Fix enable-weak-ssl-ciphers

Commit e260bee broke the enable-weak-ssl-ciphers option. The stitched rc4-hmac-md5 cipher implementation did not recognise the tls_version parameter, and therefore was being incorrectly handled. Fixes #13795 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13803)
author: Matt Caswell <matt@openssl.org> 2021-01-07 17:40:09 +0000
committer: Matt Caswell <matt@openssl.org> 2021-01-13 09:04:49 +0000
commit: 1dccccf33351a732dac3c700b2de05d34f708e33 (patch)
tree: 63ebb37071784c83c68b1f50b0bc3dcf01039fa9 /providers/implementations/ciphers
parent: 4dd009180a06ad973620c5beec28f2a6839c16ca (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index 69d47b03fe..ee0cff9b86 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -169,6 +169,14 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         }
         GET_HW(ctx)->init_mackey(&ctx->base, p->data, p->data_size);
     }
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_uint(p, &ctx->base.tlsversion)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+    }
+
     return 1;
 }
author	Matt Caswell <matt@openssl.org>	2021-01-07 17:40:09 +0000
committer	Matt Caswell <matt@openssl.org>	2021-01-13 09:04:49 +0000
commit	1dccccf33351a732dac3c700b2de05d34f708e33 (patch)
tree	63ebb37071784c83c68b1f50b0bc3dcf01039fa9 /providers/implementations/ciphers
parent	4dd009180a06ad973620c5beec28f2a6839c16ca (diff)