From f4a12fc67689a830e9da1c87fd11afe5bc09deb3 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Thu, 2 Jan 2020 21:06:40 +0100
Subject: Issue #1338 - Part 2: Update NSS to 3.48-RTM

---
 security/nss/fuzz/fuzz.gyp             | 3 ++-
 security/nss/fuzz/tls_client_target.cc | 1 +
 security/nss/fuzz/tls_common.cc        | 9 +++++++++
 security/nss/fuzz/tls_common.h         | 1 +
 security/nss/fuzz/tls_server_target.cc | 1 +
 5 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'security/nss/fuzz')

diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp
index 69e178319..292930a75 100644
--- a/security/nss/fuzz/fuzz.gyp
+++ b/security/nss/fuzz/fuzz.gyp
@@ -43,6 +43,7 @@
         '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
         # This is a static build of pk11wrap, softoken, and freebl.
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'cflags_cc': [
         '-Wno-error=shadow',
@@ -91,7 +92,7 @@
               '-lcrypto',
             ],
           }],
-          # For test builds we have to set MPI defines.
+          # For static builds we have to set MPI defines.
           [ 'target_arch=="ia32"', {
             'defines': [
               'MP_USE_UINT_DIGIT',
diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc
index a5b2a2c5f..461962c5d 100644
--- a/security/nss/fuzz/tls_client_target.cc
+++ b/security/nss/fuzz/tls_client_target.cc
@@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
   // Probably not too important for clients.
   SSL_SetURL(ssl_fd, "server");
 
+  FixTime(ssl_fd);
   SetSocketOptions(ssl_fd, config);
   EnableAllCipherSuites(ssl_fd);
   SetupCallbacks(ssl_fd, config.get());
diff --git a/security/nss/fuzz/tls_common.cc b/security/nss/fuzz/tls_common.cc
index 1e66684dc..b00ab26bf 100644
--- a/security/nss/fuzz/tls_common.cc
+++ b/security/nss/fuzz/tls_common.cc
@@ -5,9 +5,18 @@
 #include <assert.h>
 
 #include "ssl.h"
+#include "sslexp.h"
 
 #include "tls_common.h"
 
+static PRTime FixedTime(void*) { return 1234; }
+
+// Fix the time input, to avoid any time-based variation.
+void FixTime(PRFileDesc* fd) {
+  SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr);
+  assert(rv == SECSuccess);
+}
+
 PRStatus EnableAllProtocolVersions() {
   SSLVersionRange supported;
 
diff --git a/security/nss/fuzz/tls_common.h b/security/nss/fuzz/tls_common.h
index 8843347fa..e53accead 100644
--- a/security/nss/fuzz/tls_common.h
+++ b/security/nss/fuzz/tls_common.h
@@ -7,6 +7,7 @@
 
 #include "prinit.h"
 
+void FixTime(PRFileDesc* fd);
 PRStatus EnableAllProtocolVersions();
 void EnableAllCipherSuites(PRFileDesc* fd);
 void DoHandshake(PRFileDesc* fd, bool isServer);
diff --git a/security/nss/fuzz/tls_server_target.cc b/security/nss/fuzz/tls_server_target.cc
index 0c0902077..41a55541c 100644
--- a/security/nss/fuzz/tls_server_target.cc
+++ b/security/nss/fuzz/tls_server_target.cc
@@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
   PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
   assert(ssl_fd == fd.get());
 
+  FixTime(ssl_fd);
   SetSocketOptions(ssl_fd, config);
   DoHandshake(ssl_fd, true);
 
-- 
cgit v1.2.3