From 27f7f527652e403177335eb2e3ba1ff6df13f193 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Tue, 14 Dec 2021 11:08:00 +1100
Subject: [PATCH] Add test case to verify that the use after free issue is
 fixed.

Test case based on reproducer by Guido Vranken.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17263)
---
 test/hmactest.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/test/hmactest.c b/test/hmactest.c
index 63954a1183c..8f5bf32f870 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -245,6 +245,36 @@ err:
     return ret;
 }
 
+static int test_hmac_copy_uninited(void)
+{
+    const unsigned char key[24] = {0};
+    const unsigned char ct[166] = {0};
+    EVP_PKEY *pkey = NULL;
+    EVP_MD_CTX *ctx = NULL;
+    EVP_MD_CTX *ctx_tmp = NULL;
+    int res = 0;
+
+    if (!TEST_ptr(ctx = EVP_MD_CTX_new())
+            || !TEST_ptr(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+                                                     key, sizeof(key)))
+            || !TEST_true(EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey))
+            || !TEST_ptr(ctx_tmp = EVP_MD_CTX_new())
+            || !TEST_true(EVP_MD_CTX_copy(ctx_tmp, ctx)))
+        goto err;
+    EVP_MD_CTX_free(ctx);
+    ctx = ctx_tmp;
+    ctx_tmp = NULL;
+
+    if (!TEST_true(EVP_DigestSignUpdate(ctx, ct, sizeof(ct))))
+        goto err;
+    res = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_CTX_free(ctx_tmp);
+    EVP_PKEY_free(pkey);
+    return res;
+}
+
 # ifndef OPENSSL_NO_MD5
 static char *pt(unsigned char *md, unsigned int len)
 {
@@ -266,6 +296,7 @@ int setup_tests(void)
     ADD_TEST(test_hmac_bad);
     ADD_TEST(test_hmac_run);
     ADD_TEST(test_hmac_copy);
+    ADD_TEST(test_hmac_copy_uninited);
     return 1;
 }
 
-- 
2.47.2