I have existing code that uses EVP_des_cbc() followed by EVP_EncryptInit_ex().
It still compiles without issues, EVP_des_cbc() still works, then EVP_EncryptInit_ex fails.
I found https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod#Legacy- Algorithms
It directs me to OSSL_PROVIDER-legacy(7), which talks about EVP_CIPHER_fetch() and
# … has this property defined: # # "provider=legacy" I then see the following example in crypto(7): # EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL); so I tried: EVP_CIPHER *des=EVP_CIPHER_fetch(NULL, "DES-CBC", "provider=legacy"); which got me a NULL. After reading some more, I call OSSL_PROVIDER_load(NULL, "legacy");up front. The next thing that happened is all my SSL_CTX_new immediately exploded. So, then I also added an explicit call to
OSSL_PROVIDER_load(NULL, "default");in addition that one. This /seems/ to work, and everything else that the code is doing, seems to work, but I don't feel like I'm on solid footing. Did I miss some important detail that's going to bite me in the arse?
Attachment:
pgpmPW5VUfTWh.pgp
Description: PGP signature
