Backed out changeset a94ec6a0d746 (bug 1386955) for build bustage CLOSED TREE UPGRADE_NSS_RELEASE
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Tue, 05 Sep 2017 12:42:00 +0200
changeset 659168 5d0904a71fa8e6371ab6f564415480905cf9127b
parent 659167 9e03d843a3ab55262828eac2b1a3574adf77ba24
child 659169 104172464a8f93a29a0f9d101427ce1d62eeabff
push id78047
push userbmo:francesco.lodolo@gmail.com
push dateTue, 05 Sep 2017 17:25:17 +0000
bugs1386955
milestone57.0a1
backs outa94ec6a0d746f466becf71d31b345eb36694c17a
Backed out changeset a94ec6a0d746 (bug 1386955) for build bustage CLOSED TREE UPGRADE_NSS_RELEASE MozReview-Commit-ID: 8bFoSz1zPWu
security/nss/TAG-INFO
security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
security/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh
security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh
security/nss/automation/taskcluster/graph/src/extend.js
security/nss/coreconf/coreconf.dep
security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
security/nss/gtests/util_gtest/manifest.mn
security/nss/gtests/util_gtest/util_aligned_malloc_unittest.cc
security/nss/gtests/util_gtest/util_gtest.gyp
security/nss/gtests/util_gtest/util_memcmpzero_unittest.cc
security/nss/lib/freebl/ecl/ecp_25519.c
security/nss/lib/freebl/gcm.c
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/stubs.c
security/nss/lib/freebl/stubs.h
security/nss/lib/nss/utilwrap.c
security/nss/lib/ssl/ssl3con.c
security/nss/lib/util/nssutil.def
security/nss/lib/util/secport.c
security/nss/lib/util/secport.h
security/nss/lib/util/utilrename.h
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-4bf658832d89
+7fcf7848095c
deleted file mode 100644
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-FROM ubuntu:14.04
-MAINTAINER Tim Taubert <ttaubert@mozilla.com>
-
-RUN useradd -d /home/worker -s /bin/bash -m worker
-WORKDIR /home/worker
-
-# Add build and test scripts.
-ADD bin /home/worker/bin
-RUN chmod +x /home/worker/bin/*
-
-# Install dependencies.
-ADD setup.sh /tmp/setup.sh
-RUN bash /tmp/setup.sh
-
-# Change user.
-USER worker
-
-# Env variables.
-ENV HOME /home/worker
-ENV SHELL /bin/bash
-ENV USER worker
-ENV LOGNAME worker
-ENV HOSTNAME taskcluster-worker
-ENV LANG en_US.UTF-8
-ENV LC_ALL en_US.UTF-8
-ENV HOST localhost
-ENV DOMSUF localdomain
-
-# Set a default command for debugging.
-CMD ["/bin/bash", "--login"]
deleted file mode 100644
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-if [ $(id -u) = 0 ]; then
-    # Drop privileges by re-running this script.
-    exec su worker $0
-fi
-
-# Default values for testing.
-REVISION=${NSS_HEAD_REVISION:-default}
-REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
-
-# Clone NSS.
-for i in 0 2 5; do
-    sleep $i
-    hg clone -r $REVISION $REPOSITORY nss && exit 0
-    rm -rf nss
-done
-exit 1
deleted file mode 100644
--- a/security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-
-set -v -e -x
-
-# Update packages.
-export DEBIAN_FRONTEND=noninteractive
-apt-get -y update && apt-get -y upgrade
-
-apt_packages=()
-apt_packages+=('ca-certificates')
-apt_packages+=('g++-4.4')
-apt_packages+=('gcc-4.4')
-apt_packages+=('locales')
-apt_packages+=('make')
-apt_packages+=('mercurial')
-apt_packages+=('zlib1g-dev')
-
-# Install packages.
-apt-get -y update
-apt-get install -y --no-install-recommends ${apt_packages[@]}
-
-locale-gen en_US.UTF-8
-dpkg-reconfigure locales
-
-# Cleanup.
-rm -rf ~/.ccache ~/.cache
-apt-get autoremove -y
-apt-get clean
-apt-get autoclean
-rm $0
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -10,21 +10,16 @@ const LINUX_IMAGE = {
   path: "automation/taskcluster/docker"
 };
 
 const LINUX_CLANG39_IMAGE = {
   name: "linux-clang-3.9",
   path: "automation/taskcluster/docker-clang-3.9"
 };
 
-const LINUX_GCC44_IMAGE = {
-  name: "linux-gcc-4.4",
-  path: "automation/taskcluster/docker-gcc-4.4"
-};
-
 const FUZZ_IMAGE = {
   name: "fuzz",
   path: "automation/taskcluster/docker-fuzz"
 };
 
 const HACL_GEN_IMAGE = {
   name: "hacl",
   path: "automation/taskcluster/docker-hacl"
@@ -406,36 +401,16 @@ async function scheduleLinux(name, base,
     env: {
       CC: "clang",
       CCC: "clang++",
     },
     symbol: "clang-4.0"
   }));
 
   queue.scheduleTask(merge(extra_base, {
-    name: `${name} w/ gcc-4.4`,
-    image: LINUX_GCC44_IMAGE,
-    env: {
-      USE_64: "1",
-      CC: "gcc-4.4",
-      CCC: "g++-4.4",
-      // gcc-4.6 introduced nullptr.
-      NSS_DISABLE_GTESTS: "1",
-    },
-    // Use the old Makefile-based build system, GYP doesn't have a proper GCC
-    // version check for __int128 support. It's mainly meant to cover RHEL6.
-    command: [
-      "/bin/bash",
-      "-c",
-      "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh",
-    ],
-    symbol: "gcc-4.4"
-  }));
-
-  queue.scheduleTask(merge(extra_base, {
     name: `${name} w/ gcc-4.8`,
     env: {
       CC: "gcc-4.8",
       CCC: "g++-4.8"
     },
     symbol: "gcc-4.8"
   }));
 
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -221,24 +221,24 @@ TEST_P(TlsConnectStream, ShortRead) {
   // Read the first tranche.
   client_->ReadBytes(20);
   ASSERT_EQ(20U, client_->received_bytes());
   // The second tranche should now immediately be available.
   client_->ReadBytes();
   ASSERT_EQ(50U, client_->received_bytes());
 }
 
-// We enable compression via the API but it's disabled internally,
-// so we should never get it.
-TEST_P(TlsConnectGeneric, ConnectWithCompressionEnabled) {
+TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
   EnsureTlsSetup();
   client_->EnableCompression();
   server_->EnableCompression();
   Connect();
-  EXPECT_FALSE(client_->is_compressed());
+  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
+                variant_ != ssl_variant_datagram,
+            client_->is_compressed());
   SendReceive();
 }
 
 TEST_P(TlsConnectDatagram, TestDtlsHolddownExpiry) {
   Connect();
   std::cerr << "Expiring holddown timer\n";
   SSLInt_ForceTimerExpiry(client_->ssl_fd());
   SSLInt_ForceTimerExpiry(server_->ssl_fd());
--- a/security/nss/gtests/util_gtest/manifest.mn
+++ b/security/nss/gtests/util_gtest/manifest.mn
@@ -5,18 +5,16 @@
 CORE_DEPTH = ../..
 DEPTH      = ../..
 MODULE = nss
 
 CPPSRCS = \
 	util_utf8_unittest.cc \
 	util_b64_unittest.cc \
 	util_pkcs11uri_unittest.cc \
-	util_aligned_malloc_unittest.cc \
-	util_memcmpzero_unittest.cc \
 	$(NULL)
 
 INCLUDES += \
 	-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
 	-I$(CORE_DEPTH)/gtests/common \
 	-I$(CORE_DEPTH)/cpputil \
 	$(NULL)
 
