From 91bbbda93f828542274c82abc8288af0cfbba6fe Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 21 Jun 2021 13:16:44 -0400
Subject: [PATCH] Add the backward-compatible parts of openssl3 support

---
 Fix-k5tls-module-for-OpenSSL-3.patch          |  57 ++
 ...pkcs11-build-issues-with-openssl-3.0.patch | 551 ++++++++++++++++++
 ...ecated-OpenSSL-calls-from-softpkcs11.patch | 149 +++++
 krb5.spec                                     |   8 +-
 4 files changed, 764 insertions(+), 1 deletion(-)
 create mode 100644 Fix-k5tls-module-for-OpenSSL-3.patch
 create mode 100644 Fix-softpkcs11-build-issues-with-openssl-3.0.patch
 create mode 100644 Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch

diff --git a/Fix-k5tls-module-for-OpenSSL-3.patch b/Fix-k5tls-module-for-OpenSSL-3.patch
new file mode 100644
index 0000000..fd425b8
--- /dev/null
+++ b/Fix-k5tls-module-for-OpenSSL-3.patch
@@ -0,0 +1,57 @@
+From 201e38845e9f70234bcaa9ba7c25b28e38169b0a Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Sat, 29 May 2021 12:05:49 -0400
+Subject: [PATCH] Fix k5tls module for OpenSSL 3
+
+Starting in OpenSSL 3, connection termination without a close_notify
+alert causes SSL_read() to return SSL_ERROR_SSL instead of
+SSL_ERROR_SYSCALL.  OpenSSL 3 also provides a new option
+SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
+ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
+instead.
+
+Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
+doesn't clear existing options.
+
+[ghudson@mit.edu: edited commit message and comment]
+
+(cherry picked from commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6)
+---
+ src/plugins/tls/k5tls/openssl.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
+index 76a43b3cd..99fda7ffc 100644
+--- a/src/plugins/tls/k5tls/openssl.c
++++ b/src/plugins/tls/k5tls/openssl.c
+@@ -433,7 +433,7 @@ setup(krb5_context context, SOCKET fd, const char *servername,
+       char **anchors, k5_tls_handle *handle_out)
+ {
+     int e;
+-    long options;
++    long options = SSL_OP_NO_SSLv2;
+     SSL_CTX *ctx = NULL;
+     SSL *ssl = NULL;
+     k5_tls_handle handle = NULL;
+@@ -448,8 +448,19 @@ setup(krb5_context context, SOCKET fd, const char *servername,
+     ctx = SSL_CTX_new(SSLv23_client_method());
+     if (ctx == NULL)
+         goto error;
+-    options = SSL_CTX_get_options(ctx);
+-    SSL_CTX_set_options(ctx, options | SSL_OP_NO_SSLv2);
++
++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
++    /*
++     * For OpenSSL 3 and later, mark close_notify alerts as optional.  We don't
++     * need to worry about truncation attacks because the protocols this module
++     * is used with (Kerberos and change-password) receive a single
++     * length-delimited message from the server.  For prior versions of OpenSSL
++     * we check for SSL_ERROR_SYSCALL when reading instead (this error changes
++     * to SSL_ERROR_SSL in OpenSSL 3).
++     */
++    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
++#endif
++    SSL_CTX_set_options(ctx, options);
+ 
+     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
+     X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), 0);
diff --git a/Fix-softpkcs11-build-issues-with-openssl-3.0.patch b/Fix-softpkcs11-build-issues-with-openssl-3.0.patch
new file mode 100644
index 0000000..d7a0a5c
--- /dev/null
+++ b/Fix-softpkcs11-build-issues-with-openssl-3.0.patch
@@ -0,0 +1,551 @@
+From a86b780ef275b35e8dc1e6d1886ec8e8d941f7c4 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Sat, 15 May 2021 17:35:25 -0400
+Subject: [PATCH] Fix softpkcs11 build issues with openssl 3.0
+
+EVP_PKEY_get0_RSA() has been modified to have const return type.  Remove
+its usages in favor of the EVP_PKEY interface.  Also remove calls to
+RSA_blinding_off(), which we don't need and would require a non-const
+object.  Similarly, remove RSA_set_method() calls that set a pre-existing
+default.
+
+Since softpkcs11 doesn't link against krb5 and can't use zap(), allocate
+buffers with OPENSSL_malloc() so can use OPENSSL_clear_free().
+
+Move several argument validation checks to the top of their functions.
+
+Fix some incorrect/inconsistent log messages.
+
+(cherry picked from commit 00de1aad7b3647b91017c7009b0bc65cd0c8b2e0)
+---
+ src/tests/softpkcs11/main.c | 360 ++++++++++++++----------------------
+ 1 file changed, 141 insertions(+), 219 deletions(-)
+
+diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c
+index 1cccdfb43..caa537b68 100644
+--- a/src/tests/softpkcs11/main.c
++++ b/src/tests/softpkcs11/main.c
+@@ -375,10 +375,9 @@ add_st_object(void)
+         return NULL;
+     soft_token.object.objs = objs;
+ 
+-    o = malloc(sizeof(*o));
++    o = calloc(1, sizeof(*o));
+     if (o == NULL)
+         return NULL;
+-    memset(o, 0, sizeof(*o));
+     o->attrs = NULL;
+     o->num_attributes = 0;
+     o->object_handle = soft_token.object.num_objs;
+@@ -424,7 +423,7 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
+         CK_ULONG modulus_bits = 0;
+         CK_BYTE *exponent = NULL;
+         size_t exponent_len = 0;
+-        RSA *rsa;
++        const RSA *rsa;
+         const BIGNUM *n, *e;
+ 
+         rsa = EVP_PKEY_get0_RSA(key);
+@@ -445,8 +444,6 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
+         add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
+                              exponent, exponent_len);
+ 
+-        RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
+-
+         free(modulus);
+         free(exponent);
+     }
+@@ -679,10 +676,6 @@ add_certificate(char *label,
+         } else {
+             /* XXX verify keytype */
+ 
+-            if (key_type == CKK_RSA)
+-                RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+-                               RSA_PKCS1_OpenSSL());
+-
+             if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
+                 EVP_PKEY_free(o->u.private_key.key);
+                 o->u.private_key.key = NULL;
+@@ -695,7 +688,7 @@ add_certificate(char *label,
+     }
+ 
+     ret = CKR_OK;
+- out:
++out:
+     if (ret != CKR_OK) {
+         st_logf("something went wrong when adding cert!\n");
+ 
+@@ -1224,8 +1217,6 @@ C_Login(CK_SESSION_HANDLE hSession,
+         }
+ 
+         /* XXX check keytype */
+-        RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+-                       RSA_PKCS1_OpenSSL());
+ 
+         if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
+             EVP_PKEY_free(o->u.private_key.key);
+@@ -1495,8 +1486,9 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
+     struct st_object *o;
+     void *buffer = NULL;
+     CK_RV ret;
+-    RSA *rsa;
+-    int padding, len, buffer_len, padding_len;
++    size_t buffer_len = 0;
++    int padding;
++    EVP_PKEY_CTX *ctx = NULL;
+ 
+     st_logf("Encrypt\n");
+ 
+@@ -1512,70 +1504,58 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
+         return CKR_ARGUMENTS_BAD;
+     }
+ 
+-    rsa = EVP_PKEY_get0_RSA(o->u.public_key);
+-
+-    if (rsa == NULL)
+-        return CKR_ARGUMENTS_BAD;
+-
+-    RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
+-
+-    buffer_len = RSA_size(rsa);
+-
+-    buffer = malloc(buffer_len);
+-    if (buffer == NULL) {
+-        ret = CKR_DEVICE_MEMORY;
+-        goto out;
+-    }
+-
+-    ret = CKR_OK;
+-    switch(state->encrypt_mechanism->mechanism) {
+-    case CKM_RSA_PKCS:
+-        padding = RSA_PKCS1_PADDING;
