Indent sources

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1426 c6295689-39f2-0310-b995-f0e70906c6a9
2003-09-06 17:56:21 +00:00 · 2003-09-06 17:56:21 +00:00 · bbc64d01ff
parent a02ef5e722
commit bbc64d01ff
15 changed files with 813 additions and 864 deletions
--- a/src/sslengines/engine_opensc.c
+++ b/src/sslengines/engine_opensc.c
@ -43,7 +43,8 @@ static sc_card_t *card = NULL;
 static sc_pkcs15_card_t *p15card = NULL;
 static char *sc_pin = NULL;
-int opensc_finish(void) {
+int opensc_finish(void)
 {
 	if (p15card) {
 		sc_pkcs15_unbind(p15card);
 		p15card = NULL;
@ -59,7 +60,8 @@ int opensc_finish(void) {
 	return 1;
 }
-int opensc_init(void) {
+int opensc_init(void)
 {
 	int r = 0;
 	if (!quiet)
@ -83,30 +85,35 @@ err:
 	return 0;
 }
-int
+int opensc_rsa_finish(RSA * rsa)
-opensc_rsa_finish(RSA* rsa) {
+{
 	struct sc_pkcs15_key_id *key_id;
 	key_id = (struct sc_pkcs15_key_id *) RSA_get_app_data(rsa);
 	free(key_id);
-	if(sc_pin) {free(sc_pin);}
+	if (sc_pin) {
 		free(sc_pin);
 	}
 	return 1;
 }
-BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t* bignum, BIGNUM* BN) {
+BIGNUM *sc_bignum_t_to_BIGNUM(sc_pkcs15_bignum_t * bignum, BIGNUM * BN)
 {
 	BN_bin2bn((unsigned char *) bignum->data, bignum->len, BN);
 	return BN;
 }
-void sc_set_pubkey_data(EVP_PKEY* key_out, sc_pkcs15_pubkey_t* pubkey) {
+void sc_set_pubkey_data(EVP_PKEY * key_out, sc_pkcs15_pubkey_t * pubkey)
-	key_out->pkey.rsa->n=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus),BN_new());
+{
-	key_out->pkey.rsa->e=sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent),BN_new());
+	key_out->pkey.rsa->n =
 	    sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.modulus), BN_new());
 	key_out->pkey.rsa->e =
 	    sc_bignum_t_to_BIGNUM(&(pubkey->u.rsa.exponent), BN_new());
 }
 /* private key operations */
-int
+int sc_prkey_op_init(const RSA * rsa, struct sc_pkcs15_object **key_obj_out)
 sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out)
 {
 	int r;
 	struct sc_pkcs15_object *key_obj;
@ -136,8 +143,7 @@ sc_prkey_op_init(const RSA *rsa, struct sc_pkcs15_object **key_obj_out)
 		goto err;
 	}
 	key = (struct sc_pkcs15_prkey_info *) key_obj->data;
-	r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id,
+	r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, &pin_obj);
 					  &pin_obj);
 	if (r) {
 		fprintf(stderr, "Unable to find PIN object from SmartCard: %s",
 			sc_strerror(r));
@ -169,8 +175,8 @@ err:
 }
 EVP_PKEY *opensc_load_public_key(ENGINE * e, const char *s_key_id,
-	UI_METHOD *ui_method, void *callback_data) {
+				 UI_METHOD * ui_method, void *callback_data)
-
+{
 	int r;
 	struct sc_pkcs15_id *id;
 	struct sc_pkcs15_object *obj;
@ -194,10 +200,11 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
 		r = sc_pkcs15_find_cert_by_id(p15card, id, &obj);
 		if (r >= 0) {
 			if (!quiet)
-				printf("Reading certificate with ID '%s'\n", s_key_id);
+				printf("Reading certificate with ID '%s'\n",
 				       s_key_id);
 			r = sc_pkcs15_read_certificate(p15card,
-				(sc_pkcs15_cert_info_t *) obj->data,
+						       (sc_pkcs15_cert_info_t *)
-				&cert);
+						       obj->data, &cert);
 		}
 		if (r >= 0)
 			pubkey = &cert->key;
@ -208,14 +215,17 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
 		return NULL;
 	}
 	if (r < 0) {
-		fprintf(stderr, "Public key enumeration failed: %s\n", sc_strerror(r));
+		fprintf(stderr, "Public key enumeration failed: %s\n",
 			sc_strerror(r));
 		return NULL;
 	}
 	/* now, set EVP_PKEY data from pubkey object */
 	key_out = EVP_PKEY_new();
-	if(!key_out)
+	if (!key_out) {
-		{fprintf(stderr, "failed to create new EVP_PKEY\n"); return NULL;};
+		fprintf(stderr, "failed to create new EVP_PKEY\n");
 		return NULL;
 	};
 	EVP_PKEY_assign_RSA(key_out, RSA_new_method(e));
 #if 0
 	RSA_set_method(keyout->rsa, sc_get_rsa_method());
@ -231,27 +241,36 @@ EVP_PKEY *opensc_load_public_key(ENGINE *e, const char *s_key_id,
 	return key_out;
 }
-char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) {
+char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen)
 {
 	UI *ui;
 	ui = UI_new();
 	UI_set_method(ui, ui_method);
 	if (!UI_add_input_string(ui, "SmartCard Password: ", 0, sc_pin, 1, maxlen)) {
 		fprintf(stderr, "UI_add_input_string failed");
-			UI_free(ui); return NULL; }
+		UI_free(ui);
 		return NULL;
 	}
 	if (!UI_process(ui)) {
-			fprintf(stderr, "UI_process failed"); return NULL;}
+		fprintf(stderr, "UI_process failed");
 		return NULL;
 	}
 	UI_free(ui);
 	return sc_pin;
 }
 EVP_PKEY *opensc_load_private_key(ENGINE * e, const char *s_key_id,
-	UI_METHOD *ui_method, void *callback_data) {
+				  UI_METHOD * ui_method, void *callback_data)
 {
 	EVP_PKEY *key_out;
 	if (!quiet)
 		fprintf(stderr, "Loading private key!");
-
+	if (sc_pin) {
-	if(sc_pin) {free(sc_pin); sc_pin=NULL;}
+		free(sc_pin);
 		sc_pin = NULL;
 	}
 	key_out = opensc_load_public_key(e, s_key_id, ui_method, callback_data);
 	sc_pin = (char *) malloc(12);
 	get_pin(ui_method, sc_pin, 12);	/* do this here, when storing sc_pin in RSA */
@ -301,8 +320,10 @@ sc_sign(int type, const u_char *m, unsigned int m_len,
 	/* FIXME: length of sigret correct? */
