From 601fd3a05141c614ae48a3ddac44194d669eaae1 Mon Sep 17 00:00:00 2001

From: Rolf Eike Beer <eb@emlix.com>

Date: Mon, 27 Jun 2016 12:55:51 +0200

Subject: fix base64 decoding on ARM

This code was broken on ARM and other architectures where "char" is unsigned by

default.

First, it breaks with newer compilers with errors like:

  .../src/qca_textfilter.cpp:314:2: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]

Second, if the compiler would just allow this conversion then the unsigned char

would hold 255, which would not be sign extended when cast to an int later, so

all the checks "< 0" will never trigger, and so invalid input characters cannot

be detected.

REVIEW:128295

BUG:364495

---

 src/qca_textfilter.cpp | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qca_textfilter.cpp b/src/qca_textfilter.cpp

index 9889a24..3baf511 100644

--- src/qca_textfilter.cpp

+++ src/qca_textfilter.cpp

@@ -293,7 +293,7 @@ static QByteArray b64decode(const QByteArray &s, bool *ok)

 	// 64 specifies eof

 	// everything else specifies data

-	static char tbl[] =

+	static signed char tbl[] =

 	{

 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,

 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,

-- 

cgit v0.11.2

qca-ossl: Fix build without support for SHA-0 

https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha 

anymore. 

Wikipedia says about SHA-0: "160-bit hash function published in 1993 

under the name SHA. It was withdrawn shortly after publication due to 

an undisclosed "significant flaw" and replaced by the slightly revised 

version SHA-1.' 

REVIEW: 125387 

--- plugins/qca-ossl/CMakeLists.txt.orig

+++ plugins/qca-ossl/CMakeLists.txt

@@ -24,6 +24,13 @@

   else(HAVE_OPENSSL_AES_CTR)

     message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")

   endif(HAVE_OPENSSL_AES_CTR)

+

+  check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)

+  if(HAVE_OPENSSL_SHA0)

+    add_definitions(-DHAVE_OPENSSL_SHA0)

+  else(HAVE_OPENSSL_SHA0)

+    message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")

+  endif(HAVE_OPENSSL_SHA0)

   set(QCA_OSSL_SOURCES qca-ossl.cpp)

qca-ossl: Fix build without SSLv3

http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232

This fixes building with LibreSSL >= 2.3.0 which has removed support

for SSLv3 completely. As far as I know OpenSSL can be configured to

build without it, so it might be helpful there as well.

REVIEW: 125386

qca-ossl: Fix build without support for SHA-0

https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha

anymore.

Wikipedia says about SHA-0: "160-bit hash function published in 1993

under the name SHA. It was withdrawn shortly after publication due to

an undisclosed "significant flaw" and replaced by the slightly revised

version SHA-1.'

REVIEW: 125387

Also includes:

qca-ossl: Remove SHA0 from all_hash_types() when it is not available.

https://git.reviewboard.kde.org/r/128700/

--- plugins/qca-ossl/qca-ossl.cpp.orig	2015-10-02 09:39:21 UTC

+++ plugins/qca-ossl/qca-ossl.cpp

@@ -5403,9 +5403,11 @@ public:

 			ctx = SSL_CTX_new(SSLv2_client_method());

 			break;

 #endif

+#ifndef OPENSSL_NO_SSL3_METHOD

 		case TLS::SSL_v3:

 			ctx = SSL_CTX_new(SSLv3_client_method());

 			break;

+#endif

 		case TLS::TLS_v1:

 			ctx = SSL_CTX_new(TLSv1_client_method());

 			break;

@@ -5805,7 +5807,11 @@ public:

 	{

 		SessionInfo sessInfo;

-		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));

+#ifndef OPENSSL_NO_COMP

+		sessInfo.isCompressed = (0 != ssl->session->compress_meth);

+#else

+		sessInfo.isCompressed = 0;

+#endif

 		if (ssl->version == TLS1_VERSION)

 			sessInfo.version = TLS::TLS_v1;

@@ -6880,7 +6886,9 @@ static QStringList all_hash_types()

 {

 	QStringList list;

 	list += "sha1";

+#ifdef HAVE_OPENSSL_SHA0

 	list += "sha0";

+#endif

 	list += "ripemd160";

 #ifdef HAVE_OPENSSL_MD2

 	list += "md2";

@@ -7133,8 +7141,10 @@ public:

 			return new opensslInfoContext(this);

 		else if ( type == "sha1" )

 			return new opensslHashContext( EVP_sha1(), this, type);

+#ifdef HAVE_OPENSSL_SHA0

 		else if ( type == "sha0" )

 			return new opensslHashContext( EVP_sha(), this, type);

+#endif

 		else if ( type == "ripemd160" )

 			return new opensslHashContext( EVP_ripemd160(), this, type);

 #ifdef HAVE_OPENSSL_MD2