Sync openssl3 patches with upstream

Resolves: #1955873
2021-06-21 13:24:29 -04:00 · 2021-06-21 13:24:29 -04:00 · e7aeea399f
commit e7aeea399f
parent 8855babfbf
18 changed files with 353 additions and 277 deletions
--- a/Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch
+++ b/Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch
@ -1,4 +1,4 @@
-From baf60dbdeceb3cad35cad7d9930782f94b6c8221 Mon Sep 17 00:00:00 2001
+From 2ff2d98511cd86d0dba9500367a6ab0f6ee0d5fb Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Thu, 11 Feb 2021 15:33:10 +0100
 Subject: [PATCH] Add KCM_OP_GET_CRED_LIST for faster iteration
--- a/Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch
+++ b/Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch
@ -1,4 +1,4 @@
-From c76a5a01a70733c972627df0bdaa2757d323315c Mon Sep 17 00:00:00 2001
+From 2f039fc910022c9569fe6941a194f0b26bd6c894 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 20 Sep 2019 16:11:29 -0400
 Subject: [PATCH] Add buildsystem detection of the OpenSSL-3 KDF interface
--- a/Allow-kinit-with-keytab-to-defer-canonicalization.patch
+++ b/Allow-kinit-with-keytab-to-defer-canonicalization.patch
@ -1,4 +1,4 @@
-From 1bc00e294cddd2061012c50d78eaf65ae06146bb Mon Sep 17 00:00:00 2001
+From cef07ebf97be9ed7aac4e2cecd96b82e6c030b96 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 3 Jun 2021 16:03:07 -0400
 Subject: [PATCH] Allow kinit with keytab to defer canonicalization
--- a/Fix-KCM-flag-transmission-for-remove_cred.patch
+++ b/Fix-KCM-flag-transmission-for-remove_cred.patch
@ -1,4 +1,4 @@
-From ddbb295dee2adcc6cec26944974420bba188f191 Mon Sep 17 00:00:00 2001
+From d324514a8bee6d267555917f960560c3091dc137 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 29 Mar 2021 14:32:56 -0400
 Subject: [PATCH] Fix KCM flag transmission for remove_cred
--- a/Fix-KCM-retrieval-support-for-sssd.patch
+++ b/Fix-KCM-retrieval-support-for-sssd.patch
@ -1,4 +1,4 @@
-From 6a00fd149edd017ece894566771e2e9d4ba089f4 Mon Sep 17 00:00:00 2001
+From 63474541158d74bfd9133d4952fcad6d1d8bc7ad Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Tue, 11 May 2021 14:04:07 -0400
 Subject: [PATCH] Fix KCM retrieval support for sssd
--- a/Fix-k5tls-module-for-OpenSSL-3.patch
+++ b/Fix-k5tls-module-for-OpenSSL-3.patch
@ -0,0 +1,58 @@
 From 51938a8b731740299fe47d132b8840edba4141bc Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Sat, 29 May 2021 12:05:49 -0400
 Subject: [PATCH] Fix k5tls module for OpenSSL 3
 Starting in OpenSSL 3, connection termination without a close_notify
 alert causes SSL_read() to return SSL_ERROR_SSL instead of
 SSL_ERROR_SYSCALL.  OpenSSL 3 also provides a new option
 SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
 ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
 instead.
 Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
 doesn't clear existing options.
 [ghudson@mit.edu: edited commit message and comment]
 (cherry picked from commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6)
 (cherry picked from commit 201e38845e9f70234bcaa9ba7c25b28e38169b0a)
 ---
 src/plugins/tls/k5tls/openssl.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)
 diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
 index 76a43b3cd..99fda7ffc 100644
 --- a/src/plugins/tls/k5tls/openssl.c
 +++ b/src/plugins/tls/k5tls/openssl.c
@@ -433,7 +433,7 @@ setup(krb5_context context, SOCKET fd, const char *servername,
       char **anchors, k5_tls_handle *handle_out)
 {
     int e;
 -    long options;
 +    long options = SSL_OP_NO_SSLv2;
     SSL_CTX *ctx = NULL;
     SSL *ssl = NULL;
     k5_tls_handle handle = NULL;
@@ -448,8 +448,19 @@ setup(krb5_context context, SOCKET fd, const char *servername,
     ctx = SSL_CTX_new(SSLv23_client_method());
     if (ctx == NULL)
         goto error;
 -    options = SSL_CTX_get_options(ctx);
 -    SSL_CTX_set_options(ctx, options | SSL_OP_NO_SSLv2);
 +
 +#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
 +    /*
 +     * For OpenSSL 3 and later, mark close_notify alerts as optional.  We don't
 +     * need to worry about truncation attacks because the protocols this module
 +     * is used with (Kerberos and change-password) receive a single
 +     * length-delimited message from the server.  For prior versions of OpenSSL
 +     * we check for SSL_ERROR_SYSCALL when reading instead (this error changes
 +     * to SSL_ERROR_SSL in OpenSSL 3).
 +     */
 +    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
 +#endif
 +    SSL_CTX_set_options(ctx, options);
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
     X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), 0);
--- a/Fix-kadmin-k-with-fallback-or-referral-realm.patch
+++ b/Fix-kadmin-k-with-fallback-or-referral-realm.patch
@ -1,4 +1,4 @@
-From da276b30dacda8a96a98213e8293f484e8f4ae21 Mon Sep 17 00:00:00 2001
+From bebfa3616a34b58a4e29501412c7f5b8b2d56716 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 7 Jun 2021 15:00:41 -0400
 Subject: [PATCH] Fix kadmin -k with fallback or referral realm
--- a/Fix-softpkcs11-build-issues-with-openssl-3.0.patch
+++ b/Fix-softpkcs11-build-issues-with-openssl-3.0.patch
@ -1,4 +1,4 @@
-From 637773266d74864118d4ae4c6ca2c7f836b400cd Mon Sep 17 00:00:00 2001
+From f85a818fe1a7438db7e1ea579818da67e0be017d Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Sat, 15 May 2021 17:35:25 -0400
 Subject: [PATCH] Fix softpkcs11 build issues with openssl 3.0
@ -6,22 +6,24 @@ Subject: [PATCH] Fix softpkcs11 build issues with openssl 3.0
 EVP_PKEY_get0_RSA() has been modified to have const return type.  Remove
 its usages in favor of the EVP_PKEY interface.  Also remove calls to
 RSA_blinding_off(), which we don't need and would require a non-const
-object.
+object.  Similarly, remove RSA_set_method() calls that set a pre-existing
 default.
 Since softpkcs11 doesn't link against krb5 and can't use zap(), allocate
 buffers with OPENSSL_malloc() so can use OPENSSL_clear_free().
 Move several argument validation checks to the top of their functions.
-Fix an incorrect log message (public vs. private key encryption).
+Fix some incorrect/inconsistent log messages.
-(cherry picked from commit 8a0a2ab0296835380aede3bc190b7d10e2b162aa)
+(cherry picked from commit 00de1aad7b3647b91017c7009b0bc65cd0c8b2e0)
 (cherry picked from commit a86b780ef275b35e8dc1e6d1886ec8e8d941f7c4)
 ---
- src/tests/softpkcs11/main.c | 306 +++++++++++++++---------------------
+ src/tests/softpkcs11/main.c | 360 ++++++++++++++----------------------
- 1 file changed, 128 insertions(+), 178 deletions(-)
+ 1 file changed, 141 insertions(+), 219 deletions(-)
 diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c
-index 1cccdfb43..500e3093d 100644
+index 1cccdfb43..caa537b68 100644
 --- a/src/tests/softpkcs11/main.c
 +++ b/src/tests/softpkcs11/main.c
@@ -375,10 +375,9 @@ add_st_object(void)
@ -89,13 +91,13 @@ index 1cccdfb43..500e3093d 100644
     CK_RV ret;
 -    RSA *rsa;
 -    int padding, len, buffer_len, padding_len;
-+    size_t buffer_len;
+    size_t buffer_len = 0;
-+    int padding, padding_len;
+    int padding;
 +    EVP_PKEY_CTX *ctx = NULL;
     st_logf("Encrypt\n");
-@@ -1512,22 +1504,18 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
+@@ -1512,70 +1504,58 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
         return CKR_ARGUMENTS_BAD;
     }
@ -111,98 +113,110 @@ index 1cccdfb43..500e3093d 100644
 -    buffer = malloc(buffer_len);
 -    if (buffer == NULL) {
 -        ret = CKR_DEVICE_MEMORY;
-+    if (pulEncryptedDataLen == NULL) {
+-        goto out;
-+        st_logf("pulEncryptedDataLen NULL\n");
+-    }
-+        ret = CKR_ARGUMENTS_BAD;
+-
 +        goto out;
 +    }
 +
 +    if (pData == NULL) {
 +        st_logf("data NULL\n");
 +        ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    ret = CKR_OK;
-     switch(state->encrypt_mechanism->mechanism) {
+-    switch(state->encrypt_mechanism->mechanism) {
-     case CKM_RSA_PKCS:
+-    case CKM_RSA_PKCS:
-         padding = RSA_PKCS1_PADDING;
+-        padding = RSA_PKCS1_PADDING;
-@@ -1542,40 +1530,41 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
-         goto out;
+-        break;
-     }
+-    case CKM_RSA_X_509:
- 
+-        padding = RSA_NO_PADDING;
-+    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
+-        padding_len = 0;
-+    if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
+-        break;
-+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+-    default:
-+        EVP_PKEY_encrypt(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
-+        ret = CKR_DEVICE_ERROR;
+-        goto out;
-+        goto out;
+-    }
