1) fix compilier warnings on AIX, Solaris, HP, and Linux.

2) remove Dependency on low key structures in the soft token.

7 files changed, 151 insertions, 40 deletions

diff --git a/security/nss/lib/cryptohi/dsautil.c b/security/nss/lib/cryptohi/dsautil.c
index ed6f9cec8..a364ac302 100644
--- a/security/nss/lib/cryptohi/dsautil.c
+++ b/security/nss/lib/cryptohi/dsautil.c
@@ -66,7 +66,6 @@ DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
     unsigned char *pSrc = src->data;
     unsigned char *pDst = dest->data;
     unsigned int   cntSrc = src->len;
-    unsigned int   cntDst = dest->len;
     unsigned char  c;
 
     /* skip any leading zeros. */
diff --git a/security/nss/lib/cryptohi/key.h b/security/nss/lib/cryptohi/key.h
index 7e68cdb58..678beafd8 100644
--- a/security/nss/lib/cryptohi/key.h
+++ b/security/nss/lib/cryptohi/key.h
@@ -39,6 +39,5 @@
 #define _KEY_H_
 
 #include "keyhi.h"
-#include "keylow.h"
 
 #endif /* _KEY_H_ */
diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h
index 5b4bcbaa6..051591580 100644
--- a/security/nss/lib/cryptohi/keyhi.h
+++ b/security/nss/lib/cryptohi/keyhi.h
@@ -46,7 +46,7 @@
 #include "secdert.h"
 #include "keythi.h"
 #include "certt.h"
-#include "secpkcs5.h"
+/*#include "secpkcs5.h" */
 
 SEC_BEGIN_PROTOS
 
@@ -108,7 +108,7 @@ SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
 /*
  * create a new DH key pair. The private Key is returned...
  */
-SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(DHParams *param,
+SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param,
 					   SECKEYPublicKey **pubk, void *cx);
 /*
 ** Create a subject-public-key-info based on a public key.
diff --git a/security/nss/lib/cryptohi/keyt.h b/security/nss/lib/cryptohi/keyt.h
index f102c8a26..1b104b96a 100644
--- a/security/nss/lib/cryptohi/keyt.h
+++ b/security/nss/lib/cryptohi/keyt.h
@@ -38,9 +38,6 @@
 #ifndef _KEYT_H_
 #define _KEYT_H_
 
-#include "keytlow.h"
-#include "keytboth.h"
 #include "keythi.h"
-#include "keydbt.h"
 
 #endif /* _KEYT_H_ */
diff --git a/security/nss/lib/cryptohi/keythi.h b/security/nss/lib/cryptohi/keythi.h
index 27add7476..9191bd7ff 100644
--- a/security/nss/lib/cryptohi/keythi.h
+++ b/security/nss/lib/cryptohi/keythi.h
@@ -33,13 +33,129 @@
 #ifndef _KEYTHI_H_
 #define _KEYTHI_H_ 1
 
-#include "keytlow.h"
-#include "keytboth.h"
 #include "plarena.h"
 #include "pkcs11t.h"
 #include "secmodt.h"
 #include "prclist.h"
 
