From fba28f19754f62b5227650143d5441fc86d4c7d7 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 25 Apr 2018 21:33:33 +0200 Subject: Revert "Update NSS to 3.35-RTM" This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94. --- security/nss/lib/pk11wrap/pk11pbe.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) (limited to 'security/nss/lib/pk11wrap/pk11pbe.c') diff --git a/security/nss/lib/pk11wrap/pk11pbe.c b/security/nss/lib/pk11wrap/pk11pbe.c index 5f68f399e..bea9333f6 100644 --- a/security/nss/lib/pk11wrap/pk11pbe.c +++ b/security/nss/lib/pk11wrap/pk11pbe.c @@ -367,24 +367,7 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId) cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId); if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) { - /* Previously, the PKCS#12 files created with the old NSS - * releases encoded the maximum key size of AES (that is 32) - * in the keyLength field of PBKDF2-params. That resulted in - * always performing AES-256 even if AES-128-CBC or - * AES-192-CBC is specified in the encryptionScheme field of - * PBES2-params. This is wrong, but for compatibility reasons, - * check the keyLength field and use the value if it is 32. - */ - if (p5_param.keyLength.data != NULL) { - length = DER_GetInteger(&p5_param.keyLength); - } - /* If the keyLength field is present and contains a value - * other than 32, that means the file is created outside of - * NSS, which we don't care about. Note that the following - * also handles the case when the field is absent. */ - if (length != 32) { - length = sec_pkcs5v2_aes_key_length(cipherAlg); - } + length = sec_pkcs5v2_aes_key_length(cipherAlg); } else if (p5_param.keyLength.data != NULL) { length = DER_GetInteger(&p5_param.keyLength); } else { -- cgit v1.2.3