commit: 44d67a9888121586b4839bb73dc748c398adfe23 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Fri Mar 5 10:39:56 2021 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Fri Mar 5 10:39:56 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44d67a98
app-crypt/qca: Fix CryptographicMessageSyntax Closes: https://bugs.gentoo.org/766932 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> ...signverify_message_invalid-fails-randomly.patch | 32 ++++++++++++ ...3.2-openssl-1.1.1i-empty-msg-verification.patch | 57 ++++++++++++++++++++++ app-crypt/qca/qca-2.3.2.ebuild | 6 ++- 3 files changed, 94 insertions(+), 1 deletion(-) diff --git a/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch new file mode 100644 index 00000000000..af86e4539fb --- /dev/null +++ b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch @@ -0,0 +1,32 @@ +From ecdd0538dded7d2ba9e73a51f4f52030dd3f5a3b Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aa...@kde.org> +Date: Fri, 5 Feb 2021 17:43:45 +0100 +Subject: [PATCH] Fix CMSut::signverify_message_invalid failing "randomly" + +Once in a blue moon it happens that signedResult1[signedResult1.size() - +2] is a 0, so setting it to 0 doesn't break the signature validation, so + check if it's a 0 and if it is, set it to 1 +--- + unittest/cms/cms.cpp | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp +index 4901221e..9b541789 100644 +--- a/unittest/cms/cms.cpp ++++ b/unittest/cms/cms.cpp +@@ -499,7 +499,11 @@ void CMSut::signverify_message_invalid() + + // This is just to break things + // signedResult1[30] = signedResult1[30] + 1; +- signedResult1[signedResult1.size() - 2] = 0x00; ++ if (signedResult1.at(signedResult1.size() - 2) != 0) { ++ signedResult1[signedResult1.size() - 2] = 0x00; ++ } else { ++ signedResult1[signedResult1.size() - 2] = 0x01; ++ } + + msg.startVerify(); + msg.update(signedResult1); +-- +GitLab + diff --git a/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch new file mode 100644 index 00000000000..34258aed162 --- /dev/null +++ b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch @@ -0,0 +1,57 @@ +From bc94cc08e1d3ea733946861d90a21681d58665ab Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aa...@kde.org> +Date: Fri, 5 Feb 2021 16:39:11 +0100 +Subject: [PATCH] openssl 1.1.1i made verification of empty messages always + succeed + +BUGS: 432519 +--- + unittest/cms/cms.cpp | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp +index 37e188d0..4901221e 100644 +--- a/unittest/cms/cms.cpp ++++ b/unittest/cms/cms.cpp +@@ -30,6 +30,8 @@ + #include "import_plugins.h" + #endif + ++#include <openssl/opensslv.h> ++ + class CMSut : public QObject + { + Q_OBJECT +@@ -252,7 +254,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER < 0x1010109fL + QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue); ++#endif + QVERIFY(msg.verifySuccess()); + + msg.reset(); +@@ -264,7 +268,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER < 0x1010109fL + QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue); ++#endif + QVERIFY(msg.verifySuccess()); + + msg.reset(); +@@ -277,6 +283,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER >= 0x1010109fL ++ QEXPECT_FAIL("empty", "On newer openssl verifaction of zero length message always succeeds", Continue); ++#endif + QCOMPARE(msg.verifySuccess(), false); + + msg.reset(); +-- +GitLab + diff --git a/app-crypt/qca/qca-2.3.2.ebuild b/app-crypt/qca/qca-2.3.2.ebuild index 9b020b5ca9f..2d0ade08ff7 100644 --- a/app-crypt/qca/qca-2.3.2.ebuild +++ b/app-crypt/qca/qca-2.3.2.ebuild @@ -39,7 +39,11 @@ DEPEND="${RDEPEND} ) " -PATCHES=( "${FILESDIR}/${PN}-disable-pgp-test.patch" ) +PATCHES=( + "${FILESDIR}/${PN}-disable-pgp-test.patch" + "${FILESDIR}/${P}-openssl-1.1.1i-empty-msg-verification.patch" # bug 766932 + "${FILESDIR}/${P}-cmsut-signverify_message_invalid-fails-randomly.patch" +) qca_plugin_use() { echo -DWITH_${2:-$1}_PLUGIN=$(usex "$1")
