From: Neil Horman <nhorman@openssl.org>
Date: Mon, 24 Feb 2025 12:55:33 +0000 (-0500)
Subject: fix slh-dsa incorrect prediction of result code
X-Git-Tag: openssl-3.5.0-alpha1~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0eb5c57f77c5a158b989285b1344297e0186235;p=thirdparty%2Fopenssl.git

fix slh-dsa incorrect prediction of result code

The slh_dsa fuzzer predicts failure in EVP_message_sign_init in the
event we pass a context_string param of more than 255 bytes.  That makes
for an accurate prediction, but only if we actually create  the param.

augment the setting of exepct_rc_init to be determined not only by our
allocation of a > 255 byte message, but also on selector bit 1, which
determines if we create the parameter at all.

Fixes https://oss-fuzz.com/testcase-detail/4807793999937536

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26884)
---

diff --git a/fuzz/slh-dsa.c b/fuzz/slh-dsa.c
index d2b4a438ea6..dada29a62d6 100644
--- a/fuzz/slh-dsa.c
+++ b/fuzz/slh-dsa.c
@@ -341,7 +341,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
     msg_len = *len;
 
     /* if msg_len > 255, sign_message_init will fail */
-    if (msg_len > 255)
+    if (msg_len > 255 && (selector & 0x1) != 0)
         expect_init_rc = 0;
 
     *len = 0;