testing/botan: fix test failures

2 files changed, 52 insertions, 4 deletions

diff --git a/testing/botan/APKBUILD b/testing/botan/APKBUILD
index 2860654f1a..688aed2531 100644
--- a/testing/botan/APKBUILD
+++ b/testing/botan/APKBUILD
@@ -3,16 +3,17 @@
 pkgname=botan
 _pkgname=Botan
 pkgver=2.7.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Crypto and TLS for C++11"
 url="https://botan.randombit.net/"
-arch="x86_64"
+arch="all"
 license="BSD-2-Clause"
 depends=""
 depends_dev="boost-dev bzip2-dev libressl-dev sqlite-dev xz-dev zlib-dev"
 makedepends="$depends_dev python2"
 subpackages="$pkgname-dev $pkgname-doc"
-source="https://botan.randombit.net/releases/$_pkgname-$pkgver.tgz"
+source="https://botan.randombit.net/releases/$_pkgname-$pkgver.tgz
+        point-at-infinity-soft-error.patch"
 builddir="$srcdir/$_pkgname-$pkgver"
 install=""
 
@@ -56,4 +57,5 @@ package() {
 	rm -rf "$pkgdir"/usr/lib/python*
 }
 
-sha512sums="992138d83e18aedf80337d825f80c34dd3d2177eb30967573c57cf9fb7e7f9a9965ae3d75f23635f4c93b4efb7bb5adbb3423702663c78a5eb905dd567561858  Botan-2.7.0.tgz"
+sha512sums="992138d83e18aedf80337d825f80c34dd3d2177eb30967573c57cf9fb7e7f9a9965ae3d75f23635f4c93b4efb7bb5adbb3423702663c78a5eb905dd567561858  Botan-2.7.0.tgz
+264f1f3718ce6561f134b330117c2d8d67c4dfb3e2bc41bd01331d53ce81f0f8ccade4a9dc7a8652e4d82f0c123da3ed2a575f3b1ab3b8c8ebce72abbfbfdd35  point-at-infinity-soft-error.patch"
diff --git a/testing/botan/point-at-infinity-soft-error.patch b/testing/botan/point-at-infinity-soft-error.patch
new file mode 100644
index 0000000000..23bb948b4c
--- /dev/null
+++ b/testing/botan/point-at-infinity-soft-error.patch
@@ -0,0 +1,46 @@
+From 0472b6a95fa36257d0bf4ad99a14d437eedaa9ee Mon Sep 17 00:00:00 2001
+From: Jack Lloyd <jack@randombit.net>
+Date: Tue, 17 Jul 2018 12:59:05 -0400
+Subject: [PATCH] Handle another possible OpenSSL error only seen on non-x86_64
+
+GH #1627
+---
+ src/lib/prov/openssl/openssl_ec.cpp | 23 ++++++++++++++++-------
+ 1 file changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp
+index ca5be857a5..b9e53b6fdc 100644
+--- a/src/lib/prov/openssl/openssl_ec.cpp
++++ b/src/lib/prov/openssl/openssl_ec.cpp
+@@ -187,15 +187,24 @@ class OpenSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification_w
+          if(res < 0)
+             {
+             int err = ERR_get_error();
++
++            bool hard_error = true;
++
+ #if defined(EC_R_BAD_SIGNATURE)
+-            if(ERR_GET_REASON(err) != EC_R_BAD_SIGNATURE)
+-               throw OpenSSL_Error("ECDSA_do_verify", err);
+-#elif defined(ECDSA_R_BAD_SIGNATURE)
+-            if(ERR_GET_REASON(err) != ECDSA_R_BAD_SIGNATURE)
+-               throw OpenSSL_Error("ECDSA_do_verify", err);
+-#else
+-            throw OpenSSL_Error("ECDSA_do_verify");
++            if(ERR_GET_REASON(err) == EC_R_BAD_SIGNATURE)
++               hard_error = false;
+ #endif
++#if defined(EC_R_POINT_AT_INFINITY)
++            if(ERR_GET_REASON(err) == EC_R_POINT_AT_INFINITY)
++               hard_error = false;
++#endif
++#if defined(ECDSA_R_BAD_SIGNATURE)
++            if(ERR_GET_REASON(err) == ECDSA_R_BAD_SIGNATURE)
++               hard_error = false;
++#endif
++
++            if(hard_error)
++               throw OpenSSL_Error("ECDSA_do_verify", err);
+             }
+          return (res == 1);
+          }