From 9e21b99285a65f87f937dfb40cddbd97296ace47 Mon Sep 17 00:00:00 2001
From: Jacek Migacz <jmigacz@redhat.com>
Date: Wed, 9 Jul 2025 14:37:51 +0200
Subject: [PATCH] crypto: ensure crypto initialization works

Resolves: RHEL-102601
---
 0066-crypto-initialization.patch | 44 ++++++++++++++++++++++++++++++++
 curl.spec                        |  9 ++++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 0066-crypto-initialization.patch

diff --git a/0066-crypto-initialization.patch b/0066-crypto-initialization.patch
new file mode 100644
index 0000000..582c8d9
--- /dev/null
+++ b/0066-crypto-initialization.patch
@@ -0,0 +1,44 @@
+From a1c1af1b82bf9427b2bd5ad949d24923f995909a Mon Sep 17 00:00:00 2001
+From: Jacek Migacz <jmigacz@redhat.com>
+Date: Wed, 9 Jul 2025 14:33:09 +0200
+Subject: [PATCH] crypto: ensure crypto initialization works
+
+---
+ lib/vtls/openssl.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 161e79e..7c41f54 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3802,7 +3802,12 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
+   (void) unused;
+ 
+   mdctx = EVP_MD_CTX_create();
+-  EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
++  if(!mdctx)
++      return CURLE_OUT_OF_MEMORY;
++  if(!EVP_DigestInit_ex(mdctx, EVP_md5(), NULL)) {
++      EVP_MD_CTX_destroy(mdctx);
++      return CURLE_FAILED_INIT;
++  }
+   EVP_DigestUpdate(mdctx, tmp, tmplen);
+   EVP_DigestFinal_ex(mdctx, md5sum, &len);
+   EVP_MD_CTX_destroy(mdctx);
+@@ -3820,7 +3825,12 @@ static CURLcode Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+   (void) unused;
+ 
+   mdctx =  EVP_MD_CTX_create();
+-  EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
++  if(!mdctx)
++      return CURLE_OUT_OF_MEMORY;
++  if(!EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) {
++      EVP_MD_CTX_destroy(mdctx);
++      return CURLE_FAILED_INIT;
++  }
+   EVP_DigestUpdate(mdctx, tmp, tmplen);
+   EVP_DigestFinal_ex(mdctx, sha256sum, &len);
+   EVP_MD_CTX_destroy(mdctx);
+-- 
+2.50.0
+
diff --git a/curl.spec b/curl.spec
index 1f78d75..8e8c13f 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 34%{?dist}.6
+Release: 34%{?dist}.7
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -190,6 +190,9 @@ Patch64:  0064-curl-7.61.1-EBADF.patch
 # libssh: Fix matching user-specified MD5 hex key
 Patch65:  0065-md5-hex-key.patch
 
+# crypto: ensure crypto initialization works
+Patch66:  0066-crypto-initialization.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -428,6 +431,7 @@ git apply %{PATCH52}
 %patch -P 63 -p1
 %patch -P 64 -p1
 %patch -P 65 -p1
+%patch -P 66 -p1
 
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -590,6 +594,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Jul 09 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.7
+* crypto: ensure crypto initialization works (RHEL-102601)
+
 * Thu May 29 2025 Carlos Santos <casantos@redhat.com> - 7.61.1-34.el8_10.6
 - libssh: Fix matching user-specified MD5 hex key (RHEL-94574)