Description of problem: The removal of the NSS_NoDB_Init call breaks fipstest.c. It still compiles and links, but doesn't work. The NSS_NoDB_Init call needs to be replaced by individual XXX_Init calls to initialize the subsystems required by fipstest.c, such as the RNG and the SECOID tables. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Acquire a set of FIPS 140 .req test file validation suite. 2. Use fipstest with some of them. Actual results: The test won't succeed because of unseeded RNG. Expected results: The tests pass, Additional info: This bug was been reported upstream and we should have a temporary fix until is fixed properly upstream and we pick it up in a future update. The tools code code is include in the nss and here as is of most relevance for softoken. It is not installed as it's not part of the supported or unsupported tools. It's here for the convenience of internal developers for FIPS 140 matters. It will be accessible in code form for by others who may be interested in assisting the team or reporting a bug.
We should restore the init calls. Upsream bug nubmers: https://bugzilla.mozilla.org/show_bug.cgi?id=679814 https://bugzilla.mozilla.org/show_bug.cgi?id=698049 The upstream bug that caused the problem was: https://bugzilla.mozilla.org/show_bug.cgi?id=681382 Note wtc's comments in the bug.
new upstream bug which includes restoring the calls in it's patch: https://bugzilla.mozilla.org/show_bug.cgi?id=475578 bottom of the patch: https://bugzilla.mozilla.org/attachment.cgi?id=611091&action=diff bob
Created attachment 576535 [details] Call NSS_NoDB_Init The include is <nss.h> as when building as part of nss-softoken we don't have that header in the source build tree. I wish I could rely on 'unset USE_STATIC_LIBS' on the spec file and get dynamic linking rather than unconditionally adding EXTRA_SHARED_LIBS += -L$(NSSUTIL_LIB_DIR) -lnss3. What's the reason for having USE_STATIC_LIBS in so many places?
Comment on attachment 576535 [details] Call NSS_NoDB_Init Oops, I should have read the previous comment. Let me try then using the bottom of the patch you pointed me to until we get the full upstream patch.
Comment on attachment 576535 [details] Call NSS_NoDB_Init r- please look at my upstream patch. I fixes the problem without needing nss.h.
Created attachment 576594 [details] The patch that was applied as Bob suggested.
Comment on attachment 576594 [details] The patch that was applied as Bob suggested. That one looks better
From comment 5: I fixes -> It fixes (was the intent, though I fixes-> I fixed would also be true:).