1 files changed, 35 insertions, 0 deletions

diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch
new file mode 100644
index 000000000000..3fffe9b668eb
--- /dev/null
+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch
@@ -0,0 +1,35 @@
+Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it
+From: Jeremi Piotrowski <jeremi.piotrowski@microsoft.com>
+Origin: https://groups.io/g/sbsigntools/message/54
+
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application, but
+only if the `ASN1_ITEM_rptr()` macro is used.
+
+This change passes `make check` with both openssl 1.1 and 3.0.
+
+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
++++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+
+ 	idc->data->type = OBJ_nid2obj(peid_nid);
+ 	idc->data->value = ASN1_TYPE_new();
+-	type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
++	type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
+
+         idc->digest->alg->parameter = ASN1_TYPE_new();
+         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
+-- 
+2.25.1
+