- stevesk@cvs.openbsd.org 2001/02/04 08:32:27

[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2025-04-25 12:48:28 +00:00 · 2001-02-05 12:42:17 +00:00 · 2001-02-05 12:42:17 +00:00 · ef4eea9bad
commit ef4eea9bad
parent d2ddda4efa
49 changed files with 386 additions and 382 deletions
--- a/6
+++ b/6
@ -1,7 +1,11 @@
 20010105
- - (bal) Disable groupaccess by setting NGROUP_MAX to 0 for platforms
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
   that don't have NGROUPS_MAX.
 - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
 - (stevesk) OpenBSD sync:
   - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
     [many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 20010104
 - (bal) I think this is the last of the bsd-*.h that don't belong.
--- a/acconfig.h
+++ b/acconfig.h
@ -225,7 +225,7 @@
 /* Define if you are using Solaris-derived PAM which passes pam_messages  */
 /* to the conversation function with an extra level of indirection */
 #undef PAM_SUN_CODEBASE
- 
+
 /* Set this to your mail directory if you don't have maillock.h */
 #undef MAIL_DIRECTORY
--- a/auth-chall.c
+++ b/auth-chall.c
@ -34,7 +34,7 @@ char *
 get_challenge(Authctxt *authctxt, char *devs)
 {
 	static char challenge[1024];
-        struct skey skey;
+	struct skey skey;
 	if (skeychallenge(&skey, authctxt->user, challenge) == -1)
 		return NULL;
 	strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
--- a/auth-pam.c
+++ b/auth-pam.c
@ -32,7 +32,7 @@
 #include "canohost.h"
 #include "readpass.h"
-RCSID("$Id: auth-pam.c,v 1.23 2001/02/04 12:20:19 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.24 2001/02/05 12:42:17 stevesk Exp $");
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@ -97,7 +97,7 @@ static int pamconv(int num_msg, const struct pam_message **msg,
 	/* PAM will free this later */
 	reply = malloc(num_msg * sizeof(*reply));
 	if (reply == NULL)
-		return PAM_CONV_ERR; 
+		return PAM_CONV_ERR;
 	for (count = 0; count < num_msg; count++) {
 		switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
@ -120,7 +120,7 @@ static int pamconv(int num_msg, const struct pam_message **msg,
 					}
 					reply[count].resp = xstrdup(pampasswd);
 				} else {
-					reply[count].resp = 
+					reply[count].resp =
 						xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
 				}
 				reply[count].resp_retcode = PAM_SUCCESS;
@ -158,19 +158,19 @@ void pam_cleanup_proc(void *context)
 	{
 		pam_retval = pam_close_session(pamh, 0);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot close PAM session[%d]: %.200s", 
+			log("Cannot close PAM session[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 		pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
 		if (pam_retval != PAM_SUCCESS) {
-			debug("Cannot delete credentials[%d]: %.200s", 
+			debug("Cannot delete credentials[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 		pam_retval = pam_end(pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot release PAM authentication[%d]: %.200s", 
+			log("Cannot release PAM authentication[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@ -193,15 +193,15 @@ int auth_pam_password(struct passwd *pw, const char *password)
 		return 0;
 	pampasswd = password;
-	
+
 	pamstate = INITIAL_LOGIN;
 	pam_retval = do_pam_authenticate(0);
 	if (pam_retval == PAM_SUCCESS) {
-		debug("PAM Password authentication accepted for user \"%.100s\"", 
+		debug("PAM Password authentication accepted for user \"%.100s\"",
 			pw->pw_name);
 		return 1;
 	} else {
-		debug("PAM Password authentication for \"%.100s\" failed[%d]: %s", 
+		debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
 			pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
 		return 0;
 	}
@ -212,13 +212,13 @@ int do_pam_account(char *username, char *remote_user)
 {
 	int pam_retval;
 	extern ServerOptions options;
-	
+
-	debug("PAM setting rhost to \"%.200s\"", 
+	debug("PAM setting rhost to \"%.200s\"",
 	    get_canonical_hostname(options.reverse_mapping_check));
-	pam_retval = pam_set_item(pamh, PAM_RHOST, 
+	pam_retval = pam_set_item(pamh, PAM_RHOST,
 		get_canonical_hostname(options.reverse_mapping_check));
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set rhost failed[%d]: %.200s", 
+		fatal("PAM set rhost failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
@ -226,7 +226,7 @@ int do_pam_account(char *username, char *remote_user)
 		debug("PAM setting ruser to \"%.200s\"", remote_user);
 		pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set ruser failed[%d]: %.200s", 
+			fatal("PAM set ruser failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@ -242,11 +242,11 @@ int do_pam_account(char *username, char *remote_user)
 			password_change_required = 1;
 			break;
 		default:
-			log("PAM rejected by account configuration[%d]: %.200s", 
+			log("PAM rejected by account configuration[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 			return(0);
 	}
-	
+
 	return(1);
 }
@ -259,31 +259,31 @@ void do_pam_session(char *username, const char *ttyname)
 		debug("PAM setting tty to \"%.200s\"", ttyname);
 		pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set tty failed[%d]: %.200s", 
+			fatal("PAM set tty failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
 	pam_retval = pam_open_session(pamh, 0);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM session setup failed[%d]: %.200s", 
+		fatal("PAM session setup failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 }
-/* Set PAM credentials */ 
+/* Set PAM credentials */
 void do_pam_setcred(void)
 {
 	int pam_retval;
- 
+
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
 	if (pam_retval != PAM_SUCCESS) {
 		if(was_authenticated) {
-			fatal("PAM setcred failed[%d]: %.200s", 
+			fatal("PAM setcred failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		} else {
-			debug("PAM setcred failed[%d]: %.200s", 
+			debug("PAM setcred failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@ -295,7 +295,7 @@ int pam_password_change_required(void)
 	return password_change_required;
 }
-/* 
+/*
 * Have user change authentication token if pam_acct_mgmt() indicated
 * it was expired.  This needs to be called after an interactive
 * session is established and the user's pty is connected to
@ -313,7 +313,7 @@ void do_pam_chauthtok(void)
 		do {
 			pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
 			if (pam_retval != PAM_SUCCESS) {
-				log("PAM pam_chauthtok failed[%d]: %.200s", 
+				log("PAM pam_chauthtok failed[%d]: %.200s",
 					pam_retval, PAM_STRERROR(pamh, pam_retval));
 			}
 		} while (pam_retval != PAM_SUCCESS);
@ -337,21 +337,21 @@ void start_pam(const char *user)
 	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM initialisation failed[%d]: %.200s", 
+		fatal("PAM initialisation failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 #ifdef PAM_TTY_KLUDGE
 	/*
 	 * Some PAM modules (e.g. pam_time) require a TTY to operate,
-	 * and will fail in various stupid ways if they don't get one. 
+	 * and will fail in various stupid ways if they don't get one.
 	 * sshd doesn't set the tty until too late in the auth process and may
 	 * not even need one (for tty-less connections)
-	 * Kludge: Set a fake PAM_TTY 
+	 * Kludge: Set a fake PAM_TTY
 	 */
 	pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set tty failed[%d]: %.200s", 
+		fatal("PAM set tty failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 #endif /* PAM_TTY_KLUDGE */
@ -383,9 +383,9 @@ void pam_msg_cat(const char *msg)
 	char *p;
 	size_t new_msg_len;
 	size_t pam_msg_len;
-	
+
 	new_msg_len = strlen(msg);
-	
+
 	if (pam_msg) {
 		pam_msg_len = strlen(pam_msg);
 		pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2);
--- a/auth-passwd.c
+++ b/auth-passwd.c
@ -118,7 +118,7 @@ auth_password(struct passwd * pw, const char *password)
 	 * Empty password is only possible on NT if the user has _really_
 	 * an empty password and authentication is done, though.
