OpenSSL is deprecated in Lion
For example with the followingdeprecated.c
source code:#include <openssl/crypto.h> int main(void) { OPENSSL_init(); return 0; }
We get a compilation warning:
$ gcc deprecated.c -lcrypto
deprecated.c: In function ‘main’:
deprecated.c:5: warning: ‘OPENSSL_init’ is deprecated (declared at /usr/include/openssl/crypto.h:600)
Line 600 of
/usr/include/openssl/crypto.h
is:void OPENSSL_init(void) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
and is replaced by Common Cypto
Common Crypto is Apple "own" implementation of low level crypto algorithms. See the
CC_crypto(3cc)
man page. The manage is also available online at http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/CC_crypto.3cc.html and says:CC_crypto(3cc) LOCAL CC_crypto(3cc) NAME Common Crypto -- libSystem digest library DESCRIPTION The libSystem Common Crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the CDSA implementations of SSL, TLS and S/MIME. OVERVIEW libSystem contains the Common Crypto collection of algorithms. Digest and encryption algorithms contained in this library are optimized for speed. The algorithms have been collected from various sources and chosen for their performance characteristics. Since libSystem is linked into all executables it is preferable for applications to use these functions rather than implementing their own versions. NOTES To use the digest functions with existing code which uses the corresponding openssl functions, #define the symbol COMMON_DIGEST_FOR_OPENSSL in your client code (BEFORE including <CommonCrypto/CommonDigest.h> ). You can *NOT* mix and match functions operating on a given data type from the two implementations; i.e., if you do a CC_MD5_Init() on a CC_MD5_CTX object, do not assume that you can do an openssl-style MD5_Update() on that same context. The interfaces to the encryption and HMAC algorithms have a calling interface that is different from that provided by OpenSSL. SEE ALSO CC_MD5(3cc), CC_SHA(3cc), CCHmac(3cc), CCCryptor(3cc) BSD April 5, 2007 BSD
Notes
The man page is quiet old (April 2007) and references CDSA. CDSA has also been deprecated in Lion but we will talk about that later.Common Crypto should also be available in Leopard (the man page exists for 10.5). So you can update you project to use Common Crypto for Lion and the same source code could be used on Snow Leopard (and maybe even Leopard)
Conclusion
OpenSSL should be removed in a later Mac OS X version.For projects using OpenSSL on Mac OS X you have two options:
- move from OpenSSL to Common Crypto
- provide your own version of OpenSSL in the installer (or use a static link)