-+    }
+-
-+
+-    if ((CK_ULONG)buffer_len + padding_len < ulDataLen) {
     if ((CK_ULONG)buffer_len + padding_len < ulDataLen) {
         ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    if (pulEncryptedDataLen == NULL) {
 -        st_logf("pulEncryptedDataLen NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 +    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
         goto out;
     }
 -    if (pData == NULL_PTR) {
 -        st_logf("data NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 -        goto out;
 -    }
 -
     if (pulEncryptedDataLen == NULL) {
         st_logf("pulEncryptedDataLen NULL\n");
         ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    if (pData == NULL_PTR) {
 +    if (pData == NULL) {
         st_logf("data NULL\n");
         ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding);
 -    if (len <= 0) {
-+    if (EVP_PKEY_encrypt(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
+    switch(state->encrypt_mechanism->mechanism) {
 +    case CKM_RSA_PKCS:
 +        padding = RSA_PKCS1_PADDING;
 +        break;
 +    case CKM_RSA_X_509:
 +        padding = RSA_NO_PADDING;
 +        break;
 +    default:
 +        ret = CKR_FUNCTION_NOT_SUPPORTED;
 +        goto out;
 +    }
 +
 +    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
 +    if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
 +        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
 +        EVP_PKEY_encrypt(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
         ret = CKR_DEVICE_ERROR;
         goto out;
     }
 -    if (len > buffer_len)
 -        abort();
 +    st_logf("Encrypt done\n");
 -    if (pEncryptedData != NULL_PTR)
 -        memcpy(pEncryptedData, buffer, len);
 -    *pulEncryptedDataLen = len;
-+    if (pEncryptedData != NULL)
+-
 +        memcpy(pEncryptedData, buffer, buffer_len);
 +    *pulEncryptedDataLen = buffer_len;
 - out:
 -    if (buffer) {
 -        memset(buffer, 0, buffer_len);
 -        free(buffer);
-    }
+    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
 +        goto out;
     }
 +
 +    if (EVP_PKEY_encrypt(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
 +        ret = CKR_DEVICE_ERROR;
 +        goto out;
 +    }
 +    st_logf("Encrypt done\n");
 +
 +    if (pEncryptedData != NULL)
 +        memcpy(pEncryptedData, buffer, buffer_len);
 +    *pulEncryptedDataLen = buffer_len;
 +
 +    ret = CKR_OK;
 +out:
-+    if (buffer != NULL)
+    OPENSSL_clear_free(buffer, buffer_len);
-+        OPENSSL_clear_free(buffer, buffer_len);
+    EVP_PKEY_CTX_free(ctx);
 +    if (ctx != NULL)
 +        EVP_PKEY_CTX_free(ctx);
     return ret;
 }
-@@ -1646,8 +1635,9 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+@@ -1646,8 +1626,9 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
     struct st_object *o;
     void *buffer = NULL;
     CK_RV ret;
 -    RSA *rsa;
 -    int padding, len, buffer_len, padding_len;
-+    size_t buffer_len;
+    size_t buffer_len = 0;
-+    int padding, padding_len;
+    int padding;
 +    EVP_PKEY_CTX *ctx = NULL;
     st_logf("Decrypt\n");
-@@ -1663,22 +1653,18 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+@@ -1663,41 +1644,6 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
         return CKR_ARGUMENTS_BAD;
     }
@ -218,65 +232,73 @@ index 1cccdfb43..500e3093d 100644
 -    buffer = malloc(buffer_len);
 -    if (buffer == NULL) {
 -        ret = CKR_DEVICE_MEMORY;
-+    if (pulDataLen == NULL) {
+-        goto out;
-+        st_logf("pulDataLen NULL\n");
+-    }
-+        ret = CKR_ARGUMENTS_BAD;
+-
 +        goto out;
 +    }
 +
 +    if (pEncryptedData == NULL_PTR) {
 +        st_logf("data NULL\n");
 +        ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    ret = CKR_OK;
-     switch(state->decrypt_mechanism->mechanism) {
+-    switch(state->decrypt_mechanism->mechanism) {
-     case CKM_RSA_PKCS:
+-    case CKM_RSA_PKCS:
-         padding = RSA_PKCS1_PADDING;
+-        padding = RSA_PKCS1_PADDING;
-@@ -1693,41 +1679,43 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
-         goto out;
+-        break;
-     }
+-    case CKM_RSA_X_509:
- 
+-        padding = RSA_NO_PADDING;
