5 files changed, 65 insertions, 14 deletions

diff --git a/src/3rdparty/sha3/KeccakSponge.c b/src/3rdparty/sha3/KeccakSponge.c
index 6f3da95dbb..337c10ccaf 100644
--- a/src/3rdparty/sha3/KeccakSponge.c
+++ b/src/3rdparty/sha3/KeccakSponge.c
@@ -170,9 +170,10 @@ static int Absorb(spongeState *state, const unsigned char *data, unsigned long l
             i += wholeBlocks*state->rate;
         }
         else {
-            partialBlock = (unsigned int)(databitlen - i);
-            if (partialBlock+state->bitsInQueue > state->rate)
+            if (databitlen-i > state->rate - state->bitsInQueue)
                 partialBlock = state->rate-state->bitsInQueue;
+            else
+                partialBlock = (unsigned int)(databitlen - i);
             partialByte = partialBlock % 8;
             partialBlock -= partialByte;
             memcpy(state->dataQueue+state->bitsInQueue/8, data+i/8, partialBlock/8);
diff --git a/src/3rdparty/sha3/brg_endian.h b/src/3rdparty/sha3/brg_endian.h
index 9bb306e678..0baac93dc9 100644
--- a/src/3rdparty/sha3/brg_endian.h
+++ b/src/3rdparty/sha3/brg_endian.h
@@ -42,7 +42,7 @@ Changes for ARM 9/9/2010 [Downstream relative to Gladman's GitHub, upstream to Q
 #elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
 #  if !defined( __MINGW32__ ) && !defined( _AIX ) && !defined(Q_OS_QNX)
 #    include <endian.h>
-#    if !defined( __BEOS__ ) && !defined(Q_OS_RTEMS)
+#    if !defined( __BEOS__ ) && !defined(Q_OS_RTEMS) && !defined(Q_OS_VXWORKS)
 #      include <byteswap.h>
 #    endif
 #  endif
diff --git a/src/3rdparty/sha3/brg_endian.h.patch b/src/3rdparty/sha3/brg_endian.h.patch
index 395133ad2a..41807bdbbf 100644
--- a/src/3rdparty/sha3/brg_endian.h.patch
+++ b/src/3rdparty/sha3/brg_endian.h.patch
@@ -1,6 +1,5 @@
-diff -ub /home/eddy/.sys/tmp/sha/brg_endian.h /home/eddy/work/Qt-5.12/qtbase/src/3rdparty/sha3/brg_endian.h
---- upstream/sha/brg_endian.h	2018-10-22 16:27:04.106128670 +0200
-+++ qtbase/src/3rdparty/sha3/brg_endian.h	2018-10-22 16:30:35.098891562 +0200
+--- /home/jacek/git/sha/brg_endian.h	2023-07-25 23:20:58.157487162 +0200
++++ brg_endian.h	2023-07-25 23:27:20.889797352 +0200
 @@ -16,6 +16,7 @@
  and fitness for purpose.
  ---------------------------------------------------------------------------
@@ -9,6 +8,18 @@ diff -ub /home/eddy/.sys/tmp/sha/brg_endian.h /home/eddy/work/Qt-5.12/qtbase/src
  */
  
  #ifndef _BRG_ENDIAN_H
+@@ -39,9 +40,9 @@
+       defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
+ #  include <machine/endian.h>
+ #elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
+-#  if !defined( __MINGW32__ ) && !defined( _AIX )
++#  if !defined( __MINGW32__ ) && !defined( _AIX ) && !defined(Q_OS_QNX)
+ #    include <endian.h>
+-#    if !defined( __BEOS__ )
++#    if !defined( __BEOS__ ) && !defined(Q_OS_RTEMS) && !defined(Q_OS_VXWORKS)
+ #      include <byteswap.h>
+ #    endif
+ #  endif
 @@ -119,12 +120,18 @@
        defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
  #  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
@@ -30,5 +41,3 @@ diff -ub /home/eddy/.sys/tmp/sha/brg_endian.h /home/eddy/work/Qt-5.12/qtbase/src
  #endif
  
