chore(openssl): Include legacy providers for GlobalPlatform crypto

alexjba · alexjba · commit 8a34d73cf987 · 2025-12-22T10:39:40.000+02:00
GlobalPlatform crypto needs the legacy providers. While it will potentially work OOTB with android since we're using dynamic linking, for IOS we need to compile with `no-module`. This will bundle the providers in the lib.
diff --git a/mobile/scripts/ios/buildOpenSSL.sh b/mobile/scripts/ios/buildOpenSSL.sh
@@ -56,7 +56,30 @@ mkdir -p ${SSL_BUILD_DIR}
 
 (
   cd ${SSL_BUILD_DIR}
-  ${OPENSSL}/Configure --release "$TARGET" $PLATFORM_CONFIG_ARGS
+  
+  # - no-module: Makes legacy provider built-in to libcrypto (not a separate module)
+  # - enable-legacy: Enables legacy algorithms including DES
+  # This is required for GlobalPlatform SCP02 which uses single-DES
+  # Reference: https://github.com/openssl/openssl/discussions/25793
+  
+  # Platform-specific config
+  if [[ "$OS" == "ios" ]]; then
+    # iOS uses static libraries (.a files)
+    SHARED_FLAG="no-shared"
+  else
+    # Android uses shared libraries (.so files)
+    SHARED_FLAG="shared"
+  fi
+  
+  ${OPENSSL}/Configure --release "$TARGET" $PLATFORM_CONFIG_ARGS \
+    no-module \
+    enable-legacy \
+    enable-des \
+    enable-md2 \
+    enable-rc5 \
+    $SHARED_FLAG \
+    no-tests \
+    no-ui-console
   # Rebuilding isn't working with the default target, so we need to clean and build again
   make clean
   make -j$(sysctl -n hw.ncpu) $PLATFORM_BUILD_ARGS build_libs