deleted file mode 100644
--- a/security/nss/gtests/util_gtest/util_aligned_malloc_unittest.cc
+++ /dev/null
@@ -1,82 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-#include "scoped_ptrs_util.h"
-
-namespace nss_test {
-
-struct SomeContext {
-  uint8_t some_buf[13];
-  void *mem;
-};
-
-template <class T>
-struct ScopedDelete {
-  void operator()(T *ptr) {
-    if (ptr) {
-      PORT_Free(ptr->mem);
-    }
-  }
-};
-typedef std::unique_ptr<SomeContext, ScopedDelete<SomeContext> >
-    ScopedSomeContext;
-
-class AlignedMallocTest : public ::testing::Test,
-                          public ::testing::WithParamInterface<size_t> {
- protected:
-  ScopedSomeContext test_align_new(size_t alignment) {
-    ScopedSomeContext ctx(PORT_ZNewAligned(SomeContext, alignment, mem));
-    return ctx;
-  };
-  ScopedSomeContext test_align_alloc(size_t alignment) {
-    void *mem = nullptr;
-    ScopedSomeContext ctx((SomeContext *)PORT_ZAllocAligned(sizeof(SomeContext),
-                                                            alignment, &mem));
-    if (ctx) {
-      ctx->mem = mem;
-    }
-    return ctx;
-  }
-};
-
-TEST_P(AlignedMallocTest, TestNew) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_new(alignment);
-  EXPECT_TRUE(ctx.get());
-  EXPECT_EQ(0U, (uintptr_t)ctx.get() % alignment);
-}
-
-TEST_P(AlignedMallocTest, TestAlloc) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_alloc(alignment);
-  EXPECT_TRUE(ctx.get());
-  EXPECT_EQ(0U, (uintptr_t)ctx.get() % alignment);
-}
-
-class AlignedMallocTestBadSize : public AlignedMallocTest {};
-
-TEST_P(AlignedMallocTestBadSize, TestNew) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_new(alignment);
-  EXPECT_FALSE(ctx.get());
-}
-
-TEST_P(AlignedMallocTestBadSize, TestAlloc) {
-  size_t alignment = GetParam();
-  ScopedSomeContext ctx = test_align_alloc(alignment);
-  EXPECT_FALSE(ctx.get());
-}
-
-static const size_t kSizes[] = {1, 2, 4, 8, 16, 32, 64};
-static const size_t kBadSizes[] = {0, 7, 17, 24, 56};
-
-INSTANTIATE_TEST_CASE_P(AllAligned, AlignedMallocTest,
-                        ::testing::ValuesIn(kSizes));
-INSTANTIATE_TEST_CASE_P(AllAlignedBadSize, AlignedMallocTestBadSize,
-                        ::testing::ValuesIn(kBadSizes));
-
-}  // namespace nss_test
--- a/security/nss/gtests/util_gtest/util_gtest.gyp
+++ b/security/nss/gtests/util_gtest/util_gtest.gyp
@@ -9,18 +9,16 @@
   'targets': [
     {
       'target_name': 'util_gtest',
       'type': 'executable',
       'sources': [
         'util_utf8_unittest.cc',
         'util_b64_unittest.cc',
         'util_pkcs11uri_unittest.cc',
-        'util_aligned_malloc_unittest.cc',
-        'util_memcmpzero_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc',
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports',
         '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
         '<(DEPTH)/lib/util/util.gyp:nssutil',
         '<(DEPTH)/lib/nss/nss.gyp:nss_static',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
deleted file mode 100644
--- a/security/nss/gtests/util_gtest/util_memcmpzero_unittest.cc
+++ /dev/null
@@ -1,45 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "gtest/gtest.h"
-#include "scoped_ptrs_util.h"
-
-namespace nss_test {
-
-class MemcmpZeroTest : public ::testing::Test {
- protected:
-  unsigned int test_memcmp_zero(const std::vector<uint8_t> &mem) {
-    return NSS_SecureMemcmpZero(mem.data(), mem.size());
-  };
-};
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroTrue) {
-  unsigned int rv = test_memcmp_zero(std::vector<uint8_t>(37, 0));
-  EXPECT_EQ(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse5) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[5] = 1;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse37) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[vec.size() - 1] = 0xFF;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-TEST_F(MemcmpZeroTest, TestMemcmpZeroFalse0) {
-  std::vector<uint8_t> vec(37, 0);
-  vec[0] = 1;
-  unsigned int rv = test_memcmp_zero(vec);
-  EXPECT_NE(0U, rv);
-}
-
-}  // namespace nss_test
--- a/security/nss/lib/freebl/ecl/ecp_25519.c
+++ b/security/nss/lib/freebl/ecl/ecp_25519.c
@@ -110,14 +110,10 @@ ec_Curve25519_pt_mul(SECItem *X, SECItem
     } else {
         PORT_Assert(P->len == 32);
         if (P->len != 32) {
             return SECFailure;
         }
         px = P->data;
     }
 
-    SECStatus rv = ec_Curve25519_mul(X->data, k->data, px);
-    if (NSS_SecureMemcmpZero(X->data, X->len) == 0) {
-        return SECFailure;
-    }
-    return rv;
+    return ec_Curve25519_mul(X->data, k->data, px);
 }
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -569,17 +569,17 @@ struct GCMContextStr {
     unsigned char tagKey[MAX_BLOCK_SIZE];
 };
 
