From 860a2d6beba285db456fd1b9ad93915c8745c6e1 Mon Sep 17 00:00:00 2001
From: guoyayun <guoyayun_yw@cmss.chinamobile.com>
Date: Tue, 4 Apr 2023 15:13:21 +0800
Subject: [PATCH] Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault commit
 864c70e43ea5f1d7fe20bfea457e53e79fd46b6e Author: afshinpir
 <afshinpir@users.noreply.github.com> Date:   Thu Mar 23 12:25:45 2023 +1300

    `EVP_PKEY_CTX_dup` segmentation fault fix

    CLA: trivial
    The the provider, context duplication method for signature, key
    exchange, asymmetric cipher, and key encapsulation is optional. But if
    they are missing, we will get a segmentation fault in `EVP_PKEY_CTX_dup`
    because they are called without null pointer checking.

    Reviewed-by: Paul Dale <pauli@openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/20581)
---
 ...-EVP_PKEY_CTX_dup-segmentation-fault.patch | 77 +++++++++++++++++++
 openssl.spec                                  |  1 +
 2 files changed, 78 insertions(+)
 create mode 100644 Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch

diff --git a/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch b/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch
new file mode 100644
index 0000000..76e1050
--- /dev/null
+++ b/Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch
@@ -0,0 +1,77 @@
+commit 864c70e43ea5f1d7fe20bfea457e53e79fd46b6e
+Author: afshinpir <afshinpir@users.noreply.github.com>
+Date:   Thu Mar 23 12:25:45 2023 +1300
+
+    `EVP_PKEY_CTX_dup` segmentation fault fix
+    
+    CLA: trivial
+    The the provider, context duplication method for signature, key
+    exchange, asymmetric cipher, and key encapsulation is optional. But if
+    they are missing, we will get a segmentation fault in `EVP_PKEY_CTX_dup`
+    because they are called without null pointer checking.
+    
+    Reviewed-by: Paul Dale <pauli@openssl.org>
+    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+    Reviewed-by: Tomas Mraz <tomas@openssl.org>
+    (Merged from https://github.com/openssl/openssl/pull/20581)
+
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index 249c895a15..caf10b2d5c 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -503,8 +503,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
+         if (pctx->op.kex.algctx != NULL) {
+             if (!ossl_assert(pctx->op.kex.exchange != NULL))
+                 goto err;
+-            rctx->op.kex.algctx
+-                = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
++
++            if (pctx->op.kex.exchange->dupctx != NULL)
++                rctx->op.kex.algctx
++                    = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
++
+             if (rctx->op.kex.algctx == NULL) {
+                 EVP_KEYEXCH_free(rctx->op.kex.exchange);
+                 rctx->op.kex.exchange = NULL;
+@@ -521,8 +524,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
+         if (pctx->op.sig.algctx != NULL) {
+             if (!ossl_assert(pctx->op.sig.signature != NULL))
+                 goto err;
+-            rctx->op.sig.algctx
+-                = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
++
++            if (pctx->op.sig.signature->dupctx != NULL)
++                rctx->op.sig.algctx
++                    = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
++
+             if (rctx->op.sig.algctx == NULL) {
+                 EVP_SIGNATURE_free(rctx->op.sig.signature);
+                 rctx->op.sig.signature = NULL;
+@@ -539,8 +545,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
+         if (pctx->op.ciph.algctx != NULL) {
+             if (!ossl_assert(pctx->op.ciph.cipher != NULL))
+                 goto err;
+-            rctx->op.ciph.algctx
+-                = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
++
++            if (pctx->op.ciph.cipher->dupctx != NULL)
++                rctx->op.ciph.algctx
++                    = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
++
+             if (rctx->op.ciph.algctx == NULL) {
+                 EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
+                 rctx->op.ciph.cipher = NULL;
+@@ -557,8 +566,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
+         if (pctx->op.encap.algctx != NULL) {
+             if (!ossl_assert(pctx->op.encap.kem != NULL))
+                 goto err;
+-            rctx->op.encap.algctx
+-                = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
++
++            if (pctx->op.encap.kem->dupctx != NULL)
++                rctx->op.encap.algctx
++                    = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
++
+             if (rctx->op.encap.algctx == NULL) {
+                 EVP_KEM_free(rctx->op.encap.kem);
+                 rctx->op.encap.kem = NULL;
diff --git a/openssl.spec b/openssl.spec
index d455d6e..279aff1 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -25,6 +25,7 @@ Patch13:     Backport-SM4-AESE-optimization-for-ARMv8.patch
 Patch14:     Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch
 Patch15:     Backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
 Patch16:     Backport-test-add-test-cases-for-the-policy-resource-overuse.patch
+Patch17:     Backport-Fix-EVP_PKEY_CTX_dup-segmentation-fault.patch
 
 BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
-- 
Gitee