diff --git a/SOURCES/opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch b/SOURCES/opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
new file mode 100644
index 0000000..c1cca42
--- /dev/null
+++ b/SOURCES/opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
@@ -0,0 +1,47 @@
+diff -up opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c
+--- opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c.me	2021-07-08 10:54:36.755203485 +0200
++++ opencryptoki-3.15.1/usr/lib/soft_stdll/soft_specific.c	2021-07-08 10:57:53.243067358 +0200
+@@ -4207,6 +4207,12 @@ static CK_RV fill_ec_key_from_pubkey(EC_
+         goto out;
+     }
+ 
++    if (!EC_KEY_check_key(ec_key)) {
++        TRACE_ERROR("EC_KEY_check_key failed\n");
++        rc = CKR_PUBLIC_KEY_INVALID;
++        goto out;
++    }
++
+ out:
+     if (temp != NULL)
+         free(temp);
+@@ -4245,6 +4251,12 @@ static CK_RV fill_ec_key_from_privkey(EC
+         rc = CKR_FUNCTION_FAILED;
+         goto out;
+     }
++
++    if (!EC_KEY_check_key(ec_key)) {
++        TRACE_ERROR("EC_KEY_check_key failed\n");
++        rc = CKR_FUNCTION_FAILED;
++        goto out;
++    }
+ 
+ out:
+     if (point != NULL)
+diff -up opencryptoki-3.15.1/usr/include/pkcs11types.h.me opencryptoki-3.15.1/usr/include/pkcs11types.h
+--- opencryptoki-3.15.1/usr/include/pkcs11types.h.me	2021-07-08 11:23:47.147107638 +0200
++++ opencryptoki-3.15.1/usr/include/pkcs11types.h	2021-07-08 11:25:19.829674408 +0200
+@@ -1092,6 +1092,14 @@ typedef CK_ULONG CK_RV;
+ #define CKR_MUTEX_BAD                         0x000001A0
+ #define CKR_MUTEX_NOT_LOCKED                  0x000001A1
+ 
++#define CKR_NEW_PIN_MODE                      0x000001B0
++#define CKR_NEXT_OTP                          0x000001B1
++#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5
++#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6
++#define CKR_LIBRARY_LOAD_FAILED               0x000001B7
++#define CKR_PIN_TOO_WEAK                      0x000001B8
++#define CKR_PUBLIC_KEY_INVALID                0x000001B9
++
+ /* CKR_FUNCTION_REJECTED is new for v2.20 */
+ #define CKR_FUNCTION_REJECTED                 0x00000200
+ 
diff --git a/SPECS/opencryptoki.spec b/SPECS/opencryptoki.spec
index 811d39c..f6fe29f 100644
--- a/SPECS/opencryptoki.spec
+++ b/SPECS/opencryptoki.spec
@@ -1,7 +1,7 @@
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
 Version:		3.15.1
-Release:		5%{?dist}
+Release:		6%{?dist}
 License:		CPL
 Group:			System Environment/Base
 URL:			https://github.com/opencryptoki/opencryptoki
@@ -20,7 +20,7 @@ Patch3:			opencryptoki-3.15.1-fix_compiling_with_c++.patch
 Patch4:			opencryptoki-3.15.1-f1f176cbb4183bcb8a0f7b4d7f649d84a731dd43.patch
 # https://github.com/opencryptoki/opencryptoki/commit/1e98001ff63cd7e75d95b4ea0d3d2a69965d8890
 Patch5:			opencryptoki-3.15.1-1e98001ff63cd7e75d95b4ea0d3d2a69965d8890.patch
-
+Patch6:			opencryptoki-3.15.1-soft_token_does_not_check_if_an_EC_key_is_valid.patch
 Requires(pre):		coreutils
 BuildRequires:		gcc
 BuildRequires:		openssl-devel
@@ -346,6 +346,9 @@ fi
 
 
 %changelog
+* Thu Jul 08 2021 Than Ngo <than@redhat.com> - 3.15.1-6
+- Resolves: #1979173, Soft token does not check if an EC key is valid
+
 * Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5
 - Resolves: #1928120, Fix problem with C_Get/SetOperationState and digest contexts