summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/pk11pbe.c
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
commitfba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/pk11wrap/pk11pbe.c
parentb4154e043bfc0d2f301d88304efc896989d650bf (diff)
downloadUXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11pbe.c')
-rw-r--r--security/nss/lib/pk11wrap/pk11pbe.c19
1 files changed, 1 insertions, 18 deletions
diff --git a/security/nss/lib/pk11wrap/pk11pbe.c b/security/nss/lib/pk11wrap/pk11pbe.c
index 5f68f399e..bea9333f6 100644
--- a/security/nss/lib/pk11wrap/pk11pbe.c
+++ b/security/nss/lib/pk11wrap/pk11pbe.c
@@ -367,24 +367,7 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
- /* Previously, the PKCS#12 files created with the old NSS
- * releases encoded the maximum key size of AES (that is 32)
- * in the keyLength field of PBKDF2-params. That resulted in
- * always performing AES-256 even if AES-128-CBC or
- * AES-192-CBC is specified in the encryptionScheme field of
- * PBES2-params. This is wrong, but for compatibility reasons,
- * check the keyLength field and use the value if it is 32.
- */
- if (p5_param.keyLength.data != NULL) {
- length = DER_GetInteger(&p5_param.keyLength);
- }
- /* If the keyLength field is present and contains a value
- * other than 32, that means the file is created outside of
- * NSS, which we don't care about. Note that the following
- * also handles the case when the field is absent. */
- if (length != 32) {
- length = sec_pkcs5v2_aes_key_length(cipherAlg);
- }
+ length = sec_pkcs5v2_aes_key_length(cipherAlg);
} else if (p5_param.keyLength.data != NULL) {
length = DER_GetInteger(&p5_param.keyLength);
} else {