Bug 205171

Summary: security/nss: install nsslowhash.h
Product: Ports & Packages Reporter: John Hein <jcfyecrayz>
Component: Individual Port(s)Assignee: freebsd-gecko (Nobody) <gecko>
Status: Closed FIXED    
Severity: Affects Some People Flags: bugzilla: maintainer-feedback? (gecko)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
[patch] enable NSSLOWHASH API none

Description John Hein 2015-12-09 21:55:22 UTC
Created attachment 164027 [details]
[patch] enable NSSLOWHASH API

libfreebl.so is installed by security/nss, but the NSSLOWHASH hashing API is not enabled.

After building with the attached patch, it provides:

nm -oCD /usr/local/lib/nss/libfreebl3.so | egrep 'NSSLOW'
/usr/local/lib/nss/libfreebl3.so:0004a2f0 T NSSLOWHASH_Begin
/usr/local/lib/nss/libfreebl3.so:0004a380 T NSSLOWHASH_Destroy
/usr/local/lib/nss/libfreebl3.so:0004a340 T NSSLOWHASH_End
/usr/local/lib/nss/libfreebl3.so:0004a370 T NSSLOWHASH_Length
/usr/local/lib/nss/libfreebl3.so:0004a3c0 T NSSLOWHASH_NewContext
/usr/local/lib/nss/libfreebl3.so:0004a310 T NSSLOWHASH_Update
/usr/local/lib/nss/libfreebl3.so:0004a680 T NSSLOW_Init
/usr/local/lib/nss/libfreebl3.so:0004a2b0 T NSSLOW_Shutdown


And nsslowhash.h is installed - this declares these functions for the API.

Other distributions separate out libfreebl and install nsslowhash.h with the package that includes libfreebl.  FreeBSD installs lifreebl as part of the full nss port.  For example, on fedora:

% rpm -qf /usr/lib64/libfreebl3.so /usr/include/nss3/nsslowhash.h
nss-softokn-freebl-3.19.1-1.0.fc20.x86_64
nss-softokn-devel-3.19.1-1.0.fc20.x86_64

I'm not suggesting the freebsd do the same... that's just FYI.

Noticed by: hashing library detection failure (due to missing nsslowhash.h) in net/chrony's configure stage that causes the secure hash feature to be turned off.


QA:
 - portlint: pass
 - stage-qa: pass
 - testport: pass (9-stable i386)
Comment 1 John Hein 2015-12-10 00:35:55 UTC
FYI, here's a doc that talks about the API.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1710.pdf
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-12-19 10:48:26 UTC
A commit references this bug:

Author: jbeich
Date: Sat Dec 19 10:48:07 UTC 2015
New revision: 404008
URL: https://svnweb.freebsd.org/changeset/ports/404008

Log:
  security/nss: enable NSSLOWHASH_* API support

  Possible consumers:
    - net/chrony (autodetected)
    - security/p11-kit (--with-hash-impl=freebl)

  PR:		205171
  Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>

Changes:
  head/security/nss/Makefile
  head/security/nss/pkg-plist
Comment 3 Jan Beich freebsd_committer freebsd_triage 2015-12-19 10:55:35 UTC
Committed. Thanks!