How can I use libssl with Cocoa on Lion?

Question

I'm linking against a static library build from source, and including local headers, not the headers in /usr/include, but Xcode still lists may functions as depreciated, and it's failing to find symbols. Has anyone gotten libssl working on Lion?

Answer 1

Yep, SSL functions are deprecated on Lion.

You should use stuff from CommonCrypto instead. Basically, it has replacements for all SSL functions, and they are usually compatible.

For instance, if you use MD5 (openssl/md5.h), you'll get those deprecated warnings. You can the include CommonDigest, and use CC_MD5_* functions, instead of the old MD5_* ones.

You should also be able to produce a compatibility header, to support other systems. Something like:

#if defined( __APPLE__ )

    #include <CommonCrypto/CommonDigest.h>

    #ifdef MD5_DIGEST_LENGTH

        #undef MD5_DIGEST_LENGTH

    #endif

    #define MD5_Init            CC_MD5_Init
    #define MD5_Update          CC_MD5_Update
    #define MD5_Final           CC_MD5_Final
    #define MD5_DIGEST_LENGTH   CC_MD5_DIGEST_LENGTH
    #define MD5_CTX             CC_MD5_CTX

#else

    #include <openssl/md5.h>

#endif

This is only for MD5, but you should be able to do the some for most other functions.

EDIT

CommonCrypto only support symmetric encryption, through CCCryptor.

If you need asymmetric encryption, you should use the Security framework.

Be sure to take a look at the Security Transforms Programming Guide.

Answer 2

For anyone coming after me, Apple's Security Framework has what you are looking for, particularly SecKeyGeneratePair, SecItemCopyMatching (to get keys from the keychain), SecItemExport (to export to a PEM format), and SecKeyCreateFromData (to make a key from an NSData). Sign and verify are both done with SecTransforms. Apple has reasonable documentation for all of these functions if you search for the right terms.