Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.

1 files changed, 23 insertions, 34 deletions

diff --git a/security/nss/lib/ssl/selfencrypt.c b/security/nss/lib/ssl/selfencrypt.c
index 97217b4a6..6d6e25cfc 100644
--- a/security/nss/lib/ssl/selfencrypt.c
+++ b/security/nss/lib/ssl/selfencrypt.c
@@ -11,6 +11,7 @@
 #include "pk11func.h"
 #include "ssl.h"
 #include "sslt.h"
+#include "ssl3encode.h"
 #include "sslimpl.h"
 #include "selfencrypt.h"
 
@@ -120,11 +121,12 @@ ssl_SelfEncryptProtectInt(
     PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen)
 {
     unsigned int len;
-    unsigned int lenOffset;
     unsigned char iv[AES_BLOCK_SIZE];
     SECItem ivItem = { siBuffer, iv, sizeof(iv) };
-    /* Write directly to out. */
-    sslBuffer buf = SSL_BUFFER_FIXED(out, maxOutLen);
+    unsigned char mac[SHA256_LENGTH]; /* SHA-256 */
+    unsigned int macLen;
+    SECItem outItem = { siBuffer, out, maxOutLen };
+    SECItem lengthBytesItem;
     SECStatus rv;
 
     /* Generate a random IV */
@@ -135,54 +137,52 @@ ssl_SelfEncryptProtectInt(
     }
 
     /* Add header. */
-    rv = sslBuffer_Append(&buf, keyName, SELF_ENCRYPT_KEY_NAME_LEN);
+    rv = ssl3_AppendToItem(&outItem, keyName, SELF_ENCRYPT_KEY_NAME_LEN);
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = sslBuffer_Append(&buf, iv, sizeof(iv));
+    rv = ssl3_AppendToItem(&outItem, iv, sizeof(iv));
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* Leave space for the length of the ciphertext. */
-    rv = sslBuffer_Skip(&buf, 2, &lenOffset);
+    /* Skip forward by two so we can encode the ciphertext in place. */
+    lengthBytesItem = outItem;
+    rv = ssl3_AppendNumberToItem(&outItem, 0, 2);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* Encode the ciphertext in place. */
     rv = PK11_Encrypt(encKey, CKM_AES_CBC_PAD, &ivItem,
-                      SSL_BUFFER_NEXT(&buf), &len,
-                      SSL_BUFFER_SPACE(&buf), in, inLen);
-    if (rv != SECSuccess) {
-        return SECFailure;
-    }
-    rv = sslBuffer_Skip(&buf, len, NULL);
+                      outItem.data, &len, outItem.len, in, inLen);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    rv = sslBuffer_InsertLength(&buf, lenOffset, 2);
+    outItem.data += len;
+    outItem.len -= len;
+
+    /* Now encode the ciphertext length. */
+    rv = ssl3_AppendNumberToItem(&lengthBytesItem, len, 2);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    /* MAC the entire output buffer into the output. */
-    PORT_Assert(buf.space - buf.len >= SHA256_LENGTH);
+    /* MAC the entire output buffer and append the MAC to the end. */
     rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC,
-                       SSL_BUFFER_BASE(&buf), /* input */
-                       SSL_BUFFER_LEN(&buf),
-                       SSL_BUFFER_NEXT(&buf), &len, /* output */
-                       SHA256_LENGTH);
+                       out, outItem.data - out,
+                       mac, &macLen, sizeof(mac));
     if (rv != SECSuccess) {
         return SECFailure;
     }
-    rv = sslBuffer_Skip(&buf, len, NULL);
+    PORT_Assert(macLen == sizeof(mac));
+
+    rv = ssl3_AppendToItem(&outItem, mac, macLen);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
-    *outLen = SSL_BUFFER_LEN(&buf);
+    *outLen = outItem.data - out;
     return SECSuccess;
 }
 
@@ -269,17 +269,6 @@ ssl_SelfEncryptUnprotectInt(
 }
 #endif
 
-/* Predict the size of the encrypted data, including padding */
-unsigned int
-ssl_SelfEncryptGetProtectedSize(unsigned int inLen)
-{
-    return SELF_ENCRYPT_KEY_NAME_LEN +
-           AES_BLOCK_SIZE +
-           2 +
-           ((inLen / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE + /* Padded */
-           SHA256_LENGTH;
-}
-
 SECStatus
 ssl_SelfEncryptProtect(
     sslSocket *ss, const PRUint8 *in, unsigned int inLen,