From 3ca8e4f72804a02573c1c815dc8f989d93b34a09 Mon Sep 17 00:00:00 2001
From: Robert Relyea <rrelyea@redhat.com>
Date: Thu, 25 Jul 2024 18:33:00 -0700
Subject: [PATCH] Related: RHEL-33511

Fix chacha timing issue
---
 nss-3.101-chacha-timing-fix.patch | 59 +++++++++++++++++++++++++++++++
 nss.spec                          |  3 ++
 2 files changed, 62 insertions(+)
 create mode 100644 nss-3.101-chacha-timing-fix.patch

diff --git a/nss-3.101-chacha-timing-fix.patch b/nss-3.101-chacha-timing-fix.patch
new file mode 100644
index 0000000..ea8756a
--- /dev/null
+++ b/nss-3.101-chacha-timing-fix.patch
@@ -0,0 +1,59 @@
+diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
+--- a/lib/freebl/chacha20poly1305.c
++++ b/lib/freebl/chacha20poly1305.c
+@@ -213,27 +213,31 @@
+ {
+ #ifdef NSS_X64
+ #ifndef NSS_DISABLE_AVX2
+     if (avx2_support()) {
+         Hacl_Chacha20_Vec256_chacha20_encrypt_256(len, output, block, k, nonce, ctr);
++        return;
+     }
+ #endif
+ 
+ #ifndef NSS_DISABLE_SSE3
+     if (ssse3_support() && sse4_1_support() && avx_support()) {
+         Hacl_Chacha20_Vec128_chacha20_encrypt_128(len, output, block, k, nonce, ctr);
++        return;
+     }
+ #endif
+ 
+ #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
+     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
+     if (ppc_crypto_support()) {
+         chacha20vsx(len, output, block, k, nonce, ctr);
+-    } else
++        return;
++    }
+ #endif
+     {
+         Hacl_Chacha20_chacha20_encrypt(len, output, block, k, nonce, ctr);
++        return;
+     }
+ }
+ #endif /* NSS_DISABLE_CHACHAPOLY */
+ 
+ SECStatus
+@@ -449,20 +453,18 @@
+             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
+             (uint8_t *)input, output, outTag);
+         goto finish;
+     }
+ #endif
+-
+-    else
+ #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
+     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
+     if (ppc_crypto_support()) {
+         Chacha20Poly1305_vsx_aead_encrypt(
+             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
+             (uint8_t *)input, output, outTag);
+         goto finish;
+-    } else
++    }
+ #endif
+     {
+         Hacl_Chacha20Poly1305_32_aead_encrypt(
+             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
+             (uint8_t *)input, output, outTag);
+
diff --git a/nss.spec b/nss.spec
index f8109ea..415ea35 100644
--- a/nss.spec
+++ b/nss.spec
@@ -184,6 +184,8 @@ Patch76:          nss-3.101-enable-kyber-policy.patch
 Patch77:          nss-3.101-fix-rsa-policy-test.patch
 Patch78:          nss-3.101-fix-pkcs12-md5-decode.patch
 Patch81:          nss-3.101-fix-missing-size-checks.patch
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1905691
+Patch82:          nss-3.101-chacha-timing-fix.patch
 
 # RHEL-10 specific
 Patch90:          nss-3.101-disable_dsa.patch
@@ -1172,6 +1174,7 @@ update-crypto-policies &> /dev/null || :
 %changelog
 * Wed Jul 24 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-5
 - Fix missing and inaccurate key length checks
+- Fix chacha timing issue
 
 * Thu Jul 18 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-4
 - Fix MD-5 decode issue in pkcs #12