openssl-pkcs11/SOURCES/openssl-pkcs11-0.4.10-openssl3.patch

From 433947efff5712a6a3960c53e8b99e4fe123aace Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 19 May 2021 14:23:27 +0200
Subject: [PATCH] Do not modify EC/RSA structures after assigning them to
 EVP_PKEY

This was causing OpenSSL 3.0 to fail detect our RSA/EC methods and
failing the tests ({ec,rsa}-testfork.softhsm).

The OpenSSL issue:
https://github.com/openssl/openssl/issues/15350
---
 src/p11_ec.c  | 2 +-
 src/p11_rsa.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/p11_ec.c b/src/p11_ec.c
index 294cbad..9c5ee0f 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -365,7 +365,6 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key)
 		EC_KEY_free(ec);
 		return NULL;
 	}
-	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
 
 	if (key->isPrivate) {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
@@ -379,6 +378,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key)
 	 * unless the key has the "sensitive" attribute set */
 
 	pkcs11_set_ex_data_ec(ec, key);
+	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
 	EC_KEY_free(ec); /* Drops our reference to it */
 	return pk;
 }
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index f2f3eb3..183cce2 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -286,8 +286,6 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
 		RSA_free(rsa);
 		return NULL;
 	}
-	EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */
-
 	if (key->isPrivate) {
 		RSA_set_method(rsa, PKCS11_get_rsa_method());
 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
@@ -304,6 +302,8 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
 	rsa->flags |= RSA_FLAG_SIGN_VER;
 #endif
 	pkcs11_set_ex_data_rsa(rsa, key);
+
+	EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */
 	RSA_free(rsa); /* Drops our reference to it */
 	return pk;
 }