7 files changed, 131 insertions, 47 deletions
diff --git a/usr/src/cmd/cmd-crypto/decrypt/decrypt.c b/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
index b505390177..1fe5127fc2 100644
--- a/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
+++ b/usr/src/cmd/cmd-crypto/decrypt/decrypt.c
@@ -24,8 +24,6 @@
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * decrypt.c
  *
@@ -487,7 +485,7 @@ execute_cmd(struct CommandInfo *cmd, char *algo_str)
 			    (size_t *)&keysize, 0, B_FALSE);
 		}
 
-		if (status == -1 || keysize == 0L) {
+		if (status != 0 || keysize == 0L) {
 			cryptoerror(LOG_STDERR,
 			    Kflag ? gettext("invalid password.") :
 			    gettext("invalid key."));
diff --git a/usr/src/cmd/cmd-crypto/digest/digest.c b/usr/src/cmd/cmd-crypto/digest/digest.c
index a12e4e236c..e2971efad2 100644
--- a/usr/src/cmd/cmd-crypto/digest/digest.c
+++ b/usr/src/cmd/cmd-crypto/digest/digest.c
@@ -23,8 +23,6 @@
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * digest.c
  *
@@ -430,7 +428,7 @@ execute_cmd(char *algo_str, int filecount, char **filelist, boolean_t mac_cmd)
 				    0, B_FALSE);
 			}
 
-			if (status == -1 || keylen == 0 || pkeydata == NULL) {
+			if (status != 0 || keylen == 0 || pkeydata == NULL) {
 				cryptoerror(LOG_STDERR,
 				    Kflag ? gettext("invalid passphrase.") :
 				    gettext("invalid key."));
diff --git a/usr/src/lib/libcryptoutil/common/cryptoutil.h b/usr/src/lib/libcryptoutil/common/cryptoutil.h
index 9fdd89a723..85896e398a 100644
--- a/usr/src/lib/libcryptoutil/common/cryptoutil.h
+++ b/usr/src/lib/libcryptoutil/common/cryptoutil.h
@@ -26,8 +26,6 @@
 #ifndef _CRYPTOUTIL_H
 #define	_CRYPTOUTIL_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -113,6 +111,8 @@ typedef struct uentrylist {
 extern void cryptodebug(const char *fmt, ...);
 extern void cryptoerror(int priority, const char *fmt, ...);
 extern void cryptodebug_init(const char *prefix);
+extern void cryptoerror_off();
+extern void cryptoerror_on();
 
 extern const char *pkcs11_mech2str(CK_MECHANISM_TYPE mech);
 extern CK_RV pkcs11_str2mech(char *mech_str, CK_MECHANISM_TYPE_PTR mech);
@@ -125,6 +125,8 @@ extern void free_uentry(uentry_t *);
 extern uentry_t *getent_uef(char *);
 
 extern void tohexstr(uchar_t *bytes, size_t blen, char *hexstr, size_t hexlen);
+extern int hexstr_to_bytes(char *hexstr, size_t hexlen, uchar_t **bytes,
+    size_t *blen);
 extern CK_RV pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type,
     CK_KEY_TYPE *ktype);
 extern CK_RV pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type,
diff --git a/usr/src/lib/libcryptoutil/common/debug.c b/usr/src/lib/libcryptoutil/common/debug.c
index 9dcfe19a87..84ac2ec4be 100644
--- a/usr/src/lib/libcryptoutil/common/debug.c
+++ b/usr/src/lib/libcryptoutil/common/debug.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdarg.h>
@@ -37,6 +34,7 @@
 
 static char *_cryptodebug_prefix = NULL;
 static int _cryptodebug_enabled = -1; /* -1 unknown, 0 disabled, 1 enabled */
+static int _cryptoerror_enabled = 1; /* 0 disabled, 1 enabled */
 static boolean_t _cryptodebug_syslog = B_TRUE;
 
 /*PRINTFLIKE1*/
@@ -89,7 +87,7 @@ cryptoerror(int priority, const char *fmt, ...)
 	char msgbuf[BUFSIZ];
 	va_list args;
 
