diff options
author | rrelyea%redhat.com <devnull@localhost> | 2008-06-27 21:01:48 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2008-06-27 21:01:48 +0000 |
commit | 29b31d7e4f14caceb135eecdc9368ad9f2683e96 (patch) | |
tree | c5f8683a146723a7ed9815234221baf06eabd425 | |
parent | 5a54fc9f742f80f6f2202fafe3257c32103c9b80 (diff) | |
download | nss-hg-29b31d7e4f14caceb135eecdc9368ad9f2683e96.tar.gz |
Bug 438876
signtool is still using static libraries
r=wtc
also addresses review comments 2 and 3.
-rw-r--r-- | security/nss/cmd/signtool/certgen.c | 18 | ||||
-rw-r--r-- | security/nss/cmd/signtool/manifest.mn | 2 | ||||
-rw-r--r-- | security/nss/cmd/signtool/sign.c | 40 | ||||
-rw-r--r-- | security/nss/cmd/signtool/util.c | 19 |
4 files changed, 26 insertions, 53 deletions
diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index d2553afed..453118720 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -514,22 +514,22 @@ install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname) CERTCertificate * newcert; PK11SlotInfo * newSlot; - newcert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL); - if (newcert == NULL) { - PR_fprintf(errorFD, "%s: can't create new certificate\n", - PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - newSlot = PK11_ImportCertForKey(newcert, nickname, NULL /*wincx*/); + newSlot = PK11_ImportDERCertForKey(derCert, nickname, NULL /*wincx*/); if ( newSlot == NULL ) { PR_fprintf(errorFD, "Unable to install certificate\n"); errorCount++; exit(ERRX); } + + newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, NULL /*wincx*/); PK11_FreeSlot(newSlot); + if (newcert == NULL) { + PR_fprintf(errorFD, "%s: can't find new certificate\n", + PROGRAM_NAME); + errorCount++; + exit (ERRX); + } if (verbosity >= 0) { PR_fprintf(outputFD, "certificate \"%s\" added to database\n", diff --git a/security/nss/cmd/signtool/manifest.mn b/security/nss/cmd/signtool/manifest.mn index a7c1975dd..497cf714c 100644 --- a/security/nss/cmd/signtool/manifest.mn +++ b/security/nss/cmd/signtool/manifest.mn @@ -56,6 +56,4 @@ REQUIRES = dbm seccmd DEFINES += -DNSPR20 -USE_STATIC_LIBS = 1 - EXTRA_LIBS = $(JAR_LIBS) diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c index 3055a6692..4ad27dff1 100644 --- a/security/nss/cmd/signtool/sign.c +++ b/security/nss/cmd/signtool/sign.c @@ -325,22 +325,11 @@ create_pk7 (char *dir, char *keyName, int *keyType) static int jar_find_key_type (CERTCertificate *cert) { - PK11SlotInfo * slot = NULL; SECKEYPrivateKey * privk = NULL; KeyType keyType; /* determine its type */ - PK11_FindObjectForCert (cert, /*wincx*/ NULL, &slot); - - if (slot == NULL) { - PR_fprintf(errorFD, "warning - can't find slot for this cert\n"); - warningCount++; - return 0; - } - - privk = PK11_FindPrivateKeyFromCert (slot, cert, /*wincx*/ NULL); - PK11_FreeSlot (slot); - + privk = PK11_FindKeyByAnyCert (cert, /*wincx*/ NULL); if (privk == NULL) { PR_fprintf(errorFD, "warning - can't find private key for this cert\n"); warningCount++; @@ -844,11 +833,7 @@ calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig) int num; int range; unsigned char *buf; - - MD5Context * md5 = 0; - SHA1Context * sha1 = 0; - - unsigned int sha1_length, md5_length; + SECStatus rv; range = r2 - r1; @@ -866,28 +851,17 @@ calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig) exit (ERRX); } - md5 = MD5_NewContext(); - sha1 = SHA1_NewContext(); - - if (md5 == NULL || sha1 == NULL) { + rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range); + if (rv == SECSuccess) { + rv =PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range); + } + if (rv != SECSuccess) { PR_fprintf(errorFD, "%s: can't generate digest context\n", PROGRAM_NAME); errorCount++; exit (ERRX); } - MD5_Begin (md5); - SHA1_Begin (sha1); - - MD5_Update (md5, buf, range); - SHA1_Update (sha1, buf, range); - - MD5_End (md5, dig->md5, &md5_length, MD5_LENGTH); - SHA1_End (sha1, dig->sha1, &sha1_length, SHA1_LENGTH); - - MD5_DestroyContext (md5, PR_TRUE); - SHA1_DestroyContext (sha1, PR_TRUE); - PORT_Free (buf); return 0; diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 1638b7580..e552a8017 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -831,15 +831,7 @@ JarListModules(void) SECMODModuleList * mlp; - modules = SECMOD_GetDefaultModuleList(); - - if (modules == NULL) { - PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME); - errorCount++; - exit (ERRX); - } - - if ((moduleLock = SECMOD_NewListLock()) == NULL) { + if ((moduleLock = SECMOD_GetDefaultModuleListLock()) == NULL) { /* this is the wrong text */ PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n", PROGRAM_NAME); @@ -849,6 +841,15 @@ JarListModules(void) SECMOD_GetReadLock (moduleLock); + modules = SECMOD_GetDefaultModuleList(); + + if (modules == NULL) { + SECMOD_ReleaseReadLock (moduleLock); + PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME); + errorCount++; + exit (ERRX); + } + PR_fprintf(outputFD, "\nListing of PKCS11 modules\n"); PR_fprintf(outputFD, "-----------------------------------------------\n"); |