 	/* FIXME: check 'type' and modify flags accordingly */
 	flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
-	if(type==NID_sha1) flags|=SC_ALGORITHM_RSA_HASH_SHA1;
+	if (type == NID_sha1)
-	if(type==NID_md5) flags|=SC_ALGORITHM_RSA_HASH_MD5;
+		flags |= SC_ALGORITHM_RSA_HASH_SHA1;
 	if (type == NID_md5)
 		flags |= SC_ALGORITHM_RSA_HASH_MD5;
 	r = sc_pkcs15_compute_signature(p15card, key_obj, flags,
 					m, m_len, sigret, RSA_size(rsa));
 	sc_unlock(card);
--- a/src/sslengines/engine_pkcs11.c
+++ b/src/sslengines/engine_pkcs11.c
@ -35,40 +35,46 @@
 #define fail(msg) { fprintf(stderr,msg); return NULL;}
 PKCS11_CTX *ctx;
-char* pin;
+char *pin = NULL;
 int quiet = 1;
 const char *module = PKCS11_DEFAULT_MODULE_NAME;
-int set_module(const char *modulename) {
+int set_module(const char *modulename)
 {
 	module = modulename;
 	return 1;
 }
-char* get_pin(UI_METHOD* ui_method, char* sc_pin, int maxlen) {
+char *get_pin(UI_METHOD * ui_method, char *sc_pin, int maxlen)
 {
 	UI *ui;
 	ui = UI_new();
 	UI_set_method(ui, ui_method);
 	if (!UI_add_input_string(ui, "SmartCard PIN: ", 0, sc_pin, 1, maxlen)) {
 		fprintf(stderr, "UI_add_input_string failed\n");
-			UI_free(ui); return NULL; }
+		UI_free(ui);
 		return NULL;
 	}
 	if (!UI_process(ui)) {
-			fprintf(stderr, "UI_process failed\n"); return NULL;}
+		fprintf(stderr, "UI_process failed\n");
 		return NULL;
 	}
 	UI_free(ui);
 	return sc_pin;
 }
-int pkcs11_finish(ENGINE *engine) {
+int pkcs11_finish(ENGINE * engine)
-
+{
 	if (ctx) {
 		PKCS11_CTX_free(ctx);
 	}
 	return 1;
 }
-int pkcs11_init(ENGINE *engine) {
+int pkcs11_init(ENGINE * engine)
 {
 	if (!quiet)
 		fprintf(stderr, "initializing engine\n");
@ -77,17 +83,16 @@ int pkcs11_init(ENGINE *engine) {
 		fprintf(stderr, "unable to load module\n");
 		return 0;
 	}
 	return 1;
 }
-int
+int pkcs11_rsa_finish(RSA * rsa)
-pkcs11_rsa_finish(RSA* rsa) {
+{
-
+	if (pin) {
-	if(pin) {free(pin);}
+		free(pin);
 	}
 	/* need to free RSA_ex_data? */
 	return 1;
 }
 static int hex_to_bin(const char *in, unsigned char *out, size_t * outlen)
@ -110,11 +115,9 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen)
 			c = *in++;
 			if ('0' <= c && c <= '9')
 				c -= '0';
-			else
+			else if ('a' <= c && c <= 'f')
 			if ('a' <= c && c <= 'f')
 				c = c - 'a' + 10;
-			else
+			else if ('A' <= c && c <= 'F')
 			if ('A' <= c && c <= 'F')
 				c = c - 'A' + 10;
 			else {
 				printf("hex_to_bin(): invalid char '%c' in hex string\n", c);
@ -142,8 +145,8 @@ static int hex_to_bin(const char *in, unsigned char *out, size_t *outlen)
 #define MAX_VALUE_LEN	200
 EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
-	UI_METHOD *ui_method, void *callback_data, int isPrivate) {
+			  UI_METHOD * ui_method, void *callback_data, int isPrivate)
-
+{
 	PKCS11_SLOT *slot_list, *slot;
 	PKCS11_TOKEN *tok;
 	PKCS11_KEY *keys, *selected_key = NULL;
@ -194,22 +197,20 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 				printf("Slot number \"%s\" should be an integer\n", val);
 				return NULL;
 			}
-		}
+		} else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id)
-		else if (strncasecmp(s_slot_key_id, "id", p_sep1 - s_slot_key_id) == 0) {
+			   == 0) {
 			if (!hex_to_bin(val, key_id, &key_id_len)) {
 				printf("Key id \"%s\" should be a hex string\n", val);
 				return NULL;
 			}
 			strcpy(buf, val);
 			s_key_id = buf;
-		}
+		} else {
 		else {
 			memcpy(val, s_slot_key_id, p_sep1 - s_slot_key_id);
 			val[p_sep1 - s_slot_key_id] = '\0';
 			printf("Now allowed in -key: \"%s\"\n", val);
 			return NULL;
 		}
 		s_slot_key_id = (*p_sep2 == '\0' ? p_sep2 : p_sep2 + 1);
 	}
@ -247,8 +248,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 	if (slot_nr == -1) {
 		if (!(slot = PKCS11_find_token(ctx)))
 			fail("didn't find any tokens\n");
-	}
+	} else if (slot_nr >= 0 && slot_nr < count)
 	else if (slot_nr >= 0 && slot_nr < count)
 		slot = slot_list + slot_nr;
 	else {
 		printf("Invalid slot number: %d\n", slot_nr);
@ -277,8 +277,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 		PKCS11_CERT *c = certs + n;
 		char *dn = NULL;
-		printf("  %2u    %s", n+1,
+		printf("  %2u    %s", n + 1, c->label);
 			c->label);
 		if (c->x509)
 			dn = X509_NAME_oneline(X509_get_subject_name(c->x509), NULL, 0);
 		if (dn) {
@ -314,9 +313,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 		PKCS11_KEY *k = keys + n;
 		printf("  %2u %c%c %s\n", n + 1,
-			k->isPrivate? 'P' : ' ',
+		       k->isPrivate ? 'P' : ' ', k->needLogin ? 'L' : ' ', k->label);
 			k->needLogin? 'L' : ' ',
 			k->label);
 		if (key_id_len != 0 && k->id_len == key_id_len &&
 		    memcmp(k->id, key_id, key_id_len) == 0) {
@ -329,8 +326,7 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 		if (s_key_id != NULL) {
 			printf("No key with ID \"%s\" found.\n", s_key_id);
 			return NULL;
-		}
+		} else		/* Take the first key that was found */
 		else /* Take the first key that was found */
 			selected_key = &keys[0];
 	}
@ -346,8 +342,10 @@ EVP_PKEY *pkcs11_load_key(ENGINE *e, const char *s_slot_key_id,
 }
 EVP_PKEY *pkcs11_load_public_key(ENGINE * e, const char *s_key_id,
-	UI_METHOD *ui_method, void *callback_data) {
