Coding OpenSSL on a Mac

This post is more about a note to myself about using OpenSSL in Visual Studio Code (VS Code). If the post benefits you, then I'm glad that it did. I performed all the steps described here on an Apple MacBook running macOS Big Sur 11.5.1.

Before proceeding, we need to have these two programs installed:

  1. Homebrew: to install OpenSSL
  2. Visual Studio Code: the integrated development environment (IDE) I use to code OpenSSL. Of course, you can use any other IDEs that you prefer.

OpenSSL

OpenSSL is a toolkit that is able to perform SSL/TLS functionalities and execute cryptographic operations. There are two separate libraries: libssl for SSL/TLS and libcrypto for the cryptography stuff.

Installing OpenSSL

Use Homebrew to install OpenSSL:

brew install openssl@1.1

On my Mac, Homebrew installs OpenSSL at

/opt/homebrew/Cellar/openssl@1.1/1.1.1k.

At the time of writing, the latest stable version of OpenSSL is 1.1.1k.

If we open a terminal and type:

openssl version

the output will display LibreSSL 2.8.3 which is not the version of OpenSSL that we have just installed. This is the version of OpenSSL that MacOS uses. We can also check using the which command to see the binary's path:

which openssl

which points to /usr/bin/local.

To display the OpenSSL version that we have just installed, enter the following:

/opt/homebrew/Cellar/openssl@1.1/1.1.1k/bin/openssl version

The above command will output OpenSSL 1.1.1k  25 Mar 2021.

Note: I read somewhere that it is not recommended to replace MacOS' OpenSSL with the one that we want. Let it live in peace.

Setting the Symbolic Link for the Header Files

Before we can start coding with OpenSSL, we need to tell the system where to find the various OpenSSL header files. We can do this by creating a symbolic link at /usr/local/include which points to /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/include/openssl/. We do this using the ln command:

ln -s /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/include/openssl/ /usr/local/include/

To know whether or not we are successful in adding the symbolic link, use ls -l:

ls -l /usr/local/include/

We should obtain the following output for openssl:

lrwxr-xr-x ... openssl -> /opt/homebrew/Cellar/openssl@1.1/1.1.1k/include/openssl

where the first l here means that openssl is a symbolic link and the actual link is printed after the -> arrow. The ... means that there are other texts there but I have hid them. 

Setting the Symbolic Link for the OpenSSL Library

We also need to tell the system where to find the C library for performing the cryptographic operations in OpenSSL. We can do this by creating a symbolic link at /usr/local/lib which points to /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/lib/libcrypto.a. Note that here, we are using OpenSSL's static library. Similarly as we did for the OpenSSL headers, use the ln command:

ln -s /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/lib/libcrypto.a /usr/local/lib/

Check whether or not we are successful in adding the symbolic link:

ls -l /usr/local/lib/

We should obtain the following output for openssl:

lrwxr-xr-x ... libcrypto.a -> /opt/homebrew/Cellar/openssl@1.1/1.1.1k/lib/libcrypto.a

VS Code

Once we have setup the necessary symbolic links, we are now ready to write some codes that use the OpenSSL cryptographic library. Since we have created a symbolic link to the OpenSSL headers at /usr/local/include/, we should be able to add the necessary OpenSSL header files. In fact, VS Code should be able to detect the presence of those header files. Some examples of OpenSSL header files are:

#include <openssl/rand.h>
#include <openssl/aes.h>

Since we have added a symbolic link that points to OpenSSL's static library, we can compile the C file that contains OpenSSL functions as follows:

gcc -o openssl-test openssl-test.c -lcrypto -Wall

where openssl-test.c is the name of the C file and -lcrypto refers to the libcrypto.a static library.

Simple OpenSSL Code

The following lines of code demonstrate a simple C program that computes the SHA-256 hash digest of a string. Save the file as openssl-test.c.

#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>

int main()
{
    char test_string[] = "Hello World!";
    unsigned char digest[SHA256_DIGEST_LENGTH];

    SHA256(test_string, strlen(test_string), digest);

    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++)
        printf("%02x", digest[i]);

    printf("\n");

    return 0;
}

Open a terminal in VS code or in MacOS and compile the source using the same command given before:
gcc -o openssl-test openssl-test.c -lcrypto -Wall

If everything is setup properly, we should obtain the following output:
7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069

which is the SHA-256 hash digest for the string "Hello World!". We can test whether the hash digest is correct using any SHA-256 hash calculator.

Comments

Post a Comment

Popular posts from this blog

Are Articles Published in Peer-Reviewed Conference Proceedings Inferior to Journals?

The answer to the question posed by the title of this article is: It depends on the field and the specific conference and journals that we are referring to. In certain science fields, journals have more prestige than conferences. Articles published in conferences are typically not considered as "publications" when evaluating the annual performance of an academician. In computer science, it can be argued that an article published in a peer-reviewed premier conference proceedings has the same value as an article published in a prestigious journal. You can read Michael Ernst's (a Computer Science Professor at Washington University) opinion about this issue here (written in 2006) . In 2009, when Mosche Vardi (a Computer Science Professor at Rice University) was the Editor-in-Chief of the Communications of the ACM, he  wrote a letter to open up discussions wether conferences are indeed superior in computer science . In January 2020, he wrote another article related to this i...
Read more

More on Conferences vs. Journals

In a previous post , the notion of treating conferences and journals on equal footing was discussed, challenging the prevailing view among certain quarters that journals hold an always-superior status over conferences. In that post, I pointed out instances where impactful results can emerge from conferences, and not necessarily exclusively from journals. Here, I present other examples from the literature. " Integral Cryptanalysis on Full MISTY1 " by Yasuke Todo was initially presented at CRYPTO 2015 and the research was later extended and published in Vol. 30 (2017) of the Journal of Cryptology (JoC) . The original work was the first to succesfully attack the full-round MISTY1, and is typically regarded as a significant result in cryptography. " Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities " by Achiya Bar-On and others was first unveiled at CRYPTO 2018. An extended version of this research was subsequently published ...
Read more