Update NSS to 3.38

- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.

1 files changed, 17 insertions, 11 deletions

diff --git a/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
index f4940bf282..92947c2c70 100644
--- a/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
@@ -20,14 +20,16 @@ namespace nss_test {
 // This class cuts every unencrypted handshake record into two parts.
 class RecordFragmenter : public PacketFilter {
  public:
-  RecordFragmenter() : sequence_number_(0), splitting_(true) {}
+  RecordFragmenter(bool is_dtls13)
+      : is_dtls13_(is_dtls13), sequence_number_(0), splitting_(true) {}
 
  private:
   class HandshakeSplitter {
    public:
-    HandshakeSplitter(const DataBuffer& input, DataBuffer* output,
-                      uint64_t* sequence_number)
-        : input_(input),
+    HandshakeSplitter(bool is_dtls13, const DataBuffer& input,
+                      DataBuffer* output, uint64_t* sequence_number)
+        : is_dtls13_(is_dtls13),
+          input_(input),
           output_(output),
           cursor_(0),
           sequence_number_(sequence_number) {}
@@ -35,9 +37,9 @@ class RecordFragmenter : public PacketFilter {
    private:
     void WriteRecord(TlsRecordHeader& record_header,
                      DataBuffer& record_fragment) {
-      TlsRecordHeader fragment_header(record_header.version(),
-                                      record_header.content_type(),
-                                      *sequence_number_);
+      TlsRecordHeader fragment_header(
+          record_header.variant(), record_header.version(),
+          record_header.content_type(), *sequence_number_);
       ++*sequence_number_;
       if (::g_ssl_gtest_verbose) {
         std::cerr << "Fragment: " << fragment_header << ' ' << record_fragment
@@ -88,7 +90,7 @@ class RecordFragmenter : public PacketFilter {
       while (parser.remaining()) {
         TlsRecordHeader header;
         DataBuffer record;
-        if (!header.Parse(0, &parser, &record)) {
+        if (!header.Parse(is_dtls13_, 0, &parser, &record)) {
           ADD_FAILURE() << "bad record header";
           return false;
         }
@@ -118,6 +120,7 @@ class RecordFragmenter : public PacketFilter {
     }
 
    private:
+    bool is_dtls13_;
     const DataBuffer& input_;
     DataBuffer* output_;
     size_t cursor_;
@@ -132,7 +135,7 @@ class RecordFragmenter : public PacketFilter {
     }
 
     output->Allocate(input.len());
-    HandshakeSplitter splitter(input, output, &sequence_number_);
+    HandshakeSplitter splitter(is_dtls13_, input, output, &sequence_number_);
     if (!splitter.Split()) {
       // If splitting fails, we obviously reached encrypted packets.
       // Stop splitting from that point onward.
@@ -144,18 +147,21 @@ class RecordFragmenter : public PacketFilter {
   }
 
  private:
+  bool is_dtls13_;
   uint64_t sequence_number_;
   bool splitting_;
 };
 
 TEST_P(TlsConnectDatagram, FragmentClientPackets) {
-  client_->SetFilter(std::make_shared<RecordFragmenter>());
+  bool is_dtls13 = version_ >= SSL_LIBRARY_VERSION_TLS_1_3;
+  client_->SetFilter(std::make_shared<RecordFragmenter>(is_dtls13));
   Connect();
   SendReceive();
 }
 
 TEST_P(TlsConnectDatagram, FragmentServerPackets) {
-  server_->SetFilter(std::make_shared<RecordFragmenter>());
+  bool is_dtls13 = version_ >= SSL_LIBRARY_VERSION_TLS_1_3;
+  server_->SetFilter(std::make_shared<RecordFragmenter>(is_dtls13));
   Connect();
   SendReceive();
 }