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
+-        break;
+-    case CKM_RSA_X_509:
+-        padding = RSA_NO_PADDING;
+-        padding_len = 0;
+-        break;
+-    default:
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
+-        goto out;
+-    }
+-
+-    if ((CK_ULONG)buffer_len + padding_len < ulDataLen) {
+-        ret = CKR_ARGUMENTS_BAD;
+-        goto out;
+-    }
+-
+     if (pulEncryptedDataLen == NULL) {
+         st_logf("pulEncryptedDataLen NULL\n");
+         ret = CKR_ARGUMENTS_BAD;
+         goto out;
+     }
+ 
+-    if (pData == NULL_PTR) {
++    if (pData == NULL) {
+         st_logf("data NULL\n");
+         ret = CKR_ARGUMENTS_BAD;
+         goto out;
+     }
+ 
+-    len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding);
+-    if (len <= 0) {
++    switch(state->encrypt_mechanism->mechanism) {
++    case CKM_RSA_PKCS:
++        padding = RSA_PKCS1_PADDING;
++        break;
++    case CKM_RSA_X_509:
++        padding = RSA_NO_PADDING;
++        break;
++    default:
++        ret = CKR_FUNCTION_NOT_SUPPORTED;
++        goto out;
++    }
++
++    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
++    if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
++        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
++        EVP_PKEY_encrypt(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+         ret = CKR_DEVICE_ERROR;
+         goto out;
+     }
+-    if (len > buffer_len)
+-        abort();
+ 
+-    if (pEncryptedData != NULL_PTR)
+-        memcpy(pEncryptedData, buffer, len);
+-    *pulEncryptedDataLen = len;
+-
+- out:
+-    if (buffer) {
+-        memset(buffer, 0, buffer_len);
+-        free(buffer);
++    buffer = OPENSSL_malloc(buffer_len);
++    if (buffer == NULL) {
++        ret = CKR_DEVICE_MEMORY;
++        goto out;
+     }
++
++    if (EVP_PKEY_encrypt(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
++        ret = CKR_DEVICE_ERROR;
++        goto out;
++    }
++    st_logf("Encrypt done\n");
++
++    if (pEncryptedData != NULL)
++        memcpy(pEncryptedData, buffer, buffer_len);
++    *pulEncryptedDataLen = buffer_len;
++
++    ret = CKR_OK;
++out:
++    OPENSSL_clear_free(buffer, buffer_len);
++    EVP_PKEY_CTX_free(ctx);
+     return ret;
+ }
+ 
+@@ -1646,8 +1626,9 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+     struct st_object *o;
+     void *buffer = NULL;
+     CK_RV ret;
+-    RSA *rsa;
+-    int padding, len, buffer_len, padding_len;
++    size_t buffer_len = 0;
++    int padding;
++    EVP_PKEY_CTX *ctx = NULL;
+ 
+     st_logf("Decrypt\n");
+ 
+@@ -1663,41 +1644,6 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+         return CKR_ARGUMENTS_BAD;
+     }
+ 
+-    rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
+-
+-    if (rsa == NULL)
+-        return CKR_ARGUMENTS_BAD;
+-
+-    RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
+-
+-    buffer_len = RSA_size(rsa);
+-
+-    buffer = malloc(buffer_len);
+-    if (buffer == NULL) {
+-        ret = CKR_DEVICE_MEMORY;
+-        goto out;
+-    }
+-
+-    ret = CKR_OK;
+-    switch(state->decrypt_mechanism->mechanism) {
+-    case CKM_RSA_PKCS:
+-        padding = RSA_PKCS1_PADDING;
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
+-        break;
+-    case CKM_RSA_X_509:
+-        padding = RSA_NO_PADDING;
+-        padding_len = 0;
+-        break;
+-    default:
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
+-        goto out;