+typedef enum { 
+    nullKey = 0, 
+    rsaKey = 1, 
+    dsaKey = 2, 
+    fortezzaKey = 3,
+    dhKey = 4, 
+    keaKey = 5
+} KeyType;
+
+/*
+** Template Definitions
+**/
+extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
+extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
+
+/* Windows DLL accessor functions */
+extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_DSAPublicKeyTemplate;
+extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_RSAPublicKeyTemplate;
+
+
+/*
+** RSA Public Key structures
+** member names from PKCS#1, section 7.1 
+*/
+
+struct SECKEYRSAPublicKeyStr {
+    PRArenaPool * arena;
+    SECItem modulus;
+    SECItem publicExponent;
+};
+typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
+
+
+/*
+** DSA Public Key and related structures
+*/
+
+struct SECKEYPQGParamsStr {
+    PRArenaPool *arena;
+    SECItem prime;    /* p */
+    SECItem subPrime; /* q */
+    SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
+};
+typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
+
+struct SECKEYDSAPublicKeyStr {
+    SECKEYPQGParams params;
+    SECItem publicValue;
+};
+typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
+
+
+/*
+** Diffie-Hellman Public Key structure
+** Structure member names suggested by PKCS#3.
+*/
+struct SECKEYDHParamsStr {
+    PRArenaPool * arena;
+    SECItem prime; /* p */
+    SECItem base; /* g */
+};
+typedef struct SECKEYDHParamsStr SECKEYDHParams;
+
+struct SECKEYDHPublicKeyStr {
+    PRArenaPool * arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+};
+typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
+
+
+/*
+** FORTEZZA Public Key structures
+*/
+struct SECKEYFortezzaPublicKeyStr {
+    int      KEAversion;
+    int      DSSversion;
+    unsigned char    KMID[8];
+    SECItem clearance;
+    SECItem KEApriviledge;
+    SECItem DSSpriviledge;
+    SECItem KEAKey;
+    SECItem DSSKey;
+    SECKEYPQGParams params;
+    SECKEYPQGParams keaParams;
+};
+typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
+
+struct SECKEYDiffPQGParamsStr {
+    SECKEYPQGParams DiffKEAParams;
+    SECKEYPQGParams DiffDSAParams;
+};
+typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
+
+struct SECKEYPQGDualParamsStr {
+    SECKEYPQGParams CommParams;
+    SECKEYDiffPQGParams DiffParams;
+};
+typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
+
+struct SECKEYKEAParamsStr {
+    PLArenaPool *arena;
+    SECItem hash;
+};
+typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
+ 
+struct SECKEYKEAPublicKeyStr {
+    SECKEYKEAParams params;
+    SECItem publicValue;
+};
+typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
+
 /*
 ** A Generic  public key object.
 */
@@ -49,11 +165,11 @@ struct SECKEYPublicKeyStr {
     PK11SlotInfo *pkcs11Slot;
     CK_OBJECT_HANDLE pkcs11ID;
     union {
-        RSAPublicKey rsa;
-	DSAPublicKey dsa;
-	DHPublicKey  dh;
-        KEAPublicKey kea;
-        FortezzaPublicKey fortezza;
+        SECKEYRSAPublicKey rsa;
+	SECKEYDSAPublicKey dsa;
+	SECKEYDHPublicKey  dh;
+        SECKEYKEAPublicKey kea;
+        SECKEYFortezzaPublicKey fortezza;
     } u;
 };
 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
@@ -92,3 +208,4 @@ typedef struct {
 } SECKEYPrivateKeyList;
 
 #endif /* _KEYTHI_H_ */
+
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
index 142d14c57..b486e7352 100644
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -77,10 +77,10 @@ const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[] = {
 };
 
 const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
-    { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
     { 0, }
 };
 
@@ -99,32 +99,32 @@ const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
 };
 
 const SEC_ASN1Template SECKEY_FortezzaParameterTemplate[] = {
-    { SEC_ASN1_SEQUENCE,  0, NULL, sizeof(PQGParams) },
-    { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,prime), },
-    { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,subPrime), },
-    { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,base), },
+    { SEC_ASN1_SEQUENCE,  0, NULL, sizeof(SECKEYPQGParams) },
+    { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,prime), },
+    { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,subPrime), },
+    { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPQGParams,base), },
     { 0 },
 };
  
 const SEC_ASN1Template SECKEY_FortezzaDiffParameterTemplate[] = {
-    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DiffPQGParams) },
-    { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffKEAParams), 
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYDiffPQGParams) },
+    { SEC_ASN1_INLINE, offsetof(SECKEYDiffPQGParams,DiffKEAParams), 
                        SECKEY_FortezzaParameterTemplate},
-    { SEC_ASN1_INLINE, offsetof(DiffPQGParams,DiffDSAParams), 
+    { SEC_ASN1_INLINE, offsetof(SECKEYDiffPQGParams,DiffDSAParams), 
                        SECKEY_FortezzaParameterTemplate},
     { 0 },
 };
 
