app-crypt/qca: Fix CryptographicMessageSyntax

Closes: https://bugs.gentoo.org/766932 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
author: Andreas Sturmlechner <asturm@gentoo.org> 2021-03-05 11:39:56 +0100
committer: Andreas Sturmlechner <asturm@gentoo.org> 2021-03-05 11:39:56 +0100
commit: 44d67a9888121586b4839bb73dc748c398adfe23 (patch)
tree: 3abcfb50a17d547594ad65e5346f4e868e0b7a58 /app-crypt
parent: dev-python/boto3: Bump to 1.17.21 (diff)
download: gentoo-44d67a9888121586b4839bb73dc748c398adfe23.tar.gz
gentoo-44d67a9888121586b4839bb73dc748c398adfe23.tar.bz2
gentoo-44d67a9888121586b4839bb73dc748c398adfe23.zip
3 files changed, 94 insertions, 1 deletions
diff --git a/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
new file mode 100644
index 000000000000..af86e4539fba
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
@@ -0,0 +1,32 @@
+From ecdd0538dded7d2ba9e73a51f4f52030dd3f5a3b Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 17:43:45 +0100
+Subject: [PATCH] Fix CMSut::signverify_message_invalid failing "randomly"
+
+Once in a blue moon it happens that signedResult1[signedResult1.size() -
+2] is a 0, so setting it to 0 doesn't break the signature validation, so
+   check if it's a 0 and if it is, set it to 1
+---
+ unittest/cms/cms.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 4901221e..9b541789 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -499,7 +499,11 @@ void CMSut::signverify_message_invalid()
+ 
+             // This is just to break things
+             // signedResult1[30] = signedResult1[30] + 1;
+-            signedResult1[signedResult1.size() - 2] = 0x00;
++            if (signedResult1.at(signedResult1.size() - 2) != 0) {
++                signedResult1[signedResult1.size() - 2] = 0x00;
++            } else {
++                signedResult1[signedResult1.size() - 2] = 0x01;
++            }
+ 
+             msg.startVerify();
+             msg.update(signedResult1);
+-- 
+GitLab
+
diff --git a/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
new file mode 100644
index 000000000000..34258aed1620
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
@@ -0,0 +1,57 @@
+From bc94cc08e1d3ea733946861d90a21681d58665ab Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 16:39:11 +0100
+Subject: [PATCH] openssl 1.1.1i made verification of empty messages always
+ succeed
+
+BUGS: 432519
+---
+ unittest/cms/cms.cpp | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 37e188d0..4901221e 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -30,6 +30,8 @@
+ #include "import_plugins.h"
+ #endif
+ 
++#include <openssl/opensslv.h>
++
+ class CMSut : public QObject
+ {
+     Q_OBJECT
+@@ -252,7 +254,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -264,7 +268,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -277,6 +283,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER >= 0x1010109fL
++            QEXPECT_FAIL("empty", "On newer openssl verifaction of zero length message always succeeds", Continue);
++#endif
+             QCOMPARE(msg.verifySuccess(), false);
+ 
+             msg.reset();
+-- 
+GitLab
+
diff --git a/app-crypt/qca/qca-2.3.2.ebuild b/app-crypt/qca/qca-2.3.2.ebuild
index 9b020b5ca9f0..2d0ade08ff78 100644
--- a/app-crypt/qca/qca-2.3.2.ebuild
+++ b/app-crypt/qca/qca-2.3.2.ebuild
@@ -39,7 +39,11 @@ DEPEND="${RDEPEND}
 	)
 "
 
-PATCHES=( "${FILESDIR}/${PN}-disable-pgp-test.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-disable-pgp-test.patch"
+	"${FILESDIR}/${P}-openssl-1.1.1i-empty-msg-verification.patch" # bug 766932
+	"${FILESDIR}/${P}-cmsut-signverify_message_invalid-fails-randomly.patch"
+)
 
 qca_plugin_use() {
 	echo -DWITH_${2:-$1}_PLUGIN=$(usex "$1")
author	Andreas Sturmlechner <asturm@gentoo.org>	2021-03-05 11:39:56 +0100
committer	Andreas Sturmlechner <asturm@gentoo.org>	2021-03-05 11:39:56 +0100
commit	44d67a9888121586b4839bb73dc748c398adfe23 (patch)
tree	3abcfb50a17d547594ad65e5346f4e868e0b7a58 /app-crypt
parent	dev-python/boto3: Bump to 1.17.21 (diff)
download	gentoo-44d67a9888121586b4839bb73dc748c398adfe23.tar.gz gentoo-44d67a9888121586b4839bb73dc748c398adfe23.tar.bz2 gentoo-44d67a9888121586b4839bb73dc748c398adfe23.zip