+-    }
+-
+-    if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) {
+-        ret = CKR_ARGUMENTS_BAD;
+-        goto out;
+-    }
+-
+     if (pulDataLen == NULL) {
+         st_logf("pulDataLen NULL\n");
+         ret = CKR_ARGUMENTS_BAD;
+@@ -1710,24 +1656,48 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+         goto out;
+     }
+ 
+-    len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer,
+-                              rsa, padding);
+-    if (len <= 0) {
++    switch(state->decrypt_mechanism->mechanism) {
++    case CKM_RSA_PKCS:
++        padding = RSA_PKCS1_PADDING;
++        break;
++    case CKM_RSA_X_509:
++        padding = RSA_NO_PADDING;
++        break;
++    default:
++        ret = CKR_FUNCTION_NOT_SUPPORTED;
++        goto out;
++    }
++
++    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
++    if (ctx == NULL || EVP_PKEY_decrypt_init(ctx) <= 0 ||
++        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
++        EVP_PKEY_decrypt(ctx, NULL, &buffer_len, pEncryptedData,
++                         ulEncryptedDataLen) <= 0) {
+         ret = CKR_DEVICE_ERROR;
+         goto out;
+     }
+-    if (len > buffer_len)
+-        abort();
++
++    buffer = OPENSSL_malloc(buffer_len);
++    if (buffer == NULL) {
++        ret = CKR_DEVICE_MEMORY;
++        goto out;
++    }
++
++    if (EVP_PKEY_decrypt(ctx, buffer, &buffer_len, pEncryptedData,
++                         ulEncryptedDataLen) <= 0) {
++        ret = CKR_DEVICE_ERROR;
++        goto out;
++    }
++    st_logf("Decrypt done\n");
+ 
+     if (pData != NULL_PTR)
+-        memcpy(pData, buffer, len);
+-    *pulDataLen = len;
++        memcpy(pData, buffer, buffer_len);
++    *pulDataLen = buffer_len;
+ 
+- out:
+-    if (buffer) {
+-        memset(buffer, 0, buffer_len);
+-        free(buffer);
+-    }
++    ret = CKR_OK;
++out:
++    OPENSSL_clear_free(buffer, buffer_len);
++    EVP_PKEY_CTX_free(ctx);
+     return ret;
+ }
+ 
+@@ -1806,8 +1776,9 @@ C_Sign(CK_SESSION_HANDLE hSession,
+     struct st_object *o;
+     void *buffer = NULL;
+     CK_RV ret;
+-    RSA *rsa;
+-    int padding, len, buffer_len, padding_len;
++    int padding;
++    size_t buffer_len = 0;
++    EVP_PKEY_CTX *ctx = NULL;
+ 
+     st_logf("Sign\n");
+     VERIFY_SESSION_HANDLE(hSession, &state);
+@@ -1822,40 +1793,6 @@ C_Sign(CK_SESSION_HANDLE hSession,
+         return CKR_ARGUMENTS_BAD;
+     }
+ 
+-    rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
+-
+-    if (rsa == NULL)
+-        return CKR_ARGUMENTS_BAD;
+-
+-    RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
+-
+-    buffer_len = RSA_size(rsa);
+-
+-    buffer = malloc(buffer_len);
+-    if (buffer == NULL) {
+-        ret = CKR_DEVICE_MEMORY;
+-        goto out;
+-    }
+-
+-    switch(state->sign_mechanism->mechanism) {
+-    case CKM_RSA_PKCS:
+-        padding = RSA_PKCS1_PADDING;
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
+-        break;
+-    case CKM_RSA_X_509:
+-        padding = RSA_NO_PADDING;
+-        padding_len = 0;
+-        break;
+-    default:
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
+-        goto out;
+-    }
+-
+-    if ((CK_ULONG)buffer_len < ulDataLen + padding_len) {
+-        ret = CKR_ARGUMENTS_BAD;
+-        goto out;
+-    }
+-
+     if (pulSignatureLen == NULL) {
+         st_logf("signature len NULL\n");
+         ret = CKR_ARGUMENTS_BAD;
+@@ -1868,26 +1805,46 @@ C_Sign(CK_SESSION_HANDLE hSession,
+         goto out;
+     }
