssl_write_use_srtp_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_use_srtp_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ( ret = ssl_write_session_ticket_ext( ssl, p, end, &ext_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
-        return( ret );
+    if ((ret = ssl_write_session_ticket_ext(ssl, p, end, &ext_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret);
+        return ret;
     }
     p += ext_len;
 #endif
 
     *out_len = p - buf;
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        size_t len)
 {
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         /* Check verify-data in constant-time. The length OTOH is no secret */
-        if( len    != 1 + ssl->verify_data_len * 2 ||
+        if (len    != 1 + ssl->verify_data_len * 2 ||
             buf[0] !=     ssl->verify_data_len * 2 ||
-            mbedtls_ct_memcmp( buf + 1,
-                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
-            mbedtls_ct_memcmp( buf + 1 + ssl->verify_data_len,
-                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+            mbedtls_ct_memcmp(buf + 1,
+                              ssl->own_verify_data, ssl->verify_data_len) != 0 ||
+            mbedtls_ct_memcmp(buf + 1 + ssl->verify_data_len,
+                              ssl->peer_verify_data, ssl->verify_data_len) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
     {
-        if( len != 1 || buf[0] != 0x00 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "non-zero length renegotiation info" ) );
+        if (len != 1 || buf[0] != 0x00) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("non-zero length renegotiation info"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
 
         ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
+static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             size_t len)
 {
     /*
      * server should use the extension only if we did,
      * and if so the server's value should match ours (and len is always 1)
      */
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
+    if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
         len != 1 ||
-        buf[0] != ssl->conf->mfl_code )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching max fragment length extension" ) );
+        buf[0] != ssl->conf->mfl_code) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("non-matching max fragment length extension"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
-                              const unsigned char *buf,
-                              size_t len )
+static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl,
+                             const unsigned char *buf,
+                             size_t len)
 {
     size_t peer_cid_len;
 
-    if( /* CID extension only makes sense in DTLS */
+    if ( /* CID extension only makes sense in DTLS */
         ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
         /* The server must only send the CID extension if we have offered it. */
-        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+        return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
     }
 
-    if( len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     peer_cid_len = *buf++;
     len--;
 
-    if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
-    if( len != peer_cid_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len != peer_cid_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
     ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
-    memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+    memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated"));
+    MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          size_t len)
 {
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching encrypt-then-MAC extension" ) );
+    if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+        len != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("non-matching encrypt-then-MAC extension"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+        return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
     }
 
     ((void) buf);
 
     ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl,
+                                     const unsigned char *buf,
+                                     size_t len)
 {
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching extended master secret extension" ) );
+    if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+        len != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("non-matching extended master secret extension"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+        return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
     }
 
     ((void) buf);
 
     ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        size_t len)
 {
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching session ticket extension" ) );
+    if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
+        len != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("non-matching session ticket extension"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+        return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
     }
 
     ((void) buf);
 
     ssl->handshake->new_session_ticket = 1;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  size_t len )
+static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+                                                 const unsigned char *buf,
+                                                 size_t len)
 {
     size_t list_size;
     const unsigned char *p;
 
-    if( len == 0 || (size_t)( buf[0] + 1 ) != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len == 0 || (size_t) (buf[0] + 1) != len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
     list_size = buf[0];
 
     p = buf + 1;
-    while( list_size > 0 )
-    {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
-        {
+    while (list_size > 0) {
+        if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                             \
-    ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
+            (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C))
             ssl->handshake->ecdh_ctx.point_format = p[0];
 #endif /* !MBEDTLS_USE_PSA_CRYPTO &&
           ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                             \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
-                                              p[0] );
+            defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+            mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
+                                             p[0]);
 #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
-            return( 0 );
+            MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
+            return 0;
         }
 
         list_size--;
         p++;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common"));
+    mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                   MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+    return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
 }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
+static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl->handshake->ciphersuite_info->key_exchange !=
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
-        return( 0 );
+    if (ssl->handshake->ciphersuite_info->key_exchange !=
+        MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
+        return 0;
     }
 
     /* If we got here, we no longer need our cached extension */
-    mbedtls_free( ssl->handshake->ecjpake_cache );
+    mbedtls_free(ssl->handshake->ecjpake_cache);
     ssl->handshake->ecjpake_cache = NULL;
     ssl->handshake->ecjpake_cache_len = 0;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = mbedtls_psa_ecjpake_read_round(
-                            &ssl->handshake->psa_pake_ctx, buf, len,
-                            MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 )
-    {
-        psa_destroy_key( ssl->handshake->psa_pake_password );
-        psa_pake_abort( &ssl->handshake->psa_pake_ctx );
+    if ((ret = mbedtls_psa_ecjpake_read_round(
+             &ssl->handshake->psa_pake_ctx, buf, len,
+             MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
+        psa_destroy_key(ssl->handshake->psa_pake_password);
+        psa_pake_abort(&ssl->handshake->psa_pake_ctx);
 
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret );
-        mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( ret );
-    }
-
-    return( 0 );
-#else
-    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
-                                                buf, len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret);
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( ret );
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
+#else
+    if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
+                                              buf, len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
+        mbedtls_ssl_send_alert_message(
+            ssl,
+            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return ret;
+    }
+
+    return 0;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                               const unsigned char *buf, size_t len )
+static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl,
+                              const unsigned char *buf, size_t len)
 {
     size_t list_len, name_len;
     const char **p;
 
     /* If we didn't send it, the server shouldn't send it */
-    if( ssl->conf->alpn_list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
+    if (ssl->conf->alpn_list == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT);
+        return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
     }
 
     /*
@@ -969,62 +934,58 @@
      */
 
     /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
-    if( len < 4 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len < 4) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    list_len = ( buf[0] << 8 ) | buf[1];
-    if( list_len != len - 2 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    list_len = (buf[0] << 8) | buf[1];
+    if (list_len != len - 2) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     name_len = buf[2];
-    if( name_len != list_len - 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (name_len != list_len - 1) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Check that the server chosen protocol was in our list and save it */
-    for( p = ssl->conf->alpn_list; *p != NULL; p++ )
-    {
-        if( name_len == strlen( *p ) &&
-            memcmp( buf + 3, *p, name_len ) == 0 )
-        {
+    for (p = ssl->conf->alpn_list; *p != NULL; p++) {
+        if (name_len == strlen(*p) &&
+            memcmp(buf + 3, *p, name_len) == 0) {
             ssl->alpn_chosen = *p;
-            return( 0 );
+            return 0;
         }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol"));
+    mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                   MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+    return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
+static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
     mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET;
     size_t i, mki_len = 0;
     uint16_t server_protection_profile_value = 0;
 
     /* If use_srtp is not configured, just ignore the extension */
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
-        ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
-        return( 0 );
+    if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+        (ssl->conf->dtls_srtp_profile_list == NULL) ||
+        (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+        return 0;
+    }
 
     /* RFC 5764 section 4.1.1
      * uint8 SRTPProtectionProfile[2];
@@ -1037,8 +998,7 @@
      * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
      *
      */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
-    {
+    if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
         mki_len = ssl->dtls_srtp_info.mki_len;
     }
 
@@ -1048,8 +1008,9 @@
      *                                      + mki_len(1 byte)
      *                                      and optional srtp_mki
      */
-    if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) )
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((len < 5) || (len != (buf[4] + 5u))) {
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
+    }
 
     /*
      * get the server protection profile
@@ -1059,17 +1020,17 @@
      * protection profile length must be 0x0002 as we must have only
      * one protection profile in server Hello
      */
-    if( (  buf[0] != 0 ) || ( buf[1] != 2 ) )
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((buf[0] != 0) || (buf[1] != 2)) {
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
+    }
 
-    server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
+    server_protection_profile_value = (buf[2] << 8) | buf[3];
     server_protection = mbedtls_ssl_check_srtp_profile_value(
-                    server_protection_profile_value );
-    if( server_protection != MBEDTLS_TLS_SRTP_UNSET )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s",
-                                      mbedtls_ssl_get_srtp_profile_as_string(
-                                              server_protection ) ) );
+        server_protection_profile_value);
+    if (server_protection != MBEDTLS_TLS_SRTP_UNSET) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s",
+                                  mbedtls_ssl_get_srtp_profile_as_string(
+                                      server_protection)));
     }
 
     ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
@@ -1077,30 +1038,26 @@
     /*
      * Check we have the server profile in our list
      */
-    for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
-    {
-        if( server_protection == ssl->conf->dtls_srtp_profile_list[i] )
-        {
+    for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) {
+        if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) {
             ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s",
+            MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s",
                                       mbedtls_ssl_get_srtp_profile_as_string(
-                                              server_protection ) ) );
+                                          server_protection)));
             break;
         }
     }
 
     /* If no match was found : server problem, it shall never answer with incompatible profile */
-    if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /* If server does not use mki in its reply, make sure the client won't keep
      * one as negotiated */
-    if( len == 5 )
-    {
+    if (len == 5) {
         ssl->dtls_srtp_info.mki_len = 0;
     }
 
@@ -1110,21 +1067,19 @@
      *  that is different than the one the client offered, then the client
      *  MUST abort the handshake and SHOULD send an invalid_parameter alert.
      */
-    if( len > 5  && ( buf[4] != mki_len ||
-        ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (len > 5  && (buf[4] != mki_len ||
+                     (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
-#if defined (MBEDTLS_DEBUG_C)
-    if( len > 5 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
-                                                  ssl->dtls_srtp_info.mki_len );
+#if defined(MBEDTLS_DEBUG_C)
+    if (len > 5) {
+        MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value,
+                              ssl->dtls_srtp_info.mki_len);
     }
 #endif
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
@@ -1133,9 +1088,9 @@
  */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
 {
-    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
     uint16_t dtls_legacy_version;
 
 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1144,19 +1099,18 @@
     uint16_t cookie_len;
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request"));
 
     /* Check that there is enough room for:
      * - 2 bytes of version
      * - 1 byte of cookie_len
      */
-    if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "incoming HelloVerifyRequest message is too short" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("incoming HelloVerifyRequest message is too short"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
@@ -1165,8 +1119,8 @@
      *   opaque cookie<0..2^8-1>;
      * } HelloVerifyRequest;
      */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    dtls_legacy_version = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2);
+    dtls_legacy_version = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /*
@@ -1174,53 +1128,50 @@
      * The DTLS 1.3 (current draft) renames ProtocolVersion server_version to
      * legacy_version and locks the value of legacy_version to 0xfefd (DTLS 1.2)
      */
-    if( dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
+    if (dtls_legacy_version != 0xfefd && dtls_legacy_version != 0xfeff) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version"));
 
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
 
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
 
     cookie_len = *p++;
-    if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "cookie length does not match incoming message size" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("cookie length does not match incoming message size"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len);
 
-    mbedtls_free( ssl->handshake->cookie );
+    mbedtls_free(ssl->handshake->cookie);
 
-    ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
-    if( ssl->handshake->cookie  == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    ssl->handshake->cookie = mbedtls_calloc(1, cookie_len);
+    if (ssl->handshake->cookie  == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len));
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    memcpy( ssl->handshake->cookie, p, cookie_len );
+    memcpy(ssl->handshake->cookie, p, cookie_len);
     ssl->handshake->cookie_len = cookie_len;
 
     /* Start over at ClientHello */
     ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-    mbedtls_ssl_reset_checksum( ssl );
+    mbedtls_ssl_reset_checksum(ssl);
 
-    mbedtls_ssl_recv_flight_completed( ssl );
+    mbedtls_ssl_recv_flight_completed(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret, i;
     size_t n;
@@ -1233,74 +1184,65 @@
     int handshake_failure = 0;
     const mbedtls_ssl_ciphersuite_t *suite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello"));
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
         /* No alert on a read error. */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
     buf = ssl->in_msg;
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
+        if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
             ssl->renego_records_seen++;
 
-            if( ssl->conf->renego_max_records >= 0 &&
-                ssl->renego_records_seen > ssl->conf->renego_max_records )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "renegotiation requested, but not honored by server" ) );
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            if (ssl->conf->renego_max_records >= 0 &&
+                ssl->renego_records_seen > ssl->conf->renego_max_records) {
+                MBEDTLS_SSL_DEBUG_MSG(1,
+                                      ("renegotiation requested, but not honored by server"));
+                return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "non-handshake message during renegotiation" ) );
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("non-handshake message during renegotiation"));
 
             ssl->keep_current_message = 1;
-            return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
+            return MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO;
         }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) );
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-            return( ssl_parse_hello_verify_request( ssl ) );
-        }
-        else
-        {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request"));
+            MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
+            return ssl_parse_hello_verify_request(ssl);
+        } else {
             /* We made it through the verification process */
-            mbedtls_free( ssl->handshake->cookie );
+            mbedtls_free(ssl->handshake->cookie);
             ssl->handshake->cookie = NULL;
             ssl->handshake->cookie_len = 0;
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
-        buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) ||
+        buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
@@ -1314,365 +1256,340 @@
      * 38+n . 39+n  extensions length (optional)
      * 40+n .  ..   extensions
      */
-    buf += mbedtls_ssl_hs_hdr_len( ssl );
+    buf += mbedtls_ssl_hs_hdr_len(ssl);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf, 2 );
-    ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf, 2);
+    ssl->tls_version = mbedtls_ssl_read_version(buf, ssl->conf->transport);
     ssl->session_negotiate->tls_version = ssl->tls_version;
 
-    if( ssl->tls_version < ssl->conf->min_tls_version ||
-        ssl->tls_version > ssl->conf->max_tls_version )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server version out of bounds -  min: [0x%x], server: [0x%x], max: [0x%x]",
-              (unsigned)ssl->conf->min_tls_version,
-              (unsigned)ssl->tls_version,
-              (unsigned)ssl->conf->max_tls_version ) );
+    if (ssl->tls_version < ssl->conf->min_tls_version ||
+        ssl->tls_version > ssl->conf->max_tls_version) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              (
+                                  "server version out of bounds -  min: [0x%x], server: [0x%x], max: [0x%x]",
+                                  (unsigned) ssl->conf->min_tls_version,
+                                  (unsigned) ssl->tls_version,
+                                  (unsigned) ssl->conf->max_tls_version));
 
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
 
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
-                                     ( (unsigned long) buf[2] << 24 ) |
-                                     ( (unsigned long) buf[3] << 16 ) |
-                                     ( (unsigned long) buf[4] <<  8 ) |
-                                     ( (unsigned long) buf[5]       ) ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu",
+                              ((unsigned long) buf[2] << 24) |
+                              ((unsigned long) buf[3] << 16) |
+                              ((unsigned long) buf[4] <<  8) |
+                              ((unsigned long) buf[5])));
 
-    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
+    memcpy(ssl->handshake->randbytes + 32, buf + 2, 32);
 
     n = buf[34];
 
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 2, 32 );
+    MBEDTLS_SSL_DEBUG_BUF(3,   "server hello, random bytes", buf + 2, 32);
 
-    if( n > 32 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (n > 32) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
-    {
-        ext_len = ( ( buf[38 + n] <<  8 )
-                  | ( buf[39 + n]       ) );
+    if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) {
+        ext_len = ((buf[38 + n] <<  8)
+                   | (buf[39 + n]));
 
-        if( ( ext_len > 0 && ext_len < 4 ) ||
-            ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        if ((ext_len > 0 && ext_len < 4) ||
+            ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
-    }
-    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
-    {
+    } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) {
         ext_len = 0;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* ciphersuite (used later) */
-    i = ( buf[35 + n] << 8 ) | buf[36 + n];
+    i = (buf[35 + n] << 8) | buf[36 + n];
 
     /*
      * Read and check compression
      */
     comp = buf[37 + n];
 
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server hello, bad compression: %d", comp ) );
+    if (comp != MBEDTLS_SSL_COMPRESS_NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("server hello, bad compression: %d", comp));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
     /*
      * Initialize update checksum functions
      */
-    ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
-    if( ssl->handshake->ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "ciphersuite info for %04x not found", (unsigned int)i ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i);
+    if (ssl->handshake->ciphersuite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("ciphersuite info for %04x not found", (unsigned int) i));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
+    mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 35, n );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
+    MBEDTLS_SSL_DEBUG_BUF(3,   "server hello, session id", buf + 35, n);
 
     /*
      * Check if the session can be resumed
      */
-    if( ssl->handshake->resume == 0 || n == 0 ||
+    if (ssl->handshake->resume == 0 || n == 0 ||
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
         ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
 #endif
         ssl->session_negotiate->ciphersuite != i ||
         ssl->session_negotiate->id_len != n ||
-        memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
-    {
+        memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
         ssl->state++;
         ssl->handshake->resume = 0;
 #if defined(MBEDTLS_HAVE_TIME)
-        ssl->session_negotiate->start = mbedtls_time( NULL );
+        ssl->session_negotiate->start = mbedtls_time(NULL);
 #endif
         ssl->session_negotiate->ciphersuite = i;
         ssl->session_negotiate->id_len = n;
-        memcpy( ssl->session_negotiate->id, buf + 35, n );
-    }
-    else
-    {
+        memcpy(ssl->session_negotiate->id, buf + 35, n);
+    } else {
         ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
-                   ssl->handshake->resume ? "a" : "no" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
+                              ssl->handshake->resume ? "a" : "no"));
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
-                                buf[37 + n] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i));
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d",
+                              buf[37 + n]));
 
     /*
      * Perform cipher suite validation in same way as in ssl_write_client_hello.
      */
     i = 0;
-    while( 1 )
-    {
-        if( ssl->conf->ciphersuite_list[i] == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+    while (1) {
+        if (ssl->conf->ciphersuite_list[i] == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        if( ssl->conf->ciphersuite_list[i++] ==
-            ssl->session_negotiate->ciphersuite )
-        {
+        if (ssl->conf->ciphersuite_list[i++] ==
+            ssl->session_negotiate->ciphersuite) {
             break;
         }
     }
 
     suite_info = mbedtls_ssl_ciphersuite_from_id(
-        ssl->session_negotiate->ciphersuite );
-    if( mbedtls_ssl_validate_ciphersuite( ssl, suite_info, ssl->tls_version,
-                                          ssl->tls_version ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        ssl->session_negotiate->ciphersuite);
+    if (mbedtls_ssl_validate_ciphersuite(ssl, suite_info, ssl->tls_version,
+                                         ssl->tls_version) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("server hello, chosen ciphersuite: %s", suite_info->name));
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
-        ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
+    if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
+        ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
         ssl->handshake->ecrs_enabled = 1;
     }
 #endif
 
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+    if (comp != MBEDTLS_SSL_COMPRESS_NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     ext = buf + 40 + n;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-        ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
+    MBEDTLS_SSL_DEBUG_MSG(2,
+                          ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+                           ext_len));
 
-    while( ext_len )
-    {
-        unsigned int ext_id   = ( ( ext[0] <<  8 )
-                                | ( ext[1]       ) );
-        unsigned int ext_size = ( ( ext[2] <<  8 )
-                                | ( ext[3]       ) );
+    while (ext_len) {
+        unsigned int ext_id   = ((ext[0] <<  8)
+                                 | (ext[1]));
+        unsigned int ext_size = ((ext[2] <<  8)
+                                 | (ext[3]));
 
-        if( ext_size + 4 > ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        if (ext_size + 4 > ext_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
             mbedtls_ssl_send_alert_message(
                 ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        switch( ext_id )
-        {
-        case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+        switch (ext_id) {
+            case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension"));
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-            renegotiation_info_seen = 1;
+                renegotiation_info_seen = 1;
 #endif
 
-            if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
-                                                      ext_size ) ) != 0 )
-                return( ret );
+                if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4,
+                                                        ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-        case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found max_fragment_length extension" ) );
+            case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("found max_fragment_length extension"));
 
-            if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_max_fragment_length_ext(ssl,
+                                                             ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        case MBEDTLS_TLS_EXT_CID:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+            case MBEDTLS_TLS_EXT_CID:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension"));
 
-            if( ( ret = ssl_parse_cid_ext( ssl,
-                                           ext + 4,
-                                           ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_cid_ext(ssl,
+                                             ext + 4,
+                                             ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
+            case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension"));
 
-            if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_encrypt_then_mac_ext(ssl,
+                                                          ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-        case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found extended_master_secret extension" ) );
+            case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("found extended_master_secret extension"));
 
-            if( ( ret = ssl_parse_extended_ms_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_extended_ms_ext(ssl,
+                                                     ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        case MBEDTLS_TLS_EXT_SESSION_TICKET:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
+            case MBEDTLS_TLS_EXT_SESSION_TICKET:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension"));
 
-            if( ( ret = ssl_parse_session_ticket_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_session_ticket_ext(ssl,
+                                                        ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found supported_point_formats extension" ) );
+                defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+            case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("found supported_point_formats extension"));
 
-            if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_supported_point_formats_ext(ssl,
+                                                                 ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
+            case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension"));
 
-            if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
+                if ((ret = ssl_parse_ecjpake_kkpp(ssl,
+                                                  ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_ALPN)
-        case MBEDTLS_TLS_EXT_ALPN:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+            case MBEDTLS_TLS_EXT_ALPN:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
 
-            if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
-                return( ret );
+                if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-        case MBEDTLS_TLS_EXT_USE_SRTP:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
+            case MBEDTLS_TLS_EXT_USE_SRTP:
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension"));
 
-            if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 )
-                return( ret );
+                if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) {
+                    return ret;
+                }
 
-            break;
+                break;
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "unknown extension found: %u (ignoring)", ext_id ) );
+            default:
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("unknown extension found: %u (ignoring)", ext_id));
         }
 
         ext_len -= 4 + ext_size;
         ext += 4 + ext_size;
 
-        if( ext_len > 0 && ext_len < 4 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (ext_len > 0 && ext_len < 4) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message"));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
     }
 
@@ -1681,77 +1598,68 @@
      * extensions. It sets the transform data for the resumed session which in
      * case of DTLS includes the server CID extracted from the CID extension.
      */
-    if( ssl->handshake->resume )
-    {
-        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+    if (ssl->handshake->resume) {
+        if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-            return( ret );
+                MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+            return ret;
         }
     }
 
     /*
      * Renegotiation security checks
      */
-    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+    if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
         ssl->conf->allow_legacy_renegotiation ==
-        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "legacy renegotiation, breaking off handshake" ) );
+        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("legacy renegotiation, breaking off handshake"));
         handshake_failure = 1;
     }
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+    else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
              ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-             renegotiation_info_seen == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "renegotiation_info extension missing (secure)" ) );
+             renegotiation_info_seen == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("renegotiation_info extension missing (secure)"));
         handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             ssl->conf->allow_legacy_renegotiation ==
-             MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+    } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+               ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+               ssl->conf->allow_legacy_renegotiation ==
+               MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed"));
         handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             renegotiation_info_seen == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "renegotiation_info extension present (legacy)" ) );
+    } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+               ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+               renegotiation_info_seen == 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("renegotiation_info extension present (legacy)"));
         handshake_failure = 1;
     }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-    if( handshake_failure == 1 )
-    {
+    if (handshake_failure == 1) {
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello"));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
-                                       unsigned char **p,
-                                       unsigned char *end )
+static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl,
+                                      unsigned char **p,
+                                      unsigned char *end)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     size_t dhm_actual_bitlen;
@@ -1765,27 +1673,25 @@
      *     opaque dh_Ys<1..2^16-1>;
      * } ServerDHParams;
      */
-    if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx,
-                                         p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
-        return( ret );
+    if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,
+                                       p, end)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret);
+        return ret;
     }
 
-    dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
-    if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
-                                    dhm_actual_bitlen,
-                                    ssl->conf->dhm_min_bitlen ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx);
+    if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
+                                  dhm_actual_bitlen,
+                                  ssl->conf->dhm_min_bitlen));
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+    MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
+    MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
+    MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -1795,9 +1701,9 @@
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)   ||   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
-                                             unsigned char **p,
-                                             unsigned char *end )
+static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
+                                        unsigned char **p,
+                                        unsigned char *end)
 {
     uint16_t tls_id;
     uint8_t ecpoint_len;
@@ -1816,12 +1722,14 @@
      *  4       ECPoint.len
      *  5+      ECPoint contents
      */
-    if( end - *p < 4 )
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (end - *p < 4) {
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
+    }
 
     /* First byte is curve_type; only named_curve is handled */
-    if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    }
 
     /* Next two bytes are the namedcurve value */
     tls_id = *(*p)++;
@@ -1829,36 +1737,36 @@
     tls_id |= *(*p)++;
 
     /* Check it's a curve we offered */
-    if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2,
-            ( "bad server key exchange message (ECDHE curve): %u",
-              (unsigned) tls_id ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2,
+                              ("bad server key exchange message (ECDHE curve): %u",
+                               (unsigned) tls_id));
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /* Convert EC's TLS ID to PSA key type. */
-    if( mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ec_psa_family,
-                    &ec_bits ) == PSA_ERROR_NOT_SUPPORTED )
-    {
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &ec_psa_family,
+                                                   &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
-    handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family );
+    handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
     handshake->ecdh_bits = ec_bits;
 
     /* Keep a copy of the peer's public key */
     ecpoint_len = *(*p)++;
-    if( (size_t)( end - *p ) < ecpoint_len )
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((size_t) (end - *p) < ecpoint_len) {
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
+    }
 
-    if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) )
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    }
 
-    memcpy( handshake->ecdh_psa_peerkey, *p, ecpoint_len );
+    memcpy(handshake->ecdh_psa_peerkey, *p, ecpoint_len);
     handshake->ecdh_psa_peerkey_len = ecpoint_len;
     *p += ecpoint_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED   ||
@@ -1870,7 +1778,7 @@
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
+static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
 {
     uint16_t tls_id;
     mbedtls_ecp_group_id grp_id;
@@ -1880,23 +1788,23 @@
     grp_id = ssl->handshake->ecdh_ctx.grp_id;
 #endif
 
-    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( grp_id );
-    if( tls_id == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
+    if (tls_id == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s",
-                mbedtls_ssl_get_curve_name_from_tls_id( tls_id ) ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
+                              mbedtls_ssl_get_curve_name_from_tls_id(tls_id)));
 
-    if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-        return( -1 );
+    if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
+        return -1;
+    }
 
-    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                            MBEDTLS_DEBUG_ECDH_QP );
+    MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                           MBEDTLS_DEBUG_ECDH_QP);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   ||
@@ -1909,9 +1817,9 @@
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
-                                         unsigned char **p,
-                                         unsigned char *end )
+static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
+                                        unsigned char **p,
+                                        unsigned char *end)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
@@ -1923,35 +1831,34 @@
      *     ECPoint      public;
      * } ServerECDHParams;
      */
-    if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
-                                  (const unsigned char **) p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
+    if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,
+                                        (const unsigned char **) p, end)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+        if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
             ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+        }
 #endif
-        return( ret );
+        return ret;
     }
 
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (ECDHE curve)" ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ssl_check_server_ecdh_params(ssl) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("bad server key exchange message (ECDHE curve)"));
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    return( ret );
+    return ret;
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||     \
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||     \
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
+          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
           MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
-                                      unsigned char **p,
-                                      unsigned char *end )
+static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
+                                     unsigned char **p,
+                                     unsigned char *end)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     uint16_t  len;
@@ -1962,20 +1869,18 @@
      *
      * opaque psk_identity_hint<0..2^16-1>;
      */
-    if( end - (*p) < 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (end - (*p) < 2) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("bad server key exchange message (psk_identity_hint length)"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( end - (*p) < len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (end - (*p) < len) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("bad server key exchange message (psk_identity_hint length)"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
@@ -1986,7 +1891,7 @@
     *p += len;
     ret = 0;
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
@@ -1996,19 +1901,18 @@
  * Generate a pre-master secret and encrypt it with the server's RSA key
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
-                                    size_t offset, size_t *olen,
-                                    size_t pms_offset )
+static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
+                                   size_t offset, size_t *olen,
+                                   size_t pms_offset)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len_bytes = 2;
     unsigned char *p = ssl->handshake->premaster + pms_offset;
-    mbedtls_pk_context * peer_pk;
+    mbedtls_pk_context *peer_pk;
 
-    if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
+        return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
     }
 
     /*
@@ -2018,13 +1922,12 @@
      *      opaque random[46];
      *  } PreMasterSecret;
      */
-    mbedtls_ssl_write_version( p, ssl->conf->transport,
-                               MBEDTLS_SSL_VERSION_TLS1_2 );
+    mbedtls_ssl_write_version(p, ssl->conf->transport,
+                              MBEDTLS_SSL_VERSION_TLS1_2);
 
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
-        return( ret );
+    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
+        return ret;
     }
 
     ssl->handshake->pmslen = 48;
@@ -2032,11 +1935,10 @@
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
+    if (ssl->session_negotiate->peer_cert == NULL) {
         /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
     peer_pk = &ssl->session_negotiate->peer_cert->pk;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2044,33 +1946,30 @@
     /*
      * Now write it out, encrypted
      */
-    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
+        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
     }
 
-    if( ( ret = mbedtls_pk_encrypt( peer_pk,
-                            p, ssl->handshake->pmslen,
-                            ssl->out_msg + offset + len_bytes, olen,
-                            MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
-                            ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
-        return( ret );
+    if ((ret = mbedtls_pk_encrypt(peer_pk,
+                                  p, ssl->handshake->pmslen,
+                                  ssl->out_msg + offset + len_bytes, olen,
+                                  MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
+                                  ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
+        return ret;
     }
 
-    if( len_bytes == 2 )
-    {
-        MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
+    if (len_bytes == 2) {
+        MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
         *olen += 2;
     }
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /* We don't need the peer's public key anymore. Free it. */
-    mbedtls_pk_free( peer_pk );
+    mbedtls_pk_free(peer_pk);
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@@ -2078,115 +1977,107 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_ecp_keypair *peer_key;
-    mbedtls_pk_context * peer_pk;
+    mbedtls_pk_context *peer_pk;
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
+    if (ssl->session_negotiate->peer_cert == NULL) {
         /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
     peer_pk = &ssl->session_negotiate->peer_cert->pk;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     /* This is a public key, so it can't be opaque, so can_do() is a good
      * enough check to ensure pk_ec() is safe to use below. */
-    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
+        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
     }
 
-    peer_key = mbedtls_pk_ec( *peer_pk );
+    peer_key = mbedtls_pk_ec(*peer_pk);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     size_t olen = 0;
     uint16_t tls_id = 0;
     psa_ecc_family_t ecc_family;
 
-    if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+    if (mbedtls_ssl_check_curve(ssl, peer_key->grp.id) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
+        return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
     }
 
-    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( peer_key->grp.id );
-    if( tls_id == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ECC group %u not suported",
-                                peer_key->grp.id ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(peer_key->grp.id);
+    if (tls_id == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported",
+                                  peer_key->grp.id));
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     /* If the above conversion to TLS ID was fine, then also this one will be,
        so there is no need to check the return value here */
-    mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ecc_family,
-                                &ssl->handshake->ecdh_bits );
+    mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &ecc_family,
+                                               &ssl->handshake->ecdh_bits);
 
-    ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ecc_family );
+    ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family);
 
     /* Store peer's public key in psa format. */
-    ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q,
-                                          MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
-                                          ssl->handshake->ecdh_psa_peerkey,
-                                          MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH );
+    ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
+                                         MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
+                                         ssl->handshake->ecdh_psa_peerkey,
+                                         MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH);
 
-    if ( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecp_point_write_binary" ), ret );
-        return( ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
+        return ret;
     }
 
     ssl->handshake->ecdh_psa_peerkey_len = olen;
 #else
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
-                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        return( ret );
+    if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
+                                       MBEDTLS_ECDH_THEIRS)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
+        return ret;
     }
 
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+    if (ssl_check_server_ecdh_params(ssl) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
+        return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
     }
 #endif
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /* We don't need the peer's public key anymore. Free it,
      * so that more RAM is available for upcoming expensive
      * operations like ECDHE. */
-    mbedtls_pk_free( peer_pk );
+    mbedtls_pk_free(peer_pk);
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
     unsigned char *p = NULL, *end = NULL;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
 
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
     ((void) p);
     ((void) end);
@@ -2194,22 +2085,20 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
+        if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( ret );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
     ((void) p);
     ((void) end);
@@ -2217,132 +2106,119 @@
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
-    {
+    if (ssl->handshake->ecrs_enabled &&
+        ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {
         goto start_processing;
     }
 #endif
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
     /*
      * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
      * doesn't use a psk_identity_hint
      */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
-    {
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
+    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
             /* Current message is probably either
              * CertificateRequest or ServerHelloDone */
             ssl->keep_current_message = 1;
             goto exit;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server key exchange message must not be skipped" ) );
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("server key exchange message must not be skipped"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
 
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
+    if (ssl->handshake->ecrs_enabled) {
         ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
+    }
 
 start_processing:
 #endif
-    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
     end = ssl->in_msg + ssl->in_hslen;
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server key exchange", p, end - p );
+    MBEDTLS_SSL_DEBUG_BUF(3,   "server key exchange", p, end - p);
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
+        if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
     } /* FALLTHROUGH */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                       \
     defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
         ; /* nothing more to do */
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
+        if (ssl_parse_server_dh_params(ssl, &p, end) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-    {
-        if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
+        if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         /*
          * The first 3 bytes are:
@@ -2352,81 +2228,74 @@
          * However since we only support secp256r1 for now, we check only
          * that TLS ID here
          */
-        uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE( p, 1 );
+        uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1);
         uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
-                                    MBEDTLS_ECP_DP_SECP256R1 );
+            MBEDTLS_ECP_DP_SECP256R1);
 
-        if( exp_tls_id == 0 )
-        {
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        if (exp_tls_id == 0) {
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
 
-        if( ( *p != MBEDTLS_ECP_TLS_NAMED_CURVE ) ||
-            ( read_tls_id != exp_tls_id ) )
-        {
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) ||
+            (read_tls_id != exp_tls_id)) {
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
         p += 3;
 
-        if( ( ret = mbedtls_psa_ecjpake_read_round(
-                        &ssl->handshake->psa_pake_ctx, p, end - p,
-                        MBEDTLS_ECJPAKE_ROUND_TWO ) ) != 0 )
-        {
-            psa_destroy_key( ssl->handshake->psa_pake_password );
-            psa_pake_abort( &ssl->handshake->psa_pake_ctx );
+        if ((ret = mbedtls_psa_ecjpake_read_round(
+                 &ssl->handshake->psa_pake_ctx, p, end - p,
+                 MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
+            psa_destroy_key(ssl->handshake->psa_pake_password);
+            psa_pake_abort(&ssl->handshake->psa_pake_ctx);
 
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round two", ret );
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret);
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
 #else
-        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
-                                              p, end - p );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
+        ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
+                                             p, end - p);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
-    {
+    if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
         size_t sig_len, hashlen;
         unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
 
         mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
         mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-        unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+        unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
         size_t params_len = p - params;
         void *rs_ctx = NULL;
         uint16_t sig_alg;
 
-        mbedtls_pk_context * peer_pk;
+        mbedtls_pk_context *peer_pk;
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-        if( ssl->session_negotiate->peer_cert == NULL )
-        {
+        if (ssl->session_negotiate->peer_cert == NULL) {
             /* Should never happen */
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
         peer_pk = &ssl->session_negotiate->peer_cert->pk;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2434,143 +2303,137 @@
         /*
          * Handle the digitally-signed structure
          */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-        sig_alg = MBEDTLS_GET_UINT16_BE( p, 0 );
-        if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
-                            sig_alg, &pk_alg, &md_alg ) != 0 &&
-            ! mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) &&
-            ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "bad server key exchange message" ) );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+        sig_alg = MBEDTLS_GET_UINT16_BE(p, 0);
+        if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
+                sig_alg, &pk_alg, &md_alg) != 0 &&
+            !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) &&
+            !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
         p += 2;
 
-        if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "bad server key exchange message" ) );
+        if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
         /*
          * Read signature
          */
 
-        if( p > end - 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        if (p > end - 2) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
-        sig_len = ( p[0] << 8 ) | p[1];
+        sig_len = (p[0] << 8) | p[1];
         p += 2;
 
-        if( p != end - sig_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        if (p != end - sig_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len);
 
         /*
          * Compute the hash that has been signed
          */
-        if( md_alg != MBEDTLS_MD_NONE )
-        {
-            ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
-                                                          params, params_len,
-                                                          md_alg );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (md_alg != MBEDTLS_MD_NONE) {
+            ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen,
+                                                         params, params_len,
+                                                         md_alg);
+            if (ret != 0) {
+                return ret;
+            }
+        } else {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+        MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen);
 
         /*
          * Verify signature
          */
-        if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
         }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
+        if (ssl->handshake->ecrs_enabled) {
             rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+        }
 #endif
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
-        {
+        if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
             mbedtls_pk_rsassa_pss_options rsassa_pss_options;
             rsassa_pss_options.mgf1_hash_id = md_alg;
             rsassa_pss_options.expected_salt_len =
-                                    mbedtls_hash_info_get_size( md_alg );
-            if( rsassa_pss_options.expected_salt_len == 0 )
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                mbedtls_hash_info_get_size(md_alg);
+            if (rsassa_pss_options.expected_salt_len == 0) {
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+            }
 
-            ret = mbedtls_pk_verify_ext( pk_alg, &rsassa_pss_options,
-                                         peer_pk,
-                                         md_alg, hash, hashlen,
-                                         p, sig_len );
-        }
-        else
+            ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options,
+                                        peer_pk,
+                                        md_alg, hash, hashlen,
+                                        p, sig_len);
+        } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-            ret = mbedtls_pk_verify_restartable( peer_pk,
-                        md_alg, hash, hashlen, p, sig_len, rs_ctx );
+        ret = mbedtls_pk_verify_restartable(peer_pk,
+                                            md_alg, hash, hashlen, p, sig_len, rs_ctx);
 
-        if( ret != 0 )
-        {
+        if (ret != 0) {
             int send_alert_msg = 1;
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
+            send_alert_msg = (ret != MBEDTLS_ERR_ECP_IN_PROGRESS);
 #endif
-            if( send_alert_msg )
+            if (send_alert_msg) {
                 mbedtls_ssl_send_alert_message(
                     ssl,
                     MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                    MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+                    MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR);
+            }
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+            }
 #endif
-            return( ret );
+            return ret;
         }
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         /* We don't need the peer's public key anymore. Free it,
          * so that more RAM is available for upcoming expensive
          * operations like ECDHE. */
-        mbedtls_pk_free( peer_pk );
+        mbedtls_pk_free(peer_pk);
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
@@ -2578,33 +2441,32 @@
 exit:
     ssl->state++;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
 
-    return( 0 );
+    return 0;
 }
 
-#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
+#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
 
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
@@ -2614,44 +2476,40 @@
         ssl->handshake->ciphersuite_info;
     size_t sig_alg_len;
 #if defined(MBEDTLS_DEBUG_C)
-        unsigned char *sig_alg;
-        unsigned char *dn;
+    unsigned char *sig_alg;
+    unsigned char *dn;
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
 
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
     ssl->state++;
     ssl->handshake->client_auth =
-                    ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+        (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->handshake->client_auth ? "a" : "no" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request",
+                              ssl->handshake->client_auth ? "a" : "no"));
 
-    if( ssl->handshake->client_auth == 0 )
-    {
+    if (ssl->handshake->client_auth == 0) {
         /* Current message is probably the ServerHelloDone */
         ssl->keep_current_message = 1;
         goto exit;
@@ -2684,14 +2542,13 @@
     buf = ssl->in_msg;
 
     /* certificate_types */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
-    cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
+    cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)];
     n = cert_type_len;
 
     /*
@@ -2704,17 +2561,16 @@
      * therefore the buffer length at this point must be greater than that
      * regardless of the actual code path.
      */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* supported_signature_algorithms */
-    sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-                  | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]   ) );
+    sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] <<  8)
+                   | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
 
     /*
      * The furthest access in buf is in the loop few lines below:
@@ -2728,119 +2584,112 @@
      *     buf[...hdr_len + 3 + n + sig_alg_len],
      * which is one less than we need the buf to be.
      */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+    if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 3 + n + sig_alg_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
 #if defined(MBEDTLS_DEBUG_C)
-    sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
-    for( size_t i = 0; i < sig_alg_len; i += 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "Supported Signature Algorithm found: %02x %02x",
-              sig_alg[i], sig_alg[i + 1]  ) );
+    sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n;
+    for (size_t i = 0; i < sig_alg_len; i += 2) {
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("Supported Signature Algorithm found: %02x %02x",
+                               sig_alg[i], sig_alg[i + 1]));
     }
 #endif
 
     n += 2 + sig_alg_len;
 
     /* certificate_authorities */
-    dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
+    dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] <<  8)
+              | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n]));
 
     n += dn_len;
-    if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
 #if defined(MBEDTLS_DEBUG_C)
-    dn = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n - dn_len;
-    for( size_t i = 0, dni_len = 0; i < dn_len; i += 2 + dni_len )
-    {
+    dn = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n - dn_len;
+    for (size_t i = 0, dni_len = 0; i < dn_len; i += 2 + dni_len) {
         unsigned char *p = dn + i + 2;
         mbedtls_x509_name name;
         size_t asn1_len;
         char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
-        memset( &name, 0, sizeof( name ) );
-        dni_len = MBEDTLS_GET_UINT16_BE( dn + i, 0 );
-        if( dni_len > dn_len - i - 2 ||
-            mbedtls_asn1_get_tag( &p, p + dni_len, &asn1_len,
-              MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) != 0 ||
-            mbedtls_x509_get_name( &p, p + asn1_len, &name ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+        memset(&name, 0, sizeof(name));
+        dni_len = MBEDTLS_GET_UINT16_BE(dn + i, 0);
+        if (dni_len > dn_len - i - 2 ||
+            mbedtls_asn1_get_tag(&p, p + dni_len, &asn1_len,
+                                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) != 0 ||
+            mbedtls_x509_get_name(&p, p + asn1_len, &name) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message"));
             mbedtls_ssl_send_alert_message(
                 ssl,
                 MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
-        MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "DN hint: %.*s",
-              mbedtls_x509_dn_gets( s, sizeof(s), &name ), s ) );
-        mbedtls_asn1_free_named_data_list_shallow( name.next );
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("DN hint: %.*s",
+                               mbedtls_x509_dn_gets(s, sizeof(s), &name), s));
+        mbedtls_asn1_free_named_data_list_shallow(name.next);
     }
 #endif
 
 exit:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
+static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done"));
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ||
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_hslen  != mbedtls_ssl_hs_hdr_len(ssl) ||
+        ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     ssl->state++;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_recv_flight_completed(ssl);
+    }
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done"));
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -2849,55 +2698,50 @@
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange"));
 
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
         /*
          * DHM key exchange -- send G^X mod P
          */
-        content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
+        content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
 
-        MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
+        MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4);
         header_len = 6;
 
-        ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                          (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
-                          &ssl->out_msg[header_len], content_len,
-                          ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-            return( ret );
+        ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
+                                      (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
+                                      &ssl->out_msg[header_len], content_len,
+                                      ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
 
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                  ssl->handshake->premaster,
-                                  MBEDTLS_PREMASTER_SIZE,
-                                  &ssl->handshake->pmslen,
-                                  ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
+        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+                                           ssl->handshake->premaster,
+                                           MBEDTLS_PREMASTER_SIZE,
+                                           &ssl->handshake->pmslen,
+                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2907,7 +2751,7 @@
 
         header_len = 4;
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
 
         /*
          * Generate EC private key for ECDHE exchange.
@@ -2921,33 +2765,33 @@
          * For the time being, we therefore need to split the computation
          * of the ECDH secret and the application of the TLS 1.2 PRF. */
         key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
-        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+        psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+        psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+        psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
+        psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
 
         /* Generate ECDH private key. */
-        status = psa_generate_key( &key_attributes,
-                                   &handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        status = psa_generate_key(&key_attributes,
+                                  &handshake->ecdh_psa_privkey);
+        if (status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        }
 
         /* Export the public part of the ECDH private key from PSA.
          * The export format is an ECPoint structure as expected by TLS,
          * but we just need to add a length byte before that. */
         unsigned char *own_pubkey = ssl->out_msg + header_len + 1;
         unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-        size_t own_pubkey_max_len = (size_t)( end - own_pubkey );
+        size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
         size_t own_pubkey_len;
 
-        status = psa_export_public_key( handshake->ecdh_psa_privkey,
-                                        own_pubkey, own_pubkey_max_len,
-                                        &own_pubkey_len );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        status = psa_export_public_key(handshake->ecdh_psa_privkey,
+                                       own_pubkey, own_pubkey_max_len,
+                                       &own_pubkey_len);
+        if (status != PSA_SUCCESS) {
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         }
 
         ssl->out_msg[header_len] = (unsigned char) own_pubkey_len;
@@ -2956,19 +2800,20 @@
         /* The ECDH secret is the premaster secret used for key derivation. */
 
         /* Compute ECDH shared secret. */
-        status = psa_raw_key_agreement( PSA_ALG_ECDH,
-                                        handshake->ecdh_psa_privkey,
-                                        handshake->ecdh_psa_peerkey,
-                                        handshake->ecdh_psa_peerkey_len,
-                                        ssl->handshake->premaster,
-                                        sizeof( ssl->handshake->premaster ),
-                                        &ssl->handshake->pmslen );
+        status = psa_raw_key_agreement(PSA_ALG_ECDH,
+                                       handshake->ecdh_psa_privkey,
+                                       handshake->ecdh_psa_peerkey,
+                                       handshake->ecdh_psa_peerkey_len,
+                                       ssl->handshake->premaster,
+                                       sizeof(ssl->handshake->premaster),
+                                       &ssl->handshake->pmslen);
 
-        destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+        destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 
-        if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) {
+            return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+        }
 #else
         /*
          * ECDH key exchange -- send client public value
@@ -2976,70 +2821,68 @@
         header_len = 4;
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
-        {
-            if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
+        if (ssl->handshake->ecrs_enabled) {
+            if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {
                 goto ecdh_calc_secret;
+            }
 
-            mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
+            mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);
         }
 #endif
 
-        ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                                &content_len,
-                                &ssl->out_msg[header_len], 1000,
-                                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+        ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
+                                       &content_len,
+                                       &ssl->out_msg[header_len], 1000,
+                                       ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+            }
 #endif
-            return( ret );
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Q );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_Q);
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
-        {
+        if (ssl->handshake->ecrs_enabled) {
             ssl->handshake->ecrs_n = content_len;
             ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
         }
 
 ecdh_calc_secret:
-        if( ssl->handshake->ecrs_enabled )
+        if (ssl->handshake->ecrs_enabled) {
             content_len = ssl->handshake->ecrs_n;
+        }
 #endif
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                  &ssl->handshake->pmslen,
-                                  ssl->handshake->premaster,
-                                  MBEDTLS_MPI_MAX_SIZE,
-                                  ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+        if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
+                                            &ssl->handshake->pmslen,
+                                            ssl->handshake->premaster,
+                                            MBEDTLS_MPI_MAX_SIZE,
+                                            ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+            }
 #endif
-            return( ret );
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Z );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_Z);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_key_attributes_t key_attributes;
@@ -3049,38 +2892,38 @@
         /*
          * opaque psk_identity<0..2^16-1>;
          */
-        if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
+        if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
             /* We don't offer PSK suites if we don't have a PSK,
              * and we check that the server's choice is among the
              * ciphersuites we offered, so this should never happen. */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        }
 
         /* uint16 to store content length */
         const size_t content_len_size = 2;
 
         header_len = 4;
 
-        if( header_len + content_len_size + ssl->conf->psk_identity_len
-                    > MBEDTLS_SSL_OUT_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "psk identity too long or SSL buffer too short" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (header_len + content_len_size + ssl->conf->psk_identity_len
+            > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("psk identity too long or SSL buffer too short"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
         unsigned char *p = ssl->out_msg + header_len;
 
-        *p++ = MBEDTLS_BYTE_1( ssl->conf->psk_identity_len );
-        *p++ = MBEDTLS_BYTE_0( ssl->conf->psk_identity_len );
+        *p++ = MBEDTLS_BYTE_1(ssl->conf->psk_identity_len);
+        *p++ = MBEDTLS_BYTE_0(ssl->conf->psk_identity_len);
         header_len += content_len_size;
 
-        memcpy( p, ssl->conf->psk_identity,
-                ssl->conf->psk_identity_len );
+        memcpy(p, ssl->conf->psk_identity,
+               ssl->conf->psk_identity_len);
         p += ssl->conf->psk_identity_len;
 
         header_len += ssl->conf->psk_identity_len;
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
 
         /*
          * Generate EC private key for ECDHE exchange.
@@ -3094,33 +2937,33 @@
          * For the time being, we therefore need to split the computation
          * of the ECDH secret and the application of the TLS 1.2 PRF. */
         key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
-        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+        psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+        psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+        psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
+        psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
 
         /* Generate ECDH private key. */
-        status = psa_generate_key( &key_attributes,
-                                   &handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( status ) );
+        status = psa_generate_key(&key_attributes,
+                                  &handshake->ecdh_psa_privkey);
+        if (status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(status);
+        }
 
         /* Export the public part of the ECDH private key from PSA.
          * The export format is an ECPoint structure as expected by TLS,
          * but we just need to add a length byte before that. */
         unsigned char *own_pubkey = p + 1;
         unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-        size_t own_pubkey_max_len = (size_t)( end - own_pubkey );
+        size_t own_pubkey_max_len = (size_t) (end - own_pubkey);
         size_t own_pubkey_len = 0;
 
-        status = psa_export_public_key( handshake->ecdh_psa_privkey,
-                                        own_pubkey, own_pubkey_max_len,
-                                        &own_pubkey_len );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        status = psa_export_public_key(handshake->ecdh_psa_privkey,
+                                       own_pubkey, own_pubkey_max_len,
+                                       &own_pubkey_len);
+        if (status != PSA_SUCCESS) {
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( psa_ssl_status_to_mbedtls( status ) );
+            return psa_ssl_status_to_mbedtls(status);
         }
 
         *p = (unsigned char) own_pubkey_len;
@@ -3133,231 +2976,209 @@
          * - the PSK itself
          */
         unsigned char *pms = ssl->handshake->premaster;
-        const unsigned char* const pms_end = pms +
-                                sizeof( ssl->handshake->premaster );
+        const unsigned char * const pms_end = pms +
+                                              sizeof(ssl->handshake->premaster);
         /* uint16 to store length (in octets) of the ECDH computation */
         const size_t zlen_size = 2;
         size_t zlen = 0;
 
         /* Perform ECDH computation after the uint16 reserved for the length */
-        status = psa_raw_key_agreement( PSA_ALG_ECDH,
-                                        handshake->ecdh_psa_privkey,
-                                        handshake->ecdh_psa_peerkey,
-                                        handshake->ecdh_psa_peerkey_len,
-                                        pms + zlen_size,
-                                        pms_end - ( pms + zlen_size ),
-                                        &zlen );
+        status = psa_raw_key_agreement(PSA_ALG_ECDH,
+                                       handshake->ecdh_psa_privkey,
+                                       handshake->ecdh_psa_peerkey,
+                                       handshake->ecdh_psa_peerkey_len,
+                                       pms + zlen_size,
+                                       pms_end - (pms + zlen_size),
+                                       &zlen);
 
-        destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+        destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 
-        if( status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( status ) );
-        else if( destruction_status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( destruction_status ) );
+        if (status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(status);
+        } else if (destruction_status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(destruction_status);
+        }
 
         /* Write the ECDH computation length before the ECDH computation */
-        MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
+        MBEDTLS_PUT_UINT16_BE(zlen, pms, 0);
         pms += zlen_size + zlen;
-    }
-    else
+    } else
 #endif /* MBEDTLS_USE_PSA_CRYPTO &&
           MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
-    {
+    if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) {
         /*
          * opaque psk_identity<0..2^16-1>;
          */
-        if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 0 )
-        {
+        if (mbedtls_ssl_conf_has_static_psk(ssl->conf) == 0) {
             /* We don't offer PSK suites if we don't have a PSK,
              * and we check that the server's choice is among the
              * ciphersuites we offered, so this should never happen. */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         header_len = 4;
         content_len = ssl->conf->psk_identity_len;
 
-        if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "psk identity too long or SSL buffer too short" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+            MBEDTLS_SSL_DEBUG_MSG(1,
+                                  ("psk identity too long or SSL buffer too short"));
+            return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         }
 
-        ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
-        ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
+        ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
+        ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
 
-        memcpy( ssl->out_msg + header_len,
-                ssl->conf->psk_identity,
-                ssl->conf->psk_identity_len );
+        memcpy(ssl->out_msg + header_len,
+               ssl->conf->psk_identity,
+               ssl->conf->psk_identity_len);
         header_len += ssl->conf->psk_identity_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
-        {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
             content_len = 0;
-        }
-        else
+        } else
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
-            if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
-                                                 &content_len, 2 ) ) != 0 )
-                return( ret );
-        }
-        else
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
+            if ((ret = ssl_write_encrypted_pms(ssl, header_len,
+                                               &content_len, 2)) != 0) {
+                return ret;
+            }
+        } else
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-        {
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
             /*
              * ClientDiffieHellmanPublic public (DHM send G^X mod P)
              */
-            content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
+            content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
 
-            if( header_len + 2 + content_len >
-                MBEDTLS_SSL_OUT_CONTENT_LEN )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "psk identity or DHM size too long or SSL buffer too short" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+            if (header_len + 2 + content_len >
+                MBEDTLS_SSL_OUT_CONTENT_LEN) {
+                MBEDTLS_SSL_DEBUG_MSG(1,
+                                      ("psk identity or DHM size too long or SSL buffer too short"));
+                return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
             }
 
-            ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
-            ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
+            ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len);
+            ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len);
 
-            ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                    (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
-                    &ssl->out_msg[header_len], content_len,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-                return( ret );
+            ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
+                                          (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
+                                          &ssl->out_msg[header_len], content_len,
+                                          ssl->conf->f_rng, ssl->conf->p_rng);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret);
+                return ret;
             }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
             unsigned char *pms = ssl->handshake->premaster;
-            unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
+            unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
             size_t pms_len;
 
             /* Write length only when we know the actual value */
-            if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                          pms + 2, pms_end - ( pms + 2 ), &pms_len,
-                                          ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-                return( ret );
+            if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+                                               pms + 2, pms_end - (pms + 2), &pms_len,
+                                               ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+                return ret;
             }
-            MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
+            MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0);
             pms += 2 + pms_len;
 
-            MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
+            MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
 #endif
-        }
-        else
+        } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                             \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-        {
+        defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+        if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
             /*
              * ClientECDiffieHellmanPublic public;
              */
-            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                    &content_len,
-                    &ssl->out_msg[header_len],
-                    MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-                return( ret );
+            ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
+                                           &content_len,
+                                           &ssl->out_msg[header_len],
+                                           MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+                                           ssl->conf->f_rng, ssl->conf->p_rng);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret);
+                return ret;
             }
 
-            MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                    MBEDTLS_DEBUG_ECDH_Q );
-        }
-        else
+            MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                                   MBEDTLS_DEBUG_ECDH_Q);
+        } else
 #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
         {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1,
-                    "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+                                                    ciphersuite_info->key_exchange)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1,
+                                  "mbedtls_ssl_psk_derive_premaster", ret);
+            return ret;
         }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
         header_len = 4;
-        if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
-                                             &content_len, 0 ) ) != 0 )
-            return( ret );
-    }
-    else
+        if ((ret = ssl_write_encrypted_pms(ssl, header_len,
+                                           &content_len, 0)) != 0) {
+            return ret;
+        }
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         header_len = 4;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         unsigned char *out_p = ssl->out_msg + header_len;
         unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN -
                                header_len;
-        ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx,
-                                    out_p, end_p - out_p, &content_len,
-                                    MBEDTLS_ECJPAKE_ROUND_TWO );
-        if ( ret != 0 )
-        {
-            psa_destroy_key( ssl->handshake->psa_pake_password );
-            psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-            MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret );
-            return( ret );
+        ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
+                                              out_p, end_p - out_p, &content_len,
+                                              MBEDTLS_ECJPAKE_ROUND_TWO);
+        if (ret != 0) {
+            psa_destroy_key(ssl->handshake->psa_pake_password);
+            psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
+            return ret;
         }
 #else
-        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                ssl->out_msg + header_len,
-                MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
-                &content_len,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
-            return( ret );
+        ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,
+                                              ssl->out_msg + header_len,
+                                              MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
+                                              &content_len,
+                                              ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
+            return ret;
         }
 
-        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
-                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-            return( ret );
+        ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
+                                            ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+                                            ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
     {
         ((void) ciphersuite_info);
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     ssl->out_msglen  = header_len + content_len;
@@ -3366,46 +3187,43 @@
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange"));
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
 
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+        return ret;
     }
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -3417,59 +3235,55 @@
     size_t hashlen;
     void *rs_ctx = NULL;
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf );
+    size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf);
 #else
-    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf );
+    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf);
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign )
-    {
+    if (ssl->handshake->ecrs_enabled &&
+        ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) {
         goto sign;
     }
 #endif
 
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+        return ret;
     }
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    if( ssl->handshake->client_auth == 0 ||
-        mbedtls_ssl_own_cert( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+    if (ssl->handshake->client_auth == 0 ||
+        mbedtls_ssl_own_cert(ssl) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    if( mbedtls_ssl_own_key( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    if (mbedtls_ssl_own_key(ssl) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate"));
+        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
     }
 
     /*
      * Make a signature of the handshake digests
      */
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
+    if (ssl->handshake->ecrs_enabled) {
         ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
+    }
 
 sign:
 #endif
 
-    ssl->handshake->calc_verify( ssl, hash, &hashlen );
+    ssl->handshake->calc_verify(ssl, hash, &hashlen);
 
     /*
      * digitally-signed struct {
@@ -3487,43 +3301,41 @@
      *         SHA224 in order to satisfy 'weird' needs from the server
      *         side.
      */
-    if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-    {
+    if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
         md_alg = MBEDTLS_MD_SHA384;
         ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
-    }
-    else
-    {
+    } else {
         md_alg = MBEDTLS_MD_SHA256;
         ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
     }
-    ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+    ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl));
 
     /* Info from md_alg will be used instead */
     hashlen = 0;
     offset = 2;
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
+    if (ssl->handshake->ecrs_enabled) {
         rs_ctx = &ssl->handshake->ecrs_ctx.pk;
+    }
 #endif
 
-    if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
-                         md_alg, hash_start, hashlen,
-                         ssl->out_msg + 6 + offset,
-                         out_buf_len - 6 - offset,
-                         &n,
-                         ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+    if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl),
+                                           md_alg, hash_start, hashlen,
+                                           ssl->out_msg + 6 + offset,
+                                           out_buf_len - 6 - offset,
+                                           &n,
+                                           ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+        if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
             ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+        }
 #endif
-        return( ret );
+        return ret;
     }
 
-    MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
+    MBEDTLS_PUT_UINT16_BE(n, ssl->out_msg, offset + 4);
 
     ssl->out_msglen  = 6 + n + offset;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -3531,21 +3343,20 @@
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify"));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     uint32_t lifetime;
@@ -3553,22 +3364,20 @@
     unsigned char *ticket;
     const unsigned char *msg;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket"));
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
         mbedtls_ssl_send_alert_message(
             ssl,
             MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE);
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
     /*
@@ -3581,31 +3390,29 @@
      * 4  .  5   ticket_len (n)
      * 6  .  5+n ticket content
      */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
-        ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
+        ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
 
-    lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) |
-               ( msg[2] << 8 ) | ( msg[3] );
+    lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) |
+               (msg[2] << 8) | (msg[3]);
 
-    ticket_len = ( msg[4] << 8 ) | ( msg[5] );
+    ticket_len = (msg[4] << 8) | (msg[5]);
 
-    if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len));
 
     /* We're not waiting for a NewSessionTicket message any more */
     ssl->handshake->new_session_ticket = 0;
@@ -3615,33 +3422,32 @@
      * Zero-length ticket means the server changed his mind and doesn't want
      * to send a ticket after all, so just forget it
      */
-    if( ticket_len == 0 )
-        return( 0 );
+    if (ticket_len == 0) {
+        return 0;
+    }
 
-    if( ssl->session != NULL && ssl->session->ticket != NULL )
-    {
-        mbedtls_platform_zeroize( ssl->session->ticket,
-                                  ssl->session->ticket_len );
-        mbedtls_free( ssl->session->ticket );
+    if (ssl->session != NULL && ssl->session->ticket != NULL) {
+        mbedtls_platform_zeroize(ssl->session->ticket,
+                                 ssl->session->ticket_len);
+        mbedtls_free(ssl->session->ticket);
         ssl->session->ticket = NULL;
         ssl->session->ticket_len = 0;
     }
 
-    mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
-                              ssl->session_negotiate->ticket_len );
-    mbedtls_free( ssl->session_negotiate->ticket );
+    mbedtls_platform_zeroize(ssl->session_negotiate->ticket,
+                             ssl->session_negotiate->ticket_len);
+    mbedtls_free(ssl->session_negotiate->ticket);
     ssl->session_negotiate->ticket = NULL;
     ssl->session_negotiate->ticket_len = 0;
 
-    if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    memcpy( ticket, msg + 6, ticket_len );
+    memcpy(ticket, msg + 6, ticket_len);
 
     ssl->session_negotiate->ticket = ticket;
     ssl->session_negotiate->ticket_len = ticket_len;
@@ -3652,133 +3458,131 @@
      * "If the client receives a session ticket from the server, then it
      * discards any Session ID that was sent in the ServerHello."
      */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id"));
     ssl->session_negotiate->id_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 /*
  * SSL handshake -- client side -- single step
  */
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
 
     /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
      * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
-        ssl->handshake->new_session_ticket != 0 )
-    {
+    if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
+        ssl->handshake->new_session_ticket != 0) {
         ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
     }
 #endif
 
-    switch( ssl->state )
-    {
+    switch (ssl->state) {
         case MBEDTLS_SSL_HELLO_REQUEST:
             ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
             break;
 
-       /*
-        *  ==>   ClientHello
-        */
-       case MBEDTLS_SSL_CLIENT_HELLO:
-           ret = mbedtls_ssl_write_client_hello( ssl );
-           break;
+        /*
+         *  ==>   ClientHello
+         */
+        case MBEDTLS_SSL_CLIENT_HELLO:
+            ret = mbedtls_ssl_write_client_hello(ssl);
+            break;
 
-       /*
-        *  <==   ServerHello
-        *        Certificate
-        *      ( ServerKeyExchange  )
-        *      ( CertificateRequest )
-        *        ServerHelloDone
-        */
-       case MBEDTLS_SSL_SERVER_HELLO:
-           ret = ssl_parse_server_hello( ssl );
-           break;
+        /*
+         *  <==   ServerHello
+         *        Certificate
+         *      ( ServerKeyExchange  )
+         *      ( CertificateRequest )
+         *        ServerHelloDone
+         */
+        case MBEDTLS_SSL_SERVER_HELLO:
+            ret = ssl_parse_server_hello(ssl);
+            break;
 
-       case MBEDTLS_SSL_SERVER_CERTIFICATE:
-           ret = mbedtls_ssl_parse_certificate( ssl );
-           break;
+        case MBEDTLS_SSL_SERVER_CERTIFICATE:
+            ret = mbedtls_ssl_parse_certificate(ssl);
+            break;
 
-       case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-           ret = ssl_parse_server_key_exchange( ssl );
-           break;
+        case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
+            ret = ssl_parse_server_key_exchange(ssl);
+            break;
 
-       case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-           ret = ssl_parse_certificate_request( ssl );
-           break;
+        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+            ret = ssl_parse_certificate_request(ssl);
+            break;
 
-       case MBEDTLS_SSL_SERVER_HELLO_DONE:
-           ret = ssl_parse_server_hello_done( ssl );
-           break;
+        case MBEDTLS_SSL_SERVER_HELLO_DONE:
+            ret = ssl_parse_server_hello_done(ssl);
+            break;
 
-       /*
-        *  ==> ( Certificate/Alert  )
-        *        ClientKeyExchange
-        *      ( CertificateVerify  )
-        *        ChangeCipherSpec
-        *        Finished
-        */
-       case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-           ret = mbedtls_ssl_write_certificate( ssl );
-           break;
+        /*
+         *  ==> ( Certificate/Alert  )
+         *        ClientKeyExchange
+         *      ( CertificateVerify  )
+         *        ChangeCipherSpec
+         *        Finished
+         */
+        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+            ret = mbedtls_ssl_write_certificate(ssl);
+            break;
 
-       case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-           ret = ssl_write_client_key_exchange( ssl );
-           break;
+        case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
+            ret = ssl_write_client_key_exchange(ssl);
+            break;
 
-       case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-           ret = ssl_write_certificate_verify( ssl );
-           break;
+        case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+            ret = ssl_write_certificate_verify(ssl);
+            break;
 
-       case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_write_change_cipher_spec( ssl );
-           break;
+        case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
+            ret = mbedtls_ssl_write_change_cipher_spec(ssl);
+            break;
 
-       case MBEDTLS_SSL_CLIENT_FINISHED:
-           ret = mbedtls_ssl_write_finished( ssl );
-           break;
+        case MBEDTLS_SSL_CLIENT_FINISHED:
+            ret = mbedtls_ssl_write_finished(ssl);
+            break;
 
-       /*
-        *  <==   ( NewSessionTicket )
-        *        ChangeCipherSpec
-        *        Finished
-        */
+            /*
+             *  <==   ( NewSessionTicket )
+             *        ChangeCipherSpec
+             *        Finished
+             */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-       case MBEDTLS_SSL_NEW_SESSION_TICKET:
-           ret = ssl_parse_new_session_ticket( ssl );
-           break;
+        case MBEDTLS_SSL_NEW_SESSION_TICKET:
+            ret = ssl_parse_new_session_ticket(ssl);
+            break;
 #endif
 
-       case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
-           break;
+        case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
+            ret = mbedtls_ssl_parse_change_cipher_spec(ssl);
+            break;
 
-       case MBEDTLS_SSL_SERVER_FINISHED:
-           ret = mbedtls_ssl_parse_finished( ssl );
-           break;
+        case MBEDTLS_SSL_SERVER_FINISHED:
+            ret = mbedtls_ssl_parse_finished(ssl);
+            break;
 
-       case MBEDTLS_SSL_FLUSH_BUFFERS:
-           MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
-           ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-           break;
+        case MBEDTLS_SSL_FLUSH_BUFFERS:
+            MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
+            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            break;
 
-       case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-           mbedtls_ssl_handshake_wrapup( ssl );
-           break;
+        case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+            mbedtls_ssl_handshake_wrapup(ssl);
+            break;
 
-       default:
-           MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-           return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-   }
+        default:
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a28cd67..9298292 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -43,28 +43,30 @@
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen )
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+                                        const unsigned char *info,
+                                        size_t ilen)
 {
-    if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    mbedtls_free( ssl->cli_id );
+    mbedtls_free(ssl->cli_id);
 
-    if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
 
-    memcpy( ssl->cli_id, info, ilen );
+    memcpy(ssl->cli_id, info, ilen);
     ssl->cli_id_len = ilen;
 
-    return( 0 );
+    return 0;
 }
 
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie )
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+                                   mbedtls_ssl_cookie_write_t *f_cookie_write,
+                                   mbedtls_ssl_cookie_check_t *f_cookie_check,
+                                   void *p_cookie)
 {
     conf->f_cookie_write = f_cookie_write;
     conf->f_cookie_check = f_cookie_check;
@@ -74,62 +76,62 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
+static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf)
 {
-    if( conf->f_psk != NULL )
-        return( 1 );
+    if (conf->f_psk != NULL) {
+        return 1;
+    }
 
-    if( conf->psk_identity_len == 0 || conf->psk_identity == NULL )
-        return( 0 );
+    if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) {
+        return 0;
+    }
 
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
-        return( 1 );
+    if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
+        return 1;
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    if( conf->psk != NULL && conf->psk_len != 0 )
-        return( 1 );
+    if (conf->psk != NULL && conf->psk_len != 0) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        size_t len)
 {
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         /* Check verify-data in constant-time. The length OTOH is no secret */
-        if( len    != 1 + ssl->verify_data_len ||
+        if (len    != 1 + ssl->verify_data_len ||
             buf[0] !=     ssl->verify_data_len ||
-            mbedtls_ct_memcmp( buf + 1, ssl->peer_verify_data,
-                          ssl->verify_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            mbedtls_ct_memcmp(buf + 1, ssl->peer_verify_data,
+                              ssl->verify_data_len) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
     {
-        if( len != 1 || buf[0] != 0x0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        if (len != 1 || buf[0] != 0x0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
 
         ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
@@ -174,63 +176,59 @@
  * DHE groups are not supported yet.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                           const unsigned char *buf,
-                                           size_t len )
+static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          size_t len)
 {
     size_t list_size, our_size;
     const unsigned char *p;
     uint16_t *curves_tls_id;
 
-    if ( len < 2 ) {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len < 2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
-    list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
-    if( list_size + 2 != len ||
-        list_size % 2 != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    list_size = ((buf[0] << 8) | (buf[1]));
+    if (list_size + 2 != len ||
+        list_size % 2 != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Should never happen unless client duplicates the extension */
-    if( ssl->handshake->curves_tls_id != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (ssl->handshake->curves_tls_id != NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     /* Don't allow our peer to make us allocate too much memory,
      * and leave room for a final 0 */
     our_size = list_size / 2 + 1;
-    if( our_size > MBEDTLS_ECP_DP_MAX )
+    if (our_size > MBEDTLS_ECP_DP_MAX) {
         our_size = MBEDTLS_ECP_DP_MAX;
+    }
 
-    if( ( curves_tls_id = mbedtls_calloc( our_size,
-                                sizeof( *curves_tls_id ) ) ) == NULL )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((curves_tls_id = mbedtls_calloc(our_size,
+                                        sizeof(*curves_tls_id))) == NULL) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
     ssl->handshake->curves_tls_id = curves_tls_id;
 
     p = buf + 2;
-    while( list_size > 0 && our_size > 1 )
-    {
-        uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE( p, 0 );
+    while (list_size > 0 && our_size > 1) {
+        uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0);
 
-        if( mbedtls_ssl_get_ecp_group_id_from_tls_id( curr_tls_id ) !=
-                                        MBEDTLS_ECP_DP_NONE )
-        {
+        if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) !=
+            MBEDTLS_ECP_DP_NONE) {
             *curves_tls_id++ = curr_tls_id;
             our_size--;
         }
@@ -239,296 +237,280 @@
         p += 2;
     }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
+static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             size_t len)
 {
     size_t list_size;
     const unsigned char *p;
 
-    if( len == 0 || (size_t)( buf[0] + 1 ) != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len == 0 || (size_t) (buf[0] + 1) != len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
     list_size = buf[0];
 
     p = buf + 1;
-    while( list_size > 0 )
-    {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
-        {
+    while (list_size > 0) {
+        if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_ECP_PF_COMPRESSED) {
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                             \
-    ( defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) )
+            (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C))
             ssl->handshake->ecdh_ctx.point_format = p[0];
 #endif /* !MBEDTLS_USE_PSA_CRYPTO &&
           ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */
 #if !defined(MBEDTLS_USE_PSA_CRYPTO) &&                             \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
-                                              p[0] );
+            defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+            mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
+                                             p[0]);
 #endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
-            return( 0 );
+            MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0]));
+            return 0;
         }
 
         list_size--;
         p++;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len)
+static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ssl->handshake->psa_pake_ctx_is_ok != 1 )
+    if (ssl->handshake->psa_pake_ctx_is_ok != 1)
 #else
-    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+    if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension"));
+        return 0;
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = mbedtls_psa_ecjpake_read_round(
-                        &ssl->handshake->psa_pake_ctx, buf, len,
-                        MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 )
-    {
-        psa_destroy_key( ssl->handshake->psa_pake_password );
-        psa_pake_abort( &ssl->handshake->psa_pake_ctx );
+    if ((ret = mbedtls_psa_ecjpake_read_round(
+             &ssl->handshake->psa_pake_ctx, buf, len,
+             MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) {
+        psa_destroy_key(ssl->handshake->psa_pake_password);
+        psa_pake_abort(&ssl->handshake->psa_pake_ctx);
 
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret );
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round one", ret);
         mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+            ssl,
+            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
 
-        return( ret );
+        return ret;
     }
 #else
-    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
-                                                buf, len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( ret );
+    if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
+                                              buf, len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret);
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return ret;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* Only mark the extension as OK when we're sure it is */
     ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
+static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             size_t len)
 {
-    if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     ssl->session_negotiate->mfl_code = buf[0];
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
-                              const unsigned char *buf,
-                              size_t len )
+static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl,
+                             const unsigned char *buf,
+                             size_t len)
 {
     size_t peer_cid_len;
 
     /* CID extension only makes sense in DTLS */
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     /*
      *   struct {
      *      opaque cid<0..2^8-1>;
      *   } ConnectionId;
-    */
+     */
 
-    if( len < 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len < 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     peer_cid_len = *buf++;
     len--;
 
-    if( len != peer_cid_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len != peer_cid_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Ignore CID if the user has disabled its use. */
-    if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-    {
+    if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) {
         /* Leave ssl->handshake->cid_in_use in its default
          * value of MBEDTLS_SSL_CID_DISABLED. */
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled"));
+        return 0;
     }
 
-    if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
     ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
-    memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+    memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated"));
+    MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                      const unsigned char *buf,
-                                      size_t len )
+static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          size_t len)
 {
-    if( len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     ((void) buf);
 
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
-    {
+    if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) {
         ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                      const unsigned char *buf,
-                                      size_t len )
+static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl,
+                                     const unsigned char *buf,
+                                     size_t len)
 {
-    if( len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     ((void) buf);
 
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
-    {
+    if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
         ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         size_t len )
+static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_session session;
 
-    mbedtls_ssl_session_init( &session );
+    mbedtls_ssl_session_init(&session);
 
-    if( ssl->conf->f_ticket_parse == NULL ||
-        ssl->conf->f_ticket_write == NULL )
-    {
-        return( 0 );
+    if (ssl->conf->f_ticket_parse == NULL ||
+        ssl->conf->f_ticket_write == NULL) {
+        return 0;
     }
 
     /* Remember the client asked us to send a new ticket */
     ssl->handshake->new_session_ticket = 1;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len));
 
-    if( len == 0 )
-        return( 0 );
+    if (len == 0) {
+        return 0;
+    }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
-        return( 0 );
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating"));
+        return 0;
     }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
     /*
      * Failures are ok: just ignore the ticket and proceed.
      */
-    if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session,
-                                           buf, len ) ) != 0 )
-    {
-        mbedtls_ssl_session_free( &session );
+    if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session,
+                                         buf, len)) != 0) {
+        mbedtls_ssl_session_free(&session);
 
-        if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
-        else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
-        else
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
+        if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
+        } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
+        } else {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret);
+        }
 
-        return( 0 );
+        return 0;
     }
 
     /*
@@ -536,44 +518,43 @@
      * inform them we're accepting the ticket  (RFC 5077 section 3.4)
      */
     session.id_len = ssl->session_negotiate->id_len;
-    memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
+    memcpy(&session.id, ssl->session_negotiate->id, session.id_len);
 
-    mbedtls_ssl_session_free( ssl->session_negotiate );
-    memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
+    mbedtls_ssl_session_free(ssl->session_negotiate);
+    memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session));
 
     /* Zeroize instead of free as we copied the content */
-    mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) );
+    mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session));
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket"));
 
     ssl->handshake->resume = 1;
 
     /* Don't send a new ticket after all, this one is OK */
     ssl->handshake->new_session_ticket = 0;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
+static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
+                                  const unsigned char *buf,
+                                  size_t len)
 {
     mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET;
-    size_t i,j;
+    size_t i, j;
     size_t profile_length;
     uint16_t mki_length;
     /*! 2 bytes for profile length and 1 byte for mki len */
     const size_t size_of_lengths = 3;
 
     /* If use_srtp is not configured, just ignore the extension */
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
-        ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
-    {
-        return( 0 );
+    if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+        (ssl->conf->dtls_srtp_profile_list == NULL) ||
+        (ssl->conf->dtls_srtp_profile_list_len == 0)) {
+        return 0;
     }
 
     /* RFC5764 section 4.1.1
@@ -593,86 +574,77 @@
      * Check here that we have at least 2 bytes of protection profiles length
      * and one of srtp_mki length
      */
-    if( len < size_of_lengths )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (len < size_of_lengths) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-   ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
+    ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
 
     /* first 2 bytes are protection profile length(in bytes) */
-    profile_length = ( buf[0] << 8 ) | buf[1];
+    profile_length = (buf[0] << 8) | buf[1];
     buf += 2;
 
     /* The profile length cannot be bigger than input buffer size - lengths fields */
-    if( profile_length > len - size_of_lengths ||
-        profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (profile_length > len - size_of_lengths ||
+        profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
     /*
      * parse the extension list values are defined in
      * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
      */
-    for( j = 0; j < profile_length; j += 2 )
-    {
+    for (j = 0; j < profile_length; j += 2) {
         uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1];
-        client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value );
+        client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value);
 
-        if( client_protection != MBEDTLS_TLS_SRTP_UNSET )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s",
-                                    mbedtls_ssl_get_srtp_profile_as_string(
-                                            client_protection ) ) );
-        }
-        else
-        {
+        if (client_protection != MBEDTLS_TLS_SRTP_UNSET) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s",
+                                      mbedtls_ssl_get_srtp_profile_as_string(
+                                          client_protection)));
+        } else {
             continue;
         }
         /* check if suggested profile is in our list */
-        for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
-        {
-            if( client_protection == ssl->conf->dtls_srtp_profile_list[i] )
-            {
+        for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) {
+            if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) {
                 ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s",
-                                            mbedtls_ssl_get_srtp_profile_as_string(
-                                                    client_protection ) ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s",
+                                          mbedtls_ssl_get_srtp_profile_as_string(
+                                              client_protection)));
                 break;
             }
         }
-        if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET )
+        if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) {
             break;
+        }
     }
     buf += profile_length; /* buf points to the mki length */
     mki_length = *buf;
     buf++;
 
-    if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ||
-        mki_length + profile_length + size_of_lengths != len )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ||
+        mki_length + profile_length + size_of_lengths != len) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Parse the mki only if present and mki is supported locally */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
-          mki_length > 0 )
-    {
+    if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
+        mki_length > 0) {
         ssl->dtls_srtp_info.mki_len = mki_length;
 
-        memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length );
+        memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length);
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "using mki",  ssl->dtls_srtp_info.mki_value,
-                                                ssl->dtls_srtp_info.mki_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "using mki",  ssl->dtls_srtp_info.mki_value,
+                              ssl->dtls_srtp_info.mki_len);
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
@@ -686,22 +658,22 @@
  */
 #if defined(MBEDTLS_ECDSA_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_key_curve( mbedtls_pk_context *pk,
-                                uint16_t *curves_tls_id )
+static int ssl_check_key_curve(mbedtls_pk_context *pk,
+                               uint16_t *curves_tls_id)
 {
     uint16_t *curr_tls_id = curves_tls_id;
-    mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
+    mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id;
     mbedtls_ecp_group_id curr_grp_id;
 
-    while( *curr_tls_id != 0 )
-    {
-        curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id( *curr_tls_id );
-        if( curr_grp_id == grp_id )
-            return( 0 );
+    while (*curr_tls_id != 0) {
+        curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
+        if (curr_grp_id == grp_id) {
+            return 0;
+        }
         curr_tls_id++;
     }
 
-    return( -1 );
+    return -1;
 }
 #endif /* MBEDTLS_ECDSA_C */
 
@@ -710,68 +682,66 @@
  * return 0 on success and -1 on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_pick_cert( mbedtls_ssl_context *ssl,
-                          const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
+static int ssl_pick_cert(mbedtls_ssl_context *ssl,
+                         const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
 {
     mbedtls_ssl_key_cert *cur, *list;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t pk_alg =
-        mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg( ciphersuite_info );
+        mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info);
     psa_key_usage_t pk_usage =
-        mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage( ciphersuite_info );
+        mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info);
 #else
     mbedtls_pk_type_t pk_alg =
-        mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+        mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     uint32_t flags;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_key_cert != NULL )
+    if (ssl->handshake->sni_key_cert != NULL) {
         list = ssl->handshake->sni_key_cert;
-    else
+    } else
 #endif
-        list = ssl->conf->key_cert;
+    list = ssl->conf->key_cert;
 
     int pk_alg_is_none = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    pk_alg_is_none = ( pk_alg == PSA_ALG_NONE );
+    pk_alg_is_none = (pk_alg == PSA_ALG_NONE);
 #else
-    pk_alg_is_none = ( pk_alg == MBEDTLS_PK_NONE );
+    pk_alg_is_none = (pk_alg == MBEDTLS_PK_NONE);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    if( pk_alg_is_none )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
-
-    if( list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
-        return( -1 );
+    if (pk_alg_is_none) {
+        return 0;
     }
 
-    for( cur = list; cur != NULL; cur = cur->next )
-    {
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate"));
+
+    if (list == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate"));
+        return -1;
+    }
+
+    for (cur = list; cur != NULL; cur = cur->next) {
         flags = 0;
-        MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
-                          cur->cert );
+        MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate",
+                              cur->cert);
 
         int key_type_matches = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-        key_type_matches = ( ( ssl->conf->f_async_sign_start != NULL ||
-                    ssl->conf->f_async_decrypt_start != NULL ||
-                    mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) ) &&
-                mbedtls_pk_can_do_ext( &cur->cert->pk, pk_alg, pk_usage ) );
+        key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
+                             ssl->conf->f_async_decrypt_start != NULL ||
+                             mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) &&
+                            mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage));
 #else
         key_type_matches = (
-                mbedtls_pk_can_do_ext( cur->key, pk_alg, pk_usage ) );
+            mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage));
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 #else
-        key_type_matches = mbedtls_pk_can_do( &cur->cert->pk, pk_alg );
+        key_type_matches = mbedtls_pk_can_do(&cur->cert->pk, pk_alg);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-        if( !key_type_matches )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
+        if (!key_type_matches) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type"));
             continue;
         }
 
@@ -783,20 +753,18 @@
          * different uses based on keyUsage, eg if they want to avoid signing
          * and decrypting with the same RSA key.
          */
-        if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
-                                  MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
-                                "(extended) key usage extension" ) );
+        if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
+                                         MBEDTLS_SSL_IS_SERVER, &flags) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
+                                      "(extended) key usage extension"));
             continue;
         }
 
 #if defined(MBEDTLS_ECDSA_C)
-        if( pk_alg == MBEDTLS_PK_ECDSA &&
-            ssl_check_key_curve( &cur->cert->pk,
-                            ssl->handshake->curves_tls_id ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
+        if (pk_alg == MBEDTLS_PK_ECDSA &&
+            ssl_check_key_curve(&cur->cert->pk,
+                                ssl->handshake->curves_tls_id) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve"));
             continue;
         }
 #endif
@@ -806,15 +774,14 @@
     }
 
     /* Do not update ssl->handshake->key_cert unless there is a match */
-    if( cur != NULL )
-    {
+    if (cur != NULL) {
         ssl->handshake->key_cert = cur;
-        MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
-                          ssl->handshake->key_cert->cert );
-        return( 0 );
+        MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate",
+                              ssl->handshake->key_cert->cert);
+        return 0;
     }
 
-    return( -1 );
+    return -1;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
@@ -823,8 +790,8 @@
  * Sets ciphersuite_info only if the suite matches.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
-                                  const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
+static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
+                                 const mbedtls_ssl_ciphersuite_t **ciphersuite_info)
 {
     const mbedtls_ssl_ciphersuite_t *suite_info;
 
@@ -832,53 +799,48 @@
     mbedtls_pk_type_t sig_type;
 #endif
 
-    suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
-    if( suite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
+    if (suite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
-                                (unsigned int) suite_id, suite_info->name ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)",
+                              (unsigned int) suite_id, suite_info->name));
 
-    if( suite_info->min_tls_version > ssl->tls_version ||
-        suite_info->max_tls_version < ssl->tls_version )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
-        return( 0 );
+    if (suite_info->min_tls_version > ssl->tls_version ||
+        suite_info->max_tls_version < ssl->tls_version) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version"));
+        return 0;
     }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-        ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
-                                    "not configured or ext missing" ) );
-        return( 0 );
+    if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+        (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake "
+                                  "not configured or ext missing"));
+        return 0;
     }
 #endif
 
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-    if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
-        ( ssl->handshake->curves_tls_id == NULL ||
-          ssl->handshake->curves_tls_id[0] == 0 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
-                            "no common elliptic curve" ) );
-        return( 0 );
+    if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
+        (ssl->handshake->curves_tls_id == NULL ||
+         ssl->handshake->curves_tls_id[0] == 0)) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: "
+                                  "no common elliptic curve"));
+        return 0;
     }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     /* If the ciphersuite requires a pre-shared key and we don't
      * have one, skip it now rather than failing later */
-    if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
-        ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
-        return( 0 );
+    if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) &&
+        ssl_conf_has_psk_or_cb(ssl->conf) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key"));
+        return 0;
     }
 #endif
 
@@ -890,38 +852,36 @@
      * - try the next ciphersuite if we don't
      * This must be done last since we modify the key_cert list.
      */
-    if( ssl_pick_cert( ssl, suite_info ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
-                            "no suitable certificate" ) );
-        return( 0 );
+    if (ssl_pick_cert(ssl, suite_info) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: "
+                                  "no suitable certificate"));
+        return 0;
     }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* If the ciphersuite requires signing, check whether
      * a suitable hash algorithm is present. */
-    sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
-    if( sig_type != MBEDTLS_PK_NONE &&
+    sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
+    if (sig_type != MBEDTLS_PK_NONE &&
         mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
-            ssl, mbedtls_ssl_sig_from_pk_alg( sig_type ) ) == MBEDTLS_SSL_HASH_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
-                                    "for signature algorithm %u", (unsigned) sig_type ) );
-        return( 0 );
+            ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm "
+                                  "for signature algorithm %u", (unsigned) sig_type));
+        return 0;
     }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
     *ciphersuite_info = suite_info;
-    return( 0 );
+    return 0;
 }
 
 /* This function doesn't alert on errors that happen early during
    ClientHello parsing because they might indicate that the client is
    not talking SSL/TLS at all and would not understand our alert. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
+static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
 {
     int ret, got_common_suite;
     size_t i, j;
@@ -945,7 +905,7 @@
     int sig_hash_alg_ext_present = 0;
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello"));
 
     int renegotiating;
 
@@ -959,21 +919,19 @@
      */
     renegotiating = 0;
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    renegotiating = ( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE );
+    renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE);
 #endif
-    if( !renegotiating )
-    {
-        if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
-        {
+    if (!renegotiating) {
+        if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) {
             /* No alert on a read error. */
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-            return( ret );
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+            return ret;
         }
     }
 
     buf = ssl->in_hdr;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl));
 
     /*
      * TLS Client Hello
@@ -984,93 +942,85 @@
      *     3  .   11  DTLS: epoch + record sequence number
      *     3  .   4   message length
      */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, message type: %d",
-                   buf[0] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d",
+                              buf[0]));
 
-    if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, message len.: %d",
-                   ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d",
+                              (ssl->in_len[0] << 8) | ssl->in_len[1]));
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
-                   buf[1], buf[2] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]",
+                              buf[1], buf[2]));
 
     /* For DTLS if this is the initial handshake, remember the client sequence
      * number to use it in our next message (RFC 6347 4.2.1) */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
         && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
 #endif
-        )
-    {
+        ) {
         /* Epoch should be 0 for initial handshakes */
-        if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        memcpy( &ssl->cur_out_ctr[2], ssl->in_ctr + 2,
-                sizeof( ssl->cur_out_ctr ) - 2 );
+        memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2,
+               sizeof(ssl->cur_out_ctr) - 2);
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-        if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) );
+        if (mbedtls_ssl_dtls_replay_check(ssl) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding"));
             ssl->next_record_offset = 0;
             ssl->in_left = 0;
             goto read_record_header;
         }
 
         /* No MAC to check yet, so we can update right now */
-        mbedtls_ssl_dtls_replay_update( ssl );
+        mbedtls_ssl_dtls_replay_update(ssl);
 #endif
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
+    msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1];
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         /* Set by mbedtls_ssl_read_record() */
         msg_len = ssl->in_hslen;
-    }
-    else
+    } else
 #endif
     {
-        if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        if( ( ret = mbedtls_ssl_fetch_input( ssl,
-                       mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_fetch_input(ssl,
+                                           mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret);
+            return ret;
         }
 
-    /* Done reading this record, get ready for the next one */
+        /* Done reading this record, get ready for the next one */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-            ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
-        else
+        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+            ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl);
+        } else
 #endif
-            ssl->in_left = 0;
+        ssl->in_left = 0;
     }
 
     buf = ssl->in_msg;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len);
 
-    ssl->handshake->update_checksum( ssl, buf, msg_len );
+    ssl->handshake->update_checksum(ssl, buf, msg_len);
 
     /*
      * Handshake layer:
@@ -1080,73 +1030,65 @@
      *     6  .   8   DTLS only: fragment offset
      *     9  .  11   DTLS only: fragment length
      */
-    if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0]));
 
-    if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
     {
-        size_t handshake_len = MBEDTLS_GET_UINT24_BE( buf, 1 );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %u",
-                       ( unsigned ) handshake_len ) );
+        size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1);
+        MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u",
+                                  (unsigned) handshake_len));
 
         /* The record layer has a record size limit of 2^14 - 1 and
          * fragmentation is not supported, so buf[1] should be zero. */
-        if( buf[1] != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != 0",
-                                        (unsigned) buf[1] ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (buf[1] != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0",
+                                      (unsigned) buf[1]));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
         /* We don't support fragmentation of ClientHello (yet?) */
-        if( msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + handshake_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message: %u != %u + %u",
-                                    (unsigned) msg_len,
-                                    (unsigned) mbedtls_ssl_hs_hdr_len( ssl ),
-                                    (unsigned) handshake_len ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u",
+                                      (unsigned) msg_len,
+                                      (unsigned) mbedtls_ssl_hs_hdr_len(ssl),
+                                      (unsigned) handshake_len));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         /*
          * Copy the client's handshake message_seq on initial handshakes,
          * check sequence number on renego.
          */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
+        if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
             /* This couldn't be done in ssl_prepare_handshake_record() */
-            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
-                                         ssl->in_msg[5];
+            unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
+                                       ssl->in_msg[5];
 
-            if( cli_msg_seq != ssl->handshake->in_msg_seq )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
-                                    "%u (expected %u)", cli_msg_seq,
-                                    ssl->handshake->in_msg_seq ) );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+            if (cli_msg_seq != ssl->handshake->in_msg_seq) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: "
+                                          "%u (expected %u)", cli_msg_seq,
+                                          ssl->handshake->in_msg_seq));
+                return MBEDTLS_ERR_SSL_DECODE_ERROR;
             }
 
             ssl->handshake->in_msg_seq++;
-        }
-        else
+        } else
 #endif
         {
-            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
-                                         ssl->in_msg[5];
+            unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
+                                       ssl->in_msg[5];
             ssl->handshake->out_msg_seq = cli_msg_seq;
             ssl->handshake->in_msg_seq  = cli_msg_seq + 1;
         }
@@ -1156,24 +1098,23 @@
              * fragment_offset == 0 and fragment_length == length
              */
             size_t fragment_offset, fragment_length, length;
-            fragment_offset = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 6 );
-            fragment_length = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 9 );
-            length = MBEDTLS_GET_UINT24_BE( ssl->in_msg, 1 );
+            fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6);
+            fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9);
+            length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1);
             MBEDTLS_SSL_DEBUG_MSG(
-                4, ( "fragment_offset=%u fragment_length=%u length=%u",
-                     (unsigned) fragment_offset, (unsigned) fragment_length,
-                     (unsigned) length ) );
-            if( fragment_offset != 0 || length != fragment_length )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
-                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+                4, ("fragment_offset=%u fragment_length=%u length=%u",
+                    (unsigned) fragment_offset, (unsigned) fragment_length,
+                    (unsigned) length));
+            if (fragment_offset != 0 || length != fragment_length) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported"));
+                return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
             }
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    buf += mbedtls_ssl_hs_hdr_len( ssl );
-    msg_len -= mbedtls_ssl_hs_hdr_len( ssl );
+    buf += mbedtls_ssl_hs_hdr_len(ssl);
+    msg_len -= mbedtls_ssl_hs_hdr_len(ssl);
 
     /*
      * ClientHello layer:
@@ -1196,135 +1137,122 @@
      * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
      * read at least up to session id length without worrying.
      */
-    if( msg_len < 38 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (msg_len < 38) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
      * Check and save the protocol version
      */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2);
 
-    ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
+    ssl->tls_version = mbedtls_ssl_read_version(buf, ssl->conf->transport);
     ssl->session_negotiate->tls_version = ssl->tls_version;
 
-    if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+    if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION);
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
 
     /*
      * Save client random (inc. Unix time)
      */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32);
 
-    memcpy( ssl->handshake->randbytes, buf + 2, 32 );
+    memcpy(ssl->handshake->randbytes, buf + 2, 32);
 
     /*
      * Check the session ID length and save session ID
      */
     sess_len = buf[34];
 
-    if( sess_len > sizeof( ssl->session_negotiate->id ) ||
-        sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (sess_len > sizeof(ssl->session_negotiate->id) ||
+        sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len);
 
     ssl->session_negotiate->id_len = sess_len;
-    memset( ssl->session_negotiate->id, 0,
-            sizeof( ssl->session_negotiate->id ) );
-    memcpy( ssl->session_negotiate->id, buf + 35,
-            ssl->session_negotiate->id_len );
+    memset(ssl->session_negotiate->id, 0,
+           sizeof(ssl->session_negotiate->id));
+    memcpy(ssl->session_negotiate->id, buf + 35,
+           ssl->session_negotiate->id_len);
 
     /*
      * Check the cookie length and content
      */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         cookie_offset = 35 + sess_len;
         cookie_len = buf[cookie_offset];
 
-        if( cookie_offset + 1 + cookie_len + 2 > msg_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (cookie_offset + 1 + cookie_len + 2 > msg_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                       buf + cookie_offset + 1, cookie_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie",
+                              buf + cookie_offset + 1, cookie_len);
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-        if( ssl->conf->f_cookie_check != NULL
+        if (ssl->conf->f_cookie_check != NULL
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
             && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
 #endif
-            )
-        {
-            if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
-                                     buf + cookie_offset + 1, cookie_len,
-                                     ssl->cli_id, ssl->cli_id_len ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
+            ) {
+            if (ssl->conf->f_cookie_check(ssl->conf->p_cookie,
+                                          buf + cookie_offset + 1, cookie_len,
+                                          ssl->cli_id, ssl->cli_id_len) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed"));
                 ssl->handshake->cookie_verify_result = 1;
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
+            } else {
+                MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed"));
                 ssl->handshake->cookie_verify_result = 0;
             }
-        }
-        else
+        } else
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
         {
             /* We know we didn't send a cookie, so it should be empty */
-            if( cookie_len != 0 )
-            {
+            if (cookie_len != 0) {
                 /* This may be an attacker's probe, so don't send an alert */
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+                return MBEDTLS_ERR_SSL_DECODE_ERROR;
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped"));
         }
 
-    /*
-     * Check the ciphersuitelist length (will be parsed later)
-     */
+        /*
+         * Check the ciphersuitelist length (will be parsed later)
+         */
         ciph_offset = cookie_offset + 1 + cookie_len;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-        ciph_offset = 35 + sess_len;
+    ciph_offset = 35 + sess_len;
 
-    ciph_len = ( buf[ciph_offset + 0] << 8 )
-             | ( buf[ciph_offset + 1]      );
+    ciph_len = (buf[ciph_offset + 0] << 8)
+               | (buf[ciph_offset + 1]);
 
-    if( ciph_len < 2 ||
+    if (ciph_len < 2 ||
         ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
-        ( ciph_len % 2 ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        (ciph_len % 2) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
-                   buf + ciph_offset + 2,  ciph_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist",
+                          buf + ciph_offset + 2,  ciph_len);
 
     /*
      * Check the compression algorithm's length.
@@ -1336,243 +1264,248 @@
 
     comp_len = buf[comp_offset];
 
-    if( comp_len < 1 ||
+    if (comp_len < 1 ||
         comp_len > 16 ||
-        comp_len + comp_offset + 1 > msg_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        comp_len + comp_offset + 1 > msg_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression",
-                      buf + comp_offset + 1, comp_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression",
+                          buf + comp_offset + 1, comp_len);
 
-        /*
-         * Check the extension length
-         */
-        ext_offset = comp_offset + 1 + comp_len;
-        if( msg_len > ext_offset )
-        {
-            if( msg_len < ext_offset + 2 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-            }
-
-            ext_len = ( buf[ext_offset + 0] << 8 )
-                    | ( buf[ext_offset + 1]      );
-
-            if( msg_len != ext_offset + 2 + ext_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-            }
+    /*
+     * Check the extension length
+     */
+    ext_offset = comp_offset + 1 + comp_len;
+    if (msg_len > ext_offset) {
+        if (msg_len < ext_offset + 2) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
-        else
-            ext_len = 0;
 
-        ext = buf + ext_offset + 2;
-        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+        ext_len = (buf[ext_offset + 0] << 8)
+                  | (buf[ext_offset + 1]);
 
-        while( ext_len != 0 )
-        {
-            unsigned int ext_id;
-            unsigned int ext_size;
-            if ( ext_len < 4 ) {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                               MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-            }
-            ext_id   = ( ( ext[0] <<  8 ) | ( ext[1] ) );
-            ext_size = ( ( ext[2] <<  8 ) | ( ext[3] ) );
+        if (msg_len != ext_offset + 2 + ext_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
+        }
+    } else {
+        ext_len = 0;
+    }
 
-            if( ext_size + 4 > ext_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-            }
-            switch( ext_id )
-            {
+    ext = buf + ext_offset + 2;
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len);
+
+    while (ext_len != 0) {
+        unsigned int ext_id;
+        unsigned int ext_size;
+        if (ext_len < 4) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
+        }
+        ext_id   = ((ext[0] <<  8) | (ext[1]));
+        ext_size = ((ext[2] <<  8) | (ext[3]));
+
+        if (ext_size + 4 > ext_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+            mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
+        }
+        switch (ext_id) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
             case MBEDTLS_TLS_EXT_SERVERNAME:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                ret = mbedtls_ssl_parse_server_name_ext( ssl, ext + 4,
-                                                         ext + 4 + ext_size );
-                if( ret != 0 )
-                    return( ret );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension"));
+                ret = mbedtls_ssl_parse_server_name_ext(ssl, ext + 4,
+                                                        ext + 4 + ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
             case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension"));
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
                 renegotiation_info_seen = 1;
 #endif
 
-                ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
             case MBEDTLS_TLS_EXT_SIG_ALG:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension"));
 
-                ret = mbedtls_ssl_parse_sig_alg_ext( ssl, ext + 4, ext + 4 + ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = mbedtls_ssl_parse_sig_alg_ext(ssl, ext + 4, ext + 4 + ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
 
                 sig_hash_alg_ext_present = 1;
                 break;
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+                defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
             case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
 
-                ret = ssl_parse_supported_groups_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_supported_groups_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 
             case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension"));
                 ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
 
-                ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
           MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
             case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension"));
 
-                ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
             case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension"));
 
-                ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
             case MBEDTLS_TLS_EXT_CID:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension"));
 
-                ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
             case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension"));
 
-                ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
             case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension"));
 
-                ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
             case MBEDTLS_TLS_EXT_SESSION_TICKET:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension"));
 
-                ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_ALPN)
             case MBEDTLS_TLS_EXT_ALPN:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
 
-                ret = mbedtls_ssl_parse_alpn_ext( ssl, ext + 4,
-                                                  ext + 4 + ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = mbedtls_ssl_parse_alpn_ext(ssl, ext + 4,
+                                                 ext + 4 + ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
             case MBEDTLS_TLS_EXT_USE_SRTP:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension"));
 
-                ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
+                ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size);
+                if (ret != 0) {
+                    return ret;
+                }
                 break;
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
             default:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
-                               ext_id ) );
-            }
-
-            ext_len -= 4 + ext_size;
-            ext += 4 + ext_size;
+                MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)",
+                                          ext_id));
         }
 
+        ext_len -= 4 + ext_size;
+        ext += 4 + ext_size;
+    }
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
     /*
      * Try to fall back to default hash SHA1 if the client
      * hasn't provided any preferred signature-hash combinations.
      */
-    if( ! sig_hash_alg_ext_present )
-    {
+    if (!sig_hash_alg_ext_present) {
         uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
         const uint16_t default_sig_algs[] = {
 #if defined(MBEDTLS_ECDSA_C)
-            MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA,
-                                                MBEDTLS_SSL_HASH_SHA1 ),
+            MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
+                                               MBEDTLS_SSL_HASH_SHA1),
 #endif
 #if defined(MBEDTLS_RSA_C)
-            MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA,
-                                                MBEDTLS_SSL_HASH_SHA1 ),
+            MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA,
+                                               MBEDTLS_SSL_HASH_SHA1),
 #endif
             MBEDTLS_TLS_SIG_NONE
         };
 
 #if defined(static_assert)
-        static_assert( sizeof( default_sig_algs ) / sizeof( default_sig_algs[0] ) <=
-                       MBEDTLS_RECEIVED_SIG_ALGS_SIZE, "default_sig_algs is too big" );
+        static_assert(sizeof(default_sig_algs) / sizeof(default_sig_algs[0]) <=
+                      MBEDTLS_RECEIVED_SIG_ALGS_SIZE, "default_sig_algs is too big");
 #endif
 
-        memcpy( received_sig_algs, default_sig_algs, sizeof( default_sig_algs ) );
+        memcpy(received_sig_algs, default_sig_algs, sizeof(default_sig_algs));
     }
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -1580,19 +1513,16 @@
     /*
      * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      */
-    for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
-    {
-        if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+    for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) {
+        if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO "));
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
-                                            "during renegotiation" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV "
+                                          "during renegotiation"));
+                mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                               MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+                return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
             }
 #endif
             ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
@@ -1603,50 +1533,42 @@
     /*
      * Renegotiation security checks
      */
-    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+    if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
+        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake"));
         handshake_failure = 1;
     }
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+    else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
              ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-             renegotiation_info_seen == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+             renegotiation_info_seen == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)"));
         handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+    } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+               ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+               ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed"));
         handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             renegotiation_info_seen == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+    } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+               ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+               renegotiation_info_seen == 1) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)"));
         handshake_failure = 1;
     }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-    if( handshake_failure == 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (handshake_failure == 1) {
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /*
      * Server certification selection (after processing TLS extensions)
      */
-    if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
-        return( ret );
+    if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret);
+        return ret;
     }
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     ssl->handshake->sni_name = NULL;
@@ -1663,59 +1585,61 @@
     ciphersuites = ssl->conf->ciphersuite_list;
     ciphersuite_info = NULL;
 
-    if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
-    {
-        for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-            for( i = 0; ciphersuites[i] != 0; i++ )
-            {
-                if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+    if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) {
+        for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) {
+            for (i = 0; ciphersuites[i] != 0; i++) {
+                if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) {
                     continue;
+                }
 
                 got_common_suite = 1;
 
-                if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
-                                                   &ciphersuite_info ) ) != 0 )
-                    return( ret );
+                if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+                                                 &ciphersuite_info)) != 0) {
+                    return ret;
+                }
 
-                if( ciphersuite_info != NULL )
+                if (ciphersuite_info != NULL) {
                     goto have_ciphersuite;
+                }
             }
+        }
     } else {
-        for( i = 0; ciphersuites[i] != 0; i++ )
-            for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-            {
-                if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+        for (i = 0; ciphersuites[i] != 0; i++) {
+            for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) {
+                if (MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i]) {
                     continue;
+                }
 
                 got_common_suite = 1;
 
-                if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
-                                                   &ciphersuite_info ) ) != 0 )
-                    return( ret );
+                if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i],
+                                                 &ciphersuite_info)) != 0) {
+                    return ret;
+                }
 
-                if( ciphersuite_info != NULL )
+                if (ciphersuite_info != NULL) {
                     goto have_ciphersuite;
+                }
             }
+        }
     }
 
-    if( got_common_suite )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
-                            "but none of them usable" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (got_common_suite) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, "
+                                  "but none of them usable"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common"));
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
 have_ciphersuite:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name));
 
     ssl->session_negotiate->ciphersuite = ciphersuites[i];
     ssl->handshake->ciphersuite_info = ciphersuite_info;
@@ -1723,37 +1647,35 @@
     ssl->state++;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_recv_flight_completed(ssl);
+    }
 #endif
 
     /* Debugging-only output for testsuite */
 #if defined(MBEDTLS_DEBUG_C)                         && \
     defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
-    if( sig_alg != MBEDTLS_PK_NONE )
-    {
+    mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info);
+    if (sig_alg != MBEDTLS_PK_NONE) {
         unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
-                                    ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %u",
-                                    sig_hash ) );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
-                                    "%u - should not happen", (unsigned) sig_alg ) );
+            ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg));
+        MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u",
+                                  sig_hash));
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm "
+                                  "%u - should not happen", (unsigned) sig_alg));
     }
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello"));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
-                               unsigned char *buf,
-                               size_t *olen )
+static void ssl_write_cid_ext(mbedtls_ssl_context *ssl,
+                              unsigned char *buf,
+                              size_t *olen)
 {
     unsigned char *p = buf;
     size_t ext_len;
@@ -1763,41 +1685,41 @@
 
     /* Skip writing the extension if we don't want to use it or if
      * the client hasn't offered it. */
-    if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED )
-        return;
-
-    /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
-     * which is at most 255, so the increment cannot overflow. */
-    if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+    if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) {
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) );
+    /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
+     * which is at most 255, so the increment cannot overflow. */
+    if (end < p || (size_t) (end - p) < (unsigned) (ssl->own_cid_len + 5)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension"));
 
     /*
      *   struct {
      *      opaque cid<0..2^8-1>;
      *   } ConnectionId;
-    */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
+     */
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_CID, p, 0);
     p += 2;
     ext_len = (size_t) ssl->own_cid_len + 1;
-    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
     p += 2;
 
     *p++ = (uint8_t) ssl->own_cid_len;
-    memcpy( p, ssl->own_cid, ssl->own_cid_len );
+    memcpy(p, ssl->own_cid, ssl->own_cid_len);
 
     *olen = ssl->own_cid_len + 5;
 }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                            unsigned char *buf,
-                                            size_t *olen )
+static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl,
+                                           unsigned char *buf,
+                                           size_t *olen)
 {
     unsigned char *p = buf;
     const mbedtls_ssl_ciphersuite_t *suite = NULL;
@@ -1809,29 +1731,28 @@
      * encrypt-then-MAC response extension back to the client."
      */
     suite = mbedtls_ssl_ciphersuite_from_id(
-                    ssl->session_negotiate->ciphersuite );
-    if( suite == NULL )
+        ssl->session_negotiate->ciphersuite);
+    if (suite == NULL) {
         ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
-    else
-    {
+    } else {
         mbedtls_ssl_mode_t ssl_mode =
             mbedtls_ssl_get_mode_from_ciphersuite(
                 ssl->session_negotiate->encrypt_then_mac,
-                suite );
+                suite);
 
-        if( ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM )
+        if (ssl_mode != MBEDTLS_SSL_MODE_CBC_ETM) {
             ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
+        }
     }
 
-    if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
-    {
+    if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -1842,22 +1763,21 @@
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf,
-                                       size_t *olen )
+static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl,
+                                      unsigned char *buf,
+                                      size_t *olen)
 {
     unsigned char *p = buf;
 
-    if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED )
-    {
+    if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
-                        "extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret "
+                              "extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -1868,21 +1788,20 @@
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          size_t *olen )
+static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         size_t *olen)
 {
     unsigned char *p = buf;
 
-    if( ssl->handshake->new_session_ticket == 0 )
-    {
+    if (ssl->handshake->new_session_ticket == 0) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -1892,36 +1811,33 @@
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         size_t *olen )
+static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        size_t *olen)
 {
     unsigned char *p = buf;
 
-    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION )
-    {
+    if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0);
     p += 2;
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         *p++ = 0x00;
-        *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+        *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF;
         *p++ = ssl->verify_data_len * 2 & 0xFF;
 
-        memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+        memcpy(p, ssl->peer_verify_data, ssl->verify_data_len);
         p += ssl->verify_data_len;
-        memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+        memcpy(p, ssl->own_verify_data, ssl->verify_data_len);
         p += ssl->verify_data_len;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
     {
         *p++ = 0x00;
@@ -1933,21 +1849,20 @@
 }
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               size_t *olen )
+static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              size_t *olen)
 {
     unsigned char *p = buf;
 
-    if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
-    {
+    if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -1961,23 +1876,22 @@
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                   unsigned char *buf,
-                                                   size_t *olen )
+static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
+                                                  unsigned char *buf,
+                                                  size_t *olen)
 {
     unsigned char *p = buf;
     ((void) ssl);
 
-    if( ( ssl->handshake->cli_exts &
-          MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
-    {
+    if ((ssl->handshake->cli_exts &
+         MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) {
         *olen = 0;
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0);
     p += 2;
 
     *p++ = 0x00;
@@ -1991,9 +1905,9 @@
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        size_t *olen )
+static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl,
+                                       unsigned char *buf,
+                                       size_t *olen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2003,54 +1917,52 @@
     *olen = 0;
 
     /* Skip costly computation if not needed */
-    if( ssl->handshake->ciphersuite_info->key_exchange !=
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
-
-    if( end - p < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+    if (ssl->handshake->ciphersuite_info->key_exchange !=
+        MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         return;
     }
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension"));
+
+    if (end - p < 4) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+        return;
+    }
+
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0);
     p += 2;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx,
-                                p + 2, end - p - 2, &kkpp_len,
-                                MBEDTLS_ECJPAKE_ROUND_ONE );
-    if ( ret != 0 )
-    {
-        psa_destroy_key( ssl->handshake->psa_pake_password );
-        psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-        MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret );
+    ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
+                                          p + 2, end - p - 2, &kkpp_len,
+                                          MBEDTLS_ECJPAKE_ROUND_ONE);
+    if (ret != 0) {
+        psa_destroy_key(ssl->handshake->psa_pake_password);
+        psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
         return;
     }
 #else
-    ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
-                                        p + 2, end - p - 2, &kkpp_len,
-                                        ssl->conf->f_rng, ssl->conf->p_rng );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
+    ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
+                                          p + 2, end - p - 2, &kkpp_len,
+                                          ssl->conf->f_rng, ssl->conf->p_rng);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret);
         return;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0);
     p += 2;
 
     *olen = kkpp_len + 4;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS)
-static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                    unsigned char *buf,
-                                    size_t *olen )
+#if defined(MBEDTLS_SSL_DTLS_SRTP) && defined(MBEDTLS_SSL_PROTO_DTLS)
+static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl,
+                                   unsigned char *buf,
+                                   size_t *olen)
 {
     size_t mki_len = 0, ext_len = 0;
     uint16_t profile_value = 0;
@@ -2058,16 +1970,14 @@
 
     *olen = 0;
 
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) )
-    {
+    if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
+        (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) {
         return;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension"));
 
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
-    {
+    if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) {
         mki_len = ssl->dtls_srtp_info.mki_len;
     }
 
@@ -2079,38 +1989,34 @@
      * - 1 byte for the mki length
      * +  the actual mki length
      * Check we have enough room in the output buffer */
-    if( (size_t)( end - buf ) < mki_len + 9 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+    if ((size_t) (end - buf) < mki_len + 9) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
         return;
     }
 
     /* extension */
-    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_USE_SRTP, buf, 0);
     /*
      * total length 5 and mki value: only one profile(2 bytes)
      *              and length(2 bytes) and srtp_mki  )
      */
     ext_len = 5 + mki_len;
-    MBEDTLS_PUT_UINT16_BE( ext_len, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(ext_len, buf, 2);
 
     /* protection profile length: 2 */
     buf[4] = 0x00;
     buf[5] = 0x02;
     profile_value = mbedtls_ssl_check_srtp_profile_value(
-                                ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
-    if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
-    {
-        MBEDTLS_PUT_UINT16_BE( profile_value, buf, 6 );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) );
+        ssl->dtls_srtp_info.chosen_dtls_srtp_profile);
+    if (profile_value != MBEDTLS_TLS_SRTP_UNSET) {
+        MBEDTLS_PUT_UINT16_BE(profile_value, buf, 6);
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile"));
         return;
     }
 
     buf[8] = mki_len & 0xFF;
-    memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len );
+    memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len);
 
     *olen = 9 + mki_len;
 }
@@ -2118,13 +2024,13 @@
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
+static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = ssl->out_msg + 4;
     unsigned char *cookie_len_byte;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request"));
 
     /*
      * struct {
@@ -2135,31 +2041,29 @@
 
     /* The RFC is not clear on this point, but sending the actual negotiated
      * version looks like the most interoperable thing to do. */
-    mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
+    mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version);
+    MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2);
     p += 2;
 
     /* If we get here, f_cookie_check is not null */
-    if( ssl->conf->f_cookie_write == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (ssl->conf->f_cookie_write == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* Skip length byte until we know the length */
     cookie_len_byte = p++;
 
-    if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
-                                     &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
-                                     ssl->cli_id, ssl->cli_id_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret );
-        return( ret );
+    if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie,
+                                         &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
+                                         ssl->cli_id, ssl->cli_id_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret);
+        return ret;
     }
 
-    *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) );
+    *cookie_len_byte = (unsigned char) (p - (cookie_len_byte + 1));
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte );
+    MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte);
 
     ssl->out_msglen  = p - ssl->out_msg;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -2167,28 +2071,26 @@
 
     ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
-        return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+        return ret;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
 
-static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl )
+static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl)
 {
     int ret;
     mbedtls_ssl_session session_tmp;
@@ -2196,47 +2098,51 @@
 
     /* Resume is 0  by default, see ssl_handshake_init().
      * It may be already set to 1 by ssl_parse_session_ticket_ext(). */
-    if( ssl->handshake->resume == 1 )
+    if (ssl->handshake->resume == 1) {
         return;
-    if( session->id_len == 0 )
+    }
+    if (session->id_len == 0) {
         return;
-    if( ssl->conf->f_get_cache == NULL )
+    }
+    if (ssl->conf->f_get_cache == NULL) {
         return;
+    }
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) {
         return;
+    }
 #endif
 
-    mbedtls_ssl_session_init( &session_tmp );
+    mbedtls_ssl_session_init(&session_tmp);
 
-    ret = ssl->conf->f_get_cache( ssl->conf->p_cache,
-                                  session->id,
-                                  session->id_len,
-                                  &session_tmp );
-    if( ret != 0 )
+    ret = ssl->conf->f_get_cache(ssl->conf->p_cache,
+                                 session->id,
+                                 session->id_len,
+                                 &session_tmp);
+    if (ret != 0) {
         goto exit;
+    }
 
-    if( session->ciphersuite != session_tmp.ciphersuite )
-    {
+    if (session->ciphersuite != session_tmp.ciphersuite) {
         /* Mismatch between cached and negotiated session */
         goto exit;
     }
 
     /* Move semantics */
-    mbedtls_ssl_session_free( session );
+    mbedtls_ssl_session_free(session);
     *session = session_tmp;
-    memset( &session_tmp, 0, sizeof( session_tmp ) );
+    memset(&session_tmp, 0, sizeof(session_tmp));
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache"));
     ssl->handshake->resume = 1;
 
 exit:
 
-    mbedtls_ssl_session_free( &session_tmp );
+    mbedtls_ssl_session_free(&session_tmp);
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t t;
@@ -2245,23 +2151,21 @@
     size_t olen, ext_len = 0, n;
     unsigned char *buf, *p;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello"));
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->cookie_verify_result != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->cookie_verify_result != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated"));
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
 
-        return( ssl_write_hello_verify_request( ssl ) );
+        return ssl_write_hello_verify_request(ssl);
     }
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
 
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
+    if (ssl->conf->f_rng == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+        return MBEDTLS_ERR_SSL_NO_RNG;
     }
 
     /*
@@ -2274,39 +2178,40 @@
     buf = ssl->out_msg;
     p = buf + 4;
 
-    mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
+    mbedtls_ssl_write_version(p, ssl->conf->transport, ssl->tls_version);
     p += 2;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
-                        buf[4], buf[5] ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]",
+                              buf[4], buf[5]));
 
 #if defined(MBEDTLS_HAVE_TIME)
-    t = mbedtls_time( NULL );
-    MBEDTLS_PUT_UINT32_BE( t, p, 0 );
+    t = mbedtls_time(NULL);
+    MBEDTLS_PUT_UINT32_BE(t, p, 0);
     p += 4;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
-                                (long long) t ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+                              (long long) t));
 #else
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
-        return( ret );
+    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+        return ret;
+    }
 
     p += 4;
 #endif /* MBEDTLS_HAVE_TIME */
 
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
-        return( ret );
+    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) {
+        return ret;
+    }
 
     p += 28;
 
-    memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
+    memcpy(ssl->handshake->randbytes + 32, buf + 6, 32);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32);
 
-    ssl_handle_id_based_session_resumption( ssl );
+    ssl_handle_id_based_session_resumption(ssl);
 
-    if( ssl->handshake->resume == 0 )
-    {
+    if (ssl->handshake->resume == 0) {
         /*
          * New session, create a new session id,
          * unless we're about to issue a session ticket
@@ -2314,36 +2219,32 @@
         ssl->state++;
 
 #if defined(MBEDTLS_HAVE_TIME)
-        ssl->session_negotiate->start = mbedtls_time( NULL );
+        ssl->session_negotiate->start = mbedtls_time(NULL);
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        if( ssl->handshake->new_session_ticket != 0 )
-        {
+        if (ssl->handshake->new_session_ticket != 0) {
             ssl->session_negotiate->id_len = n = 0;
-            memset( ssl->session_negotiate->id, 0, 32 );
-        }
-        else
+            memset(ssl->session_negotiate->id, 0, 32);
+        } else
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
         {
             ssl->session_negotiate->id_len = n = 32;
-            if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
-                                    n ) ) != 0 )
-                return( ret );
+            if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id,
+                                        n)) != 0) {
+                return ret;
+            }
         }
-    }
-    else
-    {
+    } else {
         /*
          * Resuming a session
          */
         n = ssl->session_negotiate->id_len;
         ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
 
-        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+            return ret;
         }
     }
 
@@ -2356,90 +2257,89 @@
      *   44+n . 43+n+m  extensions
      */
     *p++ = (unsigned char) ssl->session_negotiate->id_len;
-    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+    memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len);
     p += ssl->session_negotiate->id_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 39, n );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
-                   ssl->handshake->resume ? "a" : "no" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n));
+    MBEDTLS_SSL_DEBUG_BUF(3,   "server hello, session id", buf + 39, n);
+    MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
+                              ssl->handshake->resume ? "a" : "no"));
 
-    MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0);
     p += 2;
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_SSL_COMPRESS_NULL );
+    *p++ = MBEDTLS_BYTE_0(MBEDTLS_SSL_COMPRESS_NULL);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
-           mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
-                   (unsigned int) MBEDTLS_SSL_COMPRESS_NULL ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s",
+                              mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite)));
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X",
+                              (unsigned int) MBEDTLS_SSL_COMPRESS_NULL));
 
     /*
      *  First write extensions, then the total length
      */
-    ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
-    ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     const mbedtls_ssl_ciphersuite_t *suite =
-        mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
-    if ( suite != NULL && mbedtls_ssl_ciphersuite_uses_ec( suite) )
-    {
-        ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+        mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite);
+    if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) {
+        ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen);
         ext_len += olen;
     }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_ALPN)
     unsigned char *end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
-    if( ( ret = mbedtls_ssl_write_alpn_ext( ssl, p + 2 + ext_len, end, &olen ) )
-        != 0 )
+    if ((ret = mbedtls_ssl_write_alpn_ext(ssl, p + 2 + ext_len, end, &olen))
+        != 0) {
         return ret;
+    }
 
     ext_len += olen;
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-    ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen );
+    ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen);
     ext_len += olen;
 #endif
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
-                                ext_len ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+                              ext_len));
 
-    if( ext_len > 0 )
-    {
-        MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
+    if (ext_len > 0) {
+        MBEDTLS_PUT_UINT16_BE(ext_len, p, 0);
         p += 2 + ext_len;
     }
 
@@ -2447,35 +2347,34 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO;
 
-    ret = mbedtls_ssl_write_handshake_msg( ssl );
+    ret = mbedtls_ssl_write_handshake_msg(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
 
-    return( ret );
+    return ret;
 }
 
 #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
@@ -2487,22 +2386,21 @@
     const mbedtls_x509_crt *crt;
     int authmode;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
 
     ssl->state++;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+    if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
         authmode = ssl->handshake->sni_authmode;
-    else
+    } else
 #endif
-        authmode = ssl->conf->authmode;
+    authmode = ssl->conf->authmode;
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
-        authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
-        return( 0 );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) ||
+        authmode == MBEDTLS_SSL_VERIFY_NONE) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
+        return 0;
     }
 
     /*
@@ -2553,29 +2451,31 @@
      *     enum { (255) } HashAlgorithm;
      *     enum { (255) } SignatureAlgorithm;
      */
-    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
-    if( sig_alg == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs(ssl);
+    if (sig_alg == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
+    }
 
-    for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
-    {
-        unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
+    for (; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++) {
+        unsigned char hash = MBEDTLS_BYTE_1(*sig_alg);
 
-        if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+        if (mbedtls_ssl_set_calc_verify_md(ssl, hash)) {
             continue;
-        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+        }
+        if (!mbedtls_ssl_sig_alg_is_supported(ssl, *sig_alg)) {
             continue;
+        }
 
         /* Write elements at offsets starting from 1 (offset 0 is for the
          * length). Thus the offset of each element is the length of the
          * partial list including that element. */
         sa_len += 2;
-        MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
+        MBEDTLS_PUT_UINT16_BE(*sig_alg, p, sa_len);
 
     }
 
     /* Fill in list length. */
-    MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(sa_len, p, 0);
     sa_len += 2;
     p += sa_len;
 
@@ -2587,8 +2487,7 @@
 
     total_dn_size = 0;
 
-    if( ssl->conf->cert_req_ca_list ==  MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
-    {
+    if (ssl->conf->cert_req_ca_list ==  MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) {
         /* NOTE: If trusted certificates are provisioned
          *       via a CA callback (configured through
          *       `mbedtls_ssl_conf_ca_cb()`, then the
@@ -2596,39 +2495,37 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->dn_hints != NULL )
+        if (ssl->handshake->dn_hints != NULL) {
             crt = ssl->handshake->dn_hints;
-        else
+        } else
 #endif
-        if( ssl->conf->dn_hints != NULL )
+        if (ssl->conf->dn_hints != NULL) {
             crt = ssl->conf->dn_hints;
-        else
+        } else
 #endif
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_ca_chain != NULL )
+        if (ssl->handshake->sni_ca_chain != NULL) {
             crt = ssl->handshake->sni_ca_chain;
-        else
+        } else
 #endif
-            crt = ssl->conf->ca_chain;
+        crt = ssl->conf->ca_chain;
 
-        while( crt != NULL && crt->version != 0 )
-        {
+        while (crt != NULL && crt->version != 0) {
             /* It follows from RFC 5280 A.1 that this length
              * can be represented in at most 11 bits. */
             dn_size = (uint16_t) crt->subject_raw.len;
 
-            if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
+            if (end < p || (size_t) (end - p) < 2 + (size_t) dn_size) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short"));
                 break;
             }
 
-            MBEDTLS_PUT_UINT16_BE( dn_size, p, 0 );
+            MBEDTLS_PUT_UINT16_BE(dn_size, p, 0);
             p += 2;
-            memcpy( p, crt->subject_raw.p, dn_size );
+            memcpy(p, crt->subject_raw.p, dn_size);
             p += dn_size;
 
-            MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
+            MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size);
 
             total_dn_size += 2 + dn_size;
             crt = crt->next;
@@ -2638,21 +2535,21 @@
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
-    MBEDTLS_PUT_UINT16_BE( total_dn_size, ssl->out_msg, 4 + ct_len + sa_len );
+    MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len);
 
-    ret = mbedtls_ssl_write_handshake_msg( ssl );
+    ret = mbedtls_ssl_write_handshake_msg(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request"));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) &&                      \
-        ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-          defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
+    (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -2665,119 +2562,116 @@
     mbedtls_pk_context *pk;
     mbedtls_ecp_keypair *key;
 
-    pk = mbedtls_ssl_own_key( ssl );
+    pk = mbedtls_ssl_own_key(ssl);
 
-    if( pk == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (pk == NULL) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    switch( mbedtls_pk_get_type( pk ) )
-    {
-    case MBEDTLS_PK_OPAQUE:
-        if( ! mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
-            return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    switch (mbedtls_pk_get_type(pk)) {
+        case MBEDTLS_PK_OPAQUE:
+            if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
+                return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
+            }
 
-        ssl->handshake->ecdh_psa_privkey =
-                *( (mbedtls_svc_key_id_t*) pk->pk_ctx );
+            ssl->handshake->ecdh_psa_privkey =
+                *((mbedtls_svc_key_id_t *) pk->pk_ctx);
 
-        /* Key should not be destroyed in the TLS library */
-        ssl->handshake->ecdh_psa_privkey_is_external = 1;
+            /* Key should not be destroyed in the TLS library */
+            ssl->handshake->ecdh_psa_privkey_is_external = 1;
 
-        status = psa_get_key_attributes( ssl->handshake->ecdh_psa_privkey,
-                                         &key_attributes );
-        if( status != PSA_SUCCESS)
-        {
-            ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( psa_ssl_status_to_mbedtls( status ) );
-        }
+            status = psa_get_key_attributes(ssl->handshake->ecdh_psa_privkey,
+                                            &key_attributes);
+            if (status != PSA_SUCCESS) {
+                ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
+                return psa_ssl_status_to_mbedtls(status);
+            }
 
-        ssl->handshake->ecdh_psa_type = psa_get_key_type( &key_attributes );
-        ssl->handshake->ecdh_bits = psa_get_key_bits( &key_attributes );
+            ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
+            ssl->handshake->ecdh_bits = psa_get_key_bits(&key_attributes);
 
-        psa_reset_key_attributes( &key_attributes );
+            psa_reset_key_attributes(&key_attributes);
 
-        ret = 0;
-        break;
-    case MBEDTLS_PK_ECKEY:
-    case MBEDTLS_PK_ECKEY_DH:
-    case MBEDTLS_PK_ECDSA:
-        key = mbedtls_pk_ec( *pk );
-        if( key == NULL )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            ret = 0;
+            break;
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+            key = mbedtls_pk_ec(*pk);
+            if (key == NULL) {
+                return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+            }
 
-        tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( key->grp.id );
-        if( tls_id == 0 )
-        {
-            /* This elliptic curve is not supported */
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        }
+            tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(key->grp.id);
+            if (tls_id == 0) {
+                /* This elliptic curve is not supported */
+                return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+            }
 
-        /* If the above conversion to TLS ID was fine, then also this one will
-           be, so there is no need to check the return value here */
-        mbedtls_ssl_get_psa_curve_info_from_tls_id( tls_id, &ecc_family,
-                                &ssl->handshake->ecdh_bits );
+            /* If the above conversion to TLS ID was fine, then also this one will
+               be, so there is no need to check the return value here */
+            mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &ecc_family,
+                                                       &ssl->handshake->ecdh_bits);
 
-        ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ecc_family );
+            ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family);
 
-        key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes,
-                PSA_KEY_TYPE_ECC_KEY_PAIR( ssl->handshake->ecdh_psa_type ) );
-        psa_set_key_bits( &key_attributes, ssl->handshake->ecdh_bits );
+            key_attributes = psa_key_attributes_init();
+            psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+            psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+            psa_set_key_type(&key_attributes,
+                             PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
+            psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
 
-        key_len = PSA_BITS_TO_BYTES( key->grp.pbits );
-        ret = mbedtls_ecp_write_key( key, buf, key_len );
-        if( ret != 0 )
-            goto cleanup;
+            key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
+            ret = mbedtls_ecp_write_key(key, buf, key_len);
+            if (ret != 0) {
+                goto cleanup;
+            }
 
-        status = psa_import_key( &key_attributes, buf, key_len,
-                                 &ssl->handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            goto cleanup;
-        }
+            status = psa_import_key(&key_attributes, buf, key_len,
+                                    &ssl->handshake->ecdh_psa_privkey);
+            if (status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+                goto cleanup;
+            }
 
-        ret = 0;
-        break;
-    default:
+            ret = 0;
+            break;
+        default:
             ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
     }
 
 cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
+    mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 #elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    const mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
-    if( private_key == NULL)
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no server private key" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
+    if (private_key == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no server private key"));
+        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
     }
 
-    if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_ECKEY ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
+        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
     }
 
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
-                                 mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ),
-                                 MBEDTLS_ECDH_OURS ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        return( ret );
+    if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
+                                       mbedtls_pk_ec(*mbedtls_ssl_own_key(ssl)),
+                                       MBEDTLS_ECDH_OURS)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
@@ -2785,8 +2679,8 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
     defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
-                                           size_t *signature_len )
+static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl,
+                                          size_t *signature_len)
 {
     /* Append the signature to ssl->out_msg, leaving 2 bytes for the
      * signature length which will be added in ssl_write_server_key_exchange
@@ -2794,17 +2688,16 @@
      * ssl_write_server_key_exchange also takes care of incrementing
      * ssl->out_msglen. */
     unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2;
-    size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN
-                           - sig_start );
-    int ret = ssl->conf->f_async_resume( ssl,
-                                         sig_start, signature_len, sig_max_len );
-    if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
-    {
+    size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN
+                          - sig_start);
+    int ret = ssl->conf->f_async_resume(ssl,
+                                        sig_start, signature_len, sig_max_len);
+    if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
         ssl->handshake->async_in_progress = 0;
-        mbedtls_ssl_set_async_operation_data( ssl, NULL );
+        mbedtls_ssl_set_async_operation_data(ssl, NULL);
     }
-    MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret);
+    return ret;
 }
 #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
           defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
@@ -2813,8 +2706,8 @@
  * calculating the signature if any, but excluding formatting the
  * signature and sending the message. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
-                                            size_t *signature_len )
+static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
+                                           size_t *signature_len)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
@@ -2832,9 +2725,9 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf );
+    size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf);
 #else
-    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf );
+    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf);
 #endif
 #endif
 
@@ -2850,8 +2743,7 @@
      * - ECJPAKE key exchanges
      */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         unsigned char *out_p = ssl->out_msg + ssl->out_msglen;
@@ -2869,25 +2761,23 @@
          * TLS ID here
          */
         uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
-                                    MBEDTLS_ECP_DP_SECP256R1 );
-        if( tls_id ==0 )
-        {
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            MBEDTLS_ECP_DP_SECP256R1);
+        if (tls_id == 0) {
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
         *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE;
-        MBEDTLS_PUT_UINT16_BE( tls_id, out_p, 1 );
+        MBEDTLS_PUT_UINT16_BE(tls_id, out_p, 1);
         output_offset += 3;
 
-        ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx,
-                                    out_p + output_offset,
-                                    end_p - out_p - output_offset, &output_len,
-                                    MBEDTLS_ECJPAKE_ROUND_TWO );
-        if( ret != 0 )
-        {
-            psa_destroy_key( ssl->handshake->psa_pake_password );
-            psa_pake_abort( &ssl->handshake->psa_pake_ctx );
-            MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret );
-            return( ret );
+        ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
+                                              out_p + output_offset,
+                                              end_p - out_p - output_offset, &output_len,
+                                              MBEDTLS_ECJPAKE_ROUND_TWO);
+        if (ret != 0) {
+            psa_destroy_key(ssl->handshake->psa_pake_password);
+            psa_pake_abort(&ssl->handshake->psa_pake_ctx);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret);
+            return ret;
         }
 
         output_offset += output_len;
@@ -2899,11 +2789,10 @@
             &ssl->handshake->ecjpake_ctx,
             ssl->out_msg + ssl->out_msglen,
             MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
-            ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
-            return( ret );
+            ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret);
+            return ret;
         }
 
         ssl->out_msglen += len;
@@ -2918,9 +2807,8 @@
      **/
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)   || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         ssl->out_msg[ssl->out_msglen++] = 0x00;
         ssl->out_msg[ssl->out_msglen++] = 0x00;
     }
@@ -2931,15 +2819,13 @@
      * - DHE key exchanges
      */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) )
-    {
+    if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t len = 0;
 
-        if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set"));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
         }
 
         /*
@@ -2951,22 +2837,20 @@
          *     opaque dh_Ys<1..2^16-1>;
          * } ServerDHParams;
          */
-        if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx,
-                                           &ssl->conf->dhm_P,
-                                           &ssl->conf->dhm_G ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret );
-            return( ret );
+        if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx,
+                                         &ssl->conf->dhm_P,
+                                         &ssl->conf->dhm_G)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret);
+            return ret;
         }
 
-        if( ( ret = mbedtls_dhm_make_params(
-                  &ssl->handshake->dhm_ctx,
-                  (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
-                  ssl->out_msg + ssl->out_msglen, &len,
-                  ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
-            return( ret );
+        if ((ret = mbedtls_dhm_make_params(
+                 &ssl->handshake->dhm_ctx,
+                 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
+                 ssl->out_msg + ssl->out_msglen, &len,
+                 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret);
+            return ret;
         }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
@@ -2975,10 +2859,10 @@
 
         ssl->out_msglen += len;
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */
 
@@ -2986,8 +2870,7 @@
      * - ECDHE key exchanges
      */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) )
-    {
+    if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) {
         /*
          * Ephemeral ECDH parameters:
          *
@@ -2997,28 +2880,31 @@
          * } ServerECDHParams;
          */
         uint16_t *curr_tls_id = ssl->handshake->curves_tls_id;
-        const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+        const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         size_t len = 0;
 
         /* Match our preference list against the offered curves */
-        if( ( group_list == NULL ) || ( curr_tls_id == NULL ) )
-            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-        for( ; *group_list != 0; group_list++ )
-            for( curr_tls_id = ssl->handshake->curves_tls_id;
-                 *curr_tls_id != 0; curr_tls_id++ )
-                if( *curr_tls_id == *group_list )
+        if ((group_list == NULL) || (curr_tls_id == NULL)) {
+            return MBEDTLS_ERR_SSL_BAD_CONFIG;
+        }
+        for (; *group_list != 0; group_list++) {
+            for (curr_tls_id = ssl->handshake->curves_tls_id;
+                 *curr_tls_id != 0; curr_tls_id++) {
+                if (*curr_tls_id == *group_list) {
                     goto curve_matching_done;
-
-curve_matching_done:
-        if( *curr_tls_id == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                }
+            }
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s",
-                    mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id) ) );
+curve_matching_done:
+        if (*curr_tls_id == 0) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE"));
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s",
+                                  mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id)));
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3031,23 +2917,23 @@
         psa_ecc_family_t ec_psa_family = 0;
         size_t ec_bits = 0;
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
 
         /* Convert EC's TLS ID to PSA key type. */
-        if( mbedtls_ssl_get_psa_curve_info_from_tls_id( *curr_tls_id,
-                &ec_psa_family, &ec_bits ) == PSA_ERROR_NOT_SUPPORTED )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group parse." ) );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id,
+                                                       &ec_psa_family,
+                                                       &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse."));
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
-        handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family );
+        handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
         handshake->ecdh_bits = ec_bits;
 
         key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
-        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+        psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+        psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+        psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
+        psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
 
         /*
          * ECParameters curve_params
@@ -3059,17 +2945,16 @@
         /*
          * Next two bytes are the namedcurve value
          */
-        MBEDTLS_PUT_UINT16_BE( *curr_tls_id, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(*curr_tls_id, p, 0);
         p += 2;
 
         /* Generate ECDH private key. */
-        status = psa_generate_key( &key_attributes,
-                                   &handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
-            return( ret );
+        status = psa_generate_key(&key_attributes,
+                                  &handshake->ecdh_psa_privkey);
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
+            return ret;
         }
 
         /*
@@ -3084,19 +2969,18 @@
          */
         unsigned char *own_pubkey = p + data_length_size;
 
-        size_t own_pubkey_max_len = (size_t)( MBEDTLS_SSL_OUT_CONTENT_LEN
-                                    - ( own_pubkey - ssl->out_msg ) );
+        size_t own_pubkey_max_len = (size_t) (MBEDTLS_SSL_OUT_CONTENT_LEN
+                                              - (own_pubkey - ssl->out_msg));
 
-        status = psa_export_public_key( handshake->ecdh_psa_privkey,
-                                        own_pubkey, own_pubkey_max_len,
-                                        &len );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
-            (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+        status = psa_export_public_key(handshake->ecdh_psa_privkey,
+                                       own_pubkey, own_pubkey_max_len,
+                                       &len);
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
+            (void) psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( ret );
+            return ret;
         }
 
         /* Store the length of the exported public key. */
@@ -3106,27 +2990,25 @@
         len += header_size;
 #else
         mbedtls_ecp_group_id curr_grp_id =
-                    mbedtls_ssl_get_ecp_group_id_from_tls_id( *curr_tls_id );
+            mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
 
-        if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx,
-                                        curr_grp_id ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
-            return( ret );
+        if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
+                                      curr_grp_id)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret);
+            return ret;
         }
 
-        if( ( ret = mbedtls_ecdh_make_params(
-                &ssl->handshake->ecdh_ctx, &len,
-                ssl->out_msg + ssl->out_msglen,
-                MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
-                ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
-            return( ret );
+        if ((ret = mbedtls_ecdh_make_params(
+                 &ssl->handshake->ecdh_ctx, &len,
+                 ssl->out_msg + ssl->out_msglen,
+                 MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
+                 ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret);
+            return ret;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Q );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_Q);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
@@ -3144,12 +3026,10 @@
      *
      */
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
-    {
-        if( dig_signed == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
+        if (dig_signed == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
@@ -3165,45 +3045,42 @@
          */
 
         mbedtls_pk_type_t sig_alg =
-            mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+            mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info);
 
         unsigned int sig_hash =
             mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
-                ssl, mbedtls_ssl_sig_from_pk_alg( sig_alg ) );
+                ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg));
 
-        mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash( sig_hash );
+        mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash(sig_hash);
 
         /*    For TLS 1.2, obey signature-hash-algorithm extension
          *    (RFC 5246, Sec. 7.4.1.4.1). */
-        if( sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
             /* (... because we choose a cipher suite
              *      only if there is a matching hash.) */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
+        MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg));
 
         /*
          * 2.2: Compute the hash to be signed
          */
-        if( md_alg != MBEDTLS_MD_NONE )
-        {
-            ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
-                                                          dig_signed,
-                                                          dig_signed_len,
-                                                          md_alg );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        if (md_alg != MBEDTLS_MD_NONE) {
+            ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen,
+                                                         dig_signed,
+                                                         dig_signed_len,
+                                                         md_alg);
+            if (ret != 0) {
+                return ret;
+            }
+        } else {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+        MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen);
 
         /*
          * 2.3: Compute and add the signature
@@ -3224,37 +3101,34 @@
          *
          */
 
-        ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg( md_alg );
-        ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg( sig_alg );
+        ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg(md_alg);
+        ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg(sig_alg);
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-        if( ssl->conf->f_async_sign_start != NULL )
-        {
-            ret = ssl->conf->f_async_sign_start( ssl,
-                                                 mbedtls_ssl_own_cert( ssl ),
-                                                 md_alg, hash, hashlen );
-            switch( ret )
-            {
-            case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
-                /* act as if f_async_sign was null */
-                break;
-            case 0:
-                ssl->handshake->async_in_progress = 1;
-                return( ssl_resume_server_key_exchange( ssl, signature_len ) );
-            case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
-                ssl->handshake->async_in_progress = 1;
-                return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
-            default:
-                MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign_start", ret );
-                return( ret );
+        if (ssl->conf->f_async_sign_start != NULL) {
+            ret = ssl->conf->f_async_sign_start(ssl,
+                                                mbedtls_ssl_own_cert(ssl),
+                                                md_alg, hash, hashlen);
+            switch (ret) {
+                case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
+                    /* act as if f_async_sign was null */
+                    break;
+                case 0:
+                    ssl->handshake->async_in_progress = 1;
+                    return ssl_resume_server_key_exchange(ssl, signature_len);
+                case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
+                    ssl->handshake->async_in_progress = 1;
+                    return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+                default:
+                    MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret);
+                    return ret;
             }
         }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-        if( mbedtls_ssl_own_key( ssl ) == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) );
-            return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+        if (mbedtls_ssl_own_key(ssl) == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key"));
+            return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
         }
 
         /* Append the signature to ssl->out_msg, leaving 2 bytes for the
@@ -3262,21 +3136,20 @@
          * after the call to ssl_prepare_server_key_exchange.
          * ssl_write_server_key_exchange also takes care of incrementing
          * ssl->out_msglen. */
-        if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ),
-                                     md_alg, hash, hashlen,
-                                     ssl->out_msg + ssl->out_msglen + 2,
-                                     out_buf_len - ssl->out_msglen - 2,
-                                     signature_len,
-                                     ssl->conf->f_rng,
-                                     ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
-            return( ret );
+        if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl),
+                                   md_alg, hash, hashlen,
+                                   ssl->out_msg + ssl->out_msglen + 2,
+                                   out_buf_len - ssl->out_msglen - 2,
+                                   signature_len,
+                                   ssl->conf->f_rng,
+                                   ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
+            return ret;
         }
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
 
-    return( 0 );
+    return 0;
 }
 
 /* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -3284,41 +3157,38 @@
  * way, if successful, move on to the next step in the SSL state
  * machine. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t signature_len = 0;
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-                            ssl->handshake->ciphersuite_info;
+        ssl->handshake->ciphersuite_info;
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange"));
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
     /* Extract static ECDH parameters and abort if ServerKeyExchange
      * is not needed. */
-    if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) )
-    {
+    if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
         /* For suites involving ECDH, extract DH parameters
          * from certificate at this point. */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-        if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
-        {
-            ret = ssl_get_ecdh_params_from_cert( ssl );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
-                return( ret );
+        if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) {
+            ret = ssl_get_ecdh_params_from_cert(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
+                return ret;
             }
         }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
 
         /* Key exchanges not involving ephemeral keys don't use
          * ServerKeyExchange, so end here. */
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
 
@@ -3326,44 +3196,41 @@
     defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     /* If we have already prepared the message and there is an ongoing
      * signature operation, resume signing. */
-    if( ssl->handshake->async_in_progress != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
-        ret = ssl_resume_server_key_exchange( ssl, &signature_len );
-    }
-    else
+    if (ssl->handshake->async_in_progress != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation"));
+        ret = ssl_resume_server_key_exchange(ssl, &signature_len);
+    } else
 #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
           defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
     {
         /* ServerKeyExchange is needed. Prepare the message. */
-        ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
+        ret = ssl_prepare_server_key_exchange(ssl, &signature_len);
     }
 
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         /* If we're starting to write a new message, set ssl->out_msglen
          * to 0. But if we're resuming after an asynchronous message,
          * out_msglen is the amount of data written so far and mst be
          * preserved. */
-        if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) );
-        else
+        if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)"));
+        } else {
             ssl->out_msglen = 0;
-        return( ret );
+        }
+        return ret;
     }
 
     /* If there is a signature, write its length.
      * ssl_prepare_server_key_exchange already wrote the signature
      * itself at its proper place in the output buffer. */
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-    if( signature_len != 0 )
-    {
-        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1( signature_len );
-        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0( signature_len );
+    if (signature_len != 0) {
+        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_1(signature_len);
+        ssl->out_msg[ssl->out_msglen++] = MBEDTLS_BYTE_0(signature_len);
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "my signature",
-                               ssl->out_msg + ssl->out_msglen,
-                               signature_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "my signature",
+                              ssl->out_msg + ssl->out_msglen,
+                              signature_len);
 
         /* Skip over the already-written signature */
         ssl->out_msglen += signature_len;
@@ -3376,22 +3243,21 @@
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange"));
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
+static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done"));
 
     ssl->out_msglen  = 4;
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -3400,35 +3266,34 @@
     ssl->state++;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+        mbedtls_ssl_send_flight_completed(ssl);
+    }
 #endif
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
-        return( ret );
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret);
+        return ret;
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done"));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
-                                       const unsigned char *end )
+static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p,
+                                      const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     size_t n;
@@ -3436,32 +3301,29 @@
     /*
      * Receive G^Y mod P, premaster = (G^Y)^X mod P
      */
-    if( *p + 2 > end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (*p + 2 > end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    n = ( (*p)[0] << 8 ) | (*p)[1];
+    n = ((*p)[0] << 8) | (*p)[1];
     *p += 2;
 
-    if( *p + n > end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (*p + n > end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     *p += n;
 
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+    MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -3471,120 +3333,113 @@
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
-                                   unsigned char *peer_pms,
-                                   size_t *peer_pmslen,
-                                   size_t peer_pmssize )
+static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
+                                  unsigned char *peer_pms,
+                                  size_t *peer_pmslen,
+                                  size_t peer_pmssize)
 {
-    int ret = ssl->conf->f_async_resume( ssl,
-                                         peer_pms, peer_pmslen, peer_pmssize );
-    if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
-    {
+    int ret = ssl->conf->f_async_resume(ssl,
+                                        peer_pms, peer_pmslen, peer_pmssize);
+    if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
         ssl->handshake->async_in_progress = 0;
-        mbedtls_ssl_set_async_operation_data( ssl, NULL );
+        mbedtls_ssl_set_async_operation_data(ssl, NULL);
     }
-    MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
+    return ret;
 }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
-                                      const unsigned char *p,
-                                      const unsigned char *end,
-                                      unsigned char *peer_pms,
-                                      size_t *peer_pmslen,
-                                      size_t peer_pmssize )
+static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
+                                     const unsigned char *p,
+                                     const unsigned char *end,
+                                     unsigned char *peer_pms,
+                                     size_t *peer_pmslen,
+                                     size_t peer_pmssize)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl );
-    if( own_cert == NULL ) {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) );
-        return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+    mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
+    if (own_cert == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
+        return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
     }
     mbedtls_pk_context *public_key = &own_cert->pk;
-    mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
-    size_t len = mbedtls_pk_get_len( public_key );
+    mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
+    size_t len = mbedtls_pk_get_len(public_key);
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     /* If we have already started decoding the message and there is an ongoing
      * decryption operation, resume signing. */
-    if( ssl->handshake->async_in_progress != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming decryption operation" ) );
-        return( ssl_resume_decrypt_pms( ssl,
-                                        peer_pms, peer_pmslen, peer_pmssize ) );
+    if (ssl->handshake->async_in_progress != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
+        return ssl_resume_decrypt_pms(ssl,
+                                      peer_pms, peer_pmslen, peer_pmssize);
     }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
     /*
      * Prepare to decrypt the premaster using own private RSA key
      */
-    if ( p + 2 > end ) {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p + 2 > end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
-    if( *p++ != MBEDTLS_BYTE_1( len ) ||
-        *p++ != MBEDTLS_BYTE_0( len ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (*p++ != MBEDTLS_BYTE_1(len) ||
+        *p++ != MBEDTLS_BYTE_0(len)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if( p + len != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p + len != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
      * Decrypt the premaster secret
      */
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    if( ssl->conf->f_async_decrypt_start != NULL )
-    {
-        ret = ssl->conf->f_async_decrypt_start( ssl,
-                                                mbedtls_ssl_own_cert( ssl ),
-                                                p, len );
-        switch( ret )
-        {
-        case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
-            /* act as if f_async_decrypt_start was null */
-            break;
-        case 0:
-            ssl->handshake->async_in_progress = 1;
-            return( ssl_resume_decrypt_pms( ssl,
-                                            peer_pms,
-                                            peer_pmslen,
-                                            peer_pmssize ) );
-        case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
-            ssl->handshake->async_in_progress = 1;
-            return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
-        default:
-            MBEDTLS_SSL_DEBUG_RET( 1, "f_async_decrypt_start", ret );
-            return( ret );
+    if (ssl->conf->f_async_decrypt_start != NULL) {
+        ret = ssl->conf->f_async_decrypt_start(ssl,
+                                               mbedtls_ssl_own_cert(ssl),
+                                               p, len);
+        switch (ret) {
+            case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
+                /* act as if f_async_decrypt_start was null */
+                break;
+            case 0:
+                ssl->handshake->async_in_progress = 1;
+                return ssl_resume_decrypt_pms(ssl,
+                                              peer_pms,
+                                              peer_pmslen,
+                                              peer_pmssize);
+            case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
+                ssl->handshake->async_in_progress = 1;
+                return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+            default:
+                MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
+                return ret;
         }
     }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-    if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
+        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
     }
 
-    ret = mbedtls_pk_decrypt( private_key, p, len,
-                              peer_pms, peer_pmslen, peer_pmssize,
-                              ssl->conf->f_rng, ssl->conf->p_rng );
-    return( ret );
+    ret = mbedtls_pk_decrypt(private_key, p, len,
+                             peer_pms, peer_pmslen, peer_pmssize,
+                             ssl->conf->f_rng, ssl->conf->p_rng);
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
-                                    const unsigned char *p,
-                                    const unsigned char *end,
-                                    size_t pms_offset )
+static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
+                                   const unsigned char *p,
+                                   const unsigned char *end,
+                                   size_t pms_offset)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *pms = ssl->handshake->premaster + pms_offset;
@@ -3604,18 +3459,19 @@
     peer_pms[0] = peer_pms[1] = ~0;
     peer_pmslen = 0;
 
-    ret = ssl_decrypt_encrypted_pms( ssl, p, end,
-                                     peer_pms,
-                                     &peer_pmslen,
-                                     sizeof( peer_pms ) );
+    ret = ssl_decrypt_encrypted_pms(ssl, p, end,
+                                    peer_pms,
+                                    &peer_pmslen,
+                                    sizeof(peer_pms));
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
-        return( ret );
+    if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
+        return ret;
+    }
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-    mbedtls_ssl_write_version( ver, ssl->conf->transport,
-                               ssl->session_negotiate->tls_version );
+    mbedtls_ssl_write_version(ver, ssl->conf->transport,
+                              ssl->session_negotiate->tls_version);
 
     /* Avoid data-dependent branches while checking for invalid
      * padding, to protect against timing-based Bleichenbacher-type
@@ -3626,7 +3482,7 @@
     diff |= peer_pms[1] ^ ver[1];
 
     /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
-    mask = mbedtls_ct_uint_mask( diff );
+    mask = mbedtls_ct_uint_mask(diff);
 
     /*
      * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@@ -3637,101 +3493,94 @@
      * successful. In particular, always generate the fake premaster secret,
      * regardless of whether it will ultimately influence the output or not.
      */
-    ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
-    if( ret != 0 )
-    {
+    ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
+    if (ret != 0) {
         /* It's ok to abort on an RNG failure, since this does not reveal
          * anything about the RSA decryption. */
-        return( ret );
+        return ret;
     }
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-    if( diff != 0 )
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+    if (diff != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+    }
 #endif
 
-    if( sizeof( ssl->handshake->premaster ) < pms_offset ||
-        sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (sizeof(ssl->handshake->premaster) < pms_offset ||
+        sizeof(ssl->handshake->premaster) - pms_offset < 48) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
     ssl->handshake->pmslen = 48;
 
     /* Set pms to either the true or the fake PMS, without
      * data-dependent branches. */
-    for( i = 0; i < ssl->handshake->pmslen; i++ )
-        pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
+    for (i = 0; i < ssl->handshake->pmslen; i++) {
+        pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]);
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
-                                          const unsigned char *end )
+static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
+                                         const unsigned char *end)
 {
     int ret = 0;
     uint16_t n;
 
-    if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key"));
+        return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
     }
 
     /*
      * Receive client pre-shared key identity name
      */
-    if( end - *p < 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (end - *p < 2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    n = ( (*p)[0] << 8 ) | (*p)[1];
+    n = ((*p)[0] << 8) | (*p)[1];
     *p += 2;
 
-    if( n == 0 || n > end - *p )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (n == 0 || n > end - *p) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    if( ssl->conf->f_psk != NULL )
-    {
-        if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
+    if (ssl->conf->f_psk != NULL) {
+        if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) {
             ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
-    }
-    else
-    {
+        }
+    } else {
         /* Identity is not a big secret since clients send it in the clear,
          * but treat it carefully anyway, just in case */
-        if( n != ssl->conf->psk_identity_len ||
-            mbedtls_ct_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
-        {
+        if (n != ssl->conf->psk_identity_len ||
+            mbedtls_ct_memcmp(ssl->conf->psk_identity, *p, n) != 0) {
             ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
         }
     }
 
-    if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY );
-        return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
+    if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
+        MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n);
+        mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY);
+        return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
     }
 
     *p += n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -3739,282 +3588,244 @@
 
     ciphersuite_info = ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
-    ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
-      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
-    if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-          ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) &&
-        ( ssl->handshake->async_in_progress != 0 ) )
-    {
+    (defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED))
+    if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) &&
+        (ssl->handshake->async_in_progress != 0)) {
         /* We've already read a record and there is an asynchronous
          * operation in progress to decrypt it. So skip reading the
          * record. */
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "will resume decryption of previously-read record" ) );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
+    } else
 #endif
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
 
-    p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
     end = ssl->in_msg + ssl->in_hslen;
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
-            return( ret );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) {
+        if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
+            return ret;
         }
 
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (p != end) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      ssl->handshake->premaster,
-                                      MBEDTLS_PREMASTER_SIZE,
-                                     &ssl->handshake->pmslen,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+                                           ssl->handshake->premaster,
+                                           MBEDTLS_PREMASTER_SIZE,
+                                           &ssl->handshake->pmslen,
+                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
         ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        size_t data_len = (size_t)( *p++ );
-        size_t buf_len = (size_t)( end - p );
+        size_t data_len = (size_t) (*p++);
+        size_t buf_len = (size_t) (end - p);
         psa_status_t status = PSA_ERROR_GENERIC_ERROR;
         mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Read the peer's public key." ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Read the peer's public key."));
 
         /*
          * We must have at least two bytes (1 for length, at least 1 for data)
          */
-        if( buf_len < 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid buffer length" ) );
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        if (buf_len < 2) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid buffer length"));
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         }
 
-        if( data_len < 1 || data_len > buf_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid data length" ) );
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        if (data_len < 1 || data_len > buf_len) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length"));
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         }
 
         /* Store peer's ECDH public key. */
-        memcpy( handshake->ecdh_psa_peerkey, p, data_len );
+        memcpy(handshake->ecdh_psa_peerkey, p, data_len);
         handshake->ecdh_psa_peerkey_len = data_len;
 
         /* Compute ECDH shared secret. */
         status = psa_raw_key_agreement(
-                    PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
-                    handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
-                    handshake->premaster, sizeof( handshake->premaster ),
-                    &handshake->pmslen );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
-            if( handshake->ecdh_psa_privkey_is_external == 0 )
-                (void) psa_destroy_key( handshake->ecdh_psa_privkey );
+            PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+            handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
+            handshake->premaster, sizeof(handshake->premaster),
+            &handshake->pmslen);
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
+            if (handshake->ecdh_psa_privkey_is_external == 0) {
+                (void) psa_destroy_key(handshake->ecdh_psa_privkey);
+            }
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( ret );
+            return ret;
         }
 
-        if( handshake->ecdh_psa_privkey_is_external == 0 )
-        {
-            status = psa_destroy_key( handshake->ecdh_psa_privkey );
+        if (handshake->ecdh_psa_privkey_is_external == 0) {
+            status = psa_destroy_key(handshake->ecdh_psa_privkey);
 
-            if( status != PSA_SUCCESS )
-            {
-                ret = psa_ssl_status_to_mbedtls( status );
-                MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
-                return( ret );
+            if (status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+                MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
+                return ret;
             }
         }
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 #else
-        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
-                                      p, end - p) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
+                                            p, end - p)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_QP );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_QP);
 
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                      &ssl->handshake->pmslen,
-                                       ssl->handshake->premaster,
-                                       MBEDTLS_MPI_MAX_SIZE,
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
+                                            &ssl->handshake->pmslen,
+                                            ssl->handshake->premaster,
+                                            MBEDTLS_MPI_MAX_SIZE,
+                                            ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Z );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_Z);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
+        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+            return ret;
         }
 
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (p != end) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+                                                    ciphersuite_info->key_exchange)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+            return ret;
         }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-        if ( ssl->handshake->async_in_progress != 0 )
-        {
+        if (ssl->handshake->async_in_progress != 0) {
             /* There is an asynchronous operation in progress to
              * decrypt the encrypted premaster secret, so skip
              * directly to resuming this operation. */
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK identity already parsed" ) );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("PSK identity already parsed"));
             /* Update p to skip the PSK identity. ssl_parse_encrypted_pms
              * won't actually use it, but maintain p anyway for robustness. */
             p += ssl->conf->psk_identity_len + 2;
-        }
-        else
+        } else
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
+        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+            return ret;
         }
 
-        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
-            return( ret );
+        if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_encrypted_pms"), ret);
+            return ret;
         }
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+                                                    ciphersuite_info->key_exchange)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+            return ret;
         }
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) {
+        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+            return ret;
         }
-        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
-            return( ret );
+        if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret);
+            return ret;
         }
 
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if (p != end) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange"));
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         unsigned char *pms = ssl->handshake->premaster;
-        unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
+        unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
         size_t pms_len;
 
         /* Write length only when we know the actual value */
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      pms + 2, pms_end - ( pms + 2 ), &pms_len,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
+        if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
+                                           pms + 2, pms_end - (pms + 2), &pms_len,
+                                           ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret);
+            return ret;
         }
-        MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
+        MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0);
         pms += 2 + pms_len;
 
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
+        MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
 #else
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+                                                    ciphersuite_info->key_exchange)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -4022,36 +3833,34 @@
 
         mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( ret );
+            return ret;
         }
 
         /* Keep a copy of the peer's public key */
-        if( p >= end )
-        {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        if (p >= end) {
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
         ecpoint_len = *(p++);
-        if( (size_t)( end - p ) < ecpoint_len ) {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        if ((size_t) (end - p) < ecpoint_len) {
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) ) {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
+        if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) {
+            psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
         }
 
