Closed Bug 99653 Opened 23 years ago Closed 23 years ago

fips test modutil / certutil -K with incorrect passwd fails

Categories

(NSS :: Tools, defect, P1)

Product:
NSS
Component:
Tools
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sonja.mirtitsch, Assigned: rrelyea)

Details

Attachments

(1 file)

core
380.00 KB, application/octet-stream
Details 
I file this bug as 3.4 to avoid more confusion... please correct as needed
file it as tools, since backwardcompatibility tests pass

happens on Linux 2.2 and 2.4 (redhat 6.2 and 7.1), box and louie

There are 2 problems - the first seems to be a modutil failure, without
coredump, but failure occuring with certutil -K with incorrect password acting
as if not in FIPS mode (returning 0 without listing keys, instead of not listing
keys and rreturning 255)

If rerun modutil dumpes a core. I'll try to attach the core to the bug.

box.1 Attempt to list FIPS module keys with incorrect password (certutil -K) Failed
box.2 Attempt to list FIPS module keys with incorrect password (certutil -K) Failed
box.3 Attempt to list FIPS module keys with incorrect password (certutil -K) Failed
box.4 Attempt to list FIPS module keys with incorrect password (certutil -K) Failed


box.4/output.log-cert.sh: Creating FIPS 140-1 DSA Certificates ==============
box.4/output.log-cert.sh: Initializing FIPS PUB 140-1 Test Certificate's Cert DB
--------------------------
box.4/output.log-certutil -N -d . -f ../tests.fipspw.24125
box.4/output.log-cert.sh: Enable FIPS mode on database -----------------------
box.4/output.log-
box.4/output.log-WARNING: Performing this operation while the browser is running
could cause
box.4/output.log-corruption of your security databases. If the browser is
currently running,
box.4/output.log-you should exit browser before continuing this operation. Type
box.4/output.log-'q ' to abort, or to continue:
box.4/output.log-Using database directory ....
box.4/output.log:/share/builds/mccrel/nss/nsstip/builds/20010913.1/booboo_Solaris8/mozilla/security/nss/tests/all.sh:
line 341: 24289 Segmentation fault (core dumped) modutil -dbdir ${CERTDIR} -fips
true 2>&1 <box.4/output.log-y
box.4/output.log-MODSCRIPT
box.4/output.log-
./box.3/fips/core
./box.4/fips/core  
  1st run:
=========
cert.sh: Enable FIPS mode on database -----------------------

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Using database directory ....
/share/builds/mccrel/nss/nsstip/builds/20010913.1/booboo_Solaris8/mozilla/security/nss/tests/all.sh:
line 341: 13267 Segmentation fault      modutil -dbdir ${CERTDIR} -fips true
2>&1  <<MODSCRIPT
y
MODSCRIPT

cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate
--------------------------
certutil -s "CN=FIPS PUB 140-1 Test Certificate, E=fips@bogus.com, O=BOGUS NSS,
OU=FIPS PUB 140-1, L=Mountain View, ST=California, C=US" -S -n
FIPS_PUB_140-1_Test_Certificate -x -t Cu,Cu,Cu -d . -f ../tests.fipspw.13105 -k
dsa -m 1000 -z ../tests_noise.13105


Generating key.  This may take a few moments...


2nd run
========

cert.sh: Enable FIPS mode on database -----------------------

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Using database directory ....
/share/builds/mccrel/nss/nsstip/builds/20010913.1/booboo_Solaris8/mozilla/security/nss/tests/all.sh:
line 341: 20938 Segmentation fault      (core dumped) modutil -dbdir ${CERTDIR}
-fips true 2>&1  <<MODSCRIPT
y
MODSCRIPT

cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate
--------------------------
certutil -s "CN=FIPS PUB 140-1 Test Certificate, E=fips@bogus.com, O=BOGUS NSS,
OU=FIPS PUB 140-1, L=Mountain View, ST=California, C=US" -S -n
FIPS_PUB_140-1_Test_Certificate -x -t Cu,Cu,Cu -d . -f ../tests.fipspw.20775 -k
dsa -m 1000 -z ../tests_noise.20775
Attached file core 

    
    

    
  
Assigned the bug to Bob.
Assignee: wtc → relyea
Priority: -- → P1
Target Milestone: --- → 3.4

    
    

    
  
These tests are passing now (as least on tinderbox). If you see any more
problems sonja don't hesitate to reopen this bug.

bob
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: