Use custom library context for rc4 instead of global default context #3980
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
We forgot to add Openssl-3.0 to the unit tests, so missed that the newest unit test broke with Openssl-3.0.
The problem is that the default openssl context is global. So when we manually loaded providers so that we could access the legacy RC4 algorithm, that change affected any other uses of openssl within the same process. When we then unloaded those providers, we unloaded them for everyone, and openssl basically stopped working because it had no algorithms.
So instead, I now load the legacy provider required for RC4 into a custom openssl context so that we can retrieve the RC4 algorithm.
Callouts
I put the call to s2n_rc4_init in s2n_cipher_suites_init instead of the base s2n_init method because we have to setup RC4 before we can setup any cipher suites that use RC4. I thought it might be clearer. But maybe I should just put it in s2n_init with a comment?
Testing:
The failing s2n_random_test now passes. I also added some sanity checks to s2n_rc4_test to make sure we're still using RC4 where expected.
I also double checked that the Openssl-3.0 test was actually running (s2nUnitOpenSSL3GCC9 in GeneralBatch).
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.