Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea

author: Kai Engert <kaie@kuix.de> 2019-11-01 10:46:52 +0100
committer: Kai Engert <kaie@kuix.de> 2019-11-01 10:46:52 +0100
commit: 5e97ced61c7932b7694500168ea11437025eb0fc (patch)
tree: 2e3959cf1394fa5f82e53b2c441b1b54d1f26032 /lib/softoken/lgglue.c
parent: 4e8dff13b030da024977cabc07f0ae26fd55d1e6 (diff)
download: nss-hg-5e97ced61c7932b7694500168ea11437025eb0fc.tar.gz
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/softoken/lgglue.c b/lib/softoken/lgglue.c
index 67f17943b..8cfb4ec56 100644
--- a/lib/softoken/lgglue.c
+++ b/lib/softoken/lgglue.c
@@ -194,12 +194,15 @@ sftkdb_encrypt_stub(PLArenaPool *arena, SDB *sdb, SECItem *plainText,
         /* PORT_SetError */
         return SECFailure;
     }
-    if (handle->newKey) {
-        key = handle->newKey;
-        iterationCount = handle->newDefaultIterationCount;
+    key = handle->newKey ? handle->newKey : &handle->passwordKey;
+    if (sftk_isLegacyIterationCountAllowed()) {
+        if (handle->newKey) {
+            iterationCount = handle->newDefaultIterationCount;
+        } else {
+            iterationCount = handle->defaultIterationCount;
+        }
     } else {
-        key = &handle->passwordKey;
-        iterationCount = handle->defaultIterationCount;
+        iterationCount = 1;
     }
 
     rv = sftkdb_EncryptAttribute(arena, key, iterationCount,
author	Kai Engert <kaie@kuix.de>	2019-11-01 10:46:52 +0100
committer	Kai Engert <kaie@kuix.de>	2019-11-01 10:46:52 +0100
commit	5e97ced61c7932b7694500168ea11437025eb0fc (patch)
tree	2e3959cf1394fa5f82e53b2c441b1b54d1f26032 /lib/softoken/lgglue.c
parent	4e8dff13b030da024977cabc07f0ae26fd55d1e6 (diff)
download	nss-hg-5e97ced61c7932b7694500168ea11437025eb0fc.tar.gz