Build with OpenSSL 3.0

Resolves: rhbz#1959832
2021-05-17 17:29:48 +02:00 · 2021-05-17 17:29:48 +02:00 · c647607a61
commit c647607a61
parent 085c8e15f9
2 changed files with 63 additions and 2 deletions
--- a/openssl-pkcs11-0.4.10-openssl3.patch
+++ b/openssl-pkcs11-0.4.10-openssl3.patch
@ -0,0 +1,59 @@
+From 433947efff5712a6a3960c53e8b99e4fe123aace Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 19 May 2021 14:23:27 +0200
+Subject: [PATCH] Do not modify EC/RSA structures after assigning them to
+ EVP_PKEY
+
+This was causing OpenSSL 3.0 to fail detect our RSA/EC methods and
+failing the tests ({ec,rsa}-testfork.softhsm).
+
+The OpenSSL issue:
+https://github.com/openssl/openssl/issues/15350
+---
+ src/p11_ec.c  | 2 +-
+ src/p11_rsa.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/p11_ec.c b/src/p11_ec.c
+index 294cbad..9c5ee0f 100644
+--- a/src/p11_ec.c
+++ b/src/p11_ec.c
+@@ -365,7 +365,6 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key)
+ 		EC_KEY_free(ec);
+ 		return NULL;
+ 	}
+-	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
+ 
+ 	if (key->isPrivate) {
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+@@ -379,6 +378,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key)
+ 	 * unless the key has the "sensitive" attribute set */
+ 
+ 	pkcs11_set_ex_data_ec(ec, key);
+	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
+ 	EC_KEY_free(ec); /* Drops our reference to it */
+ 	return pk;
+ }
+diff --git a/src/p11_rsa.c b/src/p11_rsa.c
+index f2f3eb3..183cce2 100644
+--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
+@@ -286,8 +286,6 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
+ 		RSA_free(rsa);
+ 		return NULL;
+ 	}
+-	EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */
+-
+ 	if (key->isPrivate) {
+ 		RSA_set_method(rsa, PKCS11_get_rsa_method());
+ #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
+@@ -304,6 +302,8 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
+ 	rsa->flags |= RSA_FLAG_SIGN_VER;
+ #endif
+ 	pkcs11_set_ex_data_rsa(rsa, key);
+
+	EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */
+ 	RSA_free(rsa); /* Drops our reference to it */
+ 	return pk;
+ }
+
--- a/openssl-pkcs11.spec
+++ b/openssl-pkcs11.spec
@ -2,7 +2,7 @@ Version: 0.4.11
 Release: 4%{?dist}

 # Define the directory where the OpenSSL engines are installed
-%global enginesdir %{_libdir}/engines-1.1
+%global enginesdir %{_libdir}/engines-3

 Name:           openssl-pkcs11
 Summary:        A PKCS#11 engine for use with OpenSSL
@ -16,11 +16,13 @@ Patch4:         openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch
 # Coverity issues
 # https://github.com/OpenSC/libp11/pull/400
 Patch5:         openssl-pkcs11-0.4.10-coverity.patch
+# https://github.com/OpenSC/libp11/pull/406
+Patch6:         openssl-pkcs11-0.4.10-openssl3.patch

 BuildRequires: make
 BuildRequires:  autoconf automake libtool
 BuildRequires:  openssl-devel
-BuildRequires:  openssl >= 1.0.2
+BuildRequires:  openssl >= 3.0.0
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(p11-kit-1)
 # Needed for testsuite