Bug 801975

Summary: Restore the use of NSS_NoDB_Init or alternate call on fipstest.c
Product: [Fedora] Fedora Reporter: Elio Maldonado Batiz <emaldona>
Component: nss-softoknAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: emaldona, kengert, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-softokn-3.13.4-2.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-11 23:10:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Call NSS_NoDB_Init
rrelyea: review-
The patch that was applied as Bob suggested. rrelyea: review+

Description Elio Maldonado Batiz 2012-03-10 01:03:53 UTC 
Description of problem: 
The removal of the NSS_NoDB_Init call breaks fipstest.c. 
It still compiles and links, but doesn't work. The NSS_NoDB_Init call needs to be replaced by individual XXX_Init calls to initialize the subsystems required by fipstest.c, such as the RNG and the SECOID tables.


Version-Release number of selected component (if applicable):

How reproducible: always

Steps to Reproduce:
1. Acquire a set of FIPS 140 .req test file validation suite.
2. Use fipstest with some of them. 
  
Actual results: The test won't succeed because of unseeded RNG.
Expected results: The tests pass,


Additional info: 

This bug was been reported upstream and we should have a temporary fix until is fixed properly upstream and we pick it up in a future update.

The tools code code is include in the nss and here as is of most relevance for softoken. It is not installed as it's not part of the supported or unsupported tools. It's here for the convenience of internal developers for FIPS 140 matters. It will be accessible in code form for by others who may be interested in assisting the team or reporting a bug.
Comment 1 Bob Relyea 2012-03-12 22:19:16 UTC 
We should restore the init calls.

Upsream bug nubmers:
https://bugzilla.mozilla.org/show_bug.cgi?id=679814
https://bugzilla.mozilla.org/show_bug.cgi?id=698049

The upstream bug that caused the problem was:
https://bugzilla.mozilla.org/show_bug.cgi?id=681382

Note wtc's comments in the bug.
Comment 2 Bob Relyea 2012-04-10 17:53:46 UTC 
new upstream bug which includes restoring the calls in it's patch:

https://bugzilla.mozilla.org/show_bug.cgi?id=475578

bottom of the patch:

https://bugzilla.mozilla.org/attachment.cgi?id=611091&action=diff

bob
Comment 3 Elio Maldonado Batiz 2012-04-10 17:54:33 UTC 
Created attachment 576535 [details]
Call NSS_NoDB_Init

The include is <nss.h> as when building as part of nss-softoken we don't have that header in the source build tree. 

I wish I could rely on 'unset USE_STATIC_LIBS' on the spec file and get dynamic linking rather than unconditionally adding 
EXTRA_SHARED_LIBS += -L$(NSSUTIL_LIB_DIR) -lnss3.

What's the reason for having USE_STATIC_LIBS in so many places?
Comment 4 Elio Maldonado Batiz 2012-04-10 18:08:47 UTC 
Comment on attachment 576535 [details]
Call NSS_NoDB_Init

Oops, I should have read the previous comment. Let me try then using the bottom of the patch you pointed me to until we get the full upstream patch.
Comment 5 Bob Relyea 2012-04-10 20:28:16 UTC 
Comment on attachment 576535 [details]
Call NSS_NoDB_Init

r- please look at my upstream patch. I fixes the problem without needing nss.h.
Comment 6 Elio Maldonado Batiz 2012-04-10 20:37:05 UTC 
Created attachment 576594 [details]
The patch that was applied as Bob suggested.
Comment 7 Bob Relyea 2012-04-11 00:02:35 UTC 
Comment on attachment 576594 [details]
The patch that was applied as Bob suggested.

That one looks better
Comment 8 Bob Relyea 2012-04-11 00:04:24 UTC 
From comment 5: I fixes -> It fixes  (was the intent, though I fixes-> I fixed would also be true:).