+ 
+-    len = RSA_private_encrypt(ulDataLen, pData, buffer, rsa, padding);
+-    st_logf("private encrypt done\n");
+-    if (len <= 0) {
++    switch(state->sign_mechanism->mechanism) {
++    case CKM_RSA_PKCS:
++        padding = RSA_PKCS1_PADDING;
++        break;
++    case CKM_RSA_X_509:
++        padding = RSA_NO_PADDING;
++        break;
++    default:
++        ret = CKR_FUNCTION_NOT_SUPPORTED;
++        goto out;
++    }
++
++    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
++    if (ctx == NULL || EVP_PKEY_sign_init(ctx) <= 0 ||
++        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
++        EVP_PKEY_sign(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+         ret = CKR_DEVICE_ERROR;
+         goto out;
+     }
+-    if (len > buffer_len)
+-        abort();
+ 
+-    if (pSignature != NULL_PTR)
+-        memcpy(pSignature, buffer, len);
+-    *pulSignatureLen = len;
++    buffer = OPENSSL_malloc(buffer_len);
++    if (buffer == NULL) {
++        ret = CKR_DEVICE_MEMORY;
++        goto out;
++    }
++
++    if (EVP_PKEY_sign(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
++        ret = CKR_DEVICE_ERROR;
++        goto out;
++    }
++    st_logf("Sign done\n");
++
++    if (pSignature != NULL)
++        memcpy(pSignature, buffer, buffer_len);
++    *pulSignatureLen = buffer_len;
+ 
+     ret = CKR_OK;
+-
+- out:
+-    if (buffer) {
+-        memset(buffer, 0, buffer_len);
+-        free(buffer);
+-    }
++out:
++    OPENSSL_clear_free(buffer, buffer_len);
++    EVP_PKEY_CTX_free(ctx);
+     return ret;
+ }
+ 
+@@ -1951,10 +1908,9 @@ C_Verify(CK_SESSION_HANDLE hSession,
+ {
+     struct session_state *state;
+     struct st_object *o;
+-    void *buffer = NULL;
+     CK_RV ret;
+-    RSA *rsa;
+-    int padding, len, buffer_len;
++    int padding;
++    EVP_PKEY_CTX *ctx = NULL;
+ 
+     st_logf("Verify\n");
+     VERIFY_SESSION_HANDLE(hSession, &state);
+@@ -1969,39 +1925,6 @@ C_Verify(CK_SESSION_HANDLE hSession,
+         return CKR_ARGUMENTS_BAD;
+     }
+ 
+-    rsa = EVP_PKEY_get0_RSA(o->u.public_key);
+-
+-    if (rsa == NULL)
+-        return CKR_ARGUMENTS_BAD;
+-
+-    RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */
+-
+-    buffer_len = RSA_size(rsa);
+-
+-    buffer = malloc(buffer_len);
+-    if (buffer == NULL) {
+-        ret = CKR_DEVICE_MEMORY;
+-        goto out;
+-    }
+-
+-    ret = CKR_OK;
+-    switch(state->verify_mechanism->mechanism) {
+-    case CKM_RSA_PKCS:
+-        padding = RSA_PKCS1_PADDING;
+-        break;
+-    case CKM_RSA_X_509:
+-        padding = RSA_NO_PADDING;
+-        break;
+-    default:
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
+-        goto out;
+-    }
+-
+-    if ((CK_ULONG)buffer_len < ulDataLen) {
+-        ret = CKR_ARGUMENTS_BAD;
+-        goto out;
+-    }
+-
+     if (pSignature == NULL) {
+         st_logf("signature NULL\n");
+         ret = CKR_ARGUMENTS_BAD;
+@@ -2014,34 +1937,34 @@ C_Verify(CK_SESSION_HANDLE hSession,
+         goto out;
+     }
+ 
+-    len = RSA_public_decrypt(ulDataLen, pData, buffer, rsa, padding);
+-    st_logf("private encrypt done\n");
+-    if (len <= 0) {
++    switch(state->verify_mechanism->mechanism) {
++    case CKM_RSA_PKCS:
++        padding = RSA_PKCS1_PADDING;
++        break;
++    case CKM_RSA_X_509:
++        padding = RSA_NO_PADDING;
++        break;
++    default:
++        ret = CKR_FUNCTION_NOT_SUPPORTED;
++        goto out;
++    }
++
++    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
