From 2e67dbd06b2e700f6fc76b70ae7414d5defb2248 Mon Sep 17 00:00:00 2001
From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
Date: Tue, 1 Oct 2024 15:14:23 -0400
Subject: dev-libs/openssl: upgrade to 3.3.2

---
 .../openssl/files/openssl-3.2.1-p11-segfault.patch | 79 ++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch

(limited to 'dev-libs/openssl/files')

diff --git a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
new file mode 100644
index 0000000..59e785c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
@@ -0,0 +1,79 @@
+https://bugs.gentoo.org/916328
+https://github.com/opendnssec/SoftHSMv2/issues/729
+https://github.com/openssl/openssl/issues/22508
+https://github.com/openssl/openssl/commit/934943281267259fa928f4a5814b176525461a65
+
+From 934943281267259fa928f4a5814b176525461a65 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 15 Dec 2023 13:45:50 +0100
+Subject: [PATCH] Revert "Improved detection of engine-provided private
+ "classic" keys"
+
+This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
+
+The commit was wrong. With 3.x versions the engines must be themselves
+responsible for creating their EVP_PKEYs in a way that they are treated
+as legacy - either by using the respective set1 calls or by setting
+non-default EVP_PKEY_METHOD.
+
+The workaround has caused more problems than it solved.
+
+Fixes #22945
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/23063)
+
+(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
+--- a/crypto/engine/eng_pkey.c
++++ b/crypto/engine/eng_pkey.c
+@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+         ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+         return NULL;
+     }
+-    /* We enforce check for legacy key */
+-    switch (EVP_PKEY_get_id(pkey)) {
+-    case EVP_PKEY_RSA:
+-        {
+-        RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+-        EVP_PKEY_set1_RSA(pkey, rsa);
+-        RSA_free(rsa);
+-        }
+-        break;
+-#  ifndef OPENSSL_NO_EC
+-    case EVP_PKEY_SM2:
+-    case EVP_PKEY_EC:
+-        {
+-        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+-        EVP_PKEY_set1_EC_KEY(pkey, ec);
+-        EC_KEY_free(ec);
+-        }
+-        break;
+-#  endif
+-#  ifndef OPENSSL_NO_DSA
+-    case EVP_PKEY_DSA:
+-        {
+-        DSA *dsa = EVP_PKEY_get1_DSA(pkey);
+-        EVP_PKEY_set1_DSA(pkey, dsa);
+-        DSA_free(dsa);
+-        }
+-        break;
+-#endif
+-#  ifndef OPENSSL_NO_DH
+-    case EVP_PKEY_DH:
+-        {
+-        DH *dh = EVP_PKEY_get1_DH(pkey);
+-        EVP_PKEY_set1_DH(pkey, dh);
+-        DH_free(dh);
+-        }
+-        break;
+-#endif
+-    default:
+-        /*Do nothing */
+-        break;
+-    }
+-
+     return pkey;
+ }
+ 
+
-- 
cgit v1.2.3-70-g09d2