rpms/nss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Related: rhbz#2097816

Browse Source 
- increase the pbe cache size
- remove debugging print from certmonder patch
This commit is contained in:
Bob Relyea 2022-06-22 13:59:47 -07:00
parent aef9d0723d
commit 590eee18a6
3 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nss-3.79-dont-verify-default.patch
View File

@ -158,8 +158,8 @@ diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate, objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
max_attributes); max_attributes);
+printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id, +/*printf(" - merging object Type 0x%08lx id=0x%08lx updateID=%s\n", objectType, id,
+ handle->updateID?handle->updateID: "<NULL>"); + handle->updateID?handle->updateID: "<NULL>");*/
/* /*
* Update Object updates the object template if necessary then returns * Update Object updates the object template if necessary then returns

22
nss-3.79-increase-pbe-cache.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
--- a/lib/softoken/lowpbe.c
+++ b/lib/softoken/lowpbe.c
@@ -565,17 +565,17 @@ struct KDFCacheItemStr {
int iterations;
int keyLen;
};
typedef struct KDFCacheItemStr KDFCacheItem;
/* Bug 1606992 - Cache the hash result for the common case that we're
* asked to repeatedly compute the key for the same password item,
* hash, iterations and salt. */
-#define KDF2_CACHE_COUNT 3
+#define KDF2_CACHE_COUNT 150
static struct {
PZLock *lock;
struct {
KDFCacheItem common;
int ivLen;
PRBool faulty3DES;
} cacheKDF1;
struct {

7
nss.spec
View File

@ -1,6 +1,6 @@
%global nss_version 3.79.0 %global nss_version 3.79.0
%global nspr_version 4.34.0 %global nspr_version 4.34.0
%global baserelease 5 %global baserelease 6
%global nss_release %baserelease %global nss_release %baserelease
# NOTE: To avoid NVR clashes of nspr* packages: # NOTE: To avoid NVR clashes of nspr* packages:
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@ -167,6 +167,7 @@ Patch53: nss-3.79-fix-client-cert-crash.patch
# https://bugzilla.mozilla.org/show_bug.cgi?id=1767883 # https://bugzilla.mozilla.org/show_bug.cgi?id=1767883
Patch54: nss-3.79-rhel-9-fips-signature-policy.patch Patch54: nss-3.79-rhel-9-fips-signature-policy.patch
Patch55: nss-3.79-enable-POST-rerun.patch Patch55: nss-3.79-enable-POST-rerun.patch
Patch56: nss-3.79-increase-pbe-cache.patch
Patch100: nspr-config-pc.patch Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch Patch101: nspr-gcc-atomics.patch
@ -1148,6 +1149,10 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
- Remove debugging printf from a patch
- increase the pbe cache size to handle reusing the same token key.
* Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5 * Mon Jun 20 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-5
- FIPS 140-3 changes - FIPS 140-3 changes
- Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject - Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject