diff options
author | sashan <anedvedicky@gmail.com> | 2024-06-27 16:31:41 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-07-11 21:48:56 +0200 |
commit | ad33d62396b7e9db04fdf060481ced394d391688 (patch) | |
tree | 5ee41ee7df5f674d9efbe0cb2ecc01fdae1ca736 | |
parent | 939dd479ac2c819da6cee21d00a21bfdb28d6eb2 (diff) |
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
-rw-r--r-- | crypto/evp/digest.c | 2 | ||||
-rw-r--r-- | test/evp_extra_test.c | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4c61ca4c42..18a64329b7 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -425,7 +425,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) /* Code below to be removed when legacy support is dropped. */ legacy: - return ctx->update(ctx, data, count); + return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; } /* The caller can assume that this removes any secret data from the context */ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index a42e42d929..256e10f24a 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -5624,6 +5624,25 @@ static int test_aes_rc4_keylen_change_cve_2023_5363(void) } #endif +static int test_invalid_ctx_for_digest(void) +{ + int ret; + EVP_MD_CTX *mdctx; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx)) + return 0; + + if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) + ret = 0; + else + ret = 1; + + EVP_MD_CTX_free(mdctx); + + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -5795,6 +5814,8 @@ int setup_tests(void) ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); #endif + ADD_TEST(test_invalid_ctx_for_digest); + return 1; } |