Hi Brian,
I successfully built NSS 3.93 for SLES 12 several weeks ago.
Glad it worked out!
I'm now trying to build NSS 3.95, and am running into challenges.
Among them:
ldvector.c:435:5: error: 'BL_FIPSRepeatIntegrityCheck' undeclared here (not
in a function)
435 | BL_FIPSRepeatIntegrityCheck
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../../coreconf/rules.mk:292: recipe for target
'Linux4.12_x86_64_gcc-9_glibc_PTH_64_OPT.OBJ/Linux_SINGLE_SHLIB/ldvector.o'
failed
When I paw through the source, I see this in ./nss/lib/freebl/blapi.h:
/* Unconditionally run the integrity check. */
extern void BL_FIPSRepeatIntegrityCheck(void);
What would provide this function?
Our FIPS patches, or more specifically nss-fips-constructor-self-tests.patch
I'm not sure, if you really want to continue with the whole set of
fips-patches we have.
You can find the patches rebased to at least 3.94 here:
https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss
But I would suggest, you simply do not apply them at all, if you are not
after a FIPS-certification.
They are currently kept alive only in a minimal-effort kind of way for
newer NSS-versions. They should only be used for the ESR-version of NSS.
Cheers,
Martin
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/bd05b155-a0a9-475a-82cd-bcdff0f6a5fb%40suse.de.