-+    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
+-        padding_len = 0;
-+    if (ctx == NULL || EVP_PKEY_decrypt_init(ctx) <= 0 ||
+-        break;
-+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+-    default:
-+        EVP_PKEY_decrypt(ctx, NULL, &buffer_len, pEncryptedData,
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
-+                         ulEncryptedDataLen) <= 0) {
+-        goto out;
-+        ret = CKR_DEVICE_ERROR;
+-    }
-+        goto out;
+-
-+    }
+-    if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) {
 +
     if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) {
         ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    if (pulDataLen == NULL) {
 -        st_logf("pulDataLen NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 +    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
         goto out;
     }
 -    if (pEncryptedData == NULL_PTR) {
 -        st_logf("data NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 -        goto out;
 -    }
 -
     if (pulDataLen == NULL) {
         st_logf("pulDataLen NULL\n");
         ret = CKR_ARGUMENTS_BAD;
@@ -1710,24 +1656,48 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
         goto out;
     }
 -    len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer,
 -                              rsa, padding);
 -    if (len <= 0) {
-+    if (EVP_PKEY_decrypt(ctx, buffer, &buffer_len, pEncryptedData,
+    switch(state->decrypt_mechanism->mechanism) {
 +    case CKM_RSA_PKCS:
 +        padding = RSA_PKCS1_PADDING;
 +        break;
 +    case CKM_RSA_X_509:
 +        padding = RSA_NO_PADDING;
 +        break;
 +    default:
 +        ret = CKR_FUNCTION_NOT_SUPPORTED;
 +        goto out;
 +    }
 +
 +    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
 +    if (ctx == NULL || EVP_PKEY_decrypt_init(ctx) <= 0 ||
 +        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
 +        EVP_PKEY_decrypt(ctx, NULL, &buffer_len, pEncryptedData,
 +                         ulEncryptedDataLen) <= 0) {
         ret = CKR_DEVICE_ERROR;
         goto out;
     }
 -    if (len > buffer_len)
 -        abort();
 +
 +    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
 +        goto out;
 +    }
 +
 +    if (EVP_PKEY_decrypt(ctx, buffer, &buffer_len, pEncryptedData,
 +                         ulEncryptedDataLen) <= 0) {
 +        ret = CKR_DEVICE_ERROR;
 +        goto out;
 +    }
 +    st_logf("Decrypt done\n");
     if (pData != NULL_PTR)
@ -292,36 +314,29 @@ index 1cccdfb43..500e3093d 100644
 -    }
 +    ret = CKR_OK;
 +out:
-+    if (buffer != NULL)
+    OPENSSL_clear_free(buffer, buffer_len);
-+        OPENSSL_clear_free(buffer, buffer_len);
+    EVP_PKEY_CTX_free(ctx);
 +    if (ctx != NULL)
 +        EVP_PKEY_CTX_free(ctx);
     return ret;
 }
-@@ -1806,8 +1794,9 @@ C_Sign(CK_SESSION_HANDLE hSession,
+@@ -1806,8 +1776,9 @@ C_Sign(CK_SESSION_HANDLE hSession,
     struct st_object *o;
     void *buffer = NULL;
     CK_RV ret;
 -    RSA *rsa;
 -    int padding, len, buffer_len, padding_len;
-+    int padding, padding_len;
+    int padding;
-+    size_t buffer_len;
+    size_t buffer_len = 0;
 +    EVP_PKEY_CTX *ctx = NULL;
     st_logf("Sign\n");
     VERIFY_SESSION_HANDLE(hSession, &state);
-@@ -1822,18 +1811,15 @@ C_Sign(CK_SESSION_HANDLE hSession,
+@@ -1822,40 +1793,6 @@ C_Sign(CK_SESSION_HANDLE hSession,
         return CKR_ARGUMENTS_BAD;
     }
 -    rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
-+    if (pulSignatureLen == NULL) {
+-
 +        st_logf("signature len NULL\n");
 +        ret = CKR_ARGUMENTS_BAD;
 +        goto out;
 +    }
 -    if (rsa == NULL)
 -        return CKR_ARGUMENTS_BAD;
 -
@ -332,58 +347,75 @@ index 1cccdfb43..500e3093d 100644
 -    buffer = malloc(buffer_len);
 -    if (buffer == NULL) {
 -        ret = CKR_DEVICE_MEMORY;
-+    if (pData == NULL_PTR) {
+-        goto out;
-+        st_logf("data NULL\n");
+-    }
-+        ret = CKR_ARGUMENTS_BAD;
+-
-         goto out;
+-    switch(state->sign_mechanism->mechanism) {
-     }
+-    case CKM_RSA_PKCS:
- 
+-        padding = RSA_PKCS1_PADDING;
-@@ -1851,43 +1837,41 @@ C_Sign(CK_SESSION_HANDLE hSession,
+-        padding_len = RSA_PKCS1_PADDING_SIZE;
-         goto out;
+-        break;
-     }
+-    case CKM_RSA_X_509:
- 
+-        padding = RSA_NO_PADDING;
-+    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
+-        padding_len = 0;
-+    if (ctx == NULL || EVP_PKEY_sign_init(ctx) <= 0 ||
+-        break;
-+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+-    default:
-+        EVP_PKEY_sign(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+-        ret = CKR_FUNCTION_NOT_SUPPORTED;
-+        ret = CKR_DEVICE_ERROR;
+-        goto out;
-+        goto out;
+-    }
-+    }
+-
-+
+-    if ((CK_ULONG)buffer_len < ulDataLen + padding_len) {
     if ((CK_ULONG)buffer_len < ulDataLen + padding_len) {
         ret = CKR_ARGUMENTS_BAD;
         goto out;
     }
 -    if (pulSignatureLen == NULL) {
 -        st_logf("signature len NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 +    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
         goto out;
     }
 -    if (pData == NULL_PTR) {
 -        st_logf("data NULL\n");
 -        ret = CKR_ARGUMENTS_BAD;
 -        goto out;
 -    }
 -
     if (pulSignatureLen == NULL) {
         st_logf("signature len NULL\n");
         ret = CKR_ARGUMENTS_BAD;
@@ -1868,26 +1805,46 @@ C_Sign(CK_SESSION_HANDLE hSession,
         goto out;
     }
 -    len = RSA_private_encrypt(ulDataLen, pData, buffer, rsa, padding);
 -    st_logf("private encrypt done\n");
 -    if (len <= 0) {
-+    if (EVP_PKEY_sign(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
+    switch(state->sign_mechanism->mechanism) {
 +    case CKM_RSA_PKCS:
 +        padding = RSA_PKCS1_PADDING;
 +        break;
 +    case CKM_RSA_X_509:
 +        padding = RSA_NO_PADDING;
 +        break;
 +    default:
 +        ret = CKR_FUNCTION_NOT_SUPPORTED;
 +        goto out;
 +    }
 +
 +    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
 +    if (ctx == NULL || EVP_PKEY_sign_init(ctx) <= 0 ||
 +        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
 +        EVP_PKEY_sign(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
         ret = CKR_DEVICE_ERROR;
         goto out;
     }
 -    if (len > buffer_len)
 -        abort();
 +    st_logf("Sign done\n");
 -    if (pSignature != NULL_PTR)
 -        memcpy(pSignature, buffer, len);
 -    *pulSignatureLen = len;
 +    buffer = OPENSSL_malloc(buffer_len);
 +    if (buffer == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
 +        goto out;
 +    }
 +
 +    if (EVP_PKEY_sign(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
 +        ret = CKR_DEVICE_ERROR;
 +        goto out;
 +    }
 +    st_logf("Sign done\n");
 +
 +    if (pSignature != NULL)
 +        memcpy(pSignature, buffer, buffer_len);
 +    *pulSignatureLen = buffer_len;
@ -396,14 +428,12 @@ index 1cccdfb43..500e3093d 100644
 -        free(buffer);
 -    }
 +out:
-+    if (buffer != NULL)
+    OPENSSL_clear_free(buffer, buffer_len);
-+        OPENSSL_clear_free(buffer, buffer_len);
+    EVP_PKEY_CTX_free(ctx);
 +    if (ctx != NULL)
 +        EVP_PKEY_CTX_free(ctx);
     return ret;
 }
-@@ -1951,10 +1935,9 @@ C_Verify(CK_SESSION_HANDLE hSession,
+@@ -1951,10 +1908,9 @@ C_Verify(CK_SESSION_HANDLE hSession,
 {
     struct session_state *state;
     struct st_object *o;
@ -416,7 +446,7 @@ index 1cccdfb43..500e3093d 100644
     st_logf("Verify\n");
     VERIFY_SESSION_HANDLE(hSession, &state);
-@@ -1969,39 +1952,6 @@ C_Verify(CK_SESSION_HANDLE hSession,
+@@ -1969,39 +1925,6 @@ C_Verify(CK_SESSION_HANDLE hSession,
         return CKR_ARGUMENTS_BAD;
     }
@ -456,7 +486,7 @@ index 1cccdfb43..500e3093d 100644
     if (pSignature == NULL) {
         st_logf("signature NULL\n");
         ret = CKR_ARGUMENTS_BAD;
-@@ -2014,34 +1964,35 @@ C_Verify(CK_SESSION_HANDLE hSession,
+@@ -2014,34 +1937,34 @@ C_Verify(CK_SESSION_HANDLE hSession,
         goto out;
     }
@ -504,8 +534,7 @@ index 1cccdfb43..500e3093d 100644
 -    }
 +    ret = CKR_OK;
 +out:
-+    if (ctx != NULL)
+    EVP_PKEY_CTX_free(ctx);
 +        EVP_PKEY_CTX_free(ctx);
     return ret;
 }
@ -513,7 +542,7 @@ index 1cccdfb43..500e3093d 100644
 CK_RV
 C_VerifyUpdate(CK_SESSION_HANDLE hSession,
                CK_BYTE_PTR pPart,
-@@ -2072,7 +2023,6 @@ C_GenerateRandom(CK_SESSION_HANDLE hSession,
+@@ -2072,7 +1995,6 @@ C_GenerateRandom(CK_SESSION_HANDLE hSession,
     return CKR_FUNCTION_NOT_SUPPORTED;
 }
--- a/Fix-some-principal-realm-canonicalization-cases.patch
+++ b/Fix-some-principal-realm-canonicalization-cases.patch
@ -1,4 +1,4 @@
-From 634db456d552d813c1227ec3c2078c1fcc269b17 Mon Sep 17 00:00:00 2001
+From c6ec47dfe95c1ccbabe039fb56b730ed6422b422 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Mon, 7 Jun 2021 13:27:29 -0400
 Subject: [PATCH] Fix some principal realm canonicalization cases
--- a/Handle-OpenSSL-3-s-providers.patch
+++ b/Handle-OpenSSL-3-s-providers.patch
@ -1,4 +1,4 @@
-From ea62d96f5b1e47818ab9f33ad143c4ffb460b3af Mon Sep 17 00:00:00 2001
+From c4b890e5b033fc7c5ed0faa1c66883368e29ec24 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Sat, 15 May 2021 21:18:06 -0400
 Subject: [PATCH] Handle OpenSSL 3's providers
--- a/Handle-SSL_read-changed-behavior-on-server-hangup.patch
+++ b/Handle-SSL_read-changed-behavior-on-server-hangup.patch
@ -1,40 +0,0 @@
 From a57ebca127a49869296ee2790e28eb37fdd20488 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Wed, 19 May 2021 19:33:34 -0400
 Subject: [PATCH] Handle SSL_read changed behavior on server hangup
 (cherry picked from commit 948e3c5b89fcfdb64ea5af177c7e30a6ce8a477b)
 ---
 src/include/k5-trace.h       | 2 --
 src/lib/krb5/os/sendto_kdc.c | 5 +++--
 2 files changed, 3 insertions(+), 4 deletions(-)
 diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
 index 79b5a7a85..7bd385d68 100644
 --- a/src/include/k5-trace.h
 +++ b/src/include/k5-trace.h
@@ -395,8 +395,6 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
     TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr)
 #define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr)          \
     TRACE(c, "HTTPS error connecting to {raddr}", raddr)
 -#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr)             \
 -    TRACE(c, "HTTPS error receiving from {raddr}", raddr)
 #define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr)     \
     TRACE(c, "HTTPS error sending to {raddr}", raddr)
 #define TRACE_SENDTO_KDC_HTTPS_SEND(c, raddr)                           \
 diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
 index 0eedec175..e874130d9 100644
 --- a/src/lib/krb5/os/sendto_kdc.c
 +++ b/src/lib/krb5/os/sendto_kdc.c
@@ -1320,8 +1320,9 @@ https_read_bytes(krb5_context context, struct conn_state *conn,
     } else if (st == WANT_WRITE) {
         cm_write(selstate, conn->fd);
     } else if (st == ERROR_TLS) {
 -        TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(context, &conn->addr);
 -        kill_conn(context, conn, selstate);
 +        /* In OpenSSL 3, a server hangup is a TLS error.  Rely on our decoder
 +         * to handle this instead. */
 +        return TRUE;
     }
     return FALSE;
 }
--- a/Make-KCM-iteration-fallback-work-with-sssd-kcm.patch
+++ b/Make-KCM-iteration-fallback-work-with-sssd-kcm.patch
@ -1,4 +1,4 @@
-From f7702c5b11bdd186d03fed32568c9a252d049d44 Mon Sep 17 00:00:00 2001
+From e36bd9d3d31be5eef0625753dd27fb2182520ba2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Tue, 30 Mar 2021 14:35:28 +0200
 Subject: [PATCH] Make KCM iteration fallback work with sssd-kcm
--- a/Move-some-dejagnu-kadmin-tests-to-Python-tests.patch
+++ b/Move-some-dejagnu-kadmin-tests-to-Python-tests.patch
@ -1,4 +1,4 @@
-From a76c4be37be92c02b5ac698ff3c06e2124030427 Mon Sep 17 00:00:00 2001
+From 45dd9fa8f227a7119816eae2f5e40823b74f5a85 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Thu, 22 Apr 2021 15:51:36 -0400
 Subject: [PATCH] Move some dejagnu kadmin tests to Python tests
--- a/softpkcs11-Remove-all-openssl-deprecated-functions.patch
+++ b/softpkcs11-Remove-all-openssl-deprecated-functions.patch
@ -1,16 +1,17 @@
-From 7fb3126fd893eaf943734896c92355fe150b44d6 Mon Sep 17 00:00:00 2001
+From c99ecf1bb49e2fbd0bf30a7b357cf06407b9588a Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Sat, 15 May 2021 18:04:58 -0400
-Subject: [PATCH] softpkcs11: Remove all openssl deprecated functions
+Subject: [PATCH] Remove deprecated OpenSSL calls from softpkcs11
 Rewrite add_pubkey_info() in terms of the EVP_PKEY interface.  In this
 process, fix its unchecked allocations and fail fast for non-RSA keys.
-(cherry picked from commit ec4a325dc939da23967bb115bb5339963da80098)
+(cherry picked from commit d6bf42279675100e3e4fe7c6e08eef74d49624cb)
 (cherry picked from commit 5072bfdfaddae762680d0f9d97afa6dbf8274760)
 ---
- src/configure.ac            |  1 +
+ src/configure.ac            |   1 +
- src/tests/softpkcs11/main.c | 83 +++++++++++++++++++++++--------------
+ src/tests/softpkcs11/main.c | 106 ++++++++++++++++++++++++------------
- 2 files changed, 53 insertions(+), 31 deletions(-)
+ 2 files changed, 72 insertions(+), 35 deletions(-)
 diff --git a/src/configure.ac b/src/configure.ac
 index 3e1052db7..eb6307468 100644
@ -25,12 +26,21 @@ index 3e1052db7..eb6307468 100644
 fi
 if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
 diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c
-index 500e3093d..c6f688dde 100644
+index caa537b68..86b4ef711 100644
 --- a/src/tests/softpkcs11/main.c
 +++ b/src/tests/softpkcs11/main.c
-@@ -416,42 +416,63 @@ add_object_attribute(struct st_object *o,
+@@ -413,47 +413,83 @@ add_object_attribute(struct st_object *o,
     return CKR_OK;
 }
 +#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
 +
 +/* Declare owner pointers since EVP_PKEY_get_bn_param() gives us copies. */
 +#define DECLARE_BIGNUM(name) BIGNUM *name = NULL
 +#define RELEASE_BIGNUM(bn) BN_clear_free(bn)
 static CK_RV
- add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
+-add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
 +get_bignums(EVP_PKEY *key, BIGNUM **n, BIGNUM **e)
 {
 -    switch (key_type) {
 -    case CKK_RSA: {
@ -41,27 +51,18 @@ index 500e3093d..c6f688dde 100644
 -        size_t exponent_len = 0;
 -        const RSA *rsa;
 -        const BIGNUM *n, *e;
-+    CK_BYTE *modulus = NULL, *exponent = 0;
+    if (EVP_PKEY_get_bn_param(key, "n", n) == 0 ||
-+    size_t modulus_len = 0, exponent_len = 0;
+        EVP_PKEY_get_bn_param(key, "e", e) == 0)
-+    CK_ULONG modulus_bits = 0;
+        return CKR_DEVICE_ERROR;
 +    CK_RV ret;
 -        rsa = EVP_PKEY_get0_RSA(key);
 -        RSA_get0_key(rsa, &n, &e, NULL);
 -        modulus_bits = BN_num_bits(n);
-+#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
+-
 +    BIGNUM *n = NULL, *e = NULL;
 +#else
 +    const RSA *rsa;
 +    const BIGNUM *n, *e;
 +#endif
 -        modulus_len = BN_num_bytes(n);
 -        modulus = malloc(modulus_len);
 -        BN_bn2bin(n, modulus);
-+    if (key_type != CKK_RSA)
+-
 +        abort();
 -        exponent_len = BN_num_bytes(e);
 -        exponent = malloc(exponent_len);
 -        BN_bn2bin(e, exponent);
@ -74,20 +75,49 @@ index 500e3093d..c6f688dde 100644
 -
 -        free(modulus);
 -        free(exponent);
-+#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
+-    }
 +    if (EVP_PKEY_get_bn_param(key, "n", &n) == 0 ||
 +        EVP_PKEY_get_bn_param(key, "e", &e) == 0) {
 +        ret = CKR_DEVICE_ERROR;
 +        goto done;
     }
 -    default:
 -        /* XXX */
 -        break;
 -    }
     return CKR_OK;
 }
 +#else
 +
 +/* Declare const pointers since the old API gives us aliases. */
 +#define DECLARE_BIGNUM(name) const BIGNUM *name
 +#define RELEASE_BIGNUM(bn)
 +static CK_RV
 +get_bignums(EVP_PKEY *key, const BIGNUM **n, const BIGNUM **e)
 +{
 +    const RSA *rsa;
 +
 +    rsa = EVP_PKEY_get0_RSA(key);
-+    RSA_get0_key(rsa, &n, &e, NULL);
+    RSA_get0_key(rsa, n, e, NULL);
 +
 +    return CKR_OK;
 +}
 +
 +#endif
 +
 +static CK_RV
 +add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
 +{
 +    CK_BYTE *modulus = NULL, *exponent = 0;
 +    size_t modulus_len = 0, exponent_len = 0;
 +    CK_ULONG modulus_bits = 0;
 +    CK_RV ret;
 +    DECLARE_BIGNUM(n);
 +    DECLARE_BIGNUM(e);
 +
 +    if (key_type != CKK_RSA)
 +        abort();
 +
 +    ret = get_bignums(key, &n, &e);
 +    if (ret != CKR_OK)
 +        goto done;
 +
 +    modulus_bits = BN_num_bits(n);
 +    modulus_len = BN_num_bytes(n);
 +    exponent_len = BN_num_bytes(e);
@ -97,29 +127,24 @@ index 500e3093d..c6f688dde 100644
 +    if (modulus == NULL || exponent == NULL) {
 +        ret = CKR_DEVICE_MEMORY;
 +        goto done;
-     }
+    }
 -    return CKR_OK;
 +
 +    BN_bn2bin(n, modulus);
 +    BN_bn2bin(e, exponent);
 +
 +    add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
-+    add_object_attribute(o, 0, CKA_MODULUS_BITS,
+    add_object_attribute(o, 0, CKA_MODULUS_BITS, &modulus_bits,
-+                         &modulus_bits, sizeof(modulus_bits));
+                         sizeof(modulus_bits));
-+    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
+    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, exponent, exponent_len);
 +                         exponent, exponent_len);
 +
 +    ret = CKR_OK;
 +done:
 +    free(modulus);
 +    free(exponent);
-+
+    RELEASE_BIGNUM(n);
-+#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
+    RELEASE_BIGNUM(e);
 +    BN_clear_free(n);
 +    BN_clear_free(e);
 +#endif
 +
 +    return ret;
- }
+}
 static int
 pem_callback(char *buf, int num, int w, void *key)
--- a/Use-KCM_OP_RETRIEVE-in-KCM-client.patch
+++ b/Use-KCM_OP_RETRIEVE-in-KCM-client.patch
@ -1,4 +1,4 @@
-From ac0a117096324fa73afae291ed467f2ea66e279b Mon Sep 17 00:00:00 2001
+From c02c77660cee3f61482bd4ad1274271b4838cf31 Mon Sep 17 00:00:00 2001
 From: Greg Hudson <ghudson@mit.edu>
 Date: Fri, 26 Mar 2021 23:38:54 -0400
 Subject: [PATCH] Use KCM_OP_RETRIEVE in KCM client
--- a/Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch
+++ b/Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch
@ -1,4 +1,4 @@
-From d8540c91db499761148ec681eb46a455f0808e22 Mon Sep 17 00:00:00 2001
+From 21e3b9a4463f1d1aeb71de8a27c298f1307d186b Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 4 Oct 2019 14:49:29 -0400
 Subject: [PATCH] Use OpenSSL's KBKDF and KRB5KDF for deriving long-term keys
--- a/Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch
+++ b/Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch
@ -1,4 +1,4 @@
-From cfdd0501ffea9cbe9343d1ff1e597df1689b547b Mon Sep 17 00:00:00 2001
+From 8bbb492f2be1418e1e4bb2cf197414810dac9589 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Fri, 20 Sep 2019 17:20:59 -0400
 Subject: [PATCH] Use OpenSSL's SSKDF in PKINIT when available
--- a/krb5.spec
+++ b/krb5.spec
@ -42,7 +42,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.19.1
-Release: %{?zdpd}8%{?dist}
+Release: %{?zdpd}9%{?dist}
 # rharwood has trust path to signing key and verifies on check-in
 Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
@ -73,12 +73,12 @@ Patch8: Add-APIs-for-marshalling-credentials.patch
 Patch9: Add-hostname-canonicalization-helper-to-k5test.py.patch
 Patch10: Support-host-based-GSS-initiator-names.patch
 Patch11: Fix-softpkcs11-build-issues-with-openssl-3.0.patch
-Patch12: softpkcs11-Remove-all-openssl-deprecated-functions.patch
+Patch12: Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch
-Patch13: Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch
+Patch13: Fix-k5tls-module-for-OpenSSL-3.patch
-Patch14: Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch
+Patch14: Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch
-Patch15: Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch
+Patch15: Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch
-Patch16: Handle-OpenSSL-3-s-providers.patch
+Patch16: Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch
-Patch17: Handle-SSL_read-changed-behavior-on-server-hangup.patch
+Patch17: Handle-OpenSSL-3-s-providers.patch
 Patch18: Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch
 Patch19: Fix-KCM-flag-transmission-for-remove_cred.patch
 Patch20: Make-KCM-iteration-fallback-work-with-sssd-kcm.patch
@ -649,6 +649,10 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*
 %changelog
 * Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-9
 - Sync openssl3 patches with upstream
 - Resolves: #1955873
 * Thu Jun 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-8
 - Rebuild for rpminspect and mass rebuild cleanup; no code changes
 - Resolves: #1967505