 const SEC_ASN1Template SECKEY_FortezzaPreParamTemplate[] = {
     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(PQGDualParams,CommParams),
+      SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(SECKEYPQGDualParams,CommParams),
                 SECKEY_FortezzaParameterTemplate},
     { 0, }
 };
 
 const SEC_ASN1Template SECKEY_FortezzaAltPreParamTemplate[] = {
     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
-      SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(PQGDualParams,DiffParams),
+      SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(SECKEYPQGDualParams,DiffParams),
                 SECKEY_FortezzaDiffParameterTemplate},
     { 0, }
 };
@@ -139,6 +139,10 @@ const SEC_ASN1Template SECKEY_KEAParamsTemplate[] = {
     { 0, }
 };
 
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate)
+
+
 /* Create an RSA key pair is any slot able to do so.
 ** The created keys are "session" (temporary), not "token" (permanent), 
 ** and they are "sensitive", which makes them costly to move to another token.
@@ -167,7 +171,7 @@ SECKEY_CreateRSAPrivateKey(int keySizeInBits,SECKEYPublicKey **pubk, void *cx)
 ** creating a "sensitive" key if necessary.
 */
 SECKEYPrivateKey *
-SECKEY_CreateDHPrivateKey(DHParams *param, SECKEYPublicKey **pubk, void *cx)
+SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *cx)
 {
     SECKEYPrivateKey *privk;
     PK11SlotInfo *slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,cx);
@@ -228,7 +232,7 @@ SECKEY_CopySubjectPublicKeyInfo(PRArenaPool *arena,
 }
 
 SECStatus
-SECKEY_KEASetParams(KEAParams * params, SECKEYPublicKey * pubKey) {
+SECKEY_KEASetParams(SECKEYKEAParams * params, SECKEYPublicKey * pubKey) {
 
     if (pubKey->keyType == fortezzaKey) {
         /* the key is a fortezza V1 public key  */
@@ -259,16 +263,12 @@ SECKEY_KEAParamCompare(CERTCertificate *cert1,CERTCertificate *cert2)
 {
 
     SECStatus rv;
-    SECOidData *oid=NULL;
-    CERTSubjectPublicKeyInfo * subjectSpki=NULL;
-    CERTSubjectPublicKeyInfo * issuerSpki=NULL;
-    CERTCertificate *issuerCert = NULL;
 
     SECKEYPublicKey *pubKey1 = 0;
     SECKEYPublicKey *pubKey2 = 0;
 
-    KEAParams params1;
-    KEAParams params2;
+    SECKEYKEAParams params1;
+    SECKEYKEAParams params2;
 
 
     rv = SECFailure;
@@ -486,7 +486,7 @@ SECStatus
 SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
                               SECItem *params) {
         SECStatus rv;
-	PQGDualParams dual_params;
+	SECKEYPQGDualParams dual_params;
 
     if (params == NULL) return SECFailure; 
     
@@ -607,7 +607,7 @@ SECKEY_FortezzaDecodePQGtoOld(PRArenaPool *arena, SECKEYPublicKey *pubk,
 SECStatus
 SECKEY_DSADecodePQG(PRArenaPool *arena, SECKEYPublicKey *pubk, SECItem *params) {
         SECStatus rv;
-	PQGDualParams dual_params;
+	SECKEYPQGDualParams dual_params;
 
     if (params == NULL) return SECFailure; 
     
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c
index a7c41b3b9..bf63dd070 100644
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -195,9 +195,9 @@ decodeSigAlg(SECOidTag alg, SECOidTag *hashalg)
       /* we don't implement MD4 hashes */
       case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
       default:
-        return SECFailure;
+        break;
     }
-    PR_ASSERT(PR_FALSE); /* shouldn't get here */
+    return SECFailure;
 }
 
 VFYContext *
@@ -322,7 +322,6 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
     unsigned char final[32];
     unsigned part;
     SECItem hash,dsasig;
-    unsigned char *digest;
     SECStatus rv;
 
     if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {