From e954d309c9837ee22079860bf3e1be7a227768cc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 25 Aug 2023 09:27:35 +0200
Subject: [PATCH] Fix OAEP parameters according to the PKCS#11 specs

Resolves: rhbz#2063378
---
 openssl-pkcs11-0.4.11-oaep.patch | 25 +++++++++++++++++++++++++
 openssl-pkcs11.spec              |  2 ++
 2 files changed, 27 insertions(+)
 create mode 100644 openssl-pkcs11-0.4.11-oaep.patch

diff --git a/openssl-pkcs11-0.4.11-oaep.patch b/openssl-pkcs11-0.4.11-oaep.patch
new file mode 100644
index 0000000..2b7e4f1
--- /dev/null
+++ b/openssl-pkcs11-0.4.11-oaep.patch
@@ -0,0 +1,25 @@
+From 668b2bd03942f3d371f0553fc252ea6c64253a19 Mon Sep 17 00:00:00 2001
+From: S-P Chan <shihping.chan@gmail.com>
+Date: Fri, 11 Mar 2022 23:42:22 +0800
+Subject: [PATCH] Fix OAEP source param
+
+The only supported value is 1UL CKZ_DATA_SPECIFIED
+---
+ src/p11_pkey.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/p11_pkey.c b/src/p11_pkey.c
+index f1a98b18..63e0e197 100644
+--- a/src/p11_pkey.c
++++ b/src/p11_pkey.c
+@@ -301,8 +301,8 @@ static int pkcs11_params_oaep(CK_RSA_PKCS_OAEP_PARAMS *oaep,
+ 	if (!oaep->hashAlg || !oaep->mgf)
+ 		return -1;
+ 	/* we do not support the OAEP "label" parameter yet... */
+-	oaep->source = 0UL; /* empty parameter (label) */
+-	oaep->pSourceData = NULL;
++	oaep->source = CKZ_DATA_SPECIFIED;
++	oaep->pSourceData = NULL; /* empty parameter (label) */
+ 	oaep->ulSourceDataLen = 0;
+ 	return 0;
+ }
diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec
index eb0a9e3..30ee088 100644
--- a/openssl-pkcs11.spec
+++ b/openssl-pkcs11.spec
@@ -18,6 +18,8 @@ Patch4:         openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch
 Patch5:         openssl-pkcs11-0.4.10-coverity.patch
 # https://github.com/OpenSC/libp11/pull/406
 Patch6:         openssl-pkcs11-0.4.10-openssl3.patch
+# https://github.com/OpenSC/libp11/pull/440
+Patch7:         openssl-pkcs11-0.4.11-oaep.patch
 
 BuildRequires: make
 BuildRequires:  autoconf automake libtool