Closed
Bug 947653
Opened 11 years ago
Closed 10 years ago
Enable ECC by default and add an option NSS_DISABLE_ECC to disable it
Categories
(NSS :: Build, enhancement, P1)
NSS
Build
Tracking
(Not tracked)
RESOLVED
FIXED
3.16
People
(Reporter: briansmith, Assigned: briansmith)
Details
Attachments
(2 files, 3 obsolete files)
28.46 KB,
patch
|
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
151.21 KB,
patch
|
briansmith
:
review+
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
Now that Red Hat is shipping ECC-enabled NSS, all the major NSS contributors have NSS enabled by default, so let's make ECC the default, so that contributors to NSS are hacking on a configuration more similar to the configurations the core NSS team are using every day. In particular, currently if you forget to specify NSS_ENABLE_ECC=1 when running the test suite, then we won't run any of the tests that require ECC. This means we can easily overlook failures that only occur in ECC functionality by simply forgetting NSS_ENABLE_ECC=1, which I've done a few times now. ECC on by default makes this more bulletproof.
Assignee | ||
Comment 1•11 years ago
|
||
This first patch causes us to enable ECC (including the #define of NSS_ENABLE_ECC) by default, unless the environment variable NSS_DISABLE_ECC is set.
Attachment #8344243 -
Flags: review?(rrelyea)
Assignee | ||
Comment 2•11 years ago
|
||
This patch is basically: s/#ifdef NSS_ENABLE_ECC/#ifndef NSS_DISABLE_ECC/g s|/* NSS_ENABLE_ECC */|/* NSS_DISABLE_ECC*|g Additionally, it changes the build system to #define NSS_DISABLE_ECC when the NSS_DISABLE_ECC environment variable is defined.
Attachment #8344244 -
Flags: review?(rrelyea)
Comment 3•10 years ago
|
||
Comment on attachment 8344243 [details] [diff] [review] Part 1: Update build system to enable ECC by default (use NSS_DISABLE_ECC instead of NSS_ENABLE_ECC) Review of attachment 8344243 [details] [diff] [review]: ----------------------------------------------------------------- I skimmed through this patch. It seems correct. I'll let Bob do the review. ::: automation/buildbot-slave/bbenv-example.sh @@ +22,1 @@ > export NSS_ECC_MORE_THAN_SUITE_B=1 Maybe NSS_ECC_MORE_THAN_SUITE_B=1 should also be removed. ::: coverage/cov.sh @@ +35,1 @@ > export NSS_ECC_MORE_THAN_SUITE_B=1 Maybe we should also remove NSS_ECC_MORE_THAN_SUITE_B.
Attachment #8344243 -
Flags: feedback+
Comment 4•10 years ago
|
||
Comment on attachment 8344244 [details] [diff] [review] Part 2: Replace the NSS_ENABLE_ECC macro with a NSS_DISABLE_ECC macro in C code Review of attachment 8344244 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. Given the size of this patch and the build option change, I think we should fix this bug in NSS 3.16. ::: lib/softoken/pkcs11c.c @@ +4903,5 @@ > param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params), > nsslowkey_PQGParamsTemplate); > algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; > break; > +#ifndef NSS_DISABLE_ECC Nit: remove the spaces at the end of line.
Attachment #8344244 -
Flags: review+
Comment 5•10 years ago
|
||
Comment on attachment 8344243 [details] [diff] [review] Part 1: Update build system to enable ECC by default (use NSS_DISABLE_ECC instead of NSS_ENABLE_ECC) Review of attachment 8344243 [details] [diff] [review]: ----------------------------------------------------------------- This patch is missing the change to coreconf/config.mk, which your other patch depends on: ifndef NSS_DISABLE_ECC DEFINES += -DNSS_ENABLE_ECC endif
Attachment #8344243 -
Flags: feedback+ → feedback-
Comment 6•10 years ago
|
||
Comment on attachment 8344244 [details] [diff] [review] Part 2: Replace the NSS_ENABLE_ECC macro with a NSS_DISABLE_ECC macro in C code r+ At some point we can probably remove the ifndef DISABLE_ECC from nss proper, just leave the ones in softoken. Elio, it might be good to reach out to debian and see if that would cause headaches for them. Also, Elio, I thing we have a redhat upstream patch for removing ECC ifdefs from certutil and have certutil detect ECC capability on the fly. None of these suggestions need hold-up this patch. bob
Attachment #8344244 -
Flags: review?(rrelyea) → review+
Comment 7•10 years ago
|
||
> Maybe NSS_ECC_MORE_THAN_SUITE_B=1 should also be removed.
Not being up on the test/build system, I'm not sure which way to go on this. If you only build one flavor, then we should build the flavor without NSS_ECC_MORE_THAN_SUITE_B set, since that is the most common deployment of NSS these days. If we build multiple flavors, at least one should have NSS_ECC_MORE_THAN_SUITE_B set.
bob
Assignee | ||
Updated•10 years ago
|
Target Milestone: 3.15.4 → 3.16
Updated•10 years ago
|
Priority: -- → P1
Assignee | ||
Comment 8•10 years ago
|
||
Comment on attachment 8344243 [details] [diff] [review] Part 1: Update build system to enable ECC by default (use NSS_DISABLE_ECC instead of NSS_ENABLE_ECC) Review of attachment 8344243 [details] [diff] [review]: ----------------------------------------------------------------- ::: automation/buildbot-slave/bbenv-example.sh @@ +22,1 @@ > export NSS_ECC_MORE_THAN_SUITE_B=1 Good idea. I did remove it. ::: coverage/cov.sh @@ +35,1 @@ > export NSS_ECC_MORE_THAN_SUITE_B=1 I did not remove this one because this seems like a coverage test that is specific to Sun/Oracle and I'm guessing they want it to be tested with NSS_ECC_MORe_THAN_SUITE_B.
Assignee | ||
Comment 9•10 years ago
|
||
(In reply to Wan-Teh Chang from comment #5) > This patch is missing the change to coreconf/config.mk, which your > other patch depends on: > > ifndef NSS_DISABLE_ECC > DEFINES += -DNSS_ENABLE_ECC > endif The change to coreconf/config.mk is in the other patch: -ifndef NSS_DISABLE_ECC -DEFINES += -DNSS_ENABLE_ECC +ifdef NSS_DISABLE_ECC +DEFINES += -DNSS_DISABLE_ECC endif I agree the way that the patches is split up in this respect is confusing. I will combine the two patches together when I check them in.
Assignee | ||
Comment 10•10 years ago
|
||
Attachment #8344243 -
Attachment is obsolete: true
Attachment #8344243 -
Flags: review?(rrelyea)
Attachment #8383419 -
Flags: review?(rrelyea)
Assignee | ||
Comment 11•10 years ago
|
||
Attachment #8344244 -
Attachment is obsolete: true
Attachment #8383421 -
Flags: review+
Assignee | ||
Comment 12•10 years ago
|
||
Forgot to "hg qrefresh" when I attached part 2.
Attachment #8383421 -
Attachment is obsolete: true
Attachment #8383459 -
Flags: review+
Assignee | ||
Comment 13•10 years ago
|
||
Comment on attachment 8383419 [details] [diff] [review] Part 1: Update build system to enable ECC by default (use NSS_DISABLE_ECC instead of NSS_ENABLE_ECC) [rebased to current tip] Elio, in email Bob suggested that I have you do this review instead of him. This is something we already agreed to do in the NSS teleconference a few weeks ago and in the discussions above.
Attachment #8383419 -
Flags: review?(rrelyea) → review?(emaldona)
Updated•10 years ago
|
Attachment #8383419 -
Flags: review?(emaldona) → review+
Updated•10 years ago
|
Attachment #8383459 -
Flags: review+
Assignee | ||
Comment 14•10 years ago
|
||
Thanks for the quick review. I folded both patches together and committed them together: http://hg.mozilla.org/projects/nss/rev/d4365c889186 I did the following sanity checks before checking the patch in: 1. I verified that no more instances of "NSS_ENABLE_ECC" appear in the source code. 2. I verified the test suite passes, with no ECC tests run, with: NSS_DISABLE_ECC=1 make clean all cd tests NSS_DISABLE_ECC=1 ./all.sh 3. I verified that the SSL tests pass, with the ECC tests run, with: make clean all cd tests NSS_TESTS=ssl ./all.sh (In reply to Robert Relyea from comment #6) > At some point we can probably remove the ifndef DISABLE_ECC from nss proper, > just leave the ones in softoken. I filed bug 978637 to remove the compile-time checks from libssl (and libnss too), and bug 978638 for removing the compile-time checks from the tools. > Also, Elio, I thing > we have a redhat upstream patch for removing ECC ifdefs from certutil and > have certutil detect ECC capability on the fly. Please attach the patch to bug 978638.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•