[openssl/openssl] ad33d6: EVP_DigestUpdate(): Check if ctx->update is set
Sashan
noreply at github.com
Thu Jul 11 19:51:00 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: ad33d62396b7e9db04fdf060481ced394d391688
https://github.com/openssl/openssl/commit/ad33d62396b7e9db04fdf060481ced394d391688
Author: sashan <anedvedicky at gmail.com>
Date: 2024-07-11 (Thu, 11 Jul 2024)
Changed paths:
M crypto/evp/digest.c
M test/evp_extra_test.c
Log Message:
-----------
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list