Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable RC4 when built with Openssl-3.0 #3982

Closed
wants to merge 2 commits into from
Closed

Disable RC4 when built with Openssl-3.0 #3982

wants to merge 2 commits into from

Conversation

lrstewart
Copy link
Contributor

Description of changes:

A possible alternative to #3980

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label May 4, 2023
@lrstewart lrstewart mentioned this pull request May 4, 2023
Merged
@lrstewart lrstewart marked this pull request as ready for review May 4, 2023 22:56
@lrstewart lrstewart requested review from camshaft, toidiu and jmayclin May 4, 2023 22:56
toidiu
toidiu reviewed May 5, 2023
View reviewed changes
docs/USAGE-GUIDE.md Outdated Show resolved Hide resolved
crypto/s2n_stream_cipher_rc4.c Show resolved Hide resolved
crypto/s2n_stream_cipher_rc4.c
Comment on lines 26 to +27
#ifdef S2N_LIBCRYPTO_SUPPORTS_EVP_RC4
return EVP_rc4();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this also check for Openssl-3?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope. It's not testing for support, just limiting the blast radius of the #if we need to check for the existence of the EVP_rc4() symbol.

@lrstewart lrstewart requested a review from toidiu May 5, 2023 01:30
@toidiu toidiu enabled auto-merge (squash) May 5, 2023 16:45
camshaft
camshaft approved these changes May 5, 2023
View reviewed changes
crypto/s2n_stream_cipher_rc4.c
@@ -21,20 +21,30 @@
#include "utils/s2n_blob.h"
#include "utils/s2n_safety.h"

static uint8_t s2n_stream_cipher_rc4_available()
static const EVP_CIPHER *s2n_evp_rc4()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's hard to tell from the docs but does this EVP_CIPHER need to be free'd with EVP_CIPHER_free? Or is it a global?

@jmayclin jmayclin mentioned this pull request May 5, 2023
Closed
@lrstewart
Copy link
Contributor Author

Guess we will continue to support RC4 with Openssl3, since the other PR was merged :)

@lrstewart lrstewart closed this May 15, 2023
auto-merge was automatically disabled May 15, 2023 19:39

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmayclin jmayclin jmayclin approved these changes

@toidiu toidiu toidiu approved these changes

@camshaft camshaft camshaft approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lrstewart @camshaft @toidiu @jmayclin