From 3189e6c7ee95a034be1080b774b4c304bc4a1e56 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 11 Aug 2021 12:27:42 +0200
Subject: [PATCH] opensc-0.22.0-1

Resolves: rhbz#1970534
---
 .gitignore                   |   1 +
 common.sh                    |  88 ---------
 opensc-0.21.0-openssl3.patch | 215 --------------------
 opensc-32b-arch.patch        |  33 ++++
 opensc-gcc11.patch           | 369 ++---------------------------------
 opensc.spec                  |  21 +-
 sources                      |   2 +-
 7 files changed, 54 insertions(+), 675 deletions(-)
 delete mode 100644 common.sh
 delete mode 100644 opensc-0.21.0-openssl3.patch
 create mode 100644 opensc-32b-arch.patch

diff --git a/.gitignore b/.gitignore
index f9524fb..a1070a7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@
 /opensc-0.19.0.tar.gz
 /opensc-0.20.0.tar.gz
 /opensc-0.21.0.tar.gz
+/opensc-0.22.0.tar.gz
diff --git a/common.sh b/common.sh
deleted file mode 100644
index bc9747f..0000000
--- a/common.sh
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/bash
-## from OpenSC/src/tests/p11test/runtest.sh
-
-SOPIN="12345678"
-PIN="123456"
-PKCS11_TOOL="../src/tools/pkcs11-tool"
-
-softhsm_paths="/usr/local/lib/softhsm/libsofthsm2.so \
-	/usr/lib64/pkcs11/libsofthsm2.so \
-	/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so"
-
-for LIB in $softhsm_paths; do
-	echo "Testing $LIB"
-	if [[ -f $LIB ]]; then
-		P11LIB=$LIB
-		echo "Setting P11LIB=$LIB"
-		break
-	fi
-done
-if [[ -z "$P11LIB" ]]; then
-	echo "Warning: Could not find the softhsm pkcs11 module"
-fi
-
-ERRORS=0
-function assert() {
-	if [[ $1 != 0 ]]; then
-		echo "====> ERROR: $2"
-		ERRORS=1
-	fi
-}
-
-function generate_key() {
-	TYPE="$1"
-	ID="$2"
-	LABEL="$3"
-
-	# Generate key pair
-	$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
-		--module="$P11LIB" --label="$LABEL" --id=$ID
-
-	if [[ "$?" -ne "0" ]]; then
-		echo "Couldn't generate $TYPE key pair"
-		return 1
-	fi
-
-	# Extract public key from the card
-	$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
-		--module="$P11LIB"
-
-	# convert it to more digestible PEM format
-	if [[ ${TYPE:0:3} == "RSA" ]]; then
-		openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
-	else
-		openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
-	fi
-	rm $ID.der
-}
-
-function softhsm_initialize() {
-	echo "directories.tokendir = .tokens/" > .softhsm2.conf
-	mkdir ".tokens"
-	export SOFTHSM2_CONF=".softhsm2.conf"
-	# Init token
-	softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
-}
-
-function card_setup() {
-	softhsm_initialize
-
-	# Generate 1024b RSA Key pair
-	generate_key "RSA:1024" "01" "RSA_auth"
-	# Generate 2048b RSA Key pair
-	generate_key "RSA:2048" "02" "RSA2048"
-	# Generate 256b ECC Key pair
-	generate_key "EC:secp256r1" "03" "ECC_auth"
-	# Generate 521b ECC Key pair
-	generate_key "EC:secp521r1" "04" "ECC521"
-}
-
-function softhsm_cleanup() {
-	rm .softhsm2.conf
-	rm -rf ".tokens"
-}
-
-function card_cleanup() {
-	softhsm_cleanup
-	rm 0{1,2,3,4}.pub
-}
diff --git a/opensc-0.21.0-openssl3.patch b/opensc-0.21.0-openssl3.patch
deleted file mode 100644
index 52d8e1a..0000000
--- a/opensc-0.21.0-openssl3.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-diff --git a/src/libopensc/cwa14890.c b/src/libopensc/cwa14890.c
-index da471abf..d854799e 100644
---- a/src/libopensc/cwa14890.c
-+++ b/src/libopensc/cwa14890.c
-@@ -519,8 +519,8 @@ static int cwa_internal_auth(sc_card_t * card, u8 * sig, size_t sig_len, u8 * da
-  * @return SC_SUCCESS if ok; else errorcode
-  */
- static int cwa_prepare_external_auth(sc_card_t * card,
--				     RSA * icc_pubkey,
--				     RSA * ifd_privkey,
-+				     COMPAT_RSA * icc_pubkey,
-+				     COMPAT_RSA * ifd_privkey,
- 				     u8 * sig,
- 				     size_t sig_len)
- {
-@@ -594,7 +594,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
- 	buf3[127] = 0xBC;	/* iso padding */
- 
- 	/* encrypt with ifd private key */
--	len2 = RSA_private_decrypt(128, buf3, buf2, ifd_privkey, RSA_NO_PADDING);
-+	len2 = RSA_private_decrypt(128, buf3, buf2, (RSA *)ifd_privkey, RSA_NO_PADDING);
- 	if (len2 < 0) {
- 		msg = "Prepare external auth: ifd_privk encrypt failed";
- 		res = SC_ERROR_SM_ENCRYPT_FAILED;
-@@ -630,7 +630,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
- 	}
- 
- 	/* re-encrypt result with icc public key */
--	len1 = RSA_public_encrypt(len3, buf3, buf1, icc_pubkey, RSA_NO_PADDING);
-+	len1 = RSA_public_encrypt(len3, buf3, buf1, (RSA *)icc_pubkey, RSA_NO_PADDING);
- 	if (len1 <= 0 || (size_t) len1 != sig_len) {
- 		msg = "Prepare external auth: icc_pubk encrypt failed";
- 		res = SC_ERROR_SM_ENCRYPT_FAILED;
-@@ -842,8 +842,8 @@ static int cwa_compare_signature(u8 * data, size_t dlen, u8 * ifd_data)
-  * @return SC_SUCCESS if ok; else error code
-  */
- static int cwa_verify_internal_auth(sc_card_t * card,
--				    RSA * icc_pubkey,
--				    RSA * ifd_privkey,
-+				    COMPAT_RSA * icc_pubkey,
-+				    COMPAT_RSA * ifd_privkey,
- 				    u8 * ifdbuf,
- 				    size_t ifdlen,
- 				    u8 * sig,
-@@ -901,7 +901,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
- 	 */
- 
- 	/* decrypt data with our ifd priv key */
--	len1 = RSA_private_decrypt(sig_len, sig, buf1, ifd_privkey, RSA_NO_PADDING);
-+	len1 = RSA_private_decrypt(sig_len, sig, buf1, (RSA *)ifd_privkey, RSA_NO_PADDING);
- 	if (len1 <= 0) {
- 		msg = "Verify Signature: decrypt with ifd privk failed";
- 		res = SC_ERROR_SM_ENCRYPT_FAILED;
-@@ -911,7 +911,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
- 	/* OK: now we have SIGMIN in buf1 */
- 	/* check if SIGMIN data matches SIG or N.ICC-SIG */
- 	/* evaluate DS[SK.ICC.AUTH](SIG) trying to decrypt with icc pubk */
--	len3 = RSA_public_encrypt(len1, buf1, buf3, icc_pubkey, RSA_NO_PADDING);
-+	len3 = RSA_public_encrypt(len1, buf1, buf3, (RSA *) icc_pubkey, RSA_NO_PADDING);
- 	if (len3 <= 0)
- 		goto verify_nicc_sig;	/* evaluate N.ICC-SIG and retry */
- 	res = cwa_compare_signature(buf3, len3, ifdbuf);
-@@ -945,7 +945,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
- 	}
- 	/* ok: check again with new data */
- 	/* evaluate DS[SK.ICC.AUTH](I.ICC-SIG) trying to decrypt with icc pubk */
--	len3 = RSA_public_encrypt(len2, buf2, buf3, icc_pubkey, RSA_NO_PADDING);
-+	len3 = RSA_public_encrypt(len2, buf2, buf3, (RSA *)icc_pubkey, RSA_NO_PADDING);
- 	if (len3 <= 0) {
- 		msg = "Verify Signature: cannot get valid SIG data";
- 		res = SC_ERROR_INVALID_DATA;
-diff --git a/src/libopensc/p15card-helper.c b/src/libopensc/p15card-helper.c
-index e641858d..1cee573f 100644
---- a/src/libopensc/p15card-helper.c
-+++ b/src/libopensc/p15card-helper.c
-@@ -143,7 +143,7 @@ CERT_HANDLE_FUNCTION(default_cert_handle) {
- 	int r;
- 	X509 *cert_data = NULL;
- 	EVP_PKEY *pkey = NULL;
--	RSA * rsa = NULL;
-+	COMPAT_RSA * rsa = NULL;
- 	int certtype = 0;
- 	int modulus_len = 0;
- 	const prdata* key = get_prkey_by_cert(items, cert);
-diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
-index 339ad96c..5ac50174 100644
---- a/src/libopensc/sc-ossl-compat.h
-+++ b/src/libopensc/sc-ossl-compat.h
-@@ -273,6 +273,16 @@ static sc_ossl_inline void CRYPTO_secure_malloc_done()
- 
- #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
- 
-+/* OpenSSL 3.0 changes return value of EVP_PKEY_get0_*() to const */
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# define COMPAT_RSA RSA
-+# define COMPAT_EC_KEY EC_KEY
-+#else
-+# define COMPAT_RSA const RSA
-+# define COMPAT_EC_KEY const EC_KEY
-+#endif
-+
-+
- #ifdef __cplusplus
- }
- #endif /* __cplusplus */
-diff --git a/src/tests/p11test/p11test_case_common.c b/src/tests/p11test/p11test_case_common.c
-index 695ae2ea..73f147e0 100644
---- a/src/tests/p11test/p11test_case_common.c
-+++ b/src/tests/p11test/p11test_case_common.c
-@@ -20,6 +20,7 @@
-  */
- 
- #include "p11test_case_common.h"
-+#include "../../libopensc/sc-ossl-compat.h"
- 
- char name_buffer[11];
- char flag_buffer[11];
-@@ -208,7 +209,7 @@ int callback_certificates(test_certs_t *objects,
- 
- 	if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
- 		/* Extract public RSA key */
--		RSA *rsa = EVP_PKEY_get0_RSA(evp);
-+		COMPAT_RSA *rsa = EVP_PKEY_get0_RSA(evp);
- 		if ((o->key.rsa = RSAPublicKey_dup(rsa)) == NULL) {
- 			fail_msg("RSAPublicKey_dup failed");
- 			return -1;
-@@ -218,7 +219,7 @@ int callback_certificates(test_certs_t *objects,
- 
- 	} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
- 		/* Extract public EC key */
--		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
-+		COMPAT_EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
- 		if ((o->key.ec = EC_KEY_dup(ec)) == NULL) {
- 			fail_msg("EC_KEY_dup failed");
- 			return -1;
-commit afc1cfa01b1f0ad59f292e306c594bd979fe8b0d
-Author: Jakub Jelen <jjelen@redhat.com>
-Date:   Thu Jul 15 08:55:13 2021 +0200
-
-    Do not use EVP_PKEY_get0() for EC_KEY handling
-    
-    The function is intentionally broken in OpenSSL 3.0 for provided keys
-    and returning NULL. But it should still work for the legacy gost engine
-    implementation (but I do not have a good way to check).
-    
-    Discussed in openssl upstream issue:
-    
-    https://github.com/openssl/openssl/issues/16081
-
-diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
-index c7d2d011..d9b8d0b8 100644
---- a/src/libopensc/pkcs15-prkey.c
-+++ b/src/libopensc/pkcs15-prkey.c
-@@ -728,13 +728,13 @@ sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key)
- 		}
- 	case EVP_PKEY_EC: {
- 		struct sc_pkcs15_prkey_ec *dst = &pkcs15_key->u.ec;
--		EC_KEY *src = NULL;
-+		const EC_KEY *src = NULL;
- 		const EC_GROUP *grp = NULL;
- 		unsigned char buf[255];
- 		size_t buflen = 255;
- 		int nid;
- 
--		src = EVP_PKEY_get0(pk);
-+		src = EVP_PKEY_get0_EC_KEY(pk);
- 		assert(src);
- 		assert(EC_KEY_get0_private_key(src));
- 		assert(EC_KEY_get0_public_key(src));
-diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
-index ac8fda7b..b93a8c68 100644
---- a/src/libopensc/pkcs15-pubkey.c
-+++ b/src/libopensc/pkcs15-pubkey.c
-@@ -1783,13 +1783,13 @@ sc_pkcs15_convert_pubkey(struct sc_pkcs15_pubkey *pkcs15_key, void *evp_key)
- 	}
- 	case EVP_PKEY_EC: {
- 		struct sc_pkcs15_pubkey_ec *dst = &pkcs15_key->u.ec;
--		EC_KEY *src = NULL;
-+		const EC_KEY *src = NULL;
- 		const EC_GROUP *grp = NULL;
- 		unsigned char buf[255];
- 		size_t buflen = 255;
- 		int nid;
- 
--		src = EVP_PKEY_get0(pk);
-+		src = EVP_PKEY_get0_EC_KEY(pk);
- 		assert(src);
- 		assert(EC_KEY_get0_public_key(src));
- 
-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
-index ffd3666c..f87ce025 100644
---- a/src/tools/pkcs11-tool.c
-+++ b/src/tools/pkcs11-tool.c
-@@ -3143,18 +3143,18 @@ parse_gost_pkey(EVP_PKEY *pkey, int private, struct gostkey_info *gost)
- static int
- parse_ec_pkey(EVP_PKEY *pkey, int private, struct gostkey_info *gost)
- {
--	EC_KEY *src = EVP_PKEY_get0(pkey);
-+	const EC_KEY *src = EVP_PKEY_get0_EC_KEY(pkey);
- 	const BIGNUM *bignum;
- 
- 	if (!src)
- 		return -1;
- 
--	gost->param_oid.len = i2d_ECParameters(src, &gost->param_oid.value);
-+	gost->param_oid.len = i2d_ECParameters((EC_KEY *)src, &gost->param_oid.value);
- 	if (gost->param_oid.len <= 0)
- 		return -1;
- 
- 	if (private) {
--		bignum = EC_KEY_get0_private_key(EVP_PKEY_get0(pkey));
-+		bignum = EC_KEY_get0_private_key(src);
- 
- 		gost->private.len = BN_num_bytes(bignum);
- 		gost->private.value = malloc(gost->private.len);
diff --git a/opensc-32b-arch.patch b/opensc-32b-arch.patch
new file mode 100644
index 0000000..70213b1
--- /dev/null
+++ b/opensc-32b-arch.patch
@@ -0,0 +1,33 @@
+commit 6bc05d7037041e543d627248ca9df90723426ce1
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Tue Aug 10 16:30:40 2021 +0200
+
+    p11test: Fix invalid format string on 32b architectures
+
+diff --git a/src/tests/p11test/p11test.c b/src/tests/p11test/p11test.c
+index dbac167d..49de6a93 100644
+--- a/src/tests/p11test/p11test.c
++++ b/src/tests/p11test/p11test.c
+@@ -139,7 +139,7 @@ int main(int argc, char** argv) {
+ 		return -1;
+ 	}
+ 
+-	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %lu\n\t",
++	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %zu\n\t",
+ 		token.pin, token.pin_length);
+ 
+ 	return cmocka_run_group_tests(readonly_tests_without_initialization,
+diff --git a/src/tests/p11test/p11test_case_pss_oaep.c b/src/tests/p11test/p11test_case_pss_oaep.c
+index 1d876a5b..5a6ae9d0 100644
+--- a/src/tests/p11test/p11test_case_pss_oaep.c
++++ b/src/tests/p11test/p11test_case_pss_oaep.c
+@@ -402,7 +402,7 @@ int oaep_encrypt_decrypt_test(test_cert_t *o, token_info_t *info, test_mech_t *m
+ 	if (message_length < 0) {
+ 		mech->usage_flags &= ~CKF_DECRYPT;
+ 		debug_print(" [SKIP %s ] Too small modulus (%ld bits)"
+-			" or too large hash %s (%lu B) for OAEP", o->id_str,
++			" or too large hash %s (%zu B) for OAEP", o->id_str,
+ 			o->bits, get_mechanism_name(mech->hash),
+ 			get_hash_length(mech->hash));
+ 		return 0;
+
diff --git a/opensc-gcc11.patch b/opensc-gcc11.patch
index 484405b..fb670c3 100644
--- a/opensc-gcc11.patch
+++ b/opensc-gcc11.patch
@@ -1,361 +1,16 @@
 diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
-index 41e620a..57f8a79 100644
+index d251495c..e48f3189 100644
 --- a/src/tools/opensc-explorer.c
 +++ b/src/tools/opensc-explorer.c
-@@ -1839,6 +1839,12 @@ static int do_apdu(int argc, char **argv)
+@@ -2030,9 +2030,9 @@ static int do_put_data(int argc, char **argv)
+ static int do_apdu(int argc, char **argv)
+ {
+ 	sc_apdu_t apdu;
+-	u8 buf[SC_MAX_EXT_APDU_BUFFER_SIZE];
++	u8 buf[SC_MAX_EXT_APDU_BUFFER_SIZE] = {0};
+ 	u8 rbuf[SC_MAX_EXT_APDU_BUFFER_SIZE];
+-	size_t len, i;
++	size_t len = 0, i;
+ 	int r;
+ 
  	if (argc < 1)
- 		return usage(do_apdu);
- 
-+	/* gcc-11 complains about BUF potentially being used without being
-+	   initialized.  I can't convince myself that the calls to
-+	   parse_string_or_hexdata will fully initialize it, so we just
-+	   initialize it here.  */
-+	memset (buf, 0, sizeof (buf));
-+
- 	/* loop over the args and parse them, making sure the result fits into buf[] */
- 	for (i = 0, len = 0; i < (unsigned) argc && len < sizeof(buf); i++)   {
- 		size_t len0 = sizeof(buf) - len;
-commit 1680b3a1fb15319e41dbe3214ef8c4a4c215d529
-Author: Jakub Jelen <jjelen@redhat.com>
-Date:   Tue Feb 23 19:57:02 2021 +0100
-
-    Fix build on gcc11
-    
-    This made most of the applications crashing in Fedora 34 when
-    smart card was plugged in.
-    
-    The suggested patch makes the code path more obvious for gcc to
-    handle.
-    
-    https://bugzilla.redhat.com/show_bug.cgi?id=1930652
-
-diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
-index 18803b83..c65ec3ed 100644
---- a/src/pkcs11/framework-pkcs15.c
-+++ b/src/pkcs11/framework-pkcs15.c
-@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
- {
- 	struct sc_pkcs15_cert_info *p15_info = NULL;
- 	struct sc_pkcs15_cert *p15_cert = NULL;
-+	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_cert_object *object = NULL;
- 	struct pkcs15_pubkey_object *obj2 = NULL;
- 	int rv;
-@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
- 	}
- 
- 	/* Certificate object */
--	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
-+	rv = __pkcs15_create_object(fw_data, &any_object,
- 			cert, &pkcs15_cert_ops, sizeof(struct pkcs15_cert_object));
-+	object = (struct pkcs15_cert_object *) any_object;
- 	if (rv < 0) {
- 		if (p15_cert != NULL)
- 			sc_pkcs15_free_certificate(p15_cert);
-@@ -720,7 +722,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
- 	pkcs15_cert_extract_label(object);
- 
- 	if (cert_object != NULL)
--		*cert_object = (struct pkcs15_any_object *) object;
-+		*cert_object = any_object;
- 
- 	return 0;
- }
-@@ -730,6 +732,7 @@ static int
- __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
- 	struct sc_pkcs15_object *pubkey, struct pkcs15_any_object **pubkey_object)
- {
-+	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_pubkey_object *object = NULL;
- 	struct sc_pkcs15_pubkey *p15_key = NULL;
- 	int rv;
-@@ -758,8 +761,9 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
- 	}
- 
- 	/* Public key object */
--	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
-+	rv = __pkcs15_create_object(fw_data, &any_object,
- 			pubkey, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
-+	object = (struct pkcs15_pubkey_object *) any_object;
- 	if (rv >= 0) {
- 		object->pub_info = (struct sc_pkcs15_pubkey_info *) pubkey->data;
- 		object->pub_data = p15_key;
-@@ -773,7 +777,7 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
- 			object->pub_data->alg_id->params = &((object->pub_data->u).gostr3410.params);
- 	}
- 	if (pubkey_object != NULL)
--		*pubkey_object = (struct pkcs15_any_object *) object;
-+		*pubkey_object = any_object;
- 
- 	return rv;
- }
-@@ -783,16 +787,18 @@ static int
- __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data,
- 	struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object)
- {
-+	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_prkey_object *object = NULL;
- 	int rv;
- 
--	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
-+	rv = __pkcs15_create_object(fw_data, &any_object,
- 			prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object));
-+	object = (struct pkcs15_prkey_object *) any_object;
- 	if (rv >= 0)
- 		object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data;
- 
- 	if (prkey_object != NULL)
--		*prkey_object = (struct pkcs15_any_object *) object;
-+		*prkey_object = any_object;
- 
- 	return rv;
- }
-@@ -802,18 +808,20 @@ static int
- __pkcs15_create_data_object(struct pkcs15_fw_data *fw_data,
- 		struct sc_pkcs15_object *object, struct pkcs15_any_object **data_object)
- {
-+	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_data_object *dobj = NULL;
- 	int rv;
- 
--	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &dobj,
-+	rv = __pkcs15_create_object(fw_data, &any_object,
- 			object, &pkcs15_dobj_ops, sizeof(struct pkcs15_data_object));
-+        dobj = (struct pkcs15_data_object *) any_object;
- 	if (rv >= 0)   {
- 		dobj->info = (struct sc_pkcs15_data_info *) object->data;
- 		dobj->value = NULL;
- 	}
- 
- 	if (data_object != NULL)
--		*data_object = (struct pkcs15_any_object *) dobj;
-+		*data_object = any_object;
- 
- 	return rv;
- }
-@@ -853,16 +861,18 @@ static int
- __pkcs15_create_secret_key_object(struct pkcs15_fw_data *fw_data,
- 		struct sc_pkcs15_object *object, struct pkcs15_any_object **skey_object)
- {
-+	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_skey_object *skey = NULL;
- 	int rv;
- 
--	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &skey,
-+	rv = __pkcs15_create_object(fw_data, &any_object,
- 			object, &pkcs15_skey_ops, sizeof(struct pkcs15_skey_object));
-+        skey = (struct pkcs15_skey_object *) any_object;
- 	if (rv >= 0)
- 		skey->info = (struct sc_pkcs15_skey_info *) object->data;
- 
- 	if (skey_object != NULL)
--		*skey_object = (struct pkcs15_any_object *) skey;
-+		*skey_object = any_object;
- 
- 	return rv;
- }
-diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c
-index 885abd37..9277061b 100644
---- a/src/libopensc/pkcs15-westcos.c
-+++ b/src/libopensc/pkcs15-westcos.c
-@@ -124,18 +124,17 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
- 		struct sc_pkcs15_pubkey_info pubkey_info;
- 		struct sc_pkcs15_object pubkey_obj;
- 		struct sc_pkcs15_pubkey *pkey = NULL;
-+		sc_pkcs15_cert_t *cert = NULL;
-+
- 		memset(&cert_info, 0, sizeof(cert_info));
- 		memset(&cert_obj, 0, sizeof(cert_obj));
- 		cert_info.id.len = 1;
- 		cert_info.id.value[0] = 0x45;
- 		cert_info.authority = 0;
- 		cert_info.path = path;
--		r = sc_pkcs15_read_certificate(p15card, &cert_info,
--					       (sc_pkcs15_cert_t
--						**) (&cert_obj.data));
-+		r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
-+		cert_obj.data = (void *) cert;
- 		if (!r) {
--			sc_pkcs15_cert_t *cert =
--			    (sc_pkcs15_cert_t *) (cert_obj.data);
- 			strlcpy(cert_obj.label, "User certificate",
- 				sizeof(cert_obj.label));
- 			cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
-diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
-index c65ec3ed..a5e6ff1f 100644
---- a/src/pkcs11/framework-pkcs15.c
-+++ b/src/pkcs11/framework-pkcs15.c
-@@ -673,6 +673,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
- 	struct pkcs15_any_object *any_object = NULL;
- 	struct pkcs15_cert_object *object = NULL;
- 	struct pkcs15_pubkey_object *obj2 = NULL;
-+	struct pkcs15_any_object *any_object2 = NULL;
- 	int rv;
- 
- 	p15_info = (struct sc_pkcs15_cert_info *) cert->data;
-@@ -700,10 +701,11 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
- 	object->cert_data = p15_cert;
- 
- 	/* Corresponding public key */
--	rv = public_key_created(fw_data, &p15_info->id, (struct pkcs15_any_object **) &obj2);
-+	rv = public_key_created(fw_data, &p15_info->id, &any_object2);
- 	if (rv != SC_SUCCESS)
--		rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2,
-+		rv = __pkcs15_create_object(fw_data, &any_object2,
- 				NULL, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
-+	obj2 = (struct pkcs15_pubkey_object *) any_object2;
- 	if (rv < 0)
- 		return rv;
- 
-@@ -2975,14 +2977,17 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
- 	const CK_BYTE * gost_params_encoded_oid_from_template;
- 	const CK_BYTE * gost_hash_params_encoded_oid_from_template;
- 	size_t len, param_index, hash_index;
-+	void *ptr = NULL;
- 	CK_RV rv;
- 
- 	/* If template has CKA_GOSTR3410_PARAMS attribute, set param_index to
- 	 * corresponding item's index in gostr3410_param_oid[] */
--	if (pPrivTpl && ulPrivCnt)
--		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
--	else
--		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
-+	if (pPrivTpl && ulPrivCnt) {
-+		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
-+	} else {
-+		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
-+	}
-+	gost_params_encoded_oid_from_template = (const CK_BYTE *) ptr;
- 
- 	if (rv == CKR_OK) {
- 		size_t nn = sizeof(gostr3410_param_oid)/sizeof(gostr3410_param_oid[0]);
-@@ -3005,10 +3010,12 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
- 
- 	/* If template has CKA_GOSTR3411_PARAMS attribute, set hash_index to
- 	 * corresponding item's index in gostr3410_hash_param_oid[] */
--	if (pPrivTpl && ulPrivCnt)
--		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
--	else
--		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
-+	if (pPrivTpl && ulPrivCnt) {
-+		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
-+	} else {
-+		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
-+	}
-+	gost_hash_params_encoded_oid_from_template = ptr;
- 
- 	if (rv == CKR_OK) {
- 		size_t nn = sizeof(gostr3410_hash_param_oid)/sizeof(gostr3410_hash_param_oid[0]);
-@@ -3155,9 +3162,11 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
- 	}
- 	else if (keytype == CKK_EC)   {
- 		struct sc_lv_data *der = &keygen_args.prkey_args.key.u.ec.params.der;
-+		void *ptr = NULL;
- 
- 		der->len = sizeof(struct sc_object_id);
--		rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, (void **)&der->value, &der->len);
-+		rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, &ptr, &der->len);
-+		der->value = (unsigned char *) ptr;
- 		if (rv != CKR_OK)   {
- 			sc_unlock(p11card->card);
- 			return sc_to_cryptoki_error(rc, "C_GenerateKeyPair");
-diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
-index 8fb3e5af..a6c91ce1 100644
---- a/src/pkcs11/pkcs11-object.c
-+++ b/src/pkcs11/pkcs11-object.c
-@@ -347,6 +347,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession,	/* the session's handle */
- 	struct sc_pkcs11_object *object;
- 	struct sc_pkcs11_find_operation *operation;
- 	struct sc_pkcs11_slot *slot;
-+	struct sc_pkcs11_operation *op = NULL;
- 
- 	if (pTemplate == NULL_PTR && ulCount > 0)
- 		return CKR_ARGUMENTS_BAD;
-@@ -363,7 +364,8 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession,	/* the session's handle */
- 	dump_template(SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit()", pTemplate, ulCount);
- 
- 	rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND,
--				     &find_mechanism, (struct sc_pkcs11_operation **)&operation);
-+				     &find_mechanism, &op);
-+	operation = (struct sc_pkcs11_find_operation *) op;
- 	if (rv != CKR_OK)
- 		goto out;
- 
-diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
-index a6c91ce1..603a6713 100644
---- a/src/pkcs11/pkcs11-object.c
-+++ b/src/pkcs11/pkcs11-object.c
-@@ -453,6 +453,7 @@ C_FindObjects(CK_SESSION_HANDLE hSession,	/* the session's handle */
- 	CK_ULONG to_return;
- 	struct sc_pkcs11_session *session;
- 	struct sc_pkcs11_find_operation *operation;
-+	struct sc_pkcs11_operation *op = NULL;
- 
- 	if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR)
- 		return CKR_ARGUMENTS_BAD;
-@@ -465,7 +466,8 @@ C_FindObjects(CK_SESSION_HANDLE hSession,	/* the session's handle */
- 	if (rv != CKR_OK)
- 		goto out;
- 
--	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, (sc_pkcs11_operation_t **) & operation);
-+	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, &op);
-+	operation = (struct sc_pkcs11_find_operation *) op;
- 	if (rv != CKR_OK)
- 		goto out;
- 
-diff --git a/src/tools/pkcs11-register.c b/src/tools/pkcs11-register.c
-index 007ff1ae..873ebcba 100644
---- a/src/tools/pkcs11-register.c
-+++ b/src/tools/pkcs11-register.c
-@@ -123,13 +123,15 @@ add_module_pkcs11_txt(const char *profile_dir,
- 	char pkcs11_txt_path[PATH_MAX];
- 	char *pkcs11_txt = NULL;
- 	size_t pkcs11_txt_len = 0;
-+	unsigned char *txt = NULL;
-+
- 	if (!profile_dir
- 			|| snprintf(pkcs11_txt_path, sizeof pkcs11_txt_path,
- 				"%s%c%s", profile_dir, path_sep, "pkcs11.txt") < 0
--			|| !fread_to_eof(pkcs11_txt_path,
--				(unsigned char **) &pkcs11_txt, &pkcs11_txt_len)) {
-+			|| !fread_to_eof(pkcs11_txt_path, &txt, &pkcs11_txt_len)) {
- 		goto err;
- 	}
-+	pkcs11_txt = (char *)txt;
- 	char *p = realloc(pkcs11_txt, pkcs11_txt_len+1);
- 	if (!p)
- 		goto err;
-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
-index a4d9c94b..35b96792 100644
---- a/src/tools/pkcs11-tool.c
-+++ b/src/tools/pkcs11-tool.c
-@@ -6303,11 +6303,12 @@ static CK_SESSION_HANDLE test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE
- 		return session;
- 	}
- 
--	tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
--	if (opt_object_id_len == 0) {
-+	tmp = getID(session, priv_key, &i);
-+	if (i == 0) {
- 		fprintf(stderr, "ERR: newly generated private key has no (or an empty) CKA_ID\n");
- 		return session;
- 	}
-+	opt_object_id_len = (size_t) i;
- 	memcpy(opt_object_id, tmp, opt_object_id_len);
- 
- 	/* This is done in NSS */
-@@ -6485,11 +6486,12 @@ static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
- 	if (!gen_keypair(slot, session, &pub_key, &priv_key, opt_key_type))
- 		return;
- 
--	tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
--	if (opt_object_id_len == 0) {
-+	tmp = getID(session, priv_key, &i);
-+	if (i == 0) {
- 		printf("ERR: newly generated private key has no (or an empty) CKA_ID\n");
- 		return;
- 	}
-+	i = (size_t) opt_object_id_len;
- 	memcpy(opt_object_id, tmp, opt_object_id_len);
- 
- 	/* This is done in NSS */
diff --git a/opensc.spec b/opensc.spec
index 0514d0e..8b245f8 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -2,22 +2,19 @@
 %define nssdb %{_sysconfdir}/pki/nssdb
 
 Name:           opensc
-Version:        0.21.0
-Release:        9%{?dist}
+Version:        0.22.0
+Release:        1%{?dist}
 Summary:        Smart card library and applications
 
 License:        LGPLv2+
 URL:            https://github.com/OpenSC/OpenSC/wiki
 Source0:        https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        opensc.module
-# Missing from release tarball
-# https://github.com/OpenSC/OpenSC/blob/master/tests/common.sh
-Source2:        common.sh
 Patch1:         opensc-0.19.0-pinpad.patch
 # https://github.com/OpenSC/OpenSC/pull/2241/
 Patch5:         %{name}-gcc11.patch
 # https://github.com/OpenSC/OpenSC/pull/2343
-Patch6:         %{name}-0.21.0-openssl3.patch
+Patch7:         %{name}-32b-arch.patch
 
 BuildRequires: make
 BuildRequires:  pcsc-lite-devel
@@ -56,14 +53,7 @@ every software/card that does so, too.
 %setup -q
 %patch1 -p1 -b .pinpad
 %patch5 -p1 -b .gcc11
-%patch6 -p1 -b .openssl3
-
-cp %{SOURCE2} tests/
-# The test-pkcs11-tool-allowed-mechanisms already works in Fedora
-sed -i -e '/XFAIL_TESTS/,$ {
-  s/XFAIL_TESTS.*/XFAIL_TESTS=test-pkcs11-tool-test.sh/
-  q
-}' tests/Makefile.am
+%patch7 -p1 -b .32b
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -213,6 +203,9 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 
 
 %changelog
+* Wed Aug 11 2021 Jakub Jelen <jjelen@redhat.com> - 0.22.0-1
+- New upstream release (#1970534)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.21.0-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688
diff --git a/sources b/sources
index 1c5465e..b82dd98 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (opensc-0.21.0.tar.gz) = 3511b0a04a96e62011c48667e3fd36a1611fe67a89f7626ff056c9c3614f8cabc91c9924a6ca7a8ea50076a128e3967277a0dd624b4fa27c62cefee9fab22646
+SHA512 (opensc-0.22.0.tar.gz) = 70ad5f1219f2ec2a5529a30d8e9955510c77c87d0bc857d5951c7227c75cf9de1c6071f43dd3816a2034123ebd902709793ff776e84d5379fdd54c811ccfaaee