From nobody Tue Feb 20 11:53:47 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TfHqb5dZkz5BwTc; Tue, 20 Feb 2024 11:53:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TfHqb4G30z4rtn; Tue, 20 Feb 2024 11:53:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708430027; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cIeHIBJz1akAjogDl0tyIfW4iP8byC8UiIBko/vOGvI=; b=ZeoTA2tVxctTEplU1AxE64PswefdpYkxbhUBEI8NugNs+Rs4WEEuDjbpeZmaKR5OeSeFYs hCf6EWKO4uchrhivVUc/2i+4MtZ3HDCllGkeVeOY6k1w3qpvUOLvTf+Yc+1dG/q29F6OpG BIXpXMa0SNvkMextM2axy71xVoQuN8GzOuaVO2fP/HKkXBiifGWxLw+J6L0opPSzts2Bxy TRXOoI4vlvH4/wC6YD4q/h+qQQ18zHNBg/5Xr8MTXbEHQDuKqWh5A7sl5L9mp+NrbtmJKK 0hgho+FzbwAM6CMEJMAEnI20OGPiOYAhcV1/eFi1STq5sTu8M8kRzXoZEAPo7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708430027; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cIeHIBJz1akAjogDl0tyIfW4iP8byC8UiIBko/vOGvI=; b=UdQzxNJv1q0Pp1VPQlsxQZ4Bv3Q6GjpXttl54dFYRiLbM78aidE3sM49IyS7M/GiLwtQ03 +HdSTEDgdPFnTpwBIv0txUysYidNCJN9fjGUPkuzKs4iBzj8PNfua/ACyBoD09YF/i0+H/ olG3VKBN487+4rBKx80SvmVuOVFRM5OBKltUqPp5f1NGtnJ7BQgRU98p6yfMPePAdequrP vJ0uLQiWAfZo7EJg0zH55hfoL6X/XdD4wCQ2/IBaQti6mDujaXtMbKpyjiUE6LWaB2P9fp xrsjEtmT6SBJg3aM1GENviHnGFD1UpXT9CMhASGQ0wn6OdDvchEKJ17xuMIdRA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708430027; a=rsa-sha256; cv=none; b=w2kJYBWD4sxyg7qa4Gegc0ovWBjCUoxx8ujTEX3g1gb6asS78narK8zpKerNB0rrLYUKsa d83iwCwN8rIx/JK9xodG5ENFbFaCbIpK2BmtfsksSjIEfbC4fN1Kdig/0U0D+hNO/jKqsL DAN4MU1ckPovOocGuCRlFa3qVsgTNP/VhA6pvnff52rUdif9hkP3IFV6jxINcg75qFah9+ i3iR3zFz3DgOI+zxcxGLUMeILv3S6ClDflJjEZ00lMjgmxnUvJtOgk37+OP9ViGWHihSHn xeCLoGV2gCfugy1wIXrr9oUm8U6uLMg6JkJbS+M6XYuwQj1Xt1euIdN2EtASjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TfHqb3KS0zH2l; Tue, 20 Feb 2024 11:53:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41KBrl2f033614; Tue, 20 Feb 2024 11:53:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41KBrl9c033611; Tue, 20 Feb 2024 11:53:47 GMT (envelope-from git) Date: Tue, 20 Feb 2024 11:53:47 GMT Message-Id: <202402201153.41KBrl9c033611@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Muhammad Moinur Rahman Subject: git: 08beae7b9617 - main - security/libpki: Runtime fix List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bofh X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 08beae7b9617a07ffff47c118a5cfd5ae798fd4e Auto-Submitted: auto-generated The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=08beae7b9617a07ffff47c118a5cfd5ae798fd4e commit 08beae7b9617a07ffff47c118a5cfd5ae798fd4e Author: Bruno Damour AuthorDate: 2024-02-20 11:52:22 +0000 Commit: Muhammad Moinur Rahman CommitDate: 2024-02-20 11:53:40 +0000 security/libpki: Runtime fix The previous patch did build on FreeBSD 14.0 but the OCSP responder was segfaulting. This fixes the previous incorrect patch through backporting changes from upstream. OCSP responder (openca-ocspd) now works on FreeBSD 14.0. PR: 276951 Approved by: submitter is maintainer --- security/libpki/Makefile | 5 +- security/libpki/distinfo | 4 +- security/libpki/files/patch-acinclude.m4 | 16 ---- security/libpki/files/patch-configure.ac | 34 -------- .../files/patch-src-drivers-engine-engine_hsm.c | 12 --- .../patch-src-drivers-openssl-openssl_hsm_pkey.c | 59 -------------- .../libpki/files/patch-src-libpki-prqp-prqp_asn1.h | 53 ------------- .../libpki/files/patch-src-openssl-pki_ocsp_resp.c | 14 ---- .../libpki/files/patch-src-openssl-pki_x509_cert.c | 26 ------ .../libpki/files/patch-src-openssl-pki_x509_req.c | 14 ---- security/libpki/files/patch-src-pki_init.c | 13 --- security/libpki/files/patch-src-pki_x509.c | 92 ---------------------- 12 files changed, 6 insertions(+), 336 deletions(-) diff --git a/security/libpki/Makefile b/security/libpki/Makefile index f131efdd1a52..f09f9d9ef067 100644 --- a/security/libpki/Makefile +++ b/security/libpki/Makefile @@ -1,11 +1,12 @@ PORTNAME= libpki DISTVERSIONPREFIX= v DISTVERSION= 0.9.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security PATCH_SITES= https://github.com/openca/libpki/commit/ -PATCHFILES= d7617046e9da97473a140c02582fa571f6359ae3.patch:-p1 +PATCHFILES= d7617046e9da97473a140c02582fa571f6359ae3.patch:-p1 \ + 9c4865ad476a75c34d89e0bd663c280f544590c0.patch:-p1 MAINTAINER= bruno@ruomad.net COMMENT= OpenCA PKI library (libpki) and tools diff --git a/security/libpki/distinfo b/security/libpki/distinfo index a345f02fc034..d89d00d30956 100644 --- a/security/libpki/distinfo +++ b/security/libpki/distinfo @@ -1,5 +1,7 @@ -TIMESTAMP = 1687900936 +TIMESTAMP = 1708348718 SHA256 (openca-libpki-v0.9.2_GH0.tar.gz) = 4352a77457579a498837e33fbc0092f67a1c5d93eee6eb73bc889ad8b8f747fb SIZE (openca-libpki-v0.9.2_GH0.tar.gz) = 1184928 SHA256 (d7617046e9da97473a140c02582fa571f6359ae3.patch) = 05818f983047b399958f523e79de001d995947ec92366dca2c9f7aac52fed7c7 SIZE (d7617046e9da97473a140c02582fa571f6359ae3.patch) = 1251 +SHA256 (9c4865ad476a75c34d89e0bd663c280f544590c0.patch) = bbc836316c30c8d3488ef63688bc94cfd6219a9ea265b3003663cc10d15d488d +SIZE (9c4865ad476a75c34d89e0bd663c280f544590c0.patch) = 15103 diff --git a/security/libpki/files/patch-acinclude.m4 b/security/libpki/files/patch-acinclude.m4 deleted file mode 100644 index fcb98b4cf827..000000000000 --- a/security/libpki/files/patch-acinclude.m4 +++ /dev/null @@ -1,16 +0,0 @@ ---- acinclude.m4.orig 2023-06-27 08:58:28.460201000 +0200 -+++ acinclude.m4 2023-06-27 13:17:52.671338000 +0200 -@@ -116,7 +116,12 @@ - - AC_MSG_RESULT([Searching OpenSSL Version: $library_includes]); - ver=`grep "^ *# *define *OPENSSL_VERSION_NUMBER" "$library_includes" | sed 's/.*0x/0x/g' | sed 's|\L||g'`; -- detected_v=`echo $((ver))` -+ if [[ "x$ver" == "x" ]] ; then -+ pver=`grep "^ *# *define OPENSSL_VERSION_PRE_RELEASE" "$library_includes" | sed 's|.* "|"|g' | sed 's|""|fL|g' | sed 's|".*"|0L|g'` -+ bver=`grep "^ *# *define OPENSSL_VERSION_STR" "$library_includes" | sed 's|.* "||g' | sed 's|".*||g' | sed 's|\.