[openssl] master update
Matt Caswell
matt at openssl.org
Wed Jan 13 09:14:37 UTC 2021
The branch master has been updated
via 1dccccf33351a732dac3c700b2de05d34f708e33 (commit)
from 4dd009180a06ad973620c5beec28f2a6839c16ca (commit)
- Log -----------------------------------------------------------------
commit 1dccccf33351a732dac3c700b2de05d34f708e33
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 7 17:40:09 2021 +0000
Fix enable-weak-ssl-ciphers
Commit e260bee broke the enable-weak-ssl-ciphers option. The stitched
rc4-hmac-md5 cipher implementation did not recognise the tls_version
parameter, and therefore was being incorrectly handled.
Fixes #13795
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13803)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/ciphers/cipher_rc4_hmac_md5.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index 69d47b03fe..ee0cff9b86 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -169,6 +169,14 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
GET_HW(ctx)->init_mackey(&ctx->base, p->data, p->data_size);
}
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
+ if (p != NULL) {
+ if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ }
+
return 1;
}
More information about the openssl-commits
mailing list