5 files changed, 299 insertions, 154 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 14cd35d..ff260cf 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,2 +1,2 @@
-DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe
-DIST openssl-3.0.5.tar.gz.asc 862 BLAKE2B 24f1839227be7acec45eb6b748cea7be0b5e66b5cf745814861f7290670733936bf1af2c1dc9357439b31a2ca28f418880d63726d4be6fa994902ac95b51e401 SHA512 516da9ef291601400576adaba7271854af3caa23dc1d70116004360f580e4c28fe61d51e86477d341e4c5bf0ca5f98db8264581ed6cc2c8df124da83ad3e40be
+DIST openssl-3.3.2.tar.gz 18076531 BLAKE2B cc53d45418673bc2a406d6697b8bd17ff6c726463c4ccc87bb2fa5a6592d0d178dc8cfeb2fbb980ea354a5dc2c86f31c48453427c6937896c7221273e623c9b5 SHA512 5ae47bf1aed2740a33ba5df7dc7345a6738aa6bfa3c9c4de5e51742485e24b25192988d7a2c1b8201ef70056ad8abd0ca78b3d55abe24c0b0373d83b47ed9b74
+DIST openssl-3.3.2.tar.gz.asc 833 BLAKE2B c318e2dcef085b83ced77048dc136d9bc8438d49a7985f3c6ebd4ffd0e5e290ece47e8fd1074c6cc056e87b2bae2101dd58b8d70dbc0eb99aa134d776125439c SHA512 981f8438bbd541b97e745aca1bb77cde68900ce4b5ffefc9eccc2f18c675292203f6b4c7bffefde2256a442b7310d8438279b52fb21aac65921e9a529bc00067
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.4
index 68d7d0a..79f6331 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.4
@@ -77,7 +77,9 @@ fi
 
 # Detect target arch
 machine=""
+submachine=""
 chost_machine=${CHOST%%-*}
+[[ ${CC} == *clang* ]] && submachine="-clang"
 case ${system} in
 linux)
 	case ${chost_machine}:${ABI} in
@@ -95,17 +97,22 @@ linux)
 	#	hppa64*)      machine=parisc64;;
 		hppa*)        machine="generic32 -DB_ENDIAN";;
 		i[0-9]86*|\
-		x86_64*:x86)  machine=elf;;
+		x86_64*:x86)  machine=x86${submachine};;
 		ia64*)        machine=ia64;;
-		m68*)         machine="generic32 -DB_ENDIAN";;
-		mips*el*)     machine="generic32 -DL_ENDIAN";;
-		mips*)        machine="generic32 -DB_ENDIAN";;
+		loongarch64*) machine="loongarch64 -DL_ENDIAN" system=linux64;;
+		m68*)         machine="latomic -DB_ENDIAN";;
+		mips*el*:o32) machine="mips32 -DL_ENDIAN";;
+		mips*:o32)    machine="mips32 -DB_ENDIAN";;
+		mips*el*:n32) machine="mips64 -DL_ENDIAN";;
+		mips*:n32)    machine="mips64 -DB_ENDIAN";;
+		mips*el*:n64) machine="mips64 -DL_ENDIAN" system=linux64;;
+		mips*:n64)    machine="mips64 -DB_ENDIAN" system=linux64;;
 		powerpc64*le*)machine=ppc64le;;
 		powerpc64*)   machine=ppc64;;
 		powerpc*le*)  machine="generic32 -DL_ENDIAN";;
 		powerpc*)     machine=ppc;;
 		riscv32*)     machine="generic32 -DL_ENDIAN";;
-		riscv64*)     machine="generic64 -DL_ENDIAN";;
+		riscv64*)     machine="riscv64 -DL_ENDIAN" system=linux64;;
 	#	sh64*)        machine=elf;;
 		sh*b*)        machine="generic32 -DB_ENDIAN";;
 		sh*)          machine="generic32 -DL_ENDIAN";;
@@ -120,7 +127,7 @@ linux)
 		s390x*)       machine=s390x system=linux64;;
 		s390*)        machine="generic32 -DB_ENDIAN";;
 		x86_64*:x32)  machine=x32;;
-		x86_64*)      machine=x86_64;;
+		x86_64*)      machine=x86_64${submachine};;
 	esac
 	;;
 BSD)
diff --git a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
deleted file mode 100644
index 8fa0387..0000000
--- a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From 7f58de577c05ae0bbd20eee9b2971cfa1cd062c8 Mon Sep 17 00:00:00 2001
-From: Gregor Jasny <gjasny@googlemail.com>
-Date: Tue, 5 Jul 2022 12:57:06 +0200
-Subject: [PATCH] Add missing header for memcmp
-
-CLA: trivial
----
- test/v3ext.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/test/v3ext.c b/test/v3ext.c
-index 926f3884b138..a8ab64b2714b 100644
---- a/test/v3ext.c
-+++ b/test/v3ext.c
-@@ -8,6 +8,7 @@
-  */
- 
- #include <stdio.h>
-+#include <string.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include <openssl/pem.h>
diff --git a/dev-libs/openssl/files/openssl-3.3.2-CVE-2024-9143.patch b/dev-libs/openssl/files/openssl-3.3.2-CVE-2024-9143.patch
new file mode 100644
index 0000000..5776c78
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.3.2-CVE-2024-9143.patch
@@ -0,0 +1,193 @@
+https://bugs.gentoo.org/941643
+https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
+
+From c0d3e4d32d2805f49bec30547f225bc4d092e1f4 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@openssl.org>
+Date: Thu, 19 Sep 2024 01:02:40 +1000
+Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse.
+
+The BN_GF2m_poly2arr() function converts characteristic-2 field
+(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
+to a compact array with just the exponents of the non-zero terms.
+
+These polynomials are then used in BN_GF2m_mod_arr() to perform modular
+reduction.  A precondition of calling BN_GF2m_mod_arr() is that the
+polynomial must have a non-zero constant term (i.e. the array has `0` as
+its final element).
+
+Internally, callers of BN_GF2m_poly2arr() did not verify that
+precondition, and binary EC curve parameters with an invalid polynomial
+could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
+
+The precondition is always true for polynomials that arise from the
+standard form of EC parameters for characteristic-two fields (X9.62).
+See the "Finite Field Identification" section of:
+
+    https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
+
+The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
+basis X9.62 forms.
+
+This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
+the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
+
+Additionally, the return value is made unambiguous when there is not
+enough space to also pad the array with a final `-1` sentinel value.
+The return value is now always the number of elements (including the
+final `-1`) that would be filled when the output array is sufficiently
+large.  Previously the same count was returned both when the array has
+just enough room for the final `-1` and when it had only enough space
+for non-sentinel values.
+
+Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
+degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
+CPU exhausition attacks via excessively large inputs.
+
+The above issues do not arise in processing X.509 certificates.  These
+generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
+disallows explicit EC parameters.  The TLS code in OpenSSL enforces this
+constraint only after the certificate is decoded, but, even if explicit
+parameters are specified, they are in X9.62 form, which cannot represent
+problem values as noted above.
+
+Initially reported as oss-fuzz issue 71623.
+
+A closely related issue was earlier reported in
+<https://github.com/openssl/openssl/issues/19826>.
+
+Severity: Low, CVE-2024-9143
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/25639)
+
+(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2)
+--- a/crypto/bn/bn_gf2m.c
++++ b/crypto/bn/bn_gf2m.c
+@@ -15,6 +15,7 @@
+ #include "bn_local.h"
+ 
+ #ifndef OPENSSL_NO_EC2M
++# include <openssl/ec.h>
+ 
+ /*
+  * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+@@ -1130,16 +1131,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ /*
+  * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+  * x^i) into an array of integers corresponding to the bits with non-zero
+- * coefficient.  Array is terminated with -1. Up to max elements of the array
+- * will be filled.  Return value is total number of array elements that would
+- * be filled if array was large enough.
++ * coefficient.  The array is intended to be suitable for use with
++ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
++ * zero.  This translates to a requirement that the input BIGNUM `a` is odd.
++ *
++ * Given sufficient room, the array is terminated with -1.  Up to max elements
++ * of the array will be filled.
++ *
++ * The return value is total number of array elements that would be filled if
++ * array was large enough, including the terminating `-1`.  It is `0` when `a`
++ * is not odd or the constant term is zero contrary to requirement.
++ *
++ * The return value is also `0` when the leading exponent exceeds
++ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
+  */
+ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+ {
+     int i, j, k = 0;
+     BN_ULONG mask;
+ 
+-    if (BN_is_zero(a))
++    if (!BN_is_odd(a))
+         return 0;
+ 
+     for (i = a->top - 1; i >= 0; i--) {
+@@ -1157,12 +1168,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+         }
+     }
+ 
+-    if (k < max) {
++    if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
++        return 0;
++
++    if (k < max)
+         p[k] = -1;
+-        k++;
+-    }
+ 
+-    return k;
++    return k + 1;
+ }
+ 
+ /*
+--- a/test/ec_internal_test.c
++++ b/test/ec_internal_test.c
+@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
+ }
+ 
+ #ifndef OPENSSL_NO_EC2M
++/* Test that decoding of invalid GF2m field parameters fails. */
++static int ec2m_field_sanity(void)
++{
++    int ret = 0;
++    BN_CTX *ctx = BN_CTX_new();
++    BIGNUM *p, *a, *b;
++    EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
++
++    TEST_info("Testing GF2m hardening\n");
++
++    BN_CTX_start(ctx);
++    p = BN_CTX_get(ctx);
++    a = BN_CTX_get(ctx);
++    if (!TEST_ptr(b = BN_CTX_get(ctx))
++        || !TEST_true(BN_one(a))
++        || !TEST_true(BN_one(b)))
++        goto out;
++
++    /* Even pentanomial value should be rejected */
++    if (!TEST_true(BN_set_word(p, 0xf2)))
++        goto out;
++    if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++        TEST_error("Zero constant term accepted in GF2m polynomial");
++
++    /* Odd hexanomial should also be rejected */
++    if (!TEST_true(BN_set_word(p, 0xf3)))
++        goto out;
++    if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++        TEST_error("Hexanomial accepted as GF2m polynomial");
++
++    /* Excessive polynomial degree should also be rejected */
++    if (!TEST_true(BN_set_word(p, 0x71))
++        || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
++        goto out;
++    if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++        TEST_error("GF2m polynomial degree > %d accepted",
++                   OPENSSL_ECC_MAX_FIELD_BITS);
++
++    ret = group1 == NULL && group2 == NULL && group3 == NULL;
++
++ out:
++    EC_GROUP_free(group1);
++    EC_GROUP_free(group2);
++    EC_GROUP_free(group3);
++    BN_CTX_end(ctx);
++    BN_CTX_free(ctx);
++
++    return ret;
++}
++
+ /* test EC_GF2m_simple_method directly */
+ static int field_tests_ec2_simple(void)
+ {
+@@ -443,6 +493,7 @@ int setup_tests(void)
+     ADD_TEST(field_tests_ecp_simple);
+     ADD_TEST(field_tests_ecp_mont);
+ #ifndef OPENSSL_NO_EC2M
++    ADD_TEST(ec2m_field_sanity);
+     ADD_TEST(field_tests_ec2_simple);
+ #endif
+     ADD_ALL_TESTS(field_tests_default, crv_len);
+
diff --git a/dev-libs/openssl/openssl-3.0.5-r1.ebuild b/dev-libs/openssl/openssl-3.3.2-r1.ebuild
index 5aa7087..4030adf 100644
--- a/dev-libs/openssl/openssl-3.0.5-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.3.2-r1.ebuild
@@ -1,13 +1,14 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
+HOMEPAGE="https://openssl-library.org/"
 
