openssl: set back key into EVP for openssl-3 to work

OpenSC · Apr 7, 2022 · fba328f · fba328f
1 parent c233357
commit fba328f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -5,6 +5,7 @@ Copyright (c) 2005-2021 Alon Bar-Lev <alon.barlev@gmail.com>
 
 * build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine.
 * core: do not assume standard objects supported by provider.
+* openssl: set back key into EVP for openssl-3 to work, thanks to apollo13.
 
 2021-12-31 - Version 1.28
 

diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c
@@ -653,6 +653,10 @@ __pkcs11h_openssl_session_setRSA(
 #if OPENSSL_VERSION_NUMBER < 0x10100001L
 	rsa->flags |= RSA_FLAG_SIGN_VER;
 #endif
+	if (EVP_PKEY_set1_RSA (evp, rsa) != 1) {
+		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set RSA key");
+		goto cleanup;
+	}
 
 #ifdef BROKEN_OPENSSL_ENGINE
 	if (!rsa->engine) {
@@ -849,6 +853,11 @@ __pkcs11h_openssl_session_setDSA(
 	DSA_set_method (dsa, __openssl_methods.dsa);
 	DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);
 
+	if (EVP_PKEY_set1_DSA (evp, dsa) != 1) {
+		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set DSA key");
+		goto cleanup;
+	}
+
 	ret = TRUE;
 
 cleanup:
@@ -1047,6 +1056,11 @@ __pkcs11h_openssl_session_setECDSA(
 	EC_KEY_set_method (ec, __openssl_methods.eckey);
 	EC_KEY_set_ex_data (ec, __openssl_methods.eckey_index, openssl_session);
 
+	if (EVP_PKEY_set1_EC_KEY (evp, ec) != 1) {
+		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot set EC key");
+		goto cleanup;
+	}
+
 	ret = TRUE;
 
 cleanup: