From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CFC111382C5 for ; Fri, 5 Mar 2021 10:52:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1B9A5E08FB; Fri, 5 Mar 2021 10:52:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E702CE08FB for ; Fri, 5 Mar 2021 10:52:38 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7C856340D68 for ; Fri, 5 Mar 2021 10:52:37 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CBA62478 for ; Fri, 5 Mar 2021 10:52:35 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1614940796.44d67a9888121586b4839bb73dc748c398adfe23.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/qca/files/, app-crypt/qca/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch app-crypt/qca/qca-2.3.2.ebuild X-VCS-Directories: app-crypt/qca/files/ app-crypt/qca/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: 44d67a9888121586b4839bb73dc748c398adfe23 X-VCS-Branch: master Date: Fri, 5 Mar 2021 10:52:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 638dad75-aac2-43fe-8cc0-c3d6b8e1ad36 X-Archives-Hash: 98f686a3faa8067f23b8f6fe4021c9d4 commit: 44d67a9888121586b4839bb73dc748c398adfe23 Author: Andreas Sturmlechner gentoo org> AuthorDate: Fri Mar 5 10:39:56 2021 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Fri Mar 5 10:39:56 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44d67a98 app-crypt/qca: Fix CryptographicMessageSyntax Closes: https://bugs.gentoo.org/766932 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner gentoo.org> ...signverify_message_invalid-fails-randomly.patch | 32 ++++++++++++ ...3.2-openssl-1.1.1i-empty-msg-verification.patch | 57 ++++++++++++++++++++++ app-crypt/qca/qca-2.3.2.ebuild | 6 ++- 3 files changed, 94 insertions(+), 1 deletion(-) diff --git a/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch new file mode 100644 index 00000000000..af86e4539fb --- /dev/null +++ b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch @@ -0,0 +1,32 @@ +From ecdd0538dded7d2ba9e73a51f4f52030dd3f5a3b Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Fri, 5 Feb 2021 17:43:45 +0100 +Subject: [PATCH] Fix CMSut::signverify_message_invalid failing "randomly" + +Once in a blue moon it happens that signedResult1[signedResult1.size() - +2] is a 0, so setting it to 0 doesn't break the signature validation, so + check if it's a 0 and if it is, set it to 1 +--- + unittest/cms/cms.cpp | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp +index 4901221e..9b541789 100644 +--- a/unittest/cms/cms.cpp ++++ b/unittest/cms/cms.cpp +@@ -499,7 +499,11 @@ void CMSut::signverify_message_invalid() + + // This is just to break things + // signedResult1[30] = signedResult1[30] + 1; +- signedResult1[signedResult1.size() - 2] = 0x00; ++ if (signedResult1.at(signedResult1.size() - 2) != 0) { ++ signedResult1[signedResult1.size() - 2] = 0x00; ++ } else { ++ signedResult1[signedResult1.size() - 2] = 0x01; ++ } + + msg.startVerify(); + msg.update(signedResult1); +-- +GitLab + diff --git a/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch new file mode 100644 index 00000000000..34258aed162 --- /dev/null +++ b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch @@ -0,0 +1,57 @@ +From bc94cc08e1d3ea733946861d90a21681d58665ab Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Fri, 5 Feb 2021 16:39:11 +0100 +Subject: [PATCH] openssl 1.1.1i made verification of empty messages always + succeed + +BUGS: 432519 +--- + unittest/cms/cms.cpp | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp +index 37e188d0..4901221e 100644 +--- a/unittest/cms/cms.cpp ++++ b/unittest/cms/cms.cpp +@@ -30,6 +30,8 @@ + #include "import_plugins.h" + #endif + ++#include ++ + class CMSut : public QObject + { + Q_OBJECT +@@ -252,7 +254,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER < 0x1010109fL + QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue); ++#endif + QVERIFY(msg.verifySuccess()); + + msg.reset(); +@@ -264,7 +268,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER < 0x1010109fL + QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue); ++#endif + QVERIFY(msg.verifySuccess()); + + msg.reset(); +@@ -277,6 +283,9 @@ void CMSut::signverify() + msg.waitForFinished(-1); + QVERIFY(msg.wasSigned()); + QVERIFY(msg.success()); ++#if OPENSSL_VERSION_NUMBER >= 0x1010109fL ++ QEXPECT_FAIL("empty", "On newer openssl verifaction of zero length message always succeeds", Continue); ++#endif + QCOMPARE(msg.verifySuccess(), false); + + msg.reset(); +-- +GitLab + diff --git a/app-crypt/qca/qca-2.3.2.ebuild b/app-crypt/qca/qca-2.3.2.ebuild index 9b020b5ca9f..2d0ade08ff7 100644 --- a/app-crypt/qca/qca-2.3.2.ebuild +++ b/app-crypt/qca/qca-2.3.2.ebuild @@ -39,7 +39,11 @@ DEPEND="${RDEPEND} ) " -PATCHES=( "${FILESDIR}/${PN}-disable-pgp-test.patch" ) +PATCHES=( + "${FILESDIR}/${PN}-disable-pgp-test.patch" + "${FILESDIR}/${P}-openssl-1.1.1i-empty-msg-verification.patch" # bug 766932 + "${FILESDIR}/${P}-cmsut-signverify_message_invalid-fails-randomly.patch" +) qca_plugin_use() { echo -DWITH_${2:-$1}_PLUGIN=$(usex "$1")