  #endif
-
-Diff finished.  Mon Oct 22 16:31:46 2018
diff --git a/src/3rdparty/sha3/overflow.patch b/src/3rdparty/sha3/overflow.patch
new file mode 100644
index 0000000000..f62a932ac8
--- /dev/null
+++ b/src/3rdparty/sha3/overflow.patch
@@ -0,0 +1,31 @@
+From a60180d3f8ffac268f02d2d4b0b4fbf1bff50f11 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
+Date: Wed, 8 Mar 2023 11:10:49 +0100
+Subject: [PATCH] Fix overflow in SHA-3/Keccak
+
+Pick-to: 6.5.0 6.5 6.4.3 6.4 6.2 5.15
+Change-Id: I56d268a19fb3cd542cc027edc962253f09d97a14
+---
+ src/3rdparty/sha3/KeccakSponge.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/3rdparty/sha3/KeccakSponge.c b/src/3rdparty/sha3/KeccakSponge.c
+index 6f3da95dbb..337c10ccaf 100644
+--- a/src/3rdparty/sha3/KeccakSponge.c
++++ b/src/3rdparty/sha3/KeccakSponge.c
+@@ -170,9 +170,10 @@ static int Absorb(spongeState *state, const unsigned char *data, unsigned long l
+             i += wholeBlocks*state->rate;
+         }
+         else {
+-            partialBlock = (unsigned int)(databitlen - i);
+-            if (partialBlock+state->bitsInQueue > state->rate)
++            if (databitlen-i > state->rate - state->bitsInQueue)
+                 partialBlock = state->rate-state->bitsInQueue;
++            else
++                partialBlock = (unsigned int)(databitlen - i);
+             partialByte = partialBlock % 8;
+             partialBlock -= partialByte;
+             memcpy(state->dataQueue+state->bitsInQueue/8, data+i/8, partialBlock/8);
+-- 
+2.39.2.vfs.0.0
+
diff --git a/src/3rdparty/sha3/qt_attribution.json b/src/3rdparty/sha3/qt_attribution.json
index 4e53cfae0f..1bd974144b 100644
--- a/src/3rdparty/sha3/qt_attribution.json
+++ b/src/3rdparty/sha3/qt_attribution.json
@@ -4,7 +4,7 @@
         "Name": "Secure Hash Algorithm SHA-3 - brg_endian",
         "QDocModule": "qtcore",
         "QtUsage": "Used in Qt Core (QCryptographicHash).",
-        "Files": "apply brg_endian.h.patch to upstream from https://github.com/BrianGladman/sha/",
+        "Comment": "apply brg_endian.h.patch to upstream from https://github.com/BrianGladman/sha/",
         "Files": "brg_endian.h",
 
         "Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.",
@@ -19,17 +19,27 @@
         "Name": "Secure Hash Algorithm SHA-3 - Keccak",
         "QDocModule": "qtcore",
         "QtUsage": "Used in Qt Core (QCryptographicHash).",
-        "Files": "https://keccak.team/obsolete/KeccakReferenceAndOptimized-3.2.zip - but it's obsolete",
-        "Files": "KeccakF-1600-32-rvk.macros KeccakF-1600-32.macros KeccakF-1600-64.macros KeccakF-1600-interface.h KeccakF-1600-opt32.c KeccakF-1600-opt64.c KeccakF-1600-unrolling.macros KeccakNISTInterface.c KeccakNISTInterface.h KeccakSponge.c KeccakSponge.h",
+        "Comment": { "ObsoleteSource":
+                     "https://keccak.team/obsolete/KeccakReferenceAndOptimized-3.2.zip",
+                     "PatchApplied": "overflow.patch" },
+        "Files": [ "KeccakF-1600-32-rvk.macros",
+                   "KeccakF-1600-32.macros",
+                   "KeccakF-1600-64.macros",
+                   "KeccakF-1600-interface.h",
+                   "KeccakF-1600-opt32.c",
+                   "KeccakF-1600-opt64.c",
+                   "KeccakF-1600-unrolling.macros",
+                   "KeccakNISTInterface.c",
+                   "KeccakNISTInterface.h",
+                   "KeccakSponge.c",
+                   "KeccakSponge.h" ],
 
         "Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.",
         "Version": "3.2",
         "License": "Creative Commons Zero v1.0 Universal",
         "LicenseId": "CC0-1.0",
         "LicenseFile": "CC0_LICENSE",
-        "Copyright": "Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.
-
-To the extent possible under law, the implementers have waived all copyright
+        "Copyright": "Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.\nTo the extent possible under law, the implementers have waived all copyright
 and related or neighboring rights to the source code in this file."
     }
 ]