Summary: | security/nss: install nsslowhash.h | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | John Hein <jcfyecrayz> | ||||
Component: | Individual Port(s) | Assignee: | freebsd-gecko (Nobody) <gecko> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | Flags: | bugzilla:
maintainer-feedback?
(gecko) |
||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
FYI, here's a doc that talks about the API. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1710.pdf A commit references this bug: Author: jbeich Date: Sat Dec 19 10:48:07 UTC 2015 New revision: 404008 URL: https://svnweb.freebsd.org/changeset/ports/404008 Log: security/nss: enable NSSLOWHASH_* API support Possible consumers: - net/chrony (autodetected) - security/p11-kit (--with-hash-impl=freebl) PR: 205171 Submitted by: John Hein <z7dr6ut7gs@snkmail.com> Changes: head/security/nss/Makefile head/security/nss/pkg-plist Committed. Thanks! |
Created attachment 164027 [details] [patch] enable NSSLOWHASH API libfreebl.so is installed by security/nss, but the NSSLOWHASH hashing API is not enabled. After building with the attached patch, it provides: nm -oCD /usr/local/lib/nss/libfreebl3.so | egrep 'NSSLOW' /usr/local/lib/nss/libfreebl3.so:0004a2f0 T NSSLOWHASH_Begin /usr/local/lib/nss/libfreebl3.so:0004a380 T NSSLOWHASH_Destroy /usr/local/lib/nss/libfreebl3.so:0004a340 T NSSLOWHASH_End /usr/local/lib/nss/libfreebl3.so:0004a370 T NSSLOWHASH_Length /usr/local/lib/nss/libfreebl3.so:0004a3c0 T NSSLOWHASH_NewContext /usr/local/lib/nss/libfreebl3.so:0004a310 T NSSLOWHASH_Update /usr/local/lib/nss/libfreebl3.so:0004a680 T NSSLOW_Init /usr/local/lib/nss/libfreebl3.so:0004a2b0 T NSSLOW_Shutdown And nsslowhash.h is installed - this declares these functions for the API. Other distributions separate out libfreebl and install nsslowhash.h with the package that includes libfreebl. FreeBSD installs lifreebl as part of the full nss port. For example, on fedora: % rpm -qf /usr/lib64/libfreebl3.so /usr/include/nss3/nsslowhash.h nss-softokn-freebl-3.19.1-1.0.fc20.x86_64 nss-softokn-devel-3.19.1-1.0.fc20.x86_64 I'm not suggesting the freebsd do the same... that's just FYI. Noticed by: hashing library detection failure (due to missing nsslowhash.h) in net/chrony's configure stage that causes the secure hash feature to be turned off. QA: - portlint: pass - stage-qa: pass - testport: pass (9-stable i386)