-        memcpy( handshake->ecdh_psa_peerkey, p, ecpoint_len );
+        memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len);
         handshake->ecdh_psa_peerkey_len = ecpoint_len;
         p += ecpoint_len;
 
@@ -4062,146 +3871,133 @@
          * - the PSK itself
          */
         unsigned char *psm = ssl->handshake->premaster;
-        const unsigned char* const psm_end =
-                    psm + sizeof( ssl->handshake->premaster );
+        const unsigned char * const psm_end =
+            psm + sizeof(ssl->handshake->premaster);
         /* uint16 to store length (in octets) of the ECDH computation */
         const size_t zlen_size = 2;
         size_t zlen = 0;
 
         /* Compute ECDH shared secret. */
-        status = psa_raw_key_agreement( PSA_ALG_ECDH,
-                                        handshake->ecdh_psa_privkey,
-                                        handshake->ecdh_psa_peerkey,
-                                        handshake->ecdh_psa_peerkey_len,
-                                        psm + zlen_size,
-                                        psm_end - ( psm + zlen_size ),
-                                        &zlen );
+        status = psa_raw_key_agreement(PSA_ALG_ECDH,
+                                       handshake->ecdh_psa_privkey,
+                                       handshake->ecdh_psa_peerkey,
+                                       handshake->ecdh_psa_peerkey_len,
+                                       psm + zlen_size,
+                                       psm_end - (psm + zlen_size),
+                                       &zlen);
 
-        destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
+        destruction_status = psa_destroy_key(handshake->ecdh_psa_privkey);
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 
-        if( status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( status ) );
-        else if( destruction_status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( destruction_status ) );
+        if (status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(status);
+        } else if (destruction_status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(destruction_status);
+        }
 
         /* Write the ECDH computation length before the ECDH computation */
-        MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
+        MBEDTLS_PUT_UINT16_BE(zlen, psm, 0);
         psm += zlen_size + zlen;
 
 #else /* MBEDTLS_USE_PSA_CRYPTO */
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
+        if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret);
+            return ret;
         }
 
-        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
-                                       p, end - p ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx,
+                                            p, end - p)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_QP );
+        MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
+                               MBEDTLS_DEBUG_ECDH_QP);
 
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
+        if ((ret = mbedtls_ssl_psk_derive_premaster(ssl,
+                                                    ciphersuite_info->key_exchange)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret );
-            return( ret );
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
+        if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
+    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        if( ( ret = mbedtls_psa_ecjpake_read_round(
-                        &ssl->handshake->psa_pake_ctx, p, end - p,
-                        MBEDTLS_ECJPAKE_ROUND_TWO ) ) != 0 )
-        {
-            psa_destroy_key( ssl->handshake->psa_pake_password );
-            psa_pake_abort( &ssl->handshake->psa_pake_ctx );
+        if ((ret = mbedtls_psa_ecjpake_read_round(
+                 &ssl->handshake->psa_pake_ctx, p, end - p,
+                 MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) {
+            psa_destroy_key(ssl->handshake->psa_pake_password);
+            psa_pake_abort(&ssl->handshake->psa_pake_ctx);
 
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round two", ret );
-            return( ret );
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret);
+            return ret;
         }
 #else
-        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
-                                              p, end - p );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
+                                             p, end - p);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret);
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
-                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-            return( ret );
+        ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
+                                            ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+                                            ssl->conf->f_rng, ssl->conf->p_rng);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret);
+            return ret;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-    }
-    else
+    } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
+        return ret;
     }
 
     ssl->state++;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange"));
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     size_t i, sig_len;
@@ -4212,60 +4008,54 @@
     mbedtls_md_type_t md_alg;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
-    mbedtls_pk_context * peer_pk;
+    mbedtls_pk_context *peer_pk;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
 
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+    if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+    if (ssl->session_negotiate->peer_cert == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert_digest == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+    if (ssl->session_negotiate->peer_cert_digest == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
         ssl->state++;
-        return( 0 );
+        return 0;
     }
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     /* Read the message without adding it to the checksum */
-    ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
-    if( 0 != ret )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
-        return( ret );
+    ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */);
+    if (0 != ret) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret);
+        return ret;
     }
 
     ssl->state++;
 
     /* Process the message contents */
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+        ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+        return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    i = mbedtls_ssl_hs_hdr_len( ssl );
+    i = mbedtls_ssl_hs_hdr_len(ssl);
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
+    if (ssl->session_negotiate->peer_cert == NULL) {
         /* Should never happen */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
     peer_pk = &ssl->session_negotiate->peer_cert->pk;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -4276,27 +4066,26 @@
      *     opaque signature<0..2^16-1>;
      *  } DigitallySigned;
      */
-    if( i + 2 > ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (i + 2 > ssl->in_hslen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /*
      * Hash
      */
-    md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
+    md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]);
 
-    if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
-                            " for verify message" ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg"
+                                  " for verify message"));
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
 #if !defined(MBEDTLS_MD_SHA1)
-    if( MBEDTLS_MD_SHA1 == md_alg )
+    if (MBEDTLS_MD_SHA1 == md_alg) {
         hash_start += 16;
+    }
 #endif
 
     /* Info from md_alg will be used instead */
@@ -4307,71 +4096,66 @@
     /*
      * Signature
      */
-    if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
-                    == MBEDTLS_PK_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
-                            " for verify message" ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i]))
+        == MBEDTLS_PK_NONE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg"
+                                  " for verify message"));
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     /*
      * Check the certificate's key type matches the signature alg
      */
-    if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key"));
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     i++;
 
-    if( i + 2 > ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (i + 2 > ssl->in_hslen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
+    sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1];
     i += 2;
 
-    if( i + sig_len != ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (i + sig_len != ssl->in_hslen) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Calculate hash and verify signature */
     {
         size_t dummy_hlen;
-        ssl->handshake->calc_verify( ssl, hash, &dummy_hlen );
+        ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
     }
 
-    if( ( ret = mbedtls_pk_verify( peer_pk,
-                           md_alg, hash_start, hashlen,
-                           ssl->in_msg + i, sig_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-        return( ret );
+    if ((ret = mbedtls_pk_verify(peer_pk,
+                                 md_alg, hash_start, hashlen,
+                                 ssl->in_msg + i, sig_len)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret);
+        return ret;
     }
 
-    mbedtls_ssl_update_handshake_status( ssl );
+    mbedtls_ssl_update_handshake_status(ssl);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify"));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t tlen;
     uint32_t lifetime;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket"));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_NEW_SESSION_TICKET;
@@ -4387,18 +4171,17 @@
      * 10 .  9+n ticket content
      */
 
-    if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
-                                ssl->session_negotiate,
-                                ssl->out_msg + 10,
-                                ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
-                                &tlen, &lifetime ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
+    if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
+                                         ssl->session_negotiate,
+                                         ssl->out_msg + 10,
+                                         ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
+                                         &tlen, &lifetime)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret);
         tlen = 0;
     }
 
-    MBEDTLS_PUT_UINT32_BE( lifetime, ssl->out_msg, 4 );
-    MBEDTLS_PUT_UINT16_BE( tlen, ssl->out_msg, 8 );
+    MBEDTLS_PUT_UINT32_BE(lifetime, ssl->out_msg, 4);
+    MBEDTLS_PUT_UINT16_BE(tlen, ssl->out_msg, 8);
     ssl->out_msglen = 10 + tlen;
 
     /*
@@ -4407,29 +4190,27 @@
      */
     ssl->handshake->new_session_ticket = 0;
 
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 /*
  * SSL handshake -- server side -- single step
  */
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state));
 
-    switch( ssl->state )
-    {
+    switch (ssl->state) {
         case MBEDTLS_SSL_HELLO_REQUEST:
             ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
             break;
@@ -4438,12 +4219,12 @@
          *  <==   ClientHello
          */
         case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = ssl_parse_client_hello( ssl );
+            ret = ssl_parse_client_hello(ssl);
             break;
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
         case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
-            return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+            return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED;
 #endif
 
         /*
@@ -4454,23 +4235,23 @@
          *        ServerHelloDone
          */
         case MBEDTLS_SSL_SERVER_HELLO:
-            ret = ssl_write_server_hello( ssl );
+            ret = ssl_write_server_hello(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            ret = mbedtls_ssl_write_certificate( ssl );
+            ret = mbedtls_ssl_write_certificate(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-            ret = ssl_write_server_key_exchange( ssl );
+            ret = ssl_write_server_key_exchange(ssl);
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_write_certificate_request( ssl );
+            ret = ssl_write_certificate_request(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO_DONE:
-            ret = ssl_write_server_hello_done( ssl );
+            ret = ssl_write_server_hello_done(ssl);
             break;
 
         /*
@@ -4481,23 +4262,23 @@
          *        Finished
          */
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            ret = mbedtls_ssl_parse_certificate( ssl );
+            ret = mbedtls_ssl_parse_certificate(ssl);
             break;
 
         case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-            ret = ssl_parse_client_key_exchange( ssl );
+            ret = ssl_parse_client_key_exchange(ssl);
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-            ret = ssl_parse_certificate_verify( ssl );
+            ret = ssl_parse_certificate_verify(ssl);
             break;
 
         case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-            ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
+            ret = mbedtls_ssl_parse_change_cipher_spec(ssl);
             break;
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = mbedtls_ssl_parse_finished( ssl );
+            ret = mbedtls_ssl_parse_finished(ssl);
             break;
 
         /*
@@ -4507,35 +4288,35 @@
          */
         case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-            if( ssl->handshake->new_session_ticket != 0 )
-                ret = ssl_write_new_session_ticket( ssl );
-            else
+            if (ssl->handshake->new_session_ticket != 0) {
+                ret = ssl_write_new_session_ticket(ssl);
+            } else
 #endif
-                ret = mbedtls_ssl_write_change_cipher_spec( ssl );
+            ret = mbedtls_ssl_write_change_cipher_spec(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_FINISHED:
-            ret = mbedtls_ssl_write_finished( ssl );
+            ret = mbedtls_ssl_write_finished(ssl);
             break;
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
             ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-            mbedtls_ssl_handshake_wrapup( ssl );
+            mbedtls_ssl_handshake_wrapup(ssl);
             break;
 
         default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    return( ret );
+    return ret;
 }
 
-void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order )
+void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order)
 {
     conf->respect_cli_pref = order;
 }
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index f07c8b6..8589ff9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -44,18 +44,18 @@
  * } SupportedVersions;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                                   unsigned char *buf,
-                                                   unsigned char *end,
-                                                   size_t *out_len )
+static int ssl_tls13_write_supported_versions_ext(mbedtls_ssl_context *ssl,
+                                                  unsigned char *buf,
+                                                  unsigned char *end,
+                                                  size_t *out_len)
 {
     unsigned char *p = buf;
-    unsigned char versions_len = ( ssl->handshake->min_tls_version <=
-                                   MBEDTLS_SSL_VERSION_TLS1_2 ) ? 4 : 2;
+    unsigned char versions_len = (ssl->handshake->min_tls_version <=
+                                  MBEDTLS_SSL_VERSION_TLS1_2) ? 4 : 2;
 
     *out_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding supported versions extension"));
 
     /* Check if we have space to write the extension:
      * - extension_type         (2 bytes)
@@ -63,10 +63,10 @@
      * - versions_length        (1 byte )
      * - versions               (2 or 4 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + versions_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + versions_len);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( versions_len + 1, p, 2 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, p, 0);
+    MBEDTLS_PUT_UINT16_BE(versions_len + 1, p, 2);
     p += 4;
 
     /* Length of versions */
@@ -76,59 +76,56 @@
      * They are defined by the configuration.
      * Currently, we advertise only TLS 1.3 or both TLS 1.3 and TLS 1.2.
      */
-    mbedtls_ssl_write_version( p, MBEDTLS_SSL_TRANSPORT_STREAM,
-                               MBEDTLS_SSL_VERSION_TLS1_3 );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:4]" ) );
+    mbedtls_ssl_write_version(p, MBEDTLS_SSL_TRANSPORT_STREAM,
+                              MBEDTLS_SSL_VERSION_TLS1_3);
+    MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:4]"));
 
 
-    if( ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        mbedtls_ssl_write_version( p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
-                                   MBEDTLS_SSL_VERSION_TLS1_2 );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [3:3]" ) );
+    if (ssl->handshake->min_tls_version <= MBEDTLS_SSL_VERSION_TLS1_2) {
+        mbedtls_ssl_write_version(p + 2, MBEDTLS_SSL_TRANSPORT_STREAM,
+                                  MBEDTLS_SSL_VERSION_TLS1_2);
+        MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [3:3]"));
     }
 
     *out_len = 5 + versions_len;
 
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS);
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                                   const unsigned char *buf,
-                                                   const unsigned char *end )
+static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
+                                                  const unsigned char *buf,
+                                                  const unsigned char *end)
 {
     ((void) ssl);
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
-    if( mbedtls_ssl_read_version( buf, ssl->conf->transport ) !=
-          MBEDTLS_SSL_VERSION_TLS1_3 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unexpected version" ) );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2);
+    if (mbedtls_ssl_read_version(buf, ssl->conf->transport) !=
+        MBEDTLS_SSL_VERSION_TLS1_3) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("unexpected version"));
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
-    if( &buf[2] != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "supported_versions ext data length incorrect" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (&buf[2] != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("supported_versions ext data length incorrect"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_ALPN)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                                     const unsigned char *buf, size_t len )
+static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl,
+                                    const unsigned char *buf, size_t len)
 {
     const unsigned char *p = buf;
     const unsigned char *end = buf + len;
@@ -136,8 +133,9 @@
     const unsigned char *protocol_name_list_end;
 
     /* If we didn't send it, the server shouldn't send it */
-    if( ssl->conf->alpn_list == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->conf->alpn_list == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
     /*
      * opaque ProtocolName<1..2^8-1>;
@@ -149,66 +147,61 @@
      * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
      */
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    protocol_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    protocol_name_list_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, protocol_name_list_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, protocol_name_list_len);
     protocol_name_list_end = p + protocol_name_list_len;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, 1);
     protocol_name_len = *p++;
 
     /* Check that the server chosen protocol was in our list and save it */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end, protocol_name_len );
-    for( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ )
-    {
-        if( protocol_name_len == strlen( *alpn ) &&
-            memcmp( p, *alpn, protocol_name_len ) == 0 )
-        {
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
+    for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+        if (protocol_name_len == strlen(*alpn) &&
+            memcmp(p, *alpn, protocol_name_len) == 0) {
             ssl->alpn_chosen = *alpn;
-            return( 0 );
+            return 0;
         }
     }
 
-    return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
+static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
 {
     uint16_t group_id = ssl->handshake->offered_group_id;
 
-    if( group_id == 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (group_id == 0) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
-    {
+    if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
         /* Destroy generated private key. */
-        status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
-            return( ret );
+        status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey);
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
+            return ret;
         }
 
         ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-        return( 0 );
-    }
-    else
+        return 0;
+    } else
 #endif /* MBEDTLS_ECDH_C */
-    if( 0 /* other KEMs? */ )
-    {
+    if (0 /* other KEMs? */) {
         /* Do something */
     }
 
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
 /*
@@ -216,26 +209,25 @@
  */
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
-                                           uint16_t *group_id )
+static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
+                                          uint16_t *group_id)
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
 
 #if defined(MBEDTLS_ECDH_C)
-    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
+    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
     /* Pick first available ECDHE group compatible with TLS 1.3 */
-    if( group_list == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    if (group_list == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
+    }
 
-    for ( ; *group_list != 0; group_list++ )
-    {
-        if( ( mbedtls_ssl_get_psa_curve_info_from_tls_id( *group_list,
-                            NULL, NULL ) == PSA_SUCCESS ) &&
-            mbedtls_ssl_tls13_named_group_is_ecdhe( *group_list ) )
-        {
+    for (; *group_list != 0; group_list++) {
+        if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
+                                                        NULL, NULL) == PSA_SUCCESS) &&
+            mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) {
             *group_id = *group_list;
-            return( 0 );
+            return 0;
         }
     }
 #else
@@ -248,7 +240,7 @@
      * Pick first available DHE group compatible with TLS 1.3
      */
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -265,10 +257,10 @@
  *      } KeyShareClientHello;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          unsigned char *end,
-                                          size_t *out_len )
+static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         unsigned char *end,
+                                         size_t *out_len)
 {
     unsigned char *p = buf;
     unsigned char *client_shares; /* Start of client_shares */
@@ -283,18 +275,17 @@
      * - extension_data_length  (2 bytes)
      * - client_shares_length   (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
     p += 6;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello: adding key share extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello: adding key share extension"));
 
     /* HRR could already have requested something else. */
     group_id = ssl->handshake->offered_group_id;
-    if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) &&
-        !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) )
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl,
-                                                              &group_id ) );
+    if (!mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) &&
+        !mbedtls_ssl_tls13_named_group_is_dhe(group_id)) {
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_get_default_group_id(ssl,
+                                                            &group_id));
     }
 
     /*
@@ -307,8 +298,7 @@
      */
     client_shares = p;
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
-    {
+    if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id)) {
         /* Pointer to group */
         unsigned char *group = p;
         /* Length of key_exchange */
@@ -318,41 +308,39 @@
          * - group                  (2 bytes)
          * - key_exchange_length    (2 bytes)
          */
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
         p += 4;
         ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
-                                    ssl, group_id, p, end, &key_exchange_len );
+            ssl, group_id, p, end, &key_exchange_len);
         p += key_exchange_len;
-        if( ret != 0 )
-            return( ret );
+        if (ret != 0) {
+            return ret;
+        }
 
         /* Write group */
-        MBEDTLS_PUT_UINT16_BE( group_id, group, 0 );
+        MBEDTLS_PUT_UINT16_BE(group_id, group, 0);
         /* Write key_exchange_length */
-        MBEDTLS_PUT_UINT16_BE( key_exchange_len, group, 2 );
-    }
-    else
+        MBEDTLS_PUT_UINT16_BE(key_exchange_len, group, 2);
+    } else
 #endif /* MBEDTLS_ECDH_C */
-    if( 0 /* other KEMs? */ )
-    {
+    if (0 /* other KEMs? */) {
         /* Do something */
+    } else {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
-    else
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
     /* Length of client_shares */
     client_shares_len = p - client_shares;
-    if( client_shares_len == 0)
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (client_shares_len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("No key share defined."));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
     /* Write extension_type */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0);
     /* Write extension_data_length */
-    MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(client_shares_len + 2, buf, 2);
     /* Write client_shares_length */
-    MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(client_shares_len, buf, 4);
 
     /* Update offered_group_id field */
     ssl->handshake->offered_group_id = group_id;
@@ -360,13 +348,13 @@
     /* Output the total length of key_share extension. */
     *out_len = p - buf;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, key_share extension", buf, *out_len);
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
 
@@ -379,25 +367,26 @@
  * } KeyShareHelloRetryRequest;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              const unsigned char *end )
+static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             const unsigned char *end)
 {
 #if defined(MBEDTLS_ECDH_C)
     const unsigned char *p = buf;
     int selected_group;
     int found = 0;
 
-    const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
-    if( group_list == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
+    if (group_list == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_CONFIG;
+    }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "key_share extension", p, end - buf );
+    MBEDTLS_SSL_DEBUG_BUF(3, "key_share extension", p, end - buf);
 
     /* Read selected_group */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    selected_group = MBEDTLS_GET_UINT16_BE( p, 0 );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_group ( %d )", selected_group ) );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    selected_group = MBEDTLS_GET_UINT16_BE(p, 0);
+    MBEDTLS_SSL_DEBUG_MSG(3, ("selected_group ( %d )", selected_group));
 
     /* Upon receipt of this extension in a HelloRetryRequest, the client
      * MUST first verify that the selected_group field corresponds to a
@@ -408,12 +397,12 @@
      * If the server provided a key share that was not sent in the ClientHello
      * then the client MUST abort the handshake with an "illegal_parameter" alert.
      */
-    for( ; *group_list != 0; group_list++ )
-    {
-        if( ( mbedtls_ssl_get_psa_curve_info_from_tls_id( *group_list,
-                NULL, NULL ) == PSA_ERROR_NOT_SUPPORTED ) ||
-                *group_list != selected_group )
+    for (; *group_list != 0; group_list++) {
+        if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
+                                                        NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
+            *group_list != selected_group) {
             continue;
+        }
 
         /* We found a match */
         found = 1;
@@ -427,24 +416,23 @@
      * ClientHello then the client MUST abort the handshake with
      * an "illegal_parameter" alert.
      */
-    if( found == 0 || selected_group == ssl->handshake->offered_group_id )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid key share in HRR" ) );
+    if (found == 0 || selected_group == ssl->handshake->offered_group_id) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid key share in HRR"));
         MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     /* Remember server's preference for next ClientHello */
     ssl->handshake->offered_group_id = selected_group;
 
-    return( 0 );
+    return 0;
 #else
     (void) ssl;
     (void) buf;
     (void) end;
-    return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+    return MBEDTLS_ERR_SSL_BAD_CONFIG;
 #endif
 }
 
@@ -461,9 +449,9 @@
  * } KeyShareEntry;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
-                                          const unsigned char *buf,
-                                          const unsigned char *end )
+static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -473,49 +461,45 @@
      * NamedGroup group; (2 bytes)
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    group = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    group = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* Check that the chosen group matches the one we offered. */
     offered_group = ssl->handshake->offered_group_id;
-    if( offered_group != group )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "Invalid server key share, our group %u, their group %u",
-              (unsigned) offered_group, (unsigned) group ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (offered_group != group) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("Invalid server key share, our group %u, their group %u",
+                               (unsigned) offered_group, (unsigned) group));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
-    {
-        if( mbedtls_ssl_get_psa_curve_info_from_tls_id( group, NULL, NULL )
-                    == PSA_ERROR_NOT_SUPPORTED )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid TLS curve group id" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) {
+        if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL)
+            == PSA_ERROR_NOT_SUPPORTED) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id"));
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s",
-                    mbedtls_ssl_get_curve_name_from_tls_id( group ) ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
+                                  mbedtls_ssl_get_curve_name_from_tls_id(group)));
 
-        ret = mbedtls_ssl_tls13_read_public_ecdhe_share( ssl, p, end - p );
-        if( ret != 0 )
-            return( ret );
-    }
-    else
+        ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
+        if (ret != 0) {
+            return ret;
+        }
+    } else
 #endif /* MBEDTLS_ECDH_C */
-    if( 0 /* other KEMs? */ )
-    {
+    if (0 /* other KEMs? */) {
         /* Do something */
+    } else {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
-    else
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -535,76 +519,74 @@
  * cookies in their initial ClientHello in subsequent connections.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
-                                       const unsigned char *buf,
-                                       const unsigned char *end )
+static int ssl_tls13_parse_cookie_ext(mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf,
+                                      const unsigned char *end)
 {
     uint16_t cookie_len;
     const unsigned char *p = buf;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
     /* Retrieve length field of cookie */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    cookie_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cookie_len);
+    MBEDTLS_SSL_DEBUG_BUF(3, "cookie extension", p, cookie_len);
 
-    mbedtls_free( handshake->cookie );
+    mbedtls_free(handshake->cookie);
     handshake->cookie_len = 0;
-    handshake->cookie = mbedtls_calloc( 1, cookie_len );
-    if( handshake->cookie == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "alloc failed ( %ud bytes )",
-                  cookie_len ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    handshake->cookie = mbedtls_calloc(1, cookie_len);
+    if (handshake->cookie == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("alloc failed ( %ud bytes )",
+                               cookie_len));
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    memcpy( handshake->cookie, p, cookie_len );
+    memcpy(handshake->cookie, p, cookie_len);
     handshake->cookie_len = cookie_len;
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf,
-                                       unsigned char *end,
-                                       size_t *out_len )
+static int ssl_tls13_write_cookie_ext(mbedtls_ssl_context *ssl,
+                                      unsigned char *buf,
+                                      unsigned char *end,
+                                      size_t *out_len)
 {
     unsigned char *p = buf;
     *out_len = 0;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    if( handshake->cookie == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
-        return( 0 );
+    if (handshake->cookie == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("no cookie to send; skip extension"));
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                           handshake->cookie,
-                           handshake->cookie_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie",
+                          handshake->cookie,
+                          handshake->cookie_len);
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->cookie_len + 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, handshake->cookie_len + 6);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding cookie extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( handshake->cookie_len + 2, p, 2 );
-    MBEDTLS_PUT_UINT16_BE( handshake->cookie_len, p, 4 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_COOKIE, p, 0);
+    MBEDTLS_PUT_UINT16_BE(handshake->cookie_len + 2, p, 2);
+    MBEDTLS_PUT_UINT16_BE(handshake->cookie_len, p, 4);
     p += 6;
 
     /* Cookie */
-    memcpy( p, handshake->cookie, handshake->cookie_len );
+    memcpy(p, handshake->cookie, handshake->cookie_len);
 
     *out_len = handshake->cookie_len + 6;
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_COOKIE );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_COOKIE);
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -618,195 +600,195 @@
  * } PskKeyExchangeModes;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
-                                                       unsigned char *buf,
-                                                       unsigned char *end,
-                                                       size_t *out_len )
+static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
+                                                      unsigned char *buf,
+                                                      unsigned char *end,
+                                                      size_t *out_len)
 {
     unsigned char *p = buf;
     int ke_modes_len = 0;
 
-    ((void) ke_modes_len );
+    ((void) ke_modes_len);
     *out_len = 0;
 
     /* Skip writing extension if no PSK key exchange mode
      * is enabled in the config.
      */
-    if( !mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip psk_key_exchange_modes extension" ) );
-        return( 0 );
+    if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip psk_key_exchange_modes extension"));
+        return 0;
     }
 
     /* Require 7 bytes of data, otherwise fail,
      * even if extension might be shorter.
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 7);
     MBEDTLS_SSL_DEBUG_MSG(
-            3, ( "client hello, adding psk_key_exchange_modes extension" ) );
+        3, ("client hello, adding psk_key_exchange_modes extension"));
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES, p, 0);
 
     /* Skip extension length (2 bytes) and
      * ke_modes length (1 byte) for now.
      */
     p += 5;
 
-    if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
-    {
+    if (mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl)) {
         *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
         ke_modes_len++;
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("Adding PSK-ECDHE key exchange mode"));
     }
 
-    if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
-    {
+    if (mbedtls_ssl_conf_tls13_psk_enabled(ssl)) {
         *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
         ke_modes_len++;
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
+        MBEDTLS_SSL_DEBUG_MSG(4, ("Adding pure PSK key exchange mode"));
     }
 
     /* Now write the extension and ke_modes length */
-    MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(ke_modes_len + 1, buf, 2);
     buf[4] = ke_modes_len;
 
     *out_len = p - buf;
 
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-        ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES );
+        ssl, MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES);
 
-    return ( 0 );
+    return 0;
 }
 
-static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg( int ciphersuite )
+static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
 
-    if( ciphersuite_info != NULL )
-       return( mbedtls_psa_translate_md( ciphersuite_info->mac ) );
+    if (ciphersuite_info != NULL) {
+        return mbedtls_psa_translate_md(ciphersuite_info->mac);
+    }
 
-    return( PSA_ALG_NONE );
+    return PSA_ALG_NONE;
 }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_tls13_has_configured_ticket( mbedtls_ssl_context *ssl )
+static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_session *session = ssl->session_negotiate;
-    return( ssl->handshake->resume &&
-            session != NULL && session->ticket != NULL );
+    return ssl->handshake->resume &&
+           session != NULL && session->ticket != NULL;
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
+static int ssl_tls13_early_data_has_valid_ticket(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_session *session = ssl->session_negotiate;
-    return( ssl->handshake->resume &&
-            session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
-            ( session->ticket_flags &
-              MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ) &&
-            mbedtls_ssl_tls13_cipher_suite_is_offered(
-                ssl, session->ciphersuite ) );
+    return ssl->handshake->resume &&
+           session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+           (session->ticket_flags &
+            MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA) &&
+           mbedtls_ssl_tls13_cipher_suite_is_offered(
+        ssl, session->ciphersuite);
 }
 #endif
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_ticket_get_identity( mbedtls_ssl_context *ssl,
-                                          psa_algorithm_t *hash_alg,
-                                          const unsigned char **identity,
-                                          size_t *identity_len )
+static int ssl_tls13_ticket_get_identity(mbedtls_ssl_context *ssl,
+                                         psa_algorithm_t *hash_alg,
+                                         const unsigned char **identity,
+                                         size_t *identity_len)
 {
     mbedtls_ssl_session *session = ssl->session_negotiate;
 
-    if( !ssl_tls13_has_configured_ticket( ssl ) )
-        return( -1 );
+    if (!ssl_tls13_has_configured_ticket(ssl)) {
+        return -1;
+    }
 
-    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
+    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite);
     *identity = session->ticket;
     *identity_len = session->ticket_len;
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl,
-                                     psa_algorithm_t *hash_alg,
-                                     const unsigned char **psk,
-                                     size_t *psk_len )
+static int ssl_tls13_ticket_get_psk(mbedtls_ssl_context *ssl,
+                                    psa_algorithm_t *hash_alg,
+                                    const unsigned char **psk,
+                                    size_t *psk_len)
 {
 
     mbedtls_ssl_session *session = ssl->session_negotiate;
 
-    if( !ssl_tls13_has_configured_ticket( ssl ) )
-        return( -1 );
+    if (!ssl_tls13_has_configured_ticket(ssl)) {
+        return -1;
+    }
 
-    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg( session->ciphersuite );
+    *hash_alg = ssl_tls13_get_ciphersuite_hash_alg(session->ciphersuite);
     *psk = session->resumption_key;
     *psk_len = session->resumption_key_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl,
-                                       psa_algorithm_t *hash_alg,
-                                       const unsigned char **identity,
-                                       size_t *identity_len )
+static int ssl_tls13_psk_get_identity(mbedtls_ssl_context *ssl,
+                                      psa_algorithm_t *hash_alg,
+                                      const unsigned char **identity,
+                                      size_t *identity_len)
 {
 
-    if( ! mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
-        return( -1 );
+    if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
+        return -1;
+    }
 
     *hash_alg = PSA_ALG_SHA_256;
     *identity = ssl->conf->psk_identity;
     *identity_len = ssl->conf->psk_identity_len;
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl,
-                                  psa_algorithm_t *hash_alg,
-                                  const unsigned char **psk,
-                                  size_t *psk_len )
+static int ssl_tls13_psk_get_psk(mbedtls_ssl_context *ssl,
+                                 psa_algorithm_t *hash_alg,
+                                 const unsigned char **psk,
+                                 size_t *psk_len)
 {
 
-    if( ! mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
-        return( -1 );
+    if (!mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
+        return -1;
+    }
 
     *hash_alg = PSA_ALG_SHA_256;
     *psk = ssl->conf->psk;
     *psk_len = ssl->conf->psk_len;
-    return( 0 );
+    return 0;
 }
 
-static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl )
+static int ssl_tls13_get_configured_psk_count(mbedtls_ssl_context *ssl)
 {
     int configured_psk_count = 0;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_has_configured_ticket( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Ticket is configured" ) );
+    if (ssl_tls13_has_configured_ticket(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket is configured"));
         configured_psk_count++;
     }
 #endif
-    if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK is configured" ) );
+    if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("PSK is configured"));
         configured_psk_count++;
     }
-    return( configured_psk_count );
+    return configured_psk_count;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_identity( mbedtls_ssl_context *ssl,
-                                     unsigned char *buf,
-                                     unsigned char *end,
-                                     const unsigned char *identity,
-                                     size_t identity_len,
-                                     uint32_t obfuscated_ticket_age,
-                                     size_t *out_len )
+static int ssl_tls13_write_identity(mbedtls_ssl_context *ssl,
+                                    unsigned char *buf,
+                                    unsigned char *end,
+                                    const unsigned char *identity,
+                                    size_t identity_len,
+                                    uint32_t obfuscated_ticket_age,
+                                    size_t *out_len)
 {
     ((void) ssl);
     *out_len = 0;
@@ -816,66 +798,66 @@
      * - identity               (psk_identity_len bytes)
      * - obfuscated_ticket_age  (4 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 6 + identity_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6 + identity_len);
 
-    MBEDTLS_PUT_UINT16_BE( identity_len, buf, 0 );
-    memcpy( buf + 2, identity, identity_len );
-    MBEDTLS_PUT_UINT32_BE( obfuscated_ticket_age, buf, 2 + identity_len );
+    MBEDTLS_PUT_UINT16_BE(identity_len, buf, 0);
+    memcpy(buf + 2, identity, identity_len);
+    MBEDTLS_PUT_UINT32_BE(obfuscated_ticket_age, buf, 2 + identity_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "write identity", buf, 6 + identity_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "write identity", buf, 6 + identity_len);
 
     *out_len = 6 + identity_len;
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_binder( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   unsigned char *end,
-                                   int psk_type,
-                                   psa_algorithm_t hash_alg,
-                                   const unsigned char *psk,
-                                   size_t psk_len,
-                                   size_t *out_len )
+static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl,
+                                  unsigned char *buf,
+                                  unsigned char *end,
+                                  int psk_type,
+                                  psa_algorithm_t hash_alg,
+                                  const unsigned char *psk,
+                                  size_t psk_len,
+                                  size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char binder_len;
-    unsigned char transcript[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t transcript_len = 0;
 
     *out_len = 0;
 
-    binder_len = PSA_HASH_LENGTH( hash_alg );
+    binder_len = PSA_HASH_LENGTH(hash_alg);
 
     /*
      * - binder_len           (1 bytes)
      * - binder               (binder_len bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 + binder_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1 + binder_len);
 
     buf[0] = binder_len;
 
     /* Get current state of handshake transcript. */
     ret = mbedtls_ssl_get_handshake_transcript(
-            ssl, mbedtls_hash_info_md_from_psa( hash_alg ),
-            transcript, sizeof( transcript ), &transcript_len );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ssl_tls13_create_psk_binder( ssl, hash_alg,
-                                               psk, psk_len, psk_type,
-                                               transcript, buf + 1 );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_create_psk_binder", ret );
-        return( ret );
+        ssl, mbedtls_hash_info_md_from_psa(hash_alg),
+        transcript, sizeof(transcript), &transcript_len);
+    if (ret != 0) {
+        return ret;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 4, "write binder", buf, 1 + binder_len );
+
+    ret = mbedtls_ssl_tls13_create_psk_binder(ssl, hash_alg,
+                                              psk, psk_len, psk_type,
+                                              transcript, buf + 1);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_create_psk_binder", ret);
+        return ret;
+    }
+    MBEDTLS_SSL_DEBUG_BUF(4, "write binder", buf, 1 + binder_len);
 
     *out_len = 1 + binder_len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -902,8 +884,8 @@
  *
  */
 int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext(
-        mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end,
-        size_t *out_len, size_t *binders_len )
+    mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end,
+    size_t *out_len, size_t *binders_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int configured_psk_count = 0;
@@ -918,94 +900,93 @@
     *binders_len = 0;
 
     /* Check if we have any PSKs to offer. If no, skip pre_shared_key */
-    configured_psk_count = ssl_tls13_get_configured_psk_count( ssl );
-    if( configured_psk_count == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip pre_shared_key extensions" ) );
-        return( 0 );
+    configured_psk_count = ssl_tls13_get_configured_psk_count(ssl);
+    if (configured_psk_count == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("skip pre_shared_key extensions"));
+        return 0;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 4, ( "Pre-configured PSK number = %d",
-                                configured_psk_count ) );
+    MBEDTLS_SSL_DEBUG_MSG(4, ("Pre-configured PSK number = %d",
+                              configured_psk_count));
 
     /* Check if we have space to write the extension, binders included.
      * - extension_type         (2 bytes)
      * - extension_data_len     (2 bytes)
      * - identities_len         (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
     p += 6;
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_ticket_get_identity(
-            ssl, &hash_alg, &identity, &identity_len ) == 0 )
-    {
+    if (ssl_tls13_ticket_get_identity(
+            ssl, &hash_alg, &identity, &identity_len) == 0) {
 #if defined(MBEDTLS_HAVE_TIME)
-        mbedtls_time_t now = mbedtls_time( NULL );
+        mbedtls_time_t now = mbedtls_time(NULL);
         mbedtls_ssl_session *session = ssl->session_negotiate;
         uint32_t obfuscated_ticket_age =
-                                (uint32_t)( now - session->ticket_received );
+            (uint32_t) (now - session->ticket_received);
 
         obfuscated_ticket_age *= 1000;
         obfuscated_ticket_age += session->ticket_age_add;
 
-        ret = ssl_tls13_write_identity( ssl, p, end,
-                                        identity, identity_len,
-                                        obfuscated_ticket_age,
-                                        &output_len );
+        ret = ssl_tls13_write_identity(ssl, p, end,
+                                       identity, identity_len,
+                                       obfuscated_ticket_age,
+                                       &output_len);
 #else
-        ret = ssl_tls13_write_identity( ssl, p, end, identity, identity_len,
-                                        0, &output_len );
+        ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len,
+                                       0, &output_len);
 #endif /* MBEDTLS_HAVE_TIME */
-        if( ret != 0 )
-            return( ret );
+        if (ret != 0) {
+            return ret;
+        }
 
         p += output_len;
-        l_binders_len += 1 + PSA_HASH_LENGTH( hash_alg );
+        l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg);
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-    if( ssl_tls13_psk_get_identity(
-            ssl, &hash_alg, &identity, &identity_len ) == 0 )
-    {
+    if (ssl_tls13_psk_get_identity(
+            ssl, &hash_alg, &identity, &identity_len) == 0) {
 
-        ret = ssl_tls13_write_identity( ssl, p, end, identity, identity_len, 0,
-                                        &output_len );
-        if( ret != 0 )
-            return( ret );
+        ret = ssl_tls13_write_identity(ssl, p, end, identity, identity_len, 0,
+                                       &output_len);
+        if (ret != 0) {
+            return ret;
+        }
 
         p += output_len;
-        l_binders_len += 1 + PSA_HASH_LENGTH( hash_alg );
+        l_binders_len += 1 + PSA_HASH_LENGTH(hash_alg);
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-                 ( "client hello, adding pre_shared_key extension, "
-                   "omitting PSK binder list" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("client hello, adding pre_shared_key extension, "
+                           "omitting PSK binder list"));
 
     /* Take into account the two bytes for the length of the binders. */
     l_binders_len += 2;
     /* Check if there is enough space for binders */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, l_binders_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, l_binders_len);
 
     /*
      * - extension_type         (2 bytes)
      * - extension_data_len     (2 bytes)
      * - identities_len         (2 bytes)
      */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0 );
-    MBEDTLS_PUT_UINT16_BE( p - buf - 4 + l_binders_len , buf, 2 );
-    MBEDTLS_PUT_UINT16_BE( p - buf - 6 , buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, buf, 0);
+    MBEDTLS_PUT_UINT16_BE(p - buf - 4 + l_binders_len, buf, 2);
+    MBEDTLS_PUT_UINT16_BE(p - buf - 6, buf, 4);
 
-    *out_len = ( p - buf ) + l_binders_len;
+    *out_len = (p - buf) + l_binders_len;
     *binders_len = l_binders_len;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key identities", buf, p - buf );
+    MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key identities", buf, p - buf);
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
-        mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end )
+    mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -1017,48 +998,48 @@
     /* Check if we have space to write binders_len.
      * - binders_len         (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     p += 2;
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len ) == 0 )
-    {
+    if (ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) {
 
-        ret = ssl_tls13_write_binder( ssl, p, end,
-                                      MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION,
-                                      hash_alg, psk, psk_len,
-                                      &output_len );
-        if( ret != 0 )
-            return( ret );
+        ret = ssl_tls13_write_binder(ssl, p, end,
+                                     MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION,
+                                     hash_alg, psk, psk_len,
+                                     &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-    if( ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len ) == 0 )
-    {
+    if (ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len) == 0) {
 
-        ret = ssl_tls13_write_binder( ssl, p, end,
-                                      MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL,
-                                      hash_alg, psk, psk_len,
-                                      &output_len );
-        if( ret != 0 )
-            return( ret );
+        ret = ssl_tls13_write_binder(ssl, p, end,
+                                     MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL,
+                                     hash_alg, psk, psk_len,
+                                     &output_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding PSK binder list." ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding PSK binder list."));
 
     /*
      * - binders_len         (2 bytes)
      */
-    MBEDTLS_PUT_UINT16_BE( p - buf - 2, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(p - buf - 2, buf, 0);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key binders", buf, p - buf );
+    MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key binders", buf, p - buf);
 
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-        ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+        ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -1080,9 +1061,9 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
-                                                      const unsigned char *buf,
-                                                      const unsigned char *end )
+static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
+                                                     const unsigned char *buf,
+                                                     const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int selected_identity;
@@ -1090,54 +1071,48 @@
     size_t psk_len;
     psa_algorithm_t hash_alg;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 );
-    selected_identity = MBEDTLS_GET_UINT16_BE( buf, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, 2);
+    selected_identity = MBEDTLS_GET_UINT16_BE(buf, 0);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected_identity = %d", selected_identity ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("selected_identity = %d", selected_identity));
 
-    if( selected_identity >= ssl_tls13_get_configured_psk_count( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid PSK identity." ) );
+    if (selected_identity >= ssl_tls13_get_configured_psk_count(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid PSK identity."));
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( selected_identity == 0 && ssl_tls13_has_configured_ticket( ssl ) )
-    {
-        ret = ssl_tls13_ticket_get_psk( ssl, &hash_alg, &psk, &psk_len );
-    }
-    else
+    if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
+        ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
+    } else
 #endif
-    if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) )
-    {
-        ret = ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len );
+    if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
+        ret = ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len);
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ssl_set_hs_psk( ssl, psk, psk_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_set_hs_psk", ret );
-        return( ret );
+    if (ret != 0) {
+        return ret;
     }
 
-    return( 0 );
+    ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
+        return ret;
+    }
+
+    return 0;
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
 
-int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               unsigned char *end,
-                                               size_t *out_len )
+int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -1149,37 +1124,39 @@
      *
      * Supported Versions Extension is mandatory with TLS 1.3.
      */
-    ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &ext_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_tls13_write_supported_versions_ext(ssl, p, end, &ext_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += ext_len;
 
     /* Echo the cookie if the server provided one in its preceding
      * HelloRetryRequest message.
      */
-    ret = ssl_tls13_write_cookie_ext( ssl, p, end, &ext_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_tls13_write_cookie_ext(ssl, p, end, &ext_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += ext_len;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
-    if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
-    {
-        ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
-        if( ret != 0 )
-            return( ret );
+    if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+        ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += ext_len;
     }
 #endif
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
-        ssl_tls13_early_data_has_valid_ticket( ssl ) &&
-        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
-    {
-        ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
-        if( ret != 0 )
-            return( ret );
+    if (mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
+        ssl_tls13_early_data_has_valid_ticket(ssl) &&
+        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
+        ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &ext_len);
+        if (ret != 0) {
+            return ret;
+        }
         p += ext_len;
 
         /* Initializes the status to `rejected`. It will be updated to
@@ -1187,10 +1164,8 @@
          * indication extension.
          */
         ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension"));
         ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -1205,15 +1180,16 @@
      *
      * Add the psk_key_exchange_modes extension.
      */
-    ret = ssl_tls13_write_psk_key_exchange_modes_ext( ssl, p, end, &ext_len );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_tls13_write_psk_key_exchange_modes_ext(ssl, p, end, &ext_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += ext_len;
 #endif
 
     *out_len = p - buf;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -1236,7 +1212,7 @@
 static int ssl_tls13_is_supported_versions_ext_present(
     mbedtls_ssl_context *ssl,
     const unsigned char *buf,
-    const unsigned char *end )
+    const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t legacy_session_id_echo_len;
@@ -1250,7 +1226,7 @@
      * - random                         MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes
      * - legacy_session_id_echo length  1 byte
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3);
     p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2;
     legacy_session_id_echo_len = *p;
 
@@ -1260,12 +1236,13 @@
      * - cipher_suite               2 bytes
      * - legacy_compression_method  1 byte
      */
-     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_echo_len + 4 );
-     p += legacy_session_id_echo_len + 4;
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len + 4);
+    p += legacy_session_id_echo_len + 4;
 
     /* Case of no extension */
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
     /* ...
      * Extension extensions<6..2^16-1>;
@@ -1275,32 +1252,32 @@
      *      opaque extension_data<0..2^16-1>;
      * } Extension;
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* Check extensions do not go beyond the buffer of data. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
     extensions_end = p + extensions_len;
 
-    while( p < extensions_end )
-    {
+    while (p < extensions_end) {
         unsigned int extension_type;
         size_t extension_data_len;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        if( extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS )
-            return( 1 );
+        if (extension_type == MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS) {
+            return 1;
+        }
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
         p += extension_data_len;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Returns a negative value on failure, and otherwise
@@ -1309,29 +1286,28 @@
  * - 0 otherwise
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               const unsigned char *end )
+static int ssl_tls13_is_downgrade_negotiation(mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              const unsigned char *end)
 {
     /* First seven bytes of the magic downgrade strings, see RFC 8446 4.1.3 */
     static const unsigned char magic_downgrade_string[] =
-        { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 };
+    { 0x44, 0x4F, 0x57, 0x4E, 0x47, 0x52, 0x44 };
     const unsigned char *last_eight_bytes_of_random;
     unsigned char last_byte_of_random;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2);
     last_eight_bytes_of_random = buf + 2 + MBEDTLS_SERVER_HELLO_RANDOM_LEN - 8;
 
-    if( memcmp( last_eight_bytes_of_random,
-                magic_downgrade_string,
-                sizeof( magic_downgrade_string ) ) == 0 )
-    {
+    if (memcmp(last_eight_bytes_of_random,
+               magic_downgrade_string,
+               sizeof(magic_downgrade_string)) == 0) {
         last_byte_of_random = last_eight_bytes_of_random[7];
-        return( last_byte_of_random == 0 ||
-                last_byte_of_random == 1    );
+        return last_byte_of_random == 0 ||
+               last_byte_of_random == 1;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Returns a negative value on failure, and otherwise
@@ -1342,9 +1318,9 @@
 #define SSL_SERVER_HELLO 0
 #define SSL_SERVER_HELLO_HRR 1
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
-                                    const unsigned char *buf,
-                                    const unsigned char *end )
+static int ssl_server_hello_is_hrr(mbedtls_ssl_context *ssl,
+                                   const unsigned char *buf,
+                                   const unsigned char *end)
 {
 
     /* Check whether this message is a HelloRetryRequest ( HRR ) message.
@@ -1362,16 +1338,15 @@
      * } ServerHello;
      *
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end,
-                    2 + sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(buf, end,
+                                 2 + sizeof(mbedtls_ssl_tls13_hello_retry_request_magic));
 
-    if( memcmp( buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic,
-                sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) ) == 0 )
-    {
-        return( SSL_SERVER_HELLO_HRR );
+    if (memcmp(buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic,
+               sizeof(mbedtls_ssl_tls13_hello_retry_request_magic)) == 0) {
+        return SSL_SERVER_HELLO_HRR;
     }
 
-    return( SSL_SERVER_HELLO );
+    return SSL_SERVER_HELLO;
 }
 
 /*
@@ -1382,20 +1357,19 @@
  */
 #define SSL_SERVER_HELLO_TLS1_2 2
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_preprocess_server_hello( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              const unsigned char *end )
+static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl,
+                                             const unsigned char *buf,
+                                             const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_is_supported_versions_ext_present(
-                                  ssl, buf, end ) );
+    MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_is_supported_versions_ext_present(
+                                 ssl, buf, end));
 
-    if( ret == 0 )
-    {
+    if (ret == 0) {
         MBEDTLS_SSL_PROC_CHK_NEG(
-            ssl_tls13_is_downgrade_negotiation( ssl, buf, end ) );
+            ssl_tls13_is_downgrade_negotiation(ssl, buf, end));
 
         /* If the server is negotiating TLS 1.2 or below and:
          * . we did not propose TLS 1.2 or
@@ -1403,26 +1377,25 @@
          *   version of the protocol and thus we are under downgrade attack
          * abort the handshake with an "illegal parameter" alert.
          */
-        if( handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret )
-        {
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                          MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        if (handshake->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || ret) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                         MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
         ssl->keep_current_message = 1;
         ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
-        mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
-                                            buf, (size_t)(end - buf) );
+        mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+                                           buf, (size_t) (end - buf));
 
-        if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
-        {
-            ret = ssl_tls13_reset_key_share( ssl );
-            if( ret != 0 )
-                return( ret );
+        if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+            ret = ssl_tls13_reset_key_share(ssl);
+            if (ret != 0) {
+                return ret;
+            }
         }
 
-        return( SSL_SERVER_HELLO_TLS1_2 );
+        return SSL_SERVER_HELLO_TLS1_2;
     }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -1432,25 +1405,23 @@
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    ret = ssl_server_hello_is_hrr( ssl, buf, end );
-    switch( ret )
-    {
+    ret = ssl_server_hello_is_hrr(ssl, buf, end);
+    switch (ret) {
         case SSL_SERVER_HELLO:
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("received ServerHello message"));
             break;
         case SSL_SERVER_HELLO_HRR:
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received HelloRetryRequest message" ) );
-             /* If a client receives a second
-              * HelloRetryRequest in the same connection (i.e., where the ClientHello
-              * was itself in response to a HelloRetryRequest), it MUST abort the
-              * handshake with an "unexpected_message" alert.
-              */
-            if( handshake->hello_retry_request_count > 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Multiple HRRs received" ) );
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                                    MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            MBEDTLS_SSL_DEBUG_MSG(2, ("received HelloRetryRequest message"));
+            /* If a client receives a second
+             * HelloRetryRequest in the same connection (i.e., where the ClientHello
+             * was itself in response to a HelloRetryRequest), it MUST abort the
+             * handshake with an "unexpected_message" alert.
+             */
+            if (handshake->hello_retry_request_count > 0) {
+                MBEDTLS_SSL_DEBUG_MSG(1, ("Multiple HRRs received"));
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                                             MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
+                return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
             }
             /*
              * Clients must abort the handshake with an "illegal_parameter"
@@ -1458,14 +1429,13 @@
              * in the ClientHello.
              * In a PSK only key exchange that what we expect.
              */
-            if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                            ( "Unexpected HRR in pure PSK key exchange." ) );
+            if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
+                MBEDTLS_SSL_DEBUG_MSG(1,
+                                      ("Unexpected HRR in pure PSK key exchange."));
                 MBEDTLS_SSL_PEND_FATAL_ALERT(
-                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-                return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                    MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                    MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+                return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
             }
 
             handshake->hello_retry_request_count++;
@@ -1475,44 +1445,43 @@
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl,
-                                                         const unsigned char **buf,
-                                                         const unsigned char *end )
+static int ssl_tls13_check_server_hello_session_id_echo(mbedtls_ssl_context *ssl,
+                                                        const unsigned char **buf,
+                                                        const unsigned char *end)
 {
     const unsigned char *p = *buf;
     size_t legacy_session_id_echo_len;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
-    legacy_session_id_echo_len = *p++ ;
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
+    legacy_session_id_echo_len = *p++;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_echo_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_echo_len);
 
     /* legacy_session_id_echo */
-    if( ssl->session_negotiate->id_len != legacy_session_id_echo_len ||
-        memcmp( ssl->session_negotiate->id, p , legacy_session_id_echo_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Expected Session ID",
-                               ssl->session_negotiate->id,
-                               ssl->session_negotiate->id_len );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Received Session ID", p,
-                               legacy_session_id_echo_len );
+    if (ssl->session_negotiate->id_len != legacy_session_id_echo_len ||
+        memcmp(ssl->session_negotiate->id, p, legacy_session_id_echo_len) != 0) {
+        MBEDTLS_SSL_DEBUG_BUF(3, "Expected Session ID",
+                              ssl->session_negotiate->id,
+                              ssl->session_negotiate->id_len);
+        MBEDTLS_SSL_DEBUG_BUF(3, "Received Session ID", p,
+                              legacy_session_id_echo_len);
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
 
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     p += legacy_session_id_echo_len;
     *buf = p;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Session ID", ssl->session_negotiate->id,
-                            ssl->session_negotiate->id_len );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "Session ID", ssl->session_negotiate->id,
+                          ssl->session_negotiate->id_len);
+    return 0;
 }
 
 /* Parse ServerHello message and configure context
@@ -1527,10 +1496,10 @@
  * } ServerHello;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         const unsigned char *end,
-                                         int is_hrr )
+static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end,
+                                        int is_hrr)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -1542,7 +1511,7 @@
     int fatal_alert = 0;
     uint32_t allowed_extensions_mask;
     int hs_msg_type = is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
-                               MBEDTLS_SSL_HS_SERVER_HELLO;
+                      MBEDTLS_SSL_HS_SERVER_HELLO;
 
     /*
      * Check there is space for minimal fields
@@ -1553,10 +1522,10 @@
      * - cipher_suite               ( 2 bytes)
      * - legacy_compression_method  ( 1 byte )
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
+    MBEDTLS_SSL_DEBUG_BUF(4, "server hello", p, end - p);
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", p, 2);
 
     /* ...
      * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
@@ -1564,12 +1533,11 @@
      * with ProtocolVersion defined as:
      * uint16 ProtocolVersion;
      */
-    if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
-          MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
-                                      MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+    if (mbedtls_ssl_read_version(p, ssl->conf->transport) !=
+        MBEDTLS_SSL_VERSION_TLS1_2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS."));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                                     MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
         ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
         goto cleanup;
     }
@@ -1581,12 +1549,11 @@
      * with Random defined as:
      * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
      */
-    if( !is_hrr )
-    {
-        memcpy( &handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
-                MBEDTLS_SERVER_HELLO_RANDOM_LEN );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
-                               p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+    if (!is_hrr) {
+        memcpy(&handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
+               MBEDTLS_SERVER_HELLO_RANDOM_LEN);
+        MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes",
+                              p, MBEDTLS_SERVER_HELLO_RANDOM_LEN);
     }
     p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
 
@@ -1594,8 +1561,7 @@
      * opaque legacy_session_id_echo<0..32>;
      * ...
      */
-    if( ssl_tls13_check_server_hello_session_id_echo( ssl, &p, end ) != 0 )
-    {
+    if (ssl_tls13_check_server_hello_session_id_echo(ssl, &p, end) != 0) {
         fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
         goto cleanup;
     }
@@ -1606,20 +1572,19 @@
      * with CipherSuite defined as:
      * uint8 CipherSuite[2];
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
 
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
     /*
      * Check whether this ciphersuite is valid and offered.
      */
-    if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
-                                            ssl->tls_version,
-                                            ssl->tls_version ) != 0 ) ||
-        !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
-    {
+    if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
+                                          ssl->tls_version,
+                                          ssl->tls_version) != 0) ||
+        !mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) {
         fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
     }
     /*
@@ -1628,40 +1593,37 @@
      * proposed in the HRR, we abort the handshake and send an
      * "illegal_parameter" alert.
      */
-    else if( ( !is_hrr ) && ( handshake->hello_retry_request_count > 0 ) &&
-             ( cipher_suite != ssl->session_negotiate->ciphersuite ) )
-    {
+    else if ((!is_hrr) && (handshake->hello_retry_request_count > 0) &&
+             (cipher_suite != ssl->session_negotiate->ciphersuite)) {
         fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
     }
 
-    if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid ciphersuite(%04x) parameter",
-                                    cipher_suite ) );
+    if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("invalid ciphersuite(%04x) parameter",
+                                  cipher_suite));
         goto cleanup;
     }
 
     /* Configure ciphersuites */
-    mbedtls_ssl_optimize_checksum( ssl, ciphersuite_info );
+    mbedtls_ssl_optimize_checksum(ssl, ciphersuite_info);
 
     handshake->ciphersuite_info = ciphersuite_info;
     ssl->session_negotiate->ciphersuite = cipher_suite;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: ( %04x ) - %s",
-                                 cipher_suite, ciphersuite_info->name ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: ( %04x ) - %s",
+                              cipher_suite, ciphersuite_info->name));
 
 #if defined(MBEDTLS_HAVE_TIME)
-    ssl->session_negotiate->start = time( NULL );
+    ssl->session_negotiate->start = time(NULL);
 #endif /* MBEDTLS_HAVE_TIME */
 
     /* ...
      * uint8 legacy_compression_method = 0;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
-    if( p[0] != MBEDTLS_SSL_COMPRESS_NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
+    if (p[0] != MBEDTLS_SSL_COMPRESS_NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method"));
         fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
         goto cleanup;
     }
@@ -1675,96 +1637,93 @@
      *      opaque extension_data<0..2^16-1>;
      * } Extension;
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* Check extensions do not go beyond the buffer of data. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
     extensions_end = p + extensions_len;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello extensions", p, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello extensions", p, extensions_len);
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
     allowed_extensions_mask = is_hrr ?
-                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
-                                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
+                              MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_HRR :
+                              MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_SH;
 
-    while( p < extensions_end )
-    {
+    while (p < extensions_end) {
         unsigned int extension_type;
         size_t extension_data_len;
         const unsigned char *extension_data_end;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
         extension_data_end = p + extension_data_len;
 
         ret = mbedtls_ssl_tls13_check_received_extension(
-                  ssl, hs_msg_type, extension_type, allowed_extensions_mask );
-        if( ret != 0 )
-            return( ret );
+            ssl, hs_msg_type, extension_type, allowed_extensions_mask);
+        if (ret != 0) {
+            return ret;
+        }
 
-        switch( extension_type )
-        {
+        switch (extension_type) {
             case MBEDTLS_TLS_EXT_COOKIE:
 
-                ret = ssl_tls13_parse_cookie_ext( ssl,
-                                                  p, extension_data_end );
-                if( ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1,
-                                           "ssl_tls13_parse_cookie_ext",
-                                           ret );
+                ret = ssl_tls13_parse_cookie_ext(ssl,
+                                                 p, extension_data_end);
+                if (ret != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1,
+                                          "ssl_tls13_parse_cookie_ext",
+                                          ret);
                     goto cleanup;
                 }
                 break;
 
             case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
-                ret = ssl_tls13_parse_supported_versions_ext( ssl,
-                                                              p,
-                                                              extension_data_end );
-                if( ret != 0 )
+                ret = ssl_tls13_parse_supported_versions_ext(ssl,
+                                                             p,
+                                                             extension_data_end);
+                if (ret != 0) {
                     goto cleanup;
+                }
                 break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
             case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension"));
 
-                if( ( ret = ssl_tls13_parse_server_pre_shared_key_ext(
-                                ssl, p, extension_data_end ) ) != 0 )
-                {
+                if ((ret = ssl_tls13_parse_server_pre_shared_key_ext(
+                         ssl, p, extension_data_end)) != 0) {
                     MBEDTLS_SSL_DEBUG_RET(
-                        1, ( "ssl_tls13_parse_server_pre_shared_key_ext" ), ret );
-                    return( ret );
+                        1, ("ssl_tls13_parse_server_pre_shared_key_ext"), ret);
+                    return ret;
                 }
                 break;
 #endif
 
             case MBEDTLS_TLS_EXT_KEY_SHARE:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
-                if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
-                {
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found key_shares extension"));
+                if (!mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
                     fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT;
                     goto cleanup;
                 }
 
-                if( is_hrr )
-                    ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
-                                            p, extension_data_end );
-                else
-                    ret = ssl_tls13_parse_key_share_ext( ssl,
-                                            p, extension_data_end );
-                if( ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1,
-                                           "ssl_tls13_parse_key_share_ext",
-                                           ret );
+                if (is_hrr) {
+                    ret = ssl_tls13_parse_hrr_key_share_ext(ssl,
+                                                            p, extension_data_end);
+                } else {
+                    ret = ssl_tls13_parse_key_share_ext(ssl,
+                                                        p, extension_data_end);
+                }
+                if (ret != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1,
+                                          "ssl_tls13_parse_key_share_ext",
+                                          ret);
                     goto cleanup;
                 }
                 break;
@@ -1777,30 +1736,26 @@
         p += extension_data_len;
     }
 
-    MBEDTLS_SSL_PRINT_EXTS( 3, hs_msg_type, handshake->received_extensions );
+    MBEDTLS_SSL_PRINT_EXTS(3, hs_msg_type, handshake->received_extensions);
 
 cleanup:
 
-    if( fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT )
-    {
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
-                                      MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+    if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT) {
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+                                     MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION);
         ret = MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
-    }
-    else if ( fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER )
-    {
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    } else if (fatal_alert == MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER) {
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
         ret = MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_DEBUG_C)
 static const char *ssl_tls13_get_kex_mode_str(int mode)
 {
-    switch( mode )
-    {
+    switch (mode) {
         case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK:
             return "psk";
         case MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL:
@@ -1814,7 +1769,7 @@
 #endif /* MBEDTLS_DEBUG_C */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1827,87 +1782,82 @@
      * 3) If only the key_share extension was received then the key
      *    exchange mode is EPHEMERAL-only.
      */
-    switch( handshake->received_extensions &
-            ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ) )
-    {
+    switch (handshake->received_extensions &
+            (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | MBEDTLS_SSL_EXT_MASK(KEY_SHARE))) {
         /* Only the pre_shared_key extension was received */
-        case MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ):
+        case MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY):
             handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
             break;
 
         /* Only the key_share extension was received */
-        case MBEDTLS_SSL_EXT_MASK( KEY_SHARE ):
+        case MBEDTLS_SSL_EXT_MASK(KEY_SHARE):
             handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
             break;
 
         /* Both the pre_shared_key and key_share extensions were received */
-        case ( MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) | MBEDTLS_SSL_EXT_MASK( KEY_SHARE ) ):
+        case (MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY) | MBEDTLS_SSL_EXT_MASK(KEY_SHARE)):
             handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
             break;
 
         /* Neither pre_shared_key nor key_share extension was received */
         default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unknown key exchange." ) );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Unknown key exchange."));
             ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
             goto cleanup;
     }
 
-    if( !mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode ) )
-    {
+    if (!mbedtls_ssl_conf_tls13_check_kex_modes(ssl, handshake->key_exchange_mode)) {
         ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
-        MBEDTLS_SSL_DEBUG_MSG( 2,
-                ( "Key exchange mode(%s) is not supported.",
-                ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) );
+        MBEDTLS_SSL_DEBUG_MSG(2,
+                              ("Key exchange mode(%s) is not supported.",
+                               ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
         goto cleanup;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "Selected key exchange mode: %s",
-              ssl_tls13_get_kex_mode_str( handshake->key_exchange_mode ) ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("Selected key exchange mode: %s",
+                           ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
 
     /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
      *
      * TODO: We don't have to do this in case we offered 0-RTT and the
      *       server accepted it. In this case, we could skip generating
      *       the early secret. */
-    ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early",
-                               ret );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_key_schedule_stage_early",
+                              ret);
         goto cleanup;
     }
 
-    ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_tls13_compute_handshake_transform",
-                               ret );
+    ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_compute_handshake_transform",
+                              ret);
         goto cleanup;
     }
 
-    mbedtls_ssl_set_inbound_transform( ssl, handshake->transform_handshake );
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
+    mbedtls_ssl_set_inbound_transform(ssl, handshake->transform_handshake);
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
     ssl->session_in = ssl->session_negotiate;
 
 cleanup:
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
     }
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_ssl_session_reset_msg_layer( ssl, 0 );
+    mbedtls_ssl_session_reset_msg_layer(ssl, 0);
 
     /*
      * We are going to re-generate a shared secret corresponding to the group
@@ -1915,11 +1865,12 @@
      * generated a shared secret in the first client hello.
      * Thus, reset the shared secret.
      */
-    ret = ssl_tls13_reset_key_share( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = ssl_tls13_reset_key_share(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -1927,64 +1878,62 @@
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf = NULL;
     size_t buf_len = 0;
     int is_hrr = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> %s", __func__));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
-                                             MBEDTLS_SSL_HS_SERVER_HELLO,
-                                             &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
+                                                               MBEDTLS_SSL_HS_SERVER_HELLO,
+                                                               &buf, &buf_len));
 
-    ret = ssl_tls13_preprocess_server_hello( ssl, buf, buf + buf_len );
-    if( ret < 0 )
+    ret = ssl_tls13_preprocess_server_hello(ssl, buf, buf + buf_len);
+    if (ret < 0) {
         goto cleanup;
-    else
-        is_hrr = ( ret == SSL_SERVER_HELLO_HRR );
+    } else {
+        is_hrr = (ret == SSL_SERVER_HELLO_HRR);
+    }
 
-    if( ret == SSL_SERVER_HELLO_TLS1_2 )
-    {
+    if (ret == SSL_SERVER_HELLO_TLS1_2) {
         ret = 0;
         goto cleanup;
     }
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
-                                                        buf + buf_len,
-                                                        is_hrr ) );
-    if( is_hrr )
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
-
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
-                                        buf, buf_len );
-
-    if( is_hrr )
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_hrr( ssl ) );
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-    /* If not offering early data, the client sends a dummy CCS record
-     * immediately before its second flight. This may either be before
-     * its second ClientHello or before its encrypted handshake flight.
-     */
-        mbedtls_ssl_handshake_set_state( ssl,
-            MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO );
-#else
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_server_hello(ssl, buf,
+                                                      buf + buf_len,
+                                                      is_hrr));
+    if (is_hrr) {
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl));
     }
-    else
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_server_hello( ssl ) );
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+                                       buf, buf_len);
+
+    if (is_hrr) {
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl));
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+        /* If not offering early data, the client sends a dummy CCS record
+         * immediately before its second flight. This may either be before
+         * its second ClientHello or before its encrypted handshake flight.
+         */
+        mbedtls_ssl_handshake_set_state(ssl,
+                                        MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO);
+#else
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+    } else {
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_server_hello(ssl));
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
     }
 
 cleanup:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s ( %s )", __func__,
-                                is_hrr?"HelloRetryRequest":"ServerHello" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= %s ( %s )", __func__,
+                              is_hrr ? "HelloRetryRequest" : "ServerHello"));
+    return ret;
 }
 
 /*
@@ -2002,9 +1951,9 @@
  * } EncryptedExtensions;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                                 const unsigned char *buf,
-                                                 const unsigned char *end )
+static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl,
+                                                const unsigned char *buf,
+                                                const unsigned char *end)
 {
     int ret = 0;
     size_t extensions_len;
@@ -2012,18 +1961,17 @@
     const unsigned char *extensions_end;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "encrypted extensions", p, extensions_len);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
     extensions_end = p + extensions_len;
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    while( p < extensions_end )
-    {
+    while (p < extensions_end) {
         unsigned int extension_type;
         size_t extension_data_len;
 
@@ -2033,28 +1981,27 @@
          *     opaque extension_data<0..2^16-1>;
          * } Extension;
          */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
 
         ret = mbedtls_ssl_tls13_check_received_extension(
-                  ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type,
-                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE );
-        if( ret != 0 )
-            return( ret );
+            ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, extension_type,
+            MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_EE);
+        if (ret != 0) {
+            return ret;
+        }
 
-        switch( extension_type )
-        {
+        switch (extension_type) {
 #if defined(MBEDTLS_SSL_ALPN)
             case MBEDTLS_TLS_EXT_ALPN:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
 
-                if( ( ret = ssl_tls13_parse_alpn_ext( ssl, p, (size_t)extension_data_len ) ) != 0 )
-                {
-                    return( ret );
+                if ((ret = ssl_tls13_parse_alpn_ext(ssl, p, (size_t) extension_data_len)) != 0) {
+                    return ret;
                 }
 
                 break;
@@ -2063,12 +2010,11 @@
 #if defined(MBEDTLS_SSL_EARLY_DATA)
             case MBEDTLS_TLS_EXT_EARLY_DATA:
 
-                if( extension_data_len != 0 )
-                {
+                if (extension_data_len != 0) {
                     /* The message must be empty. */
-                    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                                  MBEDTLS_ERR_SSL_DECODE_ERROR );
-                    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                                 MBEDTLS_ERR_SSL_DECODE_ERROR);
+                    return MBEDTLS_ERR_SSL_DECODE_ERROR;
                 }
 
                 break;
@@ -2077,70 +2023,69 @@
             default:
                 MBEDTLS_SSL_PRINT_EXT(
                     3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
-                    extension_type, "( ignored )" );
+                    extension_type, "( ignored )");
                 break;
         }
 
         p += extension_data_len;
     }
 
-    MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
-                            handshake->received_extensions );
+    MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+                           handshake->received_extensions);
 
     /* Check that we consumed all the message. */
-    if( p != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("EncryptedExtension lengths misaligned"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
 {
     int ret;
     unsigned char *buf;
     size_t buf_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
-                                             MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
-                                             &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
+                                                               MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+                                                               &buf, &buf_len));
 
     /* Process the message contents */
     MBEDTLS_SSL_PROC_CHK(
-        ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
+        ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len));
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if( ssl->handshake->received_extensions &
-        MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) )
-    {
+    if (ssl->handshake->received_extensions &
+        MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
         ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
     }
 #endif
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
-                                        buf, buf_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+                                       buf, buf_len);
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-    if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
-    else
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
+    if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
+    } else {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
+    }
 #else
     ((void) ssl);
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
 #endif
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse encrypted extensions" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse encrypted extensions"));
+    return ret;
 
 }
 
@@ -2159,27 +2104,25 @@
  * indicating if a Certificate Request is expected or not.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
+        return ret;
     }
     ssl->keep_current_message = 1;
 
-    if( ( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) &&
-        ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "got a certificate request" ) );
-        return( SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST );
+    if ((ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) &&
+        (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST)) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("got a certificate request"));
+        return SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got no certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("got no certificate request"));
 
-    return( SSL_CERTIFICATE_REQUEST_SKIP );
+    return SSL_CERTIFICATE_REQUEST_SKIP;
 }
 
 /*
@@ -2191,9 +2134,9 @@
  * } CertificateRequest;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
-                                                const unsigned char *buf,
-                                                const unsigned char *end )
+static int ssl_tls13_parse_certificate_request(mbedtls_ssl_context *ssl,
+                                               const unsigned char *buf,
+                                               const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -2206,25 +2149,23 @@
      * opaque certificate_request_context<0..2^8-1>
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
     certificate_request_context_len = (size_t) p[0];
     p += 1;
 
-    if( certificate_request_context_len > 0 )
-    {
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_request_context_len );
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Certificate Request Context",
-                               p, certificate_request_context_len );
+    if (certificate_request_context_len > 0) {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_request_context_len);
+        MBEDTLS_SSL_DEBUG_BUF(3, "Certificate Request Context",
+                              p, certificate_request_context_len);
 
         handshake->certificate_request_context =
-                mbedtls_calloc( 1, certificate_request_context_len );
-        if( handshake->certificate_request_context == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-            return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+            mbedtls_calloc(1, certificate_request_context_len);
+        if (handshake->certificate_request_context == NULL) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
         }
-        memcpy( handshake->certificate_request_context, p,
-                certificate_request_context_len );
+        memcpy(handshake->certificate_request_context, p,
+               certificate_request_context_len);
         p += certificate_request_context_len;
     }
 
@@ -2232,63 +2173,62 @@
      * Extension extensions<2..2^16-1>;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
     extensions_end = p + extensions_len;
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    while( p < extensions_end )
-    {
+    while (p < extensions_end) {
         unsigned int extension_type;
         size_t extension_data_len;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
 
         ret = mbedtls_ssl_tls13_check_received_extension(
-                  ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type,
-                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR );
-        if( ret != 0 )
-            return( ret );
+            ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, extension_type,
+            MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CR);
+        if (ret != 0) {
+            return ret;
+        }
 
-        switch( extension_type )
-        {
+        switch (extension_type) {
             case MBEDTLS_TLS_EXT_SIG_ALG:
-                MBEDTLS_SSL_DEBUG_MSG( 3,
-                        ( "found signature algorithms extension" ) );
-                ret = mbedtls_ssl_parse_sig_alg_ext( ssl, p,
-                                                     p + extension_data_len );
-                if( ret != 0 )
-                    return( ret );
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("found signature algorithms extension"));
+                ret = mbedtls_ssl_parse_sig_alg_ext(ssl, p,
+                                                    p + extension_data_len);
+                if (ret != 0) {
+                    return ret;
+                }
 
                 break;
 
             default:
                 MBEDTLS_SSL_PRINT_EXT(
                     3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
-                    extension_type, "( ignored )" );
+                    extension_type, "( ignored )");
                 break;
         }
 
         p += extension_data_len;
     }
 
-    MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
-                            handshake->received_extensions );
+    MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+                           handshake->received_extensions);
 
     /* Check that we consumed all the message. */
-    if( p != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "CertificateRequest misaligned" ) );
+    if (p != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1,
+                              ("CertificateRequest misaligned"));
         goto decode_error;
     }
 
@@ -2296,98 +2236,94 @@
      *
      * The "signature_algorithms" extension MUST be specified
      */
-    if( ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3,
-            ( "no signature algorithms extension found" ) );
+    if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(SIG_ALG)) == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3,
+                              ("no signature algorithms extension found"));
         goto decode_error;
     }
 
     ssl->handshake->client_auth = 1;
-    return( 0 );
+    return 0;
 
 decode_error:
-    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                  MBEDTLS_ERR_SSL_DECODE_ERROR );
-    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                 MBEDTLS_ERR_SSL_DECODE_ERROR);
+    return MBEDTLS_ERR_SSL_DECODE_ERROR;
 }
 
 /*
  * Handler for  MBEDTLS_SSL_CERTIFICATE_REQUEST
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request"));
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+    MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl));
 
-    if( ret == SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST )
-    {
+    if (ret == SSL_CERTIFICATE_REQUEST_EXPECT_REQUEST) {
         unsigned char *buf;
         size_t buf_len;
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
-                                            MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
-                                            &buf, &buf_len ) );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
+                                                                   MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+                                                                   &buf, &buf_len));
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_request( ssl,
-                                              buf, buf + buf_len ) );
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(ssl,
+                                                                 buf, buf + buf_len));
 
-        mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
-                                            buf, buf_len );
-    }
-    else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
-    {
+        mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+                                           buf, buf_len);
+    } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
         ret = 0;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         goto cleanup;
     }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE);
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request"));
+    return ret;
 }
 
 /*
  * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_certificate(mbedtls_ssl_context *ssl)
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_process_certificate( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_process_certificate(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
-    return( 0 );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY);
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl)
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_process_certificate_verify( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_process_certificate_verify(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
-    return( 0 );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
+    return 0;
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
@@ -2395,74 +2331,70 @@
  * Handler for MBEDTLS_SSL_SERVER_FINISHED
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl)
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_process_finished_message( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_process_finished_message(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_compute_application_transform( ssl );
-    if( ret != 0 )
-    {
+    ret = mbedtls_ssl_tls13_compute_application_transform(ssl);
+    if (ret != 0) {
         MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( ret );
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return ret;
     }
 
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
     mbedtls_ssl_handshake_set_state(
         ssl,
-        MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
+        MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED);
 #else
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_certificate(mbedtls_ssl_context *ssl)
 {
     int non_empty_certificate_msg = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 1,
-                  ( "Switch to handshake traffic keys for outbound traffic" ) );
-    mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
+    MBEDTLS_SSL_DEBUG_MSG(1,
+                          ("Switch to handshake traffic keys for outbound traffic"));
+    mbedtls_ssl_set_outbound_transform(ssl, ssl->handshake->transform_handshake);
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-    if( ssl->handshake->client_auth )
-    {
-        int ret = mbedtls_ssl_tls13_write_certificate( ssl );
-        if( ret != 0 )
-            return( ret );
+    if (ssl->handshake->client_auth) {
+        int ret = mbedtls_ssl_tls13_write_certificate(ssl);
+        if (ret != 0) {
+            return ret;
+        }
 
-        if( mbedtls_ssl_own_cert( ssl ) != NULL )
+        if (mbedtls_ssl_own_cert(ssl) != NULL) {
             non_empty_certificate_msg = 1;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip write certificate" ) );
+        }
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate"));
     }
 #endif
 
-   if( non_empty_certificate_msg )
-   {
-        mbedtls_ssl_handshake_set_state( ssl,
-                                         MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
-   }
-   else
-   {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip write certificate verify" ) );
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-   }
+    if (non_empty_certificate_msg) {
+        mbedtls_ssl_handshake_set_state(ssl,
+                                        MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY);
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("skip write certificate verify"));
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
@@ -2470,14 +2402,15 @@
  * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_certificate_verify(mbedtls_ssl_context *ssl)
 {
-    int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
+    int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl);
 
-    if( ret == 0 )
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    if (ret == 0) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
@@ -2485,56 +2418,56 @@
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_finished(mbedtls_ssl_context *ssl)
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_write_finished_message( ssl );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret );
-        return ( ret );
+    ret = mbedtls_ssl_tls13_write_finished_message(ssl);
+    if (ret != 0) {
+        return ret;
     }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
-    return( 0 );
+    ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_compute_resumption_master_secret ", ret);
+        return ret;
+    }
+
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_FLUSH_BUFFERS);
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_FLUSH_BUFFERS
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
+static int ssl_tls13_flush_buffers(mbedtls_ssl_context *ssl)
 {
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
+static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
 {
 
-    mbedtls_ssl_tls13_handshake_wrapup( ssl );
+    mbedtls_ssl_tls13_handshake_wrapup(ssl);
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
-    return( 0 );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+    return 0;
 }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
-                                                    const unsigned char *buf,
-                                                    const unsigned char *end )
+static int ssl_tls13_parse_new_session_ticket_exts(mbedtls_ssl_context *ssl,
+                                                   const unsigned char *buf,
+                                                   const unsigned char *end)
 {
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     const unsigned char *p = buf;
@@ -2542,40 +2475,37 @@
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    while( p < end )
-    {
+    while (p < end) {
         unsigned int extension_type;
         size_t extension_data_len;
         int ret;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extension_data_len);
 
         ret = mbedtls_ssl_tls13_check_received_extension(
-                  ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type,
-                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST );
-        if( ret != 0 )
-            return( ret );
+            ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, extension_type,
+            MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_NST);
+        if (ret != 0) {
+            return ret;
+        }
 
-        switch( extension_type )
-        {
+        switch (extension_type) {
 #if defined(MBEDTLS_SSL_EARLY_DATA)
             case MBEDTLS_TLS_EXT_EARLY_DATA:
-                if( extension_data_len != 4 )
-                {
+                if (extension_data_len != 4) {
                     MBEDTLS_SSL_PEND_FATAL_ALERT(
                         MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                        MBEDTLS_ERR_SSL_DECODE_ERROR );
-                    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+                        MBEDTLS_ERR_SSL_DECODE_ERROR);
+                    return MBEDTLS_ERR_SSL_DECODE_ERROR;
                 }
-                if( ssl->session != NULL )
-                {
+                if (ssl->session != NULL) {
                     ssl->session->ticket_flags |=
-                            MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
+                        MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA;
                 }
                 break;
 #endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -2583,17 +2513,17 @@
             default:
                 MBEDTLS_SSL_PRINT_EXT(
                     3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
-                    extension_type, "( ignored )" );
+                    extension_type, "( ignored )");
                 break;
         }
 
         p +=  extension_data_len;
     }
 
-    MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
-                            handshake->received_extensions );
+    MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+                           handshake->received_extensions);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2609,11 +2539,11 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_new_session_ticket( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               unsigned char *end,
-                                               unsigned char **ticket_nonce,
-                                               size_t *ticket_nonce_len )
+static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl,
+                                              unsigned char *buf,
+                                              unsigned char *end,
+                                              unsigned char **ticket_nonce,
+                                              size_t *ticket_nonce_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2629,77 +2559,74 @@
      *    ticket_age_add    4 bytes
      *    ticket_nonce_len  1 byte
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 9 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 9);
 
-    session->ticket_lifetime = MBEDTLS_GET_UINT32_BE( p, 0 );
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-                           ( "ticket_lifetime: %u",
-                             ( unsigned int )session->ticket_lifetime ) );
+    session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("ticket_lifetime: %u",
+                           (unsigned int) session->ticket_lifetime));
 
-    session->ticket_age_add = MBEDTLS_GET_UINT32_BE( p, 4 );
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-                           ( "ticket_age_add: %u",
-                             ( unsigned int )session->ticket_age_add ) );
+    session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4);
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("ticket_age_add: %u",
+                           (unsigned int) session->ticket_age_add));
 
     *ticket_nonce_len = p[8];
     p += 9;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, *ticket_nonce_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, *ticket_nonce_len);
     *ticket_nonce = p;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len);
     p += *ticket_nonce_len;
 
     /* Ticket */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    ticket_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    ticket_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ticket_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "received ticket", p, ticket_len ) ;
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ticket_len);
+    MBEDTLS_SSL_DEBUG_BUF(3, "received ticket", p, ticket_len);
 
     /* Check if we previously received a ticket already. */
-    if( session->ticket != NULL || session->ticket_len > 0 )
-    {
-        mbedtls_free( session->ticket );
+    if (session->ticket != NULL || session->ticket_len > 0) {
+        mbedtls_free(session->ticket);
         session->ticket = NULL;
         session->ticket_len = 0;
     }
 
-    if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed"));
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
-    memcpy( ticket, p, ticket_len );
+    memcpy(ticket, p, ticket_len);
     p += ticket_len;
     session->ticket = ticket;
     session->ticket_len = ticket_len;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "ticket extension", p, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "ticket extension", p, extensions_len);
 
-    ret = ssl_tls13_parse_new_session_ticket_exts( ssl, p, p + extensions_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "ssl_tls13_parse_new_session_ticket_exts",
-                               ret );
-        return( ret );
+    ret = ssl_tls13_parse_new_session_ticket_exts(ssl, p, p + extensions_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "ssl_tls13_parse_new_session_ticket_exts",
+                              ret);
+        return ret;
     }
 
     /* session has been updated, allow export */
     session->exported = 0;
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_new_session_ticket( mbedtls_ssl_context *ssl,
-                                                     unsigned char *ticket_nonce,
-                                                     size_t ticket_nonce_len )
+static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl,
+                                                    unsigned char *ticket_nonce,
+                                                    size_t ticket_nonce_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_session *session = ssl->session;
@@ -2709,28 +2636,26 @@
 
 #if defined(MBEDTLS_HAVE_TIME)
     /* Store ticket creation time */
-    session->ticket_received = mbedtls_time( NULL );
+    session->ticket_received = mbedtls_time(NULL);
 #endif
 
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );
-    if( ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
+    if (ciphersuite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
-    hash_length = PSA_HASH_LENGTH( psa_hash_alg );
-    if( hash_length == -1 ||
-        ( size_t )hash_length > sizeof( session->resumption_key ) )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+    hash_length = PSA_HASH_LENGTH(psa_hash_alg);
+    if (hash_length == -1 ||
+        (size_t) hash_length > sizeof(session->resumption_key)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "resumption_master_secret",
-                           session->app_secrets.resumption_master_secret,
-                           hash_length );
+    MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret",
+                          session->app_secrets.resumption_master_secret,
+                          hash_length);
 
     /* Compute resumption key
      *
@@ -2738,37 +2663,36 @@
      *                    "resumption", ticket_nonce, Hash.length )
      */
     ret = mbedtls_ssl_tls13_hkdf_expand_label(
-                    psa_hash_alg,
-                    session->app_secrets.resumption_master_secret,
-                    hash_length,
-                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ),
-                    ticket_nonce,
-                    ticket_nonce_len,
-                    session->resumption_key,
-                    hash_length );
+        psa_hash_alg,
+        session->app_secrets.resumption_master_secret,
+        hash_length,
+        MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption),
+        ticket_nonce,
+        ticket_nonce_len,
+        session->resumption_key,
+        hash_length);
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 2,
-                               "Creating the ticket-resumed PSK failed",
-                               ret );
-        return( ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(2,
+                              "Creating the ticket-resumed PSK failed",
+                              ret);
+        return ret;
     }
 
     session->resumption_key_len = hash_length;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Ticket-resumed PSK",
-                           session->resumption_key,
-                           session->resumption_key_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK",
+                          session->resumption_key,
+                          session->resumption_key_len);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_new_session_ticket(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
@@ -2776,124 +2700,124 @@
     unsigned char *ticket_nonce;
     size_t ticket_nonce_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
-                              ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
-                              &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+                             ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+                             &buf, &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_new_session_ticket(
-                              ssl, buf, buf + buf_len,
-                              &ticket_nonce, &ticket_nonce_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_new_session_ticket(
+                             ssl, buf, buf + buf_len,
+                             &ticket_nonce, &ticket_nonce_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_new_session_ticket(
-                              ssl, ticket_nonce, ticket_nonce_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_new_session_ticket(
+                             ssl, ticket_nonce, ticket_nonce_len));
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket"));
+    return ret;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
-int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
 
-    switch( ssl->state )
-    {
+    switch (ssl->state) {
         case MBEDTLS_SSL_HELLO_REQUEST:
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
             break;
 
         case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = mbedtls_ssl_write_client_hello( ssl );
+            ret = mbedtls_ssl_write_client_hello(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
-            ret = ssl_tls13_process_server_hello( ssl );
+            ret = ssl_tls13_process_server_hello(ssl);
             break;
 
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls13_process_encrypted_extensions( ssl );
+            ret = ssl_tls13_process_encrypted_extensions(ssl);
             break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_tls13_process_certificate_request( ssl );
+            ret = ssl_tls13_process_certificate_request(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            ret = ssl_tls13_process_server_certificate( ssl );
+            ret = ssl_tls13_process_server_certificate(ssl);
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-            ret = ssl_tls13_process_certificate_verify( ssl );
+            ret = ssl_tls13_process_certificate_verify(ssl);
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
         case MBEDTLS_SSL_SERVER_FINISHED:
-            ret = ssl_tls13_process_server_finished( ssl );
+            ret = ssl_tls13_process_server_finished(ssl);
             break;
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            ret = ssl_tls13_write_client_certificate( ssl );
+            ret = ssl_tls13_write_client_certificate(ssl);
             break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
         case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
-            ret = ssl_tls13_write_client_certificate_verify( ssl );
+            ret = ssl_tls13_write_client_certificate_verify(ssl);
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = ssl_tls13_write_client_finished( ssl );
+            ret = ssl_tls13_write_client_finished(ssl);
             break;
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
-            ret = ssl_tls13_flush_buffers( ssl );
+            ret = ssl_tls13_flush_buffers(ssl);
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-            ret = ssl_tls13_handshake_wrapup( ssl );
+            ret = ssl_tls13_handshake_wrapup(ssl);
             break;
 
-        /*
-         * Injection of dummy-CCS's for middlebox compatibility
-         */
+            /*
+             * Injection of dummy-CCS's for middlebox compatibility
+             */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
         case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
-            if( ret == 0 )
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
+            }
             break;
 
         case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
-            if( ret == 0 )
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
+            }
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
         case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET:
-            ret = ssl_tls13_process_new_session_ticket( ssl );
-            if( ret != 0 )
+            ret = ssl_tls13_process_new_session_ticket(ssl);
+            if (ret != 0) {
                 break;
+            }
             ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET;
             break;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
         default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+            return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
-
-
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 121ff43..513937e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -37,31 +37,29 @@
 #include "ssl_debug_helpers.h"
 
 const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
-                MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
-                    { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
-                      0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
-                      0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
-                      0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
+    MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
+{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+  0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+  0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+  0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
 
-int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                           unsigned hs_type,
-                                           unsigned char **buf,
-                                           size_t *buf_len )
+int mbedtls_ssl_tls13_fetch_handshake_msg(mbedtls_ssl_context *ssl,
+                                          unsigned hs_type,
+                                          unsigned char **buf,
+                                          size_t *buf_len)
 {
     int ret;
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+    if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
         goto cleanup;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
-        ssl->in_msg[0]  != hs_type )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+        ssl->in_msg[0]  != hs_type) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Receive unexpected handshake message."));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                                     MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         goto cleanup;
     }
@@ -78,7 +76,7 @@
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
@@ -103,11 +101,11 @@
  *   (64 + 33 + 1 + 48 bytes)
  *
  */
-#define SSL_VERIFY_STRUCT_MAX_SIZE  ( 64 +                          \
-                                      33 +                          \
-                                       1 +                          \
-                                      MBEDTLS_TLS1_3_MD_MAX_SIZE    \
-                                    )
+#define SSL_VERIFY_STRUCT_MAX_SIZE  (64 +                          \
+                                     33 +                          \
+                                     1 +                          \
+                                     MBEDTLS_TLS1_3_MD_MAX_SIZE    \
+                                     )
 
 /*
  * The ssl_tls13_create_verify_structure() creates the verify structure.
@@ -116,11 +114,11 @@
  * The caller has to ensure that the buffer has size at least
  * SSL_VERIFY_STRUCT_MAX_SIZE bytes.
  */
-static void ssl_tls13_create_verify_structure( const unsigned char *transcript_hash,
-                                               size_t transcript_hash_len,
-                                               unsigned char *verify_buffer,
-                                               size_t *verify_buffer_len,
-                                               int from )
+static void ssl_tls13_create_verify_structure(const unsigned char *transcript_hash,
+                                              size_t transcript_hash_len,
+                                              unsigned char *verify_buffer,
+                                              size_t *verify_buffer_len,
+                                              int from)
 {
     size_t idx;
 
@@ -133,34 +131,31 @@
      * -  A single 0 byte which serves as the separator
      * -  The content to be signed
      */
-    memset( verify_buffer, 0x20, 64 );
+    memset(verify_buffer, 0x20, 64);
     idx = 64;
 
-    if( from == MBEDTLS_SSL_IS_CLIENT )
-    {
-        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( client_cv ) );
-        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( client_cv );
-    }
-    else
-    { /* from == MBEDTLS_SSL_IS_SERVER */
-        memcpy( verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( server_cv ) );
-        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN( server_cv );
+    if (from == MBEDTLS_SSL_IS_CLIENT) {
+        memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(client_cv));
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv);
+    } else { /* from == MBEDTLS_SSL_IS_SERVER */
+        memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(server_cv));
+        idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv);
     }
 
     verify_buffer[idx++] = 0x0;
 
-    memcpy( verify_buffer + idx, transcript_hash, transcript_hash_len );
+    memcpy(verify_buffer + idx, transcript_hash, transcript_hash_len);
     idx += transcript_hash_len;
 
     *verify_buffer_len = idx;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               const unsigned char *end,
-                                               const unsigned char *verify_buffer,
-                                               size_t verify_buffer_len )
+static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              const unsigned char *end,
+                                              const unsigned char *verify_buffer,
+                                              size_t verify_buffer_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -184,8 +179,8 @@
      *     opaque signature<0..2^16-1>;
      * } CertificateVerify;
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    algorithm = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    algorithm = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* RFC 8446 section 4.4.3
@@ -202,90 +197,83 @@
      *
      * Check if algorithm is an offered signature algorithm.
      */
-    if( ! mbedtls_ssl_sig_alg_is_offered( ssl, algorithm ) )
-    {
+    if (!mbedtls_ssl_sig_alg_is_offered(ssl, algorithm)) {
         /* algorithm not in offered signature algorithms list */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Received signature algorithm(%04x) is not "
-                                    "offered.",
-                                    ( unsigned int ) algorithm ) );
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Received signature algorithm(%04x) is not "
+                                  "offered.",
+                                  (unsigned int) algorithm));
         goto error;
     }
 
-    if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
-                                        algorithm, &sig_alg, &md_alg ) != 0 )
-    {
+    if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
+            algorithm, &sig_alg, &md_alg) != 0) {
         goto error;
     }
 
-    hash_alg = mbedtls_hash_info_psa_from_md( md_alg );
-    if( hash_alg == 0 )
-    {
+    hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
+    if (hash_alg == 0) {
         goto error;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
-                                ( unsigned int ) algorithm ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate Verify: Signature algorithm ( %04x )",
+                              (unsigned int) algorithm));
 
     /*
      * Check the certificate's key type matches the signature alg
      */
-    if( !mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, sig_alg ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm doesn't match cert key" ) );
+    if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key"));
         goto error;
     }
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    signature_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    signature_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, signature_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, signature_len);
 
-    status = psa_hash_compute( hash_alg,
-                               verify_buffer,
-                               verify_buffer_len,
-                               verify_hash,
-                               sizeof( verify_hash ),
-                               &verify_hash_len );
-    if( status != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "hash computation PSA error", status );
+    status = psa_hash_compute(hash_alg,
+                              verify_buffer,
+                              verify_buffer_len,
+                              verify_hash,
+                              sizeof(verify_hash),
+                              &verify_hash_len);
+    if (status != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "hash computation PSA error", status);
         goto error;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if( sig_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
+    if (sig_alg == MBEDTLS_PK_RSASSA_PSS) {
         rsassa_pss_options.mgf1_hash_id = md_alg;
 
-        rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH( hash_alg );
-        options = (const void*) &rsassa_pss_options;
+        rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg);
+        options = (const void *) &rsassa_pss_options;
     }
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
-    if( ( ret = mbedtls_pk_verify_ext( sig_alg, options,
-                                       &ssl->session_negotiate->peer_cert->pk,
-                                       md_alg, verify_hash, verify_hash_len,
-                                       p, signature_len ) ) == 0 )
-    {
-        return( 0 );
+    if ((ret = mbedtls_pk_verify_ext(sig_alg, options,
+                                     &ssl->session_negotiate->peer_cert->pk,
+                                     md_alg, verify_hash, verify_hash_len,
+                                     p, signature_len)) == 0) {
+        return 0;
     }
-    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify_ext", ret );
+    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret);
 
 error:
     /* RFC 8446 section 4.4.3
      *
      * If the verification fails, the receiver MUST terminate the handshake
      * with a "decrypt_error" alert.
-    */
-    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                                  MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+     */
+    MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+                                 MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+    return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
 
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
-int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl)
 {
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
@@ -297,55 +285,55 @@
     unsigned char *buf;
     size_t buf_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify"));
 
     MBEDTLS_SSL_PROC_CHK(
-        mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
-                MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+        mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
+                                              MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len));
 
     /* Need to calculate the hash of the transcript first
      * before reading the message since otherwise it gets
      * included in the transcript
      */
-    ret = mbedtls_ssl_get_handshake_transcript( ssl,
-                            ssl->handshake->ciphersuite_info->mac,
-                            transcript, sizeof( transcript ),
-                            &transcript_len );
-    if( ret != 0 )
-    {
+    ret = mbedtls_ssl_get_handshake_transcript(ssl,
+                                               ssl->handshake->ciphersuite_info->mac,
+                                               transcript, sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-            MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        return( ret );
+            MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash", transcript, transcript_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash", transcript, transcript_len);
 
     /* Create verify structure */
-    ssl_tls13_create_verify_structure( transcript,
-                                       transcript_len,
-                                       verify_buffer,
-                                       &verify_buffer_len,
-                                       ( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ?
-                                         MBEDTLS_SSL_IS_SERVER :
-                                         MBEDTLS_SSL_IS_CLIENT );
+    ssl_tls13_create_verify_structure(transcript,
+                                      transcript_len,
+                                      verify_buffer,
+                                      &verify_buffer_len,
+                                      (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ?
+                                      MBEDTLS_SSL_IS_SERVER :
+                                      MBEDTLS_SSL_IS_CLIENT);
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
-                            buf + buf_len, verify_buffer, verify_buffer_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_verify(ssl, buf,
+                                                            buf + buf_len, verify_buffer,
+                                                            verify_buffer_len));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
-                                        buf, buf_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+                                       buf, buf_len);
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
-    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_process_certificate_verify", ret );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify"));
+    MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_process_certificate_verify", ret);
+    return ret;
 #else
     ((void) ssl);
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+    return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 }
 
@@ -387,9 +375,9 @@
 /* Parse certificate chain send by the server. */
 MBEDTLS_CHECK_RETURN_CRITICAL
 MBEDTLS_STATIC_TESTABLE
-int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         const unsigned char *end )
+int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t certificate_request_context_len = 0;
@@ -398,58 +386,53 @@
     const unsigned char *certificate_list_end;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 4);
     certificate_request_context_len = p[0];
-    certificate_list_len = MBEDTLS_GET_UINT24_BE( p, 1 );
+    certificate_list_len = MBEDTLS_GET_UINT24_BE(p, 1);
     p += 4;
 
     /* In theory, the certificate list can be up to 2^24 Bytes, but we don't
      * support anything beyond 2^16 = 64K.
      */
-    if( ( certificate_request_context_len != 0 ) ||
-        ( certificate_list_len >= 0x10000 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if ((certificate_request_context_len != 0) ||
+        (certificate_list_len >= 0x10000)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* In case we tried to reuse a session but it failed */
-    if( ssl->session_negotiate->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
-        mbedtls_free( ssl->session_negotiate->peer_cert );
+    if (ssl->session_negotiate->peer_cert != NULL) {
+        mbedtls_x509_crt_free(ssl->session_negotiate->peer_cert);
+        mbedtls_free(ssl->session_negotiate->peer_cert);
     }
 
-    if( certificate_list_len == 0 )
-    {
+    if (certificate_list_len == 0) {
         ssl->session_negotiate->peer_cert = NULL;
         ret = 0;
         goto exit;
     }
 
-    if( ( ssl->session_negotiate->peer_cert =
-          mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed",
-                                    sizeof( mbedtls_x509_crt ) ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                                      MBEDTLS_ERR_SSL_ALLOC_FAILED );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    if ((ssl->session_negotiate->peer_cert =
+             mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("alloc( %" MBEDTLS_PRINTF_SIZET " bytes ) failed",
+                                  sizeof(mbedtls_x509_crt)));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+                                     MBEDTLS_ERR_SSL_ALLOC_FAILED);
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
-    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
+    mbedtls_x509_crt_init(ssl->session_negotiate->peer_cert);
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, certificate_list_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, certificate_list_len);
     certificate_list_end = p + certificate_list_len;
-    while( p < certificate_list_end )
-    {
+    while (p < certificate_list_end) {
         size_t cert_data_len, extensions_len;
         const unsigned char *extensions_end;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 );
-        cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 3);
+        cert_data_len = MBEDTLS_GET_UINT24_BE(p, 0);
         p += 3;
 
         /* In theory, the CRT can be up to 2^24 Bytes, but we don't support
@@ -457,20 +440,18 @@
          * check that we have a minimum of 128 bytes of data, this is not
          * clear why we need that though.
          */
-        if( ( cert_data_len < 128 ) || ( cert_data_len >= 0x10000 ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        if ((cert_data_len < 128) || (cert_data_len >= 0x10000)) {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message"));
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                         MBEDTLS_ERR_SSL_DECODE_ERROR);
+            return MBEDTLS_ERR_SSL_DECODE_ERROR;
         }
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, cert_data_len );
-        ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
-                                          p, cert_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, cert_data_len);
+        ret = mbedtls_x509_crt_parse_der(ssl->session_negotiate->peer_cert,
+                                         p, cert_data_len);
 
-        switch( ret )
-        {
+        switch (ret) {
             case 0: /*ok*/
                 break;
             case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
@@ -479,100 +460,98 @@
                 break;
 
             case MBEDTLS_ERR_X509_ALLOC_FAILED:
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                                              MBEDTLS_ERR_X509_ALLOC_FAILED );
-                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-                return( ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
+                                             MBEDTLS_ERR_X509_ALLOC_FAILED);
+                MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret);
+                return ret;
 
             case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                                              MBEDTLS_ERR_X509_UNKNOWN_VERSION );
-                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-                return( ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                                             MBEDTLS_ERR_X509_UNKNOWN_VERSION);
+                MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret);
+                return ret;
 
             default:
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT,
-                                              ret );
-                MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-                return( ret );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT,
+                                             ret);
+                MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret);
+                return ret;
         }
 
         p += cert_data_len;
 
         /* Certificate extensions length */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 2 );
-        extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, 2);
+        extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
         p += 2;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, certificate_list_end, extensions_len);
 
         extensions_end = p + extensions_len;
         handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-        while( p < extensions_end )
-        {
+        while (p < extensions_end) {
             unsigned int extension_type;
             size_t extension_data_len;
 
             /*
-            * struct {
-            *     ExtensionType extension_type; (2 bytes)
-            *     opaque extension_data<0..2^16-1>;
-            * } Extension;
-            */
-            MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-            extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-            extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+             * struct {
+             *     ExtensionType extension_type; (2 bytes)
+             *     opaque extension_data<0..2^16-1>;
+             * } Extension;
+             */
+            MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+            extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+            extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
             p += 4;
 
-            MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+            MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
 
             ret = mbedtls_ssl_tls13_check_received_extension(
-                      ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
-                      MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT );
-            if( ret != 0 )
-                return( ret );
+                ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
+                MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT);
+            if (ret != 0) {
+                return ret;
+            }
 
-            switch( extension_type )
-            {
+            switch (extension_type) {
                 default:
                     MBEDTLS_SSL_PRINT_EXT(
                         3, MBEDTLS_SSL_HS_CERTIFICATE,
-                        extension_type, "( ignored )" );
+                        extension_type, "( ignored )");
                     break;
             }
 
             p += extension_data_len;
         }
 
-        MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CERTIFICATE,
-                                handshake->received_extensions );
+        MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CERTIFICATE,
+                               handshake->received_extensions);
     }
 
 exit:
     /* Check that all the message is consumed. */
-    if( p != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p != end) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad Certificate message"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
+    MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", ssl->session_negotiate->peer_cert);
 
-    return( ret );
+    return ret;
 }
 #else
 MBEDTLS_CHECK_RETURN_CRITICAL
 MBEDTLS_STATIC_TESTABLE
-int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         const unsigned char *end )
+int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end)
 {
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -581,7 +560,7 @@
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 /* Validate certificate chain sent by the server. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     int authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
@@ -594,14 +573,13 @@
     /* If SNI was used, overwrite authentication mode
      * from the configuration. */
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+        if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
             authmode = ssl->handshake->sni_authmode;
-        else
+        } else
 #endif
-            authmode = ssl->conf->authmode;
+        authmode = ssl->conf->authmode;
     }
 #endif
 
@@ -612,46 +590,40 @@
      * Check for that and handle it depending on the
      * authentication mode.
      */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer has no certificate" ) );
+    if (ssl->session_negotiate->peer_cert == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("peer has no certificate"));
 
 #if defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-        {
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
             /* The client was asked for a certificate but didn't send
              * one. The client should know what's going on, so we
              * don't send an alert.
              */
             ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-            if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
-                return( 0 );
-            else
-            {
-                MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_NO_CERT,
-                                              MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE  );
-                return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+            if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
+                return 0;
+            } else {
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT,
+                                             MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE);
+                return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
             }
         }
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-        {
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_NO_CERT,
-                                          MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
-            return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
+        if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT,
+                                         MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE);
+            return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE;
         }
 #endif /* MBEDTLS_SSL_CLI_C */
     }
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_ca_chain != NULL )
-    {
+    if (ssl->handshake->sni_ca_chain != NULL) {
         ca_chain = ssl->handshake->sni_ca_chain;
         ca_crl = ssl->handshake->sni_ca_crl;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
     {
         ca_chain = ssl->conf->ca_chain;
@@ -667,37 +639,33 @@
         ssl->conf->cert_profile,
         ssl->hostname,
         &verify_result,
-        ssl->conf->f_vrfy, ssl->conf->p_vrfy );
+        ssl->conf->f_vrfy, ssl->conf->p_vrfy);
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
     }
 
     /*
      * Secondary checks: always done, but change 'ret' only if it was 0
      */
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         ext_oid = MBEDTLS_OID_SERVER_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
-    }
-    else
-    {
+        ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
+    } else {
         ext_oid = MBEDTLS_OID_CLIENT_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+        ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
     }
 
-    if( ( mbedtls_x509_crt_check_key_usage(
-              ssl->session_negotiate->peer_cert,
-              MBEDTLS_X509_KU_DIGITAL_SIGNATURE ) != 0 ) ||
-        ( mbedtls_x509_crt_check_extended_key_usage(
-              ssl->session_negotiate->peer_cert,
-              ext_oid, ext_len ) != 0 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
-        if( ret == 0 )
+    if ((mbedtls_x509_crt_check_key_usage(
+             ssl->session_negotiate->peer_cert,
+             MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) ||
+        (mbedtls_x509_crt_check_extended_key_usage(
+             ssl->session_negotiate->peer_cert,
+             ext_oid, ext_len) != 0)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
+        if (ret == 0) {
             ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
+        }
     }
 
     /* mbedtls_x509_crt_verify_with_profile is supposed to report a
@@ -707,96 +675,91 @@
      * functions, are treated as fatal and lead to a failure of
      * mbedtls_ssl_tls13_parse_certificate even if verification was optional.
      */
-    if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-        ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-          ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) )
-    {
+    if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
+        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
+         ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
         ret = 0;
     }
 
-    if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+    if (ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
         ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
     }
 
-    if( ret != 0 )
-    {
+    if (ret != 0) {
         /* The certificate may have been rejected for several reasons.
            Pick one and send the corresponding alert. Which alert to send
            may be a subject of debate in some cases. */
-        if( verify_result & MBEDTLS_X509_BADCERT_OTHER )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret );
-        else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret );
-        else if( verify_result & ( MBEDTLS_X509_BADCERT_KEY_USAGE |
-                                   MBEDTLS_X509_BADCERT_EXT_KEY_USAGE |
-                                   MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
-                                   MBEDTLS_X509_BADCERT_BAD_PK |
-                                   MBEDTLS_X509_BADCERT_BAD_KEY ) )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret );
-        else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );
-        else if( verify_result & MBEDTLS_X509_BADCERT_REVOKED )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret );
-        else if( verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret );
-        else
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret );
+        if (verify_result & MBEDTLS_X509_BADCERT_OTHER) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
+        } else if (verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret);
+        } else if (verify_result & (MBEDTLS_X509_BADCERT_KEY_USAGE |
+                                    MBEDTLS_X509_BADCERT_EXT_KEY_USAGE |
+                                    MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
+                                    MBEDTLS_X509_BADCERT_BAD_PK |
+                                    MBEDTLS_X509_BADCERT_BAD_KEY)) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
+        } else if (verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
+        } else if (verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
+        } else if (verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret);
+        } else {
+            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
+        }
     }
 
 #if defined(MBEDTLS_DEBUG_C)
-    if( verify_result != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
-                                    (unsigned int) verify_result ) );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
+    if (verify_result != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
+                                  (unsigned int) verify_result));
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
     }
 #endif /* MBEDTLS_DEBUG_C */
 
     ssl->session_negotiate->verify_result = verify_result;
-    return( ret );
+    return ret;
 }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
 {
     ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
-int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate"));
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
     unsigned char *buf;
     size_t buf_len;
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
-                          ssl, MBEDTLS_SSL_HS_CERTIFICATE,
-                          &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+                             ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                             &buf, &buf_len));
 
     /* Parse the certificate chain sent by the peer. */
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_parse_certificate( ssl, buf,
-                                                               buf + buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_parse_certificate(ssl, buf,
+                                                             buf + buf_len));
     /* Validate the certificate chain and set the verification results. */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
-                                        buf, buf_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                                       buf, buf_len);
 
 cleanup:
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));
+    return ret;
 }
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
 /*
@@ -824,17 +787,17 @@
  *    } Certificate;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
-                                             unsigned char *buf,
-                                             unsigned char *end,
-                                             size_t *out_len )
+static int ssl_tls13_write_certificate_body(mbedtls_ssl_context *ssl,
+                                            unsigned char *buf,
+                                            unsigned char *end,
+                                            size_t *out_len)
 {
-    const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
+    const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert(ssl);
     unsigned char *p = buf;
     unsigned char *certificate_request_context =
-                                    ssl->handshake->certificate_request_context;
+        ssl->handshake->certificate_request_context;
     unsigned char certificate_request_context_len =
-                                ssl->handshake->certificate_request_context_len;
+        ssl->handshake->certificate_request_context_len;
     unsigned char *p_certificate_list_len;
 
 
@@ -842,11 +805,10 @@
      * opaque certificate_request_context<0..2^8-1>;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, certificate_request_context_len + 1 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, certificate_request_context_len + 1);
     *p++ = certificate_request_context_len;
-    if( certificate_request_context_len > 0 )
-    {
-        memcpy( p, certificate_request_context, certificate_request_context_len );
+    if (certificate_request_context_len > 0) {
+        memcpy(p, certificate_request_context, certificate_request_context_len);
         p += certificate_request_context_len;
     }
 
@@ -854,106 +816,103 @@
      * CertificateEntry certificate_list<0..2^24-1>;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3);
     p_certificate_list_len = p;
     p += 3;
 
-    MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", crt );
+    MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", crt);
 
-    while( crt != NULL )
-    {
+    while (crt != NULL) {
         size_t cert_data_len = crt->raw.len;
 
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, cert_data_len + 3 + 2 );
-        MBEDTLS_PUT_UINT24_BE( cert_data_len, p, 0 );
+        MBEDTLS_SSL_CHK_BUF_PTR(p, end, cert_data_len + 3 + 2);
+        MBEDTLS_PUT_UINT24_BE(cert_data_len, p, 0);
         p += 3;
 
-        memcpy( p, crt->raw.p, cert_data_len );
+        memcpy(p, crt->raw.p, cert_data_len);
         p += cert_data_len;
         crt = crt->next;
 
         /* Currently, we don't have any certificate extensions defined.
          * Hence, we are sending an empty extension with length zero.
          */
-        MBEDTLS_PUT_UINT16_BE( 0, p, 0 );
+        MBEDTLS_PUT_UINT16_BE(0, p, 0);
         p += 2;
     }
 
-    MBEDTLS_PUT_UINT24_BE( p - p_certificate_list_len - 3,
-                           p_certificate_list_len, 0 );
+    MBEDTLS_PUT_UINT24_BE(p - p_certificate_list_len - 3,
+                          p_certificate_list_len, 0);
 
     *out_len = p - buf;
 
     MBEDTLS_SSL_PRINT_EXTS(
-        3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions );
+        3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->sent_extensions);
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl)
 {
     int ret;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                          MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                         MBEDTLS_SSL_HS_CERTIFICATE, &buf,
+                                                         &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
-                                                            buf,
-                                                            buf + buf_len,
-                                                            &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_body(ssl,
+                                                          buf,
+                                                          buf + buf_len,
+                                                          &msg_len));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
-                                        buf, msg_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+                                       buf, msg_len);
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                              ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                             ssl, buf_len, msg_len));
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate"));
+    return ret;
 }
 
 /*
  * STATE HANDLING: Output Certificate Verify
  */
-int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
-                                                    mbedtls_pk_context *key )
+int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
+                                                   mbedtls_pk_context *key)
 {
-    mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key );
-    size_t key_size = mbedtls_pk_get_bitlen( key );
+    mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk(key);
+    size_t key_size = mbedtls_pk_get_bitlen(key);
 
-    switch( pk_type )
-    {
+    switch (pk_type) {
         case MBEDTLS_SSL_SIG_ECDSA:
-            switch( key_size )
-            {
+            switch (key_size) {
                 case 256:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 );
+                    return
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
 
                 case 384:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 );
+                    return
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
 
                 case 521:
-                    return(
-                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 );
+                    return
+                        sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
                 default:
                     break;
             }
             break;
 
         case MBEDTLS_SSL_SIG_RSA:
-            switch( sig_alg )
-            {
+            switch (sig_alg) {
                 case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
                 case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
                 case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
-                    return( 1 );
+                    return 1;
 
                 default:
                     break;
@@ -964,22 +923,22 @@
             break;
     }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
-                                                    unsigned char *buf,
-                                                    unsigned char *end,
-                                                    size_t *out_len )
+static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
+                                                   unsigned char *buf,
+                                                   unsigned char *end,
+                                                   size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
     mbedtls_pk_context *own_key;
 
-    unsigned char handshake_hash[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
+    unsigned char handshake_hash[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t handshake_hash_len;
-    unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
+    unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
     size_t verify_buffer_len;
 
     uint16_t *sig_alg = ssl->handshake->received_sig_algs;
@@ -987,28 +946,28 @@
 
     *out_len = 0;
 
-    own_key = mbedtls_ssl_own_key( ssl );
-    if( own_key == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    own_key = mbedtls_ssl_own_key(ssl);
+    if (own_key == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl,
-                                        ssl->handshake->ciphersuite_info->mac,
-                                        handshake_hash,
-                                        sizeof( handshake_hash ),
-                                        &handshake_hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl,
+                                               ssl->handshake->ciphersuite_info->mac,
+                                               handshake_hash,
+                                               sizeof(handshake_hash),
+                                               &handshake_hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "handshake hash",
-        handshake_hash,
-        handshake_hash_len);
+    MBEDTLS_SSL_DEBUG_BUF(3, "handshake hash",
+                          handshake_hash,
+                          handshake_hash_len);
 
-    ssl_tls13_create_verify_structure( handshake_hash, handshake_hash_len,
-                                       verify_buffer, &verify_buffer_len,
-                                       ssl->conf->endpoint );
+    ssl_tls13_create_verify_structure(handshake_hash, handshake_hash_len,
+                                      verify_buffer, &verify_buffer_len,
+                                      ssl->conf->endpoint);
 
     /*
      *  struct {
@@ -1019,10 +978,9 @@
     /* Check there is space for the algorithm identifier (2 bytes) and the
      * signature length (2 bytes).
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
 
-    for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
-    {
+    for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) {
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
         mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
@@ -1030,96 +988,98 @@
         unsigned char verify_hash[PSA_HASH_MAX_SIZE];
         size_t verify_hash_len;
 
-        if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
+        if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) {
             continue;
+        }
 
-        if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
+        if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) {
             continue;
+        }
 
-        if( !mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
+        if (!mbedtls_ssl_tls13_check_sig_alg_cert_key_match(*sig_alg, own_key)) {
             continue;
+        }
 
-        if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
-                                        *sig_alg, &pk_type, &md_alg ) != 0 )
-        {
-             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR  );
+        if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
+                *sig_alg, &pk_type, &md_alg) != 0) {
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
         /* Hash verify buffer with indicated hash function */
-        psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
-        status = psa_hash_compute( psa_algorithm,
-                                   verify_buffer,
-                                   verify_buffer_len,
-                                   verify_hash, sizeof( verify_hash ),
-                                   &verify_hash_len );
-        if( status != PSA_SUCCESS )
-            return( psa_ssl_status_to_mbedtls( status ) );
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
-
-        if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
-                        md_alg, verify_hash, verify_hash_len,
-                        p + 4, (size_t)( end - ( p + 4 ) ), &signature_len,
-                        ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-             MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
-                                    mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
-             MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
-
-             /* The signature failed. This is possible if the private key
-              * was not suitable for the signature operation as purposely we
-              * did not check its suitability completely. Let's try with
-              * another signature algorithm.
-              */
-             continue;
+        psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg);
+        status = psa_hash_compute(psa_algorithm,
+                                  verify_buffer,
+                                  verify_buffer_len,
+                                  verify_hash, sizeof(verify_hash),
+                                  &verify_hash_len);
+        if (status != PSA_SUCCESS) {
+            return psa_ssl_status_to_mbedtls(status);
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature with %s",
-                                    mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
+        MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
+
+        if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
+                                       md_alg, verify_hash, verify_hash_len,
+                                       p + 4, (size_t) (end - (p + 4)), &signature_len,
+                                       ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
+                                      mbedtls_ssl_sig_alg_to_str(*sig_alg)));
+            MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
+
+            /* The signature failed. This is possible if the private key
+             * was not suitable for the signature operation as purposely we
+             * did not check its suitability completely. Let's try with
+             * another signature algorithm.
+             */
+            continue;
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature with %s",
+                                  mbedtls_ssl_sig_alg_to_str(*sig_alg)));
 
         break;
     }
 
-    if( *sig_alg == MBEDTLS_TLS1_3_SIG_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no suitable signature algorithm" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (*sig_alg == MBEDTLS_TLS1_3_SIG_NONE) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no suitable signature algorithm"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( signature_len, p, 2 );
+    MBEDTLS_PUT_UINT16_BE(*sig_alg, p, 0);
+    MBEDTLS_PUT_UINT16_BE(signature_len, p, 2);
 
     *out_len = 4 + signature_len;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                         MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf,
+                                                         &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body(
-                                ssl, buf, buf + buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body(
+                             ssl, buf, buf + buf_len, &msg_len));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
-                                        buf, msg_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+                                       buf, msg_len);
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                                ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                             ssl, buf_len, msg_len));
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify"));
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -1133,29 +1093,29 @@
  */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_preprocess_finished_message( mbedtls_ssl_context *ssl )
+static int ssl_tls13_preprocess_finished_message(mbedtls_ssl_context *ssl)
 {
     int ret;
 
-    ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
-                    ssl->handshake->state_local.finished_in.digest,
-                    sizeof( ssl->handshake->state_local.finished_in.digest ),
-                    &ssl->handshake->state_local.finished_in.digest_len,
-                    ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
-                        MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret );
-        return( ret );
+    ret = mbedtls_ssl_tls13_calculate_verify_data(ssl,
+                                                  ssl->handshake->state_local.finished_in.digest,
+                                                  sizeof(ssl->handshake->state_local.finished_in.
+                                                         digest),
+                                                  &ssl->handshake->state_local.finished_in.digest_len,
+                                                  ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
+                                                  MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_calculate_verify_data", ret);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
-                                             const unsigned char *buf,
-                                             const unsigned char *end )
+static int ssl_tls13_parse_finished_message(mbedtls_ssl_context *ssl,
+                                            const unsigned char *buf,
+                                            const unsigned char *end)
 {
     /*
      * struct {
@@ -1167,59 +1127,57 @@
     size_t expected_verify_data_len =
         ssl->handshake->state_local.finished_in.digest_len;
     /* Structural validation */
-    if( (size_t)( end - buf ) != expected_verify_data_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+    if ((size_t) (end - buf) != expected_verify_data_len) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):",
-                           expected_verify_data,
-                           expected_verify_data_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf,
-                           expected_verify_data_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (self-computed):",
+                          expected_verify_data,
+                          expected_verify_data_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "verify_data (received message):", buf,
+                          expected_verify_data_len);
 
     /* Semantic validation */
-    if( mbedtls_ct_memcmp( buf,
-                           expected_verify_data,
-                           expected_verify_data_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+    if (mbedtls_ct_memcmp(buf,
+                          expected_verify_data,
+                          expected_verify_data_len) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message"));
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished message"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
-                                              MBEDTLS_SSL_HS_FINISHED,
-                                              &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(ssl,
+                                                               MBEDTLS_SSL_HS_FINISHED,
+                                                               &buf, &buf_len));
 
     /* Preprocessing step: Compute handshake digest */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_preprocess_finished_message(ssl));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
-                                        buf, buf_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
+                                       buf, buf_len);
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished message" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished message"));
+    return ret;
 }
 
 /*
@@ -1232,31 +1190,31 @@
  */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_prepare_finished_message( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl)
 {
     int ret;
 
     /* Compute transcript of handshake up to now. */
-    ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
-                    ssl->handshake->state_local.finished_out.digest,
-                    sizeof( ssl->handshake->state_local.finished_out.digest ),
-                    &ssl->handshake->state_local.finished_out.digest_len,
-                    ssl->conf->endpoint );
+    ret = mbedtls_ssl_tls13_calculate_verify_data(ssl,
+                                                  ssl->handshake->state_local.finished_out.digest,
+                                                  sizeof(ssl->handshake->state_local.finished_out.
+                                                         digest),
+                                                  &ssl->handshake->state_local.finished_out.digest_len,
+                                                  ssl->conf->endpoint);
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "calculate_verify_data failed", ret );
-        return( ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "calculate_verify_data failed", ret);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
-                                                  unsigned char *buf,
-                                                  unsigned char *end,
-                                                  size_t *out_len )
+static int ssl_tls13_write_finished_message_body(mbedtls_ssl_context *ssl,
+                                                 unsigned char *buf,
+                                                 unsigned char *end,
+                                                 size_t *out_len)
 {
     size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
     /*
@@ -1264,66 +1222,65 @@
      *     opaque verify_data[Hash.length];
      * } Finished;
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, verify_data_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, verify_data_len);
 
-    memcpy( buf, ssl->handshake->state_local.finished_out.digest,
-            verify_data_len );
+    memcpy(buf, ssl->handshake->state_local.finished_out.digest,
+           verify_data_len);
 
     *out_len = verify_data_len;
-    return( 0 );
+    return 0;
 }
 
 /* Main entry point: orchestrates the other functions */
-int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished message" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished message"));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_finished_message(ssl));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                              MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                         MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
-                              ssl, buf, buf + buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body(
+                             ssl, buf, buf + buf_len, &msg_len));
 
-    mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
-                                        buf, msg_len );
+    mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
+                                       buf, msg_len);
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                              ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                             ssl, buf_len, msg_len));
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished message"));
+    return ret;
 }
 
-void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
+void mbedtls_ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
 {
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup"));
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) );
-    mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for inbound traffic"));
+    mbedtls_ssl_set_inbound_transform(ssl, ssl->transform_application);
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for outbound traffic" ) );
-    mbedtls_ssl_set_outbound_transform( ssl, ssl->transform_application );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to application keys for outbound traffic"));
+    mbedtls_ssl_set_outbound_transform(ssl, ssl->transform_application);
 
     /*
      * Free the previous session and switch to the current one.
      */
-    if( ssl->session )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
+    if (ssl->session) {
+        mbedtls_ssl_session_free(ssl->session);
+        mbedtls_free(ssl->session);
     }
     ssl->session = ssl->session_negotiate;
     ssl->session_negotiate = NULL;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
 }
 
 /*
@@ -1333,41 +1290,41 @@
  */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
-                                                    unsigned char *buf,
-                                                    unsigned char *end,
-                                                    size_t *olen )
+static int ssl_tls13_write_change_cipher_spec_body(mbedtls_ssl_context *ssl,
+                                                   unsigned char *buf,
+                                                   unsigned char *end,
+                                                   size_t *olen)
 {
     ((void) ssl);
 
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 1);
     buf[0] = 1;
     *olen = 1;
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec"));
 
     /* Write CCS message */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_change_cipher_spec_body(
-                              ssl, ssl->out_msg,
-                              ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
-                              &ssl->out_msglen ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body(
+                             ssl, ssl->out_msg,
+                             ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
+                             &ssl->out_msglen));
 
     ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
 
     /* Dispatch message */
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0));
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec"));
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
@@ -1383,25 +1340,25 @@
  * } EarlyDataIndication;
  */
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-int mbedtls_ssl_tls13_write_early_data_ext( mbedtls_ssl_context *ssl,
-                                            unsigned char *buf,
-                                            const unsigned char *end,
-                                            size_t *out_len )
+int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
+                                           unsigned char *buf,
+                                           const unsigned char *end,
+                                           size_t *out_len)
 {
     unsigned char *p = buf;
     *out_len = 0;
     ((void) ssl);
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EARLY_DATA, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( 0, p, 2 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_EARLY_DATA, p, 0);
+    MBEDTLS_PUT_UINT16_BE(0, p, 2);
 
     *out_len = 4;
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_EARLY_DATA );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_EARLY_DATA);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
@@ -1416,25 +1373,24 @@
  *   - session ticket
  *   - negotiated ciphersuite
  */
-int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char hash_transcript[PSA_HASH_MAX_SIZE + 4];
     size_t hash_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
     uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, ciphersuite_info->mac,
-                                                hash_transcript + 4,
-                                                PSA_HASH_MAX_SIZE,
-                                                &hash_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 4, "mbedtls_ssl_get_handshake_transcript", ret );
-        return( ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, ciphersuite_info->mac,
+                                               hash_transcript + 4,
+                                               PSA_HASH_MAX_SIZE,
+                                               &hash_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(4, "mbedtls_ssl_get_handshake_transcript", ret);
+        return ret;
     }
 
     hash_transcript[0] = MBEDTLS_SSL_HS_MESSAGE_HASH;
@@ -1445,71 +1401,71 @@
     hash_len += 4;
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-256 handshake transcript",
-                               hash_transcript, hash_len );
+    if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
+        MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-256 handshake transcript",
+                              hash_transcript, hash_len);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_hash_abort( &ssl->handshake->fin_sha256_psa );
-        psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
+        psa_hash_abort(&ssl->handshake->fin_sha256_psa);
+        psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
 #else
-        mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+        mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
 #endif
     }
 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
-                               hash_transcript, hash_len );
+    if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+        MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-384 handshake transcript",
+                              hash_transcript, hash_len);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_hash_abort( &ssl->handshake->fin_sha384_psa );
-        psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+        psa_hash_abort(&ssl->handshake->fin_sha384_psa);
+        psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
 #else
-        mbedtls_sha512_starts( &ssl->handshake->fin_sha384, 1 );
+        mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
 #endif
     }
 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-    ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+    ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
+#endif \
+    /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_ECDH_C)
 
-int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               size_t buf_len )
+int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t buf_len)
 {
-    uint8_t *p = (uint8_t*)buf;
+    uint8_t *p = (uint8_t *) buf;
     const uint8_t *end = buf + buf_len;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
     /* Get size of the TLS opaque key_exchange field of the KeyShareEntry struct. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    uint16_t peerkey_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* Check if key size is consistent with given buffer length. */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, peerkey_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, peerkey_len);
 
     /* Store peer's ECDH public key. */
-    memcpy( handshake->ecdh_psa_peerkey, p, peerkey_len );
+    memcpy(handshake->ecdh_psa_peerkey, p, peerkey_len);
     handshake->ecdh_psa_peerkey_len = peerkey_len;
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
-                mbedtls_ssl_context *ssl,
-                uint16_t named_group,
-                unsigned char *buf,
-                unsigned char *end,
-                size_t *out_len )
+    mbedtls_ssl_context *ssl,
+    uint16_t named_group,
+    unsigned char *buf,
+    unsigned char *end,
+    size_t *out_len)
 {
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -1519,49 +1475,47 @@
     psa_ecc_family_t ec_psa_family = 0;
     size_t ec_bits = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation."));
 
     /* Convert EC's TLS ID to PSA key type. */
-    if( mbedtls_ssl_get_psa_curve_info_from_tls_id( named_group,
-                &ec_psa_family, &ec_bits ) == PSA_ERROR_NOT_SUPPORTED )
-    {
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (mbedtls_ssl_get_psa_curve_info_from_tls_id(named_group,
+                                                   &ec_psa_family,
+                                                   &ec_bits) == PSA_ERROR_NOT_SUPPORTED) {
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
-    handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR( ec_psa_family );
+    handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ec_psa_family);
     ssl->handshake->ecdh_bits = ec_bits;
 
     key_attributes = psa_key_attributes_init();
-    psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-    psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-    psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
-    psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
+    psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+    psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
+    psa_set_key_type(&key_attributes, handshake->ecdh_psa_type);
+    psa_set_key_bits(&key_attributes, handshake->ecdh_bits);
 
     /* Generate ECDH private key. */
-    status = psa_generate_key( &key_attributes,
-                                &handshake->ecdh_psa_privkey );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_generate_key", ret );
-        return( ret );
+    status = psa_generate_key(&key_attributes,
+                              &handshake->ecdh_psa_privkey);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
+        return ret;
 
     }
 
     /* Export the public part of the ECDH private key from PSA. */
-    status = psa_export_public_key( handshake->ecdh_psa_privkey,
-                                    buf, (size_t)( end - buf ),
-                                    &own_pubkey_len );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
-        MBEDTLS_SSL_DEBUG_RET( 1, "psa_export_public_key", ret );
-        return( ret );
+    status = psa_export_public_key(handshake->ecdh_psa_privkey,
+                                   buf, (size_t) (end - buf),
+                                   &own_pubkey_len);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
+        return ret;
 
     }
 
     *out_len = own_pubkey_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECDH_C */
 
@@ -1573,25 +1527,24 @@
  *
  */
 int mbedtls_ssl_tls13_check_received_extension(
-        mbedtls_ssl_context *ssl,
-        int hs_msg_type,
-        unsigned int received_extension_type,
-        uint32_t hs_msg_allowed_extensions_mask )
+    mbedtls_ssl_context *ssl,
+    int hs_msg_type,
+    unsigned int received_extension_type,
+    uint32_t hs_msg_allowed_extensions_mask)
 {
     uint32_t extension_mask = mbedtls_ssl_get_extension_mask(
-                                  received_extension_type );
+        received_extension_type);
 
     MBEDTLS_SSL_PRINT_EXT(
-        3, hs_msg_type, received_extension_type, "received" );
+        3, hs_msg_type, received_extension_type, "received");
 
-    if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 )
-    {
+    if ((extension_mask & hs_msg_allowed_extensions_mask) == 0) {
         MBEDTLS_SSL_PRINT_EXT(
-            3, hs_msg_type, received_extension_type, "is illegal" );
+            3, hs_msg_type, received_extension_type, "is illegal");
         MBEDTLS_SSL_PEND_FATAL_ALERT(
             MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
     ssl->handshake->received_extensions |= extension_mask;
@@ -1599,27 +1552,26 @@
      * If it is a message containing extension responses, check that we
      * previously sent the extension.
      */
-    switch( hs_msg_type )
-    {
+    switch (hs_msg_type) {
         case MBEDTLS_SSL_HS_SERVER_HELLO:
         case MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST:
         case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
         case MBEDTLS_SSL_HS_CERTIFICATE:
             /* Check if the received extension is sent by peer message.*/
-            if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 )
-                return( 0 );
+            if ((ssl->handshake->sent_extensions & extension_mask) != 0) {
+                return 0;
+            }
             break;
         default:
-            return( 0 );
+            return 0;
     }
 
     MBEDTLS_SSL_PRINT_EXT(
-            3, hs_msg_type, received_extension_type, "is unsupported" );
+        3, hs_msg_type, received_extension_type, "is unsupported");
     MBEDTLS_SSL_PEND_FATAL_ALERT(
         MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
-        MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
-    return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+        MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION);
+    return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION;
 }
 
 #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
-
diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h
index 5470200..3fb79a9 100644
--- a/library/ssl_tls13_invasive.h
+++ b/library/ssl_tls13_invasive.h
@@ -25,9 +25,9 @@
 #include "psa/crypto.h"
 
 #if defined(MBEDTLS_TEST_HOOKS)
-int mbedtls_ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         const unsigned char *end );
+int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end);
 #endif /* MBEDTLS_TEST_HOOKS */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index cef6144..ecfdab3 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -35,7 +35,7 @@
 
 #include "psa/crypto.h"
 
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
     .name = string,
 
 struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
@@ -84,29 +84,29 @@
 
 static const char tls13_label_prefix[6] = "tls13 ";
 
-#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
-    (   2                  /* expansion length           */ \
-      + 1                  /* label length               */ \
-      + label_len                                           \
-      + 1                  /* context length             */ \
-      + context_len )
+#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
+    (2                     /* expansion length           */ \
+     + 1                   /* label length               */ \
+     + label_len                                           \
+     + 1                   /* context length             */ \
+     + context_len)
 
 #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN                      \
     SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(                             \
-                     sizeof(tls13_label_prefix) +                       \
-                     MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN,     \
-                     MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
+        sizeof(tls13_label_prefix) +                       \
+        MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN,     \
+        MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN)
 
 static void ssl_tls13_hkdf_encode_label(
-                            size_t desired_length,
-                            const unsigned char *label, size_t label_len,
-                            const unsigned char *ctx, size_t ctx_len,
-                            unsigned char *dst, size_t *dst_len )
+    size_t desired_length,
+    const unsigned char *label, size_t label_len,
+    const unsigned char *ctx, size_t ctx_len,
+    unsigned char *dst, size_t *dst_len)
 {
     size_t total_label_len =
         sizeof(tls13_label_prefix) + label_len;
     size_t total_hkdf_lbl_len =
-        SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, ctx_len );
+        SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, ctx_len);
 
     unsigned char *p = dst;
 
@@ -115,131 +115,135 @@
      * TLS 1.3 HKDF key expansion to more than 255 Bytes. */
 #if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
 #error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \
-        value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
+    value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
 #endif
 
     *p++ = 0;
-    *p++ = MBEDTLS_BYTE_0( desired_length );
+    *p++ = MBEDTLS_BYTE_0(desired_length);
 
     /* Add label incl. prefix */
-    *p++ = MBEDTLS_BYTE_0( total_label_len );
-    memcpy( p, tls13_label_prefix, sizeof(tls13_label_prefix) );
+    *p++ = MBEDTLS_BYTE_0(total_label_len);
+    memcpy(p, tls13_label_prefix, sizeof(tls13_label_prefix));
     p += sizeof(tls13_label_prefix);
-    memcpy( p, label, label_len );
+    memcpy(p, label, label_len);
     p += label_len;
 
     /* Add context value */
-    *p++ = MBEDTLS_BYTE_0( ctx_len );
-    if( ctx_len != 0 )
-        memcpy( p, ctx, ctx_len );
+    *p++ = MBEDTLS_BYTE_0(ctx_len);
+    if (ctx_len != 0) {
+        memcpy(p, ctx, ctx_len);
+    }
 
     /* Return total length to the caller.  */
     *dst_len = total_hkdf_lbl_len;
 }
 
 int mbedtls_ssl_tls13_hkdf_expand_label(
-                     psa_algorithm_t hash_alg,
-                     const unsigned char *secret, size_t secret_len,
-                     const unsigned char *label, size_t label_len,
-                     const unsigned char *ctx, size_t ctx_len,
-                     unsigned char *buf, size_t buf_len )
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret, size_t secret_len,
+    const unsigned char *label, size_t label_len,
+    const unsigned char *ctx, size_t ctx_len,
+    unsigned char *buf, size_t buf_len)
 {
-    unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
+    unsigned char hkdf_label[SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN];
     size_t hkdf_label_len = 0;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_derivation_operation_t operation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
 
-    if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
-    {
+    if (label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) {
         /* Should never happen since this is an internal
          * function, and we know statically which labels
          * are allowed. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    if( ctx_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
-    {
+    if (ctx_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) {
         /* Should not happen, as above. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    if( buf_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN )
-    {
+    if (buf_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) {
         /* Should not happen, as above. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    ssl_tls13_hkdf_encode_label( buf_len,
-                                 label, label_len,
-                                 ctx, ctx_len,
-                                 hkdf_label,
-                                 &hkdf_label_len );
+    ssl_tls13_hkdf_encode_label(buf_len,
+                                label, label_len,
+                                ctx, ctx_len,
+                                hkdf_label,
+                                &hkdf_label_len);
 
-    status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) );
+    status = psa_key_derivation_setup(&operation, PSA_ALG_HKDF_EXPAND(hash_alg));
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_input_bytes( &operation,
-                                             PSA_KEY_DERIVATION_INPUT_SECRET,
-                                             secret,
-                                             secret_len );
+    status = psa_key_derivation_input_bytes(&operation,
+                                            PSA_KEY_DERIVATION_INPUT_SECRET,
+                                            secret,
+                                            secret_len);
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_input_bytes( &operation,
-                                             PSA_KEY_DERIVATION_INPUT_INFO,
-                                             hkdf_label,
-                                             hkdf_label_len );
+    status = psa_key_derivation_input_bytes(&operation,
+                                            PSA_KEY_DERIVATION_INPUT_INFO,
+                                            hkdf_label,
+                                            hkdf_label_len);
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_output_bytes( &operation,
-                                              buf,
-                                              buf_len );
+    status = psa_key_derivation_output_bytes(&operation,
+                                             buf,
+                                             buf_len);
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
 cleanup:
-    abort_status = psa_key_derivation_abort( &operation );
-    status = ( status == PSA_SUCCESS ? abort_status : status );
-    mbedtls_platform_zeroize( hkdf_label, hkdf_label_len );
-    return( psa_ssl_status_to_mbedtls ( status ) );
+    abort_status = psa_key_derivation_abort(&operation);
+    status = (status == PSA_SUCCESS ? abort_status : status);
+    mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
+    return psa_ssl_status_to_mbedtls(status);
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_make_traffic_key(
-                    psa_algorithm_t hash_alg,
-                    const unsigned char *secret, size_t secret_len,
-                    unsigned char *key, size_t key_len,
-                    unsigned char *iv, size_t iv_len )
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret, size_t secret_len,
+    unsigned char *key, size_t key_len,
+    unsigned char *iv, size_t iv_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ret = mbedtls_ssl_tls13_hkdf_expand_label(
-                    hash_alg,
-                    secret, secret_len,
-                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
-                    NULL, 0,
-                    key, key_len );
-    if( ret != 0 )
-        return( ret );
+        hash_alg,
+        secret, secret_len,
+        MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key),
+        NULL, 0,
+        key, key_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     ret = mbedtls_ssl_tls13_hkdf_expand_label(
-                    hash_alg,
-                    secret, secret_len,
-                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
-                    NULL, 0,
-                    iv, iv_len );
-    return( ret );
+        hash_alg,
+        secret, secret_len,
+        MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv),
+        NULL, 0,
+        iv, iv_len);
+    return ret;
 }
 
 /*
@@ -259,178 +263,178 @@
  * keys in a single function call.
  */
 int mbedtls_ssl_tls13_make_traffic_keys(
-                     psa_algorithm_t hash_alg,
-                     const unsigned char *client_secret,
-                     const unsigned char *server_secret, size_t secret_len,
-                     size_t key_len, size_t iv_len,
-                     mbedtls_ssl_key_set *keys )
+    psa_algorithm_t hash_alg,
+    const unsigned char *client_secret,
+    const unsigned char *server_secret, size_t secret_len,
+    size_t key_len, size_t iv_len,
+    mbedtls_ssl_key_set *keys)
 {
     int ret = 0;
 
     ret = ssl_tls13_make_traffic_key(
-            hash_alg, client_secret, secret_len,
-            keys->client_write_key, key_len,
-            keys->client_write_iv, iv_len );
-    if( ret != 0 )
-        return( ret );
+        hash_alg, client_secret, secret_len,
+        keys->client_write_key, key_len,
+        keys->client_write_iv, iv_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     ret = ssl_tls13_make_traffic_key(
-            hash_alg, server_secret, secret_len,
-            keys->server_write_key, key_len,
-            keys->server_write_iv, iv_len );
-    if( ret != 0 )
-        return( ret );
+        hash_alg, server_secret, secret_len,
+        keys->server_write_key, key_len,
+        keys->server_write_iv, iv_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     keys->key_len = key_len;
     keys->iv_len = iv_len;
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ssl_tls13_derive_secret(
-                   psa_algorithm_t hash_alg,
-                   const unsigned char *secret, size_t secret_len,
-                   const unsigned char *label, size_t label_len,
-                   const unsigned char *ctx, size_t ctx_len,
-                   int ctx_hashed,
-                   unsigned char *dstbuf, size_t dstbuf_len )
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret, size_t secret_len,
+    const unsigned char *label, size_t label_len,
+    const unsigned char *ctx, size_t ctx_len,
+    int ctx_hashed,
+    unsigned char *dstbuf, size_t dstbuf_len)
 {
     int ret;
-    unsigned char hashed_context[ PSA_HASH_MAX_SIZE ];
-    if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED )
-    {
+    unsigned char hashed_context[PSA_HASH_MAX_SIZE];
+    if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) {
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-        status = psa_hash_compute( hash_alg, ctx, ctx_len, hashed_context,
-                                   PSA_HASH_LENGTH( hash_alg ), &ctx_len );
-        if( status != PSA_SUCCESS )
-        {
-            ret = psa_ssl_status_to_mbedtls( status );
+        status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
+                                  PSA_HASH_LENGTH(hash_alg), &ctx_len);
+        if (status != PSA_SUCCESS) {
+            ret = psa_ssl_status_to_mbedtls(status);
             return ret;
         }
-    }
-    else
-    {
-        if( ctx_len > sizeof(hashed_context) )
-        {
+    } else {
+        if (ctx_len > sizeof(hashed_context)) {
             /* This should never happen since this function is internal
              * and the code sets `ctx_hashed` correctly.
              * Let's double-check nonetheless to not run at the risk
              * of getting a stack overflow. */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
 
-        memcpy( hashed_context, ctx, ctx_len );
+        memcpy(hashed_context, ctx, ctx_len);
     }
 
-    return( mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
-                                                 secret, secret_len,
-                                                 label, label_len,
-                                                 hashed_context, ctx_len,
-                                                 dstbuf, dstbuf_len ) );
+    return mbedtls_ssl_tls13_hkdf_expand_label(hash_alg,
+                                               secret, secret_len,
+                                               label, label_len,
+                                               hashed_context, ctx_len,
+                                               dstbuf, dstbuf_len);
 
 }
 
 int mbedtls_ssl_tls13_evolve_secret(
-                   psa_algorithm_t hash_alg,
-                   const unsigned char *secret_old,
-                   const unsigned char *input, size_t input_len,
-                   unsigned char *secret_new )
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret_old,
+    const unsigned char *input, size_t input_len,
+    unsigned char *secret_new)
 {
     int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t hlen;
-    unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
-    const unsigned char all_zeroes_input[ MBEDTLS_TLS1_3_MD_MAX_SIZE ] = { 0 };
+    unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 };
+    const unsigned char all_zeroes_input[MBEDTLS_TLS1_3_MD_MAX_SIZE] = { 0 };
     const unsigned char *l_input = NULL;
     size_t l_input_len;
 
     psa_key_derivation_operation_t operation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
 
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    hlen = PSA_HASH_LENGTH( hash_alg );
+    hlen = PSA_HASH_LENGTH(hash_alg);
 
     /* For non-initial runs, call Derive-Secret( ., "derived", "")
      * on the old secret. */
-    if( secret_old != NULL )
-    {
+    if (secret_old != NULL) {
         ret = mbedtls_ssl_tls13_derive_secret(
-                   hash_alg,
-                   secret_old, hlen,
-                   MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ),
-                   NULL, 0, /* context */
-                   MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
-                   tmp_secret, hlen );
-        if( ret != 0 )
+            hash_alg,
+            secret_old, hlen,
+            MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived),
+            NULL, 0,        /* context */
+            MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+            tmp_secret, hlen);
+        if (ret != 0) {
             goto cleanup;
+        }
     }
 
     ret = 0;
 
-    if( input != NULL && input_len != 0 )
-    {
+    if (input != NULL && input_len != 0) {
         l_input = input;
         l_input_len = input_len;
-    }
-    else
-    {
+    } else {
         l_input = all_zeroes_input;
         l_input_len = hlen;
     }
 
-    status = psa_key_derivation_setup( &operation,
-                                       PSA_ALG_HKDF_EXTRACT( hash_alg ) );
+    status = psa_key_derivation_setup(&operation,
+                                      PSA_ALG_HKDF_EXTRACT(hash_alg));
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_input_bytes( &operation,
-                                             PSA_KEY_DERIVATION_INPUT_SALT,
-                                             tmp_secret,
-                                             hlen );
+    status = psa_key_derivation_input_bytes(&operation,
+                                            PSA_KEY_DERIVATION_INPUT_SALT,
+                                            tmp_secret,
+                                            hlen);
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_input_bytes( &operation,
-                                             PSA_KEY_DERIVATION_INPUT_SECRET,
-                                             l_input, l_input_len );
+    status = psa_key_derivation_input_bytes(&operation,
+                                            PSA_KEY_DERIVATION_INPUT_SECRET,
+                                            l_input, l_input_len);
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
-    status = psa_key_derivation_output_bytes( &operation,
-                                              secret_new,
-                                              PSA_HASH_LENGTH( hash_alg ) );
+    status = psa_key_derivation_output_bytes(&operation,
+                                             secret_new,
+                                             PSA_HASH_LENGTH(hash_alg));
 
-    if( status != PSA_SUCCESS )
-         goto cleanup;
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
 
- cleanup:
-    abort_status = psa_key_derivation_abort( &operation );
-    status = ( status == PSA_SUCCESS ? abort_status : status );
-    ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret );
-    mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
-    return( ret );
+cleanup:
+    abort_status = psa_key_derivation_abort(&operation);
+    status = (status == PSA_SUCCESS ? abort_status : status);
+    ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret);
+    mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
+    return ret;
 }
 
 int mbedtls_ssl_tls13_derive_early_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *early_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_early_secrets *derived )
+    psa_algorithm_t hash_alg,
+    unsigned char const *early_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_early_secrets *derived)
 {
     int ret;
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
     /*
      *            0
@@ -447,43 +451,46 @@
      */
 
     /* Create client_early_traffic_secret */
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-                         early_secret, hash_len,
-                         MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
-                         transcript, transcript_len,
-                         MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-                         derived->client_early_traffic_secret,
-                         hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          early_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_e_traffic),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->client_early_traffic_secret,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Create early exporter */
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-                         early_secret, hash_len,
-                         MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
-                         transcript, transcript_len,
-                         MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-                         derived->early_exporter_master_secret,
-                         hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          early_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(e_exp_master),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->early_exporter_master_secret,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ssl_tls13_derive_handshake_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *handshake_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_handshake_secrets *derived )
+    psa_algorithm_t hash_alg,
+    unsigned char const *handshake_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_handshake_secrets *derived)
 {
     int ret;
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
     /*
      *
@@ -504,47 +511,50 @@
      * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
      */
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-             handshake_secret, hash_len,
-             MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
-             transcript, transcript_len,
-             MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-             derived->client_handshake_traffic_secret,
-             hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          handshake_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_hs_traffic),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->client_handshake_traffic_secret,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     /*
      * Compute server_handshake_traffic_secret with
      * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
      */
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-             handshake_secret, hash_len,
-             MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
-             transcript, transcript_len,
-             MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-             derived->server_handshake_traffic_secret,
-             hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          handshake_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_hs_traffic),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->server_handshake_traffic_secret,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ssl_tls13_derive_application_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *application_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived )
+    psa_algorithm_t hash_alg,
+    unsigned char const *application_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_application_secrets *derived)
 {
     int ret;
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
     /* Generate {client,server}_application_traffic_secret_0
      *
@@ -564,37 +574,40 @@
      *
      */
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-              application_secret, hash_len,
-              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
-              transcript, transcript_len,
-              MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-              derived->client_application_traffic_secret_N,
-              hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          application_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(c_ap_traffic),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->client_application_traffic_secret_N,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-              application_secret, hash_len,
-              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
-              transcript, transcript_len,
-              MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-              derived->server_application_traffic_secret_N,
-              hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          application_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(s_ap_traffic),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->server_application_traffic_secret_N,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-              application_secret, hash_len,
-              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
-              transcript, transcript_len,
-              MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-              derived->exporter_master_secret,
-              hash_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          application_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exp_master),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->exporter_master_secret,
+                                          hash_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /* Generate resumption_master_secret for use with the ticket exchange.
@@ -602,78 +615,80 @@
  * This is not integrated with mbedtls_ssl_tls13_derive_application_secrets()
  * because it uses the transcript hash up to and including ClientFinished. */
 int mbedtls_ssl_tls13_derive_resumption_master_secret(
-          psa_algorithm_t hash_alg,
-          unsigned char const *application_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived )
+    psa_algorithm_t hash_alg,
+    unsigned char const *application_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_application_secrets *derived)
 {
     int ret;
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
-    ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-              application_secret, hash_len,
-              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
-              transcript, transcript_len,
-              MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
-              derived->resumption_master_secret,
-              hash_len );
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                          application_secret, hash_len,
+                                          MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_master),
+                                          transcript, transcript_len,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+                                          derived->resumption_master_secret,
+                                          hash_len);
 
-    if( ret != 0 )
-        return( ret );
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
-                                        handshake->ciphersuite_info->mac );
+        handshake->ciphersuite_info->mac);
 
     /*
      * Compute MasterSecret
      */
-    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
-                    handshake->tls13_master_secrets.handshake,
-                    NULL, 0,
-                    handshake->tls13_master_secrets.app );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
-        return( ret );
+    ret = mbedtls_ssl_tls13_evolve_secret(hash_alg,
+                                          handshake->tls13_master_secrets.handshake,
+                                          NULL, 0,
+                                          handshake->tls13_master_secrets.app);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
-             handshake->tls13_master_secrets.app, PSA_HASH_LENGTH( hash_alg ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "Master secret",
+                          handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg));
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_calc_finished_core( psa_algorithm_t hash_alg,
-                                         unsigned char const *base_key,
-                                         unsigned char const *transcript,
-                                         unsigned char *dst,
-                                         size_t *dst_len )
+static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg,
+                                        unsigned char const *base_key,
+                                        unsigned char const *transcript,
+                                        unsigned char *dst,
+                                        size_t *dst_len)
 {
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t hash_len = PSA_HASH_LENGTH(hash_alg);
     unsigned char finished_key[PSA_MAC_MAX_SIZE];
     int ret;
     psa_algorithm_t alg;
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
     /* TLS 1.3 Finished message
      *
@@ -693,45 +708,46 @@
      */
 
     ret = mbedtls_ssl_tls13_hkdf_expand_label(
-                                 hash_alg, base_key, hash_len,
-                                 MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
-                                 NULL, 0,
-                                 finished_key, hash_len );
-    if( ret != 0 )
-        goto exit;
-
-    alg = PSA_ALG_HMAC( hash_alg );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
-    psa_set_key_algorithm( &attributes, alg );
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
-
-    status = psa_import_key( &attributes, finished_key, hash_len, &key );
-    if( status != PSA_SUCCESS )
-    {
-        ret = psa_ssl_status_to_mbedtls( status );
+        hash_alg, base_key, hash_len,
+        MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(finished),
+        NULL, 0,
+        finished_key, hash_len);
+    if (ret != 0) {
         goto exit;
     }
 
-    status = psa_mac_compute( key, alg, transcript, hash_len,
-                              dst, hash_len, dst_len );
-    ret = psa_ssl_status_to_mbedtls( status );
+    alg = PSA_ALG_HMAC(hash_alg);
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_algorithm(&attributes, alg);
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+
+    status = psa_import_key(&attributes, finished_key, hash_len, &key);
+    if (status != PSA_SUCCESS) {
+        ret = psa_ssl_status_to_mbedtls(status);
+        goto exit;
+    }
+
+    status = psa_mac_compute(key, alg, transcript, hash_len,
+                             dst, hash_len, dst_len);
+    ret = psa_ssl_status_to_mbedtls(status);
 
 exit:
 
-    status = psa_destroy_key( key );
-    if( ret == 0 )
-        ret = psa_ssl_status_to_mbedtls( status );
+    status = psa_destroy_key(key);
+    if (ret == 0) {
+        ret = psa_ssl_status_to_mbedtls(status);
+    }
 
-    mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) );
+    mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
-                                             unsigned char* dst,
-                                             size_t dst_len,
-                                             size_t *actual_len,
-                                             int from )
+int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl,
+                                            unsigned char *dst,
+                                            size_t dst_len,
+                                            size_t *actual_len,
+                                            int from)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -741,68 +757,64 @@
     unsigned char *base_key = NULL;
     size_t base_key_len = 0;
     mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
-                                            &ssl->handshake->tls13_hs_secrets;
+        &ssl->handshake->tls13_hs_secrets;
 
     mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
 
     psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(
-                                    ssl->handshake->ciphersuite_info->mac );
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+        ssl->handshake->ciphersuite_info->mac);
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data"));
 
-    if( from == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (from == MBEDTLS_SSL_IS_CLIENT) {
         base_key = tls13_hs_secrets->client_handshake_traffic_secret;
-        base_key_len = sizeof( tls13_hs_secrets->client_handshake_traffic_secret );
-    }
-    else
-    {
+        base_key_len = sizeof(tls13_hs_secrets->client_handshake_traffic_secret);
+    } else {
         base_key = tls13_hs_secrets->server_handshake_traffic_secret;
-        base_key_len = sizeof( tls13_hs_secrets->server_handshake_traffic_secret );
+        base_key_len = sizeof(tls13_hs_secrets->server_handshake_traffic_secret);
     }
 
-    if( dst_len < hash_len )
-    {
+    if (dst_len < hash_len) {
         ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
         goto exit;
     }
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript, sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
+                                               transcript, sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret);
         goto exit;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "handshake hash", transcript, transcript_len);
 
-    ret = ssl_tls13_calc_finished_core( hash_alg, base_key, transcript, dst, actual_len );
-    if( ret != 0 )
+    ret = ssl_tls13_calc_finished_core(hash_alg, base_key, transcript, dst, actual_len);
+    if (ret != 0) {
         goto exit;
+    }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, hash_len );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
+    MBEDTLS_SSL_DEBUG_BUF(3, "verify_data for finished message", dst, hash_len);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_tls13_calculate_verify_data"));
 
 exit:
     /* Erase handshake secrets */
-    mbedtls_platform_zeroize( base_key, base_key_len );
-    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
-    return( ret );
+    mbedtls_platform_zeroize(base_key, base_key_len);
+    mbedtls_platform_zeroize(transcript, sizeof(transcript));
+    return ret;
 }
 
-int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
-                               const psa_algorithm_t hash_alg,
-                               unsigned char const *psk, size_t psk_len,
-                               int psk_type,
-                               unsigned char const *transcript,
-                               unsigned char *result )
+int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl,
+                                        const psa_algorithm_t hash_alg,
+                                        unsigned char const *psk, size_t psk_len,
+                                        int psk_type,
+                                        unsigned char const *transcript,
+                                        unsigned char *result)
 {
     int ret = 0;
     unsigned char binder_key[PSA_MAC_MAX_SIZE];
     unsigned char early_secret[PSA_MAC_MAX_SIZE];
-    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
+    size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
     size_t actual_len;
 
 #if !defined(MBEDTLS_DEBUG_C)
@@ -812,8 +824,9 @@
 
     /* We should never call this function with an unknown hash,
      * but add an assertion anyway. */
-    if( ! PSA_ALG_IS_HASH( hash_alg ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (!PSA_ALG_IS_HASH(hash_alg)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
 
     /*
      *            0
@@ -826,41 +839,36 @@
      *            v
      */
 
-    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
-                                           NULL,          /* Old secret */
-                                           psk, psk_len,  /* Input      */
-                                           early_secret );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
+    ret = mbedtls_ssl_tls13_evolve_secret(hash_alg,
+                                          NULL,           /* Old secret */
+                                          psk, psk_len,   /* Input      */
+                                          early_secret);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
         goto exit;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_create_psk_binder",
-                           early_secret, hash_len ) ;
+    MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_create_psk_binder",
+                          early_secret, hash_len);
 
-    if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
-    {
-        ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-                            early_secret, hash_len,
-                            MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
-                            NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
-                            binder_key, hash_len );
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'res binder'" ) );
-    }
-    else
-    {
-        ret = mbedtls_ssl_tls13_derive_secret( hash_alg,
-                            early_secret, hash_len,
-                            MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
-                            NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
-                            binder_key, hash_len );
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'ext binder'" ) );
+    if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
+        ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                              early_secret, hash_len,
+                                              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(res_binder),
+                                              NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+                                              binder_key, hash_len);
+        MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'res binder'"));
+    } else {
+        ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
+                                              early_secret, hash_len,
+                                              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(ext_binder),
+                                              NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+                                              binder_key, hash_len);
+        MBEDTLS_SSL_DEBUG_MSG(4, ("Derive Early Secret with 'ext binder'"));
     }
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_secret", ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_secret", ret);
         goto exit;
     }
 
@@ -869,25 +877,26 @@
      * but with the BaseKey being the binder_key.
      */
 
-    ret = ssl_tls13_calc_finished_core( hash_alg, binder_key, transcript,
-                                        result, &actual_len );
-    if( ret != 0 )
+    ret = ssl_tls13_calc_finished_core(hash_alg, binder_key, transcript,
+                                       result, &actual_len);
+    if (ret != 0) {
         goto exit;
+    }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, actual_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "psk binder", result, actual_len);
 
 exit:
 
-    mbedtls_platform_zeroize( early_secret, sizeof( early_secret ) );
-    mbedtls_platform_zeroize( binder_key,   sizeof( binder_key ) );
-    return( ret );
+    mbedtls_platform_zeroize(early_secret, sizeof(early_secret));
+    mbedtls_platform_zeroize(binder_key,   sizeof(binder_key));
+    return ret;
 }
 
-int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
-                                          int endpoint,
-                                          int ciphersuite,
-                                          mbedtls_ssl_key_set const *traffic_keys,
-                                          mbedtls_ssl_context *ssl /* DEBUG ONLY */ )
+int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
+                                         int endpoint,
+                                         int ciphersuite,
+                                         mbedtls_ssl_key_set const *traffic_keys,
+                                         mbedtls_ssl_context *ssl /* DEBUG ONLY */)
 {
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
     int ret;
@@ -912,84 +921,74 @@
     (void) ssl;
 #endif
 
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
-    if( ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
-                                    ciphersuite ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
+    if (ciphersuite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found",
+                                  ciphersuite));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
-    if( cipher_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
-                                    ciphersuite_info->cipher ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
+    if (cipher_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
+                                  ciphersuite_info->cipher));
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
     /*
      * Setup cipher contexts in target transform
      */
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
-                                      cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
+    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
+                                    cipher_info)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
+        return ret;
     }
 
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
-                                      cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
+    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
+                                    cipher_info)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
+        return ret;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_SRV_C)
-    if( endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_SERVER) {
         key_enc = traffic_keys->server_write_key;
         key_dec = traffic_keys->client_write_key;
         iv_enc = traffic_keys->server_write_iv;
         iv_dec = traffic_keys->client_write_iv;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_SRV_C */
 #if defined(MBEDTLS_SSL_CLI_C)
-    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
+    if (endpoint == MBEDTLS_SSL_IS_CLIENT) {
         key_enc = traffic_keys->client_write_key;
         key_dec = traffic_keys->server_write_key;
         iv_enc = traffic_keys->client_write_iv;
         iv_dec = traffic_keys->server_write_iv;
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_CLI_C */
     {
         /* should not happen */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    memcpy( transform->iv_enc, iv_enc, traffic_keys->iv_len );
-    memcpy( transform->iv_dec, iv_dec, traffic_keys->iv_len );
+    memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len);
+    memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len);
 
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc,
-                                       key_enc, cipher_info->key_bitlen,
-                                       MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
+    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
+                                     key_enc, cipher_info->key_bitlen,
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
+        return ret;
     }
 
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec,
-                                       key_dec, cipher_info->key_bitlen,
-                                       MBEDTLS_DECRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
+    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
+                                     key_dec, cipher_info->key_bitlen,
+                                     MBEDTLS_DECRYPT)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
+        return ret;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -997,10 +996,11 @@
      * Setup other fields in SSL transform
      */
 
-    if( ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ) != 0 )
+    if ((ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) != 0) {
         transform->taglen  = 8;
-    else
+    } else {
         transform->taglen  = 16;
+    }
 
     transform->ivlen       = traffic_keys->iv_len;
     transform->maclen      = 0;
@@ -1018,53 +1018,49 @@
     /*
      * Setup psa keys and alg
      */
-    if( ( status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher,
-                                 transform->taglen,
-                                 &alg,
-                                 &key_type,
-                                 &key_bits ) ) != PSA_SUCCESS )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls( status ) );
-        return( psa_ssl_status_to_mbedtls( status ) );
+    if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
+                                            transform->taglen,
+                                            &alg,
+                                            &key_type,
+                                            &key_bits)) != PSA_SUCCESS) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status));
+        return psa_ssl_status_to_mbedtls(status);
     }
 
     transform->psa_alg = alg;
 
-    if ( alg != MBEDTLS_SSL_NULL_CIPHER )
-    {
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
-        psa_set_key_algorithm( &attributes, alg );
-        psa_set_key_type( &attributes, key_type );
+    if (alg != MBEDTLS_SSL_NULL_CIPHER) {
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+        psa_set_key_algorithm(&attributes, alg);
+        psa_set_key_type(&attributes, key_type);
 
-        if( ( status = psa_import_key( &attributes,
-                                key_enc,
-                                PSA_BITS_TO_BYTES( key_bits ),
-                                &transform->psa_key_enc ) ) != PSA_SUCCESS )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
-            return( psa_ssl_status_to_mbedtls( status ) );
+        if ((status = psa_import_key(&attributes,
+                                     key_enc,
+                                     PSA_BITS_TO_BYTES(key_bits),
+                                     &transform->psa_key_enc)) != PSA_SUCCESS) {
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
+            return psa_ssl_status_to_mbedtls(status);
         }
 
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
 
-        if( ( status = psa_import_key( &attributes,
-                                key_dec,
-                                PSA_BITS_TO_BYTES( key_bits ),
-                                &transform->psa_key_dec ) ) != PSA_SUCCESS )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_ssl_status_to_mbedtls( status ) );
-            return( psa_ssl_status_to_mbedtls( status ) );
+        if ((status = psa_import_key(&attributes,
+                                     key_dec,
+                                     PSA_BITS_TO_BYTES(key_bits),
+                                     &transform->psa_key_dec)) != PSA_SUCCESS) {
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
+            return psa_ssl_status_to_mbedtls(status);
         }
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_get_cipher_key_info(
-                    const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
-                    size_t *key_len, size_t *iv_len )
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
+    size_t *key_len, size_t *iv_len)
 {
     psa_key_type_t key_type;
     psa_algorithm_t alg;
@@ -1072,17 +1068,19 @@
     size_t key_bits;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG )
+    if (ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG) {
         taglen = 8;
-    else
+    } else {
         taglen = 16;
+    }
 
-    status = mbedtls_ssl_cipher_to_psa( ciphersuite_info->cipher, taglen,
-                                        &alg, &key_type, &key_bits );
-    if( status != PSA_SUCCESS )
-        return psa_ssl_status_to_mbedtls( status );
+    status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
+                                       &alg, &key_type, &key_bits);
+    if (status != PSA_SUCCESS) {
+        return psa_ssl_status_to_mbedtls(status);
+    }
 
-    *key_len = PSA_BITS_TO_BYTES( key_bits );
+    *key_len = PSA_BITS_TO_BYTES(key_bits);
 
     /* TLS 1.3 only have AEAD ciphers, IV length is unconditionally 12 bytes */
     *iv_len = 12;
@@ -1101,8 +1099,8 @@
  *       a key for server early traffic.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_generate_early_key( mbedtls_ssl_context *ssl,
-                                         mbedtls_ssl_key_set *traffic_keys )
+static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
+                                        mbedtls_ssl_key_set *traffic_keys)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
@@ -1117,51 +1115,47 @@
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
     mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_tls13_generate_early_key" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_early_key"));
 
-    ret = ssl_tls13_get_cipher_key_info( ciphersuite_info, &key_len, &iv_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_get_cipher_key_info", ret );
+    ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret);
         goto cleanup;
     }
 
     md_type = ciphersuite_info->mac;
 
-    hash_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac );
-    hash_len = PSA_HASH_LENGTH( hash_alg );
+    hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+    hash_len = PSA_HASH_LENGTH(hash_alg);
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript,
-                                                sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_get_handshake_transcript",
-                               ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
+                                               transcript,
+                                               sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_get_handshake_transcript",
+                              ret);
         goto cleanup;
     }
 
     ret = mbedtls_ssl_tls13_derive_early_secrets(
-              hash_alg, handshake->tls13_master_secrets.early,
-              transcript, transcript_len, tls13_early_secrets );
-    if( ret != 0 )
-    {
+        hash_alg, handshake->tls13_master_secrets.early,
+        transcript, transcript_len, tls13_early_secrets);
+    if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(
-            1, "mbedtls_ssl_tls13_derive_early_secrets", ret );
+            1, "mbedtls_ssl_tls13_derive_early_secrets", ret);
         goto cleanup;
     }
 
     MBEDTLS_SSL_DEBUG_BUF(
         4, "Client early traffic secret",
-        tls13_early_secrets->client_early_traffic_secret, hash_len );
+        tls13_early_secrets->client_early_traffic_secret, hash_len);
 
     /*
      * Export client handshake traffic secret
      */
-    if( ssl->f_export_keys != NULL )
-    {
+    if (ssl->f_export_keys != NULL) {
         ssl->f_export_keys(
             ssl->p_export_keys,
             MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
@@ -1169,41 +1163,40 @@
             hash_len,
             handshake->randbytes,
             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
-            MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+            MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
     }
 
     ret = ssl_tls13_make_traffic_key(
-              hash_alg,
-              tls13_early_secrets->client_early_traffic_secret,
-              hash_len, traffic_keys->client_write_key, key_len,
-              traffic_keys->client_write_iv, iv_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_make_traffic_key", ret );
+        hash_alg,
+        tls13_early_secrets->client_early_traffic_secret,
+        hash_len, traffic_keys->client_write_key, key_len,
+        traffic_keys->client_write_iv, iv_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_make_traffic_key", ret);
         goto cleanup;
     }
     traffic_keys->key_len = key_len;
     traffic_keys->iv_len = iv_len;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_key",
-                           traffic_keys->client_write_key,
-                           traffic_keys->key_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "client early write_key",
+                          traffic_keys->client_write_key,
+                          traffic_keys->key_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_iv",
-                           traffic_keys->client_write_iv,
-                           traffic_keys->iv_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "client early write_iv",
+                          traffic_keys->client_write_iv,
+                          traffic_keys->iv_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_tls13_generate_early_key" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_early_key"));
 
 cleanup:
     /* Erase secret and transcript */
     mbedtls_platform_zeroize(
-        tls13_early_secrets, sizeof( mbedtls_ssl_tls13_early_secrets ) );
-    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
-    return( ret );
+        tls13_early_secrets, sizeof(mbedtls_ssl_tls13_early_secrets));
+    mbedtls_platform_zeroize(transcript, sizeof(transcript));
+    return ret;
 }
 
-int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_key_set traffic_keys;
@@ -1212,44 +1205,42 @@
 
     /* Next evolution in key schedule: Establish early_data secret and
      * key material. */
-    ret = ssl_tls13_generate_early_key( ssl, &traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_generate_early_key",
-                               ret );
+    ret = ssl_tls13_generate_early_key(ssl, &traffic_keys);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_early_key",
+                              ret);
         goto cleanup;
     }
 
-    transform_earlydata = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
-    if( transform_earlydata == NULL )
-    {
+    transform_earlydata = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
+    if (transform_earlydata == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto cleanup;
     }
 
     ret = mbedtls_ssl_tls13_populate_transform(
-                                        transform_earlydata,
-                                        ssl->conf->endpoint,
-                                        ssl->session_negotiate->ciphersuite,
-                                        &traffic_keys,
-                                        ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+        transform_earlydata,
+        ssl->conf->endpoint,
+        ssl->session_negotiate->ciphersuite,
+        &traffic_keys,
+        ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret);
         goto cleanup;
     }
     handshake->transform_earlydata = transform_earlydata;
 
 cleanup:
-    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
-    if( ret != 0 )
-        mbedtls_free( transform_earlydata );
+    mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys));
+    if (ret != 0) {
+        mbedtls_free(transform_earlydata);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
-int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t hash_alg;
@@ -1257,48 +1248,44 @@
     unsigned char *psk = NULL;
     size_t psk_len = 0;
 
-    if( handshake->ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    if (handshake->ciphersuite_info == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("cipher suite info not found"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
+    hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
-    {
-        ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk",
-                                   ret );
-            return( ret );
+    if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
+        ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_export_handshake_psk",
+                                  ret);
+            return ret;
         }
     }
 #endif
 
-    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
-                                           handshake->tls13_master_secrets.early );
+    ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, NULL, psk, psk_len,
+                                          handshake->tls13_master_secrets.early);
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
-    mbedtls_free( (void*)psk );
+    mbedtls_free((void *) psk);
 #endif
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
-        return( ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "mbedtls_ssl_tls13_key_schedule_stage_early",
-                           handshake->tls13_master_secrets.early,
-                           PSA_HASH_LENGTH( hash_alg ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_BUF(4, "mbedtls_ssl_tls13_key_schedule_stage_early",
+                          handshake->tls13_master_secrets.early,
+                          PSA_HASH_LENGTH(hash_alg));
+    return 0;
 }
 
 /* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for
  * protecting the handshake messages, as described in Section 7 of TLS 1.3. */
-int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                               mbedtls_ssl_key_set *traffic_keys )
+int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl,
+                                              mbedtls_ssl_key_set *traffic_keys)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
@@ -1313,110 +1300,105 @@
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
     mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_generate_handshake_keys"));
 
-    ret = ssl_tls13_get_cipher_key_info( ciphersuite_info, &key_len, &iv_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_get_cipher_key_info", ret );
+    ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret);
         return ret;
     }
 
     md_type = ciphersuite_info->mac;
 
-    hash_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac );
-    hash_len = PSA_HASH_LENGTH( hash_alg );
+    hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+    hash_len = PSA_HASH_LENGTH(hash_alg);
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript,
-                                                sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_get_handshake_transcript",
-                               ret );
-        return( ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
+                                               transcript,
+                                               sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_get_handshake_transcript",
+                              ret);
+        return ret;
     }
 
-    ret = mbedtls_ssl_tls13_derive_handshake_secrets( hash_alg,
-                                    handshake->tls13_master_secrets.handshake,
-                                    transcript, transcript_len, tls13_hs_secrets );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_handshake_secrets",
-                               ret );
-        return( ret );
+    ret = mbedtls_ssl_tls13_derive_handshake_secrets(hash_alg,
+                                                     handshake->tls13_master_secrets.handshake,
+                                                     transcript, transcript_len, tls13_hs_secrets);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_handshake_secrets",
+                              ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
-                    tls13_hs_secrets->client_handshake_traffic_secret,
-                    hash_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
-                    tls13_hs_secrets->server_handshake_traffic_secret,
-                    hash_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "Client handshake traffic secret",
+                          tls13_hs_secrets->client_handshake_traffic_secret,
+                          hash_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "Server handshake traffic secret",
+                          tls13_hs_secrets->server_handshake_traffic_secret,
+                          hash_len);
 
     /*
      * Export client handshake traffic secret
      */
-    if( ssl->f_export_keys != NULL )
-    {
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
-                tls13_hs_secrets->client_handshake_traffic_secret,
-                hash_len,
-                handshake->randbytes,
-                handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    if (ssl->f_export_keys != NULL) {
+        ssl->f_export_keys(ssl->p_export_keys,
+                           MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+                           tls13_hs_secrets->client_handshake_traffic_secret,
+                           hash_len,
+                           handshake->randbytes,
+                           handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+                           MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
 
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
-                tls13_hs_secrets->server_handshake_traffic_secret,
-                hash_len,
-                handshake->randbytes,
-                handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+        ssl->f_export_keys(ssl->p_export_keys,
+                           MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+                           tls13_hs_secrets->server_handshake_traffic_secret,
+                           hash_len,
+                           handshake->randbytes,
+                           handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+                           MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */);
     }
 
-    ret = mbedtls_ssl_tls13_make_traffic_keys( hash_alg,
-                            tls13_hs_secrets->client_handshake_traffic_secret,
-                            tls13_hs_secrets->server_handshake_traffic_secret,
-                            hash_len, key_len, iv_len, traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
+    ret = mbedtls_ssl_tls13_make_traffic_keys(hash_alg,
+                                              tls13_hs_secrets->client_handshake_traffic_secret,
+                                              tls13_hs_secrets->server_handshake_traffic_secret,
+                                              hash_len, key_len, iv_len, traffic_keys);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret);
         goto exit;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key",
-                           traffic_keys->client_write_key,
-                           traffic_keys->key_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_key",
+                          traffic_keys->client_write_key,
+                          traffic_keys->key_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key",
-                           traffic_keys->server_write_key,
-                           traffic_keys->key_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_key",
+                          traffic_keys->server_write_key,
+                          traffic_keys->key_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv",
-                           traffic_keys->client_write_iv,
-                           traffic_keys->iv_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "client_handshake write_iv",
+                          traffic_keys->client_write_iv,
+                          traffic_keys->iv_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv",
-                           traffic_keys->server_write_iv,
-                           traffic_keys->iv_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "server_handshake write_iv",
+                          traffic_keys->server_write_iv,
+                          traffic_keys->iv_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_tls13_generate_handshake_keys"));
 
 exit:
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
     psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
-                                        handshake->ciphersuite_info->mac );
+        handshake->ciphersuite_info->mac);
     unsigned char *shared_secret = NULL;
     size_t shared_secret_len = 0;
 
@@ -1426,52 +1408,48 @@
      * client_handshake_traffic_secret and server_handshake_traffic_secret
      * are derived in the handshake secret derivation stage.
      */
-    if( mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
-    {
-        if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
-        {
+    if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
+        if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id)) {
 #if defined(MBEDTLS_ECDH_C)
-        /* Compute ECDH shared secret. */
+            /* Compute ECDH shared secret. */
             psa_status_t status = PSA_ERROR_GENERIC_ERROR;
             psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
 
-            status = psa_get_key_attributes( handshake->ecdh_psa_privkey,
-                                             &key_attributes );
-            if( status != PSA_SUCCESS )
-                ret = psa_ssl_status_to_mbedtls( status );
+            status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
+                                            &key_attributes);
+            if (status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+            }
 
             shared_secret_len = PSA_BITS_TO_BYTES(
-                                    psa_get_key_bits( &key_attributes ) );
-            shared_secret = mbedtls_calloc( 1, shared_secret_len );
-            if( shared_secret == NULL )
-                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+                psa_get_key_bits(&key_attributes));
+            shared_secret = mbedtls_calloc(1, shared_secret_len);
+            if (shared_secret == NULL) {
+                return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+            }
 
             status = psa_raw_key_agreement(
-                         PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
-                         handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
-                         shared_secret, shared_secret_len, &shared_secret_len );
-            if( status != PSA_SUCCESS )
-            {
-                ret = psa_ssl_status_to_mbedtls( status );
-                MBEDTLS_SSL_DEBUG_RET( 1, "psa_raw_key_agreement", ret );
+                PSA_ALG_ECDH, handshake->ecdh_psa_privkey,
+                handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
+                shared_secret, shared_secret_len, &shared_secret_len);
+            if (status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+                MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
                 goto cleanup;
             }
 
-            status = psa_destroy_key( handshake->ecdh_psa_privkey );
-            if( status != PSA_SUCCESS )
-            {
-                ret = psa_ssl_status_to_mbedtls( status );
-                MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+            status = psa_destroy_key(handshake->ecdh_psa_privkey);
+            if (status != PSA_SUCCESS) {
+                ret = psa_ssl_status_to_mbedtls(status);
+                MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
                 goto cleanup;
             }
 
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 #endif /* MBEDTLS_ECDH_C */
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Group not supported." ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        } else {
+            MBEDTLS_SSL_DEBUG_MSG(1, ("Group not supported."));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
         }
     }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
@@ -1479,36 +1457,34 @@
     /*
      * Compute the Handshake Secret
      */
-    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg,
-                                           handshake->tls13_master_secrets.early,
-                                           shared_secret, shared_secret_len,
-                                           handshake->tls13_master_secrets.handshake );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
+    ret = mbedtls_ssl_tls13_evolve_secret(hash_alg,
+                                          handshake->tls13_master_secrets.early,
+                                          shared_secret, shared_secret_len,
+                                          handshake->tls13_master_secrets.handshake);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_evolve_secret", ret);
         goto cleanup;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
-                           handshake->tls13_master_secrets.handshake,
-                           PSA_HASH_LENGTH( hash_alg ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "Handshake secret",
+                          handshake->tls13_master_secrets.handshake,
+                          PSA_HASH_LENGTH(hash_alg));
 
 cleanup:
-    if( shared_secret != NULL )
-    {
-         mbedtls_platform_zeroize( shared_secret, shared_secret_len );
-         mbedtls_free( shared_secret );
+    if (shared_secret != NULL) {
+        mbedtls_platform_zeroize(shared_secret, shared_secret_len);
+        mbedtls_free(shared_secret);
     }
 
-    return( ret );
+    return ret;
 }
 
 /* Generate application traffic keys since any records following a 1-RTT Finished message
  * MUST be encrypted under the application traffic key.
  */
 int mbedtls_ssl_tls13_generate_application_keys(
-                                        mbedtls_ssl_context *ssl,
-                                        mbedtls_ssl_key_set *traffic_keys )
+    mbedtls_ssl_context *ssl,
+    mbedtls_ssl_key_set *traffic_keys)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -1530,108 +1506,105 @@
     /* Variables relating to the cipher for the chosen ciphersuite. */
     size_t key_len, iv_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive application traffic keys"));
 
     /* Extract basic information about hash and ciphersuite */
 
-    ret = ssl_tls13_get_cipher_key_info( handshake->ciphersuite_info,
-                                         &key_len, &iv_len );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_get_cipher_key_info", ret );
+    ret = ssl_tls13_get_cipher_key_info(handshake->ciphersuite_info,
+                                        &key_len, &iv_len);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_get_cipher_key_info", ret);
         goto cleanup;
     }
 
     md_type = handshake->ciphersuite_info->mac;
 
-    hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
-    hash_len = PSA_HASH_LENGTH( hash_alg );
+    hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
+    hash_len = PSA_HASH_LENGTH(hash_alg);
 
     /* Compute current handshake transcript. It's the caller's responsibility
      * to call this at the right time, that is, after the ServerFinished. */
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                      transcript, sizeof( transcript ),
-                                      &transcript_len );
-    if( ret != 0 )
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
+                                               transcript, sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /* Compute application secrets from master secret and transcript hash. */
 
-    ret = mbedtls_ssl_tls13_derive_application_secrets( hash_alg,
-                                   handshake->tls13_master_secrets.app,
-                                   transcript, transcript_len,
-                                   app_secrets );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                     "mbedtls_ssl_tls13_derive_application_secrets", ret );
+    ret = mbedtls_ssl_tls13_derive_application_secrets(hash_alg,
+                                                       handshake->tls13_master_secrets.app,
+                                                       transcript, transcript_len,
+                                                       app_secrets);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_derive_application_secrets", ret);
         goto cleanup;
     }
 
     /* Derive first epoch of IV + Key for application traffic. */
 
-    ret = mbedtls_ssl_tls13_make_traffic_keys( hash_alg,
-                             app_secrets->client_application_traffic_secret_N,
-                             app_secrets->server_application_traffic_secret_N,
-                             hash_len, key_len, iv_len, traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
+    ret = mbedtls_ssl_tls13_make_traffic_keys(hash_alg,
+                                              app_secrets->client_application_traffic_secret_N,
+                                              app_secrets->server_application_traffic_secret_N,
+                                              hash_len, key_len, iv_len, traffic_keys);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_make_traffic_keys", ret);
         goto cleanup;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
-                           app_secrets->client_application_traffic_secret_N,
-                           hash_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "Client application traffic secret",
+                          app_secrets->client_application_traffic_secret_N,
+                          hash_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret",
-                           app_secrets->server_application_traffic_secret_N,
-                           hash_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "Server application traffic secret",
+                          app_secrets->server_application_traffic_secret_N,
+                          hash_len);
 
     /*
      * Export client/server application traffic secret 0
      */
-    if( ssl->f_export_keys != NULL )
-    {
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
-                app_secrets->client_application_traffic_secret_N, hash_len,
-                handshake->randbytes,
-                handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
-                                            a new constant for TLS 1.3! */ );
+    if (ssl->f_export_keys != NULL) {
+        ssl->f_export_keys(ssl->p_export_keys,
+                           MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
+                           app_secrets->client_application_traffic_secret_N, hash_len,
+                           handshake->randbytes,
+                           handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+                           MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+                                                       a new constant for TLS 1.3! */);
 
-        ssl->f_export_keys( ssl->p_export_keys,
-                MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
-                app_secrets->server_application_traffic_secret_N, hash_len,
-                handshake->randbytes,
-                handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
-                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
-                                            a new constant for TLS 1.3! */ );
+        ssl->f_export_keys(ssl->p_export_keys,
+                           MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
+                           app_secrets->server_application_traffic_secret_N, hash_len,
+                           handshake->randbytes,
+                           handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
+                           MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
+                                                       a new constant for TLS 1.3! */);
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
-                              traffic_keys->client_write_key, key_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",
-                              traffic_keys->server_write_key, key_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV",
-                              traffic_keys->client_write_iv, iv_len );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV",
-                              traffic_keys->server_write_iv, iv_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "client application_write_key:",
+                          traffic_keys->client_write_key, key_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "server application write key",
+                          traffic_keys->server_write_key, key_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "client application write IV",
+                          traffic_keys->client_write_iv, iv_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "server application write IV",
+                          traffic_keys->server_write_iv, iv_len);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive application traffic keys"));
 
- cleanup:
+cleanup:
     /* randbytes is not used again */
-    mbedtls_platform_zeroize( ssl->handshake->randbytes,
-                              sizeof( ssl->handshake->randbytes ) );
+    mbedtls_platform_zeroize(ssl->handshake->randbytes,
+                             sizeof(ssl->handshake->randbytes));
 
-    mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
-    return( ret );
+    mbedtls_platform_zeroize(transcript, sizeof(transcript));
+    return ret;
 }
 
-int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_key_set traffic_keys;
@@ -1639,52 +1612,49 @@
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
     /* Compute handshake secret */
-    ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_handshake(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_master_secret", ret);
         goto cleanup;
     }
 
     /* Next evolution in key schedule: Establish handshake secret and
      * key material. */
-    ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys",
-                               ret );
+    ret = mbedtls_ssl_tls13_generate_handshake_keys(ssl, &traffic_keys);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_generate_handshake_keys",
+                              ret);
         goto cleanup;
     }
 
-    transform_handshake = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
-    if( transform_handshake == NULL )
-    {
+    transform_handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
+    if (transform_handshake == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto cleanup;
     }
 
     ret = mbedtls_ssl_tls13_populate_transform(
-                                        transform_handshake,
-                                        ssl->conf->endpoint,
-                                        ssl->session_negotiate->ciphersuite,
-                                        &traffic_keys,
-                                        ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+        transform_handshake,
+        ssl->conf->endpoint,
+        ssl->session_negotiate->ciphersuite,
+        &traffic_keys,
+        ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret);
         goto cleanup;
     }
     handshake->transform_handshake = transform_handshake;
 
 cleanup:
-    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
-    if( ret != 0 )
-        mbedtls_free( transform_handshake );
+    mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys));
+    if (ret != 0) {
+        mbedtls_free(transform_handshake);
+    }
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_md_type_t md_type;
@@ -1692,77 +1662,75 @@
     unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     size_t transcript_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-        ( "=> mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2,
+                          ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
 
     md_type = handshake->ciphersuite_info->mac;
 
-    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                transcript, sizeof( transcript ),
-                                                &transcript_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
+                                               transcript, sizeof(transcript),
+                                               &transcript_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
-                              mbedtls_psa_translate_md( md_type ),
-                              handshake->tls13_master_secrets.app,
-                              transcript, transcript_len,
-                              &ssl->session_negotiate->app_secrets );
-    if( ret != 0 )
-        return( ret );
+        mbedtls_psa_translate_md(md_type),
+        handshake->tls13_master_secrets.app,
+        transcript, transcript_len,
+        &ssl->session_negotiate->app_secrets);
+    if (ret != 0) {
+        return ret;
+    }
 
     /* Erase master secrets */
-    mbedtls_platform_zeroize( &handshake->tls13_master_secrets,
-                              sizeof( handshake->tls13_master_secrets ) );
+    mbedtls_platform_zeroize(&handshake->tls13_master_secrets,
+                             sizeof(handshake->tls13_master_secrets));
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
-             ssl->session_negotiate->app_secrets.resumption_master_secret,
-             PSA_HASH_LENGTH( mbedtls_psa_translate_md( md_type ) ) ) ;
+    MBEDTLS_SSL_DEBUG_BUF(4, "Resumption master secret",
+                          ssl->session_negotiate->app_secrets.resumption_master_secret,
+                          PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type)));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-        ( "<= mbedtls_ssl_tls13_compute_resumption_master_secret" ) );
-    return( 0 );
+    MBEDTLS_SSL_DEBUG_MSG(2,
+                          ("<= mbedtls_ssl_tls13_compute_resumption_master_secret"));
+    return 0;
 }
 
-int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_key_set traffic_keys;
     mbedtls_ssl_transform *transform_application = NULL;
 
-    ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-           "mbedtls_ssl_tls13_key_schedule_stage_application", ret );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_application(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_key_schedule_stage_application", ret);
         goto cleanup;
     }
 
-    ret = mbedtls_ssl_tls13_generate_application_keys( ssl, &traffic_keys );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-            "mbedtls_ssl_tls13_generate_application_keys", ret );
+    ret = mbedtls_ssl_tls13_generate_application_keys(ssl, &traffic_keys);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_generate_application_keys", ret);
         goto cleanup;
     }
 
     transform_application =
-        mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
-    if( transform_application == NULL )
-    {
+        mbedtls_calloc(1, sizeof(mbedtls_ssl_transform));
+    if (transform_application == NULL) {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto cleanup;
     }
 
     ret = mbedtls_ssl_tls13_populate_transform(
-                                    transform_application,
-                                    ssl->conf->endpoint,
-                                    ssl->session_negotiate->ciphersuite,
-                                    &traffic_keys,
-                                    ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_populate_transform", ret );
+        transform_application,
+        ssl->conf->endpoint,
+        ssl->session_negotiate->ciphersuite,
+        &traffic_keys,
+        ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_populate_transform", ret);
         goto cleanup;
     }
 
@@ -1770,18 +1738,17 @@
 
 cleanup:
 
-    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
-    if( ret != 0 )
-    {
-        mbedtls_free( transform_application );
+    mbedtls_platform_zeroize(&traffic_keys, sizeof(traffic_keys));
+    if (ret != 0) {
+        mbedtls_free(transform_application);
     }
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
-int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
-                                            unsigned char **psk,
-                                            size_t *psk_len )
+int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
+                                           unsigned char **psk,
+                                           size_t *psk_len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1790,36 +1757,38 @@
     *psk_len = 0;
     *psk = NULL;
 
-    if( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes );
-    if( status != PSA_SUCCESS )
-        return( psa_ssl_status_to_mbedtls( status ) );
-
-    *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) );
-    *psk = mbedtls_calloc( 1, *psk_len );
-    if( *psk == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-    status = psa_export_key( ssl->handshake->psk_opaque,
-                             (uint8_t *)*psk, *psk_len, psk_len );
-    if( status != PSA_SUCCESS )
-    {
-        mbedtls_free( (void *)*psk );
-        *psk = NULL;
-        return( psa_ssl_status_to_mbedtls( status ) );
+    if (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
-    return( 0 );
+
+    status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
+    if (status != PSA_SUCCESS) {
+        return psa_ssl_status_to_mbedtls(status);
+    }
+
+    *psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
+    *psk = mbedtls_calloc(1, *psk_len);
+    if (*psk == NULL) {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
+
+    status = psa_export_key(ssl->handshake->psk_opaque,
+                            (uint8_t *) *psk, *psk_len, psk_len);
+    if (status != PSA_SUCCESS) {
+        mbedtls_free((void *) *psk);
+        *psk = NULL;
+        return psa_ssl_status_to_mbedtls(status);
+    }
+    return 0;
 #else
     *psk = ssl->handshake->psk;
     *psk_len = ssl->handshake->psk_len;
-    if( *psk == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    return( 0 );
+    if (*psk == NULL) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+    return 0;
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index fc64737..d4f2b40 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -23,26 +23,26 @@
  * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union
  * below. */
 #define MBEDTLS_SSL_TLS1_3_LABEL_LIST                                             \
-    MBEDTLS_SSL_TLS1_3_LABEL( finished    , "finished"                          ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( resumption  , "resumption"                        ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd"                       ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( exporter    , "exporter"                          ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( key         , "key"                               ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( iv          , "iv"                                ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic"                      ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic"                      ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic"                       ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic"                      ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic"                      ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic"                       ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master"                      ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( res_master  , "res master"                        ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( exp_master  , "exp master"                        ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( ext_binder  , "ext binder"                        ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( res_binder  , "res binder"                        ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( derived     , "derived"                           ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( client_cv   , "TLS 1.3, client CertificateVerify" ) \
-    MBEDTLS_SSL_TLS1_3_LABEL( server_cv   , "TLS 1.3, server CertificateVerify" )
+    MBEDTLS_SSL_TLS1_3_LABEL(finished, "finished") \
+    MBEDTLS_SSL_TLS1_3_LABEL(resumption, "resumption") \
+    MBEDTLS_SSL_TLS1_3_LABEL(traffic_upd, "traffic upd") \
+    MBEDTLS_SSL_TLS1_3_LABEL(exporter, "exporter") \
+    MBEDTLS_SSL_TLS1_3_LABEL(key, "key") \
+    MBEDTLS_SSL_TLS1_3_LABEL(iv, "iv") \
+    MBEDTLS_SSL_TLS1_3_LABEL(c_hs_traffic, "c hs traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(c_ap_traffic, "c ap traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(c_e_traffic, "c e traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(s_hs_traffic, "s hs traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(s_ap_traffic, "s ap traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(s_e_traffic, "s e traffic") \
+    MBEDTLS_SSL_TLS1_3_LABEL(e_exp_master, "e exp master") \
+    MBEDTLS_SSL_TLS1_3_LABEL(res_master, "res master") \
+    MBEDTLS_SSL_TLS1_3_LABEL(exp_master, "exp master") \
+    MBEDTLS_SSL_TLS1_3_LABEL(ext_binder, "ext binder") \
+    MBEDTLS_SSL_TLS1_3_LABEL(res_binder, "res binder") \
+    MBEDTLS_SSL_TLS1_3_LABEL(derived, "derived") \
+    MBEDTLS_SSL_TLS1_3_LABEL(client_cv, "TLS 1.3, client CertificateVerify") \
+    MBEDTLS_SSL_TLS1_3_LABEL(server_cv, "TLS 1.3, server CertificateVerify")
 
 #define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
 #define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED   1
@@ -52,30 +52,28 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
-    const unsigned char name    [ sizeof(string) - 1 ];
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
+    const unsigned char name    [sizeof(string) - 1];
 
-union mbedtls_ssl_tls13_labels_union
-{
+union mbedtls_ssl_tls13_labels_union {
     MBEDTLS_SSL_TLS1_3_LABEL_LIST
 };
-struct mbedtls_ssl_tls13_labels_struct
-{
+struct mbedtls_ssl_tls13_labels_struct {
     MBEDTLS_SSL_TLS1_3_LABEL_LIST
 };
 #undef MBEDTLS_SSL_TLS1_3_LABEL
 
 extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
 
-#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )  \
+#define MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL)  \
     sizeof(mbedtls_ssl_tls13_labels.LABEL)
 
-#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL )  \
+#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(LABEL)  \
     mbedtls_ssl_tls13_labels.LABEL,              \
-    MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )
+    MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL)
 
 #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN  \
-    sizeof( union mbedtls_ssl_tls13_labels_union )
+    sizeof(union mbedtls_ssl_tls13_labels_union)
 
 /* The maximum length of HKDF contexts used in the TLS 1.3 standard.
  * Since contexts are always hashes of message transcripts, this can
@@ -123,11 +121,11 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_hkdf_expand_label(
-                     psa_algorithm_t hash_alg,
-                     const unsigned char *secret, size_t secret_len,
-                     const unsigned char *label, size_t label_len,
-                     const unsigned char *ctx, size_t ctx_len,
-                     unsigned char *buf, size_t buf_len );
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret, size_t secret_len,
+    const unsigned char *label, size_t label_len,
+    const unsigned char *ctx, size_t ctx_len,
+    unsigned char *buf, size_t buf_len);
 
 /**
  * \brief           This function is part of the TLS 1.3 key schedule.
@@ -162,11 +160,11 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_make_traffic_keys(
-                     psa_algorithm_t hash_alg,
-                     const unsigned char *client_secret,
-                     const unsigned char *server_secret, size_t secret_len,
-                     size_t key_len, size_t iv_len,
-                     mbedtls_ssl_key_set *keys );
+    psa_algorithm_t hash_alg,
+    const unsigned char *client_secret,
+    const unsigned char *server_secret, size_t secret_len,
+    size_t key_len, size_t iv_len,
+    mbedtls_ssl_key_set *keys);
 
 /**
  * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446.
@@ -209,12 +207,12 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_derive_secret(
-                   psa_algorithm_t hash_alg,
-                   const unsigned char *secret, size_t secret_len,
-                   const unsigned char *label, size_t label_len,
-                   const unsigned char *ctx, size_t ctx_len,
-                   int ctx_hashed,
-                   unsigned char *dstbuf, size_t dstbuf_len );
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret, size_t secret_len,
+    const unsigned char *label, size_t label_len,
+    const unsigned char *ctx, size_t ctx_len,
+    int ctx_hashed,
+    unsigned char *dstbuf, size_t dstbuf_len);
 
 /**
  * \brief Derive TLS 1.3 early data key material from early secret.
@@ -260,10 +258,10 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_derive_early_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *early_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_early_secrets *derived );
+    psa_algorithm_t hash_alg,
+    unsigned char const *early_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_early_secrets *derived);
 
 /**
  * \brief Derive TLS 1.3 handshake key material from the handshake secret.
@@ -306,10 +304,10 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_derive_handshake_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *handshake_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_handshake_secrets *derived );
+    psa_algorithm_t hash_alg,
+    unsigned char const *handshake_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_handshake_secrets *derived);
 
 /**
  * \brief Derive TLS 1.3 application key material from the master secret.
@@ -357,10 +355,10 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_derive_application_secrets(
-          psa_algorithm_t hash_alg,
-          unsigned char const *master_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived );
+    psa_algorithm_t hash_alg,
+    unsigned char const *master_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_application_secrets *derived);
 
 /**
  * \brief Derive TLS 1.3 resumption master secret from the master secret.
@@ -388,10 +386,10 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_derive_resumption_master_secret(
-          psa_algorithm_t hash_alg,
-          unsigned char const *application_secret,
-          unsigned char const *transcript, size_t transcript_len,
-          mbedtls_ssl_tls13_application_secrets *derived );
+    psa_algorithm_t hash_alg,
+    unsigned char const *application_secret,
+    unsigned char const *transcript, size_t transcript_len,
+    mbedtls_ssl_tls13_application_secrets *derived);
 
 /**
  * \brief Compute the next secret in the TLS 1.3 key schedule
@@ -462,10 +460,10 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_evolve_secret(
-                   psa_algorithm_t hash_alg,
-                   const unsigned char *secret_old,
-                   const unsigned char *input, size_t input_len,
-                   unsigned char *secret_new );
+    psa_algorithm_t hash_alg,
+    const unsigned char *secret_old,
+    const unsigned char *input, size_t input_len,
+    unsigned char *secret_new);
 
 /**
  * \brief             Calculate a TLS 1.3 PSK binder.
@@ -491,12 +489,12 @@
  * \returns           A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
-                               const psa_algorithm_t hash_alg,
-                               unsigned char const *psk, size_t psk_len,
-                               int psk_type,
-                               unsigned char const *transcript,
-                               unsigned char *result );
+int mbedtls_ssl_tls13_create_psk_binder(mbedtls_ssl_context *ssl,
+                                        const psa_algorithm_t hash_alg,
+                                        unsigned char const *psk, size_t psk_len,
+                                        int psk_type,
+                                        unsigned char const *transcript,
+                                        unsigned char *result);
 
 /**
  * \bref Setup an SSL transform structure representing the
@@ -526,11 +524,11 @@
  * \return             A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
-                                          int endpoint,
-                                          int ciphersuite,
-                                          mbedtls_ssl_key_set const *traffic_keys,
-                                          mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
+                                         int endpoint,
+                                         int ciphersuite,
+                                         mbedtls_ssl_key_set const *traffic_keys,
+                                         mbedtls_ssl_context *ssl);
 
 /*
  * TLS 1.3 key schedule evolutions
@@ -553,7 +551,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Transition into handshake stage of TLS 1.3 key schedule.
@@ -572,7 +570,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Compute TLS 1.3 handshake traffic keys.
@@ -587,8 +585,8 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
-                                               mbedtls_ssl_key_set *traffic_keys );
+int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl,
+                                              mbedtls_ssl_key_set *traffic_keys);
 
 /**
  * \brief Transition into application stage of TLS 1.3 key schedule.
@@ -607,7 +605,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Compute TLS 1.3 application traffic keys.
@@ -623,7 +621,7 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_generate_application_keys(
-    mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
+    mbedtls_ssl_context *ssl, mbedtls_ssl_key_set *traffic_keys);
 
 /**
  * \brief Compute TLS 1.3 resumption master secret.
@@ -636,7 +634,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_compute_resumption_master_secret( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Calculate the verify_data value for the client or server TLS 1.3
@@ -661,11 +659,11 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
-                                             unsigned char *dst,
-                                             size_t dst_len,
-                                             size_t *actual_len,
-                                             int which );
+int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl,
+                                            unsigned char *dst,
+                                            size_t dst_len,
+                                            size_t *actual_len,
+                                            int which);
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
 /**
@@ -685,7 +683,7 @@
  *             traffic from the server to the client).
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_early_transform(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 /**
@@ -698,7 +696,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_compute_handshake_transform( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl);
 
 /**
  * \brief Compute TLS 1.3 application transform
@@ -710,7 +708,7 @@
  * \returns    A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_compute_application_transform( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
 /**
@@ -725,9 +723,9 @@
  * \returns     A negative error code on failure.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
-                                            unsigned char **psk,
-                                            size_t *psk_len );
+int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
+                                           unsigned char **psk,
+                                           size_t *psk_len);
 #endif
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 685e10b..980c225 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -15,7 +15,7 @@
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
-*/
+ */
 
 #include "common.h"
 
@@ -32,21 +32,21 @@
 
 
 static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
-                                      mbedtls_ssl_context *ssl,
-                                      unsigned int cipher_suite )
+    mbedtls_ssl_context *ssl,
+    unsigned int cipher_suite)
 {
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
-        return( NULL );
-
-    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
-    if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
-                                            ssl->tls_version,
-                                            ssl->tls_version ) != 0 ) )
-    {
-        return( NULL );
+    if (!mbedtls_ssl_tls13_cipher_suite_is_offered(ssl, cipher_suite)) {
+        return NULL;
     }
-    return( ciphersuite_info );
+
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(cipher_suite);
+    if ((mbedtls_ssl_validate_ciphersuite(ssl, ciphersuite_info,
+                                          ssl->tls_version,
+                                          ssl->tls_version) != 0)) {
+        return NULL;
+    }
+    return ciphersuite_info;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -58,49 +58,46 @@
  *   } PskKeyExchangeModes;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
-                                                   const unsigned char *buf,
-                                                   const unsigned char *end )
+static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
+                                                  const unsigned char *buf,
+                                                  const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t ke_modes_len;
     int ke_modes = 0;
 
     /* Read ke_modes length (1 Byte) */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
     ke_modes_len = *p++;
     /* Currently, there are only two PSK modes, so even without looking
      * at the content, something's wrong if the list has more than 2 items. */
-    if( ke_modes_len > 2 )
-    {
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ke_modes_len > 2) {
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ke_modes_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, ke_modes_len);
 
-    while( ke_modes_len-- != 0 )
-    {
-        switch( *p++ )
-        {
-        case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE:
-            ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK KEX MODE" ) );
-            break;
-        case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE:
-            ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK_EPHEMERAL KEX MODE" ) );
-            break;
-        default:
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                          MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    while (ke_modes_len-- != 0) {
+        switch (*p++) {
+            case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE:
+                ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+                MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK KEX MODE"));
+                break;
+            case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE:
+                ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+                MBEDTLS_SSL_DEBUG_MSG(3, ("Found PSK_EPHEMERAL KEX MODE"));
+                break;
+            default:
+                MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                             MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+                return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
     }
 
     ssl->handshake->tls13_kex_modes = ke_modes;
-    return( 0 );
+    return 0;
 }
 
 #define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH   1
@@ -110,11 +107,11 @@
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_offered_psks_check_identity_match_ticket(
-                                            mbedtls_ssl_context *ssl,
-                                            const unsigned char *identity,
-                                            size_t identity_len,
-                                            uint32_t obfuscated_ticket_age,
-                                            mbedtls_ssl_session *session )
+    mbedtls_ssl_context *ssl,
+    const unsigned char *identity,
+    size_t identity_len,
+    uint32_t obfuscated_ticket_age,
+    mbedtls_ssl_session *session)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *ticket_buffer;
@@ -126,57 +123,57 @@
 
     ((void) obfuscated_ticket_age);
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> check_identity_match_ticket" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> check_identity_match_ticket"));
 
     /* Ticket parser is not configured, Skip */
-    if( ssl->conf->f_ticket_parse == NULL || identity_len == 0 )
-        return( 0 );
+    if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
+        return 0;
+    }
 
     /* We create a copy of the encrypted ticket since the ticket parsing
      * function is allowed to use its input buffer as an output buffer
      * (in-place decryption). We do, however, need the original buffer for
      * computing the PSK binder value.
      */
-    ticket_buffer = mbedtls_calloc( 1, identity_len );
-    if( ticket_buffer == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return ( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    ticket_buffer = mbedtls_calloc(1, identity_len);
+    if (ticket_buffer == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
-    memcpy( ticket_buffer, identity, identity_len );
+    memcpy(ticket_buffer, identity, identity_len);
 
-    if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket,
-                                           session,
-                                           ticket_buffer, identity_len ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
-        else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
-        else
-            MBEDTLS_SSL_DEBUG_RET( 1, "ticket_parse", ret );
+    if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
+                                         session,
+                                         ticket_buffer, identity_len)) != 0) {
+        if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
+        } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
+            MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
+        } else {
+            MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret);
+        }
     }
 
     /* We delete the temporary buffer */
-    mbedtls_free( ticket_buffer );
+    mbedtls_free(ticket_buffer);
 
-    if( ret != 0 )
-        goto exit;
-
-    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-#if defined(MBEDTLS_HAVE_TIME)
-    now = mbedtls_time( NULL );
-
-    if( now < session->start )
-    {
-        MBEDTLS_SSL_DEBUG_MSG(
-            3, ( "Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG
-                     ", start=%" MBEDTLS_PRINTF_LONGLONG " )",
-                 (long long)now, (long long)session->start ) );
+    if (ret != 0) {
         goto exit;
     }
 
-    age_in_s = (uint64_t)( now - session->start );
+    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+#if defined(MBEDTLS_HAVE_TIME)
+    now = mbedtls_time(NULL);
+
+    if (now < session->start) {
+        MBEDTLS_SSL_DEBUG_MSG(
+            3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG
+                ", start=%" MBEDTLS_PRINTF_LONGLONG " )",
+                (long long) now, (long long) session->start));
+        goto exit;
+    }
+
+    age_in_s = (uint64_t) (now - session->start);
 
     /* RFC 8446 section 4.6.1
      *
@@ -189,11 +186,10 @@
      *
      * For time being, the age MUST be less than 604800 seconds (7 days).
      */
-    if( age_in_s > 604800 )
-    {
+    if (age_in_s > 604800) {
         MBEDTLS_SSL_DEBUG_MSG(
-            3, ( "Ticket age exceeds limitation ticket_age=%lu",
-                 (long unsigned int)age_in_s ) );
+            3, ("Ticket age exceeds limitation ticket_age=%lu",
+                (long unsigned int) age_in_s));
         goto exit;
     }
 
@@ -210,13 +206,12 @@
      *       into account.
      */
     age_diff_in_ms = age_in_s * 1000;
-    age_diff_in_ms -= ( obfuscated_ticket_age - session->ticket_age_add );
-    if( age_diff_in_ms <= -1000 ||
-        age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE )
-    {
+    age_diff_in_ms -= (obfuscated_ticket_age - session->ticket_age_add);
+    if (age_diff_in_ms <= -1000 ||
+        age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) {
         MBEDTLS_SSL_DEBUG_MSG(
-            3, ( "Ticket age outside tolerance window ( diff=%d )",
-                 (int)age_diff_in_ms ) );
+            3, ("Ticket age outside tolerance window ( diff=%d )",
+                (int) age_diff_in_ms));
         goto exit;
     }
 
@@ -225,81 +220,78 @@
 #endif /* MBEDTLS_HAVE_TIME */
 
 exit:
-    if( ret != 0 )
-        mbedtls_ssl_session_free( session );
+    if (ret != 0) {
+        mbedtls_ssl_session_free(session);
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= check_identity_match_ticket" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= check_identity_match_ticket"));
+    return ret;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_offered_psks_check_identity_match(
-               mbedtls_ssl_context *ssl,
-               const unsigned char *identity,
-               size_t identity_len,
-               uint32_t obfuscated_ticket_age,
-               int *psk_type,
-               mbedtls_ssl_session *session )
+    mbedtls_ssl_context *ssl,
+    const unsigned char *identity,
+    size_t identity_len,
+    uint32_t obfuscated_ticket_age,
+    int *psk_type,
+    mbedtls_ssl_session *session)
 {
     ((void) session);
     ((void) obfuscated_ticket_age);
     *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "identity", identity, identity_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len);
     ssl->handshake->resume = 0;
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl_tls13_offered_psks_check_identity_match_ticket(
+    if (ssl_tls13_offered_psks_check_identity_match_ticket(
             ssl, identity, identity_len, obfuscated_ticket_age,
-            session ) == SSL_TLS1_3_OFFERED_PSK_MATCH )
-    {
+            session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
         ssl->handshake->resume = 1;
         *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
-        mbedtls_ssl_set_hs_psk( ssl,
-                                session->resumption_key,
-                                session->resumption_key_len );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "Ticket-resumed PSK:",
+        mbedtls_ssl_set_hs_psk(ssl,
                                session->resumption_key,
-                               session->resumption_key_len );
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "ticket: obfuscated_ticket_age: %u",
-                                    (unsigned)obfuscated_ticket_age ) );
-        return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+                               session->resumption_key_len);
+
+        MBEDTLS_SSL_DEBUG_BUF(4, "Ticket-resumed PSK:",
+                              session->resumption_key,
+                              session->resumption_key_len);
+        MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u",
+                                  (unsigned) obfuscated_ticket_age));
+        return SSL_TLS1_3_OFFERED_PSK_MATCH;
     }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
     /* Check identity with external configured function */
-    if( ssl->conf->f_psk != NULL )
-    {
-        if( ssl->conf->f_psk(
-                ssl->conf->p_psk, ssl, identity, identity_len ) == 0 )
-        {
-            return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+    if (ssl->conf->f_psk != NULL) {
+        if (ssl->conf->f_psk(
+                ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
+            return SSL_TLS1_3_OFFERED_PSK_MATCH;
         }
-        return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
+        return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 5, "identity", identity, identity_len );
+    MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len);
     /* Check identity with pre-configured psk */
-    if( ssl->conf->psk_identity != NULL &&
+    if (ssl->conf->psk_identity != NULL &&
         identity_len == ssl->conf->psk_identity_len &&
-        mbedtls_ct_memcmp( ssl->conf->psk_identity,
-                            identity, identity_len ) == 0 )
-    {
-        mbedtls_ssl_set_hs_psk( ssl, ssl->conf->psk, ssl->conf->psk_len );
-        return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+        mbedtls_ct_memcmp(ssl->conf->psk_identity,
+                          identity, identity_len) == 0) {
+        mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len);
+        return SSL_TLS1_3_OFFERED_PSK_MATCH;
     }
 
-    return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
+    return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl,
-                                                      const unsigned char *binder,
-                                                      size_t binder_len,
-                                                      int psk_type,
-                                                      psa_algorithm_t psk_hash_alg )
+static int ssl_tls13_offered_psks_check_binder_match(mbedtls_ssl_context *ssl,
+                                                     const unsigned char *binder,
+                                                     size_t binder_len,
+                                                     int psk_type,
+                                                     psa_algorithm_t psk_hash_alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -311,49 +303,49 @@
 
     /* Get current state of handshake transcript. */
     ret = mbedtls_ssl_get_handshake_transcript(
-              ssl, mbedtls_hash_info_md_from_psa( psk_hash_alg ),
-              transcript, sizeof( transcript ), &transcript_len );
-    if( ret != 0 )
-        return( ret );
+        ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg),
+        transcript, sizeof(transcript), &transcript_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_create_psk_binder( ssl, psk_hash_alg,
-                                               psk, psk_len, psk_type,
-                                               transcript,
-                                               server_computed_binder );
+    ret = mbedtls_ssl_tls13_create_psk_binder(ssl, psk_hash_alg,
+                                              psk, psk_len, psk_type,
+                                              transcript,
+                                              server_computed_binder);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_free( (void*)psk );
+    mbedtls_free((void *) psk);
 #endif
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "PSK binder calculation failed." ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder ( computed ): ",
-                           server_computed_binder, transcript_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder ( received ): ", binder, binder_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( computed ): ",
+                          server_computed_binder, transcript_len);
+    MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len);
 
-    if( mbedtls_ct_memcmp( server_computed_binder, binder, binder_len ) == 0 )
-    {
-        return( SSL_TLS1_3_OFFERED_PSK_MATCH );
+    if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) {
+        return SSL_TLS1_3_OFFERED_PSK_MATCH;
     }
 
-    mbedtls_platform_zeroize( server_computed_binder,
-                              sizeof( server_computed_binder ) );
-    return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
+    mbedtls_platform_zeroize(server_computed_binder,
+                             sizeof(server_computed_binder));
+    return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_select_ciphersuite_for_psk(
-               mbedtls_ssl_context *ssl,
-               const unsigned char *cipher_suites,
-               const unsigned char *cipher_suites_end,
-               uint16_t *selected_ciphersuite,
-               const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+    mbedtls_ssl_context *ssl,
+    const unsigned char *cipher_suites,
+    const unsigned char *cipher_suites_end,
+    uint16_t *selected_ciphersuite,
+    const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
 {
     psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
 
@@ -370,79 +362,80 @@
     /*
      * Search for a matching ciphersuite
      */
-    for ( const unsigned char *p = cipher_suites;
-          p < cipher_suites_end; p += 2 )
-    {
+    for (const unsigned char *p = cipher_suites;
+         p < cipher_suites_end; p += 2) {
         uint16_t cipher_suite;
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-        cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
-        ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
-                                                                cipher_suite );
-        if( ciphersuite_info == NULL )
+        cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
+        ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
+                                                               cipher_suite);
+        if (ciphersuite_info == NULL) {
             continue;
+        }
 
         /* MAC of selected ciphersuite MUST be same with PSK binder if exist.
          * Otherwise, client should reject.
          */
-        if( psk_hash_alg == mbedtls_psa_translate_md( ciphersuite_info->mac ) )
-        {
+        if (psk_hash_alg == mbedtls_psa_translate_md(ciphersuite_info->mac)) {
             *selected_ciphersuite = cipher_suite;
             *selected_ciphersuite_info = ciphersuite_info;
-            return( 0 );
+            return 0;
         }
     }
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "No matched ciphersuite" ) );
-    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite"));
+    return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
 }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_select_ciphersuite_for_resumption(
-               mbedtls_ssl_context *ssl,
-               const unsigned char *cipher_suites,
-               const unsigned char *cipher_suites_end,
-               mbedtls_ssl_session *session,
-               uint16_t *selected_ciphersuite,
-               const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info )
+    mbedtls_ssl_context *ssl,
+    const unsigned char *cipher_suites,
+    const unsigned char *cipher_suites_end,
+    mbedtls_ssl_session *session,
+    uint16_t *selected_ciphersuite,
+    const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
 {
 
     *selected_ciphersuite = 0;
     *selected_ciphersuite_info = NULL;
-    for( const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2 )
-    {
-        uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+    for (const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2) {
+        uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-        if( cipher_suite != session->ciphersuite )
+        if (cipher_suite != session->ciphersuite) {
             continue;
+        }
 
-        ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
-                                                                cipher_suite );
-        if( ciphersuite_info == NULL )
+        ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
+                                                               cipher_suite);
+        if (ciphersuite_info == NULL) {
             continue;
+        }
 
         *selected_ciphersuite = cipher_suite;
         *selected_ciphersuite_info = ciphersuite_info;
 
-        return( 0 );
+        return 0;
     }
 
-    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_session_copy_ticket( mbedtls_ssl_session *dst,
-                                          const mbedtls_ssl_session *src )
+static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
+                                         const mbedtls_ssl_session *src)
 {
     dst->ticket_age_add = src->ticket_age_add;
     dst->ticket_flags = src->ticket_flags;
     dst->resumption_key_len = src->resumption_key_len;
-    if( src->resumption_key_len == 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    memcpy( dst->resumption_key, src->resumption_key, src->resumption_key_len );
+    if (src->resumption_key_len == 0) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+    memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
@@ -467,11 +460,11 @@
  *    } PreSharedKeyExtension;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
-                                               const unsigned char *pre_shared_key_ext,
-                                               const unsigned char *pre_shared_key_ext_end,
-                                               const unsigned char *ciphersuites,
-                                               const unsigned char *ciphersuites_end )
+static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
+                                              const unsigned char *pre_shared_key_ext,
+                                              const unsigned char *pre_shared_key_ext_end,
+                                              const unsigned char *ciphersuites,
+                                              const unsigned char *ciphersuites_end)
 {
     const unsigned char *identities = pre_shared_key_ext;
     const unsigned char *p_identity_len;
@@ -484,35 +477,34 @@
     int matched_identity = -1;
     int identity_id = -1;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "pre_shared_key extension",
-                           pre_shared_key_ext,
-                           pre_shared_key_ext_end - pre_shared_key_ext );
+    MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key extension",
+                          pre_shared_key_ext,
+                          pre_shared_key_ext_end - pre_shared_key_ext);
 
     /* identities_len       2 bytes
      * identities_data   >= 7 bytes
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, pre_shared_key_ext_end, 7 + 2 );
-    identities_len = MBEDTLS_GET_UINT16_BE( identities, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(identities, pre_shared_key_ext_end, 7 + 2);
+    identities_len = MBEDTLS_GET_UINT16_BE(identities, 0);
     p_identity_len = identities + 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, pre_shared_key_ext_end,
-                                  identities_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, pre_shared_key_ext_end,
+                                 identities_len);
     identities_end = p_identity_len + identities_len;
 
     /* binders_len     2  bytes
      * binders      >= 33 bytes
      */
     binders = identities_end;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, pre_shared_key_ext_end, 33 + 2 );
-    binders_len = MBEDTLS_GET_UINT16_BE( binders, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(binders, pre_shared_key_ext_end, 33 + 2);
+    binders_len = MBEDTLS_GET_UINT16_BE(binders, 0);
     p_binder_len = binders + 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, pre_shared_key_ext_end, binders_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
     binders_end = p_binder_len + binders_len;
 
-    ssl->handshake->update_checksum( ssl, pre_shared_key_ext,
-                                     identities_end - pre_shared_key_ext );
+    ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
+                                    identities_end - pre_shared_key_ext);
 
-    while( p_identity_len < identities_end && p_binder_len < binders_end )
-    {
+    while (p_identity_len < identities_end && p_binder_len < binders_end) {
         const unsigned char *identity;
         size_t identity_len;
         uint32_t obfuscated_ticket_age;
@@ -524,83 +516,83 @@
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
         mbedtls_ssl_session session;
-        mbedtls_ssl_session_init( &session );
+        mbedtls_ssl_session_init(&session);
 #endif
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 );
-        identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4);
+        identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0);
         identity = p_identity_len + 2;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( identity, identities_end, identity_len + 4 );
-        obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE( identity , identity_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(identity, identities_end, identity_len + 4);
+        obfuscated_ticket_age = MBEDTLS_GET_UINT32_BE(identity, identity_len);
         p_identity_len += identity_len + 6;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, binders_end, 1 + 32 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, binders_end, 1 + 32);
         binder_len = *p_binder_len;
         binder = p_binder_len + 1;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( binder, binders_end, binder_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(binder, binders_end, binder_len);
         p_binder_len += binder_len + 1;
 
         identity_id++;
-        if( matched_identity != -1 )
+        if (matched_identity != -1) {
             continue;
+        }
 
         ret = ssl_tls13_offered_psks_check_identity_match(
-                  ssl, identity, identity_len, obfuscated_ticket_age,
-                  &psk_type, &session );
-        if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
+            ssl, identity, identity_len, obfuscated_ticket_age,
+            &psk_type, &session);
+        if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
             continue;
+        }
 
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "found matched identity" ) );
-        switch( psk_type )
-        {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity"));
+        switch (psk_type) {
             case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
                 ret = ssl_tls13_select_ciphersuite_for_psk(
-                            ssl, ciphersuites, ciphersuites_end,
-                            &cipher_suite, &ciphersuite_info );
+                    ssl, ciphersuites, ciphersuites_end,
+                    &cipher_suite, &ciphersuite_info);
                 break;
             case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
                 ret = ssl_tls13_select_ciphersuite_for_resumption(
-                            ssl, ciphersuites, ciphersuites_end, &session,
-                            &cipher_suite, &ciphersuite_info );
-                if( ret != 0 )
-                    mbedtls_ssl_session_free( &session );
+                    ssl, ciphersuites, ciphersuites_end, &session,
+                    &cipher_suite, &ciphersuite_info);
+                if (ret != 0) {
+                    mbedtls_ssl_session_free(&session);
+                }
 #else
                 ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 #endif
                 break;
             default:
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         }
-        if( ret != 0 )
-        {
+        if (ret != 0) {
             /* See below, no cipher_suite available, abort handshake */
             MBEDTLS_SSL_PEND_FATAL_ALERT(
                 MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
             MBEDTLS_SSL_DEBUG_RET(
-                2, "ssl_tls13_select_ciphersuite", ret );
-            return( ret );
+                2, "ssl_tls13_select_ciphersuite", ret);
+            return ret;
         }
 
         ret = ssl_tls13_offered_psks_check_binder_match(
-                  ssl, binder, binder_len, psk_type,
-                  mbedtls_psa_translate_md( ciphersuite_info->mac ) );
-        if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
-        {
+            ssl, binder, binder_len, psk_type,
+            mbedtls_psa_translate_md(ciphersuite_info->mac));
+        if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
             /* For security reasons, the handshake should be aborted when we
              * fail to validate a binder value. See RFC 8446 section 4.2.11.2
              * and appendix E.6. */
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-            mbedtls_ssl_session_free( &session );
+            mbedtls_ssl_session_free(&session);
 #endif
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Invalid binder." ) );
-            MBEDTLS_SSL_DEBUG_RET( 1,
-                "ssl_tls13_offered_psks_check_binder_match" , ret );
+            MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder."));
+            MBEDTLS_SSL_DEBUG_RET(1,
+                                  "ssl_tls13_offered_psks_check_binder_match", ret);
             MBEDTLS_SSL_PEND_FATAL_ALERT(
                 MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            return( ret );
+                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+            return ret;
         }
 
         matched_identity = identity_id;
@@ -608,42 +600,40 @@
         /* Update handshake parameters */
         ssl->handshake->ciphersuite_info = ciphersuite_info;
         ssl->session_negotiate->ciphersuite = cipher_suite;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "overwrite ciphersuite: %04x - %s",
-                                    cipher_suite, ciphersuite_info->name ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("overwrite ciphersuite: %04x - %s",
+                                  cipher_suite, ciphersuite_info->name));
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
-        {
-            ret = ssl_tls13_session_copy_ticket( ssl->session_negotiate,
-                                                 &session );
-            mbedtls_ssl_session_free( &session );
-            if( ret != 0 )
-                return( ret );
+        if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
+            ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate,
+                                                &session);
+            mbedtls_ssl_session_free(&session);
+            if (ret != 0) {
+                return ret;
+            }
         }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
     }
 
-    if( p_identity_len != identities_end || p_binder_len != binders_end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key extension decode error" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (p_identity_len != identities_end || p_binder_len != binders_end) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("pre_shared_key extension decode error"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                     MBEDTLS_ERR_SSL_DECODE_ERROR);
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     /* Update the handshake transcript with the binder list. */
-    ssl->handshake->update_checksum( ssl,
-                                     identities_end,
-                                     (size_t)( binders_end - identities_end ) );
-    if( matched_identity == -1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "No matched PSK or ticket." ) );
-        return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
+    ssl->handshake->update_checksum(ssl,
+                                    identities_end,
+                                    (size_t) (binders_end - identities_end));
+    if (matched_identity == -1) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
+        return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
     }
 
-    ssl->handshake->selected_identity = (uint16_t)matched_identity;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Pre shared key found" ) );
+    ssl->handshake->selected_identity = (uint16_t) matched_identity;
+    MBEDTLS_SSL_DEBUG_MSG(3, ("Pre shared key found"));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -655,44 +645,43 @@
  *   }
  * } PreSharedKeyExtension;
  */
-static int ssl_tls13_write_server_pre_shared_key_ext( mbedtls_ssl_context *ssl,
-                                                      unsigned char *buf,
-                                                      unsigned char *end,
-                                                      size_t *olen )
+static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
+                                                     unsigned char *buf,
+                                                     unsigned char *end,
+                                                     size_t *olen)
 {
-    unsigned char *p = (unsigned char*)buf;
+    unsigned char *p = (unsigned char *) buf;
 
     *olen = 0;
 
     int not_using_psk = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    not_using_psk = ( mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) );
+    not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
 #else
-    not_using_psk = ( ssl->handshake->psk == NULL );
+    not_using_psk = (ssl->handshake->psk == NULL);
 #endif
-    if( not_using_psk )
-    {
+    if (not_using_psk) {
         /* We shouldn't have called this extension writer unless we've
          * chosen to use a PSK. */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding pre_shared_key extension" ) );
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding pre_shared_key extension"));
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( 2, p, 2 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_PRE_SHARED_KEY, p, 0);
+    MBEDTLS_PUT_UINT16_BE(2, p, 2);
 
-    MBEDTLS_PUT_UINT16_BE( ssl->handshake->selected_identity, p, 4 );
+    MBEDTLS_PUT_UINT16_BE(ssl->handshake->selected_identity, p, 4);
 
     *olen = 6;
 
-    MBEDTLS_SSL_DEBUG_MSG( 4, ( "sent selected_identity: %u",
-                                ssl->handshake->selected_identity ) );
+    MBEDTLS_SSL_DEBUG_MSG(4, ("sent selected_identity: %u",
+                              ssl->handshake->selected_identity));
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY);
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
@@ -703,9 +692,9 @@
  *   } SupportedVersions;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
-                                                   const unsigned char *buf,
-                                                   const unsigned char *end )
+static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
+                                                  const unsigned char *buf,
+                                                  const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t versions_len;
@@ -713,39 +702,36 @@
     uint16_t tls_version;
     int tls13_supported = 0;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1);
     versions_len = p[0];
     p += 1;
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, versions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, versions_len);
     versions_end = p + versions_len;
-    while( p < versions_end )
-    {
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, versions_end, 2 );
-        tls_version = mbedtls_ssl_read_version( p, ssl->conf->transport );
+    while (p < versions_end) {
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, versions_end, 2);
+        tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
         p += 2;
 
         /* In this implementation we only support TLS 1.3 and DTLS 1.3. */
-        if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
-        {
+        if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
             tls13_supported = 1;
             break;
         }
     }
 
-    if( !tls13_supported )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 is not supported by the client" ) );
+    if (!tls13_supported) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("TLS 1.3 is not supported by the client"));
 
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
-                                      MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
-        return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                                     MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Negotiated version. Supported is [%04x]",
-                              (unsigned int)tls_version ) );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Negotiated version. Supported is [%04x]",
+                              (unsigned int) tls_version));
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_ECDH_C)
@@ -760,50 +746,48 @@
  *   } NamedGroupList;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
-                                                 const unsigned char *buf,
-                                                 const unsigned char *end )
+static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
+                                                const unsigned char *buf,
+                                                const unsigned char *end)
 {
     const unsigned char *p = buf;
     size_t named_group_list_len;
     const unsigned char *named_group_list_end;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "supported_groups extension", p, end - buf );
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    named_group_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_DEBUG_BUF(3, "supported_groups extension", p, end - buf);
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    named_group_list_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, named_group_list_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, named_group_list_len);
     named_group_list_end = p + named_group_list_len;
     ssl->handshake->hrr_selected_group = 0;
 
-    while( p < named_group_list_end )
-    {
+    while (p < named_group_list_end) {
         uint16_t named_group;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, named_group_list_end, 2 );
-        named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, named_group_list_end, 2);
+        named_group = MBEDTLS_GET_UINT16_BE(p, 0);
         p += 2;
 
-        MBEDTLS_SSL_DEBUG_MSG( 2,
-                               ( "got named group: %s(%04x)",
-                                 mbedtls_ssl_named_group_to_str( named_group ),
-                                 named_group ) );
+        MBEDTLS_SSL_DEBUG_MSG(2,
+                              ("got named group: %s(%04x)",
+                               mbedtls_ssl_named_group_to_str(named_group),
+                               named_group));
 
-        if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
-            ! mbedtls_ssl_named_group_is_supported( named_group ) ||
-            ssl->handshake->hrr_selected_group != 0 )
-        {
+        if (!mbedtls_ssl_named_group_is_offered(ssl, named_group) ||
+            !mbedtls_ssl_named_group_is_supported(named_group) ||
+            ssl->handshake->hrr_selected_group != 0) {
             continue;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2,
-                               ( "add named group %s(%04x) into received list.",
-                                 mbedtls_ssl_named_group_to_str( named_group ),
-                                 named_group ) );
+        MBEDTLS_SSL_DEBUG_MSG(2,
+                              ("add named group %s(%04x) into received list.",
+                               mbedtls_ssl_named_group_to_str(named_group),
+                               named_group));
 
         ssl->handshake->hrr_selected_group = named_group;
     }
 
-    return( 0 );
+    return 0;
 
 }
 #endif /* MBEDTLS_ECDH_C */
@@ -823,9 +807,9 @@
  *  - A negative value for fatal errors.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
-                                           const unsigned char *buf,
-                                           const unsigned char *end )
+static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
+                                          const unsigned char *buf,
+                                          const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char const *p = buf;
@@ -840,10 +824,10 @@
      *
      */
 
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    client_shares_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
+    client_shares_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, client_shares_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, client_shares_len);
 
     ssl->handshake->offered_group_id = 0;
     client_shares_end = p + client_shares_len;
@@ -854,8 +838,7 @@
      * dismiss it and send a HelloRetryRequest message.
      */
 
-    while( p < client_shares_end )
-    {
+    while (p < client_shares_end) {
         uint16_t group;
         size_t key_exchange_len;
         const unsigned char *key_exchange;
@@ -866,42 +849,39 @@
          *    opaque key_exchange<1..2^16-1>;
          * } KeyShareEntry;
          */
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, 4 );
-        group = MBEDTLS_GET_UINT16_BE( p, 0 );
-        key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, 4);
+        group = MBEDTLS_GET_UINT16_BE(p, 0);
+        key_exchange_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
         key_exchange = p;
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, key_exchange_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, client_shares_end, key_exchange_len);
         p += key_exchange_len;
 
         /* Continue parsing even if we have already found a match,
          * for input validation purposes.
          */
-        if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
-            ! mbedtls_ssl_named_group_is_supported( group ) ||
-            ssl->handshake->offered_group_id != 0 )
-        {
+        if (!mbedtls_ssl_named_group_is_offered(ssl, group) ||
+            !mbedtls_ssl_named_group_is_supported(group) ||
+            ssl->handshake->offered_group_id != 0) {
             continue;
         }
 
         /*
          * For now, we only support ECDHE groups.
          */
-        if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH group: %s (%04x)",
-                                        mbedtls_ssl_named_group_to_str( group ),
-                                        group ) );
+        if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) {
+            MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH group: %s (%04x)",
+                                      mbedtls_ssl_named_group_to_str(group),
+                                      group));
             ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
-                      ssl, key_exchange - 2, key_exchange_len + 2 );
-            if( ret != 0 )
-                return( ret );
+                ssl, key_exchange - 2, key_exchange_len + 2);
+            if (ret != 0) {
+                return ret;
+            }
 
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "Unrecognized NamedGroup %u",
-                                        (unsigned) group ) );
+        } else {
+            MBEDTLS_SSL_DEBUG_MSG(4, ("Unrecognized NamedGroup %u",
+                                      (unsigned) group));
             continue;
         }
 
@@ -909,101 +889,100 @@
     }
 
 
-    if( ssl->handshake->offered_group_id == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching key share" ) );
-        return( SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH );
+    if (ssl->handshake->offered_group_id == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no matching key share"));
+        return SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH;
     }
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECDH_C */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
-                                            int exts_mask )
+static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl,
+                                           int exts_mask)
 {
     int masked = ssl->handshake->received_extensions & exts_mask;
-    return( masked == exts_mask );
+    return masked == exts_mask;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
-        mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( ssl_tls13_client_hello_has_exts(
-                ssl,
-                MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS ) |
-                MBEDTLS_SSL_EXT_MASK( KEY_SHARE )        |
-                MBEDTLS_SSL_EXT_MASK( SIG_ALG ) ) );
+    return ssl_tls13_client_hello_has_exts(
+        ssl,
+        MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS) |
+        MBEDTLS_SSL_EXT_MASK(KEY_SHARE)        |
+        MBEDTLS_SSL_EXT_MASK(SIG_ALG));
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_client_hello_has_exts_for_psk_key_exchange(
-               mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( ssl_tls13_client_hello_has_exts(
-                ssl,
-                MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY )          |
-                MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
+    return ssl_tls13_client_hello_has_exts(
+        ssl,
+        MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)          |
+        MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES));
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
-               mbedtls_ssl_context *ssl )
+    mbedtls_ssl_context *ssl)
 {
-    return( ssl_tls13_client_hello_has_exts(
-                ssl,
-                MBEDTLS_SSL_EXT_MASK( SUPPORTED_GROUPS )        |
-                MBEDTLS_SSL_EXT_MASK( KEY_SHARE )               |
-                MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY )          |
-                MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) );
+    return ssl_tls13_client_hello_has_exts(
+        ssl,
+        MBEDTLS_SSL_EXT_MASK(SUPPORTED_GROUPS)        |
+        MBEDTLS_SSL_EXT_MASK(KEY_SHARE)               |
+        MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)          |
+        MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES));
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-    return( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) &&
-            ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange( ssl ) );
+    return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) &&
+           ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl);
 #else
     ((void) ssl);
-    return( 0 );
+    return 0;
 #endif
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
-    return( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) &&
-            mbedtls_ssl_tls13_psk_enabled( ssl ) &&
-            ssl_tls13_client_hello_has_exts_for_psk_key_exchange( ssl ) );
+    return mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
+           mbedtls_ssl_tls13_psk_enabled(ssl) &&
+           ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
 #else
     ((void) ssl);
-    return( 0 );
+    return 0;
 #endif
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_psk_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
+static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
-    return( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) &&
-            mbedtls_ssl_tls13_psk_ephemeral_enabled( ssl ) &&
-            ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( ssl ) );
+    return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
+           mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
+           ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
 #else
     ((void) ssl);
-    return( 0 );
+    return 0;
 #endif
 }
 
-static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
+static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
 {
     /*
      * Determine the key exchange algorithm to use.
@@ -1022,37 +1001,30 @@
 
     ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
 
-    if( ssl_tls13_check_psk_ephemeral_key_exchange( ssl ) )
-    {
+    if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
         ssl->handshake->key_exchange_mode =
             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk_ephemeral" ) );
-    }
-    else
-    if( ssl_tls13_check_ephemeral_key_exchange( ssl ) )
-    {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
+    } else
+    if (ssl_tls13_check_ephemeral_key_exchange(ssl)) {
         ssl->handshake->key_exchange_mode =
             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
-    }
-    else
-    if( ssl_tls13_check_psk_key_exchange( ssl ) )
-    {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
+    } else
+    if (ssl_tls13_check_psk_key_exchange(ssl)) {
         ssl->handshake->key_exchange_mode =
             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
-    }
-    else
-    {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
+    } else {
         MBEDTLS_SSL_DEBUG_MSG(
-                1,
-                ( "ClientHello message misses mandatory extensions." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION ,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            1,
+            ("ClientHello message misses mandatory extensions."));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
 
-    return( 0 );
+    return 0;
 
 }
 
@@ -1060,30 +1032,29 @@
     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
+static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
 {
-    switch( sig_alg )
-    {
+    switch (sig_alg) {
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
-            return( PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) );
+            return PSA_ALG_ECDSA(PSA_ALG_SHA_256);
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
-            return( PSA_ALG_ECDSA( PSA_ALG_SHA_384 ) );
+            return PSA_ALG_ECDSA(PSA_ALG_SHA_384);
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
-            return( PSA_ALG_ECDSA( PSA_ALG_SHA_512 ) );
+            return PSA_ALG_ECDSA(PSA_ALG_SHA_512);
         case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-            return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ) );
+            return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
         case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-            return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ) );
+            return PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
         case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
-            return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ) );
+            return PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
         case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
-            return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ) );
+            return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256);
         case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
-            return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_384 ) );
+            return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384);
         case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
-            return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_512 ) );
+            return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512);
         default:
-            return( PSA_ALG_NONE );
+            return PSA_ALG_NONE;
     }
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1093,93 +1064,90 @@
  * algorithms supported by the client.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
+static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_key_cert *key_cert, *key_cert_list;
     const uint16_t *sig_alg = ssl->handshake->received_sig_algs;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_key_cert != NULL )
+    if (ssl->handshake->sni_key_cert != NULL) {
         key_cert_list = ssl->handshake->sni_key_cert;
-    else
+    } else
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-        key_cert_list = ssl->conf->key_cert;
+    key_cert_list = ssl->conf->key_cert;
 
-    if( key_cert_list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
-        return( -1 );
+    if (key_cert_list == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate"));
+        return -1;
     }
 
-    for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
-    {
-        if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
+    for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) {
+        if (!mbedtls_ssl_sig_alg_is_offered(ssl, *sig_alg)) {
             continue;
+        }
 
-        if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
+        if (!mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(*sig_alg)) {
             continue;
+        }
 
-        for( key_cert = key_cert_list; key_cert != NULL;
-             key_cert = key_cert->next )
-        {
+        for (key_cert = key_cert_list; key_cert != NULL;
+             key_cert = key_cert->next) {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
             psa_algorithm_t psa_alg = PSA_ALG_NONE;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
-                                   key_cert->cert );
+            MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
+                                  key_cert->cert);
 
             /*
-            * This avoids sending the client a cert it'll reject based on
-            * keyUsage or other extensions.
-            */
-            if( mbedtls_x509_crt_check_key_usage(
-                    key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE ) != 0 ||
+             * This avoids sending the client a cert it'll reject based on
+             * keyUsage or other extensions.
+             */
+            if (mbedtls_x509_crt_check_key_usage(
+                    key_cert->cert, MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0 ||
                 mbedtls_x509_crt_check_extended_key_usage(
                     key_cert->cert, MBEDTLS_OID_SERVER_AUTH,
-                    MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
-                                       "(extended) key usage extension" ) );
+                    MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH)) != 0) {
+                MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
+                                          "(extended) key usage extension"));
                 continue;
             }
 
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                                   ( "ssl_tls13_pick_key_cert:"
-                                     "check signature algorithm %s [%04x]",
-                                     mbedtls_ssl_sig_alg_to_str( *sig_alg ),
-                                     *sig_alg ) );
+            MBEDTLS_SSL_DEBUG_MSG(3,
+                                  ("ssl_tls13_pick_key_cert:"
+                                   "check signature algorithm %s [%04x]",
+                                   mbedtls_ssl_sig_alg_to_str(*sig_alg),
+                                   *sig_alg));
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg( *sig_alg );
+            psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-            if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
-                                            *sig_alg, &key_cert->cert->pk )
+            if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
+                    *sig_alg, &key_cert->cert->pk)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
                 && psa_alg != PSA_ALG_NONE &&
-                mbedtls_pk_can_do_ext( &key_cert->cert->pk, psa_alg,
-                                       PSA_KEY_USAGE_SIGN_HASH ) == 1
+                mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
+                                      PSA_KEY_USAGE_SIGN_HASH) == 1
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
-                )
-            {
+                ) {
                 ssl->handshake->key_cert = key_cert;
-                MBEDTLS_SSL_DEBUG_MSG( 3,
-                                       ( "ssl_tls13_pick_key_cert:"
-                                         "selected signature algorithm"
-                                         " %s [%04x]",
-                                         mbedtls_ssl_sig_alg_to_str( *sig_alg ),
-                                         *sig_alg ) );
+                MBEDTLS_SSL_DEBUG_MSG(3,
+                                      ("ssl_tls13_pick_key_cert:"
+                                       "selected signature algorithm"
+                                       " %s [%04x]",
+                                       mbedtls_ssl_sig_alg_to_str(*sig_alg),
+                                       *sig_alg));
                 MBEDTLS_SSL_DEBUG_CRT(
-                        3, "selected certificate (chain)",
-                        ssl->handshake->key_cert->cert );
-                return( 0 );
+                    3, "selected certificate (chain)",
+                    ssl->handshake->key_cert->cert);
+                return 0;
             }
         }
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ssl_tls13_pick_key_cert:"
-                                "no suitable certificate found" ) );
-    return( -1 );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("ssl_tls13_pick_key_cert:"
+                              "no suitable certificate found"));
+    return -1;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C &&
           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -1229,9 +1197,9 @@
 #define SSL_CLIENT_HELLO_HRR_REQUIRED 1
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         const unsigned char *end )
+static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf,
+                                        const unsigned char *end)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -1268,7 +1236,7 @@
      * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
      * read at least up to session id length without worrying.
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 38 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 38);
 
     /* ...
      * ProtocolVersion legacy_version = 0x0303; // TLS 1.2
@@ -1276,13 +1244,12 @@
      * with ProtocolVersion defined as:
      * uint16 ProtocolVersion;
      */
-    if( mbedtls_ssl_read_version( p, ssl->conf->transport ) !=
-          MBEDTLS_SSL_VERSION_TLS1_2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported version of TLS." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
-                                      MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
-        return ( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
+    if (mbedtls_ssl_read_version(p, ssl->conf->transport) !=
+        MBEDTLS_SSL_VERSION_TLS1_2) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Unsupported version of TLS."));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                                     MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
+        return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
     p += 2;
 
@@ -1303,10 +1270,10 @@
      * with Random defined as:
      * opaque Random[32];
      */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
-                           p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes",
+                          p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
 
-    memcpy( &handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+    memcpy(&handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN);
     p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
 
     /* ...
@@ -1316,25 +1283,24 @@
     legacy_session_id_len = p[0];
     p++;
 
-    if( legacy_session_id_len > sizeof( ssl->session_negotiate->id ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+    if (legacy_session_id_len > sizeof(ssl->session_negotiate->id)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
+        return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
     ssl->session_negotiate->id_len = legacy_session_id_len;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
-                           p, legacy_session_id_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id",
+                          p, legacy_session_id_len);
     /*
      * Check we have enough data for the legacy session identifier
      * and the ciphersuite list length.
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, legacy_session_id_len + 2 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, legacy_session_id_len + 2);
 
-    memcpy( &ssl->session_negotiate->id[0], p, legacy_session_id_len );
+    memcpy(&ssl->session_negotiate->id[0], p, legacy_session_id_len);
     p += legacy_session_id_len;
 
-    cipher_suites_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    cipher_suites_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
 
     /* Check we have enough data for the ciphersuite list, the legacy
@@ -1344,61 +1310,59 @@
      * legacy_compression_methods                   2 bytes
      * extensions_len                               2 bytes
      */
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 2 + 2);
 
-   /* ...
-    * CipherSuite cipher_suites<2..2^16-2>;
-    * ...
-    * with CipherSuite defined as:
-    * uint8 CipherSuite[2];
-    */
+    /* ...
+     * CipherSuite cipher_suites<2..2^16-2>;
+     * ...
+     * with CipherSuite defined as:
+     * uint8 CipherSuite[2];
+     */
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
     cipher_suites = p;
 #endif
     cipher_suites_end = p + cipher_suites_len;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
-                          p, cipher_suites_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist",
+                          p, cipher_suites_len);
 
     /*
      * Search for a matching ciphersuite
      */
-    for ( ; p < cipher_suites_end; p += 2 )
-    {
+    for (; p < cipher_suites_end; p += 2) {
         uint16_t cipher_suite;
-        const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
+        const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, cipher_suites_end, 2);
 
-        cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+        cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
         ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
-                               ssl,cipher_suite );
-        if( ciphersuite_info == NULL )
+            ssl, cipher_suite);
+        if (ciphersuite_info == NULL) {
             continue;
+        }
 
         ssl->session_negotiate->ciphersuite = cipher_suite;
         handshake->ciphersuite_info = ciphersuite_info;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s",
-                                    cipher_suite,
-                                    ciphersuite_info->name ) );
+        MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
+                                  cipher_suite,
+                                  ciphersuite_info->name));
     }
 
-    if( handshake->ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (handshake->ciphersuite_info == NULL) {
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /* ...
      * opaque legacy_compression_methods<1..2^8-1>;
      * ...
      */
-    if( p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-        return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+    if (p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad legacy compression method"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
     p += 2;
 
@@ -1411,17 +1375,16 @@
      *    opaque extension_data<0..2^16-1>;
      * } Extension;
      */
-    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
     p += 2;
-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+    MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, extensions_len);
     extensions_end = p + extensions_len;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", p, extensions_len);
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    while( p < extensions_end )
-    {
+    while (p < extensions_end) {
         unsigned int extension_type;
         size_t extension_data_len;
         const unsigned char *extension_data_end;
@@ -1433,49 +1396,47 @@
          * Servers MUST check that it is the last extension and otherwise fail
          * the handshake with an "illegal_parameter" alert.
          */
-        if( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) )
-        {
+        if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
             MBEDTLS_SSL_DEBUG_MSG(
-                3, ( "pre_shared_key is not last extension." ) );
+                3, ("pre_shared_key is not last extension."));
             MBEDTLS_SSL_PEND_FATAL_ALERT(
                 MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
         }
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
-        extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
-        extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, 4);
+        extension_type = MBEDTLS_GET_UINT16_BE(p, 0);
+        extension_data_len = MBEDTLS_GET_UINT16_BE(p, 2);
         p += 4;
 
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR(p, extensions_end, extension_data_len);
         extension_data_end = p + extension_data_len;
 
         ret = mbedtls_ssl_tls13_check_received_extension(
-                  ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
-                  MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH );
-        if( ret != 0 )
-            return( ret );
+            ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
+            MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH);
+        if (ret != 0) {
+            return ret;
+        }
 
-        switch( extension_type )
-        {
+        switch (extension_type) {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
             case MBEDTLS_TLS_EXT_SERVERNAME:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                ret = mbedtls_ssl_parse_server_name_ext( ssl, p,
-                                                         extension_data_end );
-                if( ret != 0 )
-                {
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension"));
+                ret = mbedtls_ssl_parse_server_name_ext(ssl, p,
+                                                        extension_data_end);
+                if (ret != 0) {
                     MBEDTLS_SSL_DEBUG_RET(
-                            1, "mbedtls_ssl_parse_servername_ext", ret );
-                    return( ret );
+                        1, "mbedtls_ssl_parse_servername_ext", ret);
+                    return ret;
                 }
                 break;
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_ECDH_C)
             case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported group extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension"));
 
                 /* Supported Groups Extension
                  *
@@ -1484,12 +1445,11 @@
                  * ordered from most preferred to least preferred.
                  */
                 ret = ssl_tls13_parse_supported_groups_ext(
-                          ssl, p, extension_data_end );
-                if( ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1,
-                                "mbedtls_ssl_parse_supported_groups_ext", ret );
-                    return( ret );
+                    ssl, p, extension_data_end);
+                if (ret != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1,
+                                          "mbedtls_ssl_parse_supported_groups_ext", ret);
+                    return ret;
                 }
 
                 break;
@@ -1497,7 +1457,7 @@
 
 #if defined(MBEDTLS_ECDH_C)
             case MBEDTLS_TLS_EXT_KEY_SHARE:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key share extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension"));
 
                 /*
                  * Key Share Extension
@@ -1507,61 +1467,56 @@
                  * ECDHE/DHE key establishment methods.
                  */
                 ret = ssl_tls13_parse_key_shares_ext(
-                          ssl, p, extension_data_end );
-                if( ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "HRR needed " ) );
+                    ssl, p, extension_data_end);
+                if (ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH) {
+                    MBEDTLS_SSL_DEBUG_MSG(2, ("HRR needed "));
                     hrr_required = 1;
                 }
 
-                if( ret < 0 )
-                {
+                if (ret < 0) {
                     MBEDTLS_SSL_DEBUG_RET(
-                        1, "ssl_tls13_parse_key_shares_ext", ret );
-                    return( ret );
+                        1, "ssl_tls13_parse_key_shares_ext", ret);
+                    return ret;
                 }
 
                 break;
 #endif /* MBEDTLS_ECDH_C */
 
             case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported versions extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported versions extension"));
 
                 ret = ssl_tls13_parse_supported_versions_ext(
-                          ssl, p, extension_data_end );
-                if( ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1,
-                                ( "ssl_tls13_parse_supported_versions_ext" ), ret );
-                    return( ret );
+                    ssl, p, extension_data_end);
+                if (ret != 0) {
+                    MBEDTLS_SSL_DEBUG_RET(1,
+                                          ("ssl_tls13_parse_supported_versions_ext"), ret);
+                    return ret;
                 }
                 break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
             case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found psk key exchange modes extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found psk key exchange modes extension"));
 
                 ret = ssl_tls13_parse_key_exchange_modes_ext(
-                          ssl, p, extension_data_end );
-                if( ret != 0 )
-                {
+                    ssl, p, extension_data_end);
+                if (ret != 0) {
                     MBEDTLS_SSL_DEBUG_RET(
-                        1, "ssl_tls13_parse_key_exchange_modes_ext", ret );
-                    return( ret );
+                        1, "ssl_tls13_parse_key_exchange_modes_ext", ret);
+                    return ret;
                 }
 
                 break;
 #endif
 
             case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
-                if( ( handshake->received_extensions &
-                      MBEDTLS_SSL_EXT_MASK( PSK_KEY_EXCHANGE_MODES ) ) == 0 )
-                {
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found pre_shared_key extension"));
+                if ((handshake->received_extensions &
+                     MBEDTLS_SSL_EXT_MASK(PSK_KEY_EXCHANGE_MODES)) == 0) {
                     MBEDTLS_SSL_PEND_FATAL_ALERT(
                         MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                        MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
-                    return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+                        MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+                    return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
                 }
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
                 /* Delay processing of the PSK identity once we have
@@ -1575,30 +1530,29 @@
 
 #if defined(MBEDTLS_SSL_ALPN)
             case MBEDTLS_TLS_EXT_ALPN:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension"));
 
-                ret = mbedtls_ssl_parse_alpn_ext( ssl, p, extension_data_end );
-                if( ret != 0 )
-                {
+                ret = mbedtls_ssl_parse_alpn_ext(ssl, p, extension_data_end);
+                if (ret != 0) {
                     MBEDTLS_SSL_DEBUG_RET(
-                            1, ( "mbedtls_ssl_parse_alpn_ext" ), ret );
-                    return( ret );
+                        1, ("mbedtls_ssl_parse_alpn_ext"), ret);
+                    return ret;
                 }
                 break;
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
             case MBEDTLS_TLS_EXT_SIG_ALG:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+                MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension"));
 
                 ret = mbedtls_ssl_parse_sig_alg_ext(
-                          ssl, p, extension_data_end );
-                if( ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "ssl_parse_supported_signature_algorithms_server_ext ( %d )",
-                      ret ) );
-                    return( ret );
+                    ssl, p, extension_data_end);
+                if (ret != 0) {
+                    MBEDTLS_SSL_DEBUG_MSG(1,
+                                          (
+                                              "ssl_parse_supported_signature_algorithms_server_ext ( %d )",
+                                              ret));
+                    return ret;
                 }
                 break;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -1606,19 +1560,19 @@
             default:
                 MBEDTLS_SSL_PRINT_EXT(
                     3, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                    extension_type, "( ignored )" );
+                    extension_type, "( ignored )");
                 break;
         }
 
         p += extension_data_len;
     }
 
-    MBEDTLS_SSL_PRINT_EXTS( 3, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                            handshake->received_extensions );
+    MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                           handshake->received_extensions);
 
-    mbedtls_ssl_add_hs_hdr_to_checksum( ssl,
-                                        MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                        p - buf );
+    mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
+                                       MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                       p - buf);
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
     /* Update checksum with either
@@ -1626,72 +1580,66 @@
      * - The content up to but excluding the PSK extension, if present.
      */
     /* If we've settled on a PSK-based exchange, parse PSK identity ext */
-    if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) &&
-        mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
-        ( handshake->received_extensions & MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY ) ) )
-    {
-        handshake->update_checksum( ssl, buf,
-                                         pre_shared_key_ext - buf );
-        ret = ssl_tls13_parse_pre_shared_key_ext( ssl,
-                                                  pre_shared_key_ext,
-                                                  pre_shared_key_ext_end,
-                                                  cipher_suites,
-                                                  cipher_suites_end );
-        if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
-        {
-            handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK( PRE_SHARED_KEY );
-        }
-        else if( ret != 0 )
-        {
+    if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
+        mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
+        (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
+        handshake->update_checksum(ssl, buf,
+                                   pre_shared_key_ext - buf);
+        ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
+                                                 pre_shared_key_ext,
+                                                 pre_shared_key_ext_end,
+                                                 cipher_suites,
+                                                 cipher_suites_end);
+        if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
+            handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY);
+        } else if (ret != 0) {
             MBEDTLS_SSL_DEBUG_RET(
-                1, "ssl_tls13_parse_pre_shared_key_ext" , ret );
-            return( ret );
+                1, "ssl_tls13_parse_pre_shared_key_ext", ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
     {
-        handshake->update_checksum( ssl, buf, p - buf );
+        handshake->update_checksum(ssl, buf, p - buf);
     }
 
-    ret = ssl_tls13_determine_key_exchange_mode( ssl );
-    if( ret < 0 )
-        return( ret );
+    ret = ssl_tls13_determine_key_exchange_mode(ssl);
+    if (ret < 0) {
+        return ret;
+    }
 
-    mbedtls_ssl_optimize_checksum( ssl, handshake->ciphersuite_info );
+    mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info);
 
-    return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
+    return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK;
 }
 
 /* Update the handshake state machine */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
+static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /*
      * Server certificate selection
      */
-    if( ssl->conf->f_cert_cb && ( ret = ssl->conf->f_cert_cb( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_cert_cb", ret );
-        return( ret );
+    if (ssl->conf->f_cert_cb && (ret = ssl->conf->f_cert_cb(ssl)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "f_cert_cb", ret);
+        return ret;
     }
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     ssl->handshake->sni_name = NULL;
     ssl->handshake->sni_name_len = 0;
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
-    ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-             "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret );
-        return( ret );
+    ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls1_3_key_schedule_stage_early", ret);
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 
 }
 
@@ -1700,71 +1648,70 @@
  */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
 {
 
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char* buf = NULL;
+    unsigned char *buf = NULL;
     size_t buflen = 0;
     int parse_client_hello_ret;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
-                          ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                          &buf, &buflen ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_tls13_fetch_handshake_msg(
+                             ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                             &buf, &buflen));
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
-                                                            buf + buflen ) );
+    MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_parse_client_hello(ssl, buf,
+                                                          buf + buflen));
     parse_client_hello_ret = ret; /* Store return value of parse_client_hello,
                                    * only SSL_CLIENT_HELLO_OK or
                                    * SSL_CLIENT_HELLO_HRR_REQUIRED at this
                                    * stage as negative error codes are handled
                                    * by MBEDTLS_SSL_PROC_CHK_NEG. */
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl));
 
-    if( parse_client_hello_ret == SSL_CLIENT_HELLO_OK )
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
-    else
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST );
+    if (parse_client_hello_ret == SSL_CLIENT_HELLO_OK) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
+    } else {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST);
+    }
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello"));
+    return ret;
 }
 
 /*
  * Handler for MBEDTLS_SSL_SERVER_HELLO
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *server_randbytes =
-                    ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
+        ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
+    if (ssl->conf->f_rng == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
+        return MBEDTLS_ERR_SSL_NO_RNG;
     }
 
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, server_randbytes,
-                                  MBEDTLS_SERVER_HELLO_RANDOM_LEN ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
-        return( ret );
+    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
+                                MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", server_randbytes,
-                           MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", server_randbytes,
+                          MBEDTLS_SERVER_HELLO_RANDOM_LEN);
 
 #if defined(MBEDTLS_HAVE_TIME)
-    ssl->session_negotiate->start = time( NULL );
+    ssl->session_negotiate->start = time(NULL);
 #endif /* MBEDTLS_HAVE_TIME */
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -1776,39 +1723,39 @@
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_write_server_hello_supported_versions_ext(
-                                                mbedtls_ssl_context *ssl,
-                                                unsigned char *buf,
-                                                unsigned char *end,
-                                                size_t *out_len )
+    mbedtls_ssl_context *ssl,
+    unsigned char *buf,
+    unsigned char *end,
+    size_t *out_len)
 {
     *out_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, write selected version" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, write selected version"));
 
     /* Check if we have space to write the extension:
      * - extension_type         (2 bytes)
      * - extension_data_length  (2 bytes)
      * - selected_version       (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS, buf, 0);
 
-    MBEDTLS_PUT_UINT16_BE( 2, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(2, buf, 2);
 
-    mbedtls_ssl_write_version( buf + 4,
-                               ssl->conf->transport,
-                               ssl->tls_version );
+    mbedtls_ssl_write_version(buf + 4,
+                              ssl->conf->transport,
+                              ssl->tls_version);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "supported version: [%04x]",
-                                ssl->tls_version ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("supported version: [%04x]",
+                              ssl->tls_version));
 
     *out_len = 6;
 
     mbedtls_ssl_tls13_set_hs_sent_ext_mask(
-        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS );
+        ssl, MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS);
 
-    return( 0 );
+    return 0;
 }
 
 
@@ -1816,36 +1763,30 @@
 /* Generate and export a single key share. For hybrid KEMs, this can
  * be called multiple times with the different components of the hybrid. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl,
-                                                   uint16_t named_group,
-                                                   unsigned char *buf,
-                                                   unsigned char *end,
-                                                   size_t *out_len )
+static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
+                                                  uint16_t named_group,
+                                                  unsigned char *buf,
+                                                  unsigned char *end,
+                                                  size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     *out_len = 0;
 
 #if defined(MBEDTLS_ECDH_C)
-    if( mbedtls_ssl_tls13_named_group_is_ecdhe( named_group ) )
-    {
+    if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) {
         ret = mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
-                                        ssl, named_group, buf, end, out_len );
-        if( ret != 0 )
-        {
+            ssl, named_group, buf, end, out_len);
+        if (ret != 0) {
             MBEDTLS_SSL_DEBUG_RET(
                 1, "mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange",
-                ret );
-            return( ret );
+                ret);
+            return ret;
         }
-    }
-    else
+    } else
 #endif /* MBEDTLS_ECDH_C */
-    if( 0 /* Other kinds of KEMs */ )
-    {
-    }
-    else
-    {
+    if (0 /* Other kinds of KEMs */) {
+    } else {
         ((void) ssl);
         ((void) named_group);
         ((void) buf);
@@ -1853,7 +1794,7 @@
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -1870,10 +1811,10 @@
  * } KeyShareServerHello;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          unsigned char *end,
-                                          size_t *out_len )
+static int ssl_tls13_write_key_share_ext(mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         unsigned char *end,
+                                         size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -1883,11 +1824,11 @@
 
     *out_len = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding key share extension" ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding key share extension"));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, write selected_group: %s (%04x)",
-                                mbedtls_ssl_named_group_to_str( group ),
-                                group ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("server hello, write selected_group: %s (%04x)",
+                              mbedtls_ssl_named_group_to_str(group),
+                              group));
 
     /* Check if we have space for header and length fields:
      * - extension_type         (2 bytes)
@@ -1895,35 +1836,36 @@
      * - group                  (2 bytes)
      * - key_exchange_length    (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 8 );
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, p, 0 );
-    MBEDTLS_PUT_UINT16_BE( group, server_share, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 8);
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, p, 0);
+    MBEDTLS_PUT_UINT16_BE(group, server_share, 0);
     p += 8;
 
     /* When we introduce PQC-ECDHE hybrids, we'll want to call this
      * function multiple times. */
     ret = ssl_tls13_generate_and_write_key_share(
-              ssl, group, server_share + 4, end, &key_exchange_length );
-    if( ret != 0 )
-        return( ret );
+        ssl, group, server_share + 4, end, &key_exchange_length);
+    if (ret != 0) {
+        return ret;
+    }
     p += key_exchange_length;
 
-    MBEDTLS_PUT_UINT16_BE( key_exchange_length, server_share + 2, 0 );
+    MBEDTLS_PUT_UINT16_BE(key_exchange_length, server_share + 2, 0);
 
-    MBEDTLS_PUT_UINT16_BE( p - server_share, buf, 2 );
+    MBEDTLS_PUT_UINT16_BE(p - server_share, buf, 2);
 
     *out_len = p - buf;
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *out_len )
+static int ssl_tls13_write_hrr_key_share_ext(mbedtls_ssl_context *ssl,
+                                             unsigned char *buf,
+                                             unsigned char *end,
+                                             size_t *out_len)
 {
     uint16_t selected_group = ssl->handshake->hrr_selected_group;
     /* key_share Extension
@@ -1945,21 +1887,20 @@
      * of the HRR is then to transmit a cookie to force the client to demonstrate
      * reachability at their apparent network address (primarily useful for DTLS).
      */
-    if( ! mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
-        return( 0 );
+    if (!mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
+        return 0;
+    }
 
     /* We should only send the key_share extension if the client's initial
      * key share was not acceptable. */
-    if( ssl->handshake->offered_group_id != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Skip key_share extension in HRR" ) );
-        return( 0 );
+    if (ssl->handshake->offered_group_id != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(4, ("Skip key_share extension in HRR"));
+        return 0;
     }
 
-    if( selected_group == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching named group found" ) );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (selected_group == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("no matching named group found"));
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /* Check if we have enough space:
@@ -1967,22 +1908,22 @@
      * - extension_data_length  (2 bytes)
      * - selected_group         (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 6 );
+    MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 6);
 
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
-    MBEDTLS_PUT_UINT16_BE( 2, buf, 2 );
-    MBEDTLS_PUT_UINT16_BE( selected_group, buf, 4 );
+    MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0);
+    MBEDTLS_PUT_UINT16_BE(2, buf, 2);
+    MBEDTLS_PUT_UINT16_BE(selected_group, buf, 4);
 
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "HRR selected_group: %s (%x)",
-            mbedtls_ssl_named_group_to_str( selected_group ),
-            selected_group ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("HRR selected_group: %s (%x)",
+                           mbedtls_ssl_named_group_to_str(selected_group),
+                           selected_group));
 
     *out_len = 6;
 
-    mbedtls_ssl_tls13_set_hs_sent_ext_mask( ssl, MBEDTLS_TLS_EXT_KEY_SHARE );
+    mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_KEY_SHARE);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -1998,11 +1939,11 @@
  *    } ServerHello;
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              unsigned char *end,
-                                              size_t *out_len,
-                                              int is_hrr )
+static int ssl_tls13_write_server_hello_body(mbedtls_ssl_context *ssl,
+                                             unsigned char *buf,
+                                             unsigned char *end,
+                                             size_t *out_len,
+                                             int is_hrr)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2018,8 +1959,8 @@
      * with ProtocolVersion defined as:
      * uint16 ProtocolVersion;
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-    MBEDTLS_PUT_UINT16_BE( 0x0303, p, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+    MBEDTLS_PUT_UINT16_BE(0x0303, p, 0);
     p += 2;
 
     /* ...
@@ -2028,35 +1969,31 @@
      * with Random defined as:
      * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
-    if( is_hrr )
-    {
-        memcpy( p, mbedtls_ssl_tls13_hello_retry_request_magic,
-                MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN);
+    if (is_hrr) {
+        memcpy(p, mbedtls_ssl_tls13_hello_retry_request_magic,
+               MBEDTLS_SERVER_HELLO_RANDOM_LEN);
+    } else {
+        memcpy(p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
+               MBEDTLS_SERVER_HELLO_RANDOM_LEN);
     }
-    else
-    {
-        memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
-                MBEDTLS_SERVER_HELLO_RANDOM_LEN );
-    }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
-                           p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes",
+                          p, MBEDTLS_SERVER_HELLO_RANDOM_LEN);
     p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
 
     /* ...
      * opaque legacy_session_id_echo<0..32>;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + ssl->session_negotiate->id_len );
-    *p++ = (unsigned char)ssl->session_negotiate->id_len;
-    if( ssl->session_negotiate->id_len > 0 )
-    {
-        memcpy( p, &ssl->session_negotiate->id[0],
-                ssl->session_negotiate->id_len );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1 + ssl->session_negotiate->id_len);
+    *p++ = (unsigned char) ssl->session_negotiate->id_len;
+    if (ssl->session_negotiate->id_len > 0) {
+        memcpy(p, &ssl->session_negotiate->id[0],
+               ssl->session_negotiate->id_len);
         p += ssl->session_negotiate->id_len;
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "session id", ssl->session_negotiate->id,
-                               ssl->session_negotiate->id_len );
+        MBEDTLS_SSL_DEBUG_BUF(3, "session id", ssl->session_negotiate->id,
+                              ssl->session_negotiate->id_len);
     }
 
     /* ...
@@ -2065,20 +2002,20 @@
      * with CipherSuite defined as:
      * uint8 CipherSuite[2];
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-    MBEDTLS_PUT_UINT16_BE( ssl->session_negotiate->ciphersuite, p, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+    MBEDTLS_PUT_UINT16_BE(ssl->session_negotiate->ciphersuite, p, 0);
     p += 2;
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "server hello, chosen ciphersuite: %s ( id=%d )",
-          mbedtls_ssl_get_ciphersuite_name(
-            ssl->session_negotiate->ciphersuite ),
-          ssl->session_negotiate->ciphersuite ) );
+    MBEDTLS_SSL_DEBUG_MSG(3,
+                          ("server hello, chosen ciphersuite: %s ( id=%d )",
+                           mbedtls_ssl_get_ciphersuite_name(
+                               ssl->session_negotiate->ciphersuite),
+                           ssl->session_negotiate->ciphersuite));
 
     /* ...
      * uint8 legacy_compression_method = 0;
      * ...
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1);
     *p++ = MBEDTLS_SSL_COMPRESS_NULL;
 
     /* ...
@@ -2089,103 +2026,101 @@
      *      opaque extension_data<0..2^16-1>;
      * } Extension;
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     p_extensions_len = p;
     p += 2;
 
-    if( ( ret = ssl_tls13_write_server_hello_supported_versions_ext(
-                                            ssl, p, end, &output_len ) ) != 0 )
-    {
+    if ((ret = ssl_tls13_write_server_hello_supported_versions_ext(
+             ssl, p, end, &output_len)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(
-            1, "ssl_tls13_write_server_hello_supported_versions_ext", ret );
-        return( ret );
+            1, "ssl_tls13_write_server_hello_supported_versions_ext", ret);
+        return ret;
     }
     p += output_len;
 
-    if( mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral( ssl ) )
-    {
-        if( is_hrr )
-            ret = ssl_tls13_write_hrr_key_share_ext( ssl, p, end, &output_len );
-        else
-            ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
-        if( ret != 0 )
-            return( ret );
+    if (mbedtls_ssl_tls13_key_exchange_mode_with_ephemeral(ssl)) {
+        if (is_hrr) {
+            ret = ssl_tls13_write_hrr_key_share_ext(ssl, p, end, &output_len);
+        } else {
+            ret = ssl_tls13_write_key_share_ext(ssl, p, end, &output_len);
+        }
+        if (ret != 0) {
+            return ret;
+        }
         p += output_len;
     }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
-    if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
-    {
-        ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_server_pre_shared_key_ext",
-                                   ret );
-            return( ret );
+    if (!is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
+        ret = ssl_tls13_write_server_pre_shared_key_ext(ssl, p, end, &output_len);
+        if (ret != 0) {
+            MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_server_pre_shared_key_ext",
+                                  ret);
+            return ret;
         }
         p += output_len;
     }
 #endif
 
-    MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
+    MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "server hello extensions",
-                           p_extensions_len, p - p_extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "server hello extensions",
+                          p_extensions_len, p - p_extensions_len);
 
     *out_len = p - buf;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello", buf, *out_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "server hello", buf, *out_len);
 
     MBEDTLS_SSL_PRINT_EXTS(
         3, is_hrr ? MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST :
-                    MBEDTLS_SSL_HS_SERVER_HELLO,
-        ssl->handshake->sent_extensions );
+        MBEDTLS_SSL_HS_SERVER_HELLO,
+        ssl->handshake->sent_extensions);
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finalize_write_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ret = mbedtls_ssl_tls13_compute_handshake_transform( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-                               "mbedtls_ssl_tls13_compute_handshake_transform",
-                               ret );
-        return( ret );
+    ret = mbedtls_ssl_tls13_compute_handshake_transform(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_compute_handshake_transform",
+                              ret);
+        return ret;
     }
 
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello"));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_server_hello( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                                MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                         MBEDTLS_SSL_HS_SERVER_HELLO, &buf,
+                                                         &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
-                                                             buf + buf_len,
-                                                             &msg_len,
-                                                             0 ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
+                                                           buf + buf_len,
+                                                           &msg_len,
+                                                           0));
 
     mbedtls_ssl_add_hs_msg_to_checksum(
-        ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
+        ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                              ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                             ssl, buf_len, msg_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_server_hello( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_finalize_write_server_hello(ssl));
 
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
     /* The server sends a dummy change_cipher_spec record immediately
@@ -2193,15 +2128,15 @@
      * a ServerHello or a HelloRetryRequest.
      */
     mbedtls_ssl_handshake_set_state(
-            ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO );
+        ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO);
 #else
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello"));
+    return ret;
 }
 
 
@@ -2209,57 +2144,55 @@
  * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_prepare_hello_retry_request( mbedtls_ssl_context *ssl )
+static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( ssl->handshake->hello_retry_request_count > 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if (ssl->handshake->hello_retry_request_count > 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Too many HRRs"));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 
     /*
      * Create stateless transcript hash for HRR
      */
-    MBEDTLS_SSL_DEBUG_MSG( 4, ( "Reset transcript for HRR" ) );
-    ret = mbedtls_ssl_reset_transcript_for_hrr( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_reset_transcript_for_hrr", ret );
-        return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(4, ("Reset transcript for HRR"));
+    ret = mbedtls_ssl_reset_transcript_for_hrr(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_transcript_for_hrr", ret);
+        return ret;
     }
-    mbedtls_ssl_session_reset_msg_layer( ssl, 0 );
+    mbedtls_ssl_session_reset_msg_layer(ssl, 0);
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello retry request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello retry request"));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_hello_retry_request( ssl ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_hello_retry_request(ssl));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
-                              ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
-                              &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+                             ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+                             &buf, &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
-                                                             buf + buf_len,
-                                                             &msg_len,
-                                                             1 ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
+                                                           buf + buf_len,
+                                                           &msg_len,
+                                                           1));
     mbedtls_ssl_add_hs_msg_to_checksum(
-        ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
+        ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
 
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len,
-                                                            msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
+                                                          msg_len));
 
     ssl->handshake->hello_retry_request_count++;
 
@@ -2269,14 +2202,14 @@
      * a ServerHello or a HelloRetryRequest.
      */
     mbedtls_ssl_handshake_set_state(
-            ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST );
+        ssl, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST);
 #else
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
 cleanup:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello retry request"));
+    return ret;
 }
 
 /*
@@ -2290,10 +2223,10 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
-                                                      unsigned char *buf,
-                                                      unsigned char *end,
-                                                      size_t *out_len )
+static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
+                                                     unsigned char *buf,
+                                                     unsigned char *end,
+                                                     size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2303,7 +2236,7 @@
 
     *out_len = 0;
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
     p_extensions_len = p;
     p += 2;
 
@@ -2312,64 +2245,67 @@
     ((void) output_len);
 
 #if defined(MBEDTLS_SSL_ALPN)
-    ret = mbedtls_ssl_write_alpn_ext( ssl, p, end, &output_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_write_alpn_ext(ssl, p, end, &output_len);
+    if (ret != 0) {
+        return ret;
+    }
     p += output_len;
 #endif /* MBEDTLS_SSL_ALPN */
 
-    extensions_len = ( p - p_extensions_len ) - 2;
-    MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
+    extensions_len = (p - p_extensions_len) - 2;
+    MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
 
     *out_len = p - buf;
 
-    MBEDTLS_SSL_DEBUG_BUF( 4, "encrypted extensions", buf, *out_len );
+    MBEDTLS_SSL_DEBUG_BUF(4, "encrypted extensions", buf, *out_len);
 
     MBEDTLS_SSL_PRINT_EXTS(
-        3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions );
+        3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, ssl->handshake->sent_extensions);
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf;
     size_t buf_len, msg_len;
 
-    mbedtls_ssl_set_outbound_transform( ssl,
-                                        ssl->handshake->transform_handshake );
+    mbedtls_ssl_set_outbound_transform(ssl,
+                                       ssl->handshake->transform_handshake);
     MBEDTLS_SSL_DEBUG_MSG(
-        3, ( "switching to handshake transform for outbound data" ) );
+        3, ("switching to handshake transform for outbound data"));
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions"));
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                       MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, &buf_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                         MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf,
+                                                         &buf_len));
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_encrypted_extensions_body(
-                              ssl, buf, buf + buf_len, &msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
+                             ssl, buf, buf + buf_len, &msg_len));
 
     mbedtls_ssl_add_hs_msg_to_checksum(
-        ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len );
+        ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len);
 
-    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                              ssl, buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                             ssl, buf_len, msg_len));
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-    if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
-    else
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
+    if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
+    } else {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST);
+    }
 #else
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
 #endif
 
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write encrypted extensions" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write encrypted extensions"));
+    return ret;
 }
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
@@ -2384,26 +2320,25 @@
  * should be skipped or not.
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_certificate_request_coordinate(mbedtls_ssl_context *ssl)
 {
     int authmode;
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+    if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
         authmode = ssl->handshake->sni_authmode;
-    else
+    } else
 #endif
     authmode = ssl->conf->authmode;
 
-    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
+    if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
         ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
-        return( SSL_CERTIFICATE_REQUEST_SKIP );
+        return SSL_CERTIFICATE_REQUEST_SKIP;
     }
 
     ssl->handshake->certificate_request_sent = 1;
 
-    return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
+    return SSL_CERTIFICATE_REQUEST_SEND_REQUEST;
 }
 
 /*
@@ -2414,10 +2349,10 @@
  *
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
-                                                     unsigned char *buf,
-                                                     const unsigned char *end,
-                                                     size_t *out_len )
+static int ssl_tls13_write_certificate_request_body(mbedtls_ssl_context *ssl,
+                                                    unsigned char *buf,
+                                                    const unsigned char *end,
+                                                    size_t *out_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2430,7 +2365,7 @@
      * - certificate_request_context (1 byte)
      * - extensions length           (2 bytes)
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3);
 
     /*
      * Write certificate_request_context
@@ -2448,103 +2383,101 @@
     /* The extensions must contain the signature_algorithms. */
     p_extensions_len = p;
     p += 2;
-    ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
+    if (ret != 0) {
+        return ret;
+    }
 
     p += output_len;
-    MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
+    MBEDTLS_PUT_UINT16_BE(p - p_extensions_len - 2, p_extensions_len, 0);
 
     *out_len = p - buf;
 
     MBEDTLS_SSL_PRINT_EXTS(
-        3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions );
+        3, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl->handshake->sent_extensions);
 
-    return( 0 );
+    return 0;
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+    MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_certificate_request_coordinate(ssl));
 
-    if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
-    {
+    if (ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST) {
         unsigned char *buf;
         size_t buf_len, msg_len;
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                             MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+                                                             &buf, &buf_len));
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
-                                  ssl, buf, buf + buf_len, &msg_len ) );
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
+                                 ssl, buf, buf + buf_len, &msg_len));
 
         mbedtls_ssl_add_hs_msg_to_checksum(
-            ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
+            ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len);
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                                  ssl, buf_len, msg_len ) );
-    }
-    else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                                 ssl, buf_len, msg_len));
+    } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
         ret = 0;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
         goto cleanup;
     }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CERTIFICATE);
 cleanup:
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
-    return( ret );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request"));
+    return ret;
 }
 
 /*
  * Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_server_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( ( ssl_tls13_pick_key_cert( ssl ) != 0 ) ||
-          mbedtls_ssl_own_cert( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate available." ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
-        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    if ((ssl_tls13_pick_key_cert(ssl) != 0) ||
+        mbedtls_ssl_own_cert(ssl) == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("No certificate available."));
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-    ret = mbedtls_ssl_tls13_write_certificate( ssl );
-    if( ret != 0 )
-        return( ret );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
-    return( 0 );
+    ret = mbedtls_ssl_tls13_write_certificate(ssl);
+    if (ret != 0) {
+        return ret;
+    }
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY);
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl)
 {
-    int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
-    if( ret != 0 )
-        return( ret );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
-    return( 0 );
+    int ret = mbedtls_ssl_tls13_write_certificate_verify(ssl);
+    if (ret != 0) {
+        return ret;
+    }
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED);
+    return 0;
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
@@ -2552,77 +2485,76 @@
  * Handler for MBEDTLS_SSL_SERVER_FINISHED
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_ssl_tls13_write_finished_message( ssl );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_ssl_tls13_write_finished_message(ssl);
+    if (ret != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_ssl_tls13_compute_application_transform( ssl );
-    if( ret != 0 )
-    {
+    ret = mbedtls_ssl_tls13_compute_application_transform(ssl);
+    if (ret != 0) {
         MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
-                MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-        return( ret );
+            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+            MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
+        return ret;
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
-    mbedtls_ssl_set_inbound_transform( ssl, ssl->handshake->transform_handshake );
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to handshake keys for inbound traffic"));
+    mbedtls_ssl_set_inbound_transform(ssl, ssl->handshake->transform_handshake);
 
-    if( ssl->handshake->certificate_request_sent )
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip parse certificate" ) );
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip parse certificate verify" ) );
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    if (ssl->handshake->certificate_request_sent) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
+    } else {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate"));
+        MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_FINISHED);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_client_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_ssl_tls13_process_finished_message( ssl );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ssl_tls13_compute_resumption_master_secret( ssl );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1,
-            "mbedtls_ssl_tls13_compute_resumption_master_secret", ret );
+    ret = mbedtls_ssl_tls13_process_finished_message(ssl);
+    if (ret != 0) {
+        return ret;
     }
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
-    return( 0 );
+    ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_compute_resumption_master_secret", ret);
+    }
+
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
+static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
 {
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
 
-    mbedtls_ssl_tls13_handshake_wrapup( ssl );
+    mbedtls_ssl_tls13_handshake_wrapup(ssl);
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
 #else
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
 #endif
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2631,37 +2563,34 @@
 #define SSL_NEW_SESSION_TICKET_SKIP  0
 #define SSL_NEW_SESSION_TICKET_WRITE 1
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_new_session_ticket_coordinate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ssl)
 {
     /* Check whether the use of session tickets is enabled */
-    if( ssl->conf->f_ticket_write == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
-                                        " callback is not set" ) );
-        return( SSL_NEW_SESSION_TICKET_SKIP );
+    if (ssl->conf->f_ticket_write == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled,"
+                                  " callback is not set"));
+        return SSL_NEW_SESSION_TICKET_SKIP;
     }
-    if( ssl->conf->new_session_tickets_count == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: disabled,"
-                                        " configured count is zero" ) );
-        return( SSL_NEW_SESSION_TICKET_SKIP );
+    if (ssl->conf->new_session_tickets_count == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: disabled,"
+                                  " configured count is zero"));
+        return SSL_NEW_SESSION_TICKET_SKIP;
     }
 
-    if( ssl->handshake->new_session_tickets_count == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "NewSessionTicket: all tickets have "
-                                        "been sent." ) );
-        return( SSL_NEW_SESSION_TICKET_SKIP );
+    if (ssl->handshake->new_session_tickets_count == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("NewSessionTicket: all tickets have "
+                                  "been sent."));
+        return SSL_NEW_SESSION_TICKET_SKIP;
     }
 
-    return( SSL_NEW_SESSION_TICKET_WRITE );
+    return SSL_NEW_SESSION_TICKET_WRITE;
 }
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
-                                                 unsigned char *ticket_nonce,
-                                                 size_t ticket_nonce_size )
+static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
+                                                unsigned char *ticket_nonce,
+                                                size_t ticket_nonce_size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ssl_session *session = ssl->session;
@@ -2669,41 +2598,38 @@
     psa_algorithm_t psa_hash_alg;
     int hash_length;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> prepare NewSessionTicket msg" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg"));
 
 #if defined(MBEDTLS_HAVE_TIME)
-    session->start = mbedtls_time( NULL );
+    session->start = mbedtls_time(NULL);
 #endif
 
     /* Generate ticket_age_add */
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
-                                  (unsigned char *) &session->ticket_age_add,
-                                  sizeof( session->ticket_age_add ) ) != 0 ) )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "generate_ticket_age_add", ret );
-        return( ret );
+    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
+                                (unsigned char *) &session->ticket_age_add,
+                                sizeof(session->ticket_age_add)) != 0)) {
+        MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
+        return ret;
     }
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_age_add: %u",
-                                (unsigned int)session->ticket_age_add ) );
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u",
+                              (unsigned int) session->ticket_age_add));
 
     /* Generate ticket_nonce */
-    ret = ssl->conf->f_rng( ssl->conf->p_rng, ticket_nonce, ticket_nonce_size );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "generate_ticket_nonce", ret );
-        return( ret );
+    ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
+        return ret;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "ticket_nonce:",
-                           ticket_nonce, ticket_nonce_size );
+    MBEDTLS_SSL_DEBUG_BUF(3, "ticket_nonce:",
+                          ticket_nonce, ticket_nonce_size);
 
     ciphersuite_info =
-                (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
-    psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
-    hash_length = PSA_HASH_LENGTH( psa_hash_alg );
-    if( hash_length == -1 ||
-        (size_t)hash_length > sizeof( session->resumption_key ) )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
+    psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+    hash_length = PSA_HASH_LENGTH(psa_hash_alg);
+    if (hash_length == -1 ||
+        (size_t) hash_length > sizeof(session->resumption_key)) {
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     }
 
     /* In this code the psk key length equals the length of the hash */
@@ -2716,31 +2642,30 @@
      *                    "resumption", ticket_nonce, Hash.length )
      */
     ret = mbedtls_ssl_tls13_hkdf_expand_label(
-               psa_hash_alg,
-               session->app_secrets.resumption_master_secret,
-               hash_length,
-               MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ),
-               ticket_nonce,
-               ticket_nonce_size,
-               session->resumption_key,
-               hash_length );
+        psa_hash_alg,
+        session->app_secrets.resumption_master_secret,
+        hash_length,
+        MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(resumption),
+        ticket_nonce,
+        ticket_nonce_size,
+        session->resumption_key,
+        hash_length);
 
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 2,
-                               "Creating the ticket-resumed PSK failed",
-                               ret );
-        return ( ret );
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(2,
+                              "Creating the ticket-resumed PSK failed",
+                              ret);
+        return ret;
     }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Ticket-resumed PSK",
-                           session->resumption_key,
-                           session->resumption_key_len );
+    MBEDTLS_SSL_DEBUG_BUF(3, "Ticket-resumed PSK",
+                          session->resumption_key,
+                          session->resumption_key_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "resumption_master_secret",
-                           session->app_secrets.resumption_master_secret,
-                           hash_length );
+    MBEDTLS_SSL_DEBUG_BUF(3, "resumption_master_secret",
+                          session->app_secrets.resumption_master_secret,
+                          hash_length);
 
-    return( 0 );
+    return 0;
 }
 
 /* This function creates a NewSessionTicket message in the following format:
@@ -2768,12 +2693,12 @@
  *  - ciphersuite (ciphersuite)
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl,
-                                                    unsigned char *buf,
-                                                    unsigned char *end,
-                                                    size_t *out_len,
-                                                    unsigned char *ticket_nonce,
-                                                    size_t ticket_nonce_size )
+static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
+                                                   unsigned char *buf,
+                                                   unsigned char *end,
+                                                   size_t *out_len,
+                                                   unsigned char *ticket_nonce,
+                                                   size_t ticket_nonce_size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
@@ -2782,7 +2707,7 @@
     uint32_t ticket_lifetime;
 
     *out_len = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write NewSessionTicket msg" ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("=> write NewSessionTicket msg"));
 
     /*
      *    ticket_lifetime   4 bytes
@@ -2790,19 +2715,18 @@
      *    ticket_nonce      1 + ticket_nonce_size bytes
      *    ticket            >=2 bytes
      */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + 4 + 1 + ticket_nonce_size + 2 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2);
 
     /* Generate ticket and ticket_lifetime */
-    ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
-                                     session,
-                                     p + 9 + ticket_nonce_size + 2,
-                                     end,
-                                     &ticket_len,
-                                     &ticket_lifetime);
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "write_ticket", ret );
-        return( ret );
+    ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
+                                    session,
+                                    p + 9 + ticket_nonce_size + 2,
+                                    end,
+                                    &ticket_len,
+                                    &ticket_lifetime);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "write_ticket", ret);
+        return ret;
     }
     /* RFC 8446 4.6.1
      *  ticket_lifetime:  Indicates the lifetime in seconds as a 32-bit
@@ -2815,29 +2739,29 @@
      *      MAY treat a ticket as valid for a shorter period of time than what
      *      is stated in the ticket_lifetime.
      */
-    if( ticket_lifetime > 604800 )
+    if (ticket_lifetime > 604800) {
         ticket_lifetime = 604800;
-    MBEDTLS_PUT_UINT32_BE( ticket_lifetime, p, 0 );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_lifetime: %u",
-                                ( unsigned int )ticket_lifetime ) );
+    }
+    MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0);
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u",
+                              (unsigned int) ticket_lifetime));
 
     /* Write ticket_age_add */
-    MBEDTLS_PUT_UINT32_BE( session->ticket_age_add, p, 4 );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket_age_add: %u",
-                                ( unsigned int )session->ticket_age_add ) );
+    MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 4);
+    MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_age_add: %u",
+                              (unsigned int) session->ticket_age_add));
 
     /* Write ticket_nonce */
-    p[8] = ( unsigned char )ticket_nonce_size;
-    if( ticket_nonce_size > 0 )
-    {
-        memcpy( p + 9, ticket_nonce, ticket_nonce_size );
+    p[8] = (unsigned char) ticket_nonce_size;
+    if (ticket_nonce_size > 0) {
+        memcpy(p + 9, ticket_nonce, ticket_nonce_size);
     }
     p += 9 + ticket_nonce_size;
 
     /* Write ticket */
-    MBEDTLS_PUT_UINT16_BE( ticket_len, p, 0 );
+    MBEDTLS_PUT_UINT16_BE(ticket_len, p, 0);
     p += 2;
-    MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", p, ticket_len);
+    MBEDTLS_SSL_DEBUG_BUF(4, "ticket", p, ticket_len);
     p += ticket_len;
 
     /* Ticket Extensions
@@ -2847,201 +2771,195 @@
      */
     ssl->handshake->sent_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-    MBEDTLS_PUT_UINT16_BE( 0, p, 0 );
+    MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+    MBEDTLS_PUT_UINT16_BE(0, p, 0);
     p += 2;
 
     *out_len = p - buf;
-    MBEDTLS_SSL_DEBUG_BUF( 4, "ticket", buf, *out_len );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+    MBEDTLS_SSL_DEBUG_BUF(4, "ticket", buf, *out_len);
+    MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket"));
 
     MBEDTLS_SSL_PRINT_EXTS(
-        3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions );
+        3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl->handshake->sent_extensions);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
  */
-static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_new_session_ticket_coordinate( ssl ) );
+    MBEDTLS_SSL_PROC_CHK_NEG(ssl_tls13_write_new_session_ticket_coordinate(ssl));
 
-    if( ret == SSL_NEW_SESSION_TICKET_WRITE )
-    {
+    if (ret == SSL_NEW_SESSION_TICKET_WRITE) {
         unsigned char ticket_nonce[MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH];
         unsigned char *buf;
         size_t buf_len, msg_len;
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_new_session_ticket(
-                                  ssl, ticket_nonce, sizeof( ticket_nonce ) ) );
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket(
+                                 ssl, ticket_nonce, sizeof(ticket_nonce)));
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
-                MBEDTLS_SSL_HS_NEW_SESSION_TICKET, &buf, &buf_len ) );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
+                                                             MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+                                                             &buf, &buf_len));
 
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_new_session_ticket_body(
-                                  ssl, buf, buf + buf_len, &msg_len,
-                                  ticket_nonce, sizeof( ticket_nonce ) ) );
+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body(
+                                 ssl, buf, buf + buf_len, &msg_len,
+                                 ticket_nonce, sizeof(ticket_nonce)));
 
-        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
-                                  ssl, buf_len, msg_len ) );
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
+                                 ssl, buf_len, msg_len));
 
         /* Limit session tickets count to one when resumption connection.
          *
          * See document of mbedtls_ssl_conf_new_session_tickets.
          */
-        if( ssl->handshake->resume == 1 )
+        if (ssl->handshake->resume == 1) {
             ssl->handshake->new_session_tickets_count = 0;
-        else
+        } else {
             ssl->handshake->new_session_tickets_count--;
+        }
 
         mbedtls_ssl_handshake_set_state(
-            ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH );
-    }
-    else
-    {
-        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+            ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH);
+    } else {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
     }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
 /*
  * TLS 1.3 State Machine -- server side
  */
-int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %s(%d)",
-                                mbedtls_ssl_states_str( ssl->state ),
-                                ssl->state ) );
+    MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)",
+                              mbedtls_ssl_states_str(ssl->state),
+                              ssl->state));
 
-    switch( ssl->state )
-    {
+    switch (ssl->state) {
         /* start state */
         case MBEDTLS_SSL_HELLO_REQUEST:
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
             ret = 0;
             break;
 
         case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = ssl_tls13_process_client_hello( ssl );
-            if( ret != 0 )
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+            ret = ssl_tls13_process_client_hello(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_process_client_hello", ret);
+            }
             break;
 
         case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
-            ret = ssl_tls13_write_hello_retry_request( ssl );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
-                return( ret );
+            ret = ssl_tls13_write_hello_retry_request(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_hello_retry_request", ret);
+                return ret;
             }
             break;
 
         case MBEDTLS_SSL_SERVER_HELLO:
-            ret = ssl_tls13_write_server_hello( ssl );
+            ret = ssl_tls13_write_server_hello(ssl);
             break;
 
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls13_write_encrypted_extensions( ssl );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_encrypted_extensions", ret );
-                return( ret );
+            ret = ssl_tls13_write_encrypted_extensions(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_write_encrypted_extensions", ret);
+                return ret;
             }
             break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_tls13_write_certificate_request( ssl );
+            ret = ssl_tls13_write_certificate_request(ssl);
             break;
 
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            ret = ssl_tls13_write_server_certificate( ssl );
+            ret = ssl_tls13_write_server_certificate(ssl);
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-            ret = ssl_tls13_write_certificate_verify( ssl );
+            ret = ssl_tls13_write_certificate_verify(ssl);
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
-        /*
-         * Injection of dummy-CCS's for middlebox compatibility
-         */
+            /*
+             * Injection of dummy-CCS's for middlebox compatibility
+             */
 #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
         case MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
-            if( ret == 0 )
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
+            }
             break;
 
         case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:
-            ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
-            if( ret == 0 )
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
+            ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
+            if (ret == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
+            }
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
         case MBEDTLS_SSL_SERVER_FINISHED:
-            ret = ssl_tls13_write_server_finished( ssl );
+            ret = ssl_tls13_write_server_finished(ssl);
             break;
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = ssl_tls13_process_client_finished( ssl );
+            ret = ssl_tls13_process_client_finished(ssl);
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-            ret = ssl_tls13_handshake_wrapup( ssl );
+            ret = ssl_tls13_handshake_wrapup(ssl);
             break;
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            ret = mbedtls_ssl_tls13_process_certificate( ssl );
-            if( ret == 0 )
-            {
-                if( ssl->session_negotiate->peer_cert != NULL )
-                {
+            ret = mbedtls_ssl_tls13_process_certificate(ssl);
+            if (ret == 0) {
+                if (ssl->session_negotiate->peer_cert != NULL) {
                     mbedtls_ssl_handshake_set_state(
-                        ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
-                }
-                else
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "skip parse certificate verify" ) );
+                        ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY);
+                } else {
+                    MBEDTLS_SSL_DEBUG_MSG(2, ("skip parse certificate verify"));
                     mbedtls_ssl_handshake_set_state(
-                        ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+                        ssl, MBEDTLS_SSL_CLIENT_FINISHED);
                 }
             }
             break;
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
-            ret = mbedtls_ssl_tls13_process_certificate_verify( ssl );
-            if( ret == 0 )
-            {
+            ret = mbedtls_ssl_tls13_process_certificate_verify(ssl);
+            if (ret == 0) {
                 mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+                    ssl, MBEDTLS_SSL_CLIENT_FINISHED);
             }
             break;
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
         case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET:
-            ret = ssl_tls13_write_new_session_ticket( ssl );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1,
-                                       "ssl_tls13_write_new_session_ticket ",
-                                       ret );
+            ret = ssl_tls13_write_new_session_ticket(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1,
+                                      "ssl_tls13_write_new_session_ticket ",
+                                      ret);
             }
             break;
         case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:
@@ -3051,20 +2969,21 @@
              */
             ret = 0;
 
-            if( ssl->handshake->new_session_tickets_count == 0 )
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
-            else
-                mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET );
+            if (ssl->handshake->new_session_tickets_count == 0) {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+            } else {
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+            }
             break;
 
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
 
         default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+            MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state));
+            return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/threading.c b/library/threading.c
index cd9942b..130c696 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -40,9 +40,9 @@
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-         _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
+#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) ||     \
+    (defined(_POSIX_THREAD_SAFE_FUNCTIONS) &&                     \
+    _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L))
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
@@ -51,21 +51,22 @@
  * we keep it private by only defining it in this file
  */
 
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+#if !(defined(_WIN32) && !defined(EFIX64) && !defined(EFI32))
 #define THREADING_USE_GMTIME
 #endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
 
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \
+             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
 
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
-static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex)
 {
-    if( mutex == NULL )
+    if (mutex == NULL) {
         return;
+    }
 
     /* A nonzero value of is_valid indicates a successfully initialized
      * mutex. This is a workaround for not being able to return an error
@@ -73,44 +74,49 @@
      * if is_valid is nonzero. The Mbed TLS unit test code uses this field
      * to distinguish more states of the mutex; see
      * tests/src/threading_helpers for details. */
-    mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
+    mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0;
 }
 
-static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex)
 {
-    if( mutex == NULL || !mutex->is_valid )
+    if (mutex == NULL || !mutex->is_valid) {
         return;
+    }
 
-    (void) pthread_mutex_destroy( &mutex->mutex );
+    (void) pthread_mutex_destroy(&mutex->mutex);
     mutex->is_valid = 0;
 }
 
-static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex)
 {
-    if( mutex == NULL || ! mutex->is_valid )
-        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+    if (mutex == NULL || !mutex->is_valid) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
 
-    if( pthread_mutex_lock( &mutex->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (pthread_mutex_lock(&mutex->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex)
 {
-    if( mutex == NULL || ! mutex->is_valid )
-        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+    if (mutex == NULL || !mutex->is_valid) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
 
-    if( pthread_mutex_unlock( &mutex->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+    if (pthread_mutex_unlock(&mutex->mutex) != 0) {
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
+void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_init_pthread;
+void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_free_pthread;
+int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_lock_pthread;
+int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_unlock_pthread;
 
 /*
  * With pthreads we can statically initialize mutexes
@@ -120,29 +126,29 @@
 #endif /* MBEDTLS_THREADING_PTHREAD */
 
 #if defined(MBEDTLS_THREADING_ALT)
-static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex )
+static int threading_mutex_fail(mbedtls_threading_mutex_t *mutex)
 {
-    ((void) mutex );
-    return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+    ((void) mutex);
+    return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
 }
-static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex )
+static void threading_mutex_dummy(mbedtls_threading_mutex_t *mutex)
 {
-    ((void) mutex );
+    ((void) mutex);
     return;
 }
 
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
+void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_dummy;
+void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_dummy;
+int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_fail;
+int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_fail;
 
 /*
  * Set functions pointers and initialize global mutexes
  */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
-                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) )
+void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+                               void (*mutex_free)(mbedtls_threading_mutex_t *),
+                               int (*mutex_lock)(mbedtls_threading_mutex_t *),
+                               int (*mutex_unlock)(mbedtls_threading_mutex_t *))
 {
     mbedtls_mutex_init = mutex_init;
     mbedtls_mutex_free = mutex_free;
@@ -150,23 +156,23 @@
     mbedtls_mutex_unlock = mutex_unlock;
 
 #if defined(MBEDTLS_FS_IO)
-    mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
+    mbedtls_mutex_init(&mbedtls_threading_readdir_mutex);
 #endif
 #if defined(THREADING_USE_GMTIME)
-    mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+    mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex);
 #endif
 }
 
 /*
  * Free global mutexes
  */
-void mbedtls_threading_free_alt( void )
+void mbedtls_threading_free_alt(void)
 {
 #if defined(MBEDTLS_FS_IO)
-    mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
+    mbedtls_mutex_free(&mbedtls_threading_readdir_mutex);
 #endif
 #if defined(THREADING_USE_GMTIME)
-    mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+    mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex);
 #endif
 }
 #endif /* MBEDTLS_THREADING_ALT */
diff --git a/library/timing.c b/library/timing.c
index 859c1b8..6852033 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -36,8 +36,7 @@
 #include <windows.h>
 #include <process.h>
 
-struct _hr_time
-{
+struct _hr_time {
     LARGE_INTEGER start;
 };
 
@@ -50,8 +49,7 @@
  * platform matches the ifdefs above, it will be used. */
 #include <time.h>
 #include <sys/time.h>
-struct _hr_time
-{
+struct _hr_time {
     struct timeval start;
 };
 #endif /* _WIN32 && !EFIX64 && !EFI32 */
@@ -77,46 +75,40 @@
  */
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
 {
     struct _hr_time *t = (struct _hr_time *) val;
 
-    if( reset )
-    {
-        QueryPerformanceCounter( &t->start );
-        return( 0 );
-    }
-    else
-    {
+    if (reset) {
+        QueryPerformanceCounter(&t->start);
+        return 0;
+    } else {
         unsigned long delta;
         LARGE_INTEGER now, hfreq;
-        QueryPerformanceCounter(  &now );
-        QueryPerformanceFrequency( &hfreq );
-        delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul
-                                 / hfreq.QuadPart );
-        return( delta );
+        QueryPerformanceCounter(&now);
+        QueryPerformanceFrequency(&hfreq);
+        delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul
+                                 / hfreq.QuadPart);
+        return delta;
     }
 }
 
 #else /* _WIN32 && !EFIX64 && !EFI32 */
 
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
 {
     struct _hr_time *t = (struct _hr_time *) val;
 
-    if( reset )
-    {
-        gettimeofday( &t->start, NULL );
-        return( 0 );
-    }
-    else
-    {
+    if (reset) {
+        gettimeofday(&t->start, NULL);
+        return 0;
+    } else {
         unsigned long delta;
         struct timeval now;
-        gettimeofday( &now, NULL );
-        delta = ( now.tv_sec  - t->start.tv_sec  ) * 1000ul
-              + ( now.tv_usec - t->start.tv_usec ) / 1000;
-        return( delta );
+        gettimeofday(&now, NULL);
+        delta = (now.tv_sec  - t->start.tv_sec) * 1000ul
+                + (now.tv_usec - t->start.tv_usec) / 1000;
+        return delta;
     }
 }
 
@@ -125,46 +117,50 @@
 /*
  * Set delays to watch
  */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
+void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms)
 {
     mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
 
     ctx->int_ms = int_ms;
     ctx->fin_ms = fin_ms;
 
-    if( fin_ms != 0 )
-        (void) mbedtls_timing_get_timer( &ctx->timer, 1 );
+    if (fin_ms != 0) {
+        (void) mbedtls_timing_get_timer(&ctx->timer, 1);
+    }
 }
 
 /*
  * Get number of delays expired
  */
-int mbedtls_timing_get_delay( void *data )
+int mbedtls_timing_get_delay(void *data)
 {
     mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
     unsigned long elapsed_ms;
 
-    if( ctx->fin_ms == 0 )
-        return( -1 );
+    if (ctx->fin_ms == 0) {
+        return -1;
+    }
 
-    elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
+    elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0);
 
-    if( elapsed_ms >= ctx->fin_ms )
-        return( 2 );
+    if (elapsed_ms >= ctx->fin_ms) {
+        return 2;
+    }
 
-    if( elapsed_ms >= ctx->int_ms )
-        return( 1 );
+    if (elapsed_ms >= ctx->int_ms) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Get the final delay.
  */
 uint32_t mbedtls_timing_get_final_delay(
-                                      const mbedtls_timing_delay_context *data )
+    const mbedtls_timing_delay_context *data)
 {
-    return( data->fin_ms );
+    return data->fin_ms;
 }
 #endif /* !MBEDTLS_TIMING_ALT */
 #endif /* MBEDTLS_TIMING_C */
diff --git a/library/version.c b/library/version.c
index 32a0d7d..4f78c9c 100644
--- a/library/version.c
+++ b/library/version.c
@@ -24,21 +24,21 @@
 #include "mbedtls/version.h"
 #include <string.h>
 
-unsigned int mbedtls_version_get_number( void )
+unsigned int mbedtls_version_get_number(void)
 {
-    return( MBEDTLS_VERSION_NUMBER );
+    return MBEDTLS_VERSION_NUMBER;
 }
 
-void mbedtls_version_get_string( char *string )
+void mbedtls_version_get_string(char *string)
 {
-    memcpy( string, MBEDTLS_VERSION_STRING,
-            sizeof( MBEDTLS_VERSION_STRING ) );
+    memcpy(string, MBEDTLS_VERSION_STRING,
+           sizeof(MBEDTLS_VERSION_STRING));
 }
 
-void mbedtls_version_get_string_full( char *string )
+void mbedtls_version_get_string_full(char *string)
 {
-    memcpy( string, MBEDTLS_VERSION_STRING_FULL,
-            sizeof( MBEDTLS_VERSION_STRING_FULL ) );
+    memcpy(string, MBEDTLS_VERSION_STRING_FULL,
+           sizeof(MBEDTLS_VERSION_STRING_FULL));
 }
 
 #endif /* MBEDTLS_VERSION_C */
diff --git a/library/x509.c b/library/x509.c
index be87973..1b3701c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -55,42 +55,45 @@
 
 #include "mbedtls/legacy_or_psa.h"
 
-#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
+#define CHECK(code) if ((ret = (code)) != 0) { return ret; }
 #define CHECK_RANGE(min, max, val)                      \
     do                                                  \
     {                                                   \
-        if( ( val ) < ( min ) || ( val ) > ( max ) )    \
+        if ((val) < (min) || (val) > (max))    \
         {                                               \
-            return( ret );                              \
+            return ret;                              \
         }                                               \
-    } while( 0 )
+    } while (0)
 
 /*
  *  CertificateSerialNumber  ::=  INTEGER
  */
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
-                     mbedtls_x509_buf *serial )
+int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
+                            mbedtls_x509_buf *serial)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
-    if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
-        **p !=   MBEDTLS_ASN1_INTEGER )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) &&
+        **p !=   MBEDTLS_ASN1_INTEGER) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
     serial->tag = *(*p)++;
 
-    if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) );
+    if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret);
+    }
 
     serial->p = *p;
     *p += serial->len;
 
-    return( 0 );
+    return 0;
 }
 
 /* Get an algorithm identifier without parameters (eg for signatures)
@@ -99,70 +102,71 @@
  *       algorithm               OBJECT IDENTIFIER,
  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  */
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       mbedtls_x509_buf *alg )
+int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
+                              mbedtls_x509_buf *alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse an algorithm identifier with (optional) parameters
  */
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
+int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
+                         mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Convert md type to string
  */
-static inline const char* md_type_to_string( mbedtls_md_type_t md_alg )
+static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
 {
-    switch( md_alg )
-    {
+    switch (md_alg) {
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_MD5:
-        return( "MD5" );
+        case MBEDTLS_MD_MD5:
+            return "MD5";
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_SHA1:
-        return( "SHA1" );
+        case MBEDTLS_MD_SHA1:
+            return "SHA1";
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_SHA224:
-        return( "SHA224" );
+        case MBEDTLS_MD_SHA224:
+            return "SHA224";
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_SHA256:
-        return( "SHA256" );
+        case MBEDTLS_MD_SHA256:
+            return "SHA256";
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_SHA384:
-        return( "SHA384" );
+        case MBEDTLS_MD_SHA384:
+            return "SHA384";
 #endif
 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_SHA512:
-        return( "SHA512" );
+        case MBEDTLS_MD_SHA512:
+            return "SHA512";
 #endif
 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA)
-    case MBEDTLS_MD_RIPEMD160:
-        return( "RIPEMD160" );
+        case MBEDTLS_MD_RIPEMD160:
+            return "RIPEMD160";
 #endif
-    case MBEDTLS_MD_NONE:
-        return( NULL );
-    default:
-        return( NULL );
+        case MBEDTLS_MD_NONE:
+            return NULL;
+        default:
+            return NULL;
     }
 }
 
@@ -176,7 +180,7 @@
  *
  * For HashAlgorithm, parameters MUST be NULL or absent.
  */
-static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
+static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p;
@@ -185,42 +189,49 @@
     size_t len;
 
     /* Make sure we got a SEQUENCE and setup bounds */
-    if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
     p = alg->p;
     end = p + alg->len;
 
-    if( p >= end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if (p >= end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
     /* Parse md_oid */
     md_oid.tag = *p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+    }
 
     md_oid.p = p;
     p += md_oid.len;
 
     /* Get md_alg from md_oid */
-    if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+    }
 
     /* Make sure params is absent of NULL */
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+    }
 
-    if( p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -235,9 +246,9 @@
  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
  * option. Enforce this at parsing time.
  */
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
-                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                int *salt_len )
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+                                       mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                       int *salt_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p;
@@ -251,121 +262,139 @@
     *salt_len = 20;
 
     /* Make sure params is a SEQUENCE and setup bounds */
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
     p = (unsigned char *) params->p;
     end = p + params->len;
 
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
     /*
      * HashAlgorithm
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
-    {
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    0)) == 0) {
         end2 = p + len;
 
         /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
-        if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) {
+            return ret;
+        }
 
-        if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+        if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+        }
 
-        if( p != end2 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (p != end2) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
+    } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
     }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
 
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
     /*
      * MaskGenAlgorithm
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
-    {
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    1)) == 0) {
         end2 = p + len;
 
         /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
-        if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) {
+            return ret;
+        }
 
         /* Only MFG1 is recognised for now */
-        if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
-                    MBEDTLS_ERR_OID_NOT_FOUND ) );
+        if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
+                                     MBEDTLS_ERR_OID_NOT_FOUND);
+        }
 
         /* Parse HashAlgorithm */
-        if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
-            return( ret );
+        if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) {
+            return ret;
+        }
 
-        if( p != end2 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (p != end2) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
+    } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
     }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
 
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
     /*
      * salt_len
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
-    {
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    2)) == 0) {
         end2 = p + len;
 
-        if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+        if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+        }
 
-        if( p != end2 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (p != end2) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
+    } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
     }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
 
-    if( p == end )
-        return( 0 );
+    if (p == end) {
+        return 0;
+    }
 
     /*
      * trailer_field (if present, must be 1)
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
-    {
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    3)) == 0) {
         int trailer_field;
 
         end2 = p + len;
 
-        if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
+        if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
+        }
 
-        if( p != end2 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (p != end2) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
 
-        if( trailer_field != 1 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG );
+        if (trailer_field != 1) {
+            return MBEDTLS_ERR_X509_INVALID_ALG;
+        }
+    } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret);
     }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
 
-    if( p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
@@ -378,63 +407,68 @@
  *
  *  AttributeValue ::= ANY DEFINED BY AttributeType
  */
-static int x509_get_attr_type_value( unsigned char **p,
-                                     const unsigned char *end,
-                                     mbedtls_x509_name *cur )
+static int x509_get_attr_type_value(unsigned char **p,
+                                    const unsigned char *end,
+                                    mbedtls_x509_name *cur)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
     mbedtls_x509_buf *oid;
     mbedtls_x509_buf *val;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+    }
 
     end = *p + len;
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
     oid = &cur->oid;
     oid->tag = **p;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+    }
 
     oid->p = *p;
     *p += oid->len;
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
-    if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
+    if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
         **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
         **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
-        **p != MBEDTLS_ASN1_BIT_STRING )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+        **p != MBEDTLS_ASN1_BIT_STRING) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
     val = &cur->val;
     val->tag = *(*p)++;
 
-    if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
+    if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
+    }
 
     val->p = *p;
     *p += val->len;
 
-    if( *p != end )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     cur->next = NULL;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -465,8 +499,8 @@
  * cases, this function frees all allocated memory internally and the caller
  * has no freeing responsibilities.
  */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_name *cur )
+int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
+                          mbedtls_x509_name *cur)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t set_len;
@@ -474,35 +508,33 @@
     mbedtls_x509_name *head = cur;
 
     /* don't use recursion, we'd risk stack overflow if not optimized */
-    while( 1 )
-    {
+    while (1) {
         /*
          * parse SET
          */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
-        {
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret );
+        if ((ret = mbedtls_asn1_get_tag(p, end, &set_len,
+                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret);
             goto error;
         }
 
         end_set  = *p + set_len;
 
-        while( 1 )
-        {
-            if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
+        while (1) {
+            if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) {
                 goto error;
+            }
 
-            if( *p == end_set )
+            if (*p == end_set) {
                 break;
+            }
 
             /* Mark this item as being no the only one in a set */
             cur->next_merged = 1;
 
-            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+            cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name));
 
-            if( cur->next == NULL )
-            {
+            if (cur->next == NULL) {
                 ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
                 goto error;
             }
@@ -513,13 +545,13 @@
         /*
          * continue until end of SEQUENCE is reached
          */
-        if( *p == end )
-            return( 0 );
+        if (*p == end) {
+            return 0;
+        }
 
-        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+        cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name));
 
-        if( cur->next == NULL )
-        {
+        if (cur->next == NULL) {
             ret = MBEDTLS_ERR_X509_ALLOC_FAILED;
             goto error;
         }
@@ -529,40 +561,39 @@
 
 error:
     /* Skip the first element as we did not allocate it */
-    mbedtls_asn1_free_named_data_list_shallow( head->next );
+    mbedtls_asn1_free_named_data_list_shallow(head->next);
     head->next = NULL;
 
-    return( ret );
+    return ret;
 }
 
-static int x509_parse_int( unsigned char **p, size_t n, int *res )
+static int x509_parse_int(unsigned char **p, size_t n, int *res)
 {
     *res = 0;
 
-    for( ; n > 0; --n )
-    {
-        if( ( **p < '0') || ( **p > '9' ) )
-            return ( MBEDTLS_ERR_X509_INVALID_DATE );
+    for (; n > 0; --n) {
+        if ((**p < '0') || (**p > '9')) {
+            return MBEDTLS_ERR_X509_INVALID_DATE;
+        }
 
         *res *= 10;
-        *res += ( *(*p)++ - '0' );
+        *res += (*(*p)++ - '0');
     }
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_date_is_valid(const mbedtls_x509_time *t )
+static int x509_date_is_valid(const mbedtls_x509_time *t)
 {
     int ret = MBEDTLS_ERR_X509_INVALID_DATE;
     int month_len;
 
-    CHECK_RANGE( 0, 9999, t->year );
-    CHECK_RANGE( 0, 23,   t->hour );
-    CHECK_RANGE( 0, 59,   t->min  );
-    CHECK_RANGE( 0, 59,   t->sec  );
+    CHECK_RANGE(0, 9999, t->year);
+    CHECK_RANGE(0, 23,   t->hour);
+    CHECK_RANGE(0, 59,   t->min);
+    CHECK_RANGE(0, 59,   t->sec);
 
-    switch( t->mon )
-    {
+    switch (t->mon) {
         case 1: case 3: case 5: case 7: case 8: case 10: case 12:
             month_len = 31;
             break;
@@ -570,69 +601,69 @@
             month_len = 30;
             break;
         case 2:
-            if( ( !( t->year % 4 ) && t->year % 100 ) ||
-                !( t->year % 400 ) )
+            if ((!(t->year % 4) && t->year % 100) ||
+                !(t->year % 400)) {
                 month_len = 29;
-            else
+            } else {
                 month_len = 28;
+            }
             break;
         default:
-            return( ret );
+            return ret;
     }
-    CHECK_RANGE( 1, month_len, t->day );
+    CHECK_RANGE(1, month_len, t->day);
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
  * field.
  */
-static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
-                            mbedtls_x509_time *tm )
+static int x509_parse_time(unsigned char **p, size_t len, size_t yearlen,
+                           mbedtls_x509_time *tm)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /*
      * Minimum length is 10 or 12 depending on yearlen
      */
-    if ( len < yearlen + 8 )
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
+    if (len < yearlen + 8) {
+        return MBEDTLS_ERR_X509_INVALID_DATE;
+    }
     len -= yearlen + 8;
 
     /*
      * Parse year, month, day, hour, minute
      */
-    CHECK( x509_parse_int( p, yearlen, &tm->year ) );
-    if ( 2 == yearlen )
-    {
-        if ( tm->year < 50 )
+    CHECK(x509_parse_int(p, yearlen, &tm->year));
+    if (2 == yearlen) {
+        if (tm->year < 50) {
             tm->year += 100;
+        }
 
         tm->year += 1900;
     }
 
-    CHECK( x509_parse_int( p, 2, &tm->mon ) );
-    CHECK( x509_parse_int( p, 2, &tm->day ) );
-    CHECK( x509_parse_int( p, 2, &tm->hour ) );
-    CHECK( x509_parse_int( p, 2, &tm->min ) );
+    CHECK(x509_parse_int(p, 2, &tm->mon));
+    CHECK(x509_parse_int(p, 2, &tm->day));
+    CHECK(x509_parse_int(p, 2, &tm->hour));
+    CHECK(x509_parse_int(p, 2, &tm->min));
 
     /*
      * Parse seconds if present
      */
-    if ( len >= 2 )
-    {
-        CHECK( x509_parse_int( p, 2, &tm->sec ) );
+    if (len >= 2) {
+        CHECK(x509_parse_int(p, 2, &tm->sec));
         len -= 2;
+    } else {
+        return MBEDTLS_ERR_X509_INVALID_DATE;
     }
-    else
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
 
     /*
      * Parse trailing 'Z' if present
      */
-    if ( 1 == len && 'Z' == **p )
-    {
+    if (1 == len && 'Z' == **p) {
         (*p)++;
         len--;
     }
@@ -640,12 +671,13 @@
     /*
      * We should have parsed all characters at this point
      */
-    if ( 0 != len )
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
+    if (0 != len) {
+        return MBEDTLS_ERR_X509_INVALID_DATE;
+    }
 
-    CHECK( x509_date_is_valid( tm ) );
+    CHECK(x509_date_is_valid(tm));
 
-    return ( 0 );
+    return 0;
 }
 
 /*
@@ -653,50 +685,55 @@
  *       utcTime        UTCTime,
  *       generalTime    GeneralizedTime }
  */
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
-                           mbedtls_x509_time *tm )
+int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
+                          mbedtls_x509_time *tm)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len, year_len;
     unsigned char tag;
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
     tag = **p;
 
-    if( tag == MBEDTLS_ASN1_UTC_TIME )
+    if (tag == MBEDTLS_ASN1_UTC_TIME) {
         year_len = 2;
-    else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
+    } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) {
         year_len = 4;
-    else
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+    } else {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+                                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+    }
 
     (*p)++;
-    ret = mbedtls_asn1_get_len( p, end, &len );
+    ret = mbedtls_asn1_get_len(p, end, &len);
 
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
+    }
 
-    return x509_parse_time( p, len, year_len, tm );
+    return x509_parse_time(p, len, year_len, tm);
 }
 
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
+int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
     int tag_type;
 
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
+    if ((end - *p) < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE,
+                                 MBEDTLS_ERR_ASN1_OUT_OF_DATA);
+    }
 
     tag_type = **p;
 
-    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) );
+    if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret);
+    }
 
     sig->tag = tag_type;
     sig->len = len;
@@ -704,63 +741,64 @@
 
     *p += len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Get signature algorithm from alg OID and optional parameters
  */
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                      void **sig_opts )
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                             void **sig_opts)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( *sig_opts != NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (*sig_opts != NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) );
+    if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
+    }
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
+    if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) {
         mbedtls_pk_rsassa_pss_options *pss_opts;
 
-        pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
-        if( pss_opts == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options));
+        if (pss_opts == NULL) {
+            return MBEDTLS_ERR_X509_ALLOC_FAILED;
+        }
 
-        ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
-                                          md_alg,
-                                          &pss_opts->mgf1_hash_id,
-                                          &pss_opts->expected_salt_len );
-        if( ret != 0 )
-        {
-            mbedtls_free( pss_opts );
-            return( ret );
+        ret = mbedtls_x509_get_rsassa_pss_params(sig_params,
+                                                 md_alg,
+                                                 &pss_opts->mgf1_hash_id,
+                                                 &pss_opts->expected_salt_len);
+        if (ret != 0) {
+            mbedtls_free(pss_opts);
+            return ret;
         }
 
         *sig_opts = (void *) pss_opts;
-    }
-    else
+    } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
     {
         /* Make sure parameters are absent or NULL */
-        if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
-              sig_params->len != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
+        if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) ||
+            sig_params->len != 0) {
+            return MBEDTLS_ERR_X509_INVALID_ALG;
+        }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * X.509 Extensions (No parsing of extensions, pointer should
  * be either manually updated or extensions should be parsed!)
  */
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
-                          mbedtls_x509_buf *ext, int tag )
+int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
+                         mbedtls_x509_buf *ext, int tag)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -768,10 +806,11 @@
     /* Extension structure use EXPLICIT tagging. That is, the actual
      * `Extensions` structure is wrapped by a tag-length pair using
      * the respective context-specific tag. */
-    ret = mbedtls_asn1_get_tag( p, end, &ext->len,
-              MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    ret = mbedtls_asn1_get_tag(p, end, &ext->len,
+                               MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
     ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
     ext->p   = *p;
@@ -780,22 +819,24 @@
     /*
      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
      */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( end != *p + len )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (end != *p + len) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Store the name in printable form into buf; no more
  * than size characters will be written
  */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
+int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, j, n;
@@ -804,67 +845,67 @@
     const char *short_name = NULL;
     char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
 
-    memset( s, 0, sizeof( s ) );
+    memset(s, 0, sizeof(s));
 
     name = dn;
     p = buf;
     n = size;
 
-    while( name != NULL )
-    {
-        if( !name->oid.p )
-        {
+    while (name != NULL) {
+        if (!name->oid.p) {
             name = name->next;
             continue;
         }
 
-        if( name != dn )
-        {
-            ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
+        if (name != dn) {
+            ret = mbedtls_snprintf(p, n, merge ? " + " : ", ");
             MBEDTLS_X509_SAFE_SNPRINTF;
         }
 
-        ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
+        ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name);
 
-        if( ret == 0 )
-            ret = mbedtls_snprintf( p, n, "%s=", short_name );
-        else
-            ret = mbedtls_snprintf( p, n, "\?\?=" );
+        if (ret == 0) {
+            ret = mbedtls_snprintf(p, n, "%s=", short_name);
+        } else {
+            ret = mbedtls_snprintf(p, n, "\?\?=");
+        }
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        for( i = 0, j = 0; i < name->val.len; i++, j++ )
-        {
-            if( j >= sizeof( s ) - 1 )
-                return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+        for (i = 0, j = 0; i < name->val.len; i++, j++) {
+            if (j >= sizeof(s) - 1) {
+                return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+            }
 
             c = name->val.p[i];
             // Special characters requiring escaping, RFC 1779
-            if( c && strchr( ",=+<>#;\"\\", c ) )
-            {
-                if( j + 1 >= sizeof( s ) - 1 )
-                    return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+            if (c && strchr(",=+<>#;\"\\", c)) {
+                if (j + 1 >= sizeof(s) - 1) {
+                    return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+                }
                 s[j++] = '\\';
             }
-            if( c < 32 || c >= 127 )
-                 s[j] = '?';
-            else s[j] = c;
+            if (c < 32 || c >= 127) {
+                s[j] = '?';
+            } else {
+                s[j] = c;
+            }
         }
         s[j] = '\0';
-        ret = mbedtls_snprintf( p, n, "%s", s );
+        ret = mbedtls_snprintf(p, n, "%s", s);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
         merge = name->next_merged;
         name = name->next;
     }
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 
 /*
  * Store the serial in printable form into buf; no more
  * than size characters will be written
  */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
+int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i, n, nr;
@@ -873,62 +914,61 @@
     p = buf;
     n = size;
 