-	if (fmt == NULL)
+	if (fmt == NULL || _cryptoerror_enabled == 0)
 		return;
 
 	va_start(args, fmt);
@@ -110,6 +108,18 @@ cryptoerror(int priority, const char *fmt, ...)
 }
 
 void
+cryptoerror_off()
+{
+	_cryptoerror_enabled = 0;
+}
+
+void
+cryptoerror_on()
+{
+	_cryptoerror_enabled = 1;
+}
+
+void
 cryptodebug_init(const char *prefix)
 {
 	char *envval = NULL;
diff --git a/usr/src/lib/libcryptoutil/common/keyfile.c b/usr/src/lib/libcryptoutil/common/keyfile.c
index 0d5403bd28..c02d4a8901 100644
--- a/usr/src/lib/libcryptoutil/common/keyfile.c
+++ b/usr/src/lib/libcryptoutil/common/keyfile.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <string.h>
 #include <fcntl.h>
@@ -43,29 +41,31 @@
  * to the number of bytes requested and will be reset to actual number
  * of bytes returned.
  *
- * Return 0 on success, -1 on error.
+ * Return 0 on success and errno on error.
  */
 int
 pkcs11_read_data(char *filename, void **dbuf, size_t *dlen)
 {
-	int	fd;
+	int	fd = -1;
 	struct stat statbuf;
 	boolean_t plain_file;
 	void	*filebuf = NULL;
 	size_t	filesize = 0;
+	int ret = 0;
 
 	if (filename == NULL || dbuf == NULL || dlen == NULL)
 		return (-1);
 
 	if ((fd = open(filename, O_RDONLY | O_NONBLOCK)) == -1) {
+		ret = errno;
 		cryptoerror(LOG_STDERR, gettext("cannot open %s"), filename);
-		return (-1);
+		goto error;
 	}
 
 	if (fstat(fd, &statbuf) == -1) {
+		ret = errno;
 		cryptoerror(LOG_STDERR, gettext("cannot stat %s"), filename);
-		(void) close(fd);
-		return (-1);
+		goto error;
 	}
 
 	if (S_ISREG(statbuf.st_mode)) {
@@ -92,46 +92,46 @@ pkcs11_read_data(char *filename, void **dbuf, size_t *dlen)
 	}
 
 	if ((filebuf = malloc(filesize)) == NULL) {
-		int	err = errno;
-		cryptoerror(LOG_STDERR, gettext("malloc: %s"), strerror(err));
-		(void) close(fd);
-		return (-1);
+		ret = errno;
+		cryptoerror(LOG_STDERR, gettext("malloc: %s"), strerror(ret));
+		goto error;
 	}
 
 	if (plain_file) {
 		/* either it got read or it didn't */
 		if (read(fd, filebuf, filesize) != filesize) {
-			int	err = errno;
+			ret = errno;
 			cryptoerror(LOG_STDERR,
 			    gettext("error reading file %s: %s"), filename,
-			    strerror(err));
-			(void) close(fd);
-			return (-1);
+			    strerror(ret));
+			goto error;
 		}
 	} else {
 		/* reading from special file may need some coaxing */
 		char	*marker = (char *)filebuf;
 		size_t	left = filesize;
 		ssize_t	nread;
-		int	err;
 
 		for (/* */; left > 0; marker += nread, left -= nread) {
 			/* keep reading it's going well */
 			nread = read(fd, marker, left);
-			if (nread > 0 || (nread == 0 && errno == EINTR))
+			if (nread > 0 || (nread == 0 && errno == EINTR)) {
+				errno = 0;
 				continue;
+			}
 
 			/* might have to be good enough for caller */
 			if (nread == 0 && errno == EAGAIN)
 				break;
 
