17166360 OpenSSL pkcs11 engine should use OpenSSL coding style for consistency
authorjenny.yung@oracle.com <jenny.yung@oracle.com>
Tue, 08 Oct 2013 11:48:11 -0700
changeset 1499 59aeb82a4f4c
parent 1498 20dd5b947b20
child 1500 10b7d238f48b
17166360 OpenSSL pkcs11 engine should use OpenSSL coding style for consistency 17569481 debug slot selection code in the PKCS#11 engine for FIPS needs some fixes
components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11.c
components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_err.c
components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_uri.h
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_err.c
components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.h
--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11.c	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11.c	Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
  *
  */
 
@@ -205,7 +205,8 @@
 static CK_SESSION_HANDLE	global_session = CK_INVALID_HANDLE;
 
 /* Index for the supported ciphers */
-enum pk11_cipher_id {
+enum pk11_cipher_id
+	{
 	PK11_DES_CBC,
 	PK11_DES3_CBC,
 	PK11_DES_ECB,
@@ -224,10 +225,11 @@
 	PK11_AES_256_CTR,
 #endif	/* SOLARIS_AES_CTR */
 	PK11_CIPHER_MAX
-};
+	};
 
 /* Index for the supported digests */
-enum pk11_digest_id {
+enum pk11_digest_id
+	{
 	PK11_MD5,
 	PK11_SHA1,
 	PK11_SHA224,
@@ -235,7 +237,7 @@
 	PK11_SHA384,
 	PK11_SHA512,
 	PK11_DIGEST_MAX
-};
+	};
 
 typedef struct PK11_CIPHER_st
 	{
@@ -1166,9 +1168,9 @@
 
 /* Initialization function for the pk11 engine */
 static int pk11_init(ENGINE *e)
-{
+	{
 	return (pk11_library_init(e));
-}
+	}
 
 /*
  * Initialization function. Sets up various PKCS#11 library components.
@@ -1298,11 +1300,12 @@
 	 * this function is required by OpenSSL digest copy function
 	 */
 	if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-			== CKR_FUNCTION_NOT_SUPPORTED) {
+			== CKR_FUNCTION_NOT_SUPPORTED)
+		{
 		DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, "
 		    "setting digest_count to 0\n", PK11_DBG);
 		digest_count = 0;
-	}
+		}
 
 	pk11_library_initialized = CK_TRUE;
 	pk11_pid = getpid();
@@ -1382,24 +1385,27 @@
 	pFuncList->C_Finalize(NULL);
 #endif
 #ifdef	SOLARIS_AES_CTR
-	{
+		{
 		ASN1_OBJECT *ob = NULL;
-		if (NID_aes_128_ctr != NID_undef) {
+		if (NID_aes_128_ctr != NID_undef)
+			{
 			ob = OBJ_nid2obj(NID_aes_128_ctr);
 			if (ob != NULL)
 				ASN1_OBJECT_free(ob);
-		}
-		if (NID_aes_192_ctr != NID_undef) {
+			}
+		if (NID_aes_192_ctr != NID_undef)
+			{
 			ob = OBJ_nid2obj(NID_aes_192_ctr);
 			if (ob != NULL)
 				ASN1_OBJECT_free(ob);
-		}
-		if (NID_aes_256_ctr != NID_undef) {
+			}
+		if (NID_aes_256_ctr != NID_undef)
+			{
 			ob = OBJ_nid2obj(NID_aes_256_ctr);
 			if (ob != NULL)
 				ASN1_OBJECT_free(ob);
+			}
 		}
-	}
 #endif
 
 	if (!DSO_free(pk11_dso))
@@ -2400,10 +2406,11 @@
 	 */
 	if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
 	    ctx->key_len < p_ciph_table_row->min_key_len ||
-	    ctx->key_len > p_ciph_table_row->max_key_len) {
+	    ctx->key_len > p_ciph_table_row->max_key_len)
+		{
 		PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
 		return (0);
-	}
+		}
 
 	if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
 		return (0);
@@ -3147,7 +3154,8 @@
 		{
 		current_slot = pSlotList[i];
 
-		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
+		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+			current_slot);
 		/* Check if slot has random support. */
 		rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
 		if (rv != CKR_OK)
@@ -3176,7 +3184,8 @@
 		CK_BBOOL slot_has_dh = CK_FALSE;
 		current_slot = pSlotList[i];
 
-		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
+		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+			current_slot);
 		rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
 		if (rv != CKR_OK)
 			continue;
@@ -3289,9 +3298,11 @@
 	SLOTID = pSlotList[0];
 	for (i = 0; i < ulSlotCount; i++)
 		{
-		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
-
 		current_slot = pSlotList[i];
+
+		DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+			current_slot);
+
 		current_slot_n_cipher = 0;
 		current_slot_n_digest = 0;
 		(void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_err.c	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_err.c	Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
  *
  */
 
@@ -268,7 +268,7 @@
 		ERR_load_strings(0, pk11_engine_lib_name);
 #endif
 		}
-}
+	}
 
 static void
 ERR_unload_pk11_strings(void)
@@ -286,22 +286,22 @@
 
 		pk11_error_init = 1;
 		}
-}
+	}
 
 void
 ERR_pk11_error(int function, int reason, char *file, int line)
-{
+	{
 	if (pk11_lib_error_code == 0)
 		pk11_lib_error_code = ERR_get_next_error_library();
 	ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-}
+	}
 
 void
 PK11err_add_data(int function, int reason, CK_RV rv)
-{
+	{
 	char tmp_buf[20];
 
 	PK11err(function, reason);
 	(void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
 	ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-}
+	}
--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_uri.h	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_uri.h	Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
  *
  */
 
@@ -78,7 +78,8 @@
 #define	PK11_MAX_PIN_LEN	256
 
 /* Add new attributes of the PKCS#11 URI here. */
-typedef struct pkcs11_uri_struct {
+typedef struct pkcs11_uri_struct
+	{
 	char	*object;	/* object label, the only mandatory info */
 	char	*objecttype;	/* (private|public|cert), currently unused */
 	char	*token;		/* token label */
@@ -88,7 +89,7 @@
 	char	*askpass;	/* full path to the command to get the PIN */
 	/* Not part of the PKCS11 URI itself. */
 	char	*pin;		/* token PIN */
-} pkcs11_uri;
+	} pkcs11_uri;
 
 /* For URI processing. */
 extern pthread_mutex_t *uri_lock;
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c	Tue Oct 08 11:48:11 2013 -0700
@@ -192,7 +192,8 @@
 static CK_SESSION_HANDLE	global_session = CK_INVALID_HANDLE;
 
 /* Index for the supported ciphers */
-enum pk11_cipher_id {
+enum pk11_cipher_id
+	{
 	PK11_DES_CBC,
 	PK11_DES3_CBC,
 	PK11_DES_ECB,
@@ -209,10 +210,11 @@
 	PK11_AES_192_CTR,
 	PK11_AES_256_CTR,
 	PK11_CIPHER_MAX
-};
+	};
 
 /* Index for the supported digests */
-enum pk11_digest_id {
+enum pk11_digest_id
+	{
 	PK11_MD5,
 	PK11_SHA1,
 	PK11_SHA224,
@@ -220,7 +222,7 @@
 	PK11_SHA384,
 	PK11_SHA512,
 	PK11_DIGEST_MAX
-};
+	};
 
 typedef struct PK11_CIPHER_st
 	{
@@ -1078,9 +1080,9 @@
 
 /* Initialization function for the pk11 engine */
 static int pk11_init(ENGINE *e)
-{
+	{
 	return (pk11_library_init(e));
-}
+	}
 
 /*
  * Helper function that unsets reference to current engine (pk11_engine = NULL).
@@ -1094,9 +1096,10 @@
 	{
 	ENGINE* old_engine = pk11_engine;
 
-	if (old_engine) {
+	if (old_engine)
+		{
 		pk11_engine = NULL;
-	}
+		}
 	}
 
 /*
@@ -1230,11 +1233,12 @@
 	 * this function is required by OpenSSL digest copy function
 	 */
 	if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
-			== CKR_FUNCTION_NOT_SUPPORTED) {
+			== CKR_FUNCTION_NOT_SUPPORTED)
+		{
 		DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, "
 		    "setting digest_count to 0\n", PK11_DBG);
 		digest_count = 0;
-	}
+		}
 
 	pk11_library_initialized = CK_TRUE;
 	pk11_pid = getpid();
@@ -2322,10 +2326,11 @@
 	 */
 	if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
 	    ctx->key_len < p_ciph_table_row->min_key_len ||
-	    ctx->key_len > p_ciph_table_row->max_key_len) {
+	    ctx->key_len > p_ciph_table_row->max_key_len)
+		{
 		PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
 		return (0);
-	}
+		}
 
 	if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
 		return (0);
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_err.c	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_err.c	Tue Oct 08 11:48:11 2013 -0700
@@ -267,7 +267,7 @@
 		ERR_load_strings(0, pk11_engine_lib_name);
 #endif
 		}
-}
+	}
 
 static void
 ERR_unload_pk11_strings(void)
@@ -285,22 +285,22 @@
 
 		pk11_error_init = 1;
 		}
-}
+	}
 
 void
 ERR_pk11_error(int function, int reason, char *file, int line)
-{
+	{
 	if (pk11_lib_error_code == 0)
 		pk11_lib_error_code = ERR_get_next_error_library();
 	ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-}
+	}
 
 void
 PK11err_add_data(int function, int reason, CK_RV rv)
-{
+	{
 	char tmp_buf[20];
 
 	PK11err(function, reason);
 	(void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
 	ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-}
+	}
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.h	Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.h	Tue Oct 08 11:48:11 2013 -0700
@@ -81,7 +81,8 @@
 #define	PK11_MAX_PIN_LEN	256
 
 /* Add new attributes of the PKCS#11 URI here. */
-typedef struct pkcs11_uri_struct {
+typedef struct pkcs11_uri_struct
+	{
 	char	*object;	/* object label, the only mandatory info */
 	char	*objecttype;	/* (private|public|cert), currently unused */
 	char	*token;		/* token label */
@@ -91,7 +92,7 @@
 	char	*askpass;	/* full path to the command to get the PIN */
 	/* Not part of the PKCS11 URI itself. */
 	char	*pin;		/* token PIN */
-} pkcs11_uri;
+	} pkcs11_uri;
 
 /* For URI processing. */
 extern pthread_mutex_t *uri_lock;