 GCMContext *
 GCM_CreateContext(void *context, freeblCipherFunc cipher,
                   const unsigned char *params)
 {
     GCMContext *gcm = NULL;
-    gcmHashContext *ghash = NULL;
+    gcmHashContext *ghash = NULL, *ghashmem = NULL;
     unsigned char H[MAX_BLOCK_SIZE];
     unsigned int tmp;
     PRBool freeCtr = PR_FALSE;
     const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     CK_AES_CTR_PARAMS ctrParams;
     SECStatus rv;
 #ifdef DISABLE_HW_GCM
     const PRBool sw = PR_TRUE;
@@ -590,17 +590,24 @@ GCM_CreateContext(void *context, freeblC
     if (gcmParams->ulIvLen == 0) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     gcm = PORT_ZNew(GCMContext);
     if (gcm == NULL) {
         return NULL;
     }
-    ghash = PORT_ZNewAligned(gcmHashContext, 16, mem);
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    ghashmem = PORT_ZAlloc(sizeof(gcmHashContext) + 15);
+    if (ghashmem == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    ghash = (gcmHashContext *)(((uintptr_t)ghashmem + 15) & ~(uintptr_t)0x0F);
+    ghash->mem = ghashmem;
 
     /* first plug in the ghash context */
     gcm->ghash_context = ghash;
     PORT_Memset(H, 0, AES_BLOCK_SIZE);
     rv = (*cipher)(context, H, &tmp, AES_BLOCK_SIZE, H, AES_BLOCK_SIZE, AES_BLOCK_SIZE);
     if (rv != SECSuccess) {
         goto loser;
     }
--- a/security/nss/lib/freebl/rijndael.c
+++ b/security/nss/lib/freebl/rijndael.c
@@ -1012,17 +1012,26 @@ rijndael_decryptCBC(AESContext *cx, unsi
  * The following functions implement the encryption routines defined in
  * BLAPI for the AES cipher, Rijndael.
  *
  ***********************************************************************/
 
 AESContext *
 AES_AllocateContext(void)
 {
-    return PORT_ZNewAligned(AESContext, 16, mem);
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    AESContext *ctx, *ctxmem;
+    ctxmem = PORT_ZAlloc(sizeof(AESContext) + 15);
+    if (ctxmem == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    ctx = (AESContext *)(((uintptr_t)ctxmem + 15) & ~(uintptr_t)0x0F);
+    ctx->mem = ctxmem;
+    return ctx;
 }
 
 /*
 ** Initialize a new AES context suitable for AES encryption/decryption in
 ** the ECB or CBC mode.
 **  "mode" the mode of operation, which must be NSS_AES or NSS_AES_CBC
 */
 static SECStatus
--- a/security/nss/lib/freebl/stubs.c
+++ b/security/nss/lib/freebl/stubs.c
@@ -131,21 +131,16 @@ STUB_DECLARE(void *, PORT_Alloc_Util, (s
 STUB_DECLARE(void *, PORT_ArenaAlloc_Util, (PLArenaPool * arena, size_t size));
 STUB_DECLARE(void *, PORT_ArenaZAlloc_Util, (PLArenaPool * arena, size_t size));
 STUB_DECLARE(void, PORT_Free_Util, (void *ptr));
 STUB_DECLARE(void, PORT_FreeArena_Util, (PLArenaPool * arena, PRBool zero));
 STUB_DECLARE(int, PORT_GetError_Util, (void));
 STUB_DECLARE(PLArenaPool *, PORT_NewArena_Util, (unsigned long chunksize));
 STUB_DECLARE(void, PORT_SetError_Util, (int value));
 STUB_DECLARE(void *, PORT_ZAlloc_Util, (size_t len));
-STUB_DECLARE(void *, PORT_ZAllocAligned_Util, (size_t bytes, size_t alignment,
-                                               void **mem));
-STUB_DECLARE(void *, PORT_ZAllocAlignedOffset_Util, (size_t bytes,
-                                                     size_t alignment,
-                                                     size_t offset));
 STUB_DECLARE(void, PORT_ZFree_Util, (void *ptr, size_t len));
 
 STUB_DECLARE(void, PR_Assert, (const char *s, const char *file, PRIntn ln));
 STUB_DECLARE(PRStatus, PR_Access, (const char *name, PRAccessHow how));
 STUB_DECLARE(PRStatus, PR_CallOnce, (PRCallOnceType * once, PRCallOnceFN func));
 STUB_DECLARE(PRStatus, PR_Close, (PRFileDesc * fd));
 STUB_DECLARE(void, PR_DestroyLock, (PRLock * lock));
 STUB_DECLARE(void, PR_DestroyCondVar, (PRCondVar * cvar));
@@ -174,24 +169,21 @@ STUB_DECLARE(SECItem *, SECITEM_AllocIte
 STUB_DECLARE(SECComparison, SECITEM_CompareItem_Util, (const SECItem *a,
                                                        const SECItem *b));
 STUB_DECLARE(SECStatus, SECITEM_CopyItem_Util, (PLArenaPool * arena,
                                                 SECItem *to, const SECItem *from));
 STUB_DECLARE(void, SECITEM_FreeItem_Util, (SECItem * zap, PRBool freeit));
 STUB_DECLARE(void, SECITEM_ZfreeItem_Util, (SECItem * zap, PRBool freeit));
 STUB_DECLARE(SECOidTag, SECOID_FindOIDTag_Util, (const SECItem *oid));
 STUB_DECLARE(int, NSS_SecureMemcmp, (const void *a, const void *b, size_t n));
-STUB_DECLARE(unsigned int, NSS_SecureMemcmpZero, (const void *mem, size_t n));
 
