[openssl/openssl] afbe30: EVP_DigestUpdate(): Check if ctx->update is set
Sashan
noreply at github.com
Thu Jul 11 19:51:04 UTC 2024
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: afbe30116337bb099e43181b2fe244093af2989a
https://github.com/openssl/openssl/commit/afbe30116337bb099e43181b2fe244093af2989a
Author: sashan <anedvedicky at gmail.com>
Date: 2024-07-11 (Thu, 11 Jul 2024)
Changed paths:
M crypto/evp/digest.c
M test/evp_extra_test.c
Log Message:
-----------
EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1
the issue has been introduced with openssl 3.0.
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
(cherry picked from commit ad33d62396b7e9db04fdf060481ced394d391688)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list