Alternative for calculating sha256 to using deprecated openssl code

Question

The SHA256_XXX family declared in /usr/include/openssl/sha.h has been deprecated in OS-X 10.7 and above.

int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
void SHA256_Transform(SHA256_CTX *c, const unsigned char *data) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;

Although it's currently working, I wonder what is the alternative for later OS X versions.

one possibility: in my own projects, I'm building and delivering my own OpenSSL library or framework built into the app... — Michael Dautermann, Dec 15 '15 at 12:22
@MichaelDautermann, what do you mean by that, do you compile openssl on your own (without the deprecation declarations) and use it instead ? — Zohar81, Dec 15 '15 at 12:27
Yes, [I build my own versions of OpenSSL](http://stackoverflow.com/questions/25530429/build-multiarch-openssl-on-os-x) and then link against that instead of the version built into the SDK that Apple prefers we don't use. — Michael Dautermann, Dec 15 '15 at 12:30

score 3 · Answer 1 · answered Dec 15 '15 at 12:30

Currently approved technique for all digests is via EVP.

https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html#EXAMPLE

Exemplary function for SHA256 (from https://wiki.openssl.org/index.php/EVP_Message_Digests)

void digest_message(unsigned char *message, unsigned char **digest, unsigned int *digest_len)
{
    EVP_MD_CTX *mdctx;

    if((mdctx = EVP_MD_CTX_create()) == NULL)
        handleErrors();

    if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
        handleErrors();

    if(1 != EVP_DigestUpdate(mdctx, message, strlen(message)))
        handleErrors();

    if((*digest = (unsigned char *)OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
        handleErrors();

    if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
        handleErrors();

    EVP_MD_CTX_destroy(mdctx);
}

zaph · Accepted Answer · 2015-12-15T13:09:28.017

2

Common Crypto supports SHA256 and other cryptographic methods and is available for OS X and iOS. Add Security.framework and include <CommonCrypto/CommonDigest.h>. Common Crypto is a "C" API.

edited Dec 15 '15 at 13:09

answered Dec 15 '15 at 12:53

zaph

110,296
20
185
221

can you address me which header to look for inside security.framework for sha256 calculation? – Zohar81 Dec 15 '15 at 13:01
Oops, it was in the answer but not properly quoted so it didn't display. Fixed. In particular it is in ``. – zaph Dec 15 '15 at 13:04

Alternative for calculating sha256 to using deprecated openssl code

2 Answers2