From a19568f3e80a27d75eec383bc0071410e7934618 Mon Sep 17 00:00:00 2001
From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
Date: Wed, 31 May 2023 08:05:50 -0400
Subject: dev-libs/openssl: sync

---
 .../files/openssl-3.1.0-CVE-2023-0465.patch        | 46 ----------------------
 1 file changed, 46 deletions(-)
 delete mode 100644 dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch

(limited to 'dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch')

diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
deleted file mode 100644
index a98f7cb..0000000
--- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0465.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-commit facfb1ab745646e97a1920977ae4a9965ea61d5c
-Author: Matt Caswell <matt@openssl.org>
-Date:   Tue Mar 7 16:52:55 2023 +0000
-
-    Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
-    
-    Even though we check the leaf cert to confirm it is valid, we
-    later ignored the invalid flag and did not notice that the leaf
-    cert was bad.
-    
-    Fixes: CVE-2023-0465
-    
-    Reviewed-by: Hugo Landau <hlandau@openssl.org>
-    Reviewed-by: Tomas Mraz <tomas@openssl.org>
-    (Merged from https://github.com/openssl/openssl/pull/20586)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 9384f1da9b..a0282c3ef1 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
-         goto memerr;
-     /* Invalid or inconsistent extensions */
-     if (ret == X509_PCY_TREE_INVALID) {
--        int i;
-+        int i, cbcalled = 0;
- 
-         /* Locate certificates with bad extensions and notify callback. */
--        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
-             X509 *x = sk_X509_value(ctx->chain, i);
- 
-+            if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
-+                cbcalled = 1;
-             CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
-                        ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
-         }
-+        if (!cbcalled) {
-+            /* Should not be able to get here */
-+            ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-+            return 0;
-+        }
-+        /* The callback ignored the error so we return success */
-         return 1;
-     }
-     if (ret == X509_PCY_TREE_FAILURE) {
-- 
cgit v1.2.3-54-g00ecf