Related: rhbz#2097816

- increase the pbe cache size - remove debugging print from certmonder patch
2022-06-22 13:59:47 -07:00 · 2022-06-22 13:59:47 -07:00 · 590eee18a6
parent aef9d0723d
commit 590eee18a6
3 changed files with 30 additions and 3 deletions
--- a/nss-3.79-dont-verify-default.patch
+++ b/nss-3.79-dont-verify-default.patch
@ -158,8 +158,8 @@ diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
 
     objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
                                              max_attributes);
-+printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
-+       handle->updateID?handle->updateID: "<NULL>");
+/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
+       handle->updateID?handle->updateID: "<NULL>");*/
 
     /*
      * Update Object updates the object template if necessary then returns
--- a/nss-3.79-increase-pbe-cache.patch
+++ b/nss-3.79-increase-pbe-cache.patch
@ -0,0 +1,22 @@
+diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
+--- a/lib/softoken/lowpbe.c
+++ b/lib/softoken/lowpbe.c
+@@ -565,17 +565,17 @@ struct KDFCacheItemStr {
+     int iterations;
+     int keyLen;
+ };
+ typedef struct KDFCacheItemStr KDFCacheItem;
+ 
+ /* Bug 1606992 - Cache the hash result for the common case that we're
+  * asked to repeatedly compute the key for the same password item,
+  * hash, iterations and salt. */
+-#define KDF2_CACHE_COUNT 3
+#define KDF2_CACHE_COUNT 150
+ static struct {
+     PZLock *lock;
+     struct {
+         KDFCacheItem common;
+         int ivLen;
+         PRBool faulty3DES;
+     } cacheKDF1;
+     struct {
--- a/nss.spec
+++ b/nss.spec
@ -1,6 +1,6 @@
 %global nss_version 3.79.0
 %global nspr_version 4.34.0
-%global baserelease 5
+%global baserelease 6
 %global nss_release %baserelease
 # NOTE: To avoid NVR clashes of nspr* packages:
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@ -167,6 +167,7 @@ Patch53:          nss-3.79-fix-client-cert-crash.patch
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1767883
 Patch54:          nss-3.79-rhel-9-fips-signature-policy.patch
 Patch55:          nss-3.79-enable-POST-rerun.patch
+Patch56:          nss-3.79-increase-pbe-cache.patch

 Patch100:         nspr-config-pc.patch
 Patch101:         nspr-gcc-atomics.patch
@ -1148,6 +1149,10 @@ update-crypto-policies &> /dev/null || :


 %changelog
+* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
+- Remove debugging printf from a patch
+- increase the pbe cache size to handle reusing the same token key.
+
 * Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
 - FIPS 140-3 changes
 -  Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject