Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.

7 files changed, 25 insertions, 52 deletions

diff --git a/security/nss/fuzz/config/clone_libfuzzer.sh b/security/nss/fuzz/config/clone_libfuzzer.sh
index c516057d7..f1dc2e14b 100644
--- a/security/nss/fuzz/config/clone_libfuzzer.sh
+++ b/security/nss/fuzz/config/clone_libfuzzer.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-LIBFUZZER_REVISION=6937e68f927b6aefe526fcb9db8953f497e6e74d
+LIBFUZZER_REVISION=56bd1d43451cca4b6a11d3be316bb77ab159b09d
 
 d=$(dirname $0)
 $d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer $LIBFUZZER_REVISION $d/../libFuzzer
diff --git a/security/nss/fuzz/config/git-copy.sh b/security/nss/fuzz/config/git-copy.sh
index a9e817e2a..a5c7d371d 100644
--- a/security/nss/fuzz/config/git-copy.sh
+++ b/security/nss/fuzz/config/git-copy.sh
@@ -7,18 +7,18 @@ if [ $# -lt 3 ]; then
   exit 2
 fi
 
-REPO="$1"
-COMMIT="$2"
-DIR="$3"
+REPO=$1
+COMMIT=$2
+DIR=$3
 
 echo "Copy '$COMMIT' from '$REPO' to '$DIR'"
-if [ -f "$DIR"/.git-copy ]; then
-  CURRENT=$(cat "$DIR"/.git-copy)
-  if [ $(echo -n "$COMMIT" | wc -c) != "40" ]; then
+if [ -f $DIR/.git-copy ]; then
+  CURRENT=$(cat $DIR/.git-copy)
+  if [ $(echo -n $COMMIT | wc -c) != "40" ]; then
     # On the off chance that $COMMIT is a remote head.
-    ACTUAL=$(git ls-remote "$REPO" "$COMMIT" | cut -c 1-40 -)
+    ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -)
   else
-    ACTUAL="$COMMIT"
+    ACTUAL=$COMMIT
   fi
   if [ "$CURRENT" = "$ACTUAL" ]; then
     echo "Up to date."
@@ -26,9 +26,8 @@ if [ -f "$DIR"/.git-copy ]; then
   fi
 fi
 
-rm -rf "$DIR"
-git init -q "$DIR"
-git -C "$DIR" fetch -q --depth=1 "$REPO" "$COMMIT":git-copy-tmp
-git -C "$DIR" reset --hard git-copy-tmp
-git -C "$DIR" rev-parse --verify HEAD > "$DIR"/.git-copy
-rm -rf "$DIR"/.git
+git init -q $DIR
+git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp
+git -C $DIR reset --hard git-copy-tmp
+git -C $DIR rev-parse --verify HEAD > $DIR/.git-copy
+rm -rf $DIR/.git
diff --git a/security/nss/fuzz/mpi_expmod_target.cc b/security/nss/fuzz/mpi_expmod_target.cc
index b9be5854f..ed31da354 100644
--- a/security/nss/fuzz/mpi_expmod_target.cc
+++ b/security/nss/fuzz/mpi_expmod_target.cc
@@ -19,15 +19,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   auto modulus = get_modulus(data, size, ctx);
   // Compare with OpenSSL exp mod
   m1 = &std::get<1>(modulus);
-  // The exponent b (B) can get really big. Make it smaller if necessary.
-  if (MP_USED(&b) > 100) {
-    size_t shift = (MP_USED(&b) - 100) * MP_DIGIT_BIT;
-    mp_div_2d(&b, shift, &b, nullptr);
-    BN_rshift(B, B, shift);
-  }
-  check_equal(A, &a, max_size);
-  check_equal(B, &b, max_size);
-  check_equal(std::get<0>(modulus), m1, 3 * max_size);
   assert(mp_exptmod(&a, &b, m1, &c) == MP_OKAY);
   (void)BN_mod_exp(C, A, B, std::get<0>(modulus), ctx);
   check_equal(C, &c, 2 * max_size);
diff --git a/security/nss/fuzz/mpi_helper.cc b/security/nss/fuzz/mpi_helper.cc
index d092fdb11..65cf4b9cd 100644
--- a/security/nss/fuzz/mpi_helper.cc
+++ b/security/nss/fuzz/mpi_helper.cc
@@ -12,12 +12,6 @@ char *to_char(const uint8_t *x) {
   return reinterpret_cast<char *>(const_cast<unsigned char *>(x));
 }
 
-void print_bn(std::string label, BIGNUM *x) {
-  char *xc = BN_bn2hex(x);
-  std::cout << label << ": " << std::hex << xc << std::endl;
-  OPENSSL_free(xc);
-}
-
 // Check that the two numbers are equal.
 void check_equal(BIGNUM *b, mp_int *m, size_t max_size) {
   char *bnBc = BN_bn2hex(b);
diff --git a/security/nss/fuzz/mpi_helper.h b/security/nss/fuzz/mpi_helper.h
index ef7041b25..17383744b 100644
--- a/security/nss/fuzz/mpi_helper.h
+++ b/security/nss/fuzz/mpi_helper.h
@@ -23,7 +23,6 @@ void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
 void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a);
 std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
                                          BN_CTX *ctx);
-void print_bn(std::string label, BIGNUM *x);
 
 // Initialise MPI and BN variables
 // XXX: Also silence unused variable warnings for R.
diff --git a/security/nss/fuzz/tls_mutators.cc b/security/nss/fuzz/tls_mutators.cc
index 228bd0bb7..e9770cb39 100644
--- a/security/nss/fuzz/tls_mutators.cc
+++ b/security/nss/fuzz/tls_mutators.cc
@@ -2,14 +2,11 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include <algorithm>
 #include "shared.h"
 #include "tls_parser.h"
 
 #include "ssl.h"
-extern "C" {
 #include "sslimpl.h"
-}
 
 using namespace nss_test;
 
@@ -42,9 +39,7 @@ class Record {
   void truncate(size_t length) {
     assert(length >= 5 + gExtraHeaderBytes);
     uint8_t *dest = const_cast<uint8_t *>(data_);
-    size_t l = length - (5 + gExtraHeaderBytes);
-    dest[3] = (l >> 8) & 0xff;
-    dest[4] = l & 0xff;
+    (void)ssl_EncodeUintX(length - 5 - gExtraHeaderBytes, 2, &dest[3]);
     memmove(dest + length, data_ + size_, remaining_);
   }
 
@@ -227,8 +222,8 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Pick a record to fragment at random.
-  std::uniform_int_distribution<size_t> rand_record(0, records.size() - 1);
-  auto &rec = records.at(rand_record(rng));
+  std::uniform_int_distribution<size_t> dist(0, records.size() - 1);
+  auto &rec = records.at(dist(rng));
   uint8_t *rdata = const_cast<uint8_t *>(rec->data());
   size_t length = rec->size();
   size_t content_length = length - 5;
@@ -238,21 +233,17 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Assign a new length to the first fragment.
-  std::uniform_int_distribution<size_t> rand_size(1, content_length - 1);
-  size_t first_length = rand_size(rng);
-  size_t second_length = content_length - first_length;
-  rdata[3] = (first_length >> 8) & 0xff;
-  rdata[4] = first_length & 0xff;
-  uint8_t *second_record = rdata + 5 + first_length;
+  size_t new_length = content_length / 2;
+  uint8_t *content = ssl_EncodeUintX(new_length, 2, &rdata[3]);
 
-  // Make room for the header of the second record.
-  memmove(second_record + 5, second_record,
-          rec->remaining() + content_length - first_length);
+  // Make room for one more header.
+  memmove(content + new_length + 5, content + new_length,
+          rec->remaining() + content_length - new_length);
 
   // Write second header.
-  memcpy(second_record, rdata, 3);
-  second_record[3] = (second_length >> 8) & 0xff;
-  second_record[4] = second_length & 0xff;
+  memcpy(content + new_length, rdata, 3);
+  (void)ssl_EncodeUintX(content_length - new_length, 2,
+                        &content[new_length + 3]);
 
   return size + 5;
 }
diff --git a/security/nss/fuzz/tls_socket.h b/security/nss/fuzz/tls_socket.h
index e30f6fa3c..61fa4b3a8 100644
--- a/security/nss/fuzz/tls_socket.h
+++ b/security/nss/fuzz/tls_socket.h
@@ -10,7 +10,6 @@
 class DummyPrSocket : public DummyIOLayerMethods {
  public:
   DummyPrSocket(const uint8_t *buf, size_t len) : buf_(buf), len_(len) {}
-  virtual ~DummyPrSocket() {}
 
   int32_t Read(PRFileDesc *f, void *data, int32_t len) override;
   int32_t Write(PRFileDesc *f, const void *buf, int32_t length) override;