From 590eee18a6755a96b1e368f38816cee1354056d7 Mon Sep 17 00:00:00 2001
From: Bob Relyea <rrelyea@redhat.com>
Date: Wed, 22 Jun 2022 13:59:47 -0700
Subject: [PATCH] Related: rhbz#2097816 - increase the pbe cache size - remove
 debugging print from certmonder patch

---
 nss-3.79-dont-verify-default.patch |  4 ++--
 nss-3.79-increase-pbe-cache.patch  | 22 ++++++++++++++++++++++
 nss.spec                           |  7 ++++++-
 3 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 nss-3.79-increase-pbe-cache.patch

diff --git a/nss-3.79-dont-verify-default.patch b/nss-3.79-dont-verify-default.patch
index aa20713..6c747b6 100644
--- a/nss-3.79-dont-verify-default.patch
+++ b/nss-3.79-dont-verify-default.patch
@@ -158,8 +158,8 @@ diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
  
      objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
                                               max_attributes);
-+printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
-+       handle->updateID?handle->updateID: "<NULL>");
++/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
++       handle->updateID?handle->updateID: "<NULL>");*/
  
      /*
       * Update Object updates the object template if necessary then returns
diff --git a/nss-3.79-increase-pbe-cache.patch b/nss-3.79-increase-pbe-cache.patch
new file mode 100644
index 0000000..e175766
--- /dev/null
+++ b/nss-3.79-increase-pbe-cache.patch
@@ -0,0 +1,22 @@
+diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
+--- a/lib/softoken/lowpbe.c
++++ b/lib/softoken/lowpbe.c
+@@ -565,17 +565,17 @@ struct KDFCacheItemStr {
+     int iterations;
+     int keyLen;
+ };
+ typedef struct KDFCacheItemStr KDFCacheItem;
+ 
+ /* Bug 1606992 - Cache the hash result for the common case that we're
+  * asked to repeatedly compute the key for the same password item,
+  * hash, iterations and salt. */
+-#define KDF2_CACHE_COUNT 3
++#define KDF2_CACHE_COUNT 150
+ static struct {
+     PZLock *lock;
+     struct {
+         KDFCacheItem common;
+         int ivLen;
+         PRBool faulty3DES;
+     } cacheKDF1;
+     struct {
diff --git a/nss.spec b/nss.spec
index 3cd9cae..c36e8c2 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,6 +1,6 @@
 %global nss_version 3.79.0
 %global nspr_version 4.34.0
-%global baserelease 5
+%global baserelease 6
 %global nss_release %baserelease
 # NOTE: To avoid NVR clashes of nspr* packages:
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@@ -167,6 +167,7 @@ Patch53:          nss-3.79-fix-client-cert-crash.patch
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1767883
 Patch54:          nss-3.79-rhel-9-fips-signature-policy.patch
 Patch55:          nss-3.79-enable-POST-rerun.patch
+Patch56:          nss-3.79-increase-pbe-cache.patch
 
 Patch100:         nspr-config-pc.patch
 Patch101:         nspr-gcc-atomics.patch
@@ -1148,6 +1149,10 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
+- Remove debugging printf from a patch
+- increase the pbe cache size to handle reusing the same token key.
+
 * Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
 - FIPS 140-3 changes
 -  Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject