Related: rhbz#2097816

- increase the pbe cache size
- remove debugging print from certmonder patch
This commit is contained in:
Bob Relyea 2022-06-22 13:59:47 -07:00
parent aef9d0723d
commit 590eee18a6
3 changed files with 30 additions and 3 deletions

View File

@ -158,8 +158,8 @@ diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
max_attributes);
+printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
+ handle->updateID?handle->updateID: "<NULL>");
+/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
+ handle->updateID?handle->updateID: "<NULL>");*/
/*
* Update Object updates the object template if necessary then returns

View File

@ -0,0 +1,22 @@
diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
--- a/lib/softoken/lowpbe.c
+++ b/lib/softoken/lowpbe.c
@@ -565,17 +565,17 @@ struct KDFCacheItemStr {
int iterations;
int keyLen;
};
typedef struct KDFCacheItemStr KDFCacheItem;
/* Bug 1606992 - Cache the hash result for the common case that we're
* asked to repeatedly compute the key for the same password item,
* hash, iterations and salt. */
-#define KDF2_CACHE_COUNT 3
+#define KDF2_CACHE_COUNT 150
static struct {
PZLock *lock;
struct {
KDFCacheItem common;
int ivLen;
PRBool faulty3DES;
} cacheKDF1;
struct {

View File

@ -1,6 +1,6 @@
%global nss_version 3.79.0
%global nspr_version 4.34.0
%global baserelease 5
%global baserelease 6
%global nss_release %baserelease
# NOTE: To avoid NVR clashes of nspr* packages:
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@ -167,6 +167,7 @@ Patch53: nss-3.79-fix-client-cert-crash.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1767883
Patch54: nss-3.79-rhel-9-fips-signature-policy.patch
Patch55: nss-3.79-enable-POST-rerun.patch
Patch56: nss-3.79-increase-pbe-cache.patch
Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch
@ -1148,6 +1149,10 @@ update-crypto-policies &> /dev/null || :
%changelog
* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
- Remove debugging printf from a patch
- increase the pbe cache size to handle reusing the same token key.
* Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
- FIPS 140-3 changes
- Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject