Update NSS to NSS 3.13.5 (from NSS 3.13.3).

nss/mozilla/security/nss/lib/pkcs7/p7create.c

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 19 matching lines @@
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 
 /*
  * PKCS7 creation.
  *
- * $Id: p7create.c,v 1.9 2008/02/03 06:08:48 nelson%bolyard.com Exp $
+ * $Id: p7create.c,v 1.10 2012/03/19 22:16:34 kaie%kuix.de Exp $
  */
 
 #include "p7local.h"
 
 #include "cert.h"
 #include "secasn1.h"
 #include "secitem.h"
 #include "secoid.h"
 #include "pk11func.h"
 #include "prtime.h"
 #include "secerr.h"
 #include "secder.h"
 #include "secpkcs5.h"
 
+const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */
+
 static SECStatus
 sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PRArenaPool *poolp,
                              SECOidTag kind, PRBool detached)
 {
     void *thing;
     int version;
     SECItem *versionp;
     SECStatus rv;
 
     PORT_Assert (cinfo != NULL && poolp != NULL);
@@ skipping 1221 matching lines @@
         rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL);
     } else {
         /* Assume password-based-encryption.  
          * Note: we can't generate pkcs5v2 from this interface.
          * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
          * non-PBE oids and assuming that they are pkcs5v2 oids, but
          * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
          * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData
          * to create pkcs5v2 PBEs */
         SECAlgorithmID *pbe_algid;
-        pbe_algid = PK11_CreatePBEAlgorithmID (algorithm, 1, NULL);
+        pbe_algid = PK11_CreatePBEAlgorithmID(algorithm,
+                                              NSS_PBE_DEFAULT_ITERATION_COUNT,
+                                              NULL);
         if (pbe_algid == NULL) {
             rv = SECFailure;
         } else {
             rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid);
             SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
         }
     }
 
     if (rv != SECSuccess) {
         SEC_PKCS7DestroyContentInfo (cinfo);
         return NULL;
     }
 
     rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo),
                                                 cinfo->poolp,
                                                 SEC_OID_PKCS7_DATA, PR_FALSE,
                                                 algorithm, keysize);
     if (rv != SECSuccess) {
         SEC_PKCS7DestroyContentInfo (cinfo);
         return NULL;
     }
 
     return cinfo;
 }