diff options
| author | sashan <anedvedicky@gmail.com> | 2024-06-27 16:31:41 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-07-11 21:48:56 +0200 |
| commit | ad33d62396b7e9db04fdf060481ced394d391688 (patch) | |
| tree | 5ee41ee7df5f674d9efbe0cb2ecc01fdae1ca736 /crypto/evp | |
| parent | Limit the number of commands that can be used in the quic-lcidm fuzzer (diff) | |
| download | openssl-ad33d62396b7e9db04fdf060481ced394d391688.tar.xz openssl-ad33d62396b7e9db04fdf060481ced394d391688.zip | |
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/digest.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4c61ca4c42..18a64329b7 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -425,7 +425,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) /* Code below to be removed when legacy support is dropped. */ legacy: - return ctx->update(ctx, data, count); + return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; } /* The caller can assume that this removes any secret data from the context */ |