diff --git a/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch b/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch new file mode 100644 index 0000000000000000000000000000000000000000..76e105033d3964c0678ba5477807879a7f119f17 --- /dev/null +++ b/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch @@ -0,0 +1,77 @@ +commit 864c70e43ea5f1d7fe20bfea457e53e79fd46b6e +Author: afshinpir +Date: Thu Mar 23 12:25:45 2023 +1300 + + `EVP_PKEY_CTX_dup` segmentation fault fix + + CLA: trivial + The the provider, context duplication method for signature, key + exchange, asymmetric cipher, and key encapsulation is optional. But if + they are missing, we will get a segmentation fault in `EVP_PKEY_CTX_dup` + because they are called without null pointer checking. + + Reviewed-by: Paul Dale + Reviewed-by: Shane Lontis + Reviewed-by: Tomas Mraz + (Merged from https://github.com/openssl/openssl/pull/20581) + +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index 249c895a15..caf10b2d5c 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -503,8 +503,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) + if (pctx->op.kex.algctx != NULL) { + if (!ossl_assert(pctx->op.kex.exchange != NULL)) + goto err; +- rctx->op.kex.algctx +- = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); ++ ++ if (pctx->op.kex.exchange->dupctx != NULL) ++ rctx->op.kex.algctx ++ = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); ++ + if (rctx->op.kex.algctx == NULL) { + EVP_KEYEXCH_free(rctx->op.kex.exchange); + rctx->op.kex.exchange = NULL; +@@ -521,8 +524,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) + if (pctx->op.sig.algctx != NULL) { + if (!ossl_assert(pctx->op.sig.signature != NULL)) + goto err; +- rctx->op.sig.algctx +- = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); ++ ++ if (pctx->op.sig.signature->dupctx != NULL) ++ rctx->op.sig.algctx ++ = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); ++ + if (rctx->op.sig.algctx == NULL) { + EVP_SIGNATURE_free(rctx->op.sig.signature); + rctx->op.sig.signature = NULL; +@@ -539,8 +545,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) + if (pctx->op.ciph.algctx != NULL) { + if (!ossl_assert(pctx->op.ciph.cipher != NULL)) + goto err; +- rctx->op.ciph.algctx +- = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); ++ ++ if (pctx->op.ciph.cipher->dupctx != NULL) ++ rctx->op.ciph.algctx ++ = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); ++ + if (rctx->op.ciph.algctx == NULL) { + EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); + rctx->op.ciph.cipher = NULL; +@@ -557,8 +566,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) + if (pctx->op.encap.algctx != NULL) { + if (!ossl_assert(pctx->op.encap.kem != NULL)) + goto err; +- rctx->op.encap.algctx +- = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); ++ ++ if (pctx->op.encap.kem->dupctx != NULL) ++ rctx->op.encap.algctx ++ = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); ++ + if (rctx->op.encap.algctx == NULL) { + EVP_KEM_free(rctx->op.encap.kem); + rctx->op.encap.kem = NULL; diff --git a/openssl.spec b/openssl.spec index d455d6e9726348e7c09d44519ca5801232477a23..279aff10bebfa48d0ac003f3885ff0125d52570b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -25,6 +25,7 @@ Patch13: Backport-SM4-AESE-optimization-for-ARMv8.patch Patch14: Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch Patch15: Backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch Patch16: Backport-test-add-test-cases-for-the-policy-resource-overuse.patch +Patch17: Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}