git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Fri, 15 Apr 2022 09:22:59 +0000 (10:22 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 3 May 2022 09:54:29 +0000 (10:54 +0100)
commit	7d56a74a96828985db7354a55227a511615f732b
tree	5cee38d155f01c5034a632d632cac770f3c3cd76	tree \| snapshot
parent	55c80c222293a972587004c185dc5653ae207a0e	commit \| diff

Fix the RC4-MD5 cipher

A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.

CVE-2022-1434

Fixes #18112

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

providers/implementations/ciphers/cipher_rc4_hmac_md5.c		diff \| blob \| history
test/recipes/30-test_evp_data/evpciph_aes_stitched.txt		diff \| blob \| history
test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom