fix CVE-2020-6829 CVE-2020-12400 CVE-2020-12401

CVE-2020-12401.patch

@@ -0,0 +1,57 @@
+
+# HG changeset patch
+# User Billy Brumley <bbrumley@gmail.com>
+# Date 1595283525 0
+# Node ID aeb2e583ee957a699d949009c7ba37af76515c20
+# Parent  ca207655b4b7cb1d3a5e438c1fb9b90d45596da6
+Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche
+
+Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding.
+
+Timing attack countermeasures are now applied more generally deeper in
+the call stack.
+
+Differential Revision: https://phabricator.services.mozilla.com/D82011
+
+diff --git a/nss/lib/freebl/ec.c b/nss/lib/freebl/ec.c
+--- a/nss/lib/freebl/ec.c
++++ b/nss/lib/freebl/ec.c
+@@ -719,37 +719,16 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *k
+         mp_tohex(&n, mpstr);
+         printf("n : %s \n", mpstr);
+ #endif
+         PORT_SetError(SEC_ERROR_NEED_RANDOM);
+         goto cleanup;
+     }
+ 
+     /*
+-    ** We do not want timing information to leak the length of k,
+-    ** so we compute k*G using an equivalent scalar of fixed
+-    ** bit-length.
+-    ** Fix based on patch for ECDSA timing attack in the paper
+-    ** by Billy Bob Brumley and Nicola Tuveri at
+-    **   http://eprint.iacr.org/2011/232
+-    **
+-    ** How do we convert k to a value of a fixed bit-length?
+-    ** k starts off as an integer satisfying 0 <= k < n.  Hence,
+-    ** n <= k+n < 2n, which means k+n has either the same number
+-    ** of bits as n or one more bit than n.  If k+n has the same
+-    ** number of bits as n, the second addition ensures that the
+-    ** final value has exactly one more bit than n.  Thus, we
+-    ** always end up with a value that exactly one more bit than n.
+-    */
+-    CHECK_MPI_OK(mp_add(&k, &n, &k));
+-    if (mpl_significant_bits(&k) <= mpl_significant_bits(&n)) {
+-        CHECK_MPI_OK(mp_add(&k, &n, &k));
+-    }
+-
+-    /*
+     ** ANSI X9.62, Section 5.3.2, Step 2
+     **
+     ** Compute kG
+     */
+     kGpoint.len = EC_GetPointSize(ecParams);
+     kGpoint.data = PORT_Alloc(kGpoint.len);
+     if ((kGpoint.data == NULL) ||
+         (ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint) != SECSuccess))
+

nss.spec

@@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          3
+Release:          4
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@@ -40,6 +40,9 @@ Source14:         blank-key4.db
 Source15:         system-pkcs11.txt
 Source16:         setup-nsssysinit.sh
 Patch0:           nss-539183.patch
+Patch1:           0001-CVE-2020-6829-and-CVE-2020-12400.patch
+Patch2:           0002-CVE-2020-6829-and-CVE-2020-12400.patch
+Patch3:           CVE-2020-12401.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -123,6 +126,9 @@ Help document for NSS
 %setup -q -n %{name}-%{nss_archive_version}
 
 %patch0 -p0 -b .539183
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %build
 
@@ -544,6 +550,9 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*
 
 %changelog
+* Tue Sep 22 2020 zhangxingliang <zhangxingliang3@huawei.com> - 3.54-4
+- fix CVE-2020-6829 CVE-2020-12400 CVE-2020-12401
+
 * Thu Aug 20 2020 Liquor <lirui130@huawei.com> - 3.54-3
 - nss_version and pkg-version need to be consistent