From fba28f19754f62b5227650143d5441fc86d4c7d7 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Wed, 25 Apr 2018 21:33:33 +0200
Subject: Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
---
 security/nss/lib/pkcs12/p12d.c     | 63 ++++++--------------------------------
 security/nss/lib/pkcs12/p12local.c |  3 +-
 2 files changed, 11 insertions(+), 55 deletions(-)

(limited to 'security/nss/lib/pkcs12')

diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
index dfe7015df..57333ac37 100644
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -3,7 +3,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nssrenam.h"
-#include "nss.h"
 #include "p12t.h"
 #include "p12.h"
 #include "plarena.h"
@@ -127,7 +126,6 @@ struct SEC_PKCS12DecoderContextStr {
     SECKEYGetPasswordKey pwfn;
     void *pwfnarg;
     PRBool swapUnicodeBytes;
-    PRBool forceUnicode;
 
     /* import information */
     PRBool bagsVerified;
@@ -194,18 +192,8 @@ sec_pkcs12_decoder_get_decrypt_key(void *arg, SECAlgorithmID *algid)
     }
 
     algorithm = SECOID_GetAlgorithmTag(algid);
-
-    if (p12dcx->forceUnicode) {
-        if (SECITEM_CopyItem(NULL, &pwitem, p12dcx->pwitem) != SECSuccess) {
-            PK11_FreeSlot(slot);
-            return NULL;
-        }
-    } else {
-        if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem)) {
-            PK11_FreeSlot(slot);
-            return NULL;
-        }
-    }
+    if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm, p12dcx->pwitem))
+        return NULL;
 
     bulkKey = PK11_PBEKeyGen(slot, algid, &pwitem, PR_FALSE, p12dcx->wincx);
     /* some tokens can't generate PBE keys on their own, generate the
@@ -1176,8 +1164,6 @@ SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
 {
     SEC_PKCS12DecoderContext *p12dcx;
     PLArenaPool *arena;
-    PRInt32 forceUnicode = PR_FALSE;
-    SECStatus rv;
 
     arena = PORT_NewArena(2048); /* different size? */
     if (!arena) {
@@ -1210,11 +1196,6 @@ SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
 #else
     p12dcx->swapUnicodeBytes = PR_FALSE;
 #endif
-    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
-    if (rv != SECSuccess) {
-        goto loser;
-    }
-    p12dcx->forceUnicode = forceUnicode;
     p12dcx->errorValue = 0;
     p12dcx->error = PR_FALSE;
 
@@ -2447,7 +2428,7 @@ sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey, KeyType *type);
 static SECStatus
 sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
                    unsigned int keyUsage,
-                   SECItem *nickName, PRBool forceUnicode, void *wincx)
+                   SECItem *nickName, void *wincx)
 {
     SECStatus rv;
     SECItem *publicValue = NULL;
@@ -2485,21 +2466,9 @@ sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
                 &key->safeBagContent.pkcs8ShroudedKeyBag->algorithm;
             SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
 
-            if (forceUnicode) {
-                if (SECITEM_CopyItem(NULL, &pwitem, key->pwitem) != SECSuccess) {
-                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
-                    key->problem = PR_TRUE;
-                    return SECFailure;
-                }
-            } else {
-                if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
-                                                key->pwitem)) {
-                    key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
-                    key->problem = PR_TRUE;
-                    return SECFailure;
-                }
-            }
-
+            if (!sec_pkcs12_decode_password(NULL, &pwitem, algorithm,
+                                            key->pwitem))
+                return SECFailure;
             rv = PK11_ImportEncryptedPrivateKeyInfo(key->slot,
                                                     key->safeBagContent.pkcs8ShroudedKeyBag,
                                                     &pwitem, nickName, publicValue,
@@ -2954,8 +2923,7 @@ sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey,
  * two passes in sec_pkcs12_validate_bags.
  */
 static SECStatus
-sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
-                        void *wincx)
+sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, void *wincx)
 {
     sec_PKCS12SafeBag **keyList;
     int i;
@@ -3008,8 +2976,7 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
                 key->problem = PR_TRUE;
                 rv = SECFailure;
             } else {
-                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName,
-                                        forceUnicode, wincx);
+                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName, wincx);
             }
             if (pubKey) {
                 SECKEY_DestroyPublicKey(pubKey);
@@ -3086,9 +3053,6 @@ sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, PRBool forceUnicode,
 SECStatus
 SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
 {
-    PRBool forceUnicode = PR_FALSE;
-    SECStatus rv;
-
     if (!p12dcx || p12dcx->error) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
@@ -3098,16 +3062,7 @@ SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
         return SECFailure;
     }
 
-    /* We need to check the option here as well as in
-     * SEC_PKCS12DecoderStart, because different PBE's could be used
-     * for PKCS #7 and PKCS #8 */
-    rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-
-    return sec_pkcs12_install_bags(p12dcx->safeBags, forceUnicode,
-                                   p12dcx->wincx);
+    return sec_pkcs12_install_bags(p12dcx->safeBags, p12dcx->wincx);
 }
 
 PRBool
diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c
index 53e3aa6bb..a94c08be1 100644
--- a/security/nss/lib/pkcs12/p12local.c
+++ b/security/nss/lib/pkcs12/p12local.c
@@ -267,7 +267,8 @@ sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
         return NULL;
     }
 
-    pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) * (salt->len + password->len));
+    pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) *
+                                                            (salt->len + password->len));
     if (pre_hash == NULL) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
         goto loser;
-- 
cgit v1.2.3