From a6f606117e5cfe64c4b49f94e514bf82054716d3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 7 Jun 2017 15:55:39 +0200
Subject: CRYPTO: Do not call NSS_Shutdown after every operation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Calling setup and teardown on every encryption cases issues like the one
described in https://bugzilla.redhat.com/show_bug.cgi?id=1456151
eventually.

Similarly to other crypto functions, don't tear down NSS by calling
NSS_Shutdown. Let the OS reclaim the resources.

Resolves:
https://pagure.io/SSSD/sssd/issue/3424

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/util/crypto/nss/nss_nite.c      | 2 --
 src/util/crypto/nss/nss_obfuscate.c | 2 --
 2 files changed, 4 deletions(-)

diff --git a/src/util/crypto/nss/nss_nite.c b/src/util/crypto/nss/nss_nite.c
index 3641e0512..db3cefa95 100644
--- a/src/util/crypto/nss/nss_nite.c
+++ b/src/util/crypto/nss/nss_nite.c
@@ -167,7 +167,6 @@ int sss_encrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
 
 done:
     talloc_free(tmp_ctx);
-    nspr_nss_cleanup();
     return ret;
 }
 
@@ -300,6 +299,5 @@ int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
 
 done:
     talloc_free(tmp_ctx);
-    nspr_nss_cleanup();
     return ret;
 }
diff --git a/src/util/crypto/nss/nss_obfuscate.c b/src/util/crypto/nss/nss_obfuscate.c
index a55f22b6d..df9c41b3a 100644
--- a/src/util/crypto/nss/nss_obfuscate.c
+++ b/src/util/crypto/nss/nss_obfuscate.c
@@ -189,7 +189,6 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen,
     ret = EOK;
 done:
     talloc_free(tmp_ctx);
-    nspr_nss_cleanup();
     return ret;
 }
 
@@ -325,6 +324,5 @@ int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded,
     ret = EOK;
 done:
     talloc_free(tmp_ctx);
-    nspr_nss_cleanup();
     return ret;
 }
-- 
cgit