 			/* anything else is an error */
-			err = errno;
-			cryptoerror(LOG_STDERR,
-			    gettext("error reading file %s: %s"), filename,
-			    strerror(err));
-			(void) close(fd);
-			return (-1);
+			if (errno) {
+				ret = errno;
+				cryptoerror(LOG_STDERR,
+				    gettext("error reading file %s: %s"),
+				    filename, strerror(ret));
+				goto error;
+			}
 		}
 		/* reset to actual number of bytes read */
 		filesize -= left;
@@ -141,4 +141,10 @@ pkcs11_read_data(char *filename, void **dbuf, size_t *dlen)
 	*dbuf = filebuf;
 	*dlen = filesize;
 	return (0);
+
+error:
+	if (fd != -1)
+		(void) close(fd);
+
+	return (ret);
 }
diff --git a/usr/src/lib/libcryptoutil/common/mapfile-vers b/usr/src/lib/libcryptoutil/common/mapfile-vers
index 0e10ac1772..571673fa8d 100644
--- a/usr/src/lib/libcryptoutil/common/mapfile-vers
+++ b/usr/src/lib/libcryptoutil/common/mapfile-vers
@@ -22,8 +22,6 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
 
 SUNWprivate {
     global:
@@ -31,6 +29,8 @@ SUNWprivate {
 	cryptodebug;
 	cryptodebug_init;
 	cryptoerror;
+	cryptoerror_off;
+	cryptoerror_on;
 	free_uentry;
 	free_uentrylist;
 	free_umechlist;
@@ -38,6 +38,7 @@ SUNWprivate {
 	get_fullpath;
 	get_metaslot_info;
 	get_pkcs11conf_info;
+	hexstr_to_bytes;
 	pkcs11_default_token;
 	pkcs11_get_pass;
 	pkcs11_mech2keytype;
diff --git a/usr/src/lib/libcryptoutil/common/tohexstr.c b/usr/src/lib/libcryptoutil/common/tohexstr.c
index 062b4f4d3e..4634ca2261 100644
--- a/usr/src/lib/libcryptoutil/common/tohexstr.c
+++ b/usr/src/lib/libcryptoutil/common/tohexstr.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,13 +19,13 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2002-2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <sys/types.h>
+#include <errno.h>
+#include <ctype.h>
 
 #include <cryptoutil.h>
 
@@ -52,3 +51,73 @@ tohexstr(uchar_t *bytes, size_t blen, char *hexstr, size_t hexlen)
 	}
 	hexstr[2 * blen] = '\0';
 }
+
+/*
+ * This function takes a char[] and length of hexadecimal values and
+ * returns a malloc'ed byte array with the length of that new byte array.
+ * The caller needs to provide a pointer to where this new malloc'ed byte array
+ * will be passed back; as well as, a pointer for the length of the new
+ * byte array.
+ *
+ * The caller is responsible for freeing the malloc'ed array when done
+ *
+ * The return code is 0 if successful, otherwise the errno value is returned.
+ */
+int
+hexstr_to_bytes(char *hexstr, size_t hexlen, uchar_t **bytes, size_t *blen)
+{
+	int i, ret = 0;
+	unsigned char ch;
+	uchar_t *b = NULL;
+
+	*bytes = NULL;
+	*blen = 0;
+
+	if (hexstr == NULL || (hexlen % 2 == 1))
+		return (EINVAL);
+
+	if (hexstr[0] == '0' && ((hexstr[1] == 'x') || (hexstr[1] == 'X'))) {
+		hexstr += 2;
+		hexlen -= 2;
+	}
+
+	*blen = (hexlen / 2);
+
+	b = malloc(*blen);
+	if (b == NULL) {
+		*blen = 0;
+		return (errno);
+	}
+
+	for (i = 0; i < hexlen; i++) {
+		ch = (unsigned char) *hexstr;
+
+		if (!isxdigit(ch)) {
+			ret = EINVAL;
+			goto out;
+		}
+
+		hexstr++;
+
+		if ((ch >= '0') && (ch <= '9'))
+			ch -= '0';
+		else if ((ch >= 'A') && (ch <= 'F'))
+			ch = ch - 'A' + 10;
+		else if ((ch >= 'a') && (ch <= 'f'))
+			ch = ch - 'a' + 10;
+
+		if (i & 1)
+			b[i/2] |= ch;
+		else
+			b[i/2] = (ch << 4);
+	}
+
+out:
+	if (b != NULL && ret != 0) {
+		free(b);
+		*blen = 0;
+	} else
+		*bytes = b;
+
+	return (ret);
+}