+				 UI_METHOD * ui_method, void *callback_data)
 {
 	EVP_PKEY *pk;
 	pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 0);
 	if (pk == NULL)
 		fail("PKCS11_load_public_key returned NULL\n");
@ -355,8 +353,10 @@ EVP_PKEY *pkcs11_load_public_key(ENGINE *e, const char *s_key_id,
 }
 EVP_PKEY *pkcs11_load_private_key(ENGINE * e, const char *s_key_id,
-	UI_METHOD *ui_method, void *callback_data) {
+				  UI_METHOD * ui_method, void *callback_data)
 {
 	EVP_PKEY *pk;
 	pk = pkcs11_load_key(e, s_key_id, ui_method, callback_data, 1);
 	if (pk == NULL)
 		fail("PKCS11_get_private_key returned NULL\n");
--- a/src/sslengines/hw_opensc.c
+++ b/src/sslengines/hw_opensc.c
@ -96,12 +96,12 @@ static const ENGINE_CMD_DEFN opensc_cmd_defns[] = {
 	{0, NULL, NULL, 0}
 };
-static int opensc_engine_finish(ENGINE *e) {
+static int opensc_engine_finish(ENGINE * e)
 {
 	return opensc_finish();
 }
-static int
+static int opensc_engine_init(ENGINE * e)
 opensc_engine_init(ENGINE *e)
 {
 	return opensc_init();
 }
@ -114,27 +114,25 @@ static int opensc_engine_destroy(ENGINE *e)
 static int opensc_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
 {
-	switch(cmd)
+	switch (cmd) {
 		{
 	default:
 		break;
 	}
 	return 0;
 }
 /* set up default rsa_meth_st with overloaded rsa functions */
 /* the actual implementation needs to be in another object */
 static int (*orig_finish) (RSA * rsa);
-static int
+static int opensc_engine_rsa_finish(RSA * rsa)
-opensc_engine_rsa_finish(RSA* rsa) {
+{
 	opensc_rsa_finish(rsa);
 	if (orig_finish)
 		orig_finish(rsa);
 	return 1;
 }
 static RSA_METHOD *sc_get_rsa_method(void)
@ -165,8 +163,7 @@ static RSA_METHOD * sc_get_rsa_method(void)
 * "dynamic" ENGINE support too */
 static int bind_helper(ENGINE * e)
 {
-	 if(
+	if (!ENGINE_set_id(e, OPENSC_ENGINE_ID) ||
 		!ENGINE_set_id(e, OPENSC_ENGINE_ID) ||
 	    !ENGINE_set_destroy_function(e, opensc_engine_destroy) ||
 	    !ENGINE_set_init_function(e, opensc_engine_init) ||
 	    !ENGINE_set_finish_function(e, opensc_engine_finish) ||
@ -187,8 +184,7 @@ static int bind_helper(ENGINE *e)
 	    !ENGINE_set_BN_mod_exp(e, BN_mod_exp) ||
 #endif
 	    !ENGINE_set_load_pubkey_function(e, opensc_load_public_key) ||
-		!ENGINE_set_load_privkey_function(e, opensc_load_private_key) )
+	    !ENGINE_set_load_privkey_function(e, opensc_load_private_key)) {
 	 {
 		return 0;
 	} else {
 		return 1;
@ -197,12 +193,16 @@ static int bind_helper(ENGINE *e)
 static int bind_fn(ENGINE * e, const char *id)
 {
-	if(id && (strcmp(id, OPENSC_ENGINE_ID) != 0))
+	if (id && (strcmp(id, OPENSC_ENGINE_ID) != 0)) {
-		{fprintf(stderr, "bad engine id");return 0;}
+		fprintf(stderr, "bad engine id");
-	if(!bind_helper(e))
+		return 0;
-		{fprintf(stderr, "bind failed"); return 0;}
+	}
 	if (!bind_helper(e)) {
 		fprintf(stderr, "bind failed");
 		return 0;
 	}
 	return 1;
 }
-IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_CHECK_FN();
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
--- a/src/sslengines/hw_pkcs11.c
+++ b/src/sslengines/hw_pkcs11.c
@ -104,8 +104,7 @@ static int pkcs11_engine_destroy(ENGINE *e)
 static int pkcs11_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
 {
 	/*int initialised = ((pkcs11_dso == NULL) ? 0 : 1); */
-	switch(cmd)
+	switch (cmd) {
 		{
 	case CMD_MODULE_PATH:
 		return set_module((const char *) p);
@ -114,13 +113,14 @@ static int pkcs11_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
 	}
 	return 0;
 }
 /* set up default rsa_meth_st with overloaded rsa functions */
 /* the actual implementation needs to be in another object */
 static int (*orig_finish) (RSA * rsa);
-static int
+static int pkcs11_engine_rsa_finish(RSA * rsa)
-pkcs11_engine_rsa_finish(RSA* rsa) {
+{
 	pkcs11_rsa_finish(rsa);
@ -134,8 +134,7 @@ pkcs11_engine_rsa_finish(RSA* rsa) {
 * "dynamic" ENGINE support too */
 static int bind_helper(ENGINE * e)
 {
-	 if(
+	if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) ||
 		!ENGINE_set_id(e, PKCS11_ENGINE_ID) ||
 	    !ENGINE_set_destroy_function(e, pkcs11_engine_destroy) ||
 	    !ENGINE_set_init_function(e, pkcs11_init) ||
 	    !ENGINE_set_finish_function(e, pkcs11_finish) ||
@ -156,8 +155,7 @@ static int bind_helper(ENGINE *e)
 	    !ENGINE_set_BN_mod_exp(e, BN_mod_exp) ||
 #endif
 	    !ENGINE_set_load_pubkey_function(e, pkcs11_load_public_key) ||
-		!ENGINE_set_load_privkey_function(e, pkcs11_load_private_key) )
+	    !ENGINE_set_load_privkey_function(e, pkcs11_load_private_key)) {
 	 {
 		return 0;
 	} else {
 		return 1;
@ -166,12 +164,16 @@ static int bind_helper(ENGINE *e)
 static int bind_fn(ENGINE * e, const char *id)
 {
-	if(id && (strcmp(id, PKCS11_ENGINE_ID) != 0))
+	if (id && (strcmp(id, PKCS11_ENGINE_ID) != 0)) {
-		{fprintf(stderr, "bad engine id");return 0;}
+		fprintf(stderr, "bad engine id");
-	if(!bind_helper(e))
+		return 0;
-		{fprintf(stderr, "bind failed"); return 0;}
+	}
 	if (!bind_helper(e)) {
 		fprintf(stderr, "bind failed");
 		return 0;
 	}
 	return 1;
 }
-IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_CHECK_FN();
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn);
--- a/src/sslengines/p11_attr.c
+++ b/src/sslengines/p11_attr.c
@ -12,15 +12,15 @@
 #include <string.h>
 static int pkcs11_getattr_int(PKCS11_CTX *, CK_SESSION_HANDLE,
-	       		CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE,
+			      CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE, void *, size_t *);
 		       	void *, size_t *);
 /*
 * Query pkcs11 attributes
 */
 static int
 pkcs11_getattr_int(PKCS11_CTX * ctx, CK_SESSION_HANDLE session,
-	CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value, size_t *size)
+		   CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value,
 		   size_t * size)
 {
 	CK_ATTRIBUTE templ;
 	int rv;
@ -81,8 +81,7 @@ pkcs11_getattr_bn(PKCS11_TOKEN *token, CK_OBJECT_HANDLE object,
 /*
 * Add attributes to template
 */
-void
+void pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
 pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
 {
 	ap->type = type;
 	ap->pValue = malloc(size);
@ -91,22 +90,19 @@ pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
 }
 /* In PKCS11, virtually every integer is a CK_ULONG */
-void
+void pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
 pkcs11_addattr_int(CK_ATTRIBUTE_PTR ap, int type, unsigned long value)
 {
 	CK_ULONG ulValue = value;
 	pkcs11_addattr(ap, type, &ulValue, sizeof(ulValue));
 }
-void
+void pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
 pkcs11_addattr_s(CK_ATTRIBUTE_PTR ap, int type, const char *s)
 {
 	pkcs11_addattr(ap, type, s, s ? strlen(s) + 1 : 0);
 }
-void
+void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM * bn)
 pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM *bn)
 {
 	unsigned char temp[1024];
 	unsigned int n;
@ -116,8 +112,7 @@ pkcs11_addattr_bn(CK_ATTRIBUTE_PTR ap, int type, const BIGNUM *bn)
 	pkcs11_addattr(ap, type, temp, n);
 }
-void
+void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
 pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
 {
 	unsigned char *p;
@ -127,8 +122,7 @@ pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *obj)
 	enc(obj, &p);
 }
-void
+void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
 pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
 {
 	while (n--) {
 		if (ap[n].pValue)
--- a/src/sslengines/p11_cert.c
+++ b/src/sslengines/p11_cert.c
@ -8,8 +8,7 @@
 #include <string.h>
 static int pkcs11_find_certs(PKCS11_TOKEN *);
-static int	pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *,
+static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, CK_SESSION_HANDLE);
 			CK_SESSION_HANDLE);
 static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 			    CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
 			    PKCS11_CERT **);
@ -28,8 +27,7 @@ static CK_ATTRIBUTE	cert_search_attrs[] = {
 */
 int
 PKCS11_enumerate_certs(PKCS11_TOKEN * token,
-			PKCS11_CERT **certp,
+		       PKCS11_CERT ** certp, unsigned int *countp)
 			unsigned int *countp)
 {
 	PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
@ -48,8 +46,7 @@ PKCS11_enumerate_certs(PKCS11_TOKEN *token,
 /*
 * Find certificate matching a key
 */
-PKCS11_CERT *
+PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
 PKCS11_find_certificate(PKCS11_KEY *key)
 {
 	PKCS11_KEY_private *kpriv;
 	PKCS11_CERT_private *cpriv;
@ -71,8 +68,7 @@ PKCS11_find_certificate(PKCS11_KEY *key)
 /*
 * Find all certs of a given type (public or private)
 */
-int
+int pkcs11_find_certs(PKCS11_TOKEN * token)
 pkcs11_find_certs(PKCS11_TOKEN *token)
 {
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
@ -99,8 +95,7 @@ pkcs11_find_certs(PKCS11_TOKEN *token)
 }
 int
-pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
+pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token, CK_SESSION_HANDLE session)
 		CK_SESSION_HANDLE session)
 {
 	CK_OBJECT_HANDLE obj;
 	CK_ULONG count;
@ -121,8 +116,7 @@ pkcs11_next_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 int
 pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
-		CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
+		 CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
 		PKCS11_CERT **ret)
 {
 	PKCS11_TOKEN_private *tpriv;
 	PKCS11_CERT_private *kpriv;
@ -133,8 +127,7 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 	size_t size;
 	size = sizeof(cert_type);
-	if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE,
+	if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE, &cert_type, &size))
 				&cert_type, &size))
 		return -1;
 	/* Ignore any certs we don't understand */
@ -143,7 +136,8 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 	tpriv = PRIVTOKEN(token);
 	tpriv->certs = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs,
-			(tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
+						       (tpriv->ncerts +
 							1) * sizeof(PKCS11_CERT));
 	cert = tpriv->certs + tpriv->ncerts++;
 	memset(cert, 0, sizeof(*cert));
@ -179,8 +173,7 @@ pkcs11_init_cert(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 /*
 * Destroy all certs
 */
-void
+void pkcs11_destroy_certs(PKCS11_TOKEN * token)
 pkcs11_destroy_certs(PKCS11_TOKEN *token)
 {
 	PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
@ -223,8 +216,7 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label,
 	/* Now build the template */
 	pkcs11_addattr_int(attrs + n++, CKA_CLASS, CKO_CERTIFICATE);
 	pkcs11_addattr_int(attrs + n++, CKA_CERTIFICATE_TYPE, CKC_X_509);
-	pkcs11_addattr_obj(attrs + n++, CKA_VALUE,
+	pkcs11_addattr_obj(attrs + n++, CKA_VALUE, (pkcs11_i2d_fn) i2d_X509, x509);
 				(pkcs11_i2d_fn) i2d_X509, x509);
 	if (label)
 		pkcs11_addattr_s(attrs + n++, CKA_LABEL, label);
 	if (id && id_len)
@ -239,6 +231,5 @@ pkcs11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label,
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_CERTIFICATE, rv);
 	/* Gobble the key object */
-	return pkcs11_init_cert(ctx, token, session,
+	return pkcs11_init_cert(ctx, token, session, object, ret_cert);
 		       	object, ret_cert);
 }
--- a/src/sslengines/p11_err.c
+++ b/src/sslengines/p11_err.c
@ -94,7 +94,6 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
 	{PKCS11_SYMBOL_NOT_FOUND_ERROR, "Symbol not found in PKCS#11 module"},
 	{PKCS11_NOT_SUPPORTED, "Not supported"},
 	{PKCS11_NO_SESSION, "No session open"},
 	{CKR_CANCEL, "Cancel"},
 	{CKR_HOST_MEMORY, "Host memory error"},
 	{CKR_SLOT_ID_INVALID, "Invalid slot ID"},
@ -141,13 +140,11 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
 	{CKR_SESSION_CLOSED, "Session closed"},
 	{CKR_SESSION_COUNT, "Session count"},
 	{CKR_SESSION_HANDLE_INVALID, "Session handle invalid"},
-{CKR_SESSION_PARALLEL_NOT_SUPPORTED,
+	{CKR_SESSION_PARALLEL_NOT_SUPPORTED, "Session parallel not supported"},
 				"Session parallel not supported" },
 	{CKR_SESSION_READ_ONLY, "Session read only"},
 	{CKR_SESSION_EXISTS, "Session exists"},
 	{CKR_SESSION_READ_ONLY_EXISTS, "Read-only session exists"},
-{CKR_SESSION_READ_WRITE_SO_EXISTS,
+	{CKR_SESSION_READ_WRITE_SO_EXISTS, "Read/write SO session exists"},
 				"Read/write SO session exists" },
 	{CKR_SIGNATURE_INVALID, "Signature invalid"},
 	{CKR_SIGNATURE_LEN_RANGE, "Signature len range"},
 	{CKR_TEMPLATE_INCOMPLETE, "Incomplete template"},
@ -155,25 +152,20 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
 	{CKR_TOKEN_NOT_PRESENT, "No PKCS#11 token present"},
 	{CKR_TOKEN_NOT_RECOGNIZED, "PKCS#11 token not recognized"},
 	{CKR_TOKEN_WRITE_PROTECTED, "Token write protected"},
-{CKR_UNWRAPPING_KEY_HANDLE_INVALID,
+	{CKR_UNWRAPPING_KEY_HANDLE_INVALID, "Unwrapping key handle invalid"},
 				"Unwrapping key handle invalid" },
 	{CKR_UNWRAPPING_KEY_SIZE_RANGE, "Unwrapping key size range"},
-{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
+	{CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "Unwrapping key type inconsistent"},
 				"Unwrapping key type inconsistent" },
 	{CKR_USER_ALREADY_LOGGED_IN, "User already logged in"},
 	{CKR_USER_NOT_LOGGED_IN, "User not logged in"},
 	{CKR_USER_PIN_NOT_INITIALIZED, "User pin not initialized"},
 	{CKR_USER_TYPE_INVALID, "User type invalid"},
-{CKR_USER_ANOTHER_ALREADY_LOGGED_IN,
+	{CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "User another is already logged in"},
 				"User another is already logged in" },
 	{CKR_USER_TOO_MANY_TYPES, "User too many types"},
 	{CKR_WRAPPED_KEY_INVALID, "Wrapped key invalid"},
 	{CKR_WRAPPED_KEY_LEN_RANGE, "Wrapped key len range"},
-{CKR_WRAPPING_KEY_HANDLE_INVALID,
+	{CKR_WRAPPING_KEY_HANDLE_INVALID, "Wrapping key handle invalid"},
 				"Wrapping key handle invalid" },
 	{CKR_WRAPPING_KEY_SIZE_RANGE, "Wrapping key size range"},
-{CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
+	{CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "Wrapping key type inconsistent"},
 				"Wrapping key type inconsistent" },
 	{CKR_RANDOM_SEED_NOT_SUPPORTED, "Random seed not supported"},
 	{CKR_RANDOM_NO_RNG, "Random no rng"},
 	{CKR_DOMAIN_PARAMS_INVALID, "Domain params invalid"},
@ -182,8 +174,7 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
 	{CKR_INFORMATION_SENSITIVE, "Information sensitive"},
 	{CKR_STATE_UNSAVEABLE, "State unsaveable"},
 	{CKR_CRYPTOKI_NOT_INITIALIZED, "Cryptoki not initialized"},
-{CKR_CRYPTOKI_ALREADY_INITIALIZED,
+	{CKR_CRYPTOKI_ALREADY_INITIALIZED, "Cryptoki already initialized"},
 				"Cryptoki already initialized" },
 	{CKR_MUTEX_BAD, "Mutex bad"},
 	{CKR_MUTEX_NOT_LOCKED, "Mutex not locked"},
 	{CKR_VENDOR_DEFINED, "Vendor defined"},
@ -191,8 +182,7 @@ static ERR_STRING_DATA PKCS11_str_reasons[] = {
 };
 #endif
-void
+void ERR_load_PKCS11_strings(void)
 ERR_load_PKCS11_strings(void)
 {
 	static int init = 1;
--- a/src/sslengines/p11_key.c
+++ b/src/sslengines/p11_key.c
@ -65,11 +65,9 @@ static int	pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 			   CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
 			   CK_OBJECT_CLASS type, PKCS11_KEY **);
 static int pkcs11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
-			unsigned char *, unsigned int,
+				    unsigned char *, unsigned int, PKCS11_KEY **);
 			PKCS11_KEY **);
 static int pkcs11_store_public_key(PKCS11_TOKEN *, EVP_PKEY *, char *,
-			unsigned char *, unsigned int,
+				   unsigned char *, unsigned int, PKCS11_KEY **);
 			PKCS11_KEY **);
 static CK_OBJECT_CLASS key_search_class;
 static CK_ATTRIBUTE key_search_attrs[] = {
@ -82,9 +80,7 @@ static CK_ATTRIBUTE	key_search_attrs[] = {
 * For now, we enumerate just the private keys.
 */
 int
-PKCS11_enumerate_keys(PKCS11_TOKEN *token,
+PKCS11_enumerate_keys(PKCS11_TOKEN * token, PKCS11_KEY ** keyp, unsigned int *countp)
 			PKCS11_KEY **keyp,
 			unsigned int *countp)
 {
 	PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
@ -108,8 +104,7 @@ PKCS11_enumerate_keys(PKCS11_TOKEN *token,
 /*
 * Store a private key on the token
 */
-int
+int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label)
 PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label)
 {
 	if (pkcs11_store_private_key(token, pk, label, NULL, 0, NULL))
 		return -1;
@ -123,8 +118,7 @@ PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label)
 */
 int
 PKCS11_generate_key(PKCS11_TOKEN * token,
-			int algorithm, unsigned int bits,
+		    int algorithm, unsigned int bits, char *label)
 			char *label)
 {
 	PKCS11_KEY *key_obj;
 	EVP_PKEY *pk;
@ -133,8 +127,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
 	int rc;
 	if (algorithm != EVP_PKEY_RSA) {
-		PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY,
+		PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED);
 				PKCS11_NOT_SUPPORTED);
 		return -1;
 	}
@ -142,8 +135,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
 	rsa = RSA_generate_key(bits, 0x10001, NULL, err);
 	BIO_free(err);
 	if (rsa == NULL) {
-		PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY,
+		PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED);
 				PKCS11_KEYGEN_FAILED);
 		return -1;
 	}
@ -165,8 +157,7 @@ PKCS11_generate_key(PKCS11_TOKEN *token,
 /*
 * Get the key type
 */
-int
+int PKCS11_get_key_type(PKCS11_KEY * key)
 PKCS11_get_key_type(PKCS11_KEY *key)
 {
 	PKCS11_KEY_private *priv = PRIVKEY(key);
@ -177,8 +168,7 @@ PKCS11_get_key_type(PKCS11_KEY *key)
 * Create a key object that will allow an OpenSSL application
 * to use the token via an EVP_PKEY
 */
-EVP_PKEY *
+EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY * key)
 PKCS11_get_private_key(PKCS11_KEY *key)
 {
 	PKCS11_KEY_private *priv = PRIVKEY(key);
 	EVP_PKEY *pk;
@ -196,8 +186,7 @@ PKCS11_get_private_key(PKCS11_KEY *key)
 /*
 * Find all keys of a given type (public or private)
 */
-int
+int pkcs11_find_keys(PKCS11_TOKEN * token, unsigned int type)
 pkcs11_find_keys(PKCS11_TOKEN *token, unsigned int type)
 {
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
@ -247,8 +236,7 @@ pkcs11_next_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 int
 pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 		CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
-		CK_OBJECT_CLASS type,
+		CK_OBJECT_CLASS type, PKCS11_KEY ** ret)
 		PKCS11_KEY **ret)
 {
 	PKCS11_TOKEN_private *tpriv;
 	PKCS11_KEY_private *kpriv;
@ -274,7 +262,8 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 	tpriv = PRIVTOKEN(token);
 	tpriv->keys = (PKCS11_KEY *) OPENSSL_realloc(tpriv->keys,
-			(tpriv->nkeys + 1) * sizeof(PKCS11_KEY));
+						     (tpriv->nkeys +
 						      1) * sizeof(PKCS11_KEY));
 	key = tpriv->keys + tpriv->nkeys++;
 	memset(key, 0, sizeof(*key));
@ -305,8 +294,7 @@ pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 /*
 * Destroy all keys
 */
-void
+void pkcs11_destroy_keys(PKCS11_TOKEN * token)
 pkcs11_destroy_keys(PKCS11_TOKEN *token)
 {
 	PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
@ -363,8 +351,7 @@ pkcs11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
 		if (id && id_len)
 			pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
 	} else {
-		PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY,
+		PKCS11err(PKCS11_F_PKCS11_STORE_PRIVATE_KEY, PKCS11_NOT_SUPPORTED);
 				PKCS11_NOT_SUPPORTED);
 		return -1;
 	}
@ -415,8 +402,7 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
 		if (id && id_len)
 			pkcs11_addattr(attrs + n++, CKA_ID, id, id_len);
 	} else {
-		PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY,
+		PKCS11err(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, PKCS11_NOT_SUPPORTED);
 				PKCS11_NOT_SUPPORTED);
 		return -1;
 	}
@ -429,6 +415,5 @@ pkcs11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label,
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_STORE_PUBLIC_KEY, rv);
 	/* Gobble the key object */
-	return pkcs11_init_key(ctx, token, session,
+	return pkcs11_init_key(ctx, token, session, object, CKO_PUBLIC_KEY, ret_key);
 		       	object, CKO_PUBLIC_KEY, ret_key);
 }
--- a/src/sslengines/p11_load.c
+++ b/src/sslengines/p11_load.c
@ -63,8 +63,7 @@ static void *handle = NULL;
 /*
 * Create a new context
 */
-PKCS11_CTX *
+PKCS11_CTX *PKCS11_CTX_new(void)
 PKCS11_CTX_new(void)
 {
 	PKCS11_CTX_private *priv;
 	PKCS11_CTX *ctx;
@ -85,8 +84,7 @@ PKCS11_CTX_new(void)
 /*
 * Load the shared library, and initialize it.
