diff --git a/SOURCES/nss-transcript.patch b/SOURCES/nss-transcript.patch
new file mode 100644
index 0000000..170b3bc
--- /dev/null
+++ b/SOURCES/nss-transcript.patch
@@ -0,0 +1,63 @@
+# HG changeset patch
+# User Martin Thomson <martin.thomson@gmail.com>
+# Date 1501813647 -36000
+# Fri Aug 04 12:27:27 2017 +1000
+# Node ID 839200ce0943166a079284bdf45dcc37bb672925
+# Parent 6254e8431392863fd0aa7e70c311add48af05775
+Bug 1377618 - Simplify handling of CertificateVerify, r=kaie
+
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -9758,13 +9758,12 @@ ssl3_HandleCertificateVerify(sslSocket *
+
+ hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+
+- if (hashes->u.pointer_to_hash_input.data) {
+- rv = ssl3_ComputeHandshakeHash(hashes->u.pointer_to_hash_input.data,
+- hashes->u.pointer_to_hash_input.len,
+- hashAlg, &localHashes);
+- } else {
+- rv = SECFailure;
+- }
++ /* Read from the message buffer, but we need to use only up to the end
++ * of the previous handshake message. The length of the transcript up to
++ * that point is saved in |hashes->u.transcriptLen|. */
++ rv = ssl3_ComputeHandshakeHash(ss->ssl3.hs.messages.buf,
++ hashes->u.transcriptLen,
++ hashAlg, &localHashes);
+
+ if (rv == SECSuccess) {
+ hashesForVerify = &localHashes;
+@@ -11664,15 +11663,15 @@ ssl3_HandleHandshakeMessage(sslSocket *s
+ * additional handshake messages will have been added to the
+ * buffer, e.g. the certificate_verify message itself.)
+ *
+- * Therefore, we use SSL3Hashes.u.pointer_to_hash_input
+- * to signal the current state of the buffer.
++ * Therefore, we use SSL3Hashes.u.transcriptLen to save how much
++ * data there is and read directly from ss->ssl3.hs.messages
++ * when calculating the hashes.
+ *
+ * ssl3_HandleCertificateVerify will detect
+ * hashType == handshake_hash_record
+ * and use that information to calculate the hash.
+ */
+- hashes.u.pointer_to_hash_input.data = ss->ssl3.hs.messages.buf;
+- hashes.u.pointer_to_hash_input.len = ss->ssl3.hs.messages.len;
++ hashes.u.transcriptLen = ss->ssl3.hs.messages.len;
+ hashesPtr = &hashes;
+ } else {
+ computeHashes = PR_TRUE;
+diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
+--- a/lib/ssl/ssl3prot.h
++++ b/lib/ssl/ssl3prot.h
+@@ -236,7 +236,7 @@ typedef struct {
+ union {
+ PRUint8 raw[64];
+ SSL3HashesIndividually s;
+- SECItem pointer_to_hash_input;
++ unsigned int transcriptLen;
+ } u;
+ } SSL3Hashes;
+
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index bb0ec75..c372718 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -27,7 +27,7 @@
Summary: Network Security Services
Name: nss
Version: 3.28.4
-Release: 11%{?dist}
+Release: 12%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -153,6 +153,8 @@ Patch140: nss-ssl3gthr.patch
# Work around for yum
# https://bugzilla.redhat.com/show_bug.cgi?id=1469526
Patch141: nss-sysinit-getenv.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
+Patch142: nss-transcript.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -266,6 +268,7 @@ pushd nss
%patch139 -p1 -b .disable-pss-gtests
%patch140 -p1 -b .ssl3gthr
%patch141 -p1 -b .sysinit-getenv
+%patch142 -p1 -b .transcript
popd
#########################################################
@@ -856,6 +859,9 @@ fi
%changelog
+* Fri Aug 4 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-12
+- Backport patch to simplify transcript calculation for CertificateVerify
+
* Fri Jul 14 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-11
- Rebuild to get correct release suffix (.el7 -> .el7_4)