new file mode 100644
@@ -0,0 +1,65 @@
+From 9ff9d3925d31ab265a965ab1d16d76c496ddb5c8 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:38 +0000
+Subject: [PATCH] Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by
+ PKCS11. r=jcj,kjacobs,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D74801
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc | 11 +++++++++--
+ nss/lib/freebl/chacha20poly1305.c | 2 +-
+ 2 files changed, 10 insertions(+), 3 deletions(-)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/9ff9d3925d31ab265a965ab1d16d76c496ddb5c8]
+Comment: Refreshed path for whole patchset
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+index 41f9da71d6..3ea17678d9 100644
+--- a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+@@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+ sizeof(aead_params)};
+
+- // Encrypt with bad parameters.
++ // Encrypt with bad parameters (TagLen is too long).
+ unsigned int encrypted_len = 0;
+ std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+ aead_params.ulTagLen = 158072;
+@@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
+- aead_params.ulTagLen = 16;
++
++ // Encrypt with bad parameters (TagLen is too short).
++ aead_params.ulTagLen = 2;
++ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
++ &encrypted_len, encrypted.size(), data, data_len);
++ EXPECT_EQ(SECFailure, rv);
++ EXPECT_EQ(0U, encrypted_len);
+
+ // Encrypt.
++ aead_params.ulTagLen = 16;
+ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+
+diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
+index 970c6436da..5c294a9eaf 100644
+--- a/nss/lib/freebl/chacha20poly1305.c
++++ b/nss/lib/freebl/chacha20poly1305.c
+@@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
+- if (tagLen == 0 || tagLen > 16) {
++ if (tagLen != 16) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
new file mode 100644
@@ -0,0 +1,80 @@
+From 06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45 Mon Sep 17 00:00:00 2001
+From: Benjamin Beurdouche <bbeurdouche@mozilla.com>
+Date: Sat, 18 Jul 2020 00:13:14 +0000
+Subject: [PATCH] Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20.
+ r=kjacobs,rrelyea
+
+Depends on D74801
+
+Differential Revision: https://phabricator.services.mozilla.com/D83994
+
+--HG--
+extra : moz-landing-system : lando
+---
+ nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 +++++++++++++++++++++
+ nss/lib/softoken/pkcs11c.c | 1 +
+ 2 files changed, 50 insertions(+)
+
+CVE: CVE-2020-12403
+Upstream-Status: Backport [https://github.com/nss-dev/nss/commit/06b2b1c50bd4eaa7f65d858e5e3f44f678cb3c45]
+Comment: Refreshed path for whole patchset and removed change for pkcs11c.c
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+diff --git a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+index 38982fd885..700750cc90 100644
+--- a/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
++++ b/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
+ NSS_ShutdownContext(globalctx);
+ }
+
++TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
++ PK11SlotInfo* slot;
++ PK11SymKey* key;
++ PK11Context* ctx;
++
++ NSSInitContext* globalctx =
++ NSS_InitContext("", "", "", "", NULL,
++ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
++ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
++
++ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
++
++ slot = PK11_GetInternalSlot();
++ ASSERT_TRUE(slot);
++
++ // Use arbitrary bytes for the ChaCha20 key and IV
++ uint8_t key_bytes[32];
++ for (size_t i = 0; i < 32; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem keyItem = {siBuffer, key_bytes, 32};
++
++ uint8_t iv_bytes[16];
++ for (size_t i = 0; i < 16; i++) {
++ key_bytes[i] = i;
++ }
++ SECItem ivItem = {siBuffer, iv_bytes, 16};
++
++ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
++
++ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
++ &keyItem, NULL);
++ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
++ ASSERT_TRUE(key);
++ ASSERT_TRUE(ctx);
++
++ uint8_t outbuf[128];
++ // This is supposed to fail for Chacha20. This is because the underlying
++ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
++ // which multi-part is disabled for ChaCha20 in counter mode.
++ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
++
++ PK11_FreeSymKey(key);
++ PK11_FreeSlot(slot);
++ SECITEM_FreeItem(param, PR_TRUE);
++ PK11_DestroyContext(ctx, PR_TRUE);
++ NSS_ShutdownContext(globalctx);
++}
++
+ } // namespace nss_test
@@ -37,6 +37,8 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
file://CVE-2020-12401.patch \
file://CVE-2020-6829_12400.patch \
+ file://CVE-2020-12403_1.patch \
+ file://CVE-2020-12403_2.patch \
"
SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"