diff options
| author | Matt Caswell <matt@openssl.org> | 2021-01-07 18:40:09 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-01-13 10:04:49 +0100 |
| commit | 1dccccf33351a732dac3c700b2de05d34f708e33 (patch) | |
| tree | 63ebb37071784c83c68b1f50b0bc3dcf01039fa9 /providers/implementations | |
| parent | x509_vfy.c: Fix a regression in find_issuer() (diff) | |
| download | openssl-1dccccf33351a732dac3c700b2de05d34f708e33.tar.xz openssl-1dccccf33351a732dac3c700b2de05d34f708e33.zip | |
Fix enable-weak-ssl-ciphers
Commit e260bee broke the enable-weak-ssl-ciphers option. The stitched
rc4-hmac-md5 cipher implementation did not recognise the tls_version
parameter, and therefore was being incorrectly handled.
Fixes #13795
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13803)
Diffstat (limited to 'providers/implementations')
| -rw-r--r-- | providers/implementations/ciphers/cipher_rc4_hmac_md5.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 69d47b03fe..ee0cff9b86 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -169,6 +169,14 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } GET_HW(ctx)->init_mackey(&ctx->base, p->data, p->data_size); } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION); + if (p != NULL) { + if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } + return 1; } |