 MY_P=${P/_/-}
 
@@ -16,20 +17,27 @@ if [[ ${PV} == 9999 ]] ; then
 
 	inherit git-r3
 else
-	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+	SRC_URI="
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~amd64 ~x86"
+	fi
 fi
 
 S="${WORKDIR}"/${MY_P}
 
 LICENSE="Apache-2.0"
-SLOT="0/3" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
-	>=app-misc/c_rehash-1.7-r1
+	!<net-misc/openssh-9.2_p1-r3
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
 BDEPEND="
@@ -37,11 +45,11 @@ BDEPEND="
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
 		sys-apps/diffutils
-		sys-devel/bc
+		app-alternatives/bc
 		sys-process/procps
 	)
-	verify-sig? ( sec-keys/openpgp-keys-openssl )"
-
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )
+"
 DEPEND="${COMMON_DEPEND}"
 RDEPEND="${COMMON_DEPEND}"
 PDEPEND="app-misc/ca-certificates"
@@ -51,7 +59,7 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 PATCHES=(
-	"${FILESDIR}"/${P}-test-memcmp.patch
+	"${FILESDIR}"/${P}-CVE-2024-9143.patch
 )
 
 pkg_setup() {
@@ -62,6 +70,7 @@ pkg_setup() {
 			CONFIG_CHECK="~TLS ~TLS_DEVICE"
 			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
 			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
 
 			linux-info_pkg_setup
 		fi
@@ -84,23 +93,16 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
 }
 
 src_prepare() {
-	# Allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
 	# Make sure we only ever touch Makefile.org and avoid patching a file
 	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
+	rm -f Makefile || die
 
 	if ! use vanilla ; then
 		PATCHES+=(
@@ -115,18 +117,13 @@ src_prepare() {
 		rm test/recipes/80-test_ssl_new.t || die
 	fi
 
-	# - Make sure the man pages are suffixed (bug #302165)
-	# - Don't bother building man pages if they're disabled
-	# - Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
 
 	# Quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -138,33 +135,24 @@ src_prepare() {
 	# code. This has been in the ebuild for > 10 years but even in 2022,
 	# it's still relevant:
 	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
 	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
 	# Don't remove the no strict aliasing bits below!
 	filter-flags -fstrict-aliasing
 	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
 
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 
-	# Prefixify Configure shebang (bug #141906)
-	sed \
-		-e "1s,/usr/bin/env,${BROOT}&," \
-		-i Configure || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	# The config script does stupid stuff to prompt the user. Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
 
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
 	# bug #197996
 	unset APPS
 	# bug #312551
@@ -174,19 +162,22 @@ multilib_src_configure() {
 
 	tc-export AR CC CXX RANLIB RC
 
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 
 	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
 
-	local sslout=$(./gentoo.config)
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
 	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
 
 	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
 	local myeconfargs=(
 		${sslout}
 
+		$(multilib_is_native_abi || echo "no-docs")
 		$(use cpu_flags_x86_sse2 || echo "no-sse2")
 		enable-camellia
 		enable-ec
@@ -194,10 +185,11 @@ multilib_src_configure() {
 		enable-sm2
 		enable-srp
 		$(use elibc_musl && echo "no-async")
-		$(use amd64 && echo "enable-ec_nistp_64_gcc_128")
+		enable-ec_nistp_64_gcc_128
 		enable-idea
 		enable-mdc2
 		$(use fips && echo "enable-fips")
+		$(use quic && echo "enable-quic")
 		$(use_ssl asm)
 		$(use_ssl ktls)
 		$(use_ssl rfc3779)
@@ -214,49 +206,39 @@ multilib_src_configure() {
 		threads
 	)
 
-	CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}"
-
-	# Clean out hardcoded flags that openssl uses
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:\(^\| \)-fomit-frame-pointer::g' \
-		-e 's:\(^\| \)-O[^ ]*::g' \
-		-e 's:\(^\| \)-march=[^ ]*::g' \
-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-		-e 's:\(^\| \)-m[^ ]*::g' \
-		-e 's:^ *::' \
-		-e 's: *$::' \
-		-e 's: \+: :g' \
-		-e 's:\\:\\\\:g'
-	)
-
-	# Now insert clean default flags with user flags
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile \
-		|| die
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
 }
 
 multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-
-	emake all
+	emake build_sw
 }
 
 multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
 	# VFP = show subtests verbosely and show failed tests verbosely
 	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
 }
 
 multilib_src_install() {
-	# We need to create ${ED}/usr on our own to avoid a race condition (bug #665130)
-	dodir /usr
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
 
-	emake DESTDIR="${D}" install
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs. But this is due to a failing in the openssl
@@ -278,38 +260,6 @@ multilib_src_install_all() {
 	# Create the certs directory
 	keepdir ${SSL_CNF_DIR}/certs
 
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*}
-		d=${d#./}
-		m=${m##*/}
-
-		[[ ${m} == openssl.1* ]] && continue
-
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-
-		mv ${d}/{,ssl-}${m} || die
-
-		# Fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die
-		ln -s ssl-${m} ${d}/openssl-${m} || die
-
-		# Locate any symlinks that point to this man page
-		# We assume that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-
-			rm -f ${d}/${s}
-
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
 	# bug #254521
 	dodir /etc/sandbox.d
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
@@ -318,8 +268,25 @@ multilib_src_install_all() {
 	keepdir ${SSL_CNF_DIR}/private
 }
 
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
 pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
 	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }