Closed Bug 1622033 Opened 2 years ago Closed 2 years ago

Add option to build without SEED

Categories

(NSS :: Build, task, P2)

3.52

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: jcj, Assigned: beurdouche)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

The SEED ciphersuite is not used in modern TLS, and by default we shouldn't compile it for clients that don't need it.

Let's add a compile-time option to enable SEED, and otherwise not build it. We should ensure the tests still run in CI as part of this change.

Assignee: nobody → bbeurdouche
Status: NEW → ASSIGNED
Priority: -- → P2

There's an issue with the SEED patch. It changes the size of the blapi function table. We need to either replace those functions with dummy functions or keep the existing functions and just return failures in the body. Failure to do so will mean if you mix a SEED freebl with a non-SEED nss or vice versa, you will get crashes.

Totally for the rest of the removal.

See Also: → 1626693

Thanks for pointing out that issue Bob. I saw two ways of handling that, one directly in the loader, and the other to have the bodies of the functions returning the error. I went for the first one for now, let me know if you think the other way was better.

So you can either replace the loader functions with error returning stubs, or hollow out the actual bodies. The patch you made removes statically linked functions that connect to the dynamic function tables (they have the same name as the actual body function).

If you replace the loader functions with error returning stubs, you can remove the seed.c completely from compilation, otherwise you will still need to compile it because it has the now error returning bodies.

The freebl structure is kind of tricky for historical reasons, and I just think you tripped over part of the trickiness.

bob

Attachment #9137730 - Attachment is obsolete: true

BTW, Benjamin, Thanks for staying with this. The freebl directory is probably the most complicated directory within NSS, so making changes there can be tricky and frustrating.

bob

Attachment #9140103 - Attachment description: Bug 1622033 - Disable SEED by default. r=kjacobs,rrelyea → Bug 1622033 - Disable flag for SEED deprecation. r=kjacobs,rrelyea
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.53
Summary: Disable SEED by default → Add option to build without SEED
Blocks: 1642011
Regressions: 1642146
You need to log in before you can comment on or make changes to this bug.