Resolves: RHEL-182558
- back out SHA386 default for the database
This commit is contained in:
parent
634c4fe626
commit
edd4faf568
33
nss-3.124-allow-old-nss-to-read-new-db.patch
Normal file
33
nss-3.124-allow-old-nss-to-read-new-db.patch
Normal file
@ -0,0 +1,33 @@
|
||||
# HG changeset patch
|
||||
# User Robert Relyea <rrelyea@redhat.com>
|
||||
# Date 1782506169 25200
|
||||
# Fri Jun 26 13:36:09 2026 -0700
|
||||
# Branch NSS_3_124_BRANCH
|
||||
# Node ID 824f0f507b84d9077509d75a7d39816e1ae9fa81
|
||||
# Parent f5b50861c24c1fd94f4326b3e4c7eb0ab9568bf3
|
||||
nss-3.124-allow-old-nss-to-read-new-db.patch
|
||||
|
||||
diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c
|
||||
--- a/lib/softoken/sftkpwd.c
|
||||
+++ b/lib/softoken/sftkpwd.c
|
||||
@@ -1397,17 +1397,19 @@ sftkdb_ChangePassword(SFTKDBHandle *keyd
|
||||
rv = sftkdb_CheckPassword(keydb, oldPin, tokenRemoved);
|
||||
if (rv == SECFailure) {
|
||||
goto loser;
|
||||
}
|
||||
} else {
|
||||
salt.len = 0;
|
||||
}
|
||||
|
||||
- preferred_salt_length = SHA384_LENGTH;
|
||||
+ /* RHEL -8 keep the old default since old versions of NSS
|
||||
+ * cannot read SHA386_LENGTH databases */
|
||||
+ preferred_salt_length = SHA1_LENGTH;
|
||||
|
||||
/* Prefer SHA-1 if the password is NULL */
|
||||
if (!newPin || *newPin == 0) {
|
||||
preferred_salt_length = SHA1_LENGTH;
|
||||
}
|
||||
|
||||
if (salt.len != preferred_salt_length) {
|
||||
salt.len = preferred_salt_length;
|
||||
1
nss.spec
1
nss.spec
@ -175,6 +175,7 @@ Patch26: nss-3.124-disable-ech.patch
|
||||
Patch27: nss-3.124-el8-revert-libpkix-default.patch
|
||||
Patch28: nss-3.124-no-p12-smime-policy.patch
|
||||
Patch37: nss-3.124-allow-hash-override-pss.patch
|
||||
Patch38: nss-3.124-allow-old-nss-to-read-new-db.patch
|
||||
|
||||
Patch40: nss-3.90-dh-test-update.patch
|
||||
Patch41: nss-3.124-ppc_no_init.patch
|
||||
|
||||
Loading…
Reference in New Issue
Block a user