 	 */
-        if (!is_winnt) 
+	if (!is_winnt)
 #endif
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
@ -155,13 +155,13 @@ auth_password(struct passwd * pw, const char *password)
 	 */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 	spw = getspnam(pw->pw_name);
-	if (spw != NULL) 
+	if (spw != NULL)
 		pw_password = spw->sp_pwdp;
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 #ifdef HAVE_SCO_PROTECTED_PW
 	spw = getprpwnam(pw->pw_name);
-	if (spw != NULL) 
+	if (spw != NULL)
 		pw_password = spw->ufld.fd_encrypt;
 #endif /* HAVE_SCO_PROTECTED_PW */
@ -189,7 +189,7 @@ auth_password(struct passwd * pw, const char *password)
 		encrypted_password = md5_crypt(password, salt);
 	else
 		encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */    
+#else /* HAVE_MD5_PASSWORDS */
 # ifdef __hpux
 	if (iscomsec())
 		encrypted_password = bigcrypt(password, salt);
@ -198,7 +198,7 @@ auth_password(struct passwd * pw, const char *password)
 # else
 	encrypted_password = crypt(password, salt);
 # endif /* __hpux */
-#endif /* HAVE_MD5_PASSWORDS */    
+#endif /* HAVE_MD5_PASSWORDS */
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw_password) == 0);
--- a/auth.c
+++ b/auth.c
@ -79,7 +79,7 @@ allowed_user(struct passwd * pw)
 			return 0;
 		/* Check password expiry */
-		if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && 
+		if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
 		    (days > (spw->sp_lstchg + spw->sp_max)))
 			return 0;
 	}
@ -165,9 +165,9 @@ allowed_user(struct passwd * pw)
 Authctxt *
 authctxt_new(void)
 {
-        Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+	Authctxt *authctxt = xmalloc(sizeof(*authctxt));
-        memset(authctxt, 0, sizeof(*authctxt));
+	memset(authctxt, 0, sizeof(*authctxt));
-        return authctxt;
+	return authctxt;
 }
 struct passwd *
--- a/auth1.c
+++ b/auth1.c
@ -265,8 +265,8 @@ do_authloop(Authctxt *authctxt)
 			authenticated = auth_pam_password(pw, password);
 #elif defined(HAVE_OSF_SIA)
 			/* Do SIA auth with password */
-			if (sia_validate_user(NULL, saved_argc, saved_argv, 
+			if (sia_validate_user(NULL, saved_argc, saved_argv,
-			    get_canonical_hostname(options.reverse_mapping_check), 
+			    get_canonical_hostname(options.reverse_mapping_check),
 			    pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
 				authenticated = 1;
 			}
@ -317,8 +317,8 @@ do_authloop(Authctxt *authctxt)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
-#ifdef HAVE_CYGWIN		
+#ifdef HAVE_CYGWIN
-		if (authenticated && 
+		if (authenticated &&
 		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
 			packet_disconnect("Authentication rejected for uid %d.",
 			(int)pw->pw_uid);
@ -329,7 +329,7 @@ do_authloop(Authctxt *authctxt)
 		if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
 			authenticated = 0;
 #endif
-#ifdef USE_PAM			
+#ifdef USE_PAM
 		if (authenticated && !do_pam_account(pw->pw_name, client_user))
 			authenticated = 0;
 #endif
@ -346,9 +346,9 @@ do_authloop(Authctxt *authctxt)
 			return;
 		if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE 
+#ifdef WITH_AIXAUTHENTICATE
-			loginfailed(authctxt->user, 
+			loginfailed(authctxt->user,
-			    get_canonical_hostname(options.reverse_mapping_check), 
+			    get_canonical_hostname(options.reverse_mapping_check),
 			    "ssh");
 #endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
@ -435,7 +435,7 @@ do_authentication()
 #ifdef WITH_AIXAUTHENTICATE
 	/* We don't have a pty yet, so just label the line as "ssh" */
-	if (loginsuccess(authctxt->user, 
+	if (loginsuccess(authctxt->user,
 	    get_canonical_hostname(options.reverse_mapping_check),
 	    "ssh", &aixloginmsg) < 0)
 		aixloginmsg = NULL;
--- a/auth2.c
+++ b/auth2.c
@ -203,7 +203,7 @@ input_userauth_request(int type, int plen, void *ctxt)
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
-	if (authctxt->attempt++ == 0) { 
+	if (authctxt->attempt++ == 0) {
 		/* setup auth context */
 		struct passwd *pw = NULL;
 		setproctitle("%s", user);
@ -300,7 +300,7 @@ done:
 	return;
 }
-void   
+void
 userauth_reply(Authctxt *authctxt, int authenticated)
 {
 	char *methods;
@ -309,8 +309,8 @@ userauth_reply(Authctxt *authctxt, int authenticated)
 	if (authenticated) {
 #ifdef WITH_AIXAUTHENTICATE
 		/* We don't have a pty yet, so just label the line as "ssh" */
-		if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", 
+		if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
-		    get_canonical_hostname(options.reverse_mapping_check), 
+		    get_canonical_hostname(options.reverse_mapping_check),
 		    "ssh", &aixloginmsg) < 0)
 			aixloginmsg = NULL;
 #endif /* WITH_AIXAUTHENTICATE */
@ -323,7 +323,7 @@ userauth_reply(Authctxt *authctxt, int authenticated)
 		authctxt->success = 1;
 	} else {
 		if (authctxt->failures++ > AUTH_FAIL_MAX)
-                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
@ -342,11 +342,11 @@ userauth_none(Authctxt *authctxt)
 	if (m != NULL)
 		m->enabled = NULL;
 	packet_done();
-        userauth_banner();
+	userauth_banner();
 	if (authctxt->valid == 0)
 		return(0);
-		
+
 #ifdef HAVE_CYGWIN
 	if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
 		return(0);
@ -354,9 +354,9 @@ userauth_none(Authctxt *authctxt)
 #ifdef USE_PAM
 	return auth_pam_password(authctxt->pw, "");
 #elif defined(HAVE_OSF_SIA)
-	return (sia_validate_user(NULL, saved_argc, saved_argv, 
+	return (sia_validate_user(NULL, saved_argc, saved_argv,
-	    get_canonical_hostname(options.reverse_mapping_check), 
+	    get_canonical_hostname(options.reverse_mapping_check),
-	    authctxt->user?authctxt->user:"NOUSER", NULL, 0, 
+	    authctxt->user?authctxt->user:"NOUSER", NULL, 0,
 	    NULL, "") == SIASUCCESS);
 #else /* !HAVE_OSF_SIA && !USE_PAM */
 	return auth_password(authctxt->pw, "");
@ -382,9 +382,9 @@ userauth_passwd(Authctxt *authctxt)
 #ifdef USE_PAM
 	    auth_pam_password(authctxt->pw, password) == 1)
 #elif defined(HAVE_OSF_SIA)
-	    sia_validate_user(NULL, saved_argc, saved_argv, 
+	    sia_validate_user(NULL, saved_argc, saved_argv,
-	    get_canonical_hostname(options.reverse_mapping_check), 
+	    get_canonical_hostname(options.reverse_mapping_check),
-	    authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL, 
+	    authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
 	    password) == SIASUCCESS)
 #else /* !USE_PAM && !HAVE_OSF_SIA */
 	    auth_password(authctxt->pw, password) == 1)
--- a/authfd.c
+++ b/authfd.c
@ -558,7 +558,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth, int version)
 	return decode_reply(type);
 }
-int 
+int
 decode_reply(int type)
 {
 	switch (type) {
--- a/canohost.c
+++ b/canohost.c
@ -56,7 +56,7 @@ get_remote_hostname(int socket, int reverse_mapping_check)
 			port = from6->sin6_port;
 			memset(&from, 0, sizeof(from));
-			
+
 			from4->sin_family = AF_INET;
 			memcpy(&from4->sin_addr, &addr, sizeof(addr));
 			from4->sin_port = port;
--- a/channels.c
+++ b/channels.c
@ -704,7 +704,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
 		int err = 0;
 		int sz = sizeof(err);
 		c->type = SSH_CHANNEL_OPEN;
-                if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
+		if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
 			debug("getsockopt SO_ERROR failed");
 		} else {
 			if (err == 0) {
@ -1553,7 +1553,7 @@ channel_request_forwarding(
 	if (remote_fwd) {
 		host = listen_address;
-	    	ctype = SSH_CHANNEL_RPORT_LISTENER;
+		ctype = SSH_CHANNEL_RPORT_LISTENER;
 	} else {
 		host = host_to_connect;
 		ctype  =SSH_CHANNEL_PORT_LISTENER;
@ -1608,7 +1608,7 @@ channel_request_forwarding(
 				error("bind: %.100s", strerror(errno));
 			else
 				verbose("bind: %.100s", strerror(errno));
-				
+
 			close(sock);
 			continue;
 		}
@ -1762,14 +1762,14 @@ channel_connect_to(const char *host, u_short host_port)
 			error("connect %.100s port %s: %.100s", ntop, strport,
 			    strerror(errno));
 			close(sock);
-			continue;	/* fail -- try next */	
+			continue;	/* fail -- try next */
 		}
 		break; /* success */
 	}
 	freeaddrinfo(aitop);
 	if (!ai) {
-		error("connect %.100s port %d: failed.", host, host_port);	
+		error("connect %.100s port %d: failed.", host, host_port);
 		return -1;
 	}
 	/* success */
@ -1954,7 +1954,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
 		fatal("gethostname: %.100s", strerror(errno));
 #ifdef IPADDR_IN_DISPLAY
-	/* 
+	/*
 	 * HPUX detects the local hostname in the DISPLAY variable and tries
 	 * to set up a shared memory connection to the server, which it
 	 * incorrectly supposes to be local.
@ -1983,7 +1983,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
 		memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
 		/* Set DISPLAY to <ip address>:screen.display */
-		snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr), 
+		snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
 			 display_number, screen_number);
 	}
 #else /* IPADDR_IN_DISPLAY */
@ -2501,7 +2501,7 @@ channel_cancel_cleanup(int id)
 	}
 	c->dettach_user = NULL;
 }
-void   
+void
 channel_register_filter(int id, channel_filter_fn *fn)
 {
 	Channel *c = channel_lookup(id);
--- a/cipher.c
+++ b/cipher.c
@ -266,7 +266,7 @@ cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 void
 cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
-	if (iv == NULL) 
+	if (iv == NULL)
 		fatal("no IV for %s.", cc->cipher->name);
 	memcpy(cc->u.cast.iv, (char *)iv, 8);
 }
@ -295,7 +295,7 @@ rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 void
 rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
-	if (iv == NULL) 
+	if (iv == NULL)
 		fatal("no IV for %s.", cc->cipher->name);
 	memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
 }
@ -415,7 +415,7 @@ Cipher ciphers[] = {
 		SSH_CIPHER_SSH2, 16, 32,
 		rijndael_setkey, rijndael_setiv,
 		rijndael_cbc_encrypt, rijndael_cbc_decrypt },
-        { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
+	{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
 };
 /*--*/
--- a/cli.c
+++ b/cli.c
@ -136,11 +136,11 @@ cli_write(const char* buf, int size)
 	output = xmalloc(4*size);
 	for (p = output, i = 0; i < size; i++) {
-                if (buf[i] == '\n')
+		if (buf[i] == '\n')
-                        *p++ = buf[i];
+			*p++ = buf[i];
-                else
+		else
-                        p = vis(p, buf[i], 0, 0);
+			p = vis(p, buf[i], 0, 0);
-        }
+	}
 	len = p - output;
 	for (pos = 0; pos < len; pos += ret) {
--- a/cli.h
+++ b/cli.h
@ -9,7 +9,7 @@
 * of response depending on arg.  Tries to ensure that no other userland
 * buffer is storing the response.
 */
-char*	cli_read_passphrase(const char* prompt, int from_stdin, 
+char*	cli_read_passphrase(const char* prompt, int from_stdin,
    int echo_enable);
 char*	cli_prompt(char* prompt, int echo_enable);
 void	cli_mesg(char* mesg);
--- a/defines.h
+++ b/defines.h
@ -19,13 +19,13 @@
 #endif
 #ifdef HAVE_SYS_BITYPES_H
 # include <sys/bitypes.h> /* For u_intXX_t */
-#endif 
+#endif
 #ifdef HAVE_PATHS_H
 # include <paths.h> /* For _PATH_XXX */
-#endif 
+#endif
 #ifdef HAVE_LIMITS_H
 # include <limits.h> /* For PATH_MAX */
-#endif 
+#endif
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h> /* For timersub */
 #endif
@ -34,7 +34,7 @@
 #endif
 #ifdef HAVE_SYS_CDEFS_H
 # include <sys/cdefs.h> /* For __P() */
-#endif 
+#endif
 #ifdef HAVE_SYS_SYSMACROS_H
 # include <sys/sysmacros.h> /* For MIN, MAX, etc */
 #endif
@ -79,22 +79,22 @@ enum
 # endif /* PATH_MAX */
 #endif /* MAXPATHLEN */
-#ifndef STDIN_FILENO     
+#ifndef STDIN_FILENO
 # define STDIN_FILENO    0
-#endif                   
+#endif
-#ifndef STDOUT_FILENO    
+#ifndef STDOUT_FILENO
 # define STDOUT_FILENO   1
-#endif                   
+#endif
-#ifndef STDERR_FILENO    
+#ifndef STDERR_FILENO
 # define STDERR_FILENO   2
-#endif                   
+#endif
 #ifndef NGROUPS_MAX	/* Disable groupaccess if NGROUP_MAX is not set */
 #define NGROUPS_MAX 0
 #endif
 #ifndef O_NONBLOCK	/* Non Blocking Open */
-# define O_NONBLOCK      00004 
+# define O_NONBLOCK      00004
 #endif
 #ifndef S_ISREG
@ -318,8 +318,8 @@ struct winsize {
      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;           \
      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;        \
      if ((result)->tv_usec < 0) {                            \
-         --(result)->tv_sec;                                  \
+	 --(result)->tv_sec;                                  \
-         (result)->tv_usec += 1000000;                        \
+	 (result)->tv_usec += 1000000;                        \
      }                                                       \
   } while (0)
 #endif
@ -340,7 +340,7 @@ struct winsize {
 #ifndef SUN_LEN
 #define SUN_LEN(su) \
-        (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
+	(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
 #endif /* SUN_LEN */
 /* Function replacement / compatibility hacks */
--- a/dispatch.c
+++ b/dispatch.c
@ -72,7 +72,7 @@ dispatch_run(int mode, int *done, void *ctxt)
 		if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
 			(*dispatch[type])(type, plen, ctxt);
 		else
-			packet_disconnect("protocol error: rcvd type %d", type);	
+			packet_disconnect("protocol error: rcvd type %d", type);
 		if (done != NULL && *done)
 			return;
 	}
--- a/entropy.c
+++ b/entropy.c
@ -38,7 +38,7 @@
 #include "pathnames.h"
 #include "log.h"
-RCSID("$Id: entropy.c,v 1.25 2001/01/22 21:06:20 mouring Exp $");
+RCSID("$Id: entropy.c,v 1.26 2001/02/05 12:42:17 stevesk Exp $");
 #ifndef offsetof
 # define offsetof(type, member) ((size_t) &((type *)0)->member)
@ -83,7 +83,7 @@ int get_random_bytes(unsigned char *buf, int len)
 	addr.sun_family = AF_UNIX;
 	strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
 	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
-	
+
 	fd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (fd == -1) {
 		error("Couldn't create AF_UNIX socket: %s", strerror(errno));
@ -91,7 +91,7 @@ int get_random_bytes(unsigned char *buf, int len)
 	}
 	if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
-		error("Couldn't connect to EGD socket \"%s\": %s", 
+		error("Couldn't connect to EGD socket \"%s\": %s",
 			addr.sun_path, strerror(errno));
 		close(fd);
 		return(0);
@ -102,21 +102,21 @@ int get_random_bytes(unsigned char *buf, int len)
 	msg[1] = len;
 	if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
-		error("Couldn't write to EGD socket \"%s\": %s", 
+		error("Couldn't write to EGD socket \"%s\": %s",
 			EGD_SOCKET, strerror(errno));
 		close(fd);
 		return(0);
 	}
 	if (atomicio(read, fd, buf, len) != len) {
-		error("Couldn't read from EGD socket \"%s\": %s", 
+		error("Couldn't read from EGD socket \"%s\": %s",
 			EGD_SOCKET, strerror(errno));
 		close(fd);
 		return(0);
 	}
-	
+
 	close(fd);
-	
+
 	return(1);
 }
 #else /* !EGD_SOCKET */
@ -128,20 +128,20 @@ int get_random_bytes(unsigned char *buf, int len)
 	random_pool = open(RANDOM_POOL, O_RDONLY);
 	if (random_pool == -1) {
-		error("Couldn't open random pool \"%s\": %s", 
+		error("Couldn't open random pool \"%s\": %s",
 			RANDOM_POOL, strerror(errno));
 		return(0);
 	}
-	
+
 	if (atomicio(read, random_pool, buf, len) != len) {
-		error("Couldn't read from random pool \"%s\": %s", 
+		error("Couldn't read from random pool \"%s\": %s",
 			RANDOM_POOL, strerror(errno));
 		close(random_pool);
 		return(0);
 	}
-	
+
 	close(random_pool);
-	
+
 	return(1);
 }
 #endif /* RANDOM_POOL */
@ -155,7 +155,7 @@ void
 seed_rng(void)
 {
 	char buf[32];
-	
+
 	debug("Seeding random number generator");
 	if (!get_random_bytes(buf, sizeof(buf))) {
@ -164,7 +164,7 @@ seed_rng(void)
 	} else {
 		RAND_add(buf, sizeof(buf), sizeof(buf));
 	}
-	
+
 	memset(buf, '\0', sizeof(buf));
 }
@ -173,7 +173,7 @@ void init_rng(void) {}
 #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
-/* 
+/*
 * FIXME: proper entropy estimations. All current values are guesses
 * FIXME: (ATL) do estimates at compile time?
 * FIXME: More entropy sources
@ -213,18 +213,18 @@ double hash_output_from_command(entropy_source_t *src, char *hash);
 /* this is initialised from a file, by prng_read_commands() */
 entropy_source_t *entropy_sources = NULL;
-double 
+double
 stir_from_system(void)
 {
 	double total_entropy_estimate;
 	long int i;
-	
+
 	total_entropy_estimate = 0;
-	
+
 	i = getpid();
 	RAND_add(&i, sizeof(i), 0.5);
 	total_entropy_estimate += 0.1;
-	
+
 	i = getppid();
 	RAND_add(&i, sizeof(i), 0.5);
 	total_entropy_estimate += 0.1;
@ -241,7 +241,7 @@ stir_from_system(void)
 	return(total_entropy_estimate);
 }
-double 
+double
 stir_from_programs(void)
 {
 	int i;
@ -261,18 +261,18 @@ stir_from_programs(void)
 				/* Scale back entropy estimate according to command's rate */
 				entropy_estimate *= entropy_sources[c].rate;
- 
+
 				/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
 				if (entropy_estimate > SHA_DIGEST_LENGTH)
 					entropy_estimate = SHA_DIGEST_LENGTH;
-	 			/* Scale back estimates for subsequent passes through list */
+				/* Scale back estimates for subsequent passes through list */
 				entropy_estimate /= SCALE_PER_RUN * (i + 1.0);
-			
+
 				/* Stir it in */
 				RAND_add(hash, sizeof(hash), entropy_estimate);
-				debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate, 
+				debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
 					entropy_sources[c].cmdstring);
 				total_entropy_estimate += entropy_estimate;
@ -293,7 +293,7 @@ stir_from_programs(void)
 			c++;
 		}
 	}
-	
+
 	return(total_entropy_estimate);
 }
@ -301,12 +301,12 @@ double
 stir_gettimeofday(double entropy_estimate)
 {
 	struct timeval tv;
-	
+
 	if (gettimeofday(&tv, NULL) == -1)
 		fatal("Couldn't gettimeofday: %s", strerror(errno));
 	RAND_add(&tv, sizeof(tv), entropy_estimate);
-	
+
 	return(entropy_estimate);
 }
@ -315,10 +315,10 @@ stir_clock(double entropy_estimate)
 {
 #ifdef HAVE_CLOCK
 	clock_t c;
-	
+
 	c = clock();
 	RAND_add(&c, sizeof(c), entropy_estimate);
-	
+
 	return(entropy_estimate);
 #else /* _HAVE_CLOCK */
 	return(0);
@ -330,7 +330,7 @@ stir_rusage(int who, double entropy_estimate)
 {
 #ifdef HAVE_GETRUSAGE
 	struct rusage ru;
-	
+
 	if (getrusage(who, &ru) == -1)
 		return(0);
@ -368,7 +368,7 @@ hash_output_from_command(entropy_source_t *src, char *hash)
 	int bytes_read;
 	int total_bytes_read;
 	SHA_CTX sha;
-	
+
 	debug3("Reading output from \'%s\'", src->cmdstring);
 	if (devnull == -1) {
@ -376,7 +376,7 @@ hash_output_from_command(entropy_source_t *src, char *hash)
 		if (devnull == -1)
 			fatal("Couldn't open /dev/null: %s", strerror(errno));
 	}
-	
+
 	if (pipe(p) == -1)
 		fatal("Couldn't open pipe: %s", strerror(errno));
@ -469,7 +469,7 @@ hash_output_from_command(entropy_source_t *src, char *hash)
 	close(p[0]);
 	debug3("Time elapsed: %d msec", msec_elapsed);
-	
+
 	if (waitpid(pid, &status, 0) == -1) {
 	       error("Couldn't wait for child '%s' completion: %s", src->cmdstring,
 		     strerror(errno));
@ -492,13 +492,13 @@ hash_output_from_command(entropy_source_t *src, char *hash)
 		if (WEXITSTATUS(status)==0) {
 			return(total_bytes_read);
 		} else {
-			debug2("Command '%s' exit status was %d", src->cmdstring, 
+			debug2("Command '%s' exit status was %d", src->cmdstring,
 				WEXITSTATUS(status));
 			src->badness = src->sticky_badness = 128;
 			return (0.0);
 		}
 	} else if (WIFSIGNALED(status)) {
-		debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring, 
+		debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
 			status);
 		src->badness = src->sticky_badness = 128;
 		return(0.0);
@ -519,7 +519,7 @@ prng_check_seedfile(char *filename) {
 	if (lstat(filename, &st) == -1) {
 		/* Give up on hard errors */
 		if (errno != ENOENT)
-			debug("WARNING: Couldn't stat random seed file \"%s\": %s", 
+			debug("WARNING: Couldn't stat random seed file \"%s\": %s",
 			   filename, strerror(errno));
 		return(0);
@ -535,7 +535,7 @@ prng_check_seedfile(char *filename) {
 			 filename, getuid());
 		return(0);
 	}
-	
+
 	return(1);
 }
@ -549,22 +549,22 @@ prng_write_seedfile(void) {
 	/* Don't bother if we have already saved a seed */
 	if (prng_seed_saved)
 		return;
-	
+
 	setuid(original_uid);
-	
+
 	prng_seed_saved = 1;
-	
+
 	pw = getpwuid(original_uid);
 	if (pw == NULL)
-		fatal("Couldn't get password entry for current user (%i): %s", 
+		fatal("Couldn't get password entry for current user (%i): %s",
