summaryrefslogtreecommitdiffstats
path: root/toolkit
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:24:54 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:24:54 +0100
commit24f97a1683b5a8d5fc66c1ad8fffa722b91b914f (patch)
tree593c2d3643fddca09ab54260d10f0c8231747708 /toolkit
parentc097dcf7fa55c1871f821b86e1c35578b132805f (diff)
downloadUXP-24f97a1683b5a8d5fc66c1ad8fffa722b91b914f.tar
UXP-24f97a1683b5a8d5fc66c1ad8fffa722b91b914f.tar.gz
UXP-24f97a1683b5a8d5fc66c1ad8fffa722b91b914f.tar.lz
UXP-24f97a1683b5a8d5fc66c1ad8fffa722b91b914f.tar.xz
UXP-24f97a1683b5a8d5fc66c1ad8fffa722b91b914f.zip
Issue #1338 - Part 4: Initialize NSS with desired run-time values.
This NSS version (and onward) has variables to enable PKDBF rounds for master password hardening (combating brute-force guessing). Since we use DBM, we need to explicitly enable iteration counts in DBM mode, and adjust the rounds used with a lower maximum because the PKDBF routine for DBM is considerably slower for which the NSS default of 10,000 is debilitatingly high. The method for this is run-time configuration through environment variables. We set these prior to NSS initialization from nsAppRunner.cpp so the NSS lib picks them up and allows us to continue using the DBM cert/key stores with stored rounds per record.
Diffstat (limited to 'toolkit')
-rw-r--r--toolkit/xre/nsAppRunner.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 035d35a9d..ab3f3881d 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -2800,6 +2800,18 @@ XREMain::XRE_mainInit(bool* aExitFlag)
#endif
SetupErrorHandling(gArgv[0]);
+
+ // Set up environment for NSS DBM database
+
+ // Allow iteration counts in DBM mode
+ SaveToEnv("NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1");
+ // Set default Master Password rounds to a sane value for DBM which is slower
+ // than SQL for PKDBF. The NSS hard-coded default of 10,000 is too much.
+#ifdef DEBUG
+ SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=15");
+#else
+ SaveToEnv("NSS_MAX_MP_PBE_ITERATION_COUNT=500");
+#endif
#ifdef CAIRO_HAS_DWRITE_FONT
{