How can I use libssl with Cocoa on Lion?

Question

I'm linking against a static library build from source, and including local headers, not the headers in /usr/include, but Xcode still lists may functions as depreciated, and it's failing to find symbols. Has anyone gotten libssl working on Lion?

Macmade · Accepted Answer · 2012-01-18T11:41:17.207

2

Yep, SSL functions are deprecated on Lion.

You should use stuff from CommonCrypto instead. Basically, it has replacements for all SSL functions, and they are usually compatible.

For instance, if you use MD5 (openssl/md5.h), you'll get those deprecated warnings. You can the include CommonDigest, and use CC_MD5_* functions, instead of the old MD5_* ones.

You should also be able to produce a compatibility header, to support other systems. Something like:

#if defined( __APPLE__ )

    #include <CommonCrypto/CommonDigest.h>

    #ifdef MD5_DIGEST_LENGTH

        #undef MD5_DIGEST_LENGTH

    #endif

    #define MD5_Init            CC_MD5_Init
    #define MD5_Update          CC_MD5_Update
    #define MD5_Final           CC_MD5_Final
    #define MD5_DIGEST_LENGTH   CC_MD5_DIGEST_LENGTH
    #define MD5_CTX             CC_MD5_CTX

#else

    #include <openssl/md5.h>

#endif

This is only for MD5, but you should be able to do the some for most other functions.

EDIT

CommonCrypto only support symmetric encryption, through CCCryptor.

If you need asymmetric encryption, you should use the Security framework.

Be sure to take a look at the Security Transforms Programming Guide.

edited Jan 18 '12 at 11:41

answered Jan 18 '12 at 10:07

Macmade

52,708
13
106
123

I'm willing to do that, but I cannot seem to find their asymmetric key API. Am I just not finding the right header? – Loyal Tingley Jan 18 '12 at 11:02
thanks! Do you also happen to know how to convert a public SecKey to CFData and back? I found some examples using CSSM_KEY, but it was depreciated in 10.7 too. – Loyal Tingley Jan 19 '12 at 11:26
1

i don't understand. if i am developing code for OS X that needs to be portable to other systems (e.g. Linux) it sounds like there is going to be a lot of OS (X) specific code for the asymmetric part. what was the rationale behind Apple making all this extra work for developers to create cross-platform code? – Michael Apr 15 '14 at 15:42
You'll have the same issues trying to develop code on Linux that needs to be portable on OS X or other Unix-based systems... Linux is clearly NOT a reference in such a situation, as it unfortunately implies so many non-standard stuff, while claiming compatibility with *NIX systems... Remember OS X is fully POSIX compatible, as well as SUS... Linux is NOT... – Macmade Apr 15 '14 at 21:01

score 0 · Answer 2 · answered Jan 20 '12 at 10:23

For anyone coming after me, Apple's Security Framework has what you are looking for, particularly SecKeyGeneratePair, SecItemCopyMatching (to get keys from the keychain), SecItemExport (to export to a PEM format), and SecKeyCreateFromData (to make a key from an NSData). Sign and verify are both done with SecTransforms. Apple has reasonable documentation for all of these functions if you search for the right terms.

How can I use libssl with Cocoa on Lion?

2 Answers2