5

The SHA256_XXX family declared in /usr/include/openssl/sha.h has been deprecated in OS-X 10.7 and above. 

int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
void SHA256_Transform(SHA256_CTX *c, const unsigned char *data) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;

Although it's currently working, I wonder what is the alternative for later OS X versions.

jww
  • 97,681
  • 90
  • 411
  • 885
Zohar81
  • 4,554
  • 5
  • 29
  • 82
  • one possibility: in my own projects, I'm building and delivering my own OpenSSL library or framework built into the app... – Michael Dautermann Dec 15 '15 at 12:22
  • @MichaelDautermann, what do you mean by that, do you compile openssl on your own (without the deprecation declarations) and use it instead ? – Zohar81 Dec 15 '15 at 12:27
  • Yes, [I build my own versions of OpenSSL](http://stackoverflow.com/questions/25530429/build-multiarch-openssl-on-os-x) and then link against that instead of the version built into the SDK that Apple prefers we don't use. – Michael Dautermann Dec 15 '15 at 12:30

2 Answers2

9

Currently approved technique for all digests is via EVP.

https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html#EXAMPLE

Exemplary function for SHA256 (from https://wiki.openssl.org/index.php/EVP_Message_Digests)

void digest_message(unsigned char *message, unsigned char **digest, unsigned int *digest_len)
{
    EVP_MD_CTX *mdctx;

    if((mdctx = EVP_MD_CTX_new()) == NULL)
        handleErrors();

    if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
        handleErrors();

    if(1 != EVP_DigestUpdate(mdctx, message, strlen(message)))
        handleErrors();

    if((*digest = (unsigned char *)OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
        handleErrors();

    if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
        handleErrors();

    EVP_MD_CTX_free(mdctx);
}
Leśny Rumcajs
  • 2,259
  • 2
  • 17
  • 33
  • 1
    This is good and up to date as of the time of this writing. I use `EVP_MD_CTX_new` and `EVP_MD_CTX_free` instead of the `create` and `delete` versions you use. What is the difference? Why would I use one over the other? – wcochran Dec 03 '22 at 21:49
  • @wcochran There is no difference, according to the [docs](https://www.openssl.org/docs/man1.1.1/man3/EVP_MD_CTX_free.html) > The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. So it's probably safe to assume that using the new OpenSSL, one should use `_free` and `_new` as you do. I'll update my answer. Thanks! – Leśny Rumcajs Dec 12 '22 at 11:43
2

Common Crypto supports SHA256 and other cryptographic methods and is available for OS X and iOS. Add Security.framework and include <CommonCrypto/CommonDigest.h>. Common Crypto is a "C" API.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • can you address me which header to look for inside security.framework for sha256 calculation? – Zohar81 Dec 15 '15 at 13:01
  • Oops, it was in the answer but not properly quoted so it didn't display. Fixed. In particular it is in ``. – zaph Dec 15 '15 at 13:04