Backport some upstream patches

(cherry picked from commit cc5eb08f18956dab652fae0ad9ac66b0c064a886)

backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch

@@ -0,0 +1,36 @@
+From a8da305fa3dd6e34ba5aab3978281f652fd12883 Mon Sep 17 00:00:00 2001
+From: yangyangtiantianlonglong <yangtianlong1224@163.com>
+Date: Mon, 31 Jul 2023 07:04:41 -0700
+Subject: [PATCH] A null pointer dereference occurs when memory allocation
+ fails
+
+Fixes #21605
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21606)
+---
+ ssl/ssl_sess.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index cda6b7cc5b..2a5d21be79 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -139,8 +139,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+     dest->references = 1;
+ 
+     dest->lock = CRYPTO_THREAD_lock_new();
+-    if (dest->lock == NULL)
++    if (dest->lock == NULL) {
++        OPENSSL_free(dest);
++        dest = NULL;
+         goto err;
++    }
+ 
+     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+         goto err;
+-- 
+2.27.0
+

backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch

@@ -0,0 +1,37 @@
+From eec805ee71356c06f9a86192fa06507c3bb92b09 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 23 Jul 2023 14:27:54 +0200
+Subject: [PATCH] Make DH_check set some error bits in recently added error
+
+The pre-existing error cases where DH_check returned zero
+are not related to the dh params in any way, but are only
+triggered by out-of-memory errors, therefore having *ret
+set to zero feels right, but since the new error case is
+triggered by too large p values that is something different.
+On the other hand some callers of this function might not
+be prepared to handle the return value correctly but only
+rely on *ret. Therefore we set some error bits in *ret as
+additional safety measure.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21533)
+---
+ crypto/dh/dh_check.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index e5f9dd5030..2001d2e7cb 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -104,6 +104,7 @@ int DH_check(const DH *dh, int *ret)
+     /* Don't do any checks at all with an excessively large modulus */
+     if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+         DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
++        *ret = DH_CHECK_P_NOT_PRIME;
+         return 0;
+     }
+ 
+-- 
+2.27.0
+

openssl.spec

@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1f
-Release:     27
+Release:     28
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay and GPLv2+
 URL:         https://www.openssl.org/
@@ -112,6 +112,8 @@ Patch101:    backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-
 Patch102:    backport-Update-further-expiring-certificates-that-affect-tes.patch
 Patch103:    backport-CVE-2023-3817.patch
 Patch104:    backport-CVE-2023-3817-testcase.patch
+Patch105:    backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
+Patch106:    backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
 
 BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel
 
@@ -295,6 +297,9 @@ make test || :
 %{_pkgdocdir}/html/
 
 %changelog
+* Fri Sep 22 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:1.1.1f-28
+- Backport some upstream patches
+
 * Thu Aug 3 2023 liningjie <liningjie@xfusion.com> - 1:1.1.1f-27
 - fix CVE-2023-3817