[openssl/openssl] afbe30: EVP_DigestUpdate(): Check if ctx->update is set

Sashan noreply at github.com
Thu Jul 11 19:51:04 UTC 2024


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: afbe30116337bb099e43181b2fe244093af2989a
      https://github.com/openssl/openssl/commit/afbe30116337bb099e43181b2fe244093af2989a
  Author: sashan <anedvedicky at gmail.com>
  Date:   2024-07-11 (Thu, 11 Jul 2024)

  Changed paths:
    M crypto/evp/digest.c
    M test/evp_extra_test.c

  Log Message:
  -----------
  EVP_DigestUpdate(): Check if ctx->update is set

The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.

    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1

the issue has been introduced with openssl 3.0.

Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)

(cherry picked from commit ad33d62396b7e9db04fdf060481ced394d391688)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list