8 files changed, 69 insertions, 37 deletions
diff --git a/security/nss/lib/fortcrypt/forsock.c b/security/nss/lib/fortcrypt/forsock.c
index 39a4f0420..eb4d5ef87 100644
--- a/security/nss/lib/fortcrypt/forsock.c
+++ b/security/nss/lib/fortcrypt/forsock.c
@@ -519,10 +519,10 @@ extern PRBool fort11_FortezzaIsUserCert(unsigned char *label);
 
 static int
 GetValidPersonality (FortezzaSocket *inSocket) {
-    int index;
+    int index = -1; /* return an invalid personalidyt if one isn't found */
     int i;
     PRBool unLoadList = PR_FALSE;
-    int numPersonalities;
+    int numPersonalities = 0;
 
     if (!inSocket->personalitiesLoaded) {
         numPersonalities = inSocket->numPersonalities;
@@ -553,7 +553,7 @@ int RestoreState (FortezzaContext *inContext, CryptoType inType) {
     FortezzaSocket *socket = inContext->fortezzaSocket;
     HSESSION        hs     = socket->maciSession; 
     CI_IV           bogus_iv;
-    int             rv, cryptoType;
+    int             rv, cryptoType = -1;
     int             personality = inContext->fortezzaKey->id;
 
     if (key == NULL)
@@ -593,6 +593,7 @@ int RestoreState (FortezzaContext *inContext, CryptoType inType) {
     if (rv != CI_OK) {
         return SOCKET_FAILURE;
     }
+    /*PORT_Assert(cryptoType != -1); */
 
     rv = MACI_Restore(hs, cryptoType, inContext->cardState);
     if (rv != CI_OK) {
diff --git a/security/nss/lib/fortcrypt/fortpk11.c b/security/nss/lib/fortcrypt/fortpk11.c
index 076db666e..409b98db7 100644
--- a/security/nss/lib/fortcrypt/fortpk11.c
+++ b/security/nss/lib/fortcrypt/fortpk11.c
@@ -59,10 +59,16 @@
 #include <ctype.h>
 #include <stdio.h>
 #endif
+
+/* sigh */
+extern int sprintf(char *out, char *fmt, ...);
+
 #ifdef XP_MAC 
 #ifndef __POWERPC__
 #include <A4Stuff.h>
 #endif
+
+
 /* This is not a 4.0 project, so I can't depend on
  * 4.0 defines, so instead I depend on CodeWarrior 
  * defines.  I define XP_MAC in fpkmem.h
@@ -238,7 +244,7 @@ fort11_FreeFortezzaKey (void *inFortezzaKey) {
 
 static void
 fort11_DestroySlotObjects (PK11Slot *slot, PK11Session *session) {
-    PK11Object *currObject, *nextObject, *oldObject;
+    PK11Object *currObject, *nextObject = NULL, *oldObject;
     int i;
 
     for (i=0; i<HASH_SIZE; i++) {
@@ -2165,9 +2171,9 @@ PR_PUBLIC_API(CK_RV) C_GetTokenInfo(CK_SLOT_ID        slotID,
     }
 
 #ifdef SWFORT
-    sprintf (tmp, "Software FORTEZZA Slot #%d", slotID);
+    sprintf (tmp, "Software FORTEZZA Slot #%d", (int) slotID);
 #else
-    sprintf (tmp, "FORTEZZA Slot #%d", slotID);
+    sprintf (tmp, "FORTEZZA Slot #%d", (int) slotID);
 #endif
     
     PORT_Memcpy (pInfo->label, tmp, PORT_Strlen(tmp)+1);
diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c b/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
index 3767547f8..e3b854f3d 100644
--- a/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
+++ b/security/nss/lib/fortcrypt/swfort/pkcs11/stub.c
@@ -272,7 +272,7 @@ PR_IMPLEMENT(PRLock *)
 PR_NewLock(void) {
 	PRLock *lock = NULL;
 
-	FMUTEX_Create(&lock);
+	FMUTEX_Create((void **)&lock);
 
 	/* if we don't have a lock, FMUTEX can deal with things */
 	if (lock == NULL) lock=(PRLock *) 1;
diff --git a/security/nss/lib/fortcrypt/swfort/swflib.c b/security/nss/lib/fortcrypt/swfort/swflib.c
index cc4647006..c7970ddd0 100644
--- a/security/nss/lib/fortcrypt/swfort/swflib.c
+++ b/security/nss/lib/fortcrypt/swfort/swflib.c
@@ -43,7 +43,7 @@
 #include "prio.h"
 
 #include "swforti.h"
-#include "keytlow.h"
+/*#include "keytlow.h"*/
 /* #include "dh.h" */
 #include "blapi.h"
 #include "maci.h"
@@ -51,7 +51,7 @@
 /* #include "hasht.h" */
 #include "secitem.h"
 #include "secrng.h"
-#include "keylow.h"
+/*#include "keylow.h" */
 #include "secder.h"
 
 #ifdef XP_UNIX
@@ -403,7 +403,7 @@ int
 MACI_GenerateTEK(HSESSION hSession, int flags, int target, 
      CI_RA CI_FAR Ra, CI_RA CI_FAR Rb, unsigned int YSize, CI_Y CI_FAR pY )
 {
-    SECKEYLowPrivateKey *key 		= NULL;
+    FORTEZZAPrivateKey *key 		= NULL;
     fortSlotEntry *      certEntry;
     unsigned char *      w		= NULL;
     SECItem              *q;
@@ -430,7 +430,7 @@ MACI_GenerateTEK(HSESSION hSession, int flags, int target,
     /* get the cert from the entry, then look up the key from that cert */
     certEntry = fort_GetCertEntry(swtoken->config_file,swtoken->certIndex);
     if (certEntry == NULL) return CI_INV_CERT_INDEX;
-    key = fort_GetPrivKey(swtoken,dhKey,certEntry);
+    key = fort_GetPrivKey(swtoken,fortezzaDHKey,certEntry);
     if (key == NULL) return CI_NO_X; 
 
     if (certEntry->exchangeKeyInformation) {
@@ -512,7 +512,7 @@ MACI_GenerateTEK(HSESSION hSession, int flags, int target,
     ret = CI_OK;
 loser:
     if (w) PORT_Free(w);
-    if (key) SECKEY_LowDestroyPrivateKey(key);
+    if (key) fort_DestroyPrivateKey(key);
     
     return ret;
 }
@@ -903,7 +903,7 @@ MACI_SetPersonality(HSESSION session, int cert)
 int
 MACI_Sign(HSESSION session, CI_HASHVALUE CI_FAR hash, CI_SIGNATURE CI_FAR sig)
 {
-    SECKEYLowPrivateKey *key 		= NULL;
+    FORTEZZAPrivateKey *key 		= NULL;
     fortSlotEntry *      certEntry	= NULL;
     int                  ret 		= CI_OK;
     SECStatus            rv;
@@ -922,7 +922,7 @@ MACI_Sign(HSESSION session, CI_HASHVALUE CI_FAR hash, CI_SIGNATURE CI_FAR sig)
 
     /* extract the private key from the personality */
     ret = CI_OK;
-    key = fort_GetPrivKey(swtoken,dsaKey,certEntry);
+    key = fort_GetPrivKey(swtoken,fortezzaDSAKey,certEntry);
     if (key == NULL) {
 	ret = CI_NO_X;
 	goto loser;
@@ -946,7 +946,7 @@ MACI_Sign(HSESSION session, CI_HASHVALUE CI_FAR hash, CI_SIGNATURE CI_FAR sig)
 
     /* clean up */
 loser:
-    if (key != NULL) SECKEY_LowDestroyPrivateKey(key);
+    if (key != NULL) fort_DestroyPrivateKey(key);
 
     return ret;
 }
diff --git a/security/nss/lib/fortcrypt/swfort/swforti.h b/security/nss/lib/fortcrypt/swfort/swforti.h
index c2156e2fc..bcc07ee62 100644
--- a/security/nss/lib/fortcrypt/swfort/swforti.h
+++ b/security/nss/lib/fortcrypt/swfort/swforti.h
@@ -94,13 +94,14 @@ int fort_GetCertCount(FORTSWFile *file);
 SECStatus fort_CopyUnsigned(PRArenaPool *arena, SECItem *to, const SECItem *from);
 
 /*
- * NOTE: these keys do not have the public values, and cannot be used to
- * extract the public key from the private key. Since we never do this in
- * this code, and this function is private, we're reasonably safe (as long as
- * any of your callees do not try to extract the public value as well).
- * Also -- the token must be logged in before this function is called.
+ * return the private key based on the token and entry.
  */
-SECKEYLowPrivateKey * fort_GetPrivKey(FORTSWToken *token,KeyType keyType,fortSlotEntry *certEntry);
+FORTEZZAPrivateKey *fort_GetPrivKey(FORTSWToken *token,FORTEZZAKeyType keyType,fortSlotEntry *certEntry);
+
+/*
+ * Free the key acquired above.
+ */
+void fort_DestroyPrivateKey(FORTEZZAPrivateKey *key);
 
 /*
  * find a particulare certificate entry from the config
diff --git a/security/nss/lib/fortcrypt/swfort/swfortti.h b/security/nss/lib/fortcrypt/swfort/swfortti.h
index 2e6df4250..0fd2d0e34 100644
--- a/security/nss/lib/fortcrypt/swfort/swfortti.h
+++ b/security/nss/lib/fortcrypt/swfort/swfortti.h
@@ -43,9 +43,32 @@
 #include "seccomon.h"
 #include "mcom_db.h"  /* really should be included by certt.h */
 #include "certt.h"
-#include "keyt.h"
+/*#include "keyt.h"*/
+#include "blapit.h"
 #include "swfortt.h"
 
+
+typedef enum { 
+    fortezzaDSAKey = 0, 
+    fortezzaDHKey = 1
+} FORTEZZAKeyType;
+
+/*
+** Low Level private key object
+** This is only used by the raw Crypto engines (crypto), keydb (keydb),
+** and PKCS #11. Everyone else uses the high level key structure.
+*/
+struct FORTEZZAPrivateKeyStr {
+    PLArenaPool *arena;
+    FORTEZZAKeyType keyType;
+    union {
+	DSAPrivateKey dsa;
+	DHPrivateKey  dh;
+    } u;
+};
+typedef struct FORTEZZAPrivateKeyStr FORTEZZAPrivateKey;
+
+
 /* the following parameters are tunable. The bigger the key registers are,
  * the less likely the PKCS #11 module will thrash. */
 #define KEY_REGISTERS	100
diff --git a/security/nss/lib/fortcrypt/swfort/swfparse.c b/security/nss/lib/fortcrypt/swfort/swfparse.c
index e7ad6ffb6..4422cb18a 100644
--- a/security/nss/lib/fortcrypt/swfort/swfparse.c
+++ b/security/nss/lib/fortcrypt/swfort/swfparse.c
@@ -513,14 +513,7 @@ SECItem *
 FORT_PutSWFile(FORTSignedSWFile *sw_init_file)
 {
     SECItem *outBits, *tmpBits;
-    PRArenaPool *arena = NULL;
-
-
-    /* get the local arena... be sure to free this at the end */
-    /* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); */
-    /* if (arena == NULL) goto fail; */
 
-    /*outBits = (SECItem *) PORT_ArenaZAlloc(arena,sizeof(SECItem)); */
     outBits = PORT_ZNew(SECItem);
     if (outBits == NULL) goto fail;
 
diff --git a/security/nss/lib/fortcrypt/swfort/swfutl.c b/security/nss/lib/fortcrypt/swfort/swfutl.c
index 9ffb35ced..f6927c841 100644
--- a/security/nss/lib/fortcrypt/swfort/swfutl.c
+++ b/security/nss/lib/fortcrypt/swfort/swfutl.c
@@ -57,7 +57,7 @@
 /* no platform seem to agree on where this function is defined */
 static char *local_index(char *source, char target) {
    while ((*source != target) && (*source != 0)) {
-	*source++;
+	source++;
    }
    return (*source != 0) ? source : NULL;
 }
@@ -203,24 +203,25 @@ fort_CopyUnsigned(PRArenaPool *arena, SECItem *to, const SECItem *from)
  * any of your callees do not try to extract the public value as well).
  * Also -- the token must be logged in before this function is called.
  */
-SECKEYLowPrivateKey *
-fort_GetPrivKey(FORTSWToken *token,KeyType keyType,fortSlotEntry *certEntry)
+FORTEZZAPrivateKey *
+fort_GetPrivKey(FORTSWToken *token,FORTEZZAKeyType keyType,
+						fortSlotEntry *certEntry)
 {
-    SECKEYLowPrivateKey *returnKey = NULL;
+    FORTEZZAPrivateKey *returnKey = NULL;
     SECStatus rv = SECFailure;
     PRArenaPool *poolp;
-    fortKeyInformation *keyInfo;
+    fortKeyInformation *keyInfo = NULL;
     unsigned char *keyData;
     int len, ret;
 
 
     /* select the right keyinfo */
     switch (keyType) {
-    case dsaKey:
+    case fortezzaDSAKey:
 	keyInfo = certEntry->signatureKeyInformation;
 	if (keyInfo ==  NULL) keyInfo = certEntry->exchangeKeyInformation;
 	break;
-    case dhKey:
+    case fortezzaDHKey:
 	keyInfo = certEntry->exchangeKeyInformation;
 	if (keyInfo == NULL) keyInfo = certEntry->signatureKeyInformation;
 	break;
@@ -234,7 +235,7 @@ fort_GetPrivKey(FORTSWToken *token,KeyType keyType,fortSlotEntry *certEntry)
 	return NULL;
     }
 
-    returnKey = (SECKEYLowPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(SECKEYLowPrivateKey));
+    returnKey = (FORTEZZAPrivateKey*)PORT_ArenaZAlloc(poolp, sizeof(FORTEZZAPrivateKey));
     if(!returnKey) {
 	rv = SECFailure;
 	goto loser;
@@ -303,6 +304,13 @@ loser:
 }
 
 
+void
+fort_DestroyPrivateKey(FORTEZZAPrivateKey *key)
+{
+    if (key && key->arena) {
+	PORT_FreeArena(key->arena, PR_TRUE);
+    }
+}
 
 /*
  * find a particulare certificate entry from the config