Fix for 223494 - cmsutil signing does not work with hardware tokens. r=wtc, relyea

1 files changed, 17 insertions, 24 deletions

diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c
index da40649d4..a1831255f 100644
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -64,6 +64,10 @@
 extern void SEC_Init(void);		/* XXX */
 char *progName = NULL;
 static int cms_verbose = 0;
+static secuPWData pwdata = { PW_NONE, 0 };
+static PK11PasswordFunc pwcb = NULL;
+static void *pwcb_arg = NULL;
+
 
 /* XXX stolen from cmsarray.c
  * nss_CMSArray_Count - count number of elements in array
@@ -204,18 +208,7 @@ decode(FILE *out, SECItem *output, SECItem *input,
     SECOidTag typetag;
     SECItem **digests;
     PLArenaPool *poolp;
-    PK11PasswordFunc pwcb;
-    void *pwcb_arg;
     SECItem *item, sitem = { 0, 0, 0 };
-    secuPWData pwdata = { PW_NONE, 0 };
-
-    if (decodeOptions->options->password)
-    {
-        pwdata.source = PW_PLAINTEXT;
-        pwdata.data = decodeOptions->options->password;
-    }
-    pwcb = SECU_GetModulePassword;
-    pwcb_arg = (void *)&pwdata;
 
     if (decodeOptions->contentFile) {
 	/* detached content: grab content file */
@@ -415,7 +408,7 @@ signed_data(struct signOptionsStr *signOptions)
                                          signOptions->nickname,
                                          signOptions->options->certUsage,
                                          PR_FALSE,
-                                         NULL)) == NULL) {
+                                         &pwdata)) == NULL) {
 	SECU_PrintError(progName, 
 	                "the corresponding cert for key \"%s\" does not exist",
 	                signOptions->nickname);
@@ -519,7 +512,7 @@ signed_data(struct signOptionsStr *signOptions)
                                               signOptions->nickname,
                                               certUsageEmailRecipient,
                                               PR_FALSE,
-                                              NULL)) == NULL) {
+                                              &pwdata)) == NULL) {
                 SECU_PrintError(progName, 
                          "the corresponding cert for key \"%s\" does not exist",
                          signOptions->encryptionKeyPreferenceNick);
@@ -551,7 +544,7 @@ signed_data(struct signOptionsStr *signOptions)
 	if ((ekpcert = CERT_FindUserCertByUsage(
                                      signOptions->options->certHandle, 
 	                             signOptions->encryptionKeyPreferenceNick,
-                                     certUsageEmailRecipient, PR_FALSE, NULL))
+                                     certUsageEmailRecipient, PR_FALSE, &pwdata))
 	      == NULL) {
 	    SECU_PrintError(progName, 
 	               "the corresponding cert for key \"%s\" does not exist",
@@ -959,8 +952,6 @@ main(int argc, char **argv)
     PLOptState *optstate;
     PLOptStatus status;
     Mode mode = UNKNOWN;
-    PK11PasswordFunc pwcb;
-    void *pwcb_arg;
     struct decodeOptionsStr decodeOptions = { 0 };
     struct signOptionsStr signOptions = { 0 };
     struct envelopeOptionsStr envelopeOptions = { 0 };
@@ -1250,6 +1241,16 @@ main(int argc, char **argv)
     if (cms_verbose) {
 	fprintf(stderr, "Got default certdb\n");
     }
+    if (options.password)
+    {
+    	pwdata.source = PW_PLAINTEXT;
+    	pwdata.data = options.password;
+    }
+    pwcb = SECU_GetModulePassword;
+    pwcb_arg = (void *)&pwdata;
+
+    PK11_SetPasswordFunc(&SECU_GetModulePassword);
+
 
 #if defined(_WIN32)
     if (outFile == stdout) {
@@ -1378,14 +1379,6 @@ main(int argc, char **argv)
 	    exit(1);
 	}
 
-	if (options.password)
-	{
-    	    pwdata.source = PW_PLAINTEXT;
-    	    pwdata.data = options.password;
-	}
-	pwcb = SECU_GetModulePassword;
-	pwcb_arg = (void *)&pwdata;
-
 	if (cms_verbose) {
 	    fprintf(stderr, "cmsg [%p]\n", cmsg);
 	    fprintf(stderr, "arena [%p]\n", arena);