Remove from fipstest dependencies on higher layers of nss

RESOLVED FIXED in 3.13

Status

NSS
Libraries
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Elio Maldonado, Unassigned)

Tracking

3.12.10
3.13
x86_64
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

6 years ago
Created attachment 555131 [details] [diff] [review]
Enable fipstest to depend on lower layers only

The fipstest application is the FIPS 140 validation test application. As such it should rely on headers and libraries from softoken and below (util). This would enable us to build it and be execute it in the presence of just softoken and it's lower level dependencies, i.e util.

1) fipstest currently calls NSS_NoBBInit which is not necessary as it just needs it uses the PKCS #11 interface directly. That would eliminate having to include nss.h. 

2) It includes lib/cryptohi/keythi.h which is a higher level header. It makes that include because it needs an enumerated type KeyType. I suggest moving this enum out of the current header and placing in in one of the util headers. It seems to me that none of the existing headers seems to be suitable home for the enu.  I suggest adding a small header for it that would be included by both keythi.h and fipstest.c. Any other tools and libraries that need it get it via keythi.h and don't need modification.

My first cut was to make the header a private export but chose to make it a public export instead as in fedora and rhel 6, where we split nss into nss (rest of) nsssoftokn, and nssutil rpm's, the header would not be accessible top the tool.
(Reporter)

Updated

6 years ago
Attachment #555131 - Flags: review?(rrelyea)
(Reporter)

Updated

6 years ago
Target Milestone: --- → 3.13
(Reporter)

Updated

6 years ago

Comment 1

6 years ago
Comment on attachment 555131 [details] [diff] [review]
Enable fipstest to depend on lower layers only

r-

ditch the keytype.h and looks at the line that is actually failing without keythi.h... You'll see one line at 4238 where dsaKey is missing, but if you look at the code you'll see that dsaKey is *NOT* dsaKey from KeyType, but a typo for a local variable dsakey, so just remove keythi.h and fix the original bug.

The rest of the patch will be fine (getting red of NSS_NO_DB_Init() and nss.h).

bob
Attachment #555131 - Flags: review?(rrelyea) → review-
(Reporter)

Comment 2

6 years ago
Created attachment 560620 [details] [diff] [review]
Remove high level dependencies and fix a variable name
Attachment #555131 - Attachment is obsolete: true
(Reporter)

Updated

6 years ago
Attachment #560620 - Attachment description: Remove high level dependencies fix a variable name → Remove high level dependencies and fix a variable name
(Reporter)

Updated

6 years ago
Attachment #560620 - Flags: review?(rrelyea)

Comment 3

6 years ago
Comment on attachment 560620 [details] [diff] [review]
Remove high level dependencies and fix a variable name

r+ I can go with this version:)...

bob
Attachment #560620 - Flags: review?(rrelyea) → review+
(Reporter)

Comment 4

6 years ago
Committed to trunk
Checking in mozilla/security/nss/cmd/fipstest/fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.38; previous revision: 1.37
done
(Reporter)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 5

6 years ago
The removal of the NSS_NoDB_Init call breaks fipstest.c.
It still compiles and links, but doesn't work.

The NSS_NoDB_Init call needs to be replaced by individual
XXX_Init calls to initialize the subsystems required by
fipstest.c, such as the RNG and the SECOID tables.

Elio, Bob: you can either open a new bug (preferred) or
just reopen this bug (less overhead) to fix this.
(Reporter)

Comment 6

6 years ago
Opened Bug 698049
You need to log in before you can comment on or make changes to this bug.