Update NSS to 3.38

- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.

2 files changed, 4 insertions, 6 deletions

diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c
index aa648ad8c..4234ecd09 100644
--- a/security/nss/cmd/vfyserv/vfyserv.c
+++ b/security/nss/cmd/vfyserv/vfyserv.c
@@ -327,9 +327,7 @@ do_connects(void *a, int connection)
 }
 
 void
-client_main(unsigned short port,
-            int connections,
-            const char *hostName)
+client_main(int connections)
 {
     int i;
     SECStatus secStatus;
@@ -553,7 +551,7 @@ main(int argc, char **argv)
         }
     }
 
-    client_main(port, connections, hostName);
+    client_main(connections);
 
 cleanup:
     if (doOcspCheck) {
diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c
index 2f1b53262..d3d8a206e 100644
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -310,13 +310,13 @@ myHandshakeCallback(PRFileDesc *socket, void *arg)
 void
 disableAllSSLCiphers(void)
 {
-    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+    const PRUint16 *allSuites = SSL_ImplementedCiphers;
     int i = SSL_NumImplementedCiphers;
     SECStatus rv;
 
     /* disable all the SSL3 cipher suites */
     while (--i >= 0) {
-        PRUint16 suite = cipherSuites[i];
+        PRUint16 suite = allSuites[i];
         rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
         if (rv != SECSuccess) {
             fprintf(stderr,