Bug 337797, Can't send signed email as the first crypto operation in FIPS mode

r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@200609 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/manager/ssl/src/nsCMSSecureMessage.cpp

@@ -177,6 +177,7 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
   SECItem output;
   PLArenaPool *arena = PORT_NewArena(1024);
   SECStatus s;
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
 
   /* Step 0. Create a CMS Message */
   cmsMsg = NSS_CMSMessage_Create(NULL);
@@ -254,7 +255,7 @@ SendMessage(const char *msg, const char *base64Cert, char ** _retval)
 
   output.data = 0; output.len = 0;
   ecx = NSS_CMSEncoder_Start(cmsMsg, 0, 0, &output, arena,
-            0, 0, 0, 0, 0, 0);
+            0, ctx, 0, 0, 0, 0);
   if (!ecx) {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsCMSSecureMessage::SendMessage - can't start cms encoder\n"));
     rv = NS_ERROR_FAILURE;

mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp

@@ -624,39 +624,56 @@ PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
   nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg);
   nsCOMPtr<nsIPrompt> proxyPrompt;
 
-  // If no context is provided, no prompt is possible.
-  if (!ir)
-    return nsnull;
-
   /* TODO: Retry should generate a different dialog message */
 /*
   if (retry)
     return nsnull;
 */
 
-  // The interface requestor object may not be safe, so
-  // proxy the call to get the nsIPrompt.
+  if (!ir)
+  {
+    nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
+    if (!wwatch)
+      return nsnull;
 
-  nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
-  NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
-                       NS_GET_IID(nsIInterfaceRequestor),
-                       ir,
-                       NS_PROXY_SYNC,
-                       getter_AddRefs(proxiedCallbacks));
+    nsCOMPtr<nsIPrompt> prompter;
+    wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
+    if (!prompter)
+      return nsnull;
 
-  // Get the desired interface
-  nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
-  if (!prompt) {
-    NS_ASSERTION(PR_FALSE, "callbacks does not implement nsIPrompt");
-    return nsnull;
+    NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
+                         NS_GET_IID(nsIPrompt),
+                         prompter, NS_PROXY_SYNC,
+                         getter_AddRefs(proxyPrompt));
+    if (!proxyPrompt)
+      return nsnull;
+  }
+  else
+  {
+    // The interface requestor object may not be safe, so
+    // proxy the call to get the nsIPrompt.
+  
+    nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
+    NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
+                         NS_GET_IID(nsIInterfaceRequestor),
+                         ir,
+                         NS_PROXY_SYNC,
+                         getter_AddRefs(proxiedCallbacks));
+  
+    // Get the desired interface
+    nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
+    if (!prompt) {
+      NS_ASSERTION(PR_FALSE, "callbacks does not implement nsIPrompt");
+      return nsnull;
+    }
+  
+    // Finally, get a proxy for the nsIPrompt
+    NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
+                         NS_GET_IID(nsIPrompt),
+                         prompt,
+                         NS_PROXY_SYNC,
+                         getter_AddRefs(proxyPrompt));
   }
-
-  // Finally, get a proxy for the nsIPrompt
-  NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
-                       NS_GET_IID(nsIPrompt),
-                       prompt,
-                       NS_PROXY_SYNC,
-                       getter_AddRefs(proxyPrompt));
 
   nsAutoString promptString;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));