| |g' | xargs printf "0x%1x%02X%02X" ` -+ ver="$bver$pver" -+ fi -+ detected_v=`echo $((ver))` - required_v=`echo $(($_version))` - - dnl ver=`grep "^ *# *define *SHLIB_VERSION_NUMBER" $library_includes | sed 's/[#_a-zA-Z" ]//g' | sed 's|\.|0|g'`; diff --git a/security/libpki/files/patch-configure.ac b/security/libpki/files/patch-configure.ac deleted file mode 100644 index 3950cc7afc45..000000000000 --- a/security/libpki/files/patch-configure.ac +++ /dev/null @@ -1,34 +0,0 @@ ---- configure.ac.orig 2023-02-21 00:50:13.111304000 +0100 -+++ configure.ac 2023-02-21 00:56:17.195099000 +0100 -@@ -23,7 +23,7 @@ - mybits_install="" - is_sparc="no" - is_aix="no" --my_arch=`uname -m` -+my_arch=`uname -p` - - case "$my_arch" in - *i686) -@@ -40,7 +40,13 @@ - mybits="64" - mybits_install="64" - ;; -- *aarch64) -+ *arm|*armv?) -+ mybits="32" -+ ;; -+ *powerpc) -+ mybits="32" -+ ;; -+ *aarch64|*arm64) - mybits="64" - mybits_install="64" - ;; -@@ -57,7 +63,6 @@ - *powerpc*) - mybits="64" - mybits_install="64" -- is_aix="yes" - ;; - *) - AC_MSG_ERROR([Not supported arch ($my_arch)]) diff --git a/security/libpki/files/patch-src-drivers-engine-engine_hsm.c b/security/libpki/files/patch-src-drivers-engine-engine_hsm.c deleted file mode 100644 index 4770da3e5ad4..000000000000 --- a/security/libpki/files/patch-src-drivers-engine-engine_hsm.c +++ /dev/null @@ -1,12 +0,0 @@ ---- src/drivers/engine/engine_hsm.c.orig 2023-06-27 08:58:28.477634000 +0200 -+++ src/drivers/engine/engine_hsm.c 2023-06-27 13:17:52.663862000 +0200 -@@ -204,7 +204,9 @@ - char *engine_id = NULL; - - ENGINE_load_builtin_engines(); -+#if OPENSSL_VERSION_NUMBER < 0x30000000 - ERR_load_ENGINE_strings(); -+#endif - - hsm = (HSM *) PKI_Malloc ( sizeof( HSM )); - memcpy( hsm, &engine_hsm, sizeof( HSM )); diff --git a/security/libpki/files/patch-src-drivers-openssl-openssl_hsm_pkey.c b/security/libpki/files/patch-src-drivers-openssl-openssl_hsm_pkey.c deleted file mode 100644 index 309bad12d747..000000000000 --- a/security/libpki/files/patch-src-drivers-openssl-openssl_hsm_pkey.c +++ /dev/null @@ -1,59 +0,0 @@ ---- src/drivers/openssl/openssl_hsm_pkey.c.orig 2023-06-27 08:58:28.478388000 +0200 -+++ src/drivers/openssl/openssl_hsm_pkey.c 2023-06-27 13:17:52.668464000 +0200 -@@ -443,8 +443,11 @@ - } break; - #ifdef ENABLE_ECDSA - case EVP_PKEY_EC: { --# if OPENSSL_VERSION_NUMBER < 0x1010000fL -+# if OPENSSL_VERSION_NUMBER >= 0x30000000L - ret = PEM_write_bio_ECPrivateKey(bp, -+ EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) kstr, klen, cb, u); -+# elif OPENSSL_VERSION_NUMBER < 0x1010000fL -+ ret = PEM_write_bio_ECPrivateKey(bp, - x->pkey.ec, enc, (unsigned char *) kstr, klen, cb, u); - # else - ret = PEM_write_bio_ECPrivateKey(bp, -@@ -480,7 +483,9 @@ - - case EVP_PKEY_RSA: { - RSA *rsa = NULL; --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ if (((rsa = EVP_PKEY_get1_RSA(kVal)) == NULL) || -+#elif OPENSSL_VERSION_NUMBER >= 0x1010000fL - if (((rsa = EVP_PKEY_get0_RSA(kVal)) == NULL) || - #else - if (((rsa = (RSA *)EVP_PKEY_get0(kVal)) == NULL) || -@@ -492,7 +497,9 @@ - - case EVP_PKEY_DH: { - DH *dh = NULL; --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ if ( ((dh = EVP_PKEY_get1_DH(kVal)) == NULL) || -+#elif OPENSSL_VERSION_NUMBER >= 0x1010000fL - if ( ((dh = EVP_PKEY_get0_DH(kVal)) == NULL) || - #else - if ( ((dh = (DH *)EVP_PKEY_get0(kVal)) == NULL) || -@@ -505,7 +512,9 @@ - #ifdef ENABLE_ECDSA - case EVP_PKEY_EC: { - EC_KEY * ec = NULL; --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ if (((ec = EVP_PKEY_get1_EC_KEY(kVal)) == NULL) || -+#elif OPENSSL_VERSION_NUMBER >= 0x1010000fL - if (((ec = EVP_PKEY_get0_EC_KEY(kVal)) == NULL) || - #else - if (((ec = (EC_KEY *)EVP_PKEY_get0(kVal)) == NULL) || -@@ -519,7 +528,9 @@ - #ifdef ENABLE_DSA - case EVP_PKEY_DSA: { - DSA *dsa = NULL; --#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ if ( ((dsa = EVP_PKEY_get1_DSA(kVal)) == NULL) || -+#elif OPENSSL_VERSION_NUMBER >= 0x1010000fL - if ( ((dsa = EVP_PKEY_get0_DSA(kVal)) == NULL) || - #else - if ( ((dsa = (DSA *)EVP_PKEY_get0(kVal)) == NULL) || diff --git a/security/libpki/files/patch-src-libpki-prqp-prqp_asn1.h b/security/libpki/files/patch-src-libpki-prqp-prqp_asn1.h deleted file mode 100644 index fe215c4e57d1..000000000000 --- a/security/libpki/files/patch-src-libpki-prqp-prqp_asn1.h +++ /dev/null @@ -1,53 +0,0 @@ ---- src/libpki/prqp/prqp_asn1.h.orig 2023-06-27 08:58:28.483798000 +0200 -+++ src/libpki/prqp/prqp_asn1.h 2023-06-27 13:17:52.673161000 +0200 -@@ -73,8 +73,13 @@ - // DECLARE_ASN1_SET_OF(CERT_IDENTIFIER) - - DECLARE_ASN1_FUNCTIONS(CERT_IDENTIFIER) --CERT_IDENTIFIER *CERT_IDENTIFIER_dup( CERT_IDENTIFIER *cid ); - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+CERT_IDENTIFIER *CERT_IDENTIFIER_dup ( const CERT_IDENTIFIER *cid ); -+#else -+CERT_IDENTIFIER *CERT_IDENTIFIER_dup ( CERT_IDENTIFIER *cid ); -+#endif -+ - /* ResourceIdentifier ::= SEQUENCE { - * resourceId OBJECT IDENTIFIER, - * version [0] INTEGER OPTIONAL } -@@ -128,7 +133,11 @@ - - DECLARE_ASN1_FUNCTIONS(PKI_PRQP_REQ) - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+PKI_PRQP_REQ * PKI_PRQP_REQ_dup ( const PKI_PRQP_REQ *x ); -+#else - PKI_PRQP_REQ * PKI_PRQP_REQ_dup ( PKI_PRQP_REQ *x ); -+#endif - - /* PKIStatus ::= INTEGER { - * ok {0}, -@@ -207,7 +216,11 @@ - DECLARE_ASN1_FUNCTIONS(RESOURCE_RESPONSE_TOKEN) - DECLARE_STACK_OF(RESOURCE_RESPONSE_TOKEN) - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+RESOURCE_RESPONSE_TOKEN * RESOURCE_RESPONSE_TOKEN_dup ( const RESOURCE_RESPONSE_TOKEN * p ); -+#else - RESOURCE_RESPONSE_TOKEN * RESOURCE_RESPONSE_TOKEN_dup ( RESOURCE_RESPONSE_TOKEN * p ); -+#endif - - /* TBSRespData ::= { - * version INTEGER { v(1) }, -@@ -239,7 +252,11 @@ - - DECLARE_ASN1_FUNCTIONS(PKI_PRQP_RESP) - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+PKI_PRQP_RESP * PKI_PRQP_RESP_dup ( const PKI_PRQP_RESP *x ); -+#else - PKI_PRQP_RESP * PKI_PRQP_RESP_dup ( PKI_PRQP_RESP *x ); -+#endif - - /* Crypto Functionality */ - /* diff --git a/security/libpki/files/patch-src-openssl-pki_ocsp_resp.c