From 6c9dd70b94b8d5811d5d9a03f867cb831a1348c8 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Fri, 19 Jan 2024 14:49:51 +0100
Subject: [PATCH] Eliminate memory leak in OpenSSL when setting elliptic curves
 on SSL context

Resolves: RHEL-19515
---
 0131-sslgroups-memleak.patch | 12 ++++++++++++
 openssl.spec                 |  4 ++++
 2 files changed, 16 insertions(+)
 create mode 100644 0131-sslgroups-memleak.patch

diff --git a/0131-sslgroups-memleak.patch b/0131-sslgroups-memleak.patch
new file mode 100644
index 0000000..f292790
--- /dev/null
+++ b/0131-sslgroups-memleak.patch
@@ -0,0 +1,12 @@
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 51c2283db915d..0928a30c2d37b 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -765,6 +765,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
+     tmparr = OPENSSL_memdup(gcb.gid_arr, gcb.gidcnt * sizeof(*tmparr));
+     if (tmparr == NULL)
+         goto end;
++    OPENSSL_free(*pext);
+     *pext = tmparr;
+     *pextlen = gcb.gidcnt;
+     ret = 1;
diff --git a/openssl.spec b/openssl.spec
index e050ec3..854a07a 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -204,6 +204,8 @@ Patch128: 0128-CVE-2023-5363.patch
 # https://github.com/openssl/openssl/pull/22403
 Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
 Patch130: 0130-CVE-2023-5678.patch
+# https://github.com/openssl/openssl/pull/20317
+Patch131: 0131-sslgroups-memleak.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -538,6 +540,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
   Resolves: RHEL-17104
 - Add a directory for OpenSSL providers configuration
   Resolves: RHEL-17193
+- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context
+  Resolves: RHEL-19515
 
 * Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
 - Provide relevant diagnostics when FIPS checksum is corrupted