 #define PORT_ZNew_stub(type) (type *)PORT_ZAlloc_stub(sizeof(type))
 #define PORT_New_stub(type) (type *)PORT_Alloc_stub(sizeof(type))
 #define PORT_ZNewArray_stub(type, num) \
     (type *)PORT_ZAlloc_stub(sizeof(type) * (num))
-#define PORT_ZNewAligned_stub(type, alignment, mem) \
-    (type *)PORT_ZAllocAlignedOffset_stub(sizeof(type), alignment, offsetof(type, mem))
 
 /*
  * NOTE: in order to support hashing only the memory allocation stubs,
  * the get library name stubs, and the file io stubs are needed (the latter
  * two are for the library verification). The remaining stubs are simply to
  * compile. Attempts to use the library for other operations without NSPR
  * will most likely fail.
  */
@@ -217,62 +209,16 @@ PORT_ZAlloc_stub(size_t len)
     STUB_SAFE_CALL1(PORT_ZAlloc_Util, len);
     void *ptr = malloc(len);
     if (ptr) {
         memset(ptr, 0, len);
     }
     return ptr;
 }
 
-/* aligned_alloc is C11. This is an alternative to get aligned memory. */
-extern void *
-PORT_ZAllocAligned_stub(size_t bytes, size_t alignment, void **mem)
-{
-    STUB_SAFE_CALL3(PORT_ZAllocAligned_Util, bytes, alignment, mem);
-
-    /* This only works if alignement is a power of 2. */
-    if ((alignment == 0) || (alignment & (alignment - 1))) {
-        return NULL;
-    }
-
-    size_t x = alignment - 1;
-    size_t len = (bytes ? bytes : 1) + x;
-
-    if (!mem) {
-        return NULL;
-    }
-
-    /* Always allocate a non-zero amount of bytes */
-    *mem = malloc(len);
-    if (!*mem) {
-        return NULL;
-    }
-
-    memset(*mem, 0, len);
-    return (void *)(((uintptr_t)*mem + x) & ~(uintptr_t)x);
-}
-
-extern void *
-PORT_ZAllocAlignedOffset_stub(size_t size, size_t alignment, size_t offset)
-{
-    STUB_SAFE_CALL3(PORT_ZAllocAlignedOffset_Util, size, alignment, offset);
-    if (offset > size) {
-        return NULL;
-    }
-
-    void *mem = NULL;
-    void *v = PORT_ZAllocAligned_stub(size, alignment, &mem);
-    if (!v) {
-        return NULL;
-    }
-
-    *((void **)((uintptr_t)v + offset)) = mem;
-    return v;
-}
-
 extern void
 PORT_ZFree_stub(void *ptr, size_t len)
 {
     STUB_SAFE_CALL2(PORT_ZFree_Util, ptr, len);
     memset(ptr, 0, len);
     return free(ptr);
 }
 
@@ -639,23 +585,16 @@ SECITEM_ZfreeItem_stub(SECItem *zap, PRB
 
 extern int
 NSS_SecureMemcmp_stub(const void *a, const void *b, size_t n)
 {
     STUB_SAFE_CALL3(NSS_SecureMemcmp, a, b, n);
     abort();
 }
 
-extern unsigned int
-NSS_SecureMemcmpZero_stub(const void *mem, size_t n)
-{
-    STUB_SAFE_CALL2(NSS_SecureMemcmpZero, mem, n);
-    abort();
-}
-
 #ifdef FREEBL_NO_WEAK
 
 static const char *nsprLibName = SHLIB_PREFIX "nspr4." SHLIB_SUFFIX;
 static const char *nssutilLibName = SHLIB_PREFIX "nssutil3." SHLIB_SUFFIX;
 
 static SECStatus
 freebl_InitNSPR(void *lib)
 {
@@ -698,17 +637,16 @@ freebl_InitNSSUtil(void *lib)
     STUB_FETCH_FUNCTION(PORT_SetError_Util);
     STUB_FETCH_FUNCTION(SECITEM_FreeItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_AllocItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util);
     STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util);
     STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util);
     STUB_FETCH_FUNCTION(NSS_SecureMemcmp);
-    STUB_FETCH_FUNCTION(NSS_SecureMemcmpZero);
     return SECSuccess;
 }
 
