Related: rhbz#2097816
- increase the pbe cache size - remove debugging print from certmonder patch
This commit is contained in:
parent
aef9d0723d
commit
590eee18a6
@ -158,8 +158,8 @@ diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
|
||||
|
||||
objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
|
||||
max_attributes);
|
||||
+printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
|
||||
+ handle->updateID?handle->updateID: "<NULL>");
|
||||
+/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
|
||||
+ handle->updateID?handle->updateID: "<NULL>");*/
|
||||
|
||||
/*
|
||||
* Update Object updates the object template if necessary then returns
|
||||
|
22
nss-3.79-increase-pbe-cache.patch
Normal file
22
nss-3.79-increase-pbe-cache.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
|
||||
--- a/lib/softoken/lowpbe.c
|
||||
+++ b/lib/softoken/lowpbe.c
|
||||
@@ -565,17 +565,17 @@ struct KDFCacheItemStr {
|
||||
int iterations;
|
||||
int keyLen;
|
||||
};
|
||||
typedef struct KDFCacheItemStr KDFCacheItem;
|
||||
|
||||
/* Bug 1606992 - Cache the hash result for the common case that we're
|
||||
* asked to repeatedly compute the key for the same password item,
|
||||
* hash, iterations and salt. */
|
||||
-#define KDF2_CACHE_COUNT 3
|
||||
+#define KDF2_CACHE_COUNT 150
|
||||
static struct {
|
||||
PZLock *lock;
|
||||
struct {
|
||||
KDFCacheItem common;
|
||||
int ivLen;
|
||||
PRBool faulty3DES;
|
||||
} cacheKDF1;
|
||||
struct {
|
7
nss.spec
7
nss.spec
@ -1,6 +1,6 @@
|
||||
%global nss_version 3.79.0
|
||||
%global nspr_version 4.34.0
|
||||
%global baserelease 5
|
||||
%global baserelease 6
|
||||
%global nss_release %baserelease
|
||||
# NOTE: To avoid NVR clashes of nspr* packages:
|
||||
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
|
||||
@ -167,6 +167,7 @@ Patch53: nss-3.79-fix-client-cert-crash.patch
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1767883
|
||||
Patch54: nss-3.79-rhel-9-fips-signature-policy.patch
|
||||
Patch55: nss-3.79-enable-POST-rerun.patch
|
||||
Patch56: nss-3.79-increase-pbe-cache.patch
|
||||
|
||||
Patch100: nspr-config-pc.patch
|
||||
Patch101: nspr-gcc-atomics.patch
|
||||
@ -1148,6 +1149,10 @@ update-crypto-policies &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
|
||||
- Remove debugging printf from a patch
|
||||
- increase the pbe cache size to handle reusing the same token key.
|
||||
|
||||
* Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
|
||||
- FIPS 140-3 changes
|
||||
- Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject
|
||||
|
Loading…
Reference in New Issue
Block a user