Bug 205171 - security/nss: install nsslowhash.h
Summary: security/nss: install nsslowhash.h
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-gecko (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-09 21:55 UTC by John Hein
Modified: 2015-12-19 10:55 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (gecko)


Attachments
[patch] enable NSSLOWHASH API (798 bytes, patch)
2015-12-09 21:55 UTC, John Hein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description John Hein 2015-12-09 21:55:22 UTC
Created attachment 164027 [details]
[patch] enable NSSLOWHASH API

libfreebl.so is installed by security/nss, but the NSSLOWHASH hashing API is not enabled.

After building with the attached patch, it provides:

nm -oCD /usr/local/lib/nss/libfreebl3.so | egrep 'NSSLOW'
/usr/local/lib/nss/libfreebl3.so:0004a2f0 T NSSLOWHASH_Begin
/usr/local/lib/nss/libfreebl3.so:0004a380 T NSSLOWHASH_Destroy
/usr/local/lib/nss/libfreebl3.so:0004a340 T NSSLOWHASH_End
/usr/local/lib/nss/libfreebl3.so:0004a370 T NSSLOWHASH_Length
/usr/local/lib/nss/libfreebl3.so:0004a3c0 T NSSLOWHASH_NewContext
/usr/local/lib/nss/libfreebl3.so:0004a310 T NSSLOWHASH_Update
/usr/local/lib/nss/libfreebl3.so:0004a680 T NSSLOW_Init
/usr/local/lib/nss/libfreebl3.so:0004a2b0 T NSSLOW_Shutdown


And nsslowhash.h is installed - this declares these functions for the API.

Other distributions separate out libfreebl and install nsslowhash.h with the package that includes libfreebl.  FreeBSD installs lifreebl as part of the full nss port.  For example, on fedora:

% rpm -qf /usr/lib64/libfreebl3.so /usr/include/nss3/nsslowhash.h
nss-softokn-freebl-3.19.1-1.0.fc20.x86_64
nss-softokn-devel-3.19.1-1.0.fc20.x86_64

I'm not suggesting the freebsd do the same... that's just FYI.

Noticed by: hashing library detection failure (due to missing nsslowhash.h) in net/chrony's configure stage that causes the secure hash feature to be turned off.


QA:
 - portlint: pass
 - stage-qa: pass
 - testport: pass (9-stable i386)
Comment 1 John Hein 2015-12-10 00:35:55 UTC
FYI, here's a doc that talks about the API.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1710.pdf
Comment 2 commit-hook freebsd_committer 2015-12-19 10:48:26 UTC
A commit references this bug:

Author: jbeich
Date: Sat Dec 19 10:48:07 UTC 2015
New revision: 404008
URL: https://svnweb.freebsd.org/changeset/ports/404008

Log:
  security/nss: enable NSSLOWHASH_* API support

  Possible consumers:
    - net/chrony (autodetected)
    - security/p11-kit (--with-hash-impl=freebl)

  PR:		205171
  Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>

Changes:
  head/security/nss/Makefile
  head/security/nss/pkg-plist
Comment 3 Jan Beich freebsd_committer 2015-12-19 10:55:35 UTC
Committed. Thanks!