Bug 438876

signtool is still using static libraries

r=wtc
also addresses review comments 2 and 3.

4 files changed, 26 insertions, 53 deletions

diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c
index d2553afed..453118720 100644
--- a/security/nss/cmd/signtool/certgen.c
+++ b/security/nss/cmd/signtool/certgen.c
@@ -514,22 +514,22 @@ install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname)
     CERTCertificate * newcert;
     PK11SlotInfo * newSlot;
 
-    newcert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
 
-    if (newcert == NULL) {
-	PR_fprintf(errorFD, "%s: can't create new certificate\n",
-	     PROGRAM_NAME);
-	errorCount++;
-	exit (ERRX);
-    }
-
-    newSlot = PK11_ImportCertForKey(newcert, nickname, NULL /*wincx*/);
+    newSlot = PK11_ImportDERCertForKey(derCert, nickname, NULL /*wincx*/);
     if ( newSlot == NULL ) {
 	PR_fprintf(errorFD, "Unable to install certificate\n");
 	errorCount++;
 	exit(ERRX);
     }
+
+    newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, NULL /*wincx*/);
     PK11_FreeSlot(newSlot);
+    if (newcert == NULL) {
+	PR_fprintf(errorFD, "%s: can't find new certificate\n",
+	     PROGRAM_NAME);
+	errorCount++;
+	exit (ERRX);
+    }
 
     if (verbosity >= 0) {
 	PR_fprintf(outputFD, "certificate \"%s\" added to database\n",
diff --git a/security/nss/cmd/signtool/manifest.mn b/security/nss/cmd/signtool/manifest.mn
index a7c1975dd..497cf714c 100644
--- a/security/nss/cmd/signtool/manifest.mn
+++ b/security/nss/cmd/signtool/manifest.mn
@@ -56,6 +56,4 @@ REQUIRES = dbm seccmd
 
 DEFINES += -DNSPR20
 
-USE_STATIC_LIBS = 1
-
 EXTRA_LIBS = $(JAR_LIBS)
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 3055a6692..4ad27dff1 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -325,22 +325,11 @@ create_pk7 (char *dir, char *keyName, int *keyType)
 static int	
 jar_find_key_type (CERTCertificate *cert)
 {
-    PK11SlotInfo * slot = NULL;
     SECKEYPrivateKey * privk = NULL;
     KeyType keyType;
 
     /* determine its type */
-    PK11_FindObjectForCert (cert, /*wincx*/ NULL, &slot);
-
-    if (slot == NULL) {
-	PR_fprintf(errorFD, "warning - can't find slot for this cert\n");
-	warningCount++;
-	return 0;
-    }
-
-    privk = PK11_FindPrivateKeyFromCert (slot, cert, /*wincx*/ NULL);
-    PK11_FreeSlot (slot);
-
+    privk = PK11_FindKeyByAnyCert (cert, /*wincx*/ NULL);
     if (privk == NULL) {
 	PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
 	warningCount++;
@@ -844,11 +833,7 @@ calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig)
     int	num;
     int	range;
     unsigned char	*buf;
-
-    MD5Context * md5 = 0;
-    SHA1Context * sha1 = 0;
-
-    unsigned int	sha1_length, md5_length;
+    SECStatus rv;
 
     range = r2 - r1;
 
@@ -866,28 +851,17 @@ calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig)
 	exit (ERRX);
     }
 
-    md5 = MD5_NewContext();
-    sha1 = SHA1_NewContext();
-
-    if (md5 == NULL || sha1 == NULL) {
+    rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range);
+    if (rv == SECSuccess) {
+	rv =PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
+    }
+    if (rv != SECSuccess) {
 	PR_fprintf(errorFD, "%s: can't generate digest context\n",
 	     PROGRAM_NAME);
 	errorCount++;
 	exit (ERRX);
     }
 
-    MD5_Begin (md5);
-    SHA1_Begin (sha1);
-
-    MD5_Update (md5, buf, range);
-    SHA1_Update (sha1, buf, range);
-
-    MD5_End (md5, dig->md5, &md5_length, MD5_LENGTH);
-    SHA1_End (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
-
-    MD5_DestroyContext (md5, PR_TRUE);
-    SHA1_DestroyContext (sha1, PR_TRUE);
-
     PORT_Free (buf);
 
     return 0;
diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c
index 1638b7580..e552a8017 100644
--- a/security/nss/cmd/signtool/util.c
+++ b/security/nss/cmd/signtool/util.c
@@ -831,15 +831,7 @@ JarListModules(void)
 
     SECMODModuleList * mlp;
 
-    modules = SECMOD_GetDefaultModuleList();
-
-    if (modules == NULL) {
-	PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
-	errorCount++;
-	exit (ERRX);
-    }
-
-    if ((moduleLock = SECMOD_NewListLock()) == NULL) {
+    if ((moduleLock = SECMOD_GetDefaultModuleListLock()) == NULL) {
 	/* this is the wrong text */
 	PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
 	     		PROGRAM_NAME);
@@ -849,6 +841,15 @@ JarListModules(void)
 
     SECMOD_GetReadLock (moduleLock);
 
+    modules = SECMOD_GetDefaultModuleList();
+
+    if (modules == NULL) {
+	SECMOD_ReleaseReadLock (moduleLock);
+	PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
+	errorCount++;
+	exit (ERRX);
+    }
+
     PR_fprintf(outputFD, "\nListing of PKCS11 modules\n");
     PR_fprintf(outputFD, "-----------------------------------------------\n");