Update NSPR to 4.12 and NSS to 3.23 on iOS

nss/lib/pk11wrap/pk11pbe.c

Index: nss/lib/pk11wrap/pk11pbe.c
diff --git a/nss/lib/pk11wrap/pk11pbe.c b/nss/lib/pk11wrap/pk11pbe.c
index cc72faf608b19adeb13e54031a4abe2bb3fed369..35205bbfffdd658763b419ee4a81b788106bec9b 100644
--- a/nss/lib/pk11wrap/pk11pbe.c
+++ b/nss/lib/pk11wrap/pk11pbe.c
@@ -636,7 +636,7 @@ sec_pkcs5CreateAlgorithmID(SECOidTag algorithm,
 		goto loser;
 	    }
 	}
-	/* currently only SEC_OID_HMAC_SHA1 is defined */
+	/* currently SEC_OID_HMAC_SHA1 is the default */
 	if (prfAlg == SEC_OID_UNKNOWN) {
 	    prfAlg = SEC_OID_HMAC_SHA1;
 	}
@@ -805,13 +805,26 @@ pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech)
  	    p5_param.pPrfAlgId->algorithm.data != 0) {
  	    prfAlgTag = SECOID_GetAlgorithmTag(p5_param.pPrfAlgId);
 	}
-	if (prfAlgTag == SEC_OID_HMAC_SHA1) {
-	    pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
-	} else {
-	    /* only SHA1_HMAC is currently supported by PKCS #11 */
-	    PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-	    goto loser;
-	}
+        switch (prfAlgTag) {
+        case SEC_OID_HMAC_SHA1:
+            pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
+            break;
+        case SEC_OID_HMAC_SHA224:
+            pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA224;
+            break;
+        case SEC_OID_HMAC_SHA256:
+            pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA256;
+            break;
+        case SEC_OID_HMAC_SHA384:
+            pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA384;
+            break;
+        case SEC_OID_HMAC_SHA512:
+            pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA512;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            goto loser;
+        }
 	
 	/* probably should fetch these from the prfAlgid */
 	pbeV2_params->pPrfData = NULL;