app-crypt/qca: Fix CryptographicMessageSyntax

Closes: https://bugs.gentoo.org/766932
Package-Manager: Portage-3.0.16, Repoman-3.0.2
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

2 files changed, 89 insertions, 0 deletions

diff --git a/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
new file mode 100644
index 000000000000..af86e4539fba
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-cmsut-signverify_message_invalid-fails-randomly.patch
@@ -0,0 +1,32 @@
+From ecdd0538dded7d2ba9e73a51f4f52030dd3f5a3b Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 17:43:45 +0100
+Subject: [PATCH] Fix CMSut::signverify_message_invalid failing "randomly"
+
+Once in a blue moon it happens that signedResult1[signedResult1.size() -
+2] is a 0, so setting it to 0 doesn't break the signature validation, so
+   check if it's a 0 and if it is, set it to 1
+---
+ unittest/cms/cms.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 4901221e..9b541789 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -499,7 +499,11 @@ void CMSut::signverify_message_invalid()
+ 
+             // This is just to break things
+             // signedResult1[30] = signedResult1[30] + 1;
+-            signedResult1[signedResult1.size() - 2] = 0x00;
++            if (signedResult1.at(signedResult1.size() - 2) != 0) {
++                signedResult1[signedResult1.size() - 2] = 0x00;
++            } else {
++                signedResult1[signedResult1.size() - 2] = 0x01;
++            }
+ 
+             msg.startVerify();
+             msg.update(signedResult1);
+-- 
+GitLab
+
diff --git a/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
new file mode 100644
index 000000000000..34258aed1620
--- /dev/null
+++ b/app-crypt/qca/files/qca-2.3.2-openssl-1.1.1i-empty-msg-verification.patch
@@ -0,0 +1,57 @@
+From bc94cc08e1d3ea733946861d90a21681d58665ab Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Fri, 5 Feb 2021 16:39:11 +0100
+Subject: [PATCH] openssl 1.1.1i made verification of empty messages always
+ succeed
+
+BUGS: 432519
+---
+ unittest/cms/cms.cpp | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/unittest/cms/cms.cpp b/unittest/cms/cms.cpp
+index 37e188d0..4901221e 100644
+--- a/unittest/cms/cms.cpp
++++ b/unittest/cms/cms.cpp
+@@ -30,6 +30,8 @@
+ #include "import_plugins.h"
+ #endif
+ 
++#include <openssl/opensslv.h>
++
+ class CMSut : public QObject
+ {
+     Q_OBJECT
+@@ -252,7 +254,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -264,7 +268,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER < 0x1010109fL
+             QEXPECT_FAIL("empty", "We don't seem to be able to verify signature of a zero length message", Continue);
++#endif
+             QVERIFY(msg.verifySuccess());
+ 
+             msg.reset();
+@@ -277,6 +283,9 @@ void CMSut::signverify()
+             msg.waitForFinished(-1);
+             QVERIFY(msg.wasSigned());
+             QVERIFY(msg.success());
++#if OPENSSL_VERSION_NUMBER >= 0x1010109fL
++            QEXPECT_FAIL("empty", "On newer openssl verifaction of zero length message always succeeds", Continue);
++#endif
+             QCOMPARE(msg.verifySuccess(), false);
+ 
+             msg.reset();
+-- 
+GitLab
+