Bug 1342412, certutil: Error out when setting password fails, r=kaie

sailfishos-mirror · Aug 30, 2017 · 3134750 · 3134750
1 parent f408de0
commit 3134750
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
@@ -3036,11 +3036,16 @@ certutil_main(int argc, char **argv, PRBool initialize)
 
     /*  If creating new database, initialize the password.  */
     if (certutil.commands[cmd_NewDBs].activated) {
-        if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot)))
-            PK11_InitPin(slot, (char *)NULL, "");
-        else
-            SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
-                           certutil.options[opt_NewPasswordFile].arg);
+        if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot))) {
+            rv = PK11_InitPin(slot, (char *)NULL, "");
+        } else {
+            rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+                                certutil.options[opt_NewPasswordFile].arg);
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "Could not set password for the slot");
+            goto shutdown;
+        }
     }
 
     /* walk through the upgrade merge if necessary.
@@ -3241,7 +3246,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
     if (certutil.commands[cmd_ChangePassword].activated) {
         rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
                             certutil.options[opt_NewPasswordFile].arg);
-        goto shutdown;
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "Could not set password for the slot");
+            goto shutdown;
+        }
     }
     /*  Reset the a token */
     if (certutil.commands[cmd_TokenReset].activated) {

diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
@@ -1276,6 +1276,11 @@ MODSCRIPT
     html_passed "${CU_ACTION}"
   fi
 
+  CU_ACTION="Setting invalid database password in FIPS mode"
+  RETEXPECTED=255
+  certu -W -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -@ "${R_FIPSBADPWFILE}" 2>&1
+  RETEXPECTED=0
+
   CU_ACTION="Generate Certificate for ${CERTNAME}"
   CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US"
   certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1