diff options
| author | sashan <anedvedicky@gmail.com> | 2024-06-27 16:31:41 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-07-11 21:49:23 +0200 |
| commit | 8120fb0434f3df9389e76adee030616bc7cf0633 (patch) | |
| tree | 95e7d1466293285eef30c60ecdab10ee2a1f04be | |
| parent | 1b475c18e94db68eb8839e74b5cccba24a644404 (diff) | |
| download | openssl-8120fb0434f3df9389e76adee030616bc7cf0633.zip openssl-8120fb0434f3df9389e76adee030616bc7cf0633.tar.gz openssl-8120fb0434f3df9389e76adee030616bc7cf0633.tar.bz2 | |
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
(cherry picked from commit ad33d62396b7e9db04fdf060481ced394d391688)
| -rw-r--r-- | crypto/evp/digest.c | 2 | ||||
| -rw-r--r-- | test/evp_extra_test.c | 21 |
2 files changed, 22 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4233170..cdfe670 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -425,7 +425,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) /* Code below to be removed when legacy support is dropped. */ legacy: - return ctx->update(ctx, data, count); + return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; } /* The caller can assume that this removes any secret data from the context */ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index a546a0e..3483516 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -5551,6 +5551,25 @@ static int test_aes_rc4_keylen_change_cve_2023_5363(void) } #endif +static int test_invalid_ctx_for_digest(void) +{ + int ret; + EVP_MD_CTX *mdctx; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx)) + return 0; + + if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) + ret = 0; + else + ret = 1; + + EVP_MD_CTX_free(mdctx); + + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -5719,6 +5738,8 @@ int setup_tests(void) ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); #endif + ADD_TEST(test_invalid_ctx_for_digest); + return 1; } |