 			original_uid, strerror(errno));
-				
+
 	/* Try to ensure that the parent directory is there */
-	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
 		_PATH_SSH_USER_DIR);
 	mkdir(filename, 0700);
-	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
 		SSH_PRNG_SEED_FILE);
 	debug("writing PRNG seed to file %.100s", filename);
@ -573,13 +573,13 @@ prng_write_seedfile(void) {
 	/* Don't care if the seed doesn't exist */
 	prng_check_seedfile(filename);
-	
+
 	if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
-		debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)", 
+		debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
 		   filename, strerror(errno));
-	} else {	
+	} else {
 		if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed))
-			fatal("problem writing PRNG seedfile %.100s (%.100s)", filename, 
+			fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
 				 strerror(errno));
 		close(fd);
@ -592,13 +592,13 @@ prng_read_seedfile(void) {
 	char seed[1024];
 	char filename[1024];
 	struct passwd *pw;
-	
+
 	pw = getpwuid(original_uid);
 	if (pw == NULL)
-		fatal("Couldn't get password entry for current user (%i): %s", 
+		fatal("Couldn't get password entry for current user (%i): %s",
 			original_uid, strerror(errno));
-			
+
-	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, 
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
 		SSH_PRNG_SEED_FILE);
 	debug("loading PRNG seed from file %.100s", filename);
@ -611,7 +611,7 @@ prng_read_seedfile(void) {
 	/* open the file and read in the seed */
 	fd = open(filename, O_RDONLY);
 	if (fd == -1)
-		fatal("could not open PRNG seedfile %.100s (%.100s)", filename, 
+		fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
 			strerror(errno));
 	if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) {
@ -671,7 +671,7 @@ prng_read_commands(char *cmdfilename)
 			error("bad entropy command, %.100s line %d", cmdfilename,
 			     linenum);
 			continue;
-		}		
+		}
 		/* first token, command args (incl. argv[0]) in double quotes */
 		cp = strtok(cp, "\"");
@ -681,7 +681,7 @@ prng_read_commands(char *cmdfilename)
 			continue;
 		}
 		strlcpy(cmd, cp, sizeof(cmd));
-		
+
 		/* second token, full command path */
 		if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
 			error("missing command path, %.100s line %d -- ignored",
@ -693,7 +693,7 @@ prng_read_commands(char *cmdfilename)
 		if (strncmp("undef", cp, 5) == 0)
 			continue;
-		strlcpy(path, cp, sizeof(path));			
+		strlcpy(path, cp, sizeof(path));
 		/* third token, entropy rate estimate for this command */
 		if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
@ -705,14 +705,14 @@ prng_read_commands(char *cmdfilename)
 		/* end of line */
 		if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
-			error("garbage at end of line %d in %.100s -- ignored", linenum, 
+			error("garbage at end of line %d in %.100s -- ignored", linenum,
 				cmdfilename);
 			continue;
 		}
 		/* save the command for debug messages */
 		entcmd[cur_cmd].cmdstring = xstrdup(cmd);
-			
+
 		/* split the command args */
 		cp = strtok(cmd, WHITESPACE);
 		arg = 0;
@ -723,7 +723,7 @@ prng_read_commands(char *cmdfilename)
 			entcmd[cur_cmd].args[arg] = s;
 			arg++;
 		} while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
-		
+
 		if (strtok(NULL, WHITESPACE))
 			error("ignored extra command elements (max 5), %.100s line %d",
 			      cmdfilename, linenum);
@ -759,7 +759,7 @@ prng_read_commands(char *cmdfilename)
 /*
 * Write a keyfile at exit
- */ 
+ */
 void
 prng_seed_cleanup(void *junk)
 {
@ -777,7 +777,7 @@ seed_rng(void)
 	if (!prng_initialised)
 		fatal("RNG not initialised");
-	
+
 	/* Make sure some other sigchld handler doesn't reap our entropy */
 	/* commands */
 	old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
@ -794,10 +794,10 @@ seed_rng(void)
 		fatal("Couldn't initialise builtin random number generator -- exiting.");
 }
-void init_rng(void) 
+void init_rng(void)
 {
 	int original_euid;
-	
+
 	original_uid = getuid();
 	original_euid = geteuid();
@ -806,12 +806,12 @@ void init_rng(void)
 		fatal("PRNG initialisation failed -- exiting.");
 	/* Set ourselves up to save a seed upon exit */
-	prng_seed_saved = 0;		
+	prng_seed_saved = 0;
 	/* Give up privs while reading seed file */
 	if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
 		fatal("Couldn't give up privileges");
-	
+
 	prng_read_seedfile();
 	if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
--- a/includes.h
+++ b/includes.h
@ -50,13 +50,13 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #endif
 #ifdef HAVE_BSTRING_H
 # include <bstring.h>
-#endif 
+#endif
 #ifdef HAVE_NETGROUP_H
 # include <netgroup.h>
-#endif 
+#endif
 #if defined(HAVE_NETDB_H)
 # include <netdb.h>
-#endif 
+#endif
 #ifdef HAVE_ENDIAN_H
 # include <endian.h>
 #endif
--- a/kex.c
+++ b/kex.c
@ -79,7 +79,7 @@ kex_exchange_kexinit(
 	debug("send KEXINIT");
 	packet_start(SSH2_MSG_KEXINIT);
-	packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));	
+	packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
 	packet_send();
 	packet_write_wait();
 	debug("done");
@ -244,7 +244,7 @@ kex_hash(
 	buffer_put_bignum2(&b, client_dh_pub);
 	buffer_put_bignum2(&b, server_dh_pub);
 	buffer_put_bignum2(&b, shared_secret);
-	
+
 #ifdef DEBUG_KEX
 	buffer_dump(&b);
 #endif
@ -297,7 +297,7 @@ kex_hash_gex(
 	buffer_put_bignum2(&b, client_dh_pub);
 	buffer_put_bignum2(&b, server_dh_pub);
 	buffer_put_bignum2(&b, shared_secret);
-	
+
 #ifdef DEBUG_KEX
 	buffer_dump(&b);
 #endif
@ -366,7 +366,7 @@ get_match(char *client, char *server)
 	c = cp = xstrdup(client);
 	s = sp = xstrdup(server);
-	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; 
+	for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
 	     (p = strsep(&sp, SEP)), i++) {
 		if (i < MAX_PROP)
 			sproposals[i] = p;
@ -375,7 +375,7 @@ get_match(char *client, char *server)
 	}
 	nproposals = i;
-	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; 
+	for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
 	     (p = strsep(&cp, SEP)), i++) {
 		for (j = 0; j < nproposals; j++) {
 			if (strcmp(p, sproposals[j]) == 0) {
--- a/kex.h
+++ b/kex.h
@ -54,7 +54,7 @@ enum kex_exchange {
 	DH_GRP1_SHA1,
 	DH_GEX_SHA1
 };
-		
+
 typedef struct Kex Kex;
 typedef struct Mac Mac;
 typedef struct Comp Comp;
--- a/key.c
+++ b/key.c
@ -452,11 +452,11 @@ key_size(Key *k){
 RSA *
 rsa_generate_private_key(u_int bits)
 {
-        RSA *private;
+	RSA *private;
-        private = RSA_generate_key(bits, 35, NULL, NULL);
+	private = RSA_generate_key(bits, 35, NULL, NULL);
-        if (private == NULL)
+	if (private == NULL)
-                fatal("rsa_generate_private_key: key generation failed.");
+		fatal("rsa_generate_private_key: key generation failed.");
-        return private;
+	return private;
 }
 DSA*
@ -466,9 +466,9 @@ dsa_generate_private_key(u_int bits)
 	if (private == NULL)
 		fatal("dsa_generate_private_key: DSA_generate_parameters failed");
 	if (!DSA_generate_key(private))
-                fatal("dsa_generate_private_key: DSA_generate_key failed.");
+		fatal("dsa_generate_private_key: DSA_generate_key failed.");
-        if (private == NULL)
+	if (private == NULL)
-                fatal("dsa_generate_private_key: NULL.");
+		fatal("dsa_generate_private_key: NULL.");
 	return private;
 }
@ -477,7 +477,7 @@ key_generate(int type, u_int bits)
 {
 	Key *k = key_new(KEY_UNSPEC);
 	switch (type) {
-        case KEY_DSA:
+	case KEY_DSA:
 		k->dsa = dsa_generate_private_key(bits);
 		break;
 	case KEY_RSA:
@ -485,9 +485,9 @@ key_generate(int type, u_int bits)
 		k->rsa = rsa_generate_private_key(bits);
 		break;
 	default:
-                fatal("key_generate: unknown type %d", type);
+		fatal("key_generate: unknown type %d", type);
 	}
-        k->type = type;
+	k->type = type;
 	return k;
 }
@ -496,7 +496,7 @@ key_from_private(Key *k)
 {
 	Key *n = NULL;
 	switch (k->type) {
-        case KEY_DSA:
+	case KEY_DSA:
 		n = key_new(k->type);
 		BN_copy(n->dsa->p, k->dsa->p);
 		BN_copy(n->dsa->q, k->dsa->q);
@ -510,7 +510,7 @@ key_from_private(Key *k)
 		BN_copy(n->rsa->e, k->rsa->e);
 		break;
 	default:
-                fatal("key_from_private: unknown type %d", k->type);
+		fatal("key_from_private: unknown type %d", k->type);
 		break;
 	}
 	return n;
--- a/log.h
+++ b/log.h
@ -21,7 +21,7 @@ typedef enum {
 	SYSLOG_FACILITY_USER,
 	SYSLOG_FACILITY_AUTH,
 #ifdef LOG_AUTHPRIV
-        SYSLOG_FACILITY_AUTHPRIV,
+	SYSLOG_FACILITY_AUTHPRIV,
 #endif
 	SYSLOG_FACILITY_LOCAL0,
 	SYSLOG_FACILITY_LOCAL1,
--- a/loginrec.c
+++ b/loginrec.c
@ -30,7 +30,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/** 
+/**
 ** loginrec.c:  platform-independent login recording and lastlog retrieval
 **/
@ -63,7 +63,7 @@
  requires very thorough testing so we do not corrupt local auditing
  information. These files and their access methods are very system
  specific indeed.
-  
+
  For utmpx systems, the corresponding library functions are
  setutxent() etc. To the author's knowledge, all utmpx systems have
  these library functions and so no direct write is attempted. If such
@ -82,14 +82,14 @@
  Calling the new code
  --------------------
-  
+
  In OpenSSH all login recording and retrieval is performed in
  login.c. Here you'll find working examples. Also, in the logintest.c
  program there are more examples.
  Internal handler calling method
  -------------------------------
-  
+
  When a call is made to login_login() or login_logout(), both
  routines set a struct logininfo flag defining which action (log in,
  or log out) is to be taken. They both then call login_write(), which
@ -127,7 +127,7 @@
  with 'make logintest' as it's not built by default.)
  Otherwise, patches to the specific method(s) are very helpful!
-  
+
 */
 /**
@ -163,7 +163,7 @@
 #include "log.h"
 #include "atomicio.h"
-RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $");
+RCSID("$Id: loginrec.c,v 1.31 2001/02/05 12:42:17 stevesk Exp $");
 #ifdef HAVE_UTIL_H
 #  include <util.h>
@ -207,7 +207,7 @@ int wtmpx_get_entry(struct logininfo *li);
 **/
 /* login_login(struct logininfo *)     -Record a login
- * 
+ *
 * Call with a pointer to a struct logininfo initialised with
 * login_init_entry() or login_alloc_entry()
 *
@ -287,17 +287,17 @@ login_get_lastlog(struct logininfo *li, const int uid)
 	memset(li, '\0', sizeof(*li));
 	li->uid = uid;
-	/* 
+	/*
 	 * If we don't have a 'real' lastlog, we need the username to
 	 * reliably search wtmp(x) for the last login (see
-	 * wtmp_get_entry().) 
+	 * wtmp_get_entry().)
 	 */
 	pw = getpwuid(uid);
 	if (pw == NULL)
 		fatal("login_get_lastlog: Cannot find account for uid %i", uid);
-		
+
 	/* No MIN_SIZEOF here - we absolutely *must not* truncate the
-         * username */
+	 * username */
 	strlcpy(li->username, pw->pw_name, sizeof(li->username));
 	if (getlast_entry(li))
@ -308,8 +308,8 @@ login_get_lastlog(struct logininfo *li, const int uid)
 /* login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
- *                                                  a logininfo structure 
+ *                                                  a logininfo structure
- * 
+ *
 * This function creates a new struct logininfo, a data structure
 * meant to carry the information required to portably record login info.
 *
@ -338,20 +338,20 @@ login_free_entry(struct logininfo *li)
 /* login_init_entry(struct logininfo *, int, char*, char*, char*)
 *                                        - initialise a struct logininfo
- * 
+ *
 * Populates a new struct logininfo, a data structure meant to carry
 * the information required to portably record login info.
 *
 * Returns: 1
 */
 int
-login_init_entry(struct logininfo *li, int pid, const char *username, 
+login_init_entry(struct logininfo *li, int pid, const char *username,
 		 const char *hostname, const char *line)
 {
 	struct passwd *pw;
-	
+
 	memset(li, 0, sizeof(*li));
-  
+
 	li->pid = pid;
 	/* set the line information */
@ -384,7 +384,7 @@ login_set_current_time(struct logininfo *li)
 	struct timeval tv;
 	gettimeofday(&tv, NULL);
-	
+
 	li->tv_sec = tv.tv_sec;
 	li->tv_usec = tv.tv_usec;
 }
@ -457,7 +457,7 @@ getlast_entry(struct logininfo *li)
 #else /* !USE_LASTLOG */
 #ifdef DISABLE_LASTLOG
-	/* On some systems we shouldn't even try to obtain last login 
+	/* On some systems we shouldn't even try to obtain last login
 	 * time, e.g. AIX */
 	return 0;
 # else /* DISABLE_LASTLOG */
@ -475,7 +475,7 @@ getlast_entry(struct logininfo *li)
 	return 0;
 #   endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
 #  endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
-# endif /* DISABLE_LASTLOG */ 
+# endif /* DISABLE_LASTLOG */
 #endif /* USE_LASTLOG */
 }
@ -532,12 +532,12 @@ line_stripname(char *dst, const char *src, int dstsize)
 * NOTE: use strncpy because we do NOT necessarily want zero
 * termination */
 char *
-line_abbrevname(char *dst, const char *src, int dstsize) 
+line_abbrevname(char *dst, const char *src, int dstsize)
 {
 	size_t len;
-	
+
 	memset(dst, '\0', dstsize);
-	
+
 	/* Always skip prefix if present */
 #ifdef sgi
 	if (strncmp(src, "/dev/tty", 8) == 0)
@ -546,7 +546,7 @@ line_abbrevname(char *dst, const char *src, int dstsize)
 	if (strncmp(src, "/dev/", 5) == 0)
 		src += 5;
 #endif
-		
+
 	len = strlen(src);
 	if (len > 0) {
@ -554,9 +554,9 @@ line_abbrevname(char *dst, const char *src, int dstsize)
 			src +=  ((int)len - dstsize);
 		/* note: _don't_ change this to strlcpy */
-		strncpy(dst, src, (size_t)dstsize); 
+		strncpy(dst, src, (size_t)dstsize);
 	}
-	
+
 	return dst;
 }
@ -620,7 +620,7 @@ construct_utmp(struct logininfo *li,
 	/*
 	 * These fields are only used when logging in, and are blank
-	 * for logouts. 
+	 * for logouts.
 	 */
 	/* Use strncpy because we don't necessarily want null termination */
@ -632,7 +632,7 @@ construct_utmp(struct logininfo *li,
 	/* this is just a 32-bit IP address */
 	if (li->hostaddr.sa.sa_family == AF_INET)
 		ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
-# endif 
+# endif
 }
 #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
@ -684,7 +684,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
 	/*
 	 * These fields are only used when logging in, and are blank
-	 * for logouts. 
+	 * for logouts.
 	 */
 	/* strncpy(): Don't necessarily want null termination */
@ -774,18 +774,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
 		 * If the new ut_line is empty but the old one is not
 		 * and ut_line and ut_name match, preserve the old ut_line.
 		 */
-		if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) && 
+		if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
-			(ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && 
+			(ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
-			(strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && 
+			(strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
 			(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
 			(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
 		}
-		
+
 		(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
 		if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
 			log("utmp_write_direct: error writing %s: %s",
 			    UTMP_FILE, strerror(errno));
-      
+
 		(void)close(fd);
 		return 1;
 	} else {
@ -887,7 +887,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 /* write a utmp entry direct to the file */
 static int
 utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
-{  
+{
 	log("utmpx_write_direct: not implemented!");
 	return 0;
 }
@ -957,7 +957,7 @@ utmpx_write_entry(struct logininfo *li)
 ** Low-level wtmp functions
 **/
-#ifdef USE_WTMP 
+#ifdef USE_WTMP
 /* write a wtmp entry direct to the end of the file */
 /* This is a slight modification of code in OpenBSD's logwtmp.c */
@ -972,7 +972,7 @@ wtmp_write(struct logininfo *li, struct utmp *ut)
 		    WTMP_FILE, strerror(errno));
 		return 0;
 	}
-  	if (fstat(fd, &buf) == 0) 
+	if (fstat(fd, &buf) == 0)
 		if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
 			ftruncate(fd, buf.st_size);
 			log("wtmp_write: problem writing %s: %s",
@ -1019,7 +1019,7 @@ wtmp_write_entry(struct logininfo *li)
 /* Notes on fetching login data from wtmp/wtmpx
- * 
+ *
 * Logouts are usually recorded with (amongst other things) a blank
 * username on a given tty line.  However, some systems (HP-UX is one)
 * leave all fields set, but change the ut_type field to DEAD_PROCESS.
@ -1038,7 +1038,7 @@ wtmp_write_entry(struct logininfo *li)
 static int
 wtmp_islogin(struct logininfo *li, struct utmp *ut)
 {
-	if (strncmp(li->username, ut->ut_name, 
+	if (strncmp(li->username, ut->ut_name,
 		MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
 # ifdef HAVE_TYPE_IN_UTMP
 		if (ut->ut_type & USER_PROCESS)
@ -1065,7 +1065,7 @@ wtmp_get_entry(struct logininfo *li)
 		    WTMP_FILE, strerror(errno));
 		return 0;
 	}
-  	if (fstat(fd, &st) != 0) {
+	if (fstat(fd, &st) != 0) {
 		log("wtmp_get_entry: couldn't stat %s: %s",
 		    WTMP_FILE, strerror(errno));
 		close(fd);
@ -1139,7 +1139,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
 		return 0;
 	}
-	if (fstat(fd, &buf) == 0) 
+	if (fstat(fd, &buf) == 0)
 		if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
 			ftruncate(fd, buf.st_size);
 			log("wtmpx_write: problem writing %s: %s",
@ -1221,13 +1221,13 @@ wtmpx_get_entry(struct logininfo *li)
 		    WTMPX_FILE, strerror(errno));
 		return 0;
 	}
-  	if (fstat(fd, &st) != 0) {
+	if (fstat(fd, &st) != 0) {
 		log("wtmpx_get_entry: couldn't stat %s: %s",
 		    WTMP_FILE, strerror(errno));
 		close(fd);
 		return 0;
 	}
-	
+
 	/* Seek to the start of the last struct utmpx */
 	if (lseek(fd, (off_t)(0-sizeof(struct utmpx)), SEEK_END) == -1 ) {
 		/* probably a newly rotated wtmpx file */
@ -1295,7 +1295,7 @@ syslogin_perform_logout(struct logininfo *li)
 {
 # ifdef HAVE_LOGOUT
 	char line[8];
-  
+
 	(void)line_stripname(line, li->line, sizeof(line));
 	if (!logout(line)) {
@ -1344,7 +1344,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last)
 {
 	/* clear the structure */
 	memset(last, '\0', sizeof(*last));
-  
+
 	(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
 	strlcpy(last->ll_host, li->hostname,
 		MIN_SIZEOF(last->ll_host, li->hostname));
@ -1357,7 +1357,7 @@ lastlog_filetype(char *filename)
 	struct stat st;
 	if (stat(LASTLOG_FILE, &st) != 0) {
-		log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE, 
+		log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
 			strerror(errno));
 		return 0;
 	}
@ -1399,18 +1399,18 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 		    lastlog_file, strerror(errno));
 		return 0;
 	}
-	
+
 	if (type == LL_FILE) {
 		/* find this uid's offset in the lastlog file */
 		offset = (off_t) ( (long)li->uid * sizeof(struct lastlog));
 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
 			log("lastlog_openseek: %s->lseek(): %s",
-		   	 lastlog_file, strerror(errno));
+			 lastlog_file, strerror(errno));
 			return 0;
 		}
 	}
-	
+
 	return 1;
 }
@ -1425,7 +1425,7 @@ lastlog_perform_login(struct logininfo *li)
 	if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
 		return(0);
-		
+
 	/* write the entry */
 	if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
 		close(fd);
@ -1454,7 +1454,7 @@ static void
 lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
 {
 	line_fullname(li->line, last->ll_line, sizeof(li->line));
