Is there a compatibility mode provided by OS X CommonCrypto for OpenSSL EVP_* calls (like there is for OpenSSL MD5 functions)?

StackOverflow https://stackoverflow.com/questions/12169566

  •  29-06-2021
  •  | 
  •  

Domanda

Compiling one of my source files on Mac OS X10.7 and getting these deprecation warnings:

xxx_evp.c:135:5: 'EVP_MD_CTX_init' is deprecated
xxx_evp.c:137:9: 'EVP_DigestInit_ex' is deprecated
xxx_evp.c:177:9: 'EVP_DigestUpdate' is deprecated
xxx_evp.c:227:13: 'EVP_DigestFinal_ex' is deprecated
xxx_evp.c:235:5: 'EVP_MD_CTX_cleanup' is deprecated

I had another set of OpenSSL deprecation warnings where I was using MD5 functions from openssl/md5.h and was able to switch to a CommonCrypto version of the OpenSSL calls like this: 

#if defined(__APPLE__)
#  define COMMON_DIGEST_FOR_OPENSSL
#  include <CommonCrypto/CommonDigest.h>
#else
#  include <openssl/md5.h>
#endif

But I can't find anything offhand about any kind of OpenSSL compatibility related to these EVP_* calls. Is there something similar I can do to get "free" compatibility support on OS X 10.7 for these OpenSSL EVP_* calls?

È stato utile?

Soluzione

I looked in the CommonCrypto headers files in /usr/include/CommonCrypto/ and the only one that notes any OpenSSL compatibility is CommonDigest.h. When the #define symbol COMMON_DIGEST_FOR_OPENSSL is defined before this header file is included your code, then the following classes of OpenSSL functions are mapped to their CommonCrypto equivalents:

  • MD2_xxx, MD4_xxx and MD5_xxx
  • SHA_xxx, SHA1_xxx, SHA224_xxx, SHA256_xxx, SHA384_xxx and SHA512_xxx

There does not appear to be any such mapping of the OpenSSL EVP_xxx functions, at least provided as part of CommonCrypto.

Altri suggerimenti

If you are using any of the MD or SHA hashes you can have OpenSSL compatibility by defining COMMON_DIGEST_FOR_OPENSSL before including CommonDigest.h. So it all depends on the second parameter of your EVP_DigestInit_ex() function call. As an example the Mac App Store signing code that uses SHA1 and 6 "EVP_..." calls can be replaced with the following code:

#define COMMON_DIGEST_FOR_OPENSSL
#include <CommonCrypto/CommonDigest.h>

    unsigned char digest[CC_SHA1_DIGEST_LENGTH];
    if (CC_SHA1([input bytes], [input length], digest)) {
        NSData *newHash = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
    }
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top