b/security/libpki/files/patch-src-openssl-pki_ocsp_resp.c deleted file mode 100644 index e0b2dd89bf74..000000000000 --- a/security/libpki/files/patch-src-openssl-pki_ocsp_resp.c +++ /dev/null @@ -1,14 +0,0 @@ ---- src/openssl/pki_ocsp_resp.c.orig 2023-06-27 08:58:28.486438000 +0200 -+++ src/openssl/pki_ocsp_resp.c 2023-06-27 13:17:52.661387000 +0200 -@@ -701,7 +701,10 @@ - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL ); - break; - } --#if OPENSSL_VERSION_NUMBER > 0x1010000fL -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ mem->size = (size_t)ASN1_item_i2d((void *)&(tmp_x->tbsResponseData), -+ &(mem->data), (ASN1_ITEM *) OCSP_RESPDATA_it ); -+#elif OPENSSL_VERSION_NUMBER > 0x1010000fL - mem->size = (size_t)ASN1_item_i2d((void *)&(tmp_x->tbsResponseData), - &(mem->data), &OCSP_RESPDATA_it ); - #else diff --git a/security/libpki/files/patch-src-openssl-pki_x509_cert.c b/security/libpki/files/patch-src-openssl-pki_x509_cert.c deleted file mode 100644 index 0052f92b89fa..000000000000 --- a/security/libpki/files/patch-src-openssl-pki_x509_cert.c +++ /dev/null @@ -1,26 +0,0 @@ ---- src/openssl/pki_x509_cert.c.orig 2023-06-27 08:58:28.486733000 +0200 -+++ src/openssl/pki_x509_cert.c 2023-06-27 13:17:52.669080000 +0200 -@@ -433,7 +433,10 @@ - case PKI_SCHEME_ECDSA: - if ( (int) kParams->ec.form > 0 ) - { --# if OPENSSL_VERSION_NUMBER < 0x1010000fL -+# if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ EC_KEY_set_conv_form(EVP_PKEY_get1_EC_KEY(certPubKeyVal), -+ (point_conversion_form_t) kParams->ec.form); -+# elif OPENSSL_VERSION_NUMBER < 0x1010000fL - EC_KEY_set_conv_form(certPubKeyVal->pkey.ec, - (point_conversion_form_t) kParams->ec.form); - # else -@@ -443,7 +446,10 @@ - } - if ( kParams->ec.asn1flags > -1 ) - { --# if OPENSSL_VERSION_NUMBER < 0x1010000fL -+# if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ EC_KEY_set_asn1_flag(EVP_PKEY_get1_EC_KEY(certPubKeyVal), -+ kParams->ec.asn1flags ); -+# elif OPENSSL_VERSION_NUMBER < 0x1010000fL - EC_KEY_set_asn1_flag(certPubKeyVal->pkey.ec, - kParams->ec.asn1flags ); - # else diff --git a/security/libpki/files/patch-src-openssl-pki_x509_req.c b/security/libpki/files/patch-src-openssl-pki_x509_req.c deleted file mode 100644 index 7cac927752bd..000000000000 --- a/security/libpki/files/patch-src-openssl-pki_x509_req.c +++ /dev/null @@ -1,14 +0,0 @@ ---- src/openssl/pki_x509_req.c.orig 2023-06-27 08:58:28.487713000 +0200 -+++ src/openssl/pki_x509_req.c 2023-06-27 13:17:52.669477000 +0200 -@@ -166,7 +166,10 @@ - #ifdef ENABLE_ECDSA - case PKI_SCHEME_ECDSA: - if ( kParams->ec.form != PKI_EC_KEY_FORM_UNKNOWN ) { --# if OPENSSL_VERSION_NUMBER > 0x1010000fL -+# if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ EC_KEY_set_conv_form(EVP_PKEY_get1_EC_KEY(kVal), -+ (point_conversion_form_t)kParams->ec.form); -+# elif OPENSSL_VERSION_NUMBER > 0x1010000fL - EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(kVal), - (point_conversion_form_t)kParams->ec.form); - # else diff --git a/security/libpki/files/patch-src-pki_init.c b/security/libpki/files/patch-src-pki_init.c deleted file mode 100644 index 117fb69acd93..000000000000 --- a/security/libpki/files/patch-src-pki_init.c +++ /dev/null @@ -1,13 +0,0 @@ ---- src/pki_init.c.orig 2023-06-27 08:58:28.488119000 +0200 -+++ src/pki_init.c 2023-06-27 13:17:52.664235000 +0200 -@@ -159,8 +159,10 @@ - OpenSSL_add_all_ciphers(); - OpenSSL_pthread_init(); - -+#if OPENSSL_VERSION_NUMBER < 0x30000000 - ERR_load_ERR_strings(); - ERR_load_crypto_strings(); -+#endif - - PRQP_init_all_services(); - PKI_X509_SCEP_init(); diff --git a/security/libpki/files/patch-src-pki_x509.c b/security/libpki/files/patch-src-pki_x509.c deleted file mode 100644 index d9f25c82ee0b..000000000000 --- a/security/libpki/files/patch-src-pki_x509.c +++ /dev/null @@ -1,92 +0,0 @@ ---- src/pki_x509.c.orig 2023-06-27 08:58:28.488591000 +0200 -+++ src/pki_x509.c 2023-06-27 13:17:52.661803000 +0200 -@@ -44,7 +44,11 @@ - switch (type) { - - case PKI_DATATYPE_X509_CERT : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) X509_CINF_it; -+#else - it = &X509_CINF_it; -+#endif - #if OPENSSL_VERSION_NUMBER > 0x1010000fL - p = &(((LIBPKI_X509_CERT *)v)->cert_info); - #else -@@ -53,7 +57,11 @@ - } break; - - case PKI_DATATYPE_X509_CRL : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) X509_CRL_INFO_it; -+#else - it = &X509_CRL_INFO_it; -+#endif - #if OPENSSL_VERSION_NUMBER > 0x1010000fL - p = &(((PKI_X509_CRL_VALUE *)v)->crl); - #else -@@ -62,7 +70,11 @@ - } break; - - case PKI_DATATYPE_X509_REQ : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) X509_REQ_INFO_it; -+#else - it = &X509_REQ_INFO_it; -+#endif - #if OPENSSL_VERSION_NUMBER > 0x1010000fL - p = &(((LIBPKI_X509_REQ *)v)->req_info); - #else -@@ -71,7 +83,11 @@ - } break; - - case PKI_DATATYPE_X509_OCSP_REQ : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) OCSP_REQINFO_it; -+#else - it = &OCSP_REQINFO_it; -+#endif - #if OPENSSL_VERSION_NUMBER > 0x1010000fL - p = &(((PKI_X509_OCSP_REQ_VALUE *)v)->tbsRequest); - #else -@@ -80,7 +96,11 @@ - } break; - - case PKI_DATATYPE_X509_OCSP_RESP : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) OCSP_RESPDATA_it; -+#else - it = &OCSP_RESPDATA_it; -+#endif - #if OPENSSL_VERSION_NUMBER > 0x1010000fL - p = &(((PKI_OCSP_RESP *)v)->bs->tbsResponseData); - #else -@@ -89,17 +109,29 @@ - } break; - - case PKI_DATATYPE_X509_PRQP_REQ : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) PKI_PRQP_REQ_it; -+#else - it = &PKI_PRQP_REQ_it; -+#endif - p = ((PKI_X509_PRQP_REQ_VALUE *)v)->requestData; - } break; - - case PKI_DATATYPE_X509_PRQP_RESP : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) PKI_PRQP_RESP_it; -+#else - it = &PKI_PRQP_RESP_it; -+#endif - p = ((PKI_X509_PRQP_RESP_VALUE *)v)->respData; - } break; - - case PKI_DATATYPE_X509_CMS : { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ it = (ASN1_ITEM *) CMS_ContentInfo_it; -+#else - it = &CMS_ContentInfo_it; -+#endif - p = NULL; - } -