From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Sun, 22 Mar 2026 11:59:45 +0000 (+1100)
Subject: Fix DSA sig dupctx pointer aliasing
X-Git-Tag: openssl-4.0.0~116
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c86b1ca697e1f3bdd83a45678a2b7f048344e7fb;p=thirdparty%2Fopenssl.git

Fix DSA sig dupctx pointer aliasing

Same aliasing issue as with ECDSA in

    https://github.com/openssl/openssl/pull/30479

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Tue Mar 24 16:02:41 2026
(Merged from https://github.com/openssl/openssl/pull/30529)
---

diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 72a35beaf30..71ca00e9d32 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -641,13 +641,14 @@ static void *dsa_dupctx(void *vpdsactx)
     if (!ossl_prov_is_running())
         return NULL;
 
-    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
-    if (dstctx == NULL)
+    if ((dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
         return NULL;
 
-    *dstctx = *srcctx;
     dstctx->dsa = NULL;
     dstctx->propq = NULL;
+    dstctx->md = NULL;
+    dstctx->mdctx = NULL;
+    dstctx->sig = NULL;
 
     if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
         goto err;
@@ -657,18 +658,15 @@ static void *dsa_dupctx(void *vpdsactx)
         goto err;
     dstctx->md = srcctx->md;
 
-    if (srcctx->mdctx != NULL) {
-        dstctx->mdctx = EVP_MD_CTX_new();
-        if (dstctx->mdctx == NULL
-            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
-            goto err;
-    }
-
-    if (srcctx->propq != NULL) {
-        dstctx->propq = OPENSSL_strdup(srcctx->propq);
-        if (dstctx->propq == NULL)
-            goto err;
-    }
+    if (srcctx->mdctx != NULL
+        && (dstctx->mdctx = EVP_MD_CTX_dup(srcctx->mdctx)) == NULL)
+        goto err;
+    if (srcctx->propq != NULL
+        && ((dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL))
+        goto err;
+    if (srcctx->sig != NULL
+        && ((dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL))
+        goto err;
 
     return dstctx;
 err:
@@ -957,6 +955,12 @@ static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
             if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&pdsactx->sig,
                     0, &pdsactx->siglen))
                 return 0;
+            /* The signature must not be empty */
+            if (pdsactx->siglen == 0) {
+                OPENSSL_free(pdsactx->sig);
+                pdsactx->sig = NULL;
+                return 0;
+            }
         }
     }
     return 1;