Fix slh-dsa fuzzer on invalid param inputs

oss-fuzz issue: https://issues.oss-fuzz.com/issues/397734693 Fails because the fuzzer occasionaly provides inputs which drives the fuzzer to create an octet-string for the context_string param which violates the 255 byte constraint documented on that parameter. Fix it by detecting that condition, expecting failure in the call to EVP_sign_message_init, and bailing out when it occurs. Fixes openssl/project#1109 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26851)
2025-03-31 20:10:45 +08:00 · 2025-02-20 07:45:50 -05:00 · 2025-02-20 07:45:50 -05:00 · 3be71de4d9
commit 3be71de4d9
parent 17d2fd0752
1 changed files with 16 additions and 1 deletions
--- a/fuzz/slh-dsa.c
+++ b/fuzz/slh-dsa.c
@ -319,6 +319,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
    OSSL_PARAM params[4];
    int paramidx = 0;
    int intval;
+    int expect_init_rc = 1;

    *buf = consume_uint8t(*buf, len, &selector);
    if (*buf == NULL)
@ -338,6 +339,11 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
     */
    msg = (unsigned char *)*buf;
    msg_len = *len;
+
+    /* if msg_len > 255, sign_message_init will fail */
+    if (msg_len > 255)
+        expect_init_rc = 0;
+
    *len = 0;

    if (selector & 0x1)
@ -368,7 +374,15 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
    sig_alg = EVP_SIGNATURE_fetch(NULL, keytype, NULL);
    OPENSSL_assert(sig_alg != NULL);

-    OPENSSL_assert(EVP_PKEY_sign_message_init(ctx, sig_alg, params));
+    OPENSSL_assert(EVP_PKEY_sign_message_init(ctx, sig_alg, params) == expect_init_rc);
+    /*
+     * the context_string parameter can be no more than 255 bytes, so if
+     * our random input buffer is greater than that, we expect failure above,
+     * which we check for.  In that event, theres nothing more we can do here
+     * so bail out
+     */
+    if (expect_init_rc == 0)
+        goto out;

    OPENSSL_assert(EVP_PKEY_sign(ctx, NULL, &sig_len, msg, msg_len));
    sig = OPENSSL_zalloc(sig_len);
@ -379,6 +393,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
    OPENSSL_assert(EVP_PKEY_verify_message_init(ctx, sig_alg, params));
    OPENSSL_assert(EVP_PKEY_verify(ctx, sig, sig_len, msg, msg_len));

+out:
    OPENSSL_free(sig);
    EVP_SIGNATURE_free(sig_alg);
    EVP_PKEY_CTX_free(ctx);