From 45dc05577d09c2bc59081fb1a57981af020459d6 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 13 2023 08:10:23 +0000
Subject: import openssl-pkcs11-0.4.10-3.el8


---

diff --git a/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch b/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch
new file mode 100644
index 0000000..cd7ee4c
--- /dev/null
+++ b/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch
@@ -0,0 +1,105 @@
+From 66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782 Mon Sep 17 00:00:00 2001
+From: Michal Trojnara <Michal.Trojnara@stunnel.org>
+Date: Fri, 28 Feb 2020 05:42:47 +0100
+Subject: [PATCH] Revert "fix use-after-free on PKCS11_pkey_meths."
+
+This reverts commit e64496a198d4d2eb0310a22dc21be8b81367d319.
+
+Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782]
+---
+ src/p11_pkey.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/p11_pkey.c b/src/p11_pkey.c
+index 8df45abd..4ed98f65 100644
+--- a/src/p11_pkey.c
++++ b/src/p11_pkey.c
+@@ -673,8 +673,8 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ 		EVP_PKEY_EC,
+ 		0
+ 	};
+-	EVP_PKEY_METHOD *pkey_method_rsa = NULL;
+-	EVP_PKEY_METHOD *pkey_method_ec = NULL;
++	static EVP_PKEY_METHOD *pkey_method_rsa = NULL;
++	static EVP_PKEY_METHOD *pkey_method_ec = NULL;
+ 
+ 	(void)e; /* squash the unused parameter warning */
+ 	/* all PKCS#11 engines currently share the same pkey_meths */
+@@ -687,14 +687,16 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+ 	/* get the EVP_PKEY_METHOD */
+ 	switch (nid) {
+ 	case EVP_PKEY_RSA:
+-		pkey_method_rsa = pkcs11_pkey_method_rsa();
++		if (!pkey_method_rsa)
++			pkey_method_rsa = pkcs11_pkey_method_rsa();
+ 		if (pkey_method_rsa == NULL)
+ 			return 0;
+ 		*pmeth = pkey_method_rsa;
+ 		return 1; /* success */
+ #ifndef OPENSSL_NO_EC
+ 	case EVP_PKEY_EC:
+-		pkey_method_ec = pkcs11_pkey_method_ec();
++		if (!pkey_method_ec)
++			pkey_method_ec = pkcs11_pkey_method_ec();
+ 		if (pkey_method_ec == NULL)
+ 			return 0;
+ 		*pmeth = pkey_method_ec;
+
+From 5aa56b4ac45655aab20bd49bb918e649875b0f4d Mon Sep 17 00:00:00 2001
+From: Michal Trojnara <Michal.Trojnara@stunnel.org>
+Date: Fri, 28 Feb 2020 07:09:42 +0100
+Subject: [PATCH] Disable EVP_PKEY_FLAG_DYNAMIC
+
+Fixes #328
+
+Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/5aa56b4ac45655aab20bd49bb918e649875b0f4d]
+---
+ src/p11_pkey.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/p11_pkey.c b/src/p11_pkey.c
+index 4ed98f65..4e0956bf 100644
+--- a/src/p11_pkey.c
++++ b/src/p11_pkey.c
+@@ -36,7 +36,6 @@ static int (*orig_pkey_ec_sign) (EVP_PKEY_CTX *ctx,
+ 	const unsigned char *tbs, size_t tbslen);
+ #endif /* OPENSSL_NO_EC */
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ struct evp_pkey_method_st {
+ 	int pkey_id;
+ 	int flags;
+@@ -75,6 +74,9 @@ struct evp_pkey_method_st {
+ 	int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+ 	int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+ } /* EVP_PKEY_METHOD */ ;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#define EVP_PKEY_FLAG_DYNAMIC 1
+ #endif
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -516,6 +518,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_rsa()
+ 	new_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA,
+ 		EVP_PKEY_FLAG_AUTOARGLEN);
+ 
++#ifdef EVP_PKEY_FLAG_DYNAMIC
++	/* do not allow OpenSSL to free this object */
++	new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC;
++#endif
++
+ 	EVP_PKEY_meth_copy(new_meth, orig_meth);
+ 
+ 	EVP_PKEY_meth_set_sign(new_meth,
+@@ -655,6 +662,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_ec()
+ 	new_meth = EVP_PKEY_meth_new(EVP_PKEY_EC,
+ 		EVP_PKEY_FLAG_AUTOARGLEN);
+ 
++#ifdef EVP_PKEY_FLAG_DYNAMIC
++	/* do not allow OpenSSL to free this object */
++	new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC;
++#endif
++
+ 	EVP_PKEY_meth_copy(new_meth, orig_meth);
+ 
+ 	EVP_PKEY_meth_set_sign(new_meth,
diff --git a/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch b/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch
new file mode 100644
index 0000000..cbe81a4
--- /dev/null
+++ b/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch
@@ -0,0 +1,38 @@
+From d2f900a51de27f2d9229b0ae785c02ac272bd525 Mon Sep 17 00:00:00 2001
+From: Mateusz Kwiatkowski <m.kwiatkowski@avsystem.com>
+Date: Thu, 10 Sep 2020 15:47:41 +0200
+Subject: [PATCH] Fix potential leak in RSA method
+
+Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/5caa2779762c3d760f33b70cd9e1f70f15f3ea57]
+---
+ src/p11_rsa.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/p11_rsa.c b/src/p11_rsa.c
+index 221513c7..b6beef0b 100644
+--- a/src/p11_rsa.c
++++ b/src/p11_rsa.c
+@@ -352,6 +352,11 @@ int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+     return meth->rsa_priv_dec;
+ }
+ 
++static int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
++{
++    return meth->finish;
++}
++
+ #endif
+ 
+ static int pkcs11_rsa_priv_dec_method(int flen, const unsigned char *from,
+@@ -383,6 +388,11 @@ static int pkcs11_rsa_priv_enc_method(int flen, const unsigned char *from,
+ static int pkcs11_rsa_free_method(RSA *rsa)
+ {
+ 	RSA_set_ex_data(rsa, rsa_ex_index, NULL);
++	int (*orig_rsa_free_method)(RSA *rsa) =
++		RSA_meth_get_finish(RSA_get_default_method());
++	if (orig_rsa_free_method) {
++		return orig_rsa_free_method(rsa);
++	}
+ 	return 1;
+ }
+ 
diff --git a/SPECS/openssl-pkcs11.spec b/SPECS/openssl-pkcs11.spec
index d16f40d..8c094f5 100644
--- a/SPECS/openssl-pkcs11.spec
+++ b/SPECS/openssl-pkcs11.spec
@@ -1,5 +1,5 @@
 Version: 0.4.10
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 # Define the directory where the OpenSSL engines are installed
 %global enginesdir %{_libdir}/engines-1.1
@@ -14,6 +14,8 @@ Source0:        https://github.com/OpenSC/libp11/releases/download/libp11-%{vers
 Patch0:         openssl-pkcs11-0.4.10-small-bug-fixes.patch
 Patch1:         openssl-pkcs11-0.4.10-search-objects-in-all-matching-tokens.patch
 Patch2:         openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch
+Patch3:         openssl-pkcs11-0.4.10-fix-memory-leak.patch
+Patch4:         openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch
 
 BuildRequires:  autoconf automake libtool
 BuildRequires:  openssl-devel
@@ -113,6 +115,10 @@ make check %{?_smp_mflags} || if [ $? -ne 0 ]; then cat tests/*.log; exit 1; fi;
 %endif
 
 %changelog
+* Mon Jan 09 2023 Clemens Lang <cllang@redhat.com> - 0.4.10-3
+- Fix memory leak in PKCS11_pkey_meths (#2097690)
+- Fix memory leak in RSA method (#2097690)
+
 * Thu Nov 28 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.4.10-2
 - Set RSA_FLAG_FIPS_METHOD for RSA methods (#1777892)