From 433947efff5712a6a3960c53e8b99e4fe123aace Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 19 May 2021 14:23:27 +0200 Subject: [PATCH] Do not modify EC/RSA structures after assigning them to EVP_PKEY This was causing OpenSSL 3.0 to fail detect our RSA/EC methods and failing the tests ({ec,rsa}-testfork.softhsm). The OpenSSL issue: https://github.com/openssl/openssl/issues/15350 --- src/p11_ec.c | 2 +- src/p11_rsa.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/p11_ec.c b/src/p11_ec.c index 294cbad..9c5ee0f 100644 --- a/src/p11_ec.c +++ b/src/p11_ec.c @@ -365,7 +365,6 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key) EC_KEY_free(ec); return NULL; } - EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ if (key->isPrivate) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) @@ -379,6 +378,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key) * unless the key has the "sensitive" attribute set */ pkcs11_set_ex_data_ec(ec, key); + EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ EC_KEY_free(ec); /* Drops our reference to it */ return pk; } diff --git a/src/p11_rsa.c b/src/p11_rsa.c index f2f3eb3..183cce2 100644 --- a/src/p11_rsa.c +++ b/src/p11_rsa.c @@ -286,8 +286,6 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key) RSA_free(rsa); return NULL; } - EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */ - if (key->isPrivate) { RSA_set_method(rsa, PKCS11_get_rsa_method()); #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER) @@ -304,6 +302,8 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key) rsa->flags |= RSA_FLAG_SIGN_VER; #endif pkcs11_set_ex_data_rsa(rsa, key); + + EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */ RSA_free(rsa); /* Drops our reference to it */ return pk; }