Archive for October, 2012

EVP_… Calls Deprecated

Thursday, October 18th, 2012

For a while now (since OS X 10.7) EVP_ calls in OpenSSL have been deprecated. But Wolf Rentzsch’s article has recently stirred developers to look for replacements for these calls in Common Digest. Most developers only use the EVP_ functions in order to validate a Mac App Store receipt hash, as it’s used in the sample code provided by Apple (listing 1-7). It’s easy to replace the 6 calls to EVP with the following Common Digest code:

#define COMMON_DIGEST_FOR_OPENSSL
#include <CommonCrypto/CommonDigest.h>unsigned char digest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1([input bytes], [input length], digest);
NSData *newHash = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];

I always use Objective-C where I can, hence my input string is already concatenated and the SHA1 digest result is converted into a NSData so that I can compare it with stored GUID in the receipt directly. Here is the code in case you need to copy paste:

NSMutableData *input = [NSMutableData data];
[input appendData:guidData];
[input appendData:[receipt objectForKey:kReceiptOpaqueValue]];
[input appendData:[receipt objectForKey:kReceiptBundleIdentiferData]];

Hope someone find this useful as a few questions at Stack Overflow are going unanswered due to their more generic phrasing about replacing EVP calls in general. Most of the EVP algorithms are not replaceable but if you are using any of the MD or SHA versions then you can use the above solution.