Closed Bug 681382 Opened 13 years ago Closed 13 years ago

Remove from fipstest dependencies on higher layers of nss

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12.10
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: elio.maldonado.batiz, Unassigned)

References

Details

Attachments

(1 file, 1 obsolete file)

Remove high level dependencies and fix a variable name
1.00 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review 
The fipstest application is the FIPS 140 validation test application. As such it should rely on headers and libraries from softoken and below (util). This would enable us to build it and be execute it in the presence of just softoken and it's lower level dependencies, i.e util.

1) fipstest currently calls NSS_NoBBInit which is not necessary as it just needs it uses the PKCS #11 interface directly. That would eliminate having to include nss.h. 

2) It includes lib/cryptohi/keythi.h which is a higher level header. It makes that include because it needs an enumerated type KeyType. I suggest moving this enum out of the current header and placing in in one of the util headers. It seems to me that none of the existing headers seems to be suitable home for the enu.  I suggest adding a small header for it that would be included by both keythi.h and fipstest.c. Any other tools and libraries that need it get it via keythi.h and don't need modification.

My first cut was to make the header a private export but chose to make it a public export instead as in fedora and rhel 6, where we split nss into nss (rest of) nsssoftokn, and nssutil rpm's, the header would not be accessible top the tool.
Attachment #555131 - Flags: review?(rrelyea)
Target Milestone: --- → 3.13
Comment on attachment 555131 [details] [diff] [review]
Enable fipstest to depend on lower layers only

r-

ditch the keytype.h and looks at the line that is actually failing without keythi.h... You'll see one line at 4238 where dsaKey is missing, but if you look at the code you'll see that dsaKey is *NOT* dsaKey from KeyType, but a typo for a local variable dsakey, so just remove keythi.h and fix the original bug.

The rest of the patch will be fine (getting red of NSS_NO_DB_Init() and nss.h).

bob
Attachment #555131 - Flags: review?(rrelyea) → review-

        Attachment #555131 -
        Attachment is obsolete: true

    
  

        Attachment #560620 -
        Attachment description: Remove high level dependencies fix a variable name → Remove high level dependencies and fix a variable name

    
  

        Attachment #560620 -
        Flags: review?(rrelyea)

    
    

    
  
Comment on attachment 560620 [details] [diff] [review]
Remove high level dependencies and fix a variable name

r+ I can go with this version:)...

bob

        Attachment #560620 -
        Flags: review?(rrelyea) → review+

    
    

    
  
Committed to trunk
Checking in mozilla/security/nss/cmd/fipstest/fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.38; previous revision: 1.37
done

    
  
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
    

    
  
The removal of the NSS_NoDB_Init call breaks fipstest.c.
It still compiles and links, but doesn't work.

The NSS_NoDB_Init call needs to be replaced by individual
XXX_Init calls to initialize the subsystems required by
fipstest.c, such as the RNG and the SECOID tables.

Elio, Bob: you can either open a new bug (preferred) or
just reopen this bug (less overhead) to fix this.

    
    

    
  
Opened Bug 698049

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: