diff --git a/SOURCES/nss-3.67-cve-2021-43527-test.patch b/SOURCES/nss-3.67-cve-2021-43527-test.patch
new file mode 100644
index 0000000..51cb8e0
--- /dev/null
+++ b/SOURCES/nss-3.67-cve-2021-43527-test.patch
@@ -0,0 +1,325 @@
+diff --git a/tests/cert/Leaf-bogus-dsa.crt b/tests/cert/Leaf-bogus-dsa.crt
+new file mode 100644
+--- /dev/null
++++ b/tests/cert/Leaf-bogus-dsa.crt
+@@ -0,0 +1,143 @@
++-----BEGIN CERTIFICATE-----
++MIIaZzCCCkWgAwIBAgIBATALBgcqhkjOOAQDBQAwMTEvMC0GA1UEAxMmZGVjb2Rl
++RUNvckRTQVNpZ25hdHVyZS10ZXN0Q2FzZS90YXZpc28wHhcNMjEwMTAxMDAwMDAw
++WhcNNDEwMTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZkZWNvZGVFQ29yRFNBU2lnbmF0
++dXJlLXRlc3RDYXNlL3RhdmlzbzCCCaYwggkaBgcqhkjOOAQBMIIJDQKBgQCqqqqq
++qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
++qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
++qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgKCCAEAu7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7
++u7u7u7u7u7u7u7u7u7u7u7sCgYEAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM
++zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM
++zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM
++zMzMzMwDgYUAAoGB3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d
++3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d
++3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3dMAkG
++ByqGSM44BAMDghAPADCCEAoCgggBAO7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u
++7u7u7u7uAoIIAQD/////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////
++/////////////////////////////////////////////////////////w==
++-----END CERTIFICATE-----
+diff --git a/tests/cert/Leaf-bogus-rsa-pss.crt b/tests/cert/Leaf-bogus-rsa-pss.crt
+new file mode 100644
+--- /dev/null
++++ b/tests/cert/Leaf-bogus-rsa-pss.crt
+@@ -0,0 +1,126 @@
++-----BEGIN CERTIFICATE-----
++MIIXODCCC/WgAwIBAgIBAjApBgkqhkiG9w0BAQowHKACMAChETAPBQAwCwYJYIZI
++AWUDBAIBogMCASAwNzEgMB4GCSqGSIb3DQEJARYRdGF2aXNvQGdvb2dsZS5jb20x
++EzARBgNVBAMTCmJ1ZzE3Mzc0NzAwHhcNMjAwMTAxMDAwMDAwWhcNNDAwMTAxMDAw
++MDAwWjA3MSAwHgYJKoZIhvcNAQkBFhF0YXZpc29AZ29vZ2xlLmNvbTETMBEGA1UE
++AxMKYnVnMTczNzQ3MDCCCywwDQYJKoZIhvcNAQEBBQADggsZADCCCxQCggsLAMRE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE
++RERERERERERERERERERERERERERERERERERERERERERERERERERERQIDAQABMC4G
++CSqGSIb3DQEBCjAhoRowGAYJKoZIhvcNAQEIMAsGCSqGSIb3DQEBCqIDAgEgA4IL
++CwAAxVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
++VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVU=
++-----END CERTIFICATE-----
+diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
+--- a/tests/cert/cert.sh
++++ b/tests/cert/cert.sh
+@@ -114,16 +114,28 @@ certu()
+ cert_log "ERROR: ${CU_ACTION} failed $RET"
+ else
+ html_passed "${CU_ACTION}"
+ fi
+
+ return $RET
+ }
+
++cert_test_vfy()
++{
++ echo "$SCRIPTNAME: Verify large rsa pss signature --------------"
++ echo " vfychain -a Leaf-bogus-dsa.crt"
++ vfychain -a ${QADIR}/cert/Leaf-bogus-dsa.crt
++ html_msg $? 1 "Verify large dsa signature"
++ echo "$SCRIPTNAME: Verify large rsa pss signature --------------"
++ echo " vfychain -a Leaf-bogus-rsa-pss.crt"
++ vfychain -a ${QADIR}/cert/Leaf-bogus-rsa-pss.crt
++ html_msg $? 1 "Verify large rsa pss signature"
++}
++
+ ################################ crlu #################################
+ # local shell function to call crlutil, also: writes action and options to
+ # stdout, sets variable RET and writes results to the html file results
+ ########################################################################
+ crlu()
+ {
+ echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
+
+@@ -2640,11 +2652,13 @@ if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
+ else
+ echo "$SCRIPTNAME: Skipping CRL Tests"
+ fi
+
+ if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
+ cert_stresscerts
+ fi
+
++cert_test_vfy
++
+ cert_iopr_setup
+
+ cert_cleanup
diff --git a/SOURCES/nss-3.67-cve-2021-43527.patch b/SOURCES/nss-3.67-cve-2021-43527.patch
new file mode 100644
index 0000000..8fc81d3
--- /dev/null
+++ b/SOURCES/nss-3.67-cve-2021-43527.patch
@@ -0,0 +1,279 @@
+diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
+--- a/lib/cryptohi/secvfy.c
++++ b/lib/cryptohi/secvfy.c
+@@ -164,6 +164,37 @@
+ PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+
++static unsigned int
++checkedSignatureLen(const SECKEYPublicKey *pubk)
++{
++ unsigned int sigLen = SECKEY_SignatureLen(pubk);
++ if (sigLen == 0) {
++ /* Error set by SECKEY_SignatureLen */
++ return sigLen;
++ }
++ unsigned int maxSigLen;
++ switch (pubk->keyType) {
++ case rsaKey:
++ case rsaPssKey:
++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
++ break;
++ case dsaKey:
++ maxSigLen = DSA_MAX_SIGNATURE_LEN;
++ break;
++ case ecKey:
++ maxSigLen = 2 * MAX_ECKEY_LEN;
++ break;
++ default:
++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
++ return 0;
++ }
++ if (sigLen > maxSigLen) {
++ PORT_SetError(SEC_ERROR_INVALID_KEY);
++ return 0;
++ }
++ return sigLen;
++}
++
+ /*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+@@ -174,38 +205,38 @@
+ unsigned int len)
+ {
+ SECItem *dsasig = NULL; /* also used for ECDSA */
+- SECStatus rv = SECSuccess;
+
+- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+- if (sig->len != len) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
++ if (len > DSA_MAX_SIGNATURE_LEN) {
++ goto loser;
+ }
+-
+- PORT_Memcpy(dsig, sig->data, sig->len);
+- return SECSuccess;
++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
++ if (len > MAX_ECKEY_LEN * 2) {
++ goto loser;
++ }
++ } else {
++ goto loser;
+ }
+
+- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+- if (len > MAX_ECKEY_LEN * 2) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
+- }
++ /* Decode and pad to length */
++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
++ if (dsasig == NULL) {
++ goto loser;
+ }
+- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+- if ((dsasig == NULL) || (dsasig->len != len)) {
+- rv = SECFailure;
+- } else {
+- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
++ if (dsasig->len != len) {
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++ goto loser;
+ }
+
+- if (dsasig != NULL)
+- SECITEM_FreeItem(dsasig, PR_TRUE);
+- if (rv == SECFailure)
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return rv;
++ PORT_Memcpy(dsig, dsasig->data, len);
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++
++ return SECSuccess;
++
++loser:
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ return SECFailure;
+ }
+
+ const SEC_ASN1Template hashParameterTemplate[] =
+@@ -281,7 +312,7 @@
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg)
+ {
+- int len;
++ unsigned int len;
+ PLArenaPool *arena;
+ SECStatus rv;
+ SECItem oid;
+@@ -466,48 +497,52 @@
+ cx->pkcs1RSADigestInfo = NULL;
+ rv = SECSuccess;
+ if (sig) {
+- switch (type) {
+- case rsaKey:
+- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+- &cx->pkcs1RSADigestInfo,
+- &cx->pkcs1RSADigestInfoLen,
+- cx->key,
+- sig, wincx);
+- break;
+- case rsaPssKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
++ rv = SECFailure;
++ if (type == rsaKey) {
++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
++ &cx->pkcs1RSADigestInfo,
++ &cx->pkcs1RSADigestInfoLen,
++ cx->key,
++ sig, wincx);
++ } else {
++ sigLen = checkedSignatureLen(key);
++ /* Check signature length is within limits */
++ if (sigLen == 0) {
++ /* error set by checkedSignatureLen */
++ rv = SECFailure;
++ goto loser;
++ }
++ if (sigLen > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ switch (type) {
++ case rsaPssKey:
++ if (sig->len != sigLen) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
++ rv = SECSuccess;
+ break;
+- }
+- if (sig->len != sigLen) {
+- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ case ecKey:
++ case dsaKey:
++ /* decodeECorDSASignature will check sigLen == sig->len after padding */
++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
++ break;
++ default:
++ /* Unreachable */
+ rv = SECFailure;
+- break;
+- }
+- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+- break;
+- case dsaKey:
+- case ecKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
+- break;
+- }
+- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+- break;
+- default:
+- rv = SECFailure;
+- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+- break;
++ goto loser;
++ }
++ }
++ if (rv != SECSuccess) {
++ goto loser;
+ }
+ }
+
+- if (rv)
+- goto loser;
+-
+ /* check hash alg again, RSA may have changed it.*/
+ if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+@@ -650,11 +685,16 @@
+ switch (cx->key->keyType) {
+ case ecKey:
+ case dsaKey:
+- dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ return SECFailure;
++ }
++ dsasig.data = cx->u.buffer;
++
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+@@ -686,8 +726,13 @@
+ }
+
+ rsasig.data = cx->u.buffer;
+- rsasig.len = SECKEY_SignatureLen(cx->key);
++ rsasig.len = checkedSignatureLen(cx->key);
+ if (rsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ return SECFailure;
++ }
++ if (rsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ if (sig) {
+@@ -749,7 +794,6 @@
+ SECStatus rv;
+ VFYContext *cx;
+ SECItem dsasig; /* also used for ECDSA */
+-
+ rv = SECFailure;
+
+ cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+@@ -757,19 +801,25 @@
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
++ /* Error (if any) set by verifyPKCS1DigestInfo */
+ break;
+- case dsaKey:
+ case ecKey:
++ case dsaKey:
+ dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ rv = SECFailure;
+ break;
+ }
+- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+- SECSuccess) {
++ if (dsasig.len > sizeof(cx->u)) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- } else {
+- rv = SECSuccess;
++ rv = SECFailure;
++ break;
++ }
++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
++ if (rv != SECSuccess) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ break;
+ default:
+
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index f4b6b5d..3f000bc 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -47,7 +47,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services
Name: nss
Version: %{nss_version}
-Release: 6%{?dist}
+Release: 7%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version}
@@ -157,6 +157,10 @@ Patch233: nss-3.67-fix-coverity-issues.patch
Patch234: nss-3.67-fix-sdb-timeout.patch
# no upstream bug yet
Patch235: nss-3.67-fix-ssl-alerts.patch
+Patch300: nss-3.67-cve-2021-43527.patch
+Patch301: nss-3.67-cve-2021-43527-test.patch
+
+
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -928,6 +932,9 @@ update-crypto-policies --no-reload &> /dev/null || :
%changelog
+* Thu Nov 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-7
+- Fix CVE 2021 43527
+
* Tue Jul 6 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-6
- Fix ssl alert issue