++    if (ctx == NULL || EVP_PKEY_verify_init(ctx) <= 0 ||
++        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
++        EVP_PKEY_verify(ctx, pSignature, ulSignatureLen, pData,
++                        ulDataLen) <= 0) {
+         ret = CKR_DEVICE_ERROR;
+         goto out;
+     }
+-    if (len > buffer_len)
+-        abort();
++    st_logf("Verify done\n");
+ 
+-    if ((CK_ULONG)len != ulSignatureLen) {
+-        ret = CKR_GENERAL_ERROR;
+-        goto out;
+-    }
+-
+-    if (memcmp(pSignature, buffer, len) != 0) {
+-        ret = CKR_GENERAL_ERROR;
+-        goto out;
+-    }
+-
+- out:
+-    if (buffer) {
+-        memset(buffer, 0, buffer_len);
+-        free(buffer);
+-    }
++    ret = CKR_OK;
++out:
++    EVP_PKEY_CTX_free(ctx);
+     return ret;
+ }
+ 
+-
+ CK_RV
+ C_VerifyUpdate(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pPart,
+@@ -2072,7 +1995,6 @@ C_GenerateRandom(CK_SESSION_HANDLE hSession,
+     return CKR_FUNCTION_NOT_SUPPORTED;
+ }
+ 
+-
+ CK_FUNCTION_LIST funcs = {
+     { 2, 11 },
+     C_Initialize,
diff --git a/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch b/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch
new file mode 100644
index 0000000..23f21a5
--- /dev/null
+++ b/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch
@@ -0,0 +1,149 @@
+From 5072bfdfaddae762680d0f9d97afa6dbf8274760 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Sat, 15 May 2021 18:04:58 -0400
+Subject: [PATCH] Remove deprecated OpenSSL calls from softpkcs11
+
+Rewrite add_pubkey_info() in terms of the EVP_PKEY interface.  In this
+process, fix its unchecked allocations and fail fast for non-RSA keys.
+
+(cherry picked from commit d6bf42279675100e3e4fe7c6e08eef74d49624cb)
+---
+ src/configure.ac            |   1 +
+ src/tests/softpkcs11/main.c | 106 ++++++++++++++++++++++++------------
+ 2 files changed, 72 insertions(+), 35 deletions(-)
+
+diff --git a/src/configure.ac b/src/configure.ac
+index ea708491b..477819091 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -1118,6 +1118,7 @@ int i = 1;
+ ])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)])
+   old_LIBS="$LIBS"
+   AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
++  AC_CHECK_FUNCS(EVP_PKEY_get_bn_param)
+   LIBS="$old_LIBS"
+ fi
+ if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
+diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c
+index caa537b68..86b4ef711 100644
+--- a/src/tests/softpkcs11/main.c
++++ b/src/tests/softpkcs11/main.c
+@@ -413,47 +413,83 @@ add_object_attribute(struct st_object *o,
+     return CKR_OK;
+ }
+ 
++#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
++
++/* Declare owner pointers since EVP_PKEY_get_bn_param() gives us copies. */
++#define DECLARE_BIGNUM(name) BIGNUM *name = NULL
++#define RELEASE_BIGNUM(bn) BN_clear_free(bn)
+ static CK_RV
+-add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
++get_bignums(EVP_PKEY *key, BIGNUM **n, BIGNUM **e)
+ {
+-    switch (key_type) {
+-    case CKK_RSA: {
+-        CK_BYTE *modulus = NULL;
+-        size_t modulus_len = 0;
+-        CK_ULONG modulus_bits = 0;
+-        CK_BYTE *exponent = NULL;
+-        size_t exponent_len = 0;
+-        const RSA *rsa;
+-        const BIGNUM *n, *e;
++    if (EVP_PKEY_get_bn_param(key, "n", n) == 0 ||
++        EVP_PKEY_get_bn_param(key, "e", e) == 0)
++        return CKR_DEVICE_ERROR;
+ 
+-        rsa = EVP_PKEY_get0_RSA(key);
+-        RSA_get0_key(rsa, &n, &e, NULL);
