diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-23 11:04:39 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-23 11:04:39 +0100 |
commit | f1a0f0a56fdd0fc39f255174ce08c06b91c66c94 (patch) | |
tree | 99ccc8e212257e1da1902036ae261e8e55d55c1c /security/nss/lib/pk11wrap/pk11pbe.c | |
parent | 8781f745556be5d7402d0f3adc67ecfe32fe04a0 (diff) | |
download | UXP-f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.tar UXP-f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.tar.gz UXP-f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.tar.lz UXP-f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.tar.xz UXP-f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.zip |
Update NSS to 3.35-RTM
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11pbe.c')
-rw-r--r-- | security/nss/lib/pk11wrap/pk11pbe.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/security/nss/lib/pk11wrap/pk11pbe.c b/security/nss/lib/pk11wrap/pk11pbe.c index bea9333f6..5f68f399e 100644 --- a/security/nss/lib/pk11wrap/pk11pbe.c +++ b/security/nss/lib/pk11wrap/pk11pbe.c @@ -367,7 +367,24 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId) cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId); if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) { - length = sec_pkcs5v2_aes_key_length(cipherAlg); + /* Previously, the PKCS#12 files created with the old NSS + * releases encoded the maximum key size of AES (that is 32) + * in the keyLength field of PBKDF2-params. That resulted in + * always performing AES-256 even if AES-128-CBC or + * AES-192-CBC is specified in the encryptionScheme field of + * PBES2-params. This is wrong, but for compatibility reasons, + * check the keyLength field and use the value if it is 32. + */ + if (p5_param.keyLength.data != NULL) { + length = DER_GetInteger(&p5_param.keyLength); + } + /* If the keyLength field is present and contains a value + * other than 32, that means the file is created outside of + * NSS, which we don't care about. Note that the following + * also handles the case when the field is absent. */ + if (length != 32) { + length = sec_pkcs5v2_aes_key_length(cipherAlg); + } } else if (p5_param.keyLength.data != NULL) { length = DER_GetInteger(&p5_param.keyLength); } else { |