-    nr = ( serial->len <= 32 )
+    nr = (serial->len <= 32)
         ? serial->len  : 28;
 
-    for( i = 0; i < nr; i++ )
-    {
-        if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
+    for (i = 0; i < nr; i++) {
+        if (i == 0 && nr > 1 && serial->p[i] == 0x0) {
             continue;
+        }
 
-        ret = mbedtls_snprintf( p, n, "%02X%s",
-                serial->p[i], ( i < nr - 1 ) ? ":" : "" );
+        ret = mbedtls_snprintf(p, n, "%02X%s",
+                               serial->p[i], (i < nr - 1) ? ":" : "");
         MBEDTLS_X509_SAFE_SNPRINTF;
     }
 
-    if( nr != serial->len )
-    {
-        ret = mbedtls_snprintf( p, n, "...." );
+    if (nr != serial->len) {
+        ret = mbedtls_snprintf(p, n, "....");
         MBEDTLS_X509_SAFE_SNPRINTF;
     }
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 /*
  * Helper for writing signature algorithms
  */
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts )
+int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                              mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                              const void *sig_opts)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     char *p = buf;
     size_t n = size;
     const char *desc = NULL;
 
-    ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
-    if( ret != 0 )
-        ret = mbedtls_snprintf( p, n, "???"  );
-    else
-        ret = mbedtls_snprintf( p, n, "%s", desc );
+    ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc);
+    if (ret != 0) {
+        ret = mbedtls_snprintf(p, n, "???");
+    } else {
+        ret = mbedtls_snprintf(p, n, "%s", desc);
+    }
     MBEDTLS_X509_SAFE_SNPRINTF;
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
+    if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
         const mbedtls_pk_rsassa_pss_options *pss_opts;
 
         pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
 
-        const char *name = md_type_to_string( md_alg );
-        const char *mgf_name = md_type_to_string( pss_opts->mgf1_hash_id );
+        const char *name = md_type_to_string(md_alg);
+        const char *mgf_name = md_type_to_string(pss_opts->mgf1_hash_id);
 
-        ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
-                              name ? name : "???",
-                              mgf_name ? mgf_name : "???",
-                              (unsigned int) pss_opts->expected_salt_len );
+        ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)",
+                               name ? name : "???",
+                               mgf_name ? mgf_name : "???",
+                               (unsigned int) pss_opts->expected_salt_len);
         MBEDTLS_X509_SAFE_SNPRINTF;
     }
 #else
@@ -937,23 +977,23 @@
     ((void) sig_opts);
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
-    return( (int)( size - n ) );
+    return (int) (size - n);
 }
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
 /*
  * Helper for writing "RSA key size", "EC key size", etc
  */
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
 {
     char *p = buf;
     size_t n = buf_size;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ret = mbedtls_snprintf( p, n, "%s key size", name );
+    ret = mbedtls_snprintf(p, n, "%s key size", name);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
@@ -961,19 +1001,18 @@
  * Set the time structure to the current time.
  * Return 0 on success, non-zero on failure.
  */
-static int x509_get_current_time( mbedtls_x509_time *now )
+static int x509_get_current_time(mbedtls_x509_time *now)
 {
     struct tm *lt, tm_buf;
     mbedtls_time_t tt;
     int ret = 0;
 
-    tt = mbedtls_time( NULL );
-    lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
+    tt = mbedtls_time(NULL);
+    lt = mbedtls_platform_gmtime_r(&tt, &tm_buf);
 
-    if( lt == NULL )
+    if (lt == NULL) {
         ret = -1;
-    else
-    {
+    } else {
         now->year = lt->tm_year + 1900;
         now->mon  = lt->tm_mon  + 1;
         now->day  = lt->tm_mday;
@@ -982,82 +1021,90 @@
         now->sec  = lt->tm_sec;
     }
 
-    return( ret );
+    return ret;
 }
 
 /*
  * Return 0 if before <= after, 1 otherwise
  */
-static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
+static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after)
 {
-    if( before->year  > after->year )
-        return( 1 );
+    if (before->year  > after->year) {
+        return 1;
+    }
 
-    if( before->year == after->year &&
-        before->mon   > after->mon )
-        return( 1 );
+    if (before->year == after->year &&
+        before->mon   > after->mon) {
+        return 1;
+    }
 
-    if( before->year == after->year &&
+    if (before->year == after->year &&
         before->mon  == after->mon  &&
-        before->day   > after->day )
-        return( 1 );
+        before->day   > after->day) {
+        return 1;
+    }
 
-    if( before->year == after->year &&
+    if (before->year == after->year &&
         before->mon  == after->mon  &&
         before->day  == after->day  &&
-        before->hour  > after->hour )
-        return( 1 );
+        before->hour  > after->hour) {
+        return 1;
+    }
 
-    if( before->year == after->year &&
+    if (before->year == after->year &&
         before->mon  == after->mon  &&
         before->day  == after->day  &&
         before->hour == after->hour &&
-        before->min   > after->min  )
-        return( 1 );
+        before->min   > after->min) {
+        return 1;
+    }
 
-    if( before->year == after->year &&
+    if (before->year == after->year &&
         before->mon  == after->mon  &&
         before->day  == after->day  &&
         before->hour == after->hour &&
         before->min  == after->min  &&
-        before->sec   > after->sec  )
-        return( 1 );
+        before->sec   > after->sec) {
+        return 1;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
 {
     mbedtls_x509_time now;
 
-    if( x509_get_current_time( &now ) != 0 )
-        return( 1 );
+    if (x509_get_current_time(&now) != 0) {
+        return 1;
+    }
 
-    return( x509_check_time( &now, to ) );
+    return x509_check_time(&now, to);
 }
 
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
 {
     mbedtls_x509_time now;
 
-    if( x509_get_current_time( &now ) != 0 )
-        return( 1 );
+    if (x509_get_current_time(&now) != 0) {
+        return 1;
+    }
 
-    return( x509_check_time( from, &now ) );
+    return x509_check_time(from, &now);
 }
 
 #else  /* MBEDTLS_HAVE_TIME_DATE */
 
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
 {
     ((void) to);
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
 {
     ((void) from);
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_X509_USE_C */
diff --git a/library/x509_create.c b/library/x509_create.c
index 056bbaa..50db956 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -31,115 +31,115 @@
 /* Structure linking OIDs for X.509 DN AttributeTypes to their
  * string representations and default string encodings used by Mbed TLS. */
 typedef struct {
-   const char *name; /* String representation of AttributeType, e.g.
-                      * "CN" or "emailAddress". */
-   size_t name_len;  /* Length of 'name', without trailing 0 byte. */
-   const char *oid;  /* String representation of OID of AttributeType,
+    const char *name; /* String representation of AttributeType, e.g.
+                       * "CN" or "emailAddress". */
+    size_t name_len; /* Length of 'name', without trailing 0 byte. */
+    const char *oid; /* String representation of OID of AttributeType,
                       * as per RFC 5280, Appendix A.1. */
-   int default_tag;  /* The default character encoding used for the
+    int default_tag; /* The default character encoding used for the
                       * given attribute type, e.g.
                       * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
 } x509_attr_descriptor_t;
 
-#define ADD_STRLEN( s )     s, sizeof( s ) - 1
+#define ADD_STRLEN(s)     s, sizeof(s) - 1
 
 /* X.509 DN attributes from RFC 5280, Appendix A.1. */
 static const x509_attr_descriptor_t x509_attrs[] =
 {
-    { ADD_STRLEN( "CN" ),
+    { ADD_STRLEN("CN"),
       MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "commonName" ),
+    { ADD_STRLEN("commonName"),
       MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "C" ),
+    { ADD_STRLEN("C"),
       MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "countryName" ),
+    { ADD_STRLEN("countryName"),
       MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "O" ),
+    { ADD_STRLEN("O"),
       MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "organizationName" ),
+    { ADD_STRLEN("organizationName"),
       MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "L" ),
+    { ADD_STRLEN("L"),
       MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "locality" ),
+    { ADD_STRLEN("locality"),
       MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "R" ),
+    { ADD_STRLEN("R"),
       MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
-    { ADD_STRLEN( "OU" ),
+    { ADD_STRLEN("OU"),
       MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "organizationalUnitName" ),
+    { ADD_STRLEN("organizationalUnitName"),
       MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "ST" ),
+    { ADD_STRLEN("ST"),
       MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "stateOrProvinceName" ),
+    { ADD_STRLEN("stateOrProvinceName"),
       MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "emailAddress" ),
+    { ADD_STRLEN("emailAddress"),
       MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING },
-    { ADD_STRLEN( "serialNumber" ),
+    { ADD_STRLEN("serialNumber"),
       MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "postalAddress" ),
+    { ADD_STRLEN("postalAddress"),
       MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "postalCode" ),
+    { ADD_STRLEN("postalCode"),
       MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "dnQualifier" ),
+    { ADD_STRLEN("dnQualifier"),
       MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING },
-    { ADD_STRLEN( "title" ),
+    { ADD_STRLEN("title"),
       MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "surName" ),
+    { ADD_STRLEN("surName"),
       MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "SN" ),
+    { ADD_STRLEN("SN"),
       MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "givenName" ),
+    { ADD_STRLEN("givenName"),
       MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "GN" ),
+    { ADD_STRLEN("GN"),
       MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "initials" ),
+    { ADD_STRLEN("initials"),
       MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "pseudonym" ),
+    { ADD_STRLEN("pseudonym"),
       MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "generationQualifier" ),
+    { ADD_STRLEN("generationQualifier"),
       MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING },
-    { ADD_STRLEN( "domainComponent" ),
+    { ADD_STRLEN("domainComponent"),
       MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING },
-    { ADD_STRLEN( "DC" ),
+    { ADD_STRLEN("DC"),
       MBEDTLS_OID_DOMAIN_COMPONENT,   MBEDTLS_ASN1_IA5_STRING },
     { NULL, 0, NULL, MBEDTLS_ASN1_NULL }
 };
 
-static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len )
+static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len)
 {
     const x509_attr_descriptor_t *cur;
 
-    for( cur = x509_attrs; cur->name != NULL; cur++ )
-        if( cur->name_len == name_len &&
-            strncmp( cur->name, name, name_len ) == 0 )
+    for (cur = x509_attrs; cur->name != NULL; cur++) {
+        if (cur->name_len == name_len &&
+            strncmp(cur->name, name, name_len) == 0) {
             break;
+        }
+    }
 
-    if ( cur->name == NULL )
-        return( NULL );
+    if (cur->name == NULL) {
+        return NULL;
+    }
 
-    return( cur );
+    return cur;
 }
 
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
 {
     int ret = 0;
     const char *s = name, *c = s;
-    const char *end = s + strlen( s );
+    const char *end = s + strlen(s);
     const char *oid = NULL;
-    const x509_attr_descriptor_t* attr_descr = NULL;
+    const x509_attr_descriptor_t *attr_descr = NULL;
     int in_tag = 1;
     char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
     char *d = data;
 
     /* Clear existing chain if present */
-    mbedtls_asn1_free_named_data_list( head );
+    mbedtls_asn1_free_named_data_list(head);
 
-    while( c <= end )
-    {
-        if( in_tag && *c == '=' )
-        {
-            if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL )
-            {
+    while (c <= end) {
+        if (in_tag && *c == '=') {
+            if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) {
                 ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
                 goto exit;
             }
@@ -150,45 +150,39 @@
             d = data;
         }
 
-        if( !in_tag && *c == '\\' && c != end )
-        {
+        if (!in_tag && *c == '\\' && c != end) {
             c++;
 
             /* Check for valid escaped characters */
-            if( c == end || *c != ',' )
-            {
+            if (c == end || *c != ',') {
                 ret = MBEDTLS_ERR_X509_INVALID_NAME;
                 goto exit;
             }
-        }
-        else if( !in_tag && ( *c == ',' || c == end ) )
-        {
-            mbedtls_asn1_named_data* cur =
-                mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
-                                               (unsigned char *) data,
-                                               d - data );
+        } else if (!in_tag && (*c == ',' || c == end)) {
+            mbedtls_asn1_named_data *cur =
+                mbedtls_asn1_store_named_data(head, oid, strlen(oid),
+                                              (unsigned char *) data,
+                                              d - data);
 
-            if(cur == NULL )
-            {
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+            if (cur == NULL) {
+                return MBEDTLS_ERR_X509_ALLOC_FAILED;
             }
 
             // set tagType
             cur->val.tag = attr_descr->default_tag;
 
-            while( c < end && *(c + 1) == ' ' )
+            while (c < end && *(c + 1) == ' ') {
                 c++;
+            }
 
             s = c + 1;
             in_tag = 1;
         }
 
-        if( !in_tag && s != c + 1 )
-        {
+        if (!in_tag && s != c + 1) {
             *(d++) = *c;
 
-            if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
-            {
+            if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
                 ret = MBEDTLS_ERR_X509_INVALID_NAME;
                 goto exit;
             }
@@ -199,27 +193,26 @@
 
 exit:
 
-    return( ret );
+    return ret;
 }
 
 /* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
  * to store the critical boolean for us
  */
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                        int critical, const unsigned char *val, size_t val_len )
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                               int critical, const unsigned char *val, size_t val_len)
 {
     mbedtls_asn1_named_data *cur;
 
-    if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
-                                       NULL, val_len + 1 ) ) == NULL )
-    {
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+    if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len,
+                                             NULL, val_len + 1)) == NULL) {
+        return MBEDTLS_ERR_X509_ALLOC_FAILED;
     }
 
     cur->val.p[0] = critical;
-    memcpy( cur->val.p + 1, val, val_len );
+    memcpy(cur->val.p + 1, val, val_len);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -234,115 +227,117 @@
  *
  *  AttributeValue ::= ANY DEFINED BY AttributeType
  */
-static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name)
+static int x509_write_name(unsigned char **p,
+                           unsigned char *start,
+                           mbedtls_asn1_named_data *cur_name)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
-    const char *oid             = (const char*)cur_name->oid.p;
+    const char *oid             = (const char *) cur_name->oid.p;
     size_t oid_len              = cur_name->oid.len;
     const unsigned char *name   = cur_name->val.p;
     size_t name_len             = cur_name->val.len;
 
     // Write correct string tag and value
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start,
-                                                       cur_name->val.tag,
-                                                       (const char *) name,
-                                                       name_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start,
+                                                               cur_name->val.tag,
+                                                               (const char *) name,
+                                                               name_len));
     // Write OID
     //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid,
-                                                       oid_len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid,
+                                                     oid_len));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                                    MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                                 MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SET ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SET));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
-                              mbedtls_asn1_named_data *first )
+int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
+                             mbedtls_asn1_named_data *first)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     mbedtls_asn1_named_data *cur = first;
 
-    while( cur != NULL )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) );
+    while (cur != NULL) {
+        MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur));
         cur = cur->next;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len,
-                    unsigned char *sig, size_t size )
+int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
+                           const char *oid, size_t oid_len,
+                           unsigned char *sig, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( *p < start || (size_t)( *p - start ) < size )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p < start || (size_t) (*p - start) < size) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = size;
     (*p) -= len;
-    memcpy( *p, sig, len );
+    memcpy(*p, sig, len);
 
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    if (*p - start < 1) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *--(*p) = 0;
     len += 1;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
 
     // Write OID
     //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid,
-                                                        oid_len, 0 ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid,
+                                                                      oid_len, 0));
 
-    return( (int) len );
+    return (int) len;
 }
 
-static int x509_write_extension( unsigned char **p, unsigned char *start,
-                                 mbedtls_asn1_named_data *ext )
+static int x509_write_extension(unsigned char **p, unsigned char *start,
+                                mbedtls_asn1_named_data *ext)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1,
-                                              ext->val.len - 1 ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1,
+                                                            ext->val.len - 1));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
 
-    if( ext->val.p[0] != 0 )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) );
+    if (ext->val.p[0] != 0) {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1));
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p,
-                                              ext->oid.len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p,
+                                                            ext->oid.len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
 /*
@@ -355,20 +350,19 @@
  *                 -- by extnID
  *     }
  */
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
-                           mbedtls_asn1_named_data *first )
+int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
+                                  mbedtls_asn1_named_data *first)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
     mbedtls_asn1_named_data *cur_ext = first;
 
-    while( cur_ext != NULL )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
+    while (cur_ext != NULL) {
+        MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext));
         cur_ext = cur_ext->next;
     }
 
-    return( (int) len );
+    return (int) len;
 }
 
 #endif /* MBEDTLS_X509_CREATE_C */
diff --git a/library/x509_crl.c b/library/x509_crl.c
index dc2d2e3..f644203 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -59,24 +59,22 @@
 /*
  *  Version  ::=  INTEGER  {  v1(0), v2(1)  }
  */
-static int x509_crl_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
+static int x509_crl_get_version(unsigned char **p,
+                                const unsigned char *end,
+                                int *ver)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
+    if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
             *ver = 0;
-            return( 0 );
+            return 0;
         }
 
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -86,26 +84,27 @@
  * list of extensions is well-formed and abort on critical extensions (that
  * are unsupported as we don't support any extension so far)
  */
-static int x509_get_crl_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_buf *ext )
+static int x509_get_crl_ext(unsigned char **p,
+                            const unsigned char *end,
+                            mbedtls_x509_buf *ext)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( *p == end )
-        return( 0 );
+    if (*p == end) {
+        return 0;
+    }
 
     /*
      * crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
      *                              -- if present, version MUST be v2
      */
-    if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) {
+        return ret;
+    }
 
     end = ext->p + ext->len;
 
-    while( *p < end )
-    {
+    while (*p < end) {
         /*
          * Extension  ::=  SEQUENCE  {
          *      extnID      OBJECT IDENTIFIER,
@@ -117,65 +116,69 @@
         size_t len;
 
         /* Get enclosing sequence tag */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         end_ext_data = *p + len;
 
         /* Get OID (currently ignored) */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                                          MBEDTLS_ASN1_OID ) ) != 0 )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+                                        MBEDTLS_ASN1_OID)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
         }
         *p += len;
 
         /* Get optional critical */
-        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
-                                           &is_critical ) ) != 0 &&
-            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_bool(p, end_ext_data,
+                                         &is_critical)) != 0 &&
+            (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
         }
 
         /* Data should be octet string type */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+                                        MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         /* Ignore data so far and just check its length */
         *p += len;
-        if( *p != end_ext_data )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (*p != end_ext_data) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
 
         /* Abort on (unsupported) critical extensions */
-        if( is_critical )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+        if (is_critical) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+        }
     }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
  */
-static int x509_get_crl_entry_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_buf *ext )
+static int x509_get_crl_entry_ext(unsigned char **p,
+                                  const unsigned char *end,
+                                  mbedtls_x509_buf *ext)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
     /* OPTIONAL */
-    if( end <= *p )
-        return( 0 );
+    if (end <= *p) {
+        return 0;
+    }
 
     ext->tag = **p;
     ext->p = *p;
@@ -184,110 +187,112 @@
      * Get CRL-entry extension sequence header
      * crlEntryExtensions      Extensions OPTIONAL  -- if present, MUST be v2
      */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
+    if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
             ext->p = NULL;
-            return( 0 );
+            return 0;
         }
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
     end = *p + ext->len;
 
-    if( end != *p + ext->len )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (end != *p + ext->len) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    while( *p < end )
-    {
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    while (*p < end) {
+        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         *p += len;
     }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * X.509 CRL Entries
  */
-static int x509_get_entries( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_crl_entry *entry )
+static int x509_get_entries(unsigned char **p,
+                            const unsigned char *end,
+                            mbedtls_x509_crl_entry *entry)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t entry_len;
     mbedtls_x509_crl_entry *cur_entry = entry;
 
-    if( *p == end )
-        return( 0 );
+    if (*p == end) {
+        return 0;
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
-            MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
+                                    MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            return 0;
+        }
 
-        return( ret );
+        return ret;
     }
 
     end = *p + entry_len;
 
-    while( *p < end )
-    {
+    while (*p < end) {
         size_t len2;
         const unsigned char *end2;
 
         cur_entry->raw.tag = **p;
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
-                MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
-        {
-            return( ret );
+        if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
+                                        MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
+            return ret;
         }
 
         cur_entry->raw.p = *p;
         cur_entry->raw.len = len2;
         end2 = *p + len2;
 
-        if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) {
+            return ret;
+        }
 
-        if( ( ret = mbedtls_x509_get_time( p, end2,
-                                   &cur_entry->revocation_date ) ) != 0 )
-            return( ret );
+        if ((ret = mbedtls_x509_get_time(p, end2,
+                                         &cur_entry->revocation_date)) != 0) {
+            return ret;
+        }
 
-        if( ( ret = x509_get_crl_entry_ext( p, end2,
-                                            &cur_entry->entry_ext ) ) != 0 )
-            return( ret );
+        if ((ret = x509_get_crl_entry_ext(p, end2,
+                                          &cur_entry->entry_ext)) != 0) {
+            return ret;
+        }
 
-        if( *p < end )
-        {
-            cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
+        if (*p < end) {
+            cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
 
-            if( cur_entry->next == NULL )
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+            if (cur_entry->next == NULL) {
+                return MBEDTLS_ERR_X509_ALLOC_FAILED;
+            }
 
             cur_entry = cur_entry->next;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse one  CRLs in DER format and append it to the chained list
  */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
-                        const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
+                               const unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -298,44 +303,46 @@
     /*
      * Check for valid input
      */
-    if( crl == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (crl == NULL || buf == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+    memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
+    memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
+    memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
 
     /*
      * Add new CRL on the end of the chain if needed.
      */
-    while( crl->version != 0 && crl->next != NULL )
+    while (crl->version != 0 && crl->next != NULL) {
         crl = crl->next;
+    }
 
-    if( crl->version != 0 && crl->next == NULL )
-    {
-        crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
+    if (crl->version != 0 && crl->next == NULL) {
+        crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
 
-        if( crl->next == NULL )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        if (crl->next == NULL) {
+            mbedtls_x509_crl_free(crl);
+            return MBEDTLS_ERR_X509_ALLOC_FAILED;
         }
 
-        mbedtls_x509_crl_init( crl->next );
+        mbedtls_x509_crl_init(crl->next);
         crl = crl->next;
     }
 
     /*
      * Copy raw DER-encoded CRL
      */
-    if( buflen == 0 )
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    if (buflen == 0) {
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
+    }
 
-    p = mbedtls_calloc( 1, buflen );
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+    p = mbedtls_calloc(1, buflen);
+    if (p == NULL) {
+        return MBEDTLS_ERR_X509_ALLOC_FAILED;
+    }
 
-    memcpy( p, buf, buflen );
+    memcpy(p, buf, buflen);
 
     crl->raw.p = p;
     crl->raw.len = buflen;
@@ -348,18 +355,16 @@
      *      signatureAlgorithm   AlgorithmIdentifier,
      *      signatureValue       BIT STRING  }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
     }
 
-    if( len != (size_t) ( end - p ) )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (len != (size_t) (end - p)) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     /*
@@ -367,11 +372,10 @@
      */
     crl->tbs.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     end = p + len;
@@ -383,27 +387,24 @@
      *
      * signature            AlgorithmIdentifier
      */
-    if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
-        ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
+        (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
-    if( crl->version < 0 || crl->version > 1 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    if (crl->version < 0 || crl->version > 1) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
     }
 
     crl->version++;
 
-    if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
-                                  &crl->sig_md, &crl->sig_pk,
-                                  &crl->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+    if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
+                                        &crl->sig_md, &crl->sig_pk,
+                                        &crl->sig_opts)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
     }
 
     /*
@@ -411,17 +412,15 @@
      */
     crl->issuer_raw.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
     crl->issuer_raw.len = p - crl->issuer_raw.p;
@@ -430,21 +429,18 @@
      * thisUpdate          Time
      * nextUpdate          Time OPTIONAL
      */
-    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
-    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
-    {
-        if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
-                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) &&
-            ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
-                        MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( ret );
+    if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
+        if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+                                      MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) &&
+            ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+                                      MBEDTLS_ERR_ASN1_OUT_OF_DATA))) {
+            mbedtls_x509_crl_free(crl);
+            return ret;
         }
     }
 
@@ -456,32 +452,28 @@
      *                                   -- if present, MUST be v2
      *                        } OPTIONAL
      */
-    if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
     /*
      * crlExtensions          EXPLICIT Extensions OPTIONAL
      *                              -- if present, MUST be v2
      */
-    if( crl->version == 2 )
-    {
-        ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
+    if (crl->version == 2) {
+        ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
 
-        if( ret != 0 )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( ret );
+        if (ret != 0) {
+            mbedtls_x509_crl_free(crl);
+            return ret;
         }
     }
 
-    if( p != end )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     end = crl->raw.p + crl->raw.len;
@@ -490,42 +482,38 @@
      *  signatureAlgorithm   AlgorithmIdentifier,
      *  signatureValue       BIT STRING
      */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
-    if( crl->sig_oid.len != sig_oid2.len ||
-        memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
+    if (crl->sig_oid.len != sig_oid2.len ||
+        memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
         sig_params1.len != sig_params2.len ||
-        ( sig_params1.len != 0 &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+        (sig_params1.len != 0 &&
+         memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERR_X509_SIG_MISMATCH;
     }
 
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
+    if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
+        mbedtls_x509_crl_free(crl);
+        return ret;
     }
 
-    if( p != end )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_x509_crl_free(crl);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse one or more CRLs and add them to the chained list
  */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
 {
 #if defined(MBEDTLS_PEM_PARSE_C)
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -533,25 +521,25 @@
     mbedtls_pem_context pem;
     int is_pem = 0;
 
-    if( chain == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (chain == NULL || buf == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    do
-    {
-        mbedtls_pem_init( &pem );
+    do {
+        mbedtls_pem_init(&pem);
 
         // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
         // string
-        if( buflen == 0 || buf[buflen - 1] != '\0' )
+        if (buflen == 0 || buf[buflen - 1] != '\0') {
             ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-        else
-            ret = mbedtls_pem_read_buffer( &pem,
-                                           "-----BEGIN X509 CRL-----",
-                                           "-----END X509 CRL-----",
-                                            buf, NULL, 0, &use_len );
+        } else {
+            ret = mbedtls_pem_read_buffer(&pem,
+                                          "-----BEGIN X509 CRL-----",
+                                          "-----END X509 CRL-----",
+                                          buf, NULL, 0, &use_len);
+        }
 
-        if( ret == 0 )
-        {
+        if (ret == 0) {
             /*
              * Was PEM encoded
              */
@@ -560,51 +548,49 @@
             buflen -= use_len;
             buf += use_len;
 
-            if( ( ret = mbedtls_x509_crl_parse_der( chain,
-                                            pem.buf, pem.buflen ) ) != 0 )
-            {
-                mbedtls_pem_free( &pem );
-                return( ret );
+            if ((ret = mbedtls_x509_crl_parse_der(chain,
+                                                  pem.buf, pem.buflen)) != 0) {
+                mbedtls_pem_free(&pem);
+                return ret;
             }
-        }
-        else if( is_pem )
-        {
-            mbedtls_pem_free( &pem );
-            return( ret );
+        } else if (is_pem) {
+            mbedtls_pem_free(&pem);
+            return ret;
         }
 
-        mbedtls_pem_free( &pem );
+        mbedtls_pem_free(&pem);
     }
     /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
      * And a valid CRL cannot be less than 1 byte anyway. */
-    while( is_pem && buflen > 1 );
+    while (is_pem && buflen > 1);
 
-    if( is_pem )
-        return( 0 );
-    else
+    if (is_pem) {
+        return 0;
+    } else
 #endif /* MBEDTLS_PEM_PARSE_C */
-        return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
+    return mbedtls_x509_crl_parse_der(chain, buf, buflen);
 }
 
 #if defined(MBEDTLS_FS_IO)
 /*
  * Load one or more CRLs and add them to the chained list
  */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
+int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_x509_crl_parse( chain, buf, n );
+    ret = mbedtls_x509_crl_parse(chain, buf, n);
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -617,8 +603,8 @@
 /*
  * Return an informational string about the CRL.
  */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crl *crl )
+int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
+                          const mbedtls_x509_crl *crl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
@@ -628,116 +614,113 @@
     p = buf;
     n = size;
 
-    ret = mbedtls_snprintf( p, n, "%sCRL version   : %d",
-                               prefix, crl->version );
+    ret = mbedtls_snprintf(p, n, "%sCRL version   : %d",
+                           prefix, crl->version);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%sissuer name   : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%sissuer name   : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
+    ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%sthis update   : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crl->this_update.year, crl->this_update.mon,
-                   crl->this_update.day,  crl->this_update.hour,
-                   crl->this_update.min,  crl->this_update.sec );
+    ret = mbedtls_snprintf(p, n, "\n%sthis update   : " \
+                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                           crl->this_update.year, crl->this_update.mon,
+                           crl->this_update.day,  crl->this_update.hour,
+                           crl->this_update.min,  crl->this_update.sec);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%snext update   : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crl->next_update.year, crl->next_update.mon,
-                   crl->next_update.day,  crl->next_update.hour,
-                   crl->next_update.min,  crl->next_update.sec );
+    ret = mbedtls_snprintf(p, n, "\n%snext update   : " \
+                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                           crl->next_update.year, crl->next_update.mon,
+                           crl->next_update.day,  crl->next_update.hour,
+                           crl->next_update.min,  crl->next_update.sec);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     entry = &crl->entry;
 
-    ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
-                               prefix );
+    ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:",
+                           prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    while( entry != NULL && entry->raw.len != 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
-                               prefix );
+    while (entry != NULL && entry->raw.len != 0) {
+        ret = mbedtls_snprintf(p, n, "\n%sserial number: ",
+                               prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
+        ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        ret = mbedtls_snprintf( p, n, " revocation date: " \
-                   "%04d-%02d-%02d %02d:%02d:%02d",
-                   entry->revocation_date.year, entry->revocation_date.mon,
-                   entry->revocation_date.day,  entry->revocation_date.hour,
-                   entry->revocation_date.min,  entry->revocation_date.sec );
+        ret = mbedtls_snprintf(p, n, " revocation date: " \
+                                     "%04d-%02d-%02d %02d:%02d:%02d",
+                               entry->revocation_date.year, entry->revocation_date.mon,
+                               entry->revocation_date.day,  entry->revocation_date.hour,
+                               entry->revocation_date.min,  entry->revocation_date.sec);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
         entry = entry->next;
     }
 
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%ssigned using  : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
-                             crl->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
+                                    crl->sig_opts);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n" );
+    ret = mbedtls_snprintf(p, n, "\n");
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
 /*
  * Initialize a CRL chain
  */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
+void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
 {
-    memset( crl, 0, sizeof(mbedtls_x509_crl) );
+    memset(crl, 0, sizeof(mbedtls_x509_crl));
 }
 
 /*
  * Unallocate all CRL data
  */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
+void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
 {
     mbedtls_x509_crl *crl_cur = crl;
     mbedtls_x509_crl *crl_prv;
     mbedtls_x509_crl_entry *entry_cur;
     mbedtls_x509_crl_entry *entry_prv;
 
-    while( crl_cur != NULL )
-    {
+    while (crl_cur != NULL) {
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free( crl_cur->sig_opts );
+        mbedtls_free(crl_cur->sig_opts);
 #endif
 
-        mbedtls_asn1_free_named_data_list_shallow( crl_cur->issuer.next );
+        mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next);
 
         entry_cur = crl_cur->entry.next;
-        while( entry_cur != NULL )
-        {
+        while (entry_cur != NULL) {
             entry_prv = entry_cur;
             entry_cur = entry_cur->next;
-            mbedtls_platform_zeroize( entry_prv,
-                                      sizeof( mbedtls_x509_crl_entry ) );
-            mbedtls_free( entry_prv );
+            mbedtls_platform_zeroize(entry_prv,
+                                     sizeof(mbedtls_x509_crl_entry));
+            mbedtls_free(entry_prv);
         }
 
-        if( crl_cur->raw.p != NULL )
-        {
-            mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
-            mbedtls_free( crl_cur->raw.p );
+        if (crl_cur->raw.p != NULL) {
+            mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len);
+            mbedtls_free(crl_cur->raw.p);
         }
 
         crl_prv = crl_cur;
         crl_cur = crl_cur->next;
 
-        mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
-        if( crl_prv != crl )
-            mbedtls_free( crl_prv );
+        mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
+        if (crl_prv != crl) {
+            mbedtls_free(crl_prv);
+        }
     }
 }
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0eee97c..0330097 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -89,7 +89,7 @@
 /*
  * Max size of verification chain: end-entity + intermediates + trusted root
  */
-#define X509_MAX_VERIFY_CHAIN_SIZE    ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+#define X509_MAX_VERIFY_CHAIN_SIZE    (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
 
 /* Default profile. Do not remove items unless there are serious security
  * concerns. */
@@ -97,19 +97,19 @@
 {
     /* Hashes from SHA-256 and above. Note that this selection
      * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
     0xFFFFFFF, /* Any PK alg    */
 #if defined(MBEDTLS_ECP_C)
     /* Curves at or above 128-bit security level. Note that this selection
      * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
     0,
 #else
     0,
@@ -122,19 +122,19 @@
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
 {
     /* Hashes from SHA-256 and above. */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
     0xFFFFFFF, /* Any PK alg    */
 #if defined(MBEDTLS_ECP_C)
     /* Curves at or above 128-bit security level. */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1),
 #else
     0,
 #endif
@@ -147,15 +147,15 @@
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
 {
     /* Only SHA-256 and 384 */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384),
     /* Only ECDSA */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
 #if defined(MBEDTLS_ECP_C)
     /* Only NIST P-256 and P-384 */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
+    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
 #else
     0,
 #endif
@@ -177,133 +177,136 @@
  * Check md_alg against profile
  * Return 0 if md_alg is acceptable for this profile, -1 otherwise
  */
-static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
-                                      mbedtls_md_type_t md_alg )
+static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
+                                     mbedtls_md_type_t md_alg)
 {
-    if( md_alg == MBEDTLS_MD_NONE )
-        return( -1 );
+    if (md_alg == MBEDTLS_MD_NONE) {
+        return -1;
+    }
 
-    if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
-        return( 0 );
+    if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) {
+        return 0;
+    }
 
-    return( -1 );
+    return -1;
 }
 
 /*
  * Check pk_alg against profile
  * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
  */
-static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
-                                      mbedtls_pk_type_t pk_alg )
+static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
+                                     mbedtls_pk_type_t pk_alg)
 {
-    if( pk_alg == MBEDTLS_PK_NONE )
-        return( -1 );
+    if (pk_alg == MBEDTLS_PK_NONE) {
+        return -1;
+    }
 
-    if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
-        return( 0 );
+    if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) {
+        return 0;
+    }
 
-    return( -1 );
+    return -1;
 }
 
 /*
  * Check key against profile
  * Return 0 if pk is acceptable for this profile, -1 otherwise
  */
-static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
-                                   const mbedtls_pk_context *pk )
+static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
+                                  const mbedtls_pk_context *pk)
 {
-    const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
+    const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
 
 #if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
-        if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
-            return( 0 );
+    if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+        if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
+            return 0;
+        }
 
-        return( -1 );
+        return -1;
     }
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECDSA ||
+    if (pk_alg == MBEDTLS_PK_ECDSA ||
         pk_alg == MBEDTLS_PK_ECKEY ||
-        pk_alg == MBEDTLS_PK_ECKEY_DH )
-    {
-        const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+        pk_alg == MBEDTLS_PK_ECKEY_DH) {
+        const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id;
 
-        if( gid == MBEDTLS_ECP_DP_NONE )
-            return( -1 );
+        if (gid == MBEDTLS_ECP_DP_NONE) {
+            return -1;
+        }
 
-        if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
-            return( 0 );
+        if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) {
+            return 0;
+        }
 
-        return( -1 );
+        return -1;
     }
 #endif
 
-    return( -1 );
+    return -1;
 }
 
 /*
  * Like memcmp, but case-insensitive and always returns -1 if different
  */
-static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
+static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
 {
     size_t i;
     unsigned char diff;
     const unsigned char *n1 = s1, *n2 = s2;
 
-    for( i = 0; i < len; i++ )
-    {
+    for (i = 0; i < len; i++) {
         diff = n1[i] ^ n2[i];
 
-        if( diff == 0 )
-            continue;
-
-        if( diff == 32 &&
-            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
-              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
-        {
+        if (diff == 0) {
             continue;
         }
 
-        return( -1 );
+        if (diff == 32 &&
+            ((n1[i] >= 'a' && n1[i] <= 'z') ||
+             (n1[i] >= 'A' && n1[i] <= 'Z'))) {
+            continue;
+        }
+
+        return -1;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Return 0 if name matches wildcard, -1 otherwise
  */
-static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name )
+static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
 {
     size_t i;
-    size_t cn_idx = 0, cn_len = strlen( cn );
+    size_t cn_idx = 0, cn_len = strlen(cn);
 
     /* We can't have a match if there is no wildcard to match */
-    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
-        return( -1 );
+    if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') {
+        return -1;
+    }
 
-    for( i = 0; i < cn_len; ++i )
-    {
-        if( cn[i] == '.' )
-        {
+    for (i = 0; i < cn_len; ++i) {
+        if (cn[i] == '.') {
             cn_idx = i;
             break;
         }
     }
 
-    if( cn_idx == 0 )
-        return( -1 );
-
-    if( cn_len - cn_idx == name->len - 1 &&
-        x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
-    {
-        return( 0 );
+    if (cn_idx == 0) {
+        return -1;
     }
 
-    return( -1 );
+    if (cn_len - cn_idx == name->len - 1 &&
+        x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) {
+        return 0;
+    }
+
+    return -1;
 }
 
 /*
@@ -312,24 +315,22 @@
  *
  * Return 0 if equal, -1 otherwise.
  */
-static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
+static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
 {
-    if( a->tag == b->tag &&
+    if (a->tag == b->tag &&
         a->len == b->len &&
-        memcmp( a->p, b->p, b->len ) == 0 )
-    {
-        return( 0 );
+        memcmp(a->p, b->p, b->len) == 0) {
+        return 0;
     }
 
-    if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
-        ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+    if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
+        (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
         a->len == b->len &&
-        x509_memcasecmp( a->p, b->p, b->len ) == 0 )
-    {
-        return( 0 );
+        x509_memcasecmp(a->p, b->p, b->len) == 0) {
+        return 0;
     }
 
-    return( -1 );
+    return -1;
 }
 
 /*
@@ -342,48 +343,48 @@
  *
  * Return 0 if equal, -1 otherwise.
  */
-static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
+static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
 {
     /* Avoid recursion, it might not be optimised by the compiler */
-    while( a != NULL || b != NULL )
-    {
-        if( a == NULL || b == NULL )
-            return( -1 );
+    while (a != NULL || b != NULL) {
+        if (a == NULL || b == NULL) {
+            return -1;
+        }
 
         /* type */
-        if( a->oid.tag != b->oid.tag ||
+        if (a->oid.tag != b->oid.tag ||
             a->oid.len != b->oid.len ||
-            memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
-        {
-            return( -1 );
+            memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) {
+            return -1;
         }
 
         /* value */
-        if( x509_string_cmp( &a->val, &b->val ) != 0 )
-            return( -1 );
+        if (x509_string_cmp(&a->val, &b->val) != 0) {
+            return -1;
+        }
 
         /* structure of the list of sets */
-        if( a->next_merged != b->next_merged )
-            return( -1 );
+        if (a->next_merged != b->next_merged) {
+            return -1;
+        }
 
         a = a->next;
         b = b->next;
     }
 
     /* a == NULL == b */
-    return( 0 );
+    return 0;
 }
 
 /*
  * Reset (init or clear) a verify_chain
  */
 static void x509_crt_verify_chain_reset(
-    mbedtls_x509_crt_verify_chain *ver_chain )
+    mbedtls_x509_crt_verify_chain *ver_chain)
 {
     size_t i;
 
-    for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
-    {
+    for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) {
         ver_chain->items[i].crt = NULL;
         ver_chain->items[i].flags = (uint32_t) -1;
     }
@@ -398,35 +399,36 @@
 /*
  *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
  */
-static int x509_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
+static int x509_get_version(unsigned char **p,
+                            const unsigned char *end,
+                            int *ver)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    0)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
             *ver = 0;
-            return( 0 );
+            return 0;
         }
 
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     end = *p + len;
 
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+    if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
+    }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -434,66 +436,72 @@
  *       notBefore      Time,
  *       notAfter       Time }
  */
-static int x509_get_dates( unsigned char **p,
-                           const unsigned char *end,
-                           mbedtls_x509_time *from,
-                           mbedtls_x509_time *to )
+static int x509_get_dates(unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_x509_time *from,
+                          mbedtls_x509_time *to)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
+    }
 
     end = *p + len;
 
-    if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) {
+        return ret;
+    }
 
-    if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) {
+        return ret;
+    }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * X.509 v2/v3 unique identifier (not parsed)
  */
-static int x509_get_uid( unsigned char **p,
-                         const unsigned char *end,
-                         mbedtls_x509_buf *uid, int n )
+static int x509_get_uid(unsigned char **p,
+                        const unsigned char *end,
+                        mbedtls_x509_buf *uid, int n)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( *p == end )
-        return( 0 );
+    if (*p == end) {
+        return 0;
+    }
 
     uid->tag = **p;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len,
+                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+                                    n)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            return 0;
+        }
 
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     uid->p = *p;
     *p += uid->len;
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_get_basic_constraints( unsigned char **p,
-                                       const unsigned char *end,
-                                       int *ca_istrue,
-                                       int *max_pathlen )
+static int x509_get_basic_constraints(unsigned char **p,
+                                      const unsigned char *end,
+                                      int *ca_istrue,
+                                      int *max_pathlen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
@@ -506,88 +514,99 @@
     *ca_istrue = 0; /* DEFAULT FALSE */
     *max_pathlen = 0; /* endless */
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
-
-    if( *p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            ret = mbedtls_asn1_get_int( p, end, ca_istrue );
-
-        if( ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
-
-        if( *ca_istrue != 0 )
-            *ca_istrue = 1;
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
-    if( *p == end )
-        return( 0 );
+    if (*p == end) {
+        return 0;
+    }
 
-    if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+            ret = mbedtls_asn1_get_int(p, end, ca_istrue);
+        }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (ret != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
+
+        if (*ca_istrue != 0) {
+            *ca_istrue = 1;
+        }
+    }
+
+    if (*p == end) {
+        return 0;
+    }
+
+    if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
+
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
     /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
      * overflow, which is an undefined behavior. */
-    if( *max_pathlen == INT_MAX )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+    if (*max_pathlen == INT_MAX) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+    }
 
     (*max_pathlen)++;
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_get_ns_cert_type( unsigned char **p,
-                                       const unsigned char *end,
-                                       unsigned char *ns_cert_type)
+static int x509_get_ns_cert_type(unsigned char **p,
+                                 const unsigned char *end,
+                                 unsigned char *ns_cert_type)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_x509_bitstring bs = { 0, 0, NULL };
 
-    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( bs.len != 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+    if (bs.len != 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+    }
 
     /* Get actual bitstring */
     *ns_cert_type = *bs.p;
-    return( 0 );
+    return 0;
 }
 
-static int x509_get_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               unsigned int *key_usage)
+static int x509_get_key_usage(unsigned char **p,
+                              const unsigned char *end,
+                              unsigned int *key_usage)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
     mbedtls_x509_bitstring bs = { 0, 0, NULL };
 
-    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( bs.len < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+    if (bs.len < 1) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+    }
 
     /* Get actual bitstring */
     *key_usage = 0;
-    for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
-    {
+    for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) {
         *key_usage |= (unsigned int) bs.p[i] << (8*i);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -595,21 +614,23 @@
  *
  * KeyPurposeId ::= OBJECT IDENTIFIER
  */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
+static int x509_get_ext_key_usage(unsigned char **p,
+                                  const unsigned char *end,
+                                  mbedtls_x509_sequence *ext_key_usage)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
     /* Sequence length must be >= 1 */
-    if( ext_key_usage->buf.p == NULL )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
+    if (ext_key_usage->buf.p == NULL) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -639,9 +660,9 @@
  * NOTE: we list all types, but only use dNSName and otherName
  * of type HwModuleName, as defined in RFC 4108, at this point.
  */
-static int x509_get_subject_alt_name( unsigned char **p,
-                                      const unsigned char *end,
-                                      mbedtls_x509_sequence *subject_alt_name )
+static int x509_get_subject_alt_name(unsigned char **p,
+                                     const unsigned char *end,
+                                     mbedtls_x509_sequence *subject_alt_name)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len, tag_len;
@@ -650,57 +671,58 @@
     mbedtls_asn1_sequence *cur = subject_alt_name;
 
     /* Get main sequence tag */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p + len != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    while( *p < end )
-    {
+    while (*p < end) {
         mbedtls_x509_subject_alternative_name dummy_san_buf;
-        memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );
+        memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
 
         tag = **p;
         (*p)++;
-        if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
-        if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
-                MBEDTLS_ASN1_CONTEXT_SPECIFIC )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+        if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
         }
 
         /*
          * Check that the SAN is structured correctly.
          */
-        ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
+        ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf);
         /*
          * In case the extension is malformed, return an error,
          * and clear the allocated sequences.
          */
-        if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
-        {
-            mbedtls_asn1_sequence_free( subject_alt_name->next );
+        if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+            mbedtls_asn1_sequence_free(subject_alt_name->next);
             subject_alt_name->next = NULL;
-            return( ret );
+            return ret;
         }
 
         /* Allocate and assign next pointer */
-        if( cur->buf.p != NULL )
-        {
-            if( cur->next != NULL )
-                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+        if (cur->buf.p != NULL) {
+            if (cur->next != NULL) {
+                return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+            }
 
-            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+            cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
 
-            if( cur->next == NULL )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                        MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
+            if (cur->next == NULL) {
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                         MBEDTLS_ERR_ASN1_ALLOC_FAILED);
+            }
 
             cur = cur->next;
         }
@@ -715,11 +737,12 @@
     /* Set final sequence entry's next pointer to NULL */
     cur->next = NULL;
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -771,9 +794,9 @@
  * NOTE: we only parse and use anyPolicy without qualifiers at this point
  * as defined in RFC 5280.
  */
-static int x509_get_certificate_policies( unsigned char **p,
-                                          const unsigned char *end,
-                                          mbedtls_x509_sequence *certificate_policies )
+static int x509_get_certificate_policies(unsigned char **p,
+                                         const unsigned char *end,
+                                         mbedtls_x509_sequence *certificate_policies)
 {
     int ret, parse_ret = 0;
     size_t len;
@@ -781,39 +804,43 @@
     mbedtls_asn1_sequence *cur = certificate_policies;
 
     /* Get main sequence tag */
-    ret = mbedtls_asn1_get_tag( p, end, &len,
-                             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    ret = mbedtls_asn1_get_tag(p, end, &len,
+                               MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    if (ret != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p + len != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
     /*
      * Cannot be an empty sequence.
      */
-    if( len == 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (len == 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    while( *p < end )
-    {
+    while (*p < end) {
         mbedtls_x509_buf policy_oid;
         const unsigned char *policy_end;
 
         /*
          * Get the policy sequence
          */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         policy_end = *p + len;
 
-        if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
-                                          MBEDTLS_ASN1_OID ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+                                        MBEDTLS_ASN1_OID)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         policy_oid.tag = MBEDTLS_ASN1_OID;
         policy_oid.len = len;
@@ -822,8 +849,7 @@
         /*
          * Only AnyPolicy is currently supported when enforcing policy.
          */
-        if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 )
-        {
+        if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) {
             /*
              * Set the parsing return code but continue parsing, in case this
              * extension is critical.
@@ -832,135 +858,144 @@
         }
 
         /* Allocate and assign next pointer */
-        if( cur->buf.p != NULL )
-        {
-            if( cur->next != NULL )
-                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+        if (cur->buf.p != NULL) {
+            if (cur->next != NULL) {
+                return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+            }
 
-            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+            cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
 
-            if( cur->next == NULL )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                        MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
+            if (cur->next == NULL) {
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                         MBEDTLS_ERR_ASN1_ALLOC_FAILED);
+            }
 
             cur = cur->next;
         }
 
-        buf = &( cur->buf );
+        buf = &(cur->buf);
         buf->tag = policy_oid.tag;
         buf->p = policy_oid.p;
         buf->len = policy_oid.len;
 
         *p += len;
 
-       /*
-        * If there is an optional qualifier, then *p < policy_end
-        * Check the Qualifier len to verify it doesn't exceed policy_end.
-        */
-        if( *p < policy_end )
-        {
-            if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
-                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        /*
+         * If there is an optional qualifier, then *p < policy_end
+         * Check the Qualifier len to verify it doesn't exceed policy_end.
+         */
+        if (*p < policy_end) {
+            if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
+                                            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
+                0) {
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+            }
             /*
              * Skip the optional policy qualifiers.
              */
             *p += len;
         }
 
-        if( *p != policy_end )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (*p != policy_end) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
     }
 
     /* Set final sequence entry's next pointer to NULL */
     cur->next = NULL;
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( parse_ret );
+    return parse_ret;
 }
 
 /*
  * X.509 v3 extensions
  *
  */
-static int x509_get_crt_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_crt *crt,
-                             mbedtls_x509_crt_ext_cb_t cb,
-                             void *p_ctx )
+static int x509_get_crt_ext(unsigned char **p,
+                            const unsigned char *end,
+                            mbedtls_x509_crt *crt,
+                            mbedtls_x509_crt_ext_cb_t cb,
+                            void *p_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
     unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
 
-    if( *p == end )
-        return( 0 );
+    if (*p == end) {
+        return 0;
+    }
 
-    if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) {
+        return ret;
+    }
 
     end = crt->v3_ext.p + crt->v3_ext.len;
-    while( *p < end )
-    {
+    while (*p < end) {
         /*
          * Extension  ::=  SEQUENCE  {
          *      extnID      OBJECT IDENTIFIER,
          *      critical    BOOLEAN DEFAULT FALSE,
          *      extnValue   OCTET STRING  }
          */
-        mbedtls_x509_buf extn_oid = {0, 0, NULL};
+        mbedtls_x509_buf extn_oid = { 0, 0, NULL };
         int is_critical = 0; /* DEFAULT FALSE */
         int ext_type = 0;
 
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         end_ext_data = *p + len;
 
         /* Get extension ID */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
-                                          MBEDTLS_ASN1_OID ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
+                                        MBEDTLS_ASN1_OID)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         extn_oid.tag = MBEDTLS_ASN1_OID;
         extn_oid.p = *p;
         *p += extn_oid.len;
 
         /* Get optional critical */
-        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
-            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
+            (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         /* Data should be octet string type */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
+                                        MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+        }
 
         start_ext_octet = *p;
         end_ext_octet = *p + len;
 
-        if( end_ext_octet != end_ext_data )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+        if (end_ext_octet != end_ext_data) {
+            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+        }
 
         /*
          * Detect supported extensions
          */
-        ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
+        ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
 
-        if( ret != 0 )
-        {
+        if (ret != 0) {
             /* Give the callback (if any) a chance to handle the extension */
-            if( cb != NULL )
-            {
-                ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
-                if( ret != 0 && is_critical )
-                    return( ret );
+            if (cb != NULL) {
+                ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet);
+                if (ret != 0 && is_critical) {
+                    return ret;
+                }
                 *p = end_ext_octet;
                 continue;
             }
@@ -968,131 +1003,139 @@
             /* No parser found, skip extension */
             *p = end_ext_octet;
 
-            if( is_critical )
-            {
+            if (is_critical) {
                 /* Data is marked as critical: fail */
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
+                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                         MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
             }
             continue;
         }
 
         /* Forbid repeated extensions */
-        if( ( crt->ext_types & ext_type ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+        if ((crt->ext_types & ext_type) != 0) {
+            return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+        }
 
         crt->ext_types |= ext_type;
 
-        switch( ext_type )
-        {
-        case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
-            /* Parse basic constraints */
-            if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
-                    &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
-                return( ret );
-            break;
+        switch (ext_type) {
+            case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
+                /* Parse basic constraints */
+                if ((ret = x509_get_basic_constraints(p, end_ext_octet,
+                                                      &crt->ca_istrue, &crt->max_pathlen)) != 0) {
+                    return ret;
+                }
+                break;
 
-        case MBEDTLS_X509_EXT_KEY_USAGE:
-            /* Parse key usage */
-            if( ( ret = x509_get_key_usage( p, end_ext_octet,
-                    &crt->key_usage ) ) != 0 )
-                return( ret );
-            break;
+            case MBEDTLS_X509_EXT_KEY_USAGE:
+                /* Parse key usage */
+                if ((ret = x509_get_key_usage(p, end_ext_octet,
+                                              &crt->key_usage)) != 0) {
+                    return ret;
+                }
+                break;
 
-        case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
-            /* Parse extended key usage */
-            if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
-                    &crt->ext_key_usage ) ) != 0 )
-                return( ret );
-            break;
+            case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
+                /* Parse extended key usage */
+                if ((ret = x509_get_ext_key_usage(p, end_ext_octet,
+                                                  &crt->ext_key_usage)) != 0) {
+                    return ret;
+                }
+                break;
 
-        case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
-            /* Parse subject alt name */
-            if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
-                    &crt->subject_alt_names ) ) != 0 )
-                return( ret );
-            break;
+            case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
+                /* Parse subject alt name */
+                if ((ret = x509_get_subject_alt_name(p, end_ext_octet,
+                                                     &crt->subject_alt_names)) != 0) {
+                    return ret;
+                }
+                break;
 
-        case MBEDTLS_X509_EXT_NS_CERT_TYPE:
-            /* Parse netscape certificate type */
-            if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
-                    &crt->ns_cert_type ) ) != 0 )
-                return( ret );
-            break;
+            case MBEDTLS_X509_EXT_NS_CERT_TYPE:
+                /* Parse netscape certificate type */
+                if ((ret = x509_get_ns_cert_type(p, end_ext_octet,
+                                                 &crt->ns_cert_type)) != 0) {
+                    return ret;
+                }
+                break;
 
-        case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
-            /* Parse certificate policies type */
-            if( ( ret = x509_get_certificate_policies( p, end_ext_octet,
-                    &crt->certificate_policies ) ) != 0 )
-            {
-                /* Give the callback (if any) a chance to handle the extension
-                 * if it contains unsupported policies */
-                if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
-                    cb( p_ctx, crt, &extn_oid, is_critical,
-                        start_ext_octet, end_ext_octet ) == 0 )
-                    break;
+            case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
+                /* Parse certificate policies type */
+                if ((ret = x509_get_certificate_policies(p, end_ext_octet,
+                                                         &crt->certificate_policies)) != 0) {
+                    /* Give the callback (if any) a chance to handle the extension
+                     * if it contains unsupported policies */
+                    if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
+                        cb(p_ctx, crt, &extn_oid, is_critical,
+                           start_ext_octet, end_ext_octet) == 0) {
+                        break;
+                    }
 
-                if( is_critical )
-                    return( ret );
-                else
+                    if (is_critical) {
+                        return ret;
+                    } else
+                    /*
+                     * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
+                     * cannot interpret or enforce the policy. However, it is up to
+                     * the user to choose how to enforce the policies,
+                     * unless the extension is critical.
+                     */
+                    if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+                        return ret;
+                    }
+                }
+                break;
+
+            default:
                 /*
-                 * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
-                 * cannot interpret or enforce the policy. However, it is up to
-                 * the user to choose how to enforce the policies,
-                 * unless the extension is critical.
+                 * If this is a non-critical extension, which the oid layer
+                 * supports, but there isn't an x509 parser for it,
+                 * skip the extension.
                  */
-                if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
-                    return( ret );
-            }
-            break;
-
-        default:
-            /*
-             * If this is a non-critical extension, which the oid layer
-             * supports, but there isn't an x509 parser for it,
-             * skip the extension.
-             */
-            if( is_critical )
-                return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
-            else
-                *p = end_ext_octet;
+                if (is_critical) {
+                    return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+                } else {
+                    *p = end_ext_octet;
+                }
         }
     }
 
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (*p != end) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse and fill a single X.509 certificate in DER format
  */
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
-                                    const unsigned char *buf,
-                                    size_t buflen,
-                                    int make_copy,
-                                    mbedtls_x509_crt_ext_cb_t cb,
-                                    void *p_ctx )
+static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
+                                   const unsigned char *buf,
+                                   size_t buflen,
+                                   int make_copy,
+                                   mbedtls_x509_crt_ext_cb_t cb,
+                                   void *p_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
     unsigned char *p, *end, *crt_end;
     mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
 
-    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+    memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
+    memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
+    memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
 
     /*
      * Check for valid input
      */
-    if( crt == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (crt == NULL || buf == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     /* Use the original buffer until we figure out actual length. */
-    p = (unsigned char*) buf;
+    p = (unsigned char *) buf;
     len = buflen;
     end = p + len;
 
@@ -1102,31 +1145,28 @@
      *      signatureAlgorithm   AlgorithmIdentifier,
      *      signatureValue       BIT STRING  }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
     }
 
     end = crt_end = p + len;
     crt->raw.len = crt_end - buf;
-    if( make_copy != 0 )
-    {
+    if (make_copy != 0) {
         /* Create and populate a new buffer for the raw field. */
-        crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
-        if( crt->raw.p == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
+        if (crt->raw.p == NULL) {
+            return MBEDTLS_ERR_X509_ALLOC_FAILED;
+        }
 
-        memcpy( crt->raw.p, buf, crt->raw.len );
+        memcpy(crt->raw.p, buf, crt->raw.len);
         crt->own_buffer = 1;
 
         p += crt->raw.len - len;
         end = crt_end = p + len;
-    }
-    else
-    {
-        crt->raw.p = (unsigned char*) buf;
+    } else {
+        crt->raw.p = (unsigned char *) buf;
         crt->own_buffer = 0;
     }
 
@@ -1135,11 +1175,10 @@
      */
     crt->tbs.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     end = p + len;
@@ -1152,29 +1191,26 @@
      *
      * signature            AlgorithmIdentifier
      */
-    if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
-        ( ret = mbedtls_x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
-        ( ret = mbedtls_x509_get_alg(      &p, end, &crt->sig_oid,
-                                            &sig_params1 ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
+        (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 ||
+        (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid,
+                                    &sig_params1)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
-    if( crt->version < 0 || crt->version > 2 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    if (crt->version < 0 || crt->version > 2) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
     }
 
     crt->version++;
 
-    if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
-                                  &crt->sig_md, &crt->sig_pk,
-                                  &crt->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
+                                        &crt->sig_md, &crt->sig_pk,
+                                        &crt->sig_opts)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
     /*
@@ -1182,17 +1218,15 @@
      */
     crt->issuer_raw.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
     crt->issuer_raw.len = p - crt->issuer_raw.p;
@@ -1203,11 +1237,10 @@
      *      notAfter       Time }
      *
      */
-    if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
-                                         &crt->valid_to ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = x509_get_dates(&p, end, &crt->valid_from,
+                              &crt->valid_to)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
     /*
@@ -1215,17 +1248,15 @@
      */
     crt->subject_raw.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
-    if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
     crt->subject_raw.len = p - crt->subject_raw.p;
@@ -1234,10 +1265,9 @@
      * SubjectPublicKeyInfo
      */
     crt->pk_raw.p = p;
-    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
     crt->pk_raw.len = p - crt->pk_raw.p;
 
@@ -1249,41 +1279,34 @@
      *  extensions      [3]  EXPLICIT Extensions OPTIONAL
      *                       -- If present, version shall be v3
      */
-    if( crt->version == 2 || crt->version == 3 )
-    {
-        ret = x509_get_uid( &p, end, &crt->issuer_id,  1 );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
+    if (crt->version == 2 || crt->version == 3) {
+        ret = x509_get_uid(&p, end, &crt->issuer_id,  1);
+        if (ret != 0) {
+            mbedtls_x509_crt_free(crt);
+            return ret;
         }
     }
 
-    if( crt->version == 2 || crt->version == 3 )
-    {
-        ret = x509_get_uid( &p, end, &crt->subject_id,  2 );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
+    if (crt->version == 2 || crt->version == 3) {
+        ret = x509_get_uid(&p, end, &crt->subject_id,  2);
+        if (ret != 0) {
+            mbedtls_x509_crt_free(crt);
+            return ret;
         }
     }
 
-    if( crt->version == 3 )
-    {
-        ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
+    if (crt->version == 3) {
+        ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx);
+        if (ret != 0) {
+            mbedtls_x509_crt_free(crt);
+            return ret;
         }
     }
 
-    if( p != end )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     end = crt_end;
@@ -1295,49 +1318,45 @@
      *  signatureAlgorithm   AlgorithmIdentifier,
      *  signatureValue       BIT STRING
      */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
-    if( crt->sig_oid.len != sig_oid2.len ||
-        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+    if (crt->sig_oid.len != sig_oid2.len ||
+        memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 ||
         sig_params1.tag != sig_params2.tag ||
         sig_params1.len != sig_params2.len ||
-        ( sig_params1.len != 0 &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+        (sig_params1.len != 0 &&
+         memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERR_X509_SIG_MISMATCH;
     }
 
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
+    if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) {
+        mbedtls_x509_crt_free(crt);
+        return ret;
     }
 
-    if( p != end )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_x509_crt_free(crt);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse one X.509 certificate in DER format from a buffer and add them to a
  * chained list
  */
-static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain,
-                                                const unsigned char *buf,
-                                                size_t buflen,
-                                                int make_copy,
-                                                mbedtls_x509_crt_ext_cb_t cb,
-                                                void *p_ctx )
+static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain,
+                                               const unsigned char *buf,
+                                               size_t buflen,
+                                               int make_copy,
+                                               mbedtls_x509_crt_ext_cb_t cb,
+                                               void *p_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_x509_crt *crt = chain, *prev = NULL;
@@ -1345,11 +1364,11 @@
     /*
      * Check for valid input
      */
-    if( crt == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (crt == NULL || buf == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    while( crt->version != 0 && crt->next != NULL )
-    {
+    while (crt->version != 0 && crt->next != NULL) {
         prev = crt;
         crt = crt->next;
     }
@@ -1357,64 +1376,65 @@
     /*
      * Add new certificate on the end of the chain if needed.
      */
-    if( crt->version != 0 && crt->next == NULL )
-    {
-        crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+    if (crt->version != 0 && crt->next == NULL) {
+        crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
 
-        if( crt->next == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        if (crt->next == NULL) {
+            return MBEDTLS_ERR_X509_ALLOC_FAILED;
+        }
 
         prev = crt;
-        mbedtls_x509_crt_init( crt->next );
+        mbedtls_x509_crt_init(crt->next);
         crt = crt->next;
     }
 
-    ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx );
-    if( ret != 0 )
-    {
-        if( prev )
+    ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx);
+    if (ret != 0) {
+        if (prev) {
             prev->next = NULL;
+        }
 
-        if( crt != chain )
-            mbedtls_free( crt );
+        if (crt != chain) {
+            mbedtls_free(crt);
+        }
 
-        return( ret );
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
-                                       const unsigned char *buf,
-                                       size_t buflen )
+int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
+                                      const unsigned char *buf,
+                                      size_t buflen)
 {
-    return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) );
+    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL);
 }
 
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
-                                            const unsigned char *buf,
-                                            size_t buflen,
-                                            int make_copy,
-                                            mbedtls_x509_crt_ext_cb_t cb,
-                                            void *p_ctx )
+int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
+                                           const unsigned char *buf,
+                                           size_t buflen,
+                                           int make_copy,
+                                           mbedtls_x509_crt_ext_cb_t cb,
+                                           void *p_ctx)
 {
-    return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) );
+    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx);
 }
 
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
-                                const unsigned char *buf,
-                                size_t buflen )
+int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
+                               const unsigned char *buf,
+                               size_t buflen)
 {
-    return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) );
+    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL);
 }
 
 /*
  * Parse one or more PEM certificates from a buffer and add them to the chained
  * list
  */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain,
-                            const unsigned char *buf,
-                            size_t buflen )
+int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
+                           const unsigned char *buf,
+                           size_t buflen)
 {
 #if defined(MBEDTLS_PEM_PARSE_C)
     int success = 0, first_error = 0, total_failed = 0;
@@ -1424,59 +1444,53 @@
     /*
      * Check for valid input
      */
-    if( chain == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (chain == NULL || buf == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     /*
      * Determine buffer content. Buffer contains either one DER certificate or
      * one or more PEM certificates.
      */
 #if defined(MBEDTLS_PEM_PARSE_C)
-    if( buflen != 0 && buf[buflen - 1] == '\0' &&
-        strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
-    {
+    if (buflen != 0 && buf[buflen - 1] == '\0' &&
+        strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) {
         buf_format = MBEDTLS_X509_FORMAT_PEM;
     }
 
-    if( buf_format == MBEDTLS_X509_FORMAT_DER )
-        return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+    if (buf_format == MBEDTLS_X509_FORMAT_DER) {
+        return mbedtls_x509_crt_parse_der(chain, buf, buflen);
+    }
 #else
-    return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+    return mbedtls_x509_crt_parse_der(chain, buf, buflen);
 #endif
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-    if( buf_format == MBEDTLS_X509_FORMAT_PEM )
-    {
+    if (buf_format == MBEDTLS_X509_FORMAT_PEM) {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
         mbedtls_pem_context pem;
 
         /* 1 rather than 0 since the terminating NULL byte is counted in */
-        while( buflen > 1 )
-        {
+        while (buflen > 1) {
             size_t use_len;
-            mbedtls_pem_init( &pem );
+            mbedtls_pem_init(&pem);
 
             /* If we get there, we know the string is null-terminated */
-            ret = mbedtls_pem_read_buffer( &pem,
-                           "-----BEGIN CERTIFICATE-----",
-                           "-----END CERTIFICATE-----",
-                           buf, NULL, 0, &use_len );
+            ret = mbedtls_pem_read_buffer(&pem,
+                                          "-----BEGIN CERTIFICATE-----",
+                                          "-----END CERTIFICATE-----",
+                                          buf, NULL, 0, &use_len);
 
-            if( ret == 0 )
-            {
+            if (ret == 0) {
                 /*
                  * Was PEM encoded
                  */
                 buflen -= use_len;
                 buf += use_len;
-            }
-            else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
-            {
-                return( ret );
-            }
-            else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-            {
-                mbedtls_pem_free( &pem );
+            } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) {
+                return ret;
+            } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+                mbedtls_pem_free(&pem);
 
                 /*
                  * PEM header and footer were found
@@ -1484,29 +1498,31 @@
                 buflen -= use_len;
                 buf += use_len;
 
-                if( first_error == 0 )
+                if (first_error == 0) {
                     first_error = ret;
+                }
 
                 total_failed++;
                 continue;
-            }
-            else
+            } else {
                 break;
+            }
 
-            ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
+            ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen);
 
-            mbedtls_pem_free( &pem );
+            mbedtls_pem_free(&pem);
 
-            if( ret != 0 )
-            {
+            if (ret != 0) {
                 /*
                  * Quit parsing on a memory error
                  */
-                if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
-                    return( ret );
+                if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) {
+                    return ret;
+                }
 
-                if( first_error == 0 )
+                if (first_error == 0) {
                     first_error = ret;
+                }
 
                 total_failed++;
                 continue;
@@ -1516,12 +1532,13 @@
         }
     }
 
-    if( success )
-        return( total_failed );
-    else if( first_error )
-        return( first_error );
-    else
-        return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
+    if (success) {
+        return total_failed;
+    } else if (first_error) {
+        return first_error;
+    } else {
+        return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
+    }
 #endif /* MBEDTLS_PEM_PARSE_C */
 }
 
@@ -1529,24 +1546,25 @@
 /*
  * Load one or more certificates and add them to the chained list
  */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
+int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_x509_crt_parse( chain, buf, n );
+    ret = mbedtls_x509_crt_parse(chain, buf, n);
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
+int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
 {
     int ret = 0;
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -1554,96 +1572,94 @@
     WCHAR szDir[MAX_PATH];
     char filename[MAX_PATH];
     char *p;
-    size_t len = strlen( path );
+    size_t len = strlen(path);
 
     WIN32_FIND_DATAW file_data;
     HANDLE hFind;
 
-    if( len > MAX_PATH - 3 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (len > MAX_PATH - 3) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    memset( szDir, 0, sizeof(szDir) );
-    memset( filename, 0, MAX_PATH );
-    memcpy( filename, path, len );
+    memset(szDir, 0, sizeof(szDir));
+    memset(filename, 0, MAX_PATH);
+    memcpy(filename, path, len);
     filename[len++] = '\\';
     p = filename + len;
     filename[len++] = '*';
 
-    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
-                                 MAX_PATH - 3 );
-    if( w_ret == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
+                                MAX_PATH - 3);
+    if (w_ret == 0) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    hFind = FindFirstFileW( szDir, &file_data );
-    if( hFind == INVALID_HANDLE_VALUE )
-        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+    hFind = FindFirstFileW(szDir, &file_data);
+    if (hFind == INVALID_HANDLE_VALUE) {
+        return MBEDTLS_ERR_X509_FILE_IO_ERROR;
+    }
 
     len = MAX_PATH - len;
-    do
-    {
-        memset( p, 0, len );
+    do {
+        memset(p, 0, len);
 
-        if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
+        if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
             continue;
+        }
 
-        w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
-                                     lstrlenW( file_data.cFileName ),
-                                     p, (int) len - 1,
-                                     NULL, NULL );
-        if( w_ret == 0 )
-        {
+        w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
+                                    lstrlenW(file_data.cFileName),
+                                    p, (int) len - 1,
+                                    NULL, NULL);
+        if (w_ret == 0) {
             ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
             goto cleanup;
         }
 
-        w_ret = mbedtls_x509_crt_parse_file( chain, filename );
-        if( w_ret < 0 )
+        w_ret = mbedtls_x509_crt_parse_file(chain, filename);
+        if (w_ret < 0) {
             ret++;
-        else
+        } else {
             ret += w_ret;
-    }
-    while( FindNextFileW( hFind, &file_data ) != 0 );
+        }
+    } while (FindNextFileW(hFind, &file_data) != 0);
 
-    if( GetLastError() != ERROR_NO_MORE_FILES )
+    if (GetLastError() != ERROR_NO_MORE_FILES) {
         ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+    }
 
 cleanup:
-    FindClose( hFind );
+    FindClose(hFind);
 #else /* _WIN32 */
     int t_ret;
     int snp_ret;
     struct stat sb;
     struct dirent *entry;
     char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
-    DIR *dir = opendir( path );
+    DIR *dir = opendir(path);
 
-    if( dir == NULL )
-        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+    if (dir == NULL) {
+        return MBEDTLS_ERR_X509_FILE_IO_ERROR;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
-    {
-        closedir( dir );
-        return( ret );
+    if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) {
+        closedir(dir);
+        return ret;
     }
 #endif /* MBEDTLS_THREADING_C */
 
-    memset( &sb, 0, sizeof( sb ) );
+    memset(&sb, 0, sizeof(sb));
 
-    while( ( entry = readdir( dir ) ) != NULL )
-    {
-        snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
-                                    "%s/%s", path, entry->d_name );
+    while ((entry = readdir(dir)) != NULL) {
+        snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+                                   "%s/%s", path, entry->d_name);
 
-        if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
-        {
+        if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
             ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
             goto cleanup;
-        }
-        else if( stat( entry_name, &sb ) == -1 )
-        {
-            if( errno == ENOENT )
-            {
+        } else if (stat(entry_name, &sb) == -1) {
+            if (errno == ENOENT) {
                 /* Broken symbolic link - ignore this entry.
                     stat(2) will return this error for either (a) a dangling
                     symlink or (b) a missing file.
@@ -1651,38 +1667,39 @@
                     assume that it does exist and therefore treat this as a
                     dangling symlink. */
                 continue;
-            }
-            else
-            {
+            } else {
                 /* Some other file error; report the error. */
                 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
                 goto cleanup;
             }
         }
 
-        if( !S_ISREG( sb.st_mode ) )
+        if (!S_ISREG(sb.st_mode)) {
             continue;
+        }
 
         // Ignore parse errors
         //
-        t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
-        if( t_ret < 0 )
+        t_ret = mbedtls_x509_crt_parse_file(chain, entry_name);
+        if (t_ret < 0) {
             ret++;
-        else
+        } else {
             ret += t_ret;
+        }
     }
 
 cleanup:
-    closedir( dir );
+    closedir(dir);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) {
         ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif /* MBEDTLS_THREADING_C */
 
 #endif /* _WIN32 */
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -1698,8 +1715,8 @@
  * NOTE: we currently only parse and use otherName of type HwModuleName,
  * as defined in RFC 4108.
  */
-static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
-                                mbedtls_x509_san_other_name *other_name )
+static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
+                               mbedtls_x509_san_other_name *other_name)
 {
     int ret = 0;
     size_t len;
@@ -1707,19 +1724,19 @@
     const unsigned char *end = p + subject_alt_name->len;
     mbedtls_x509_buf cur_oid;
 
-    if( ( subject_alt_name->tag &
-        ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) !=
-        ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) )
-    {
+    if ((subject_alt_name->tag &
+         (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) !=
+        (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) {
         /*
          * The given subject alternative name is not of type "othername".
          */
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
     }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_OID)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
     cur_oid.tag = MBEDTLS_ASN1_OID;
     cur_oid.p = p;
@@ -1728,81 +1745,82 @@
     /*
      * Only HwModuleName is currently supported.
      */
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 )
-    {
-        return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
+        return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
     }
 
-    if( p + len >= end )
-    {
-        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p + len >= end) {
+        mbedtls_platform_zeroize(other_name, sizeof(*other_name));
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
     p += len;
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
+        0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-       return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
     other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
     other_name->value.hardware_module_name.oid.p = p;
     other_name->value.hardware_module_name.oid.len = len;
 
-    if( p + len >= end )
-    {
-        mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p + len >= end) {
+        mbedtls_platform_zeroize(other_name, sizeof(*other_name));
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
     p += len;
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+    }
 
     other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
     other_name->value.hardware_module_name.val.p = p;
     other_name->value.hardware_module_name.val.len = len;
     p += len;
-    if( p != end )
-    {
-        mbedtls_platform_zeroize( other_name,
-                                  sizeof( *other_name ) );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_platform_zeroize(other_name,
+                                 sizeof(*other_name));
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
-                                         mbedtls_x509_subject_alternative_name *san )
+int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
+                                        mbedtls_x509_subject_alternative_name *san)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    switch( san_buf->tag &
-            ( MBEDTLS_ASN1_TAG_CLASS_MASK |
-              MBEDTLS_ASN1_TAG_VALUE_MASK ) )
-    {
+    switch (san_buf->tag &
+            (MBEDTLS_ASN1_TAG_CLASS_MASK |
+             MBEDTLS_ASN1_TAG_VALUE_MASK)) {
         /*
          * otherName
          */
-        case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
+        case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME):
         {
             mbedtls_x509_san_other_name other_name;
 
-            ret = x509_get_other_name( san_buf, &other_name );
-            if( ret != 0 )
-                return( ret );
+            ret = x509_get_other_name(san_buf, &other_name);
+            if (ret != 0) {
+                return ret;
+            }
 
-            memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+            memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
             san->type = MBEDTLS_X509_SAN_OTHER_NAME;
-            memcpy( &san->san.other_name,
-                    &other_name, sizeof( other_name ) );
+            memcpy(&san->san.other_name,
+                   &other_name, sizeof(other_name));
 
         }
         break;
@@ -1810,13 +1828,13 @@
         /*
          * dNSName
          */
-        case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
+        case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME):
         {
-            memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
+            memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
             san->type = MBEDTLS_X509_SAN_DNS_NAME;
 
-            memcpy( &san->san.unstructured_name,
-                    san_buf, sizeof( *san_buf ) );
+            memcpy(&san->san.unstructured_name,
+                   san_buf, sizeof(*san_buf));
 
         }
         break;
@@ -1825,16 +1843,16 @@
          * Type not supported
          */
         default:
-            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
     }
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
-static int x509_info_subject_alt_name( char **buf, size_t *size,
-                                       const mbedtls_x509_sequence
-                                                    *subject_alt_name,
-                                       const char *prefix )
+static int x509_info_subject_alt_name(char **buf, size_t *size,
+                                      const mbedtls_x509_sequence
+                                      *subject_alt_name,
+                                      const char *prefix)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
@@ -1844,28 +1862,22 @@
     mbedtls_x509_subject_alternative_name san;
     int parse_ret;
 
-    while( cur != NULL )
-    {
-        memset( &san, 0, sizeof( san ) );
-        parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san );
-        if( parse_ret != 0 )
-        {
-            if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
-            {
-                ret = mbedtls_snprintf( p, n, "\n%s    <unsupported>", prefix );
+    while (cur != NULL) {
+        memset(&san, 0, sizeof(san));
+        parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
+        if (parse_ret != 0) {
+            if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+                ret = mbedtls_snprintf(p, n, "\n%s    <unsupported>", prefix);
                 MBEDTLS_X509_SAFE_SNPRINTF;
-            }
-            else
-            {
-                ret = mbedtls_snprintf( p, n, "\n%s    <malformed>", prefix );
+            } else {
+                ret = mbedtls_snprintf(p, n, "\n%s    <malformed>", prefix);
                 MBEDTLS_X509_SAFE_SNPRINTF;
             }
             cur = cur->next;
             continue;
         }
 
-        switch( san.type )
-        {
+        switch (san.type) {
             /*
              * otherName
              */
@@ -1873,26 +1885,31 @@
             {
                 mbedtls_x509_san_other_name *other_name = &san.san.other_name;
 
-                ret = mbedtls_snprintf( p, n, "\n%s    otherName :", prefix );
+                ret = mbedtls_snprintf(p, n, "\n%s    otherName :", prefix);
                 MBEDTLS_X509_SAFE_SNPRINTF;
 
-                if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
-                                     &other_name->value.hardware_module_name.oid ) != 0 )
-                {
-                    ret = mbedtls_snprintf( p, n, "\n%s        hardware module name :", prefix );
+                if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
+                                    &other_name->value.hardware_module_name.oid) != 0) {
+                    ret = mbedtls_snprintf(p, n, "\n%s        hardware module name :", prefix);
                     MBEDTLS_X509_SAFE_SNPRINTF;
-                    ret = mbedtls_snprintf( p, n, "\n%s            hardware type          : ", prefix );
+                    ret =
+                        mbedtls_snprintf(p, n, "\n%s            hardware type          : ", prefix);
                     MBEDTLS_X509_SAFE_SNPRINTF;
 
-                    ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid );
+                    ret = mbedtls_oid_get_numeric_string(p,
+                                                         n,
+                                                         &other_name->value.hardware_module_name.oid);
                     MBEDTLS_X509_SAFE_SNPRINTF;
 
-                    ret = mbedtls_snprintf( p, n, "\n%s            hardware serial number : ", prefix );
+                    ret =
+                        mbedtls_snprintf(p, n, "\n%s            hardware serial number : ", prefix);
                     MBEDTLS_X509_SAFE_SNPRINTF;
 
-                    for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
-                    {
-                        ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+                    for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) {
+                        ret = mbedtls_snprintf(p,
+                                               n,
+                                               "%02X",
+                                               other_name->value.hardware_module_name.val.p[i]);
                         MBEDTLS_X509_SAFE_SNPRINTF;
                     }
                 }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
@@ -1904,15 +1921,14 @@
              */
             case MBEDTLS_X509_SAN_DNS_NAME:
             {
-                ret = mbedtls_snprintf( p, n, "\n%s    dNSName : ", prefix );
+                ret = mbedtls_snprintf(p, n, "\n%s    dNSName : ", prefix);
                 MBEDTLS_X509_SAFE_SNPRINTF;
-                if( san.san.unstructured_name.len >= n )
-                {
+                if (san.san.unstructured_name.len >= n) {
                     *p = '\0';
-                    return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+                    return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
                 }
 
-                memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len );
+                memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len);
                 p += san.san.unstructured_name.len;
                 n -= san.san.unstructured_name.len;
             }
@@ -1922,7 +1938,7 @@
              * Type not supported, skip item.
              */
             default:
-                ret = mbedtls_snprintf( p, n, "\n%s    <unsupported>", prefix );
+                ret = mbedtls_snprintf(p, n, "\n%s    <unsupported>", prefix);
                 MBEDTLS_X509_SAFE_SNPRINTF;
                 break;
         }
@@ -1935,73 +1951,73 @@
     *size = n;
     *buf = p;
 
-    return( 0 );
+    return 0;
 }
 
 #define PRINT_ITEM(i)                           \
     {                                           \
-        ret = mbedtls_snprintf( p, n, "%s" i, sep );    \
+        ret = mbedtls_snprintf(p, n, "%s" i, sep);    \
         MBEDTLS_X509_SAFE_SNPRINTF;                        \
         sep = ", ";                             \
     }
 
-#define CERT_TYPE(type,name)                    \
-    if( ns_cert_type & (type) )                 \
-        PRINT_ITEM( name );
+#define CERT_TYPE(type, name)                    \
+    if (ns_cert_type & (type))                 \
+    PRINT_ITEM(name);
 
-static int x509_info_cert_type( char **buf, size_t *size,
-                                unsigned char ns_cert_type )
+static int x509_info_cert_type(char **buf, size_t *size,
+                               unsigned char ns_cert_type)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n = *size;
     char *p = *buf;
     const char *sep = "";
 
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT,         "SSL Client" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER,         "SSL Server" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL,              "Email" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING,     "Object Signing" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED,           "Reserved" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA,             "SSL CA" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA,           "Email CA" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA,  "Object Signing CA" );
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT,         "SSL Client");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER,         "SSL Server");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL,              "Email");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING,     "Object Signing");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED,           "Reserved");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA,             "SSL CA");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA,           "Email CA");
+    CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA,  "Object Signing CA");
 
     *size = n;
     *buf = p;
 
-    return( 0 );
+    return 0;
 }
 
-#define KEY_USAGE(code,name)    \
-    if( key_usage & (code) )    \
-        PRINT_ITEM( name );
+#define KEY_USAGE(code, name)    \
+    if (key_usage & (code))    \
+    PRINT_ITEM(name);
 
-static int x509_info_key_usage( char **buf, size_t *size,
-                                unsigned int key_usage )
+static int x509_info_key_usage(char **buf, size_t *size,
+                               unsigned int key_usage)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n = *size;
     char *p = *buf;
     const char *sep = "";
 
-    KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE,    "Digital Signature" );
-    KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION,      "Non Repudiation" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT,     "Key Encipherment" );
-    KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT,    "Data Encipherment" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT,        "Key Agreement" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN,        "Key Cert Sign" );
-    KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN,             "CRL Sign" );
-    KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY,        "Encipher Only" );
-    KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY,        "Decipher Only" );
+    KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE,    "Digital Signature");
+    KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION,      "Non Repudiation");
+    KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT,     "Key Encipherment");
+    KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT,    "Data Encipherment");
+    KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT,        "Key Agreement");
+    KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN,        "Key Cert Sign");
+    KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN,             "CRL Sign");
+    KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY,        "Encipher Only");
+    KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY,        "Decipher Only");
 
     *size = n;
     *buf = p;
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_info_ext_key_usage( char **buf, size_t *size,
-                                    const mbedtls_x509_sequence *extended_key_usage )
+static int x509_info_ext_key_usage(char **buf, size_t *size,
+                                   const mbedtls_x509_sequence *extended_key_usage)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *desc;
@@ -2010,12 +2026,12 @@
     const mbedtls_x509_sequence *cur = extended_key_usage;
     const char *sep = "";
 
-    while( cur != NULL )
-    {
-        if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
+    while (cur != NULL) {
+        if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) {
             desc = "???";
+        }
 
-        ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+        ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
         sep = ", ";
@@ -2026,11 +2042,11 @@
     *size = n;
     *buf = p;
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_info_cert_policies( char **buf, size_t *size,
-                                    const mbedtls_x509_sequence *certificate_policies )
+static int x509_info_cert_policies(char **buf, size_t *size,
+                                   const mbedtls_x509_sequence *certificate_policies)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *desc;
@@ -2039,12 +2055,12 @@
     const mbedtls_x509_sequence *cur = certificate_policies;
     const char *sep = "";
 
-    while( cur != NULL )
-    {
-        if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 )
+    while (cur != NULL) {
+        if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) {
             desc = "???";
+        }
 
-        ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+        ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
         sep = ", ";
@@ -2055,7 +2071,7 @@
     *size = n;
     *buf = p;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2063,8 +2079,8 @@
  */
 #define BEFORE_COLON    18
 #define BC              "18"
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crt *crt )
+int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
+                          const mbedtls_x509_crt *crt)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
@@ -2074,136 +2090,132 @@
     p = buf;
     n = size;
 
-    if( NULL == crt )
-    {
-        ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
+    if (NULL == crt) {
+        ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n");
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        return( (int) ( size - n ) );
+        return (int) (size - n);
     }
 
-    ret = mbedtls_snprintf( p, n, "%scert. version     : %d\n",
-                               prefix, crt->version );
+    ret = mbedtls_snprintf(p, n, "%scert. version     : %d\n",
+                           prefix, crt->version);
     MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_snprintf( p, n, "%sserial number     : ",
-                               prefix );
+    ret = mbedtls_snprintf(p, n, "%sserial number     : ",
+                           prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+    ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%sissuer name       : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%sissuer name       : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crt->issuer  );
+    ret = mbedtls_x509_dn_gets(p, n, &crt->issuer);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%ssubject name      : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%ssubject name      : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+    ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%sissued  on        : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crt->valid_from.year, crt->valid_from.mon,
-                   crt->valid_from.day,  crt->valid_from.hour,
-                   crt->valid_from.min,  crt->valid_from.sec );
+    ret = mbedtls_snprintf(p, n, "\n%sissued  on        : " \
+                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                           crt->valid_from.year, crt->valid_from.mon,
+                           crt->valid_from.day,  crt->valid_from.hour,
+                           crt->valid_from.min,  crt->valid_from.sec);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%sexpires on        : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crt->valid_to.year, crt->valid_to.mon,
-                   crt->valid_to.day,  crt->valid_to.hour,
-                   crt->valid_to.min,  crt->valid_to.sec );
+    ret = mbedtls_snprintf(p, n, "\n%sexpires on        : " \
+                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                           crt->valid_to.year, crt->valid_to.mon,
+                           crt->valid_to.day,  crt->valid_to.hour,
+                           crt->valid_to.min,  crt->valid_to.sec);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using      : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%ssigned using      : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
-                             crt->sig_md, crt->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk,
+                                    crt->sig_md, crt->sig_opts);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     /* Key size */
-    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
-                                      mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+                                            mbedtls_pk_get_name(&crt->pk))) != 0) {
+        return ret;
     }
 
-    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
-                          (int) mbedtls_pk_get_bitlen( &crt->pk ) );
+    ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
+                           (int) mbedtls_pk_get_bitlen(&crt->pk));
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     /*
      * Optional extensions
      */
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
-                        crt->ca_istrue ? "true" : "false" );
+    if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) {
+        ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix,
+                               crt->ca_istrue ? "true" : "false");
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( crt->max_pathlen > 0 )
-        {
-            ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
+        if (crt->max_pathlen > 0) {
+            ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1);
             MBEDTLS_X509_SAFE_SNPRINTF;
         }
     }
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%ssubject alt name  :", prefix );
+    if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
+        ret = mbedtls_snprintf(p, n, "\n%ssubject alt name  :", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( ( ret = x509_info_subject_alt_name( &p, &n,
-                                                &crt->subject_alt_names,
-                                                prefix ) ) != 0 )
-            return( ret );
+        if ((ret = x509_info_subject_alt_name(&p, &n,
+                                              &crt->subject_alt_names,
+                                              prefix)) != 0) {
+            return ret;
+        }
     }
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%scert. type        : ", prefix );
+    if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
+        ret = mbedtls_snprintf(p, n, "\n%scert. type        : ", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
-            return( ret );
+        if ((ret = x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) {
+            return ret;
+        }
     }
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%skey usage         : ", prefix );
+    if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
+        ret = mbedtls_snprintf(p, n, "\n%skey usage         : ", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
-            return( ret );
+        if ((ret = x509_info_key_usage(&p, &n, crt->key_usage)) != 0) {
+            return ret;
+        }
     }
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sext key usage     : ", prefix );
+    if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) {
+        ret = mbedtls_snprintf(p, n, "\n%sext key usage     : ", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( ( ret = x509_info_ext_key_usage( &p, &n,
-                                             &crt->ext_key_usage ) ) != 0 )
-            return( ret );
+        if ((ret = x509_info_ext_key_usage(&p, &n,
+                                           &crt->ext_key_usage)) != 0) {
+            return ret;
+        }
     }
 
-    if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix );
+    if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
+        ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
 
-        if( ( ret = x509_info_cert_policies( &p, &n,
-                                             &crt->certificate_policies ) ) != 0 )
-            return( ret );
+        if ((ret = x509_info_cert_policies(&p, &n,
+                                           &crt->certificate_policies)) != 0) {
+            return ret;
+        }
     }
 
-    ret = mbedtls_snprintf( p, n, "\n" );
+    ret = mbedtls_snprintf(p, n, "\n");
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 
 struct x509_crt_verify_string {
@@ -2211,124 +2223,124 @@
     const char *string;
 };
 
-#define X509_CRT_ERROR_INFO( err, err_str, info ) { err, info },
+#define X509_CRT_ERROR_INFO(err, err_str, info) { err, info },
 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
     MBEDTLS_X509_CRT_ERROR_INFO_LIST
     { 0, NULL }
 };
 #undef X509_CRT_ERROR_INFO
 
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags )
+int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
+                                 uint32_t flags)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const struct x509_crt_verify_string *cur;
     char *p = buf;
     size_t n = size;
 
-    for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
-    {
-        if( ( flags & cur->code ) == 0 )
+    for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) {
+        if ((flags & cur->code) == 0) {
             continue;
+        }
 
-        ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
+        ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string);
         MBEDTLS_X509_SAFE_SNPRINTF;
         flags ^= cur->code;
     }
 
-    if( flags != 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "%sUnknown reason "
-                                       "(this should not happen)\n", prefix );
+    if (flags != 0) {
+        ret = mbedtls_snprintf(p, n, "%sUnknown reason "
+                                     "(this should not happen)\n", prefix);
         MBEDTLS_X509_SAFE_SNPRINTF;
     }
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
-                                      unsigned int usage )
+int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
+                                     unsigned int usage)
 {
     unsigned int usage_must, usage_may;
     unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
-                          | MBEDTLS_X509_KU_DECIPHER_ONLY;
+                            | MBEDTLS_X509_KU_DECIPHER_ONLY;
 
-    if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
-        return( 0 );
+    if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) {
+        return 0;
+    }
 
     usage_must = usage & ~may_mask;
 
-    if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     usage_may = usage & may_mask;
 
-    if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (((crt->key_usage & may_mask) | usage_may) != usage_may) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
-                                       const char *usage_oid,
-                                       size_t usage_len )
+int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
+                                              const char *usage_oid,
+                                              size_t usage_len)
 {
     const mbedtls_x509_sequence *cur;
 
     /* Extension is not mandatory, absent means no restriction */
-    if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
-        return( 0 );
+    if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) {
+        return 0;
+    }
 
     /*
      * Look for the requested usage (or wildcard ANY) in our list
      */
-    for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
-    {
+    for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) {
         const mbedtls_x509_buf *cur_oid = &cur->buf;
 
-        if( cur_oid->len == usage_len &&
-            memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
-        {
-            return( 0 );
+        if (cur_oid->len == usage_len &&
+            memcmp(cur_oid->p, usage_oid, usage_len) == 0) {
+            return 0;
         }
 
-        if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
-            return( 0 );
+        if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) {
+            return 0;
+        }
     }
 
-    return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
 }
 
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
 /*
  * Return 1 if the certificate is revoked, or 0 otherwise.
  */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
+int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
 {
     const mbedtls_x509_crl_entry *cur = &crl->entry;
 
-    while( cur != NULL && cur->serial.len != 0 )
-    {
-        if( crt->serial.len == cur->serial.len &&
-            memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
-        {
-            return( 1 );
+    while (cur != NULL && cur->serial.len != 0) {
+        if (crt->serial.len == cur->serial.len &&
+            memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) {
+            return 1;
         }
 
         cur = cur->next;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Check that the given certificate is not revoked according to the CRL.
  * Skip validation if no CRL for the given CA is present.
  */
-static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
-                               mbedtls_x509_crl *crl_list,
-                               const mbedtls_x509_crt_profile *profile )
+static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
+                              mbedtls_x509_crl *crl_list,
+                              const mbedtls_x509_crt_profile *profile)
 {
     int flags = 0;
     unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
@@ -2339,14 +2351,13 @@
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     size_t hash_length;
 
-    if( ca == NULL )
-        return( flags );
+    if (ca == NULL) {
+        return flags;
+    }
 
-    while( crl_list != NULL )
-    {
-        if( crl_list->version == 0 ||
-            x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
-        {
+    while (crl_list != NULL) {
+        if (crl_list->version == 0 ||
+            x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) {
             crl_list = crl_list->next;
             continue;
         }
@@ -2354,9 +2365,8 @@
         /*
          * Check if the CA is configured to sign CRLs
          */
-        if( mbedtls_x509_crt_check_key_usage( ca,
-                                              MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
-        {
+        if (mbedtls_x509_crt_check_key_usage(ca,
+                                             MBEDTLS_X509_KU_CRL_SIGN) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
             break;
         }
@@ -2364,46 +2374,46 @@
         /*
          * Check if CRL is correctly signed by the trusted CA
          */
-        if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
+        if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) {
             flags |= MBEDTLS_X509_BADCRL_BAD_MD;
+        }
 
-        if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
+        if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) {
             flags |= MBEDTLS_X509_BADCRL_BAD_PK;
+        }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_algorithm = mbedtls_hash_info_psa_from_md( crl_list->sig_md );
-        if( psa_hash_compute( psa_algorithm,
-                              crl_list->tbs.p,
-                              crl_list->tbs.len,
-                              hash,
-                              sizeof( hash ),
-                              &hash_length ) != PSA_SUCCESS )
-        {
+        psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md);
+        if (psa_hash_compute(psa_algorithm,
+                             crl_list->tbs.p,
+                             crl_list->tbs.len,
+                             hash,
+                             sizeof(hash),
+                             &hash_length) != PSA_SUCCESS) {
             /* Note: this can't happen except after an internal error */
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
             break;
         }
 #else
-        md_info = mbedtls_md_info_from_type( crl_list->sig_md );
-        hash_length = mbedtls_md_get_size( md_info );
-        if( mbedtls_md( md_info,
-                        crl_list->tbs.p,
-                        crl_list->tbs.len,
-                        hash ) != 0 )
-        {
+        md_info = mbedtls_md_info_from_type(crl_list->sig_md);
+        hash_length = mbedtls_md_get_size(md_info);
+        if (mbedtls_md(md_info,
+                       crl_list->tbs.p,
+                       crl_list->tbs.len,
+                       hash) != 0) {
             /* Note: this can't happen except after an internal error */
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
             break;
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-        if( x509_profile_check_key( profile, &ca->pk ) != 0 )
+        if (x509_profile_check_key(profile, &ca->pk) != 0) {
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+        }
 
-        if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
-                           crl_list->sig_md, hash, hash_length,
-                           crl_list->sig.p, crl_list->sig.len ) != 0 )
-        {
+        if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
+                                  crl_list->sig_md, hash, hash_length,
+                                  crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
             break;
         }
@@ -2411,17 +2421,18 @@
         /*
          * Check for validity of CRL (Do not drop out)
          */
-        if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
+        if (mbedtls_x509_time_is_past(&crl_list->next_update)) {
             flags |= MBEDTLS_X509_BADCRL_EXPIRED;
+        }
 
-        if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
+        if (mbedtls_x509_time_is_future(&crl_list->this_update)) {
             flags |= MBEDTLS_X509_BADCRL_FUTURE;
+        }
 
         /*
          * Check if certificate is revoked
          */
-        if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
-        {
+        if (mbedtls_x509_crt_is_revoked(crt, crl_list)) {
             flags |= MBEDTLS_X509_BADCERT_REVOKED;
             break;
         }
@@ -2429,61 +2440,61 @@
         crl_list = crl_list->next;
     }
 
-    return( flags );
+    return flags;
 }
 #endif /* MBEDTLS_X509_CRL_PARSE_C */
 
 /*
  * Check the signature of a certificate by its parent
  */
-static int x509_crt_check_signature( const mbedtls_x509_crt *child,
-                                     mbedtls_x509_crt *parent,
-                                     mbedtls_x509_crt_restart_ctx *rs_ctx )
+static int x509_crt_check_signature(const mbedtls_x509_crt *child,
+                                    mbedtls_x509_crt *parent,
+                                    mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     size_t hash_len;
     unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
     const mbedtls_md_info_t *md_info;
-    md_info = mbedtls_md_info_from_type( child->sig_md );
-    hash_len = mbedtls_md_get_size( md_info );
+    md_info = mbedtls_md_info_from_type(child->sig_md);
+    hash_len = mbedtls_md_get_size(md_info);
 
     /* Note: hash errors can happen only after an internal error */
-    if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
-        return( -1 );
+    if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
+        return -1;
+    }
 #else
-    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( child->sig_md );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md);
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    status = psa_hash_compute( hash_alg,
-                               child->tbs.p,
-                               child->tbs.len,
-                               hash,
-                               sizeof( hash ),
-                               &hash_len );
-    if( status != PSA_SUCCESS )
-    {
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    status = psa_hash_compute(hash_alg,
+                              child->tbs.p,
+                              child->tbs.len,
+                              hash,
+                              sizeof(hash),
+                              &hash_len);
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     /* Skip expensive computation on obvious mismatch */
-    if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
-        return( -1 );
+    if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
+        return -1;
+    }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
-    {
-        return( mbedtls_pk_verify_restartable( &parent->pk,
-                    child->sig_md, hash, hash_len,
-                    child->sig.p, child->sig.len, &rs_ctx->pk ) );
+    if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
+        return mbedtls_pk_verify_restartable(&parent->pk,
+                                             child->sig_md, hash, hash_len,
+                                             child->sig.p, child->sig.len, &rs_ctx->pk);
     }
 #else
     (void) rs_ctx;
 #endif
 
-    return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
-                child->sig_md, hash, hash_len,
-                child->sig.p, child->sig.len ) );
+    return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
+                                 child->sig_md, hash, hash_len,
+                                 child->sig.p, child->sig.len);
 }
 
 /*
@@ -2492,33 +2503,35 @@
  *
  * top means parent is a locally-trusted certificate
  */
-static int x509_crt_check_parent( const mbedtls_x509_crt *child,
-                                  const mbedtls_x509_crt *parent,
-                                  int top )
+static int x509_crt_check_parent(const mbedtls_x509_crt *child,
+                                 const mbedtls_x509_crt *parent,
+                                 int top)
 {
     int need_ca_bit;
 
     /* Parent must be the issuer */
-    if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
-        return( -1 );
+    if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
+        return -1;
+    }
 
     /* Parent must have the basicConstraints CA bit set as a general rule */
     need_ca_bit = 1;
 
     /* Exception: v1/v2 certificates that are locally trusted. */
-    if( top && parent->version < 3 )
+    if (top && parent->version < 3) {
         need_ca_bit = 0;
-
-    if( need_ca_bit && ! parent->ca_istrue )
-        return( -1 );
-
-    if( need_ca_bit &&
-        mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
-    {
-        return( -1 );
     }
 
-    return( 0 );
+    if (need_ca_bit && !parent->ca_istrue) {
+        return -1;
+    }
+
+    if (need_ca_bit &&
+        mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) {
+        return -1;
+    }
+
+    return 0;
 }
 
 /*
@@ -2565,14 +2578,14 @@
  *  - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
  */
 static int x509_crt_find_parent_in(
-                        mbedtls_x509_crt *child,
-                        mbedtls_x509_crt *candidates,
-                        mbedtls_x509_crt **r_parent,
-                        int *r_signature_is_good,
-                        int top,
-                        unsigned path_cnt,
-                        unsigned self_cnt,
-                        mbedtls_x509_crt_restart_ctx *rs_ctx )
+    mbedtls_x509_crt *child,
+    mbedtls_x509_crt *candidates,
+    mbedtls_x509_crt **r_parent,
+    int *r_signature_is_good,
+    int top,
+    unsigned path_cnt,
+    unsigned self_cnt,
+    mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_x509_crt *parent, *fallback_parent;
@@ -2580,8 +2593,7 @@
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* did we have something in progress? */
-    if( rs_ctx != NULL && rs_ctx->parent != NULL )
-    {
+    if (rs_ctx != NULL && rs_ctx->parent != NULL) {
         /* restore saved state */
         parent = rs_ctx->parent;
         fallback_parent = rs_ctx->fallback_parent;
@@ -2600,16 +2612,15 @@
     fallback_parent = NULL;
     fallback_signature_is_good = 0;
 
-    for( parent = candidates; parent != NULL; parent = parent->next )
-    {
+    for (parent = candidates; parent != NULL; parent = parent->next) {
         /* basic parenting skills (name, CA bit, key usage) */
-        if( x509_crt_check_parent( child, parent, top ) != 0 )
+        if (x509_crt_check_parent(child, parent, top) != 0) {
             continue;
+        }
 
         /* +1 because stored max_pathlen is 1 higher that the actual value */
-        if( parent->max_pathlen > 0 &&
-            (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
-        {
+        if (parent->max_pathlen > 0 &&
+            (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
             continue;
         }
 
@@ -2617,32 +2628,30 @@
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 check_signature:
 #endif
-        ret = x509_crt_check_signature( child, parent, rs_ctx );
+        ret = x509_crt_check_signature(child, parent, rs_ctx);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-        {
+        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
             /* save state */
             rs_ctx->parent = parent;
             rs_ctx->fallback_parent = fallback_parent;
             rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
 
-            return( ret );
+            return ret;
         }
 #else
         (void) ret;
 #endif
 
         signature_is_good = ret == 0;
-        if( top && ! signature_is_good )
+        if (top && !signature_is_good) {
             continue;
+        }
 
         /* optional time check */
-        if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
-            mbedtls_x509_time_is_future( &parent->valid_from ) )
-        {
-            if( fallback_parent == NULL )
-            {
+        if (mbedtls_x509_time_is_past(&parent->valid_to) ||
+            mbedtls_x509_time_is_future(&parent->valid_from)) {
+            if (fallback_parent == NULL) {
                 fallback_parent = parent;
                 fallback_signature_is_good = signature_is_good;
             }
@@ -2656,13 +2665,12 @@
         break;
     }
 
-    if( parent == NULL )
-    {
+    if (parent == NULL) {
         *r_parent = fallback_parent;
         *r_signature_is_good = fallback_signature_is_good;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2688,14 +2696,14 @@
  *  - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
  */
 static int x509_crt_find_parent(
-                        mbedtls_x509_crt *child,
-                        mbedtls_x509_crt *trust_ca,
-                        mbedtls_x509_crt **parent,
-                        int *parent_is_trusted,
-                        int *signature_is_good,
-                        unsigned path_cnt,
-                        unsigned self_cnt,
-                        mbedtls_x509_crt_restart_ctx *rs_ctx )
+    mbedtls_x509_crt *child,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crt **parent,
+    int *parent_is_trusted,
+    int *signature_is_good,
+    unsigned path_cnt,
+    unsigned self_cnt,
+    mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_x509_crt *search_list;
@@ -2704,48 +2712,46 @@
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* restore then clear saved state if we have some stored */
-    if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
-    {
+    if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) {
         *parent_is_trusted = rs_ctx->parent_is_trusted;
         rs_ctx->parent_is_trusted = -1;
     }
 #endif
 
-    while( 1 ) {
+    while (1) {
         search_list = *parent_is_trusted ? trust_ca : child->next;
 
-        ret = x509_crt_find_parent_in( child, search_list,
-                                       parent, signature_is_good,
-                                       *parent_is_trusted,
-                                       path_cnt, self_cnt, rs_ctx );
+        ret = x509_crt_find_parent_in(child, search_list,
+                                      parent, signature_is_good,
+                                      *parent_is_trusted,
+                                      path_cnt, self_cnt, rs_ctx);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-        {
+        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
             /* save state */
             rs_ctx->parent_is_trusted = *parent_is_trusted;
-            return( ret );
+            return ret;
         }
 #else
         (void) ret;
 #endif
 
         /* stop here if found or already in second iteration */
-        if( *parent != NULL || *parent_is_trusted == 0 )
+        if (*parent != NULL || *parent_is_trusted == 0) {
             break;
+        }
 
         /* prepare second iteration */
         *parent_is_trusted = 0;
     }
 
     /* extra precaution against mistakes in the caller */
-    if( *parent == NULL )
-    {
+    if (*parent == NULL) {
         *parent_is_trusted = 0;
         *signature_is_good = 0;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -2755,27 +2761,26 @@
  * check for self-issued as self-signatures are not checked)
  */
 static int x509_crt_check_ee_locally_trusted(
-                    mbedtls_x509_crt *crt,
-                    mbedtls_x509_crt *trust_ca )
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca)
 {
     mbedtls_x509_crt *cur;
 
     /* must be self-issued */
-    if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
-        return( -1 );
+    if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) {
+        return -1;
+    }
 
     /* look for an exact match with trusted cert */
-    for( cur = trust_ca; cur != NULL; cur = cur->next )
-    {
-        if( crt->raw.len == cur->raw.len &&
-            memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
-        {
-            return( 0 );
+    for (cur = trust_ca; cur != NULL; cur = cur->next) {
+        if (crt->raw.len == cur->raw.len &&
+            memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) {
+            return 0;
         }
     }
 
     /* too bad */
-    return( -1 );
+    return -1;
 }
 
 /*
@@ -2819,14 +2824,14 @@
  *      even if it was found to be invalid
  */
 static int x509_crt_verify_chain(
-                mbedtls_x509_crt *crt,
-                mbedtls_x509_crt *trust_ca,
-                mbedtls_x509_crl *ca_crl,
-                mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                void *p_ca_cb,
-                const mbedtls_x509_crt_profile *profile,
-                mbedtls_x509_crt_verify_chain *ver_chain,
-                mbedtls_x509_crt_restart_ctx *rs_ctx )
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crl *ca_crl,
+    mbedtls_x509_crt_ca_cb_t f_ca_cb,
+    void *p_ca_cb,
+    const mbedtls_x509_crt_profile *profile,
+    mbedtls_x509_crt_verify_chain *ver_chain,
+    mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     /* Don't initialize any of those variables here, so that the compiler can
      * catch potential issues with jumping ahead when restarting */
@@ -2843,8 +2848,7 @@
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* resume if we had an operation in progress */
-    if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
-    {
+    if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) {
         /* restore saved state */
         *ver_chain = rs_ctx->ver_chain; /* struct copy */
         self_cnt = rs_ctx->self_cnt;
@@ -2863,7 +2867,7 @@
     parent_is_trusted = 0;
     child_is_trusted = 0;
 
-    while( 1 ) {
+    while (1) {
         /* Add certificate to the verification chain */
         cur = &ver_chain->items[ver_chain->len];
         cur->crt = child;
@@ -2872,28 +2876,32 @@
         flags = &cur->flags;
 
         /* Check time-validity (all certificates) */
-        if( mbedtls_x509_time_is_past( &child->valid_to ) )
+        if (mbedtls_x509_time_is_past(&child->valid_to)) {
             *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+        }
 
-        if( mbedtls_x509_time_is_future( &child->valid_from ) )
+        if (mbedtls_x509_time_is_future(&child->valid_from)) {
             *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+        }
 
         /* Stop here for trusted roots (but not for trusted EE certs) */
-        if( child_is_trusted )
-            return( 0 );
+        if (child_is_trusted) {
+            return 0;
+        }
 
         /* Check signature algorithm: MD & PK algs */
-        if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+        if (x509_profile_check_md_alg(profile, child->sig_md) != 0) {
             *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+        }
 
-        if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+        if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) {
             *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+        }
 
         /* Special case: EE certs that are locally trusted */
-        if( ver_chain->len == 1 &&
-            x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
-        {
-            return( 0 );
+        if (ver_chain->len == 1 &&
+            x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) {
+            return 0;
         }
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -2903,19 +2911,18 @@
         /* Obtain list of potential trusted signers from CA callback,
          * or use statically provided list. */
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-        if( f_ca_cb != NULL )
-        {
-            mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result );
-            mbedtls_free( ver_chain->trust_ca_cb_result );
+        if (f_ca_cb != NULL) {
+            mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result);
+            mbedtls_free(ver_chain->trust_ca_cb_result);
             ver_chain->trust_ca_cb_result = NULL;
 
-            ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result );
-            if( ret != 0 )
-                return( MBEDTLS_ERR_X509_FATAL_ERROR );
+            ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result);
+            if (ret != 0) {
+                return MBEDTLS_ERR_X509_FATAL_ERROR;
+            }
 
             cur_trust_ca = ver_chain->trust_ca_cb_result;
-        }
-        else
+        } else
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
         {
             ((void) f_ca_cb);
@@ -2924,60 +2931,58 @@
         }
 
         /* Look for a parent in trusted CAs or up the chain */
-        ret = x509_crt_find_parent( child, cur_trust_ca, &parent,
-                                       &parent_is_trusted, &signature_is_good,
-                                       ver_chain->len - 1, self_cnt, rs_ctx );
+        ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
+                                   &parent_is_trusted, &signature_is_good,
+                                   ver_chain->len - 1, self_cnt, rs_ctx);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-        {
+        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
             /* save state */
             rs_ctx->in_progress = x509_crt_rs_find_parent;
             rs_ctx->self_cnt = self_cnt;
             rs_ctx->ver_chain = *ver_chain; /* struct copy */
 
-            return( ret );
+            return ret;
         }
 #else
         (void) ret;
 #endif
 
         /* No parent? We're done here */
-        if( parent == NULL )
-        {
+        if (parent == NULL) {
             *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-            return( 0 );
+            return 0;
         }
 
         /* Count intermediate self-issued (not necessarily self-signed) certs.
          * These can occur with some strategies for key rollover, see [SIRO],
          * and should be excluded from max_pathlen checks. */
-        if( ver_chain->len != 1 &&
-            x509_name_cmp( &child->issuer, &child->subject ) == 0 )
-        {
+        if (ver_chain->len != 1 &&
+            x509_name_cmp(&child->issuer, &child->subject) == 0) {
             self_cnt++;
         }
 
         /* path_cnt is 0 for the first intermediate CA,
          * and if parent is trusted it's not an intermediate CA */
-        if( ! parent_is_trusted &&
-            ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
-        {
+        if (!parent_is_trusted &&
+            ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) {
             /* return immediately to avoid overflow the chain array */
-            return( MBEDTLS_ERR_X509_FATAL_ERROR );
+            return MBEDTLS_ERR_X509_FATAL_ERROR;
         }
 
         /* signature was checked while searching parent */
-        if( ! signature_is_good )
+        if (!signature_is_good) {
             *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+        }
 
         /* check size of signing key */
-        if( x509_profile_check_key( profile, &parent->pk ) != 0 )
+        if (x509_profile_check_key(profile, &parent->pk) != 0) {
             *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+        }
 
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
         /* Check trusted CA's CRL for the given crt */
-        *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
+        *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile);
 #else
         (void) ca_crl;
 #endif
@@ -2993,79 +2998,75 @@
 /*
  * Check for CN match
  */
-static int x509_crt_check_cn( const mbedtls_x509_buf *name,
-                              const char *cn, size_t cn_len )
+static int x509_crt_check_cn(const mbedtls_x509_buf *name,
+                             const char *cn, size_t cn_len)
 {
     /* try exact match */
-    if( name->len == cn_len &&
-        x509_memcasecmp( cn, name->p, cn_len ) == 0 )
-    {
-        return( 0 );
+    if (name->len == cn_len &&
+        x509_memcasecmp(cn, name->p, cn_len) == 0) {
+        return 0;
     }
 
     /* try wildcard match */
-    if( x509_check_wildcard( cn, name ) == 0 )
-    {
-        return( 0 );
+    if (x509_check_wildcard(cn, name) == 0) {
+        return 0;
     }
 
-    return( -1 );
+    return -1;
 }
 
 /*
  * Check for SAN match, see RFC 5280 Section 4.2.1.6
  */
-static int x509_crt_check_san( const mbedtls_x509_buf *name,
-                               const char *cn, size_t cn_len )
+static int x509_crt_check_san(const mbedtls_x509_buf *name,
+                              const char *cn, size_t cn_len)
 {
     const unsigned char san_type = (unsigned char) name->tag &
                                    MBEDTLS_ASN1_TAG_VALUE_MASK;
 
     /* dNSName */
-    if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
-        return( x509_crt_check_cn( name, cn, cn_len ) );
+    if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
+        return x509_crt_check_cn(name, cn, cn_len);
+    }
 
     /* (We may handle other types here later.) */
 
     /* Unrecognized type */
-    return( -1 );
+    return -1;
 }
 
 /*
  * Verify the requested CN - only call this if cn is not NULL!
  */
-static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
-                                  const char *cn,
-                                  uint32_t *flags )
+static void x509_crt_verify_name(const mbedtls_x509_crt *crt,
+                                 const char *cn,
+                                 uint32_t *flags)
 {
     const mbedtls_x509_name *name;
     const mbedtls_x509_sequence *cur;
-    size_t cn_len = strlen( cn );
+    size_t cn_len = strlen(cn);
 
-    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
-    {
-        for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
-        {
-            if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
-                break;
-        }
-
-        if( cur == NULL )
-            *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
-    }
-    else
-    {
-        for( name = &crt->subject; name != NULL; name = name->next )
-        {
-            if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
-                x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
-            {
+    if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
+        for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
+            if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
                 break;
             }
         }
 
-        if( name == NULL )
+        if (cur == NULL) {
             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+        }
+    } else {
+        for (name = &crt->subject; name != NULL; name = name->next) {
+            if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
+                x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
+                break;
+            }
+        }
+
+        if (name == NULL) {
+            *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+        }
     }
 }
 
@@ -3073,29 +3074,30 @@
  * Merge the flags for all certs in the chain, after calling callback
  */
 static int x509_crt_merge_flags_with_cb(
-           uint32_t *flags,
-           const mbedtls_x509_crt_verify_chain *ver_chain,
-           int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-           void *p_vrfy )
+    uint32_t *flags,
+    const mbedtls_x509_crt_verify_chain *ver_chain,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned i;
     uint32_t cur_flags;
     const mbedtls_x509_crt_verify_chain_item *cur;
 
-    for( i = ver_chain->len; i != 0; --i )
-    {
+    for (i = ver_chain->len; i != 0; --i) {
         cur = &ver_chain->items[i-1];
         cur_flags = cur->flags;
 
-        if( NULL != f_vrfy )
-            if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
-                return( ret );
+        if (NULL != f_vrfy) {
+            if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) {
+                return ret;
+            }
+        }
 
         *flags |= cur_flags;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -3115,16 +3117,19 @@
  * of trusted signers, and `ca_crl` will be use as the static list
  * of CRLs.
  */
-static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                     void *p_ca_cb,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy,
-                     mbedtls_x509_crt_restart_ctx *rs_ctx )
+static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
+                                             mbedtls_x509_crt *trust_ca,
+                                             mbedtls_x509_crl *ca_crl,
+                                             mbedtls_x509_crt_ca_cb_t f_ca_cb,
+                                             void *p_ca_cb,
+                                             const mbedtls_x509_crt_profile *profile,
+                                             const char *cn, uint32_t *flags,
+                                             int (*f_vrfy)(void *,
+                                                           mbedtls_x509_crt *,
+                                                           int,
+                                                           uint32_t *),
+                                             void *p_vrfy,
+                                             mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_pk_type_t pk_type;
@@ -3133,105 +3138,110 @@
 
     *flags = 0;
     ee_flags = 0;
-    x509_crt_verify_chain_reset( &ver_chain );
+    x509_crt_verify_chain_reset(&ver_chain);
 
-    if( profile == NULL )
-    {
+    if (profile == NULL) {
         ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
         goto exit;
     }
 
     /* check name if requested */
-    if( cn != NULL )
-        x509_crt_verify_name( crt, cn, &ee_flags );
+    if (cn != NULL) {
+        x509_crt_verify_name(crt, cn, &ee_flags);
+    }
 
     /* Check the type and size of the key */
-    pk_type = mbedtls_pk_get_type( &crt->pk );
+    pk_type = mbedtls_pk_get_type(&crt->pk);
 
-    if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
+    if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
         ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+    }
 
-    if( x509_profile_check_key( profile, &crt->pk ) != 0 )
+    if (x509_profile_check_key(profile, &crt->pk) != 0) {
         ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+    }
 
     /* Check the chain */
-    ret = x509_crt_verify_chain( crt, trust_ca, ca_crl,
-                                 f_ca_cb, p_ca_cb, profile,
-                                 &ver_chain, rs_ctx );
+    ret = x509_crt_verify_chain(crt, trust_ca, ca_crl,
+                                f_ca_cb, p_ca_cb, profile,
+                                &ver_chain, rs_ctx);
 
-    if( ret != 0 )
+    if (ret != 0) {
         goto exit;
+    }
 
     /* Merge end-entity flags */
     ver_chain.items[0].flags |= ee_flags;
 
     /* Build final flags, calling callback on the way if any */
-    ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
+    ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy);
 
 exit:
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-    mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result );
-    mbedtls_free( ver_chain.trust_ca_cb_result );
+    mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result);
+    mbedtls_free(ver_chain.trust_ca_cb_result);
     ver_chain.trust_ca_cb_result = NULL;
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-        mbedtls_x509_crt_restart_free( rs_ctx );
+    if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
+        mbedtls_x509_crt_restart_free(rs_ctx);
+    }
 #endif
 
     /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
      * the SSL module for authmode optional, but non-zero return from the
      * callback means a fatal error so it shouldn't be ignored */
-    if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+    if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
         ret = MBEDTLS_ERR_X509_FATAL_ERROR;
-
-    if( ret != 0 )
-    {
-        *flags = (uint32_t) -1;
-        return( ret );
     }
 
-    if( *flags != 0 )
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+    if (ret != 0) {
+        *flags = (uint32_t) -1;
+        return ret;
+    }
 
-    return( 0 );
+    if (*flags != 0) {
+        return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
+    }
+
+    return 0;
 }
 
 
 /*
  * Verify the certificate validity (default profile, not restartable)
  */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
+                            mbedtls_x509_crt *trust_ca,
+                            mbedtls_x509_crl *ca_crl,
+                            const char *cn, uint32_t *flags,
+                            int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                            void *p_vrfy)
 {
-    return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
-                                         NULL, NULL,
-                                         &mbedtls_x509_crt_profile_default,
-                                         cn, flags,
-                                         f_vrfy, p_vrfy, NULL ) );
+    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+                                             NULL, NULL,
+                                             &mbedtls_x509_crt_profile_default,
+                                             cn, flags,
+                                             f_vrfy, p_vrfy, NULL);
 }
 
 /*
  * Verify the certificate validity (user-chosen profile, not restartable)
  */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
+                                         mbedtls_x509_crt *trust_ca,
+                                         mbedtls_x509_crl *ca_crl,
+                                         const mbedtls_x509_crt_profile *profile,
+                                         const char *cn, uint32_t *flags,
+                                         int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                                         void *p_vrfy)
 {
-    return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
-                                                 NULL, NULL,
-                                                 profile, cn, flags,
-                                                 f_vrfy, p_vrfy, NULL ) );
+    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+                                             NULL, NULL,
+                                             profile, cn, flags,
+                                             f_vrfy, p_vrfy, NULL);
 }
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -3239,79 +3249,78 @@
  * Verify the certificate validity (user-chosen profile, CA callback,
  *                                  not restartable).
  */
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                     void *p_ca_cb,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
+                                       mbedtls_x509_crt_ca_cb_t f_ca_cb,
+                                       void *p_ca_cb,
+                                       const mbedtls_x509_crt_profile *profile,
+                                       const char *cn, uint32_t *flags,
+                                       int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                                       void *p_vrfy)
 {
-    return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL,
-                                                 f_ca_cb, p_ca_cb,
-                                                 profile, cn, flags,
-                                                 f_vrfy, p_vrfy, NULL ) );
+    return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL,
+                                             f_ca_cb, p_ca_cb,
+                                             profile, cn, flags,
+                                             f_vrfy, p_vrfy, NULL);
 }
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy,
-                     mbedtls_x509_crt_restart_ctx *rs_ctx )
+int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
+                                        mbedtls_x509_crt *trust_ca,
+                                        mbedtls_x509_crl *ca_crl,
+                                        const mbedtls_x509_crt_profile *profile,
+                                        const char *cn, uint32_t *flags,
+                                        int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                                        void *p_vrfy,
+                                        mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
-    return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl,
-                                                 NULL, NULL,
-                                                 profile, cn, flags,
-                                                 f_vrfy, p_vrfy, rs_ctx ) );
+    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
+                                             NULL, NULL,
+                                             profile, cn, flags,
+                                             f_vrfy, p_vrfy, rs_ctx);
 }
 
 
 /*
  * Initialize a certificate chain
  */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
+void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
 {
-    memset( crt, 0, sizeof(mbedtls_x509_crt) );
+    memset(crt, 0, sizeof(mbedtls_x509_crt));
 }
 
 /*
  * Unallocate all certificate data
  */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
+void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
 {
     mbedtls_x509_crt *cert_cur = crt;
     mbedtls_x509_crt *cert_prv;
 
-    while( cert_cur != NULL )
-    {
-        mbedtls_pk_free( &cert_cur->pk );
+    while (cert_cur != NULL) {
+        mbedtls_pk_free(&cert_cur->pk);
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free( cert_cur->sig_opts );
+        mbedtls_free(cert_cur->sig_opts);
 #endif
 
-        mbedtls_asn1_free_named_data_list_shallow( cert_cur->issuer.next );
-        mbedtls_asn1_free_named_data_list_shallow( cert_cur->subject.next );
-        mbedtls_asn1_sequence_free( cert_cur->ext_key_usage.next );
-        mbedtls_asn1_sequence_free( cert_cur->subject_alt_names.next );
-        mbedtls_asn1_sequence_free( cert_cur->certificate_policies.next );
+        mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next);
+        mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next);
+        mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
+        mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next);
+        mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next);
 
-        if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
-        {
-            mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
-            mbedtls_free( cert_cur->raw.p );
+        if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
+            mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
+            mbedtls_free(cert_cur->raw.p);
         }
 
         cert_prv = cert_cur;
         cert_cur = cert_cur->next;
 
-        mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
-        if( cert_prv != crt )
-            mbedtls_free( cert_prv );
+        mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt));
+        if (cert_prv != crt) {
+            mbedtls_free(cert_prv);
+        }
     }
 }
 
@@ -3319,9 +3328,9 @@
 /*
  * Initialize a restart context
  */
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
+void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
 {
-    mbedtls_pk_restart_init( &ctx->pk );
+    mbedtls_pk_restart_init(&ctx->pk);
 
     ctx->parent = NULL;
     ctx->fallback_parent = NULL;
@@ -3331,19 +3340,20 @@
 
     ctx->in_progress = x509_crt_rs_none;
     ctx->self_cnt = 0;
-    x509_crt_verify_chain_reset( &ctx->ver_chain );
+    x509_crt_verify_chain_reset(&ctx->ver_chain);
 }
 
 /*
  * Free the components of a restart context
  */
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
+void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
-    mbedtls_pk_restart_free( &ctx->pk );
-    mbedtls_x509_crt_restart_init( ctx );
+    mbedtls_pk_restart_free(&ctx->pk);
+    mbedtls_x509_crt_restart_init(ctx);
 }
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
diff --git a/library/x509_csr.c b/library/x509_csr.c
index f9462ad..0c664d9 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -51,56 +51,56 @@
 /*
  *  Version  ::=  INTEGER  {  v1(0)  }
  */
-static int x509_csr_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
+static int x509_csr_get_version(unsigned char **p,
+                                const unsigned char *end,
+                                int *ver)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
+    if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
+        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
             *ver = 0;
-            return( 0 );
+            return 0;
         }
 
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse a CSR in DER format
  */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
-                        const unsigned char *buf, size_t buflen )
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+                               const unsigned char *buf, size_t buflen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
     unsigned char *p, *end;
     mbedtls_x509_buf sig_params;
 
-    memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
+    memset(&sig_params, 0, sizeof(mbedtls_x509_buf));
 
     /*
      * Check for valid input
      */
-    if( csr == NULL || buf == NULL || buflen == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (csr == NULL || buf == NULL || buflen == 0) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
-    mbedtls_x509_csr_init( csr );
+    mbedtls_x509_csr_init(csr);
 
     /*
      * first copy the raw DER data
      */
-    p = mbedtls_calloc( 1, len = buflen );
+    p = mbedtls_calloc(1, len = buflen);
 
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+    if (p == NULL) {
+        return MBEDTLS_ERR_X509_ALLOC_FAILED;
+    }
 
-    memcpy( p, buf, buflen );
+    memcpy(p, buf, buflen);
 
     csr->raw.p = p;
     csr->raw.len = len;
@@ -113,18 +113,16 @@
      *       signature          BIT STRING
      *  }
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
     }
 
-    if( len != (size_t) ( end - p ) )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (len != (size_t) (end - p)) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
     /*
@@ -132,11 +130,10 @@
      */
     csr->cri.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     end = p + len;
@@ -145,16 +142,14 @@
     /*
      *  Version  ::=  INTEGER {  v1(0) }
      */
-    if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
+    if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return ret;
     }
 
-    if( csr->version != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    if (csr->version != 0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
     }
 
     csr->version++;
@@ -164,17 +159,15 @@
      */
     csr->subject_raw.p = p;
 
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
+    if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return ret;
     }
 
     csr->subject_raw.len = p - csr->subject_raw.p;
@@ -182,10 +175,9 @@
     /*
      *  subjectPKInfo SubjectPublicKeyInfo
      */
-    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
+    if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return ret;
     }
 
     /*
@@ -198,11 +190,11 @@
      *  the requester's expectations - this cannot cause a violation of our
      *  signature policies.
      */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
+        0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
     }
 
     p += len;
@@ -213,40 +205,36 @@
      *  signatureAlgorithm   AlgorithmIdentifier,
      *  signature            BIT STRING
      */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
+    if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return ret;
     }
 
-    if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
-                                  &csr->sig_md, &csr->sig_pk,
-                                  &csr->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+    if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params,
+                                        &csr->sig_md, &csr->sig_pk,
+                                        &csr->sig_opts)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
     }
 
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
+    if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) {
+        mbedtls_x509_csr_free(csr);
+        return ret;
     }
 
-    if( p != end )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
+    if (p != end) {
+        mbedtls_x509_csr_free(csr);
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
+                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
  * Parse a CSR, allowing for PEM or raw DER encoding
  */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
+int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
 {
 #if defined(MBEDTLS_PEM_PARSE_C)
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -257,61 +245,61 @@
     /*
      * Check for valid input
      */
-    if( csr == NULL || buf == NULL || buflen == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (csr == NULL || buf == NULL || buflen == 0) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_PEM_PARSE_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( buf[buflen - 1] == '\0' )
-    {
-        mbedtls_pem_init( &pem );
-        ret = mbedtls_pem_read_buffer( &pem,
-                                       "-----BEGIN CERTIFICATE REQUEST-----",
-                                       "-----END CERTIFICATE REQUEST-----",
-                                       buf, NULL, 0, &use_len );
-        if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        {
-            ret = mbedtls_pem_read_buffer( &pem,
-                                           "-----BEGIN NEW CERTIFICATE REQUEST-----",
-                                           "-----END NEW CERTIFICATE REQUEST-----",
-                                           buf, NULL, 0, &use_len );
+    if (buf[buflen - 1] == '\0') {
+        mbedtls_pem_init(&pem);
+        ret = mbedtls_pem_read_buffer(&pem,
+                                      "-----BEGIN CERTIFICATE REQUEST-----",
+                                      "-----END CERTIFICATE REQUEST-----",
+                                      buf, NULL, 0, &use_len);
+        if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+            ret = mbedtls_pem_read_buffer(&pem,
+                                          "-----BEGIN NEW CERTIFICATE REQUEST-----",
+                                          "-----END NEW CERTIFICATE REQUEST-----",
+                                          buf, NULL, 0, &use_len);
         }
 
-        if( ret == 0 )
-        {
+        if (ret == 0) {
             /*
              * Was PEM encoded, parse the result
              */
-            ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+            ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen);
         }
 
-        mbedtls_pem_free( &pem );
-        if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-            return( ret );
+        mbedtls_pem_free(&pem);
+        if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+            return ret;
+        }
     }
 #endif /* MBEDTLS_PEM_PARSE_C */
-    return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
+    return mbedtls_x509_csr_parse_der(csr, buf, buflen);
 }
 
 #if defined(MBEDTLS_FS_IO)
 /*
  * Load a CSR into the structure
  */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
+int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
+        return ret;
+    }
 
-    ret = mbedtls_x509_csr_parse( csr, buf, n );
+    ret = mbedtls_x509_csr_parse(csr, buf, n);
 
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
+    mbedtls_platform_zeroize(buf, n);
+    mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -321,8 +309,8 @@
 /*
  * Return an informational string about the CSR.
  */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_csr *csr )
+int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix,
+                          const mbedtls_x509_csr *csr)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
@@ -332,67 +320,66 @@
     p = buf;
     n = size;
 
-    ret = mbedtls_snprintf( p, n, "%sCSR version   : %d",
-                               prefix, csr->version );
+    ret = mbedtls_snprintf(p, n, "%sCSR version   : %d",
+                           prefix, csr->version);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%ssubject name  : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%ssubject name  : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
+    ret = mbedtls_x509_dn_gets(p, n, &csr->subject);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
+    ret = mbedtls_snprintf(p, n, "\n%ssigned using  : ", prefix);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
-                             csr->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
+                                    csr->sig_opts);
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
-                                      mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
+                                            mbedtls_pk_get_name(&csr->pk))) != 0) {
+        return ret;
     }
 
-    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
-                          (int) mbedtls_pk_get_bitlen( &csr->pk ) );
+    ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+                           (int) mbedtls_pk_get_bitlen(&csr->pk));
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    return( (int) ( size - n ) );
+    return (int) (size - n);
 }
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 
 /*
  * Initialize a CSR
  */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
+void mbedtls_x509_csr_init(mbedtls_x509_csr *csr)
 {
-    memset( csr, 0, sizeof(mbedtls_x509_csr) );
+    memset(csr, 0, sizeof(mbedtls_x509_csr));
 }
 
 /*
  * Unallocate all CSR data
  */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
+void mbedtls_x509_csr_free(mbedtls_x509_csr *csr)
 {
-    if( csr == NULL )
+    if (csr == NULL) {
         return;
-
-    mbedtls_pk_free( &csr->pk );
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    mbedtls_free( csr->sig_opts );
-#endif
-
-    mbedtls_asn1_free_named_data_list_shallow( csr->subject.next );
-
-    if( csr->raw.p != NULL )
-    {
-        mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
-        mbedtls_free( csr->raw.p );
     }
 
-    mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
+    mbedtls_pk_free(&csr->pk);
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    mbedtls_free(csr->sig_opts);
+#endif
+
+    mbedtls_asn1_free_named_data_list_shallow(csr->subject.next);
+
+    if (csr->raw.p != NULL) {
+        mbedtls_platform_zeroize(csr->raw.p, csr->raw.len);
+        mbedtls_free(csr->raw.p);
+    }
+
+    mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr));
 }
 
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 254c4b2..febd0e6 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -48,136 +48,135 @@
 #include "hash_info.h"
 #include "mbedtls/legacy_or_psa.h"
 
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
+void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
+    memset(ctx, 0, sizeof(mbedtls_x509write_cert));
 
-    mbedtls_mpi_init( &ctx->serial );
+    mbedtls_mpi_init(&ctx->serial);
     ctx->version = MBEDTLS_X509_CRT_VERSION_3;
 }
 
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
+void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
 {
-    mbedtls_mpi_free( &ctx->serial );
+    mbedtls_mpi_free(&ctx->serial);
 
-    mbedtls_asn1_free_named_data_list( &ctx->subject );
-    mbedtls_asn1_free_named_data_list( &ctx->issuer );
-    mbedtls_asn1_free_named_data_list( &ctx->extensions );
+    mbedtls_asn1_free_named_data_list(&ctx->subject);
+    mbedtls_asn1_free_named_data_list(&ctx->issuer);
+    mbedtls_asn1_free_named_data_list(&ctx->extensions);
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert));
 }
 
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx,
-                                        int version )
+void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
+                                       int version)
 {
     ctx->version = version;
 }
 
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx,
-                                       mbedtls_md_type_t md_alg )
+void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
+                                      mbedtls_md_type_t md_alg)
 {
     ctx->md_alg = md_alg;
 }
 
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx,
-                                            mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
+                                           mbedtls_pk_context *key)
 {
     ctx->subject_key = key;
 }
 
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx,
-                                           mbedtls_pk_context *key )
+void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
+                                          mbedtls_pk_context *key)
 {
     ctx->issuer_key = key;
 }
 
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
-                                            const char *subject_name )
+int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
+                                           const char *subject_name)
 {
-    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+    return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
 }
 
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
-                                           const char *issuer_name )
+int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
+                                          const char *issuer_name)
 {
-    return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
+    return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
 }
 
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx,
-                                      const mbedtls_mpi *serial )
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
+                                     const mbedtls_mpi *serial)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 )
-        return( ret );
+    if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx,
-                                        const char *not_before,
-                                        const char *not_after )
+int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
+                                       const char *not_before,
+                                       const char *not_after)
 {
-    if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
-        strlen( not_after )  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
-    {
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
+        strlen(not_after)  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
     }
-    strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
-    strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
+    strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
+    strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
     ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
     ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len )
+int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
+                                        const char *oid, size_t oid_len,
+                                        int critical,
+                                        const unsigned char *val, size_t val_len)
 {
-    return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
-                                        critical, val, val_len ) );
+    return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
+                                      critical, val, val_len);
 }
 
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
-                                                 int is_ca, int max_pathlen )
+int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
+                                                int is_ca, int max_pathlen)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char buf[9];
     unsigned char *c = buf + sizeof(buf);
     size_t len = 0;
 
-    memset( buf, 0, sizeof(buf) );
+    memset(buf, 0, sizeof(buf));
 
-    if( is_ca && max_pathlen > 127 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    if( is_ca )
-    {
-        if( max_pathlen >= 0 )
-        {
-            MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf,
-                                                               max_pathlen ) );
-        }
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
+    if (is_ca && max_pathlen > 127) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
-                                                MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
+    if (is_ca) {
+        if (max_pathlen >= 0) {
+            MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf,
+                                                             max_pathlen));
+        }
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1));
+    }
 
-    return(
-        mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
-                             MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
-                             is_ca, buf + sizeof(buf) - len, len ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
+
+    return
+        mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
+                                            MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS),
+                                            is_ca, buf + sizeof(buf) - len, len);
 }
 
 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert *ctx,
-                                              int is_ca,
-                                              unsigned char tag )
+static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx,
+                                                    int is_ca,
+                                                    unsigned char tag)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
@@ -188,116 +187,121 @@
     size_t hash_length;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    memset( buf, 0, sizeof(buf) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-                          mbedtls_pk_write_pubkey( &c,
-                                                   buf,
-                                                   is_ca ?
-                                                   ctx->issuer_key :
-                                                   ctx->subject_key ) );
+    memset(buf, 0, sizeof(buf));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_pk_write_pubkey(&c,
+                                                 buf,
+                                                 is_ca ?
+                                                 ctx->issuer_key :
+                                                 ctx->subject_key));
 
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    status = psa_hash_compute( PSA_ALG_SHA_1,
-                               buf + sizeof(buf) - len,
-                               len,
-                               buf + sizeof(buf) - 20,
-                               20,
-                               &hash_length );
-    if( status != PSA_SUCCESS )
-    {
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    status = psa_hash_compute(PSA_ALG_SHA_1,
+                              buf + sizeof(buf) - len,
+                              len,
+                              buf + sizeof(buf) - 20,
+                              20,
+                              &hash_length);
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 #else
-    ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
-                        buf + sizeof( buf ) - 20 );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_sha1(buf + sizeof(buf) - len, len,
+                       buf + sizeof(buf) - 20);
+    if (ret != 0) {
+        return ret;
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    c = buf + sizeof( buf ) - 20;
+    c = buf + sizeof(buf) - 20;
     len = 20;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, tag ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, tag));
 
-    if( is_ca ) // writes AuthorityKeyIdentifier sequence
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ));
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_asn1_write_tag( &c,
-                                                      buf,
-                                                      MBEDTLS_ASN1_CONSTRUCTED |
-                                                      MBEDTLS_ASN1_SEQUENCE ) );
+    if (is_ca) { // writes AuthorityKeyIdentifier sequence
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(&c,
+                                                    buf,
+                                                    MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE));
     }
 
-    if( is_ca )
-        return( mbedtls_x509write_crt_set_extension( ctx,
-                MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
-                MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
-                0, buf + sizeof(buf) - len, len ) );
-    else
-        return( mbedtls_x509write_crt_set_extension( ctx,
-                MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
-                MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
-                0, buf + sizeof(buf) - len, len ) );
+    if (is_ca) {
+        return mbedtls_x509write_crt_set_extension(ctx,
+                                                   MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+                                                   MBEDTLS_OID_SIZE(
+                                                       MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER),
+                                                   0, buf + sizeof(buf) - len, len);
+    } else {
+        return mbedtls_x509write_crt_set_extension(ctx,
+                                                   MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+                                                   MBEDTLS_OID_SIZE(
+                                                       MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER),
+                                                   0, buf + sizeof(buf) - len, len);
+    }
 }
 
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
+int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
 {
-    return mbedtls_x509write_crt_set_key_identifier( ctx,
-                                                     0,
-                                                     MBEDTLS_ASN1_OCTET_STRING );
+    return mbedtls_x509write_crt_set_key_identifier(ctx,
+                                                    0,
+                                                    MBEDTLS_ASN1_OCTET_STRING);
 }
 
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
+int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
 {
-    return mbedtls_x509write_crt_set_key_identifier( ctx,
-                                                     1,
-                                                     (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0) );
+    return mbedtls_x509write_crt_set_key_identifier(ctx,
+                                                    1,
+                                                    (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0));
 }
 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
-                                         unsigned int key_usage )
+int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
+                                        unsigned int key_usage)
 {
-    unsigned char buf[5] = {0}, ku[2] = {0};
+    unsigned char buf[5] = { 0 }, ku[2] = { 0 };
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
-        MBEDTLS_X509_KU_NON_REPUDIATION   |
-        MBEDTLS_X509_KU_KEY_ENCIPHERMENT  |
-        MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
-        MBEDTLS_X509_KU_KEY_AGREEMENT     |
-        MBEDTLS_X509_KU_KEY_CERT_SIGN     |
-        MBEDTLS_X509_KU_CRL_SIGN          |
-        MBEDTLS_X509_KU_ENCIPHER_ONLY     |
-        MBEDTLS_X509_KU_DECIPHER_ONLY;
+                                      MBEDTLS_X509_KU_NON_REPUDIATION   |
+                                      MBEDTLS_X509_KU_KEY_ENCIPHERMENT  |
+                                      MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
+                                      MBEDTLS_X509_KU_KEY_AGREEMENT     |
+                                      MBEDTLS_X509_KU_KEY_CERT_SIGN     |
+                                      MBEDTLS_X509_KU_CRL_SIGN          |
+                                      MBEDTLS_X509_KU_ENCIPHER_ONLY     |
+                                      MBEDTLS_X509_KU_DECIPHER_ONLY;
 
     /* Check that nothing other than the allowed flags is set */
-    if( ( key_usage & ~allowed_bits ) != 0 )
-        return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+    if ((key_usage & ~allowed_bits) != 0) {
+        return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+    }
 
     c = buf + 5;
-    MBEDTLS_PUT_UINT16_LE( key_usage, ku, 0 );
-    ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
+    MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0);
+    ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9);
 
-    if( ret < 0 )
-        return( ret );
-    else if( ret < 3 || ret > 5 )
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    if (ret < 0) {
+        return ret;
+    } else if (ret < 3 || ret > 5) {
+        return MBEDTLS_ERR_X509_INVALID_FORMAT;
+    }
 
-    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
-                                   MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                   1, c, (size_t)ret );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
+                                              MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
+                                              1, c, (size_t) ret);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509write_crt_set_ext_key_usage( mbedtls_x509write_cert *ctx,
-                                             const mbedtls_asn1_sequence *exts )
+int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
+                                            const mbedtls_asn1_sequence *exts)
 {
     unsigned char buf[256];
     unsigned char *c = buf + sizeof(buf);
@@ -306,57 +310,63 @@
     const mbedtls_asn1_sequence *last_ext = NULL;
     const mbedtls_asn1_sequence *ext;
 
-    memset( buf, 0, sizeof(buf) );
+    memset(buf, 0, sizeof(buf));
 
     /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */
-    if( exts == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    if (exts == NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     /* Iterate over exts backwards, so we write them out in the requested order */
-    while( last_ext != exts )
-    {
-        for( ext = exts; ext->next != last_ext; ext = ext->next ) {}
-        if( ext->buf.tag != MBEDTLS_ASN1_OID )
-            return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( &c, buf, ext->buf.p, ext->buf.len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, ext->buf.len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OID ) );
+    while (last_ext != exts) {
+        for (ext = exts; ext->next != last_ext; ext = ext->next) {
+        }
+        if (ext->buf.tag != MBEDTLS_ASN1_OID) {
+            return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+        }
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, ext->buf.p, ext->buf.len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, ext->buf.len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OID));
         last_ext = ext;
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(&c, buf,
+                                                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
 
-    return mbedtls_x509write_crt_set_extension( ctx,
-                         MBEDTLS_OID_EXTENDED_KEY_USAGE,
-                         MBEDTLS_OID_SIZE( MBEDTLS_OID_EXTENDED_KEY_USAGE ),
-                         1, c, len );
+    return mbedtls_x509write_crt_set_extension(ctx,
+                                               MBEDTLS_OID_EXTENDED_KEY_USAGE,
+                                               MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
+                                               1, c, len);
 }
 
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
-                                    unsigned char ns_cert_type )
+int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
+                                           unsigned char ns_cert_type)
 {
-    unsigned char buf[4] = {0};
+    unsigned char buf[4] = { 0 };
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     c = buf + 4;
 
-    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
-    if( ret < 3 || ret > 4 )
-        return( ret );
+    ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
+    if (ret < 3 || ret > 4) {
+        return ret;
+    }
 
-    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
-                                   MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                   0, c, (size_t)ret );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
+                                              MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
+                                              0, c, (size_t) ret);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int x509_write_time( unsigned char **p, unsigned char *start,
-                            const char *t, size_t size )
+static int x509_write_time(unsigned char **p, unsigned char *start,
+                           const char *t, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
@@ -364,32 +374,29 @@
     /*
      * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
      */
-    if( t[0] < '2' || ( t[0] == '2' && t[1] == '0' && t[2] < '5' ) )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                             (const unsigned char *) t + 2,
-                                             size - 2 ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                             MBEDTLS_ASN1_UTC_TIME ) );
-    }
-    else
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                                  (const unsigned char *) t,
-                                                  size ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                             MBEDTLS_ASN1_GENERALIZED_TIME ) );
+    if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+                                                                (const unsigned char *) t + 2,
+                                                                size - 2));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                         MBEDTLS_ASN1_UTC_TIME));
+    } else {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
+                                                                (const unsigned char *) t,
+                                                                size));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                         MBEDTLS_ASN1_GENERALIZED_TIME));
     }
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
-                               unsigned char *buf, size_t size,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
+                              unsigned char *buf, size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *sig_oid;
@@ -416,17 +423,17 @@
 
     /* There's no direct way of extracting a signature algorithm
      * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
-    if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) )
+    if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
         pk_alg = MBEDTLS_PK_RSA;
-    else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) )
+    } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {
         pk_alg = MBEDTLS_PK_ECDSA;
-    else
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
+    } else {
+        return MBEDTLS_ERR_X509_INVALID_ALG;
+    }
 
-    if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
-                                          &sig_oid, &sig_oid_len ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+                                              &sig_oid, &sig_oid_len)) != 0) {
+        return ret;
     }
 
     /*
@@ -434,38 +441,37 @@
      */
 
     /* Only for v3 */
-    if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_x509_write_extensions( &c,
-                                                      buf, ctx->extensions ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_asn1_write_tag( &c, buf,
-                                                      MBEDTLS_ASN1_CONSTRUCTED |
-                                                      MBEDTLS_ASN1_SEQUENCE ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_asn1_write_tag( &c, buf,
-                                               MBEDTLS_ASN1_CONTEXT_SPECIFIC |
-                                               MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+    if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) {
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_x509_write_extensions(&c,
+                                                           buf, ctx->extensions));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(&c, buf,
+                                                    MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(&c, buf,
+                                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                    MBEDTLS_ASN1_CONSTRUCTED | 3));
     }
 
     /*
      *  SubjectPublicKeyInfo
      */
-    MBEDTLS_ASN1_CHK_ADD( pub_len,
-                          mbedtls_pk_write_pubkey_der( ctx->subject_key,
-                                                       buf, c - buf ) );
+    MBEDTLS_ASN1_CHK_ADD(pub_len,
+                         mbedtls_pk_write_pubkey_der(ctx->subject_key,
+                                                     buf, c - buf));
     c -= pub_len;
     len += pub_len;
 
     /*
      *  Subject  ::=  Name
      */
-    MBEDTLS_ASN1_CHK_ADD( len,
-                          mbedtls_x509_write_names( &c, buf,
-                                                    ctx->subject ) );
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_x509_write_names(&c, buf,
+                                                  ctx->subject));
 
     /*
      *  Validity ::= SEQUENCE {
@@ -474,63 +480,62 @@
      */
     sub_len = 0;
 
-    MBEDTLS_ASN1_CHK_ADD( sub_len,
-                          x509_write_time( &c, buf, ctx->not_after,
-                                        MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+    MBEDTLS_ASN1_CHK_ADD(sub_len,
+                         x509_write_time(&c, buf, ctx->not_after,
+                                         MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
 
-    MBEDTLS_ASN1_CHK_ADD( sub_len,
-                          x509_write_time( &c, buf, ctx->not_before,
-                                        MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+    MBEDTLS_ASN1_CHK_ADD(sub_len,
+                         x509_write_time(&c, buf, ctx->not_before,
+                                         MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
 
     len += sub_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-                          mbedtls_asn1_write_tag( &c, buf,
-                                                  MBEDTLS_ASN1_CONSTRUCTED |
-                                                  MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(&c, buf,
+                                                MBEDTLS_ASN1_CONSTRUCTED |
+                                                MBEDTLS_ASN1_SEQUENCE));
 
     /*
      *  Issuer  ::=  Name
      */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
-                                                         ctx->issuer ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
+                                                       ctx->issuer));
 
     /*
      *  Signature   ::=  AlgorithmIdentifier
      */
-    MBEDTLS_ASN1_CHK_ADD( len,
-                          mbedtls_asn1_write_algorithm_identifier( &c, buf,
-                                              sig_oid, strlen( sig_oid ), 0 ) );
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_algorithm_identifier(&c, buf,
+                                                                 sig_oid, strlen(sig_oid), 0));
 
     /*
      *  Serial   ::=  INTEGER
      */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf,
-                                                       &ctx->serial ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf,
+                                                     &ctx->serial));
 
     /*
      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      */
 
     /* Can be omitted for v1 */
-    if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
-    {
+    if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) {
         sub_len = 0;
-        MBEDTLS_ASN1_CHK_ADD( sub_len,
-                              mbedtls_asn1_write_int( &c, buf, ctx->version ) );
+        MBEDTLS_ASN1_CHK_ADD(sub_len,
+                             mbedtls_asn1_write_int(&c, buf, ctx->version));
         len += sub_len;
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_asn1_write_len( &c, buf, sub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-                              mbedtls_asn1_write_tag( &c, buf,
-                                               MBEDTLS_ASN1_CONTEXT_SPECIFIC |
-                                               MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_len(&c, buf, sub_len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(&c, buf,
+                                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                    MBEDTLS_ASN1_CONSTRUCTED | 0));
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-                mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                     MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                MBEDTLS_ASN1_SEQUENCE));
 
     /*
      * Make signature
@@ -538,45 +543,43 @@
 
     /* Compute hash of CRT. */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_algorithm = mbedtls_hash_info_psa_from_md( ctx->md_alg );
+    psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg);
 
-    status = psa_hash_compute( psa_algorithm,
-                               c,
-                               len,
-                               hash,
-                               sizeof( hash ),
-                               &hash_length );
-    if( status != PSA_SUCCESS )
-    {
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    status = psa_hash_compute(psa_algorithm,
+                              c,
+                              len,
+                              hash,
+                              sizeof(hash),
+                              &hash_length);
+    if (status != PSA_SUCCESS) {
+        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 #else
-    if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
-                            len, hash ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
+                          len, hash)) != 0) {
+        return ret;
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 
-    if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
-                                 hash, hash_length, sig, sizeof( sig ), &sig_len,
-                                 f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
+                               hash, hash_length, sig, sizeof(sig), &sig_len,
+                               f_rng, p_rng)) != 0) {
+        return ret;
     }
 
     /* Move CRT to the front of the buffer to have space
      * for the signature. */
-    memmove( buf, c, len );
+    memmove(buf, c, len);
     c = buf + len;
 
     /* Add signature at the end of the buffer,
      * making sure that it doesn't underflow
      * into the CRT buffer. */
     c2 = buf + size;
-    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c,
-                                        sig_oid, sig_oid_len, sig, sig_len ) );
+    MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
+                                                                 sig_oid, sig_oid_len, sig,
+                                                                 sig_len));
 
     /*
      * Memory layout after this step:
@@ -587,43 +590,41 @@
 
     /* Move raw CRT to just before the signature. */
     c = c2 - len;
-    memmove( c, buf, len );
+    memmove(c, buf, len);
 
     len += sig_and_oid_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf,
-                                                 MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
 #define PEM_BEGIN_CRT           "-----BEGIN CERTIFICATE-----\n"
 #define PEM_END_CRT             "-----END CERTIFICATE-----\n"
 
 #if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
-                               unsigned char *buf, size_t size,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
+                              unsigned char *buf, size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
-                                   f_rng, p_rng ) ) < 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
+                                         f_rng, p_rng)) < 0) {
+        return ret;
     }
 
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
-                                          buf + size - ret, ret,
-                                          buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
+                                        buf + size - ret, ret,
+                                        buf, size, &olen)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PEM_WRITE_C */
 
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 976f6e6..d8d8e99 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -47,93 +47,97 @@
 
 #include "mbedtls/platform.h"
 
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
+void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)
 {
-    memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
+    memset(ctx, 0, sizeof(mbedtls_x509write_csr));
 }
 
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
+void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
 {
-    mbedtls_asn1_free_named_data_list( &ctx->subject );
-    mbedtls_asn1_free_named_data_list( &ctx->extensions );
+    mbedtls_asn1_free_named_data_list(&ctx->subject);
+    mbedtls_asn1_free_named_data_list(&ctx->extensions);
 
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
+    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr));
 }
 
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
+void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)
 {
     ctx->md_alg = md_alg;
 }
 
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key )
+void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)
 {
     ctx->key = key;
 }
 
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
-                                    const char *subject_name )
+int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
+                                           const char *subject_name)
 {
-    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+    return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
 }
 
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len )
+int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
+                                        const char *oid, size_t oid_len,
+                                        int critical,
+                                        const unsigned char *val, size_t val_len)
 {
-    return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
-                               critical, val, val_len );
+    return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
+                                      critical, val, val_len);
 }
 
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
+int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
 {
-    unsigned char buf[4] = {0};
+    unsigned char buf[4] = { 0 };
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     c = buf + 4;
 
-    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
-    if( ret < 3 || ret > 4 )
-        return( ret );
+    ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8);
+    if (ret < 3 || ret > 4) {
+        return ret;
+    }
 
-    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                       0, c, (size_t)ret );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
+                                              MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
+                                              0, c, (size_t) ret);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
-                                    unsigned char ns_cert_type )
+int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
+                                           unsigned char ns_cert_type)
 {
-    unsigned char buf[4] = {0};
+    unsigned char buf[4] = { 0 };
     unsigned char *c;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     c = buf + 4;
 
-    ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
-    if( ret < 3 || ret > 4 )
-        return( ret );
+    ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
+    if (ret < 3 || ret > 4) {
+        return ret;
+    }
 
-    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                       0, c, (size_t)ret );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
+                                              MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
+                                              0, c, (size_t) ret);
+    if (ret != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
-static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
-                                 unsigned char *buf,
-                                 size_t size,
-                                 unsigned char *sig, size_t sig_size,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
+static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
+                                      unsigned char *buf,
+                                      size_t size,
+                                      unsigned char *sig, size_t sig_size,
+                                      int (*f_rng)(void *, unsigned char *, size_t),
+                                      void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *sig_oid;
@@ -145,113 +149,111 @@
     mbedtls_pk_type_t pk_alg;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     size_t hash_len;
-    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( ctx->md_alg );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* Write the CSR backwards starting from the end of buf */
     c = buf + size;
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf,
-                                                           ctx->extensions ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf,
+                                                            ctx->extensions));
 
-    if( len )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-            mbedtls_asn1_write_tag(
-                &c, buf,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    if (len) {
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(
+                                 &c, buf,
+                                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
 
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-            mbedtls_asn1_write_tag(
-                &c, buf,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) );
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(
+                                 &c, buf,
+                                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET));
 
-        MBEDTLS_ASN1_CHK_ADD( len,
-            mbedtls_asn1_write_oid(
-                &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
-                MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_oid(
+                                 &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
+                                 MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ)));
 
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len,
-            mbedtls_asn1_write_tag(
-                &c, buf,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+        MBEDTLS_ASN1_CHK_ADD(len,
+                             mbedtls_asn1_write_tag(
+                                 &c, buf,
+                                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
     }
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-        mbedtls_asn1_write_tag(
-            &c, buf,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(
+                             &c, buf,
+                             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
 
-    MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
-                                                              buf, c - buf ) );
+    MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
+                                                              buf, c - buf));
     c -= pub_len;
     len += pub_len;
 
     /*
      *  Subject  ::=  Name
      */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
-                                                         ctx->subject ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
+                                                       ctx->subject));
 
     /*
      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
 
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-        mbedtls_asn1_write_tag(
-            &c, buf,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(
+                             &c, buf,
+                             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
 
     /*
      * Sign the written CSR data into the sig buffer
      * Note: hash errors can happen only after an internal error
      */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( psa_hash_compute( hash_alg,
-                          c,
-                          len,
-                          hash,
-                          sizeof( hash ),
-                          &hash_len ) != PSA_SUCCESS )
-    {
-        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+    if (psa_hash_compute(hash_alg,
+                         c,
+                         len,
+                         hash,
+                         sizeof(hash),
+                         &hash_len) != PSA_SUCCESS) {
+        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
-    ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
-    if( ret != 0 )
-        return( ret );
+    ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
+    if (ret != 0) {
+        return ret;
+    }
 #endif
-    if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0,
-                                 sig, sig_size, &sig_len,
-                                 f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
+                               sig, sig_size, &sig_len,
+                               f_rng, p_rng)) != 0) {
+        return ret;
     }
 
-    if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
+    if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) {
         pk_alg = MBEDTLS_PK_RSA;
-    else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
+    } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {
         pk_alg = MBEDTLS_PK_ECDSA;
-    else
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
+    } else {
+        return MBEDTLS_ERR_X509_INVALID_ALG;
+    }
 
-    if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
-                                              &sig_oid, &sig_oid_len ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+                                              &sig_oid, &sig_oid_len)) != 0) {
+        return ret;
     }
 
     /*
      * Move the written CSR data to the start of buf to create space for
      * writing the signature into buf.
      */
-    memmove( buf, c, len );
+    memmove(buf, c, len);
 
     /*
      * Write sig and its OID into buf backwards from the end of buf.
@@ -259,78 +261,75 @@
      * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
      */
     c2 = buf + size;
-    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len,
-        mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len,
-                                sig, sig_len ) );
+    MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
+                         mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
+                                                sig, sig_len));
 
     /*
      * Compact the space between the CSR data and signature by moving the
      * CSR data to the start of the signature.
      */
     c2 -= len;
-    memmove( c2, buf, len );
+    memmove(c2, buf, len);
 
     /* ASN encode the total size and tag the CSR data with it. */
     len += sig_and_oid_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len,
-        mbedtls_asn1_write_tag(
-            &c2, buf,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len));
+    MBEDTLS_ASN1_CHK_ADD(len,
+                         mbedtls_asn1_write_tag(
+                             &c2, buf,
+                             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
 
     /* Zero the unused bytes at the start of buf */
-    memset( buf, 0, c2 - buf);
+    memset(buf, 0, c2 - buf);
 
-    return( (int) len );
+    return (int) len;
 }
 
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf,
-                               size_t size,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
+                              size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret;
     unsigned char *sig;
 
-    if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL )
-    {
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+    if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) {
+        return MBEDTLS_ERR_X509_ALLOC_FAILED;
     }
 
-    ret = x509write_csr_der_internal( ctx, buf, size,
-                                      sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
-                                      f_rng, p_rng );
+    ret = x509write_csr_der_internal(ctx, buf, size,
+                                     sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
+                                     f_rng, p_rng);
 
-    mbedtls_free( sig );
+    mbedtls_free(sig);
 
-    return( ret );
+    return ret;
 }
 
 #define PEM_BEGIN_CSR           "-----BEGIN CERTIFICATE REQUEST-----\n"
 #define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
 
 #if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng )
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen = 0;
 
-    if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size,
-                                   f_rng, p_rng ) ) < 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
+                                         f_rng, p_rng)) < 0) {
+        return ret;
     }
 
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
-                                  buf + size - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
+    if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR,
+                                        buf + size - ret,
+                                        ret, buf, size, &olen)) != 0) {
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_PEM_WRITE_C */