 /*
  * fetch the library if it's loaded. For NSS it should already be loaded
  */
 #define freebl_getLibrary(libName) \
     dlopen(libName, RTLD_LAZY | RTLD_NOLOAD)
--- a/security/nss/lib/freebl/stubs.h
+++ b/security/nss/lib/freebl/stubs.h
@@ -25,27 +25,24 @@
 #define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub
 #define PORT_Free PORT_Free_stub
 #define PORT_FreeArena PORT_FreeArena_stub
 #define PORT_GetError PORT_GetError_stub
 #define PORT_NewArena PORT_NewArena_stub
 #define PORT_SetError PORT_SetError_stub
 #define PORT_ZAlloc PORT_ZAlloc_stub
 #define PORT_ZFree PORT_ZFree_stub
-#define PORT_ZAllocAligned PORT_ZAllocAligned_stub
-#define PORT_ZAllocAlignedOffset PORT_ZAllocAlignedOffset_stub
 
 #define SECITEM_AllocItem SECITEM_AllocItem_stub
 #define SECITEM_CompareItem SECITEM_CompareItem_stub
 #define SECITEM_CopyItem SECITEM_CopyItem_stub
 #define SECITEM_FreeItem SECITEM_FreeItem_stub
 #define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub
 #define SECOID_FindOIDTag SECOID_FindOIDTag_stub
 #define NSS_SecureMemcmp NSS_SecureMemcmp_stub
-#define NSS_SecureMemcmpZero NSS_SecureMemcmpZero_stub
 
 #define PR_Assert PR_Assert_stub
 #define PR_Access PR_Access_stub
 #define PR_CallOnce PR_CallOnce_stub
 #define PR_Close PR_Close_stub
 #define PR_DestroyCondVar PR_DestroyCondVar_stub
 #define PR_DestroyLock PR_DestroyLock_stub
 #define PR_Free PR_Free_stub
--- a/security/nss/lib/nss/utilwrap.c
+++ b/security/nss/lib/nss/utilwrap.c
@@ -70,18 +70,16 @@
 #undef PORT_SetError
 #undef PORT_SetUCS2_ASCIIConversionFunction
 #undef PORT_SetUCS2_UTF8ConversionFunction
 #undef PORT_SetUCS4_UTF8ConversionFunction
 #undef PORT_Strdup
 #undef PORT_UCS2_ASCIIConversion
 #undef PORT_UCS2_UTF8Conversion
 #undef PORT_ZAlloc
-#undef PORT_ZAllocAligned
-#undef PORT_ZAllocAlignedOffset
 #undef PORT_ZFree
 #undef SEC_ASN1Decode
 #undef SEC_ASN1DecodeInteger
 #undef SEC_ASN1DecodeItem
 #undef SEC_ASN1DecoderAbort
 #undef SEC_ASN1DecoderClearFilterProc
 #undef SEC_ASN1DecoderClearNotifyProc
 #undef SEC_ASN1DecoderFinish
@@ -141,28 +139,16 @@ PORT_Realloc(void *oldptr, size_t bytes)
 }
 
 void *
 PORT_ZAlloc(size_t bytes)
 {
     return PORT_ZAlloc_Util(bytes);
 }
 
-void *
-PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem)
-{
-    return PORT_ZAllocAligned_Util(bytes, alignment, mem);
-}
-
-void *
-PORT_ZAllocAlignedOffset(size_t bytes, size_t alignment, size_t offset)
-{
-    return PORT_ZAllocAlignedOffset_Util(bytes, alignment, offset);
-}
-
 void
 PORT_Free(void *ptr)
 {
     PORT_Free_Util(ptr);
 }
 
 void
 PORT_ZFree(void *ptr, size_t len)
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -1,9 +1,8 @@
-
 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
@@ -229,25 +228,21 @@ static const SSLCompressionMethod ssl_co
 static const unsigned int ssl_compression_method_count =
     PR_ARRAY_SIZE(ssl_compression_methods);
 
 /* compressionEnabled returns true iff the compression algorithm is enabled
  * for the given SSL socket. */
 static PRBool
 ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
 {
+    SSL3ProtocolVersion version;
+
     if (compression == ssl_compression_null) {
         return PR_TRUE; /* Always enabled */
     }
-/* Compression was disabled in NSS 3.33. It is temporarily possible
-     * to re-enable it by unifdefing the following block. We will remove
-     * compression entirely in future versions of NSS. */
-#if 0
-    SSL3ProtocolVersion version;
-
     if (ss->sec.isServer) {
         /* We can't easily check that the client didn't attempt TLS 1.3,
          * so this will have to do. */
         PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
         version = ss->version;
     } else {
         version = ss->vrange.max;
     }
@@ -257,17 +252,16 @@ ssl_CompressionEnabled(sslSocket *ss, SS
 #ifdef NSS_SSL_ENABLE_ZLIB
     if (compression == ssl_compression_deflate) {
         if (IS_DTLS(ss)) {
             return PR_FALSE;
         }
         return ss->opt.enableDeflate;
     }
 #endif
-#endif
     return PR_FALSE;
 }
 
 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
     ct_RSA_sign,
     ct_ECDSA_sign,
     ct_DSS_sign,
 };
--- a/security/nss/lib/util/nssutil.def
+++ b/security/nss/lib/util/nssutil.def
@@ -302,16 +302,8 @@ PK11URI_CreateURI;
 PK11URI_ParseURI;
 PK11URI_FormatURI;
 PK11URI_DestroyURI;
 PK11URI_GetPathAttribute;
 PK11URI_GetQueryAttribute;
 ;+    local:
 ;+       *;
 ;+};
-;+NSSUTIL_3.33 {         # NSS Utilities 3.33 release
-;+    global:
-PORT_ZAllocAligned_Util;
-PORT_ZAllocAlignedOffset_Util;
-NSS_SecureMemcmpZero;
-;+    local:
-;+       *;
-;+};
--- a/security/nss/lib/util/secport.c
+++ b/security/nss/lib/util/secport.c
@@ -16,18 +16,16 @@
 #include "plarena.h"
 #include "secerr.h"
 #include "prmon.h"
 #include "nssilock.h"
 #include "secport.h"
 #include "prenv.h"
 #include "prinit.h"
 
-#include <stdint.h>
-
 #ifdef DEBUG
 #define THREADMARK
 #endif /* DEBUG */
 
 #ifdef THREADMARK
 #include "prthread.h"
 #endif /* THREADMARK */
 
@@ -116,61 +114,16 @@ PORT_ZAlloc(size_t bytes)
         rv = PR_Calloc(1, bytes ? bytes : 1);
     }
     if (!rv) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
     }
     return rv;
 }
 
-/* aligned_alloc is C11. This is an alternative to get aligned memory. */
-void *
-PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem)
-{
-    size_t x = alignment - 1;
-
-    /* This only works if alignment is a power of 2. */
-    if ((alignment == 0) || (alignment & (alignment - 1))) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    if (!mem) {
-        return NULL;
-    }
-
-    /* Always allocate a non-zero amount of bytes */
-    *mem = PORT_ZAlloc((bytes ? bytes : 1) + x);
-    if (!*mem) {
-        PORT_SetError(SEC_ERROR_NO_MEMORY);
-        return NULL;
-    }
-
-    return (void *)(((uintptr_t)*mem + x) & ~(uintptr_t)x);
-}
-
-void *
-PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset)
-{
-    PORT_Assert(offset < size);
-    if (offset > size) {
-        return NULL;
-    }
-
-    void *mem = NULL;
-    void *v = PORT_ZAllocAligned(size, alignment, &mem);
-    if (!v) {
-        return NULL;
-    }
-
-    PORT_Assert(mem);
-    *((void **)((uintptr_t)v + offset)) = mem;
-    return v;
-}
-
 void
 PORT_Free(void *ptr)
 {
     if (ptr) {
         PR_Free(ptr);
     }
 }
 
@@ -775,23 +728,8 @@ NSS_SecureMemcmp(const void *ia, const v
     unsigned char r = 0;
 
     for (i = 0; i < n; ++i) {
         r |= *a++ ^ *b++;
     }
 
     return r;
 }
-
-/*
- * Perform a constant-time check if a memory region is all 0. The return value
- * is 0 if the memory region is all zero.
- */
-unsigned int
-NSS_SecureMemcmpZero(const void *mem, size_t n)
-{
-    PRUint8 zero = 0;
-    int i;
-    for (i = 0; i < n; ++i) {
-        zero |= *(PRUint8 *)((uintptr_t)mem + i);
-    }
-    return zero;
-}
--- a/security/nss/lib/util/secport.h
+++ b/security/nss/lib/util/secport.h
@@ -40,17 +40,16 @@
 #endif
 
 #include <sys/types.h>
 
 #include <ctype.h>
 #include <string.h>
 #include <stddef.h>
 #include <stdlib.h>
-#include <stdint.h>
 #include "prtypes.h"
 #include "prlog.h" /* for PR_ASSERT */
 #include "plarena.h"
 #include "plstr.h"
 
 /*
  * HACK for NSS 2.8 to allow Admin to compile without source changes.
  */
@@ -84,19 +83,16 @@ typedef struct PORTCheapArenaPool_str {
     PRUint32 magic; /* This is used to distinguish the two subclasses. */
 } PORTCheapArenaPool;
 
 SEC_BEGIN_PROTOS
 
 extern void *PORT_Alloc(size_t len);
 extern void *PORT_Realloc(void *old, size_t len);
 extern void *PORT_ZAlloc(size_t len);
-extern void *PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem);
-extern void *PORT_ZAllocAlignedOffset(size_t bytes, size_t alignment,
-                                      size_t offset);
 extern void PORT_Free(void *ptr);
 extern void PORT_ZFree(void *ptr, size_t len);
 extern char *PORT_Strdup(const char *s);
 extern void PORT_SetError(int value);
 extern int PORT_GetError(void);
 
 /* These functions are for use with PORTArenaPools. */
 extern PLArenaPool *PORT_NewArena(unsigned long chunksize);
@@ -130,18 +126,16 @@ SEC_END_PROTOS
  * unexpected changes in a function.
  */
 #ifdef DEBUG
 #define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess)
 #else
 #define PORT_CheckSuccess(f) (f)
 #endif
 #define PORT_ZNew(type) (type *)PORT_ZAlloc(sizeof(type))
-#define PORT_ZNewAligned(type, alignment, mem) \
-    (type *)PORT_ZAllocAlignedOffset(sizeof(type), alignment, offsetof(type, mem))
 #define PORT_New(type) (type *)PORT_Alloc(sizeof(type))
 #define PORT_ArenaNew(poolp, type) \
     (type *)PORT_ArenaAlloc(poolp, sizeof(type))
 #define PORT_ArenaZNew(poolp, type) \
     (type *)PORT_ArenaZAlloc(poolp, sizeof(type))
 #define PORT_NewArray(type, num) \
     (type *)PORT_Alloc(sizeof(type) * (num))
 #define PORT_ZNewArray(type, num) \
@@ -247,17 +241,16 @@ sec_port_iso88591_utf8_conversion_functi
     unsigned int inBufLen,
     unsigned char *outBuf,
     unsigned int maxOutBufLen,
     unsigned int *outBufLen);
 
 extern int NSS_PutEnv(const char *envVarName, const char *envValue);
 
 extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
-extern unsigned int NSS_SecureMemcmpZero(const void *mem, size_t n);
 
 /*
  * Load a shared library called "newShLibName" in the same directory as
  * a shared library that is already loaded, called existingShLibName.
  * A pointer to a static function in that shared library,
  * staticShLibFunc, is required.
  *
  * existingShLibName:
--- a/security/nss/lib/util/utilrename.h
+++ b/security/nss/lib/util/utilrename.h
@@ -65,18 +65,16 @@
 #define PORT_SetError PORT_SetError_Util
 #define PORT_SetUCS2_ASCIIConversionFunction PORT_SetUCS2_ASCIIConversionFunction_Util
 #define PORT_SetUCS2_UTF8ConversionFunction PORT_SetUCS2_UTF8ConversionFunction_Util
 #define PORT_SetUCS4_UTF8ConversionFunction PORT_SetUCS4_UTF8ConversionFunction_Util
 #define PORT_Strdup PORT_Strdup_Util
 #define PORT_UCS2_ASCIIConversion PORT_UCS2_ASCIIConversion_Util
 #define PORT_UCS2_UTF8Conversion PORT_UCS2_UTF8Conversion_Util
 #define PORT_ZAlloc PORT_ZAlloc_Util
-#define PORT_ZAllocAligned PORT_ZAllocAligned_Util
-#define PORT_ZAllocAlignedOffset PORT_ZAllocAlignedOffset_Util
 #define PORT_ZFree PORT_ZFree_Util
 #define SEC_ASN1Decode SEC_ASN1Decode_Util
 #define SEC_ASN1DecodeInteger SEC_ASN1DecodeInteger_Util
 #define SEC_ASN1DecodeItem SEC_ASN1DecodeItem_Util
 #define SEC_ASN1DecoderAbort SEC_ASN1DecoderAbort_Util
 #define SEC_ASN1DecoderClearFilterProc SEC_ASN1DecoderClearFilterProc_Util
 #define SEC_ASN1DecoderClearNotifyProc SEC_ASN1DecoderClearNotifyProc_Util
 #define SEC_ASN1DecoderFinish SEC_ASN1DecoderFinish_Util