+-        modulus_bits = BN_num_bits(n);
+-
+-        modulus_len = BN_num_bytes(n);
+-        modulus = malloc(modulus_len);
+-        BN_bn2bin(n, modulus);
+-
+-        exponent_len = BN_num_bytes(e);
+-        exponent = malloc(exponent_len);
+-        BN_bn2bin(e, exponent);
+-
+-        add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
+-        add_object_attribute(o, 0, CKA_MODULUS_BITS,
+-                             &modulus_bits, sizeof(modulus_bits));
+-        add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
+-                             exponent, exponent_len);
+-
+-        free(modulus);
+-        free(exponent);
+-    }
+-    default:
+-        /* XXX */
+-        break;
+-    }
+     return CKR_OK;
+ }
+ 
++#else
++
++/* Declare const pointers since the old API gives us aliases. */
++#define DECLARE_BIGNUM(name) const BIGNUM *name
++#define RELEASE_BIGNUM(bn)
++static CK_RV
++get_bignums(EVP_PKEY *key, const BIGNUM **n, const BIGNUM **e)
++{
++    const RSA *rsa;
++
++    rsa = EVP_PKEY_get0_RSA(key);
++    RSA_get0_key(rsa, n, e, NULL);
++
++    return CKR_OK;
++}
++
++#endif
++
++static CK_RV
++add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
++{
++    CK_BYTE *modulus = NULL, *exponent = 0;
++    size_t modulus_len = 0, exponent_len = 0;
++    CK_ULONG modulus_bits = 0;
++    CK_RV ret;
++    DECLARE_BIGNUM(n);
++    DECLARE_BIGNUM(e);
++
++    if (key_type != CKK_RSA)
++        abort();
++
++    ret = get_bignums(key, &n, &e);
++    if (ret != CKR_OK)
++        goto done;
++
++    modulus_bits = BN_num_bits(n);
++    modulus_len = BN_num_bytes(n);
++    exponent_len = BN_num_bytes(e);
++
++    modulus = malloc(modulus_len);
++    exponent = malloc(exponent_len);
++    if (modulus == NULL || exponent == NULL) {
++        ret = CKR_DEVICE_MEMORY;
++        goto done;
++    }
++
++    BN_bn2bin(n, modulus);
++    BN_bn2bin(e, exponent);
++
++    add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
++    add_object_attribute(o, 0, CKA_MODULUS_BITS, &modulus_bits,
++                         sizeof(modulus_bits));
++    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, exponent, exponent_len);
++
++    ret = CKR_OK;
++done:
++    free(modulus);
++    free(exponent);
++    RELEASE_BIGNUM(n);
++    RELEASE_BIGNUM(e);
++    return ret;
++}
+ 
+ static int
+ pem_callback(char *buf, int num, int w, void *key)
diff --git a/krb5.spec b/krb5.spec
index 25d282e..6d2a5cb 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -42,7 +42,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.19.1
-Release: %{?zdpd}10%{?dist}
+Release: %{?zdpd}11%{?dist}
 
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@@ -83,6 +83,9 @@ Patch17: Move-some-dejagnu-kadmin-tests-to-Python-tests.patch
 Patch18: Fix-some-principal-realm-canonicalization-cases.patch
 Patch19: Allow-kinit-with-keytab-to-defer-canonicalization.patch
 Patch20: Fix-kadmin-k-with-fallback-or-referral-realm.patch
+Patch21: Fix-softpkcs11-build-issues-with-openssl-3.0.patch
+Patch22: Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch
+Patch23: Fix-k5tls-module-for-OpenSSL-3.patch
 
 License: MIT
 URL: https://web.mit.edu/kerberos/www/
@@ -645,6 +648,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 
 %changelog
+* Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-11
+- Add the backward-compatible parts of openssl3 support
+
 * Wed Jun 09 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-10
 - Fix three canonicalization cases for fallback