diff options
| author | sashan <anedvedicky@gmail.com> | 2024-06-27 16:31:41 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-07-11 21:48:56 +0200 |
| commit | ad33d62396b7e9db04fdf060481ced394d391688 (patch) | |
| tree | 5ee41ee7df5f674d9efbe0cb2ecc01fdae1ca736 /test/evp_extra_test.c | |
| parent | Limit the number of commands that can be used in the quic-lcidm fuzzer (diff) | |
| download | openssl-ad33d62396b7e9db04fdf060481ced394d391688.tar.xz openssl-ad33d62396b7e9db04fdf060481ced394d391688.zip | |
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
Diffstat (limited to 'test/evp_extra_test.c')
| -rw-r--r-- | test/evp_extra_test.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index a42e42d929..256e10f24a 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -5624,6 +5624,25 @@ static int test_aes_rc4_keylen_change_cve_2023_5363(void) } #endif +static int test_invalid_ctx_for_digest(void) +{ + int ret; + EVP_MD_CTX *mdctx; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx)) + return 0; + + if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) + ret = 0; + else + ret = 1; + + EVP_MD_CTX_free(mdctx); + + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -5795,6 +5814,8 @@ int setup_tests(void) ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); #endif + ADD_TEST(test_invalid_ctx_for_digest); + return 1; } |