-	strlcpy(li->hostname, last->ll_host, 
+	strlcpy(li->hostname, last->ll_host,
 		MIN_SIZEOF(li->hostname, last->ll_host));
 	li->tv_sec = last->ll_time;
 }
@ -1475,7 +1475,7 @@ lastlog_get_entry(struct logininfo *li)
 			return 1;
 		}
 	} else {
-		return 0;    
+		return 0;
 	}
 }
 #endif /* USE_LASTLOG */
--- a/loginrec.h
+++ b/loginrec.h
@ -30,7 +30,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/** 
+/**
 ** loginrec.h:  platform-independent login recording and lastlog retrieval
 **/
@ -40,7 +40,7 @@
 #include <netinet/in.h>
 #include <sys/socket.h>
-/* RCSID("$Id: loginrec.h,v 1.4 2000/06/27 01:18:27 djm Exp $"); */
+/* RCSID("$Id: loginrec.h,v 1.5 2001/02/05 12:42:18 stevesk Exp $"); */
 /**
 ** you should use the login_* calls to work around platform dependencies
@ -86,7 +86,7 @@ struct logininfo {
 	 * use time_t's value as tv_sec and set tv_usec to 0
 	 */
 	unsigned int tv_sec;
-	unsigned int tv_usec;                   
+	unsigned int tv_usec;
 	union login_netinfo hostaddr;       /* caller's host address(es) */
 }; /* struct logininfo */
@ -102,7 +102,7 @@ struct logininfo *login_alloc_entry(int pid, const char *username,
 /* free a structure */
 void login_free_entry(struct logininfo *li);
 /* fill out a pre-allocated structure with useful information */
-int login_init_entry(struct logininfo *li, int pid, const char *username, 
+int login_init_entry(struct logininfo *li, int pid, const char *username,
 		     const char *hostname, const char *line);
 /* place the current time in a logininfo struct */
 void login_set_current_time(struct logininfo *li);
--- a/logintest.c
+++ b/logintest.c
@ -27,7 +27,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/** 
+/**
 ** logintest.c:  simple test driver for platform-independent login recording
 **               and lastlog retrieval
 **/
@ -48,7 +48,7 @@
 #include "loginrec.h"
-RCSID("$Id: logintest.c,v 1.6 2000/06/19 08:25:36 andre Exp $");
+RCSID("$Id: logintest.c,v 1.7 2001/02/05 12:42:18 stevesk Exp $");
 #define PAUSE_BEFORE_LOGOUT 3
@ -74,10 +74,10 @@ dump_logininfo(struct logininfo *li, char *descname)
 	       "\t\t\tfamily\t%d\n\t\t}\n"
 	       "\t}\n"
 	       "}\n",
-	       descname, li->progname, li->type, 
+	       descname, li->progname, li->type,
 	       li->pid, li->uid, li->line,
-	       li->username, li->hostname, li->exit, 
+	       li->username, li->hostname, li->exit,
-	       li->termination, li->tv_sec, li->tv_usec, 
+	       li->termination, li->tv_sec, li->tv_usec,
 	       li->hostaddr.sa.sa_family);
 }
@ -134,7 +134,7 @@ testAPI()
 	if (nologtest)
 		return 1;
-  
+
 	line_stripname(stripline, li1->line, sizeof(stripline));
 	printf("Performing an invalid login attempt (no type field)\n--\n");
@ -159,11 +159,11 @@ testAPI()
 #endif
 	printf("--\n");
 	login_login(li1);
-  
+
 	snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '",
 		 stripline);
 	system(cmdstring);
-  
+
 	printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT);
 	sleep(PAUSE_BEFORE_LOGOUT);
@ -205,12 +205,12 @@ testAPI()
 #endif
 	printf("--\nThe output of 'last' shown next should have "
-	       "an entry for root \n  on %s for the time shown above:\n--\n", 
+	       "an entry for root \n  on %s for the time shown above:\n--\n",
 	       stripline);
 	snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
 		 stripline);
 	system(cmdstring);
-	     
+
 	printf("--\nEnd of login test.\n");
 	login_free_entry(li1);
@ -255,9 +255,9 @@ testOutput()
 /* show which options got compiled in */
 void
 showOptions(void)
-{  
+{
 	printf("**\n** Compile-time options\n**\n");
-  
+
 	printf("login recording methods selected:\n");
 #ifdef USE_LOGIN
 	printf("\tUSE_LOGIN\n");
@ -293,17 +293,17 @@ main(int argc, char *argv[])
 		else if (strncmp(argv[1], "-v", 3) == 0)
 			be_verbose=1;
 	}
-      
+
 	if (!compile_opts_only) {
 		if (be_verbose && !testOutput())
 			return 1;
-    
+
 		if (!testAPI())
 			return 1;
 	}
 	showOptions();
-  
+
 	return 0;
 } /* main() */
--- a/md5crypt.c
+++ b/md5crypt.c
@ -27,11 +27,11 @@ static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 static char	*magic = "$1$";	/*
-                                 * This string is magic for
+				 * This string is magic for
-                                 * this algorithm.  Having
+				 * this algorithm.  Having
-                                 * it this way, we can get
+				 * it this way, we can get
-                                 * get better later on
+				 * get better later on
-                                 */
+				 */
 static void
 to64(char *s, unsigned long v, int n)
@ -45,7 +45,7 @@ to64(char *s, unsigned long v, int n)
 int
 is_md5_salt(const char *salt)
 {
-        return (!strncmp(salt, magic, strlen(magic)));
+	return (!strncmp(salt, magic, strlen(magic)));
 }
 /*
--- a/nchan.c
+++ b/nchan.c
@ -481,7 +481,7 @@ chan_shutdown_read(Channel *c)
 		return;
 	debug("channel %d: close_read", c->self);
 	if (c->sock != -1) {
-		/* 
+		/*
 		 * shutdown(sock, SHUT_READ) may return ENOTCONN if the
 		 * write side has been closed already. (bug on Linux)
 		 */
--- a/packet.c
+++ b/packet.c
@ -989,7 +989,7 @@ packet_read_poll(int *payload_len_ptr)
 			default:
 				return type;
 				break;
-			}	
+			}
 		} else {
 			switch(type) {
 			case SSH_MSG_IGNORE:
@ -1011,7 +1011,7 @@ packet_read_poll(int *payload_len_ptr)
 					DBG(debug("received packet type %d", type));
 				return type;
 				break;
-			}	
+			}
 		}
 	}
 }
--- a/pty.c
+++ b/pty.c
@ -176,8 +176,8 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 			*ptyfd = open(buf, O_RDWR | O_NOCTTY);
 			if (*ptyfd < 0)
 				continue;
-		}	
+		}
-			
+
 		/* Open the slave side. */
 		*ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
 		if (*ttyfd < 0) {
@ -315,11 +315,11 @@ pty_setowner(struct passwd *pw, const char *ttyname)
 		if (chown(ttyname, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS && st.st_uid == pw->pw_uid)
 				error("chown(%.100s, %d, %d) failed: %.100s",
-				      ttyname, pw->pw_uid, gid, 
+				      ttyname, pw->pw_uid, gid,
 				      strerror(errno));
 			else
 				fatal("chown(%.100s, %d, %d) failed: %.100s",
-				      ttyname, pw->pw_uid, gid, 
+				      ttyname, pw->pw_uid, gid,
 				      strerror(errno));
 		}
 	}
--- a/rijndael.c
+++ b/rijndael.c
@ -54,7 +54,7 @@ void gen_tabs	__P((void));
 #define bswap(x)    ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
-/* Extract byte from a 32 bit quantity (little endian notation)     */ 
+/* Extract byte from a 32 bit quantity (little endian notation)     */
 #define byte(x,n)   ((u1byte)((x) >> (8 * n)))
@ -89,15 +89,15 @@ u4byte  tab_gen = 0;
 #define f_rn(bo, bi, n, k)                          \
    bo[n] =  ft_tab[0][byte(bi[n],0)] ^             \
-             ft_tab[1][byte(bi[(n + 1) & 3],1)] ^   \
+	     ft_tab[1][byte(bi[(n + 1) & 3],1)] ^   \
-             ft_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
+	     ft_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
-             ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+	     ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
 #define i_rn(bo, bi, n, k)                          \
    bo[n] =  it_tab[0][byte(bi[n],0)] ^             \
-             it_tab[1][byte(bi[(n + 3) & 3],1)] ^   \
+	     it_tab[1][byte(bi[(n + 3) & 3],1)] ^   \
-             it_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
+	     it_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
-             it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+	     it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
 #ifdef LARGE_TABLES
@ -109,15 +109,15 @@ u4byte  tab_gen = 0;
 #define f_rl(bo, bi, n, k)                          \
    bo[n] =  fl_tab[0][byte(bi[n],0)] ^             \
-             fl_tab[1][byte(bi[(n + 1) & 3],1)] ^   \
+	     fl_tab[1][byte(bi[(n + 1) & 3],1)] ^   \
-             fl_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
+	     fl_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
-             fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+	     fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
 #define i_rl(bo, bi, n, k)                          \
    bo[n] =  il_tab[0][byte(bi[n],0)] ^             \
-             il_tab[1][byte(bi[(n + 3) & 3],1)] ^   \
+	     il_tab[1][byte(bi[(n + 3) & 3],1)] ^   \
-             il_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
+	     il_tab[2][byte(bi[(n + 2) & 3],2)] ^   \
-             il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+	     il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
 #else
@ -129,15 +129,15 @@ u4byte  tab_gen = 0;
 #define f_rl(bo, bi, n, k)                                      \
    bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^                    \
-        rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]),  8) ^  \
+	rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]),  8) ^  \
-        rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^  \
+	rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^  \
-        rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
+	rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
 #define i_rl(bo, bi, n, k)                                      \
    bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^                    \
-        rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]),  8) ^  \
+	rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]),  8) ^  \
-        rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^  \
+	rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^  \
-        rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
+	rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
 #endif
@ -160,7 +160,7 @@ gen_tabs(void)
 	log_tab[1] = 0; p = 1;
 	for(i = 0; i < 10; ++i) {
-		rco_tab[i] = p; 
+		rco_tab[i] = p;
 		p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
 	}
@ -172,19 +172,19 @@ gen_tabs(void)
 	/* least significant end of a byte.                     */
 	for(i = 0; i < 256; ++i) {
-		p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; 
+		p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
-		q = (q >> 7) | (q << 1); p ^= q; 
+		q = (q >> 7) | (q << 1); p ^= q;
-		q = (q >> 7) | (q << 1); p ^= q; 
+		q = (q >> 7) | (q << 1); p ^= q;
-		q = (q >> 7) | (q << 1); p ^= q; 
+		q = (q >> 7) | (q << 1); p ^= q;
-		q = (q >> 7) | (q << 1); p ^= q ^ 0x63; 
+		q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
 		sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i;
 	}
 	for(i = 0; i < 256; ++i) {
-		p = sbx_tab[i]; 
+		p = sbx_tab[i];
 #ifdef  LARGE_TABLES
 #ifdef  LARGE_TABLES        
 		t = p; fl_tab[0][i] = t;
 		fl_tab[1][i] = rotl(t,  8);
 		fl_tab[2][i] = rotl(t, 16);
@ -194,30 +194,30 @@ gen_tabs(void)
 			((u4byte)p <<  8) |
 			((u4byte)p << 16) |
 			((u4byte)ff_mult(3, p) << 24);
-        
+
 		ft_tab[0][i] = t;
 		ft_tab[1][i] = rotl(t,  8);
 		ft_tab[2][i] = rotl(t, 16);
 		ft_tab[3][i] = rotl(t, 24);
-		p = isb_tab[i]; 
+		p = isb_tab[i];
-#ifdef  LARGE_TABLES        
+#ifdef  LARGE_TABLES
-        
+
-		t = p; il_tab[0][i] = t; 
+		t = p; il_tab[0][i] = t;
-		il_tab[1][i] = rotl(t,  8); 
+		il_tab[1][i] = rotl(t,  8);
-		il_tab[2][i] = rotl(t, 16); 
+		il_tab[2][i] = rotl(t, 16);
 		il_tab[3][i] = rotl(t, 24);
-#endif 
+#endif
 		t = ((u4byte)ff_mult(14, p)) |
 			((u4byte)ff_mult( 9, p) <<  8) |
 			((u4byte)ff_mult(13, p) << 16) |
 			((u4byte)ff_mult(11, p) << 24);
-        
+
-		it_tab[0][i] = t; 
+		it_tab[0][i] = t;
-		it_tab[1][i] = rotl(t,  8); 
+		it_tab[1][i] = rotl(t,  8);
-		it_tab[2][i] = rotl(t, 16); 
+		it_tab[2][i] = rotl(t, 16);
-		it_tab[3][i] = rotl(t, 24); 
+		it_tab[3][i] = rotl(t, 24);
 	}
 	tab_gen = 1;
@ -232,8 +232,8 @@ gen_tabs(void)
    t   = w ^ (x);          \
   (y)  = u ^ v ^ w;        \
   (y) ^= rotr(u ^ t,  8) ^ \
-          rotr(v ^ t, 16) ^ \
+	  rotr(v ^ t, 16) ^ \
-          rotr(t,24)
+	  rotr(t,24)
 /* initialise the key schedule from the user supplied key   */
@ -271,7 +271,7 @@ gen_tabs(void)
 rijndael_ctx *
 rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
 		 int encrypt)
-{  
+{
 	u4byte  i, t, u, v, w;
 	u4byte *e_key = ctx->e_key;
 	u4byte *d_key = ctx->d_key;
@ -285,23 +285,23 @@ rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
 	e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]);
 	e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]);
-	
+
 	switch(ctx->k_len) {
-        case 4: t = e_key[3];
+	case 4: t = e_key[3];
-                for(i = 0; i < 10; ++i) 
+		for(i = 0; i < 10; ++i)
 			loop4(i);
-                break;
+		break;
-        case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
+	case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
-                for(i = 0; i < 8; ++i) 
+		for(i = 0; i < 8; ++i)
 			loop6(i);
-                break;
+		break;
-        case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
+	case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
-                e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
+		e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
-                for(i = 0; i < 7; ++i) 
+		for(i = 0; i < 7; ++i)
 			loop8(i);
-                break;
+		break;
 	}
 	if (!encrypt) {
@ -333,7 +333,7 @@ rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
 void
 rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
-{   
+{
 	u4byte k_len = ctx->k_len;
 	u4byte *e_key = ctx->e_key;
 	u4byte  b0[4], b1[4], *kp;
@ -380,7 +380,7 @@ rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
 void
 rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
-{  
+{
 	u4byte  b0[4], b1[4], *kp;
 	u4byte k_len = ctx->k_len;
 	u4byte *e_key = ctx->e_key;
--- a/rsa.c
+++ b/rsa.c
@ -8,7 +8,7 @@
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
- * 
+ *
 *
 * Copyright (c) 1999 Niels Provos.  All rights reserved.
 *
--- a/scp.c
+++ b/scp.c
@ -308,7 +308,7 @@ main(argc, argv)
 	remin = STDIN_FILENO;
 	remout = STDOUT_FILENO;
-	if (fflag) {	
+	if (fflag) {
 		/* Follow "protocol", send data. */
 		(void) response();
 		source(argc, argv);
@ -1060,7 +1060,7 @@ allocbuf(bp, fd, blksize)
 		size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
 		    stb.st_blksize;
 #else /* HAVE_ST_BLKSIZE */
-        size = blksize;
+	size = blksize;
 #endif /* HAVE_ST_BLKSIZE */
 	if (bp->cnt >= size)
 		return (bp);
--- a/servconf.c
+++ b/servconf.c
@ -222,7 +222,7 @@ static struct {
 	{ "port", sPort },
 	{ "hostkey", sHostKeyFile },
 	{ "hostdsakey", sHostKeyFile },					/* alias */
- 	{ "pidfile", sPidFile },
+	{ "pidfile", sPidFile },
 	{ "serverkeybits", sServerKeyBits },
 	{ "logingracetime", sLoginGraceTime },
 	{ "keyregenerationinterval", sKeyRegenerationTime },
@ -560,7 +560,7 @@ parse_flag:
 		case sXAuthLocation:
 			charptr = &options->xauth_location;
 			goto parse_filename;
-			
+
 		case sStrictModes:
 			intptr = &options->strict_modes;
 			goto parse_flag;
@ -716,14 +716,14 @@ parse_flag:
 		case sBanner:
 			charptr = &options->banner;
 			goto parse_filename;
-			
+
 		default:
 			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
 				filename, linenum, arg, opcode);
 			exit(1);
 		}
 		if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
-			fprintf(stderr, 
+			fprintf(stderr,
 				"%s line %d: garbage at end of line; \"%.200s\".\n",
 				filename, linenum, arg);
 			exit(1);
--- a/serverloop.c
+++ b/serverloop.c
@ -162,7 +162,7 @@ make_packets_from_stdout_data()
 		} else {
 			/* Keep the packets at reasonable size. */
 			if (len > packet_get_maxsize())
-				len = packet_get_maxsize();	
+				len = packet_get_maxsize();
 		}
 		packet_start(SSH_SMSG_STDOUT_DATA);
 		packet_put_string(buffer_ptr(&stdout_buffer), len);
@ -832,7 +832,7 @@ server_input_channel_open(int type, int plen, void *ctxt)
 	xfree(ctype);
 }
-void 
+void
 server_input_global_request(int type, int plen, void *ctxt)
 {
 	char *rtype;
@ -842,7 +842,7 @@ server_input_global_request(int type, int plen, void *ctxt)
 	rtype = packet_get_string(NULL);
 	want_reply = packet_get_char();
 	debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
-	
+
 	if (strcmp(rtype, "tcpip-forward") == 0) {
 		struct passwd *pw;
 		char *listen_address;
--- a/session.c
+++ b/session.c
@ -62,7 +62,7 @@ RCSID("$OpenBSD: session.c,v 1.52 2001/02/03 10:08:37 markus Exp $");
 #endif /* WITH_IRIX_PROJECT */
 #ifdef WITH_IRIX_JOBS
 #include <sys/resource.h>
-#endif 
+#endif
 #ifdef WITH_IRIX_AUDIT
 #include <sat.h>
 #endif /* WITH_IRIX_AUDIT */
@ -150,7 +150,7 @@ extern int startup_pipe;
 static char *xauthfile;
 /* original command from peer. */
-char *original_command = NULL; 
+char *original_command = NULL;
 /* data */
 #define MAX_SESSIONS 10
@ -874,11 +874,11 @@ void do_pam_environment(char ***env, int *envsize)
 	if ((pam_env = fetch_pam_environment()) == NULL)
 		return;
-	
+
 	for(i = 0; pam_env[i] != NULL; i++) {
 		if ((equals = strstr(pam_env[i], "=")) == NULL)
 			continue;
-			
+
 		if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
 			memset(var_name, '\0', sizeof(var_name));
 			memset(var_val, '\0', sizeof(var_val));
@ -904,7 +904,7 @@ void copy_environment(char ***env, int *envsize)
 	for(i = 0; environ[i] != NULL; i++) {
 		if ((equals = strstr(environ[i], "=")) == NULL)
 			continue;
-			
+
 		if (strlen(environ[i]) < (sizeof(var_name) - 1)) {
 			memset(var_name, '\0', sizeof(var_name));
 			memset(var_val, '\0', sizeof(var_val));
@ -1106,7 +1106,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 			if (jid == -1) {
 				fatal("Failed to create job container: %.100s",
 				      strerror(errno));
-                        }
+			}
 #  endif /* WITH_IRIX_JOBS */
 #  ifdef WITH_IRIX_ARRAY
 			/* initialize array session */
@ -1384,7 +1384,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 					fprintf(f, "add %s %s %s\n", display,
 					    auth_proto, auth_data);
 #ifndef HAVE_CYGWIN /* Unix sockets are not supported */
-					if (screen != NULL) 
+					if (screen != NULL)
 						fprintf(f, "add %.*s/unix%s %s %s\n",
 						    (int)(screen-display), display,
 						    screen, auth_proto, auth_data);
@ -1968,7 +1968,7 @@ session_close_by_channel(int id, void *arg)
 		session_close(s);
 	} else {
 		/* notify child, delay session cleanup */
-		if (s->pid <= 1) 
+		if (s->pid <= 1)
 			fatal("session_close_by_channel: Unsafe s->pid = %d", s->pid);
 		if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0)
 			error("session_close_by_channel: kill %d: %s",
--- a/sftp-client.c
+++ b/sftp-client.c
@ -222,7 +222,7 @@ do_init(int fd_in, int fd_out)
 	get_msg(fd_in, &msg);
- 	/* Expecting a VERSION reply */
+	/* Expecting a VERSION reply */
 	if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
 		error("Invalid packet back from SSH2_FXP_INIT (type %d)",
 		    type);
--- a/sftp-int.c
+++ b/sftp-int.c
@ -130,10 +130,10 @@ local_do_shell(const char *args)
 	int ret, status;
 	char *shell;
 	pid_t pid;
-	
+
 	if (!*args)
 		args = NULL;
-	
+
 	if ((shell = getenv("SHELL")) == NULL)
 		shell = _PATH_BSHELL;
@ -149,7 +149,7 @@ local_do_shell(const char *args)
 			debug3("Executing %s", shell);
 			ret = execl(shell, shell, NULL);
 		}
-		fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell, 
+		fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
 		    strerror(errno));
 		_exit(1);
 	}
@ -161,7 +161,7 @@ local_do_shell(const char *args)
 		error("Shell exited with status %d", WEXITSTATUS(status));
 }
-void 
+void
 local_do_ls(const char *args)
 {
 	if (!args || !*args)
@ -367,7 +367,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
 		if (get_pathname(&cp, path1))
 			return(-1);
 		if (*path1 == NULL) {
-			error("You must specify a path after a %s command.", 
+			error("You must specify a path after a %s command.",
 			    cmd);
 			return(-1);
 		}
@ -403,7 +403,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
 		if (get_pathname(&cp, path1))
 			return(-1);
 		if (*path1 == NULL) {
-			error("You must specify a path after a %s command.", 
+			error("You must specify a path after a %s command.",
 			    cmd);
 			return(-1);
 		}
--- a/sftp-server.c
+++ b/sftp-server.c
@ -207,7 +207,7 @@ handle_to_dir(int handle)
 int
 handle_to_fd(int handle)
 {
-	if (handle_is_ok(handle, HANDLE_FILE)) 
+	if (handle_is_ok(handle, HANDLE_FILE))
 		return handles[handle].fd;
 	return -1;
 }
@ -616,7 +616,7 @@ process_opendir(void)
 	id = get_int();
 	path = get_string(NULL);
 	TRACE("opendir id %d path %s", id, path);
-	dirp = opendir(path); 
+	dirp = opendir(path);
 	if (dirp == NULL) {
 		status = errno_to_portable(errno);
 	} else {
@ -627,7 +627,7 @@ process_opendir(void)
 			send_handle(id, handle);
 			status = SSH2_FX_OK;
 		}
-		
+
 	}
 	if (status != SSH2_FX_OK)
 		send_status(id, status);
@ -932,7 +932,7 @@ main(int ac, char **av)
 	handle_init();
 #ifdef DEBUG_SFTP_SERVER
-        log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
 #endif
 	in = dup(STDIN_FILENO);
--- a/sftp.c
+++ b/sftp.c
@ -125,14 +125,14 @@ make_ssh_args(char *add_arg)
 	return(args);
 }
-void 
+void
 usage(void)
 {
 	fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n");
 	exit(1);
 }
-int 
+int
 main(int argc, char **argv)
 {
 	int in, out, i, debug_level, compress_flag;
--- a/ssh-add.c
+++ b/ssh-add.c
@ -253,7 +253,7 @@ main(int argc, char **argv)
 	__progname = get_progname(argv[0]);
 	init_rng();
-        SSLeay_add_all_algorithms();
+	SSLeay_add_all_algorithms();
 	/* At first, get a connection to the authentication agent. */
 	ac = ssh_get_authentication_connection();
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -728,7 +728,7 @@ main(int ac, char **av)
 	__progname = get_progname(av[0]);
 	init_rng();
-	
+
 #ifdef __GNU_LIBRARY__
 	while ((ch = getopt(ac, av, "+cks")) != -1) {
 #else /* __GNU_LIBRARY__ */
--- a/ssh-dss.c
+++ b/ssh-dss.c
@ -185,7 +185,7 @@ ssh_dss_verify(
 		memset(sigblob, 0, len);
 		xfree(sigblob);
 	}
-	
+
 	/* sha1 the data */
 	dlen = evp_md->md_size;
 	digest = xmalloc(dlen);
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -128,7 +128,7 @@ try_load_key(char *filename, Key *k)
 #define SSH_COM_PUBLIC_BEGIN		"---- BEGIN SSH2 PUBLIC KEY ----"
 #define SSH_COM_PUBLIC_END  		"---- END SSH2 PUBLIC KEY ----"
 #define SSH_COM_PRIVATE_BEGIN		"---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
-#define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb                                          
+#define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
 void
 do_convert_to_ssh2(struct passwd *pw)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@ -509,7 +509,7 @@ conloop(void)
 	c = tq.tqh_first;
 	while (c &&
 	       (c->c_tv.tv_sec < now.tv_sec ||
-	        (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
+		(c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
 		int s = c->c_fd;
 		c = c->c_link.tqe_next;
 		conrecycle(s);
--- a/ssh.c
+++ b/ssh.c
@ -156,7 +156,7 @@ usage()
 #ifdef AFS
 	fprintf(stderr, "  -k          Disable Kerberos ticket and AFS token forwarding.\n");
 #endif				/* AFS */
-        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
+	fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
 	fprintf(stderr, "  -x          Disable X11 connection forwarding.\n");
 	fprintf(stderr, "  -i file     Identity for RSA authentication (default: ~/.ssh/identity).\n");
 	fprintf(stderr, "  -t          Tty; allocate a tty even if command is given.\n");
@ -1035,7 +1035,7 @@ ssh_session2(void)
 	/* XXX should be pre-session */
 	ssh_init_forwarding();
-	
+
 	/* If requested, let ssh continue in the background. */
 	if (fork_after_authentication_flag)
 		if (daemon(1, 1) < 0)
--- a/sshconnect.c
+++ b/sshconnect.c
@ -328,7 +328,7 @@ ssh_exchange_identification()
 	int remote_major, remote_minor, i, mismatch;
 	int connection_in = packet_get_connection_in();
 	int connection_out = packet_get_connection_out();
-	int minor1 = PROTOCOL_MINOR_1; 
+	int minor1 = PROTOCOL_MINOR_1;
 	/* Read other side\'s version identification. */
 	for (;;) {
@ -688,7 +688,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			error("X11 forwarding is disabled to avoid trojan horses.");
 			options.forward_x11 = 0;
 		}
-	        if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+		if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
 			error("Port forwarding is disabled to avoid trojan horses.");
 			options.num_local_forwards = options.num_remote_forwards = 0;
 		}
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -145,7 +145,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 /* diffie-hellman-group1-sha1 */
 void
-ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, 
+ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
 	       Buffer *client_kexinit, Buffer *server_kexinit)
 {
 #ifdef DEBUG_KEXDH
@ -281,7 +281,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
 int
 dh_estimate(int bits)
 {
-	
+
 	if (bits < 64)
 		return (512);	/* O(2**63) */
 	if (bits < 128)
@ -416,7 +416,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
 	    buffer_ptr(client_kexinit), buffer_len(client_kexinit),
 	    buffer_ptr(server_kexinit), buffer_len(server_kexinit),
 	    server_host_key_blob, sbloblen,
-	    nbits, dh->p, dh->g, 
+	    nbits, dh->p, dh->g,
 	    dh->pub_key,
 	    dh_server_pub,
 	    shared_secret
@ -608,7 +608,7 @@ input_userauth_failure(int type, int plen, void *ctxt)
 	for (;;) {
 		method = authmethod_get(authlist);
 		if (method == NULL)
-                        fatal("Unable to find an authentication method");
+			fatal("Unable to find an authentication method");
 		authctxt->method = method;
 		if (method->userauth(authctxt) != 0) {
 			debug2("we sent a %s packet, wait for reply", method->name);
@ -617,7 +617,7 @@ input_userauth_failure(int type, int plen, void *ctxt)
 			debug2("we did not send a packet, disable method");
 			method->enabled = NULL;
 		}
-	}	
+	}
 	xfree(authlist);
 }
@ -683,7 +683,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 	buffer_init(&b);
 	if (datafellows & SSH_OLD_SESSIONID) {
 		buffer_append(&b, session_id2, session_id2_len);
-		skip = session_id2_len; 
+		skip = session_id2_len;
 	} else {
 		buffer_put_string(&b, session_id2, session_id2_len);
 		skip = buffer_len(&b);
@ -699,7 +699,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 	} else {
 		buffer_put_cstring(&b, authctxt->method->name);
 		buffer_put_char(&b, have_sig);
-		buffer_put_cstring(&b, key_ssh_name(k)); 
+		buffer_put_cstring(&b, key_ssh_name(k));
 	}
 	buffer_put_string(&b, blob, bloblen);
@ -722,7 +722,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 		buffer_put_cstring(&b, authctxt->method->name);
 		buffer_put_char(&b, have_sig);
 		if (!(datafellows & SSH_BUG_PKAUTH))
-			buffer_put_cstring(&b, key_ssh_name(k)); 
+			buffer_put_cstring(&b, key_ssh_name(k));
 		buffer_put_string(&b, blob, bloblen);
 	}
 	xfree(blob);
@ -1011,14 +1011,14 @@ authmethod_lookup(const char *name)
 * use a built-in default list.  If the server sends a nil list after
 * previously sending a valid list, continue using the list originally
 * sent.
- */ 
+ */
 Authmethod *
 authmethod_get(char *authlist)
 {
 	char *name = NULL, *authname_old;
 	Authmethod *method = NULL;
-	
+
 	/* Use a suitable default if we're passed a nil list.  */
 	if (authlist == NULL || strlen(authlist) == 0)
 		authlist = def_authlist;
--- a/sshd.c
+++ b/sshd.c
@ -429,7 +429,7 @@ destroy_sensitive_data(void)
 		key_free(sensitive_data.server_key);
 		sensitive_data.server_key = NULL;
 	}
-        for(i = 0; i < options.num_host_key_files; i++) {
+	for(i = 0; i < options.num_host_key_files; i++) {
 		if (sensitive_data.host_keys[i]) {
 			key_free(sensitive_data.host_keys[i]);
 			sensitive_data.host_keys[i] = NULL;
@ -983,7 +983,7 @@ main(int ac, char **av)
 						startups++;
 						break;
 					}
-				
+
 				/*
 				 * Got connection.  Fork a child to handle it, unless
 				 * we are in debugging mode.
@ -1507,7 +1507,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	fprintf(stderr, "\npub= ");
 	BN_print_fp(stderr, dh->pub_key);
 	fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+	DHparams_print_fp(stderr, dh);
 #endif
 	if (!dh_pub_is_valid(dh, dh_client_pub))
 		packet_disconnect("bad client public DH value");
@ -1650,7 +1650,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	fprintf(stderr, "\npub= ");
 	BN_print_fp(stderr, dh->pub_key);
 	fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+	DHparams_print_fp(stderr, dh);
 #endif
 	if (!dh_pub_is_valid(dh, dh_client_pub))
 		packet_disconnect("bad client public DH value");
--- a/xmalloc.c
+++ b/xmalloc.c
@ -4,7 +4,7 @@
 *                    All rights reserved
 * Versions of malloc and friends that check their results, and never return
 * failure (they call fatal if they encounter an error).
- * 
+ *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is