 */
-int
+int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
 PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name)
 {
 	PKCS11_CTX_private *priv = PRIVCTX(ctx);
 	CK_INFO ck_info;
@ -119,8 +117,7 @@ PKCS11_CTX_load(PKCS11_CTX *ctx, const char *name)
 /*
 * Unload the shared library
 */
-void
+void PKCS11_CTX_unload(PKCS11_CTX * ctx)
 PKCS11_CTX_unload(PKCS11_CTX *ctx)
 {
 	PKCS11_CTX_private *priv;
 	priv = PRIVCTX(ctx);
@ -138,8 +135,7 @@ PKCS11_CTX_unload(PKCS11_CTX *ctx)
 /*
 * Free a context
 */
-void
+void PKCS11_CTX_free(PKCS11_CTX * ctx)
 PKCS11_CTX_free(PKCS11_CTX *ctx)
 {
 	PKCS11_CTX_unload(ctx);	/* Make sure */
 	OPENSSL_free(ctx->manufacturer);
--- a/src/sslengines/p11_misc.c
+++ b/src/sslengines/p11_misc.c
@ -59,8 +59,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
-void *
+void *pkcs11_malloc(size_t size)
 pkcs11_malloc(size_t size)
 {
 	void *p = OPENSSL_malloc(size);
 	memset(p, 0, size);
@ -71,8 +70,7 @@ pkcs11_malloc(size_t size)
 * so when strduping them we must make sure
 * we stop at the end of the buffer, and while we're
 * at it it's nice to remove the padding */
-char *
+char *pkcs11_strdup(char *mem, size_t size)
 pkcs11_strdup(char *mem, size_t size)
 {
 	char *res;
@ -87,8 +85,7 @@ pkcs11_strdup(char *mem, size_t size)
 /*
 * Dup memory
 */
-void *
+void *memdup(const void *src, size_t size)
 memdup(const void *src, size_t size)
 {
 	void *dst;
--- a/src/sslengines/p11_rsa.c
+++ b/src/sslengines/p11_rsa.c
@ -77,8 +77,7 @@ RSA_METHOD * pkcs11_get_rsa_method(void);
 /*
 * Get RSA key material
 */
-int
+int pkcs11_get_rsa_private(PKCS11_KEY * key, EVP_PKEY * pk)
 pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk)
 {
 	CK_BBOOL sensitive, extractable;
 	RSA *rsa;
@ -112,8 +111,7 @@ pkcs11_get_rsa_private(PKCS11_KEY *key, EVP_PKEY *pk)
 	return -1;
 }
-int
+int pkcs11_get_rsa_public(PKCS11_KEY * key, EVP_PKEY * pk)
 pkcs11_get_rsa_public(PKCS11_KEY *key, EVP_PKEY *pk)
 {
 	/* TBD */
 	return 0;
@ -175,7 +173,8 @@ pkcs11_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
 	 * by OpenSSL). The library assumes that the memory passed
 	 * by the caller is always big enough */
 	sigsize = BN_num_bytes(rsa->n);
-	rv = CRYPTOKI_call(ctx, C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize));
+	rv = CRYPTOKI_call(ctx,
 			   C_Sign(session, (CK_BYTE *) m, m_len, sigret, &sigsize));
 	if (rv)
 		goto fail;
@ -213,8 +212,7 @@ pkcs11_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 /*
 * Overload the default OpenSSL methods for RSA
 */
-RSA_METHOD *
+RSA_METHOD *pkcs11_get_rsa_method(void)
 pkcs11_get_rsa_method(void)
 {
 	static RSA_METHOD ops;
--- a/src/sslengines/p11_slot.c
+++ b/src/sslengines/p11_slot.c
@ -67,9 +67,7 @@ static void	pkcs11_destroy_token(PKCS11_TOKEN *);
 * Enumerate slots
 */
 int
-PKCS11_enumerate_slots(PKCS11_CTX *ctx,
+PKCS11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *countp)
 		PKCS11_SLOT **slotp,
 		unsigned int *countp)
 {
 	PKCS11_CTX_private *priv = PRIVCTX(ctx);
@ -82,8 +80,7 @@ PKCS11_enumerate_slots(PKCS11_CTX *ctx,
 		rv = priv->method->C_GetSlotList(FALSE, slotid, &nslots);
 		CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
-		slots = (PKCS11_SLOT *) pkcs11_malloc(nslots
+		slots = (PKCS11_SLOT *) pkcs11_malloc(nslots * sizeof(PKCS11_SLOT));
 					* sizeof(PKCS11_SLOT));
 		for (n = 0; n < nslots; n++) {
 			if (pkcs11_init_slot(ctx, &slots[n], slotid[n])) {
 				while (n--)
@ -104,8 +101,7 @@ PKCS11_enumerate_slots(PKCS11_CTX *ctx,
 /*
 * Find a slot with a token that looks "valuable"
 */
-PKCS11_SLOT *
+PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx)
 PKCS11_find_token(PKCS11_CTX *ctx)
 {
 	PKCS11_SLOT *slot_list, *slot, *best;
 	PKCS11_TOKEN *tok;
@ -130,8 +126,7 @@ PKCS11_find_token(PKCS11_CTX *ctx)
 /*
 * Open a session with this slot
 */
-int
+int PKCS11_open_session(PKCS11_SLOT * slot, int rw)
 PKCS11_open_session(PKCS11_SLOT *slot, int rw)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = SLOT2CTX(slot);
@ -143,8 +138,9 @@ PKCS11_open_session(PKCS11_SLOT *slot, int rw)
 	}
 	rv = CRYPTOKI_call(ctx,
 			   C_OpenSession(priv->id,
-		       	CKF_SERIAL_SESSION | (rw? CKF_RW_SESSION : 0),
+					 CKF_SERIAL_SESSION | (rw ? CKF_RW_SESSION :
-			NULL, NULL, &priv->session));
+							       0), NULL, NULL,
 					 &priv->session));
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_OPEN_SESSION, rv);
 	priv->haveSession = 1;
@ -154,8 +150,7 @@ PKCS11_open_session(PKCS11_SLOT *slot, int rw)
 /*
 * Authenticate with the card
 */
-int
+int PKCS11_login(PKCS11_SLOT * slot, int so, char *pin)
 PKCS11_login(PKCS11_SLOT *slot, int so, char *pin)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = priv->parent;
@ -188,8 +183,7 @@ PKCS11_login(PKCS11_SLOT *slot, int so, char *pin)
 /*
 * Log out
 */
-int
+int PKCS11_logout(PKCS11_SLOT * slot)
 PKCS11_logout(PKCS11_SLOT *slot)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = priv->parent;
@ -213,8 +207,7 @@ PKCS11_logout(PKCS11_SLOT *slot)
 /*
 * Initialize the token
 */
-int
+int PKCS11_init_token(PKCS11_TOKEN * token, char *pin, char *label)
 PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token));
 	PKCS11_CTX_private *cpriv;
@ -224,7 +217,8 @@ PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
 	if (!label)
 		label = "PKCS#11 Token";
 	rv = CRYPTOKI_call(ctx, C_InitToken(priv->id,
-				(CK_UTF8CHAR *) pin, strlen(pin), (CK_UTF8CHAR *) label));
+					    (CK_UTF8CHAR *) pin, strlen(pin),
 					    (CK_UTF8CHAR *) label));
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_INIT_TOKEN, rv);
 	cpriv = PRIVCTX(ctx);
@ -239,8 +233,7 @@ PKCS11_init_token(PKCS11_TOKEN *token, char *pin, char *label)
 /*
 * Set the User PIN
 */
-int
+int PKCS11_init_pin(PKCS11_TOKEN * token, char *pin)
 PKCS11_init_pin(PKCS11_TOKEN *token, char *pin)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(TOKEN2SLOT(token));
 	PKCS11_CTX *ctx = priv->parent;
@ -261,8 +254,7 @@ PKCS11_init_pin(PKCS11_TOKEN *token, char *pin)
 /*
 * Helper functions
 */
-int
+int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
 pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id)
 {
 	PKCS11_SLOT_private *priv;
 	CK_SLOT_INFO info;
@ -286,8 +278,7 @@ pkcs11_init_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot, CK_SLOT_ID id)
 	return 0;
 }
-void
+void pkcs11_destroy_all_slots(PKCS11_CTX * ctx)
 pkcs11_destroy_all_slots(PKCS11_CTX *ctx)
 {
 	PKCS11_CTX_private *priv = PRIVCTX(ctx);
@ -298,8 +289,7 @@ pkcs11_destroy_all_slots(PKCS11_CTX *ctx)
 	priv->nslots = -1;
 }
-void
+void pkcs11_destroy_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
@ -314,8 +304,7 @@ pkcs11_destroy_slot(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
 	memset(slot, 0, sizeof(*slot));
 }
-int
+int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
 {
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
 	PKCS11_TOKEN_private *tpriv;
@ -355,8 +344,7 @@ pkcs11_check_token(PKCS11_CTX *ctx, PKCS11_SLOT *slot)
 	return 0;
 }
-void
+void pkcs11_destroy_token(PKCS11_TOKEN * token)
 pkcs11_destroy_token(PKCS11_TOKEN *token)
 {
 	/* XXX destroy keys associated with this token */
 	OPENSSL_free(token->label);
--- a/src/sslengines/pkcs11-internal.h
+++ b/src/sslengines/pkcs11-internal.h
@ -87,12 +87,6 @@ ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
 *
 *  -	no support for any operations that alter the card,
 *  	i.e. readonly-login
 *
 * Rather than include the complete PKCS#11 type definition
 * header file here, I'm defining my own bunch of types,
 * leaving out those that are not needed.
 * I also hope that they will be more in line with OpenSSL
 * coding style.
 */
 /* PKCS11 key object (public or private) */
@ -158,8 +152,7 @@ extern int		PKCS11_login(PKCS11_SLOT *, int so, char *pin);
 extern int PKCS11_logout(PKCS11_SLOT *);
 /* Get a list of all keys associated with this token */
-extern int		PKCS11_enumerate_keys(PKCS11_TOKEN *,
+extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
 				PKCS11_KEY **, unsigned int *);
 /* Get the key type (as EVP_PKEY_XXX) */
 extern int PKCS11_get_key_type(PKCS11_KEY *);
@ -171,21 +164,17 @@ extern EVP_PKEY *	PKCS11_get_private_key(PKCS11_KEY *);
 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
 /* Get a list of all certificates associated with this token */
-extern int		PKCS11_enumerate_certs(PKCS11_TOKEN *,
+extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
 				PKCS11_CERT **, unsigned int *);
 /* Initialize a token */
-extern int		PKCS11_init_token(PKCS11_TOKEN *,
+extern int PKCS11_init_token(PKCS11_TOKEN *, char *pin, char *label);
 				char *pin, char *label);
 /* Initialize the user PIN on a token */
 extern int PKCS11_init_pin(PKCS11_TOKEN *, char *pin);
 /* Store various objects on the token */
-extern int		PKCS11_generate_key(PKCS11_TOKEN *, int,
+extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
-				unsigned int, char *);
+extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
 extern int		PKCS11_store_private_key(PKCS11_TOKEN *,
 				EVP_PKEY *, char *);
 /* Load PKCS11 error strings */
 extern void ERR_load_PKCS11_strings(void);
@ -240,8 +229,7 @@ typedef struct pkcs11_ctx_private {
 typedef struct pkcs11_slot_private {
 	PKCS11_CTX *parent;
-	unsigned char		haveSession,
+	unsigned char haveSession, loggedIn;
 				loggedIn;
 	CK_SLOT_ID id;
 	CK_SESSION_HANDLE session;
 } PKCS11_SLOT_private;
@ -333,8 +321,7 @@ extern void	pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t);
 extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long);
 extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *);
 extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
-extern void	pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int,
+extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
 			pkcs11_i2d_fn, void *);
 extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int);
 extern void *memdup(const void *, size_t);