]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6ee1f4f) | patch
Fix the RC4-MD5 cipher
authorMatt Caswell <matt@openssl.org>
Fri, 15 Apr 2022 09:22:59 +0000 (10:22 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 3 May 2022 09:46:49 +0000 (10:46 +0100)
commit33219939c782cf363b30e9e899b9997fb1ced440
treee6605709ac475658010eda6c495e80f53f1dcad0tree
parent6ee1f4f40b5100ef2744866a727bb4b9ef8ea39ecommit | diff
Fix the RC4-MD5 cipher

A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.

CVE-2022-1434

Fixes #18112

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
providers/implementations/ciphers/cipher_rc4_hmac_md5.c diff | blob | blame | history
test/recipes/30-test_evp_data/evpciph_aes_stitched.txt diff | blob | blame | history
test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git