mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix slh-dsa incorrect prediction of result code

Browse Source 
The slh_dsa fuzzer predicts failure in EVP_message_sign_init in the
event we pass a context_string param of more than 255 bytes.  That makes
for an accurate prediction, but only if we actually create  the param.

augment the setting of exepct_rc_init to be determined not only by our
allocation of a > 255 byte message, but also on selector bit 1, which
determines if we create the parameter at all.

Fixes https://oss-fuzz.com/testcase-detail/4807793999937536

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26884)
This commit is contained in:
Neil Horman 2025-02-24 07:55:33 -05:00
parent 83dbfde6aa
commit c0eb5c57f7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzz/slh-dsa.c
View File

@ -341,7 +341,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
msg_len = *len;
/* if msg_len > 255, sign_message_init will fail */
if (msg_len > 255)
if (msg_len > 255 && (selector & 0x1) != 0)
expect_init_rc = 0;
*len = 0;