17166360 OpenSSL pkcs11 engine should use OpenSSL coding style for consistency
17569481 debug slot selection code in the PKCS#11 engine for FIPS needs some fixes
--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11.c Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11.c Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
*
*/
@@ -205,7 +205,8 @@
static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
/* Index for the supported ciphers */
-enum pk11_cipher_id {
+enum pk11_cipher_id
+ {
PK11_DES_CBC,
PK11_DES3_CBC,
PK11_DES_ECB,
@@ -224,10 +225,11 @@
PK11_AES_256_CTR,
#endif /* SOLARIS_AES_CTR */
PK11_CIPHER_MAX
-};
+ };
/* Index for the supported digests */
-enum pk11_digest_id {
+enum pk11_digest_id
+ {
PK11_MD5,
PK11_SHA1,
PK11_SHA224,
@@ -235,7 +237,7 @@
PK11_SHA384,
PK11_SHA512,
PK11_DIGEST_MAX
-};
+ };
typedef struct PK11_CIPHER_st
{
@@ -1166,9 +1168,9 @@
/* Initialization function for the pk11 engine */
static int pk11_init(ENGINE *e)
-{
+ {
return (pk11_library_init(e));
-}
+ }
/*
* Initialization function. Sets up various PKCS#11 library components.
@@ -1298,11 +1300,12 @@
* this function is required by OpenSSL digest copy function
*/
if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
- == CKR_FUNCTION_NOT_SUPPORTED) {
+ == CKR_FUNCTION_NOT_SUPPORTED)
+ {
DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, "
"setting digest_count to 0\n", PK11_DBG);
digest_count = 0;
- }
+ }
pk11_library_initialized = CK_TRUE;
pk11_pid = getpid();
@@ -1382,24 +1385,27 @@
pFuncList->C_Finalize(NULL);
#endif
#ifdef SOLARIS_AES_CTR
- {
+ {
ASN1_OBJECT *ob = NULL;
- if (NID_aes_128_ctr != NID_undef) {
+ if (NID_aes_128_ctr != NID_undef)
+ {
ob = OBJ_nid2obj(NID_aes_128_ctr);
if (ob != NULL)
ASN1_OBJECT_free(ob);
- }
- if (NID_aes_192_ctr != NID_undef) {
+ }
+ if (NID_aes_192_ctr != NID_undef)
+ {
ob = OBJ_nid2obj(NID_aes_192_ctr);
if (ob != NULL)
ASN1_OBJECT_free(ob);
- }
- if (NID_aes_256_ctr != NID_undef) {
+ }
+ if (NID_aes_256_ctr != NID_undef)
+ {
ob = OBJ_nid2obj(NID_aes_256_ctr);
if (ob != NULL)
ASN1_OBJECT_free(ob);
+ }
}
- }
#endif
if (!DSO_free(pk11_dso))
@@ -2400,10 +2406,11 @@
*/
if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
ctx->key_len < p_ciph_table_row->min_key_len ||
- ctx->key_len > p_ciph_table_row->max_key_len) {
+ ctx->key_len > p_ciph_table_row->max_key_len)
+ {
PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
return (0);
- }
+ }
if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
return (0);
@@ -3147,7 +3154,8 @@
{
current_slot = pSlotList[i];
- DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
+ DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+ current_slot);
/* Check if slot has random support. */
rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
if (rv != CKR_OK)
@@ -3176,7 +3184,8 @@
CK_BBOOL slot_has_dh = CK_FALSE;
current_slot = pSlotList[i];
- DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
+ DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+ current_slot);
rv = pFuncList->C_GetTokenInfo(current_slot, &token_info);
if (rv != CKR_OK)
continue;
@@ -3289,9 +3298,11 @@
SLOTID = pSlotList[0];
for (i = 0; i < ulSlotCount; i++)
{
- DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i);
-
current_slot = pSlotList[i];
+
+ DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG,
+ current_slot);
+
current_slot_n_cipher = 0;
current_slot_n_digest = 0;
(void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_err.c Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_err.c Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
*
*/
@@ -268,7 +268,7 @@
ERR_load_strings(0, pk11_engine_lib_name);
#endif
}
-}
+ }
static void
ERR_unload_pk11_strings(void)
@@ -286,22 +286,22 @@
pk11_error_init = 1;
}
-}
+ }
void
ERR_pk11_error(int function, int reason, char *file, int line)
-{
+ {
if (pk11_lib_error_code == 0)
pk11_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-}
+ }
void
PK11err_add_data(int function, int reason, CK_RV rv)
-{
+ {
char tmp_buf[20];
PK11err(function, reason);
(void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-}
+ }--- a/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_uri.h Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/engines/pkcs11/hw_pk11_uri.h Tue Oct 08 11:48:11 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
*
*/
@@ -78,7 +78,8 @@
#define PK11_MAX_PIN_LEN 256
/* Add new attributes of the PKCS#11 URI here. */
-typedef struct pkcs11_uri_struct {
+typedef struct pkcs11_uri_struct
+ {
char *object; /* object label, the only mandatory info */
char *objecttype; /* (private|public|cert), currently unused */
char *token; /* token label */
@@ -88,7 +89,7 @@
char *askpass; /* full path to the command to get the PIN */
/* Not part of the PKCS11 URI itself. */
char *pin; /* token PIN */
-} pkcs11_uri;
+ } pkcs11_uri;
/* For URI processing. */
extern pthread_mutex_t *uri_lock;--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c Tue Oct 08 11:48:11 2013 -0700
@@ -192,7 +192,8 @@
static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE;
/* Index for the supported ciphers */
-enum pk11_cipher_id {
+enum pk11_cipher_id
+ {
PK11_DES_CBC,
PK11_DES3_CBC,
PK11_DES_ECB,
@@ -209,10 +210,11 @@
PK11_AES_192_CTR,
PK11_AES_256_CTR,
PK11_CIPHER_MAX
-};
+ };
/* Index for the supported digests */
-enum pk11_digest_id {
+enum pk11_digest_id
+ {
PK11_MD5,
PK11_SHA1,
PK11_SHA224,
@@ -220,7 +222,7 @@
PK11_SHA384,
PK11_SHA512,
PK11_DIGEST_MAX
-};
+ };
typedef struct PK11_CIPHER_st
{
@@ -1078,9 +1080,9 @@
/* Initialization function for the pk11 engine */
static int pk11_init(ENGINE *e)
-{
+ {
return (pk11_library_init(e));
-}
+ }
/*
* Helper function that unsets reference to current engine (pk11_engine = NULL).
@@ -1094,9 +1096,10 @@
{
ENGINE* old_engine = pk11_engine;
- if (old_engine) {
+ if (old_engine)
+ {
pk11_engine = NULL;
- }
+ }
}
/*
@@ -1230,11 +1233,12 @@
* this function is required by OpenSSL digest copy function
*/
if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len)
- == CKR_FUNCTION_NOT_SUPPORTED) {
+ == CKR_FUNCTION_NOT_SUPPORTED)
+ {
DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, "
"setting digest_count to 0\n", PK11_DBG);
digest_count = 0;
- }
+ }
pk11_library_initialized = CK_TRUE;
pk11_pid = getpid();
@@ -2322,10 +2326,11 @@
*/
if (ctx->cipher->iv_len < p_ciph_table_row->iv_len ||
ctx->key_len < p_ciph_table_row->min_key_len ||
- ctx->key_len > p_ciph_table_row->max_key_len) {
+ ctx->key_len > p_ciph_table_row->max_key_len)
+ {
PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM);
return (0);
- }
+ }
if ((sp = pk11_get_session(OP_CIPHER)) == NULL)
return (0);--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_err.c Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_err.c Tue Oct 08 11:48:11 2013 -0700
@@ -267,7 +267,7 @@
ERR_load_strings(0, pk11_engine_lib_name);
#endif
}
-}
+ }
static void
ERR_unload_pk11_strings(void)
@@ -285,22 +285,22 @@
pk11_error_init = 1;
}
-}
+ }
void
ERR_pk11_error(int function, int reason, char *file, int line)
-{
+ {
if (pk11_lib_error_code == 0)
pk11_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(pk11_lib_error_code, function, reason, file, line);
-}
+ }
void
PK11err_add_data(int function, int reason, CK_RV rv)
-{
+ {
char tmp_buf[20];
PK11err(function, reason);
(void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv);
ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf);
-}
+ }--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.h Mon Oct 07 14:54:34 2013 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11_uri.h Tue Oct 08 11:48:11 2013 -0700
@@ -81,7 +81,8 @@
#define PK11_MAX_PIN_LEN 256
/* Add new attributes of the PKCS#11 URI here. */
-typedef struct pkcs11_uri_struct {
+typedef struct pkcs11_uri_struct
+ {
char *object; /* object label, the only mandatory info */
char *objecttype; /* (private|public|cert), currently unused */
char *token; /* token label */
@@ -91,7 +92,7 @@
char *askpass; /* full path to the command to get the PIN */
/* Not part of the PKCS11 URI itself. */
char *pin; /* token PIN */
-} pkcs11_uri;
+ } pkcs11_uri;
/* For URI processing. */
extern pthread_mutex_t *uri_lock;