Coding OpenSSL on a Mac

This post is more about a note to myself about using OpenSSL in Visual Studio Code (VS Code). If the post benefits you, then I'm glad that it did. I performed all the steps described here on an Apple MacBook running macOS Big Sur 11.5.1.

Before proceeding, we need to have these two programs installed:

  1. Homebrew: to install OpenSSL
  2. Visual Studio Code: the integrated development environment (IDE) I use to code OpenSSL. Of course, you can use any other IDEs that you prefer.

OpenSSL

OpenSSL is a toolkit that is able to perform SSL/TLS functionalities and execute cryptographic operations. There are two separate libraries: libssl for SSL/TLS and libcrypto for the cryptography stuff.

Installing OpenSSL

Use Homebrew to install OpenSSL:

brew install openssl@1.1

On my Mac, Homebrew installs OpenSSL at

/opt/homebrew/Cellar/openssl@1.1/1.1.1k.

At the time of writing, the latest stable version of OpenSSL is 1.1.1k.

If we open a terminal and type:

openssl version

the output will display LibreSSL 2.8.3 which is not the version of OpenSSL that we have just installed. This is the version of OpenSSL that MacOS uses. We can also check using the which command to see the binary's path:

which openssl

which points to /usr/bin/local.

To display the OpenSSL version that we have just installed, enter the following:

/opt/homebrew/Cellar/openssl@1.1/1.1.1k/bin/openssl version

The above command will output OpenSSL 1.1.1k  25 Mar 2021.

Note: I read somewhere that it is not recommended to replace MacOS' OpenSSL with the one that we want. Let it live in peace.

Setting the Symbolic Link for the Header Files

Before we can start coding with OpenSSL, we need to tell the system where to find the various OpenSSL header files. We can do this by creating a symbolic link at /usr/local/include which points to /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/include/openssl/. We do this using the ln command:

ln -s /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/include/openssl/ /usr/local/include/

To know whether or not we are successful in adding the symbolic link, use ls -l:

ls -l /usr/local/include/

We should obtain the following output for openssl:

lrwxr-xr-x ... openssl -> /opt/homebrew/Cellar/openssl@1.1/1.1.1k/include/openssl

where the first l here means that openssl is a symbolic link and the actual link is printed after the -> arrow. The ... means that there are other texts there but I have hid them. 

Setting the Symbolic Link for the OpenSSL Library

We also need to tell the system where to find the C library for performing the cryptographic operations in OpenSSL. We can do this by creating a symbolic link at /usr/local/lib which points to /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/lib/libcrypto.a. Note that here, we are using OpenSSL's static library. Similarly as we did for the OpenSSL headers, use the ln command:

ln -s /opt/homebrew/Cellar/openssl\@1.1/1.1.1k/lib/libcrypto.a /usr/local/lib/

Check whether or not we are successful in adding the symbolic link:

ls -l /usr/local/lib/

We should obtain the following output for openssl:

lrwxr-xr-x ... libcrypto.a -> /opt/homebrew/Cellar/openssl@1.1/1.1.1k/lib/libcrypto.a

VS Code

Once we have setup the necessary symbolic links, we are now ready to write some codes that use the OpenSSL cryptographic library. Since we have created a symbolic link to the OpenSSL headers at /usr/local/include/, we should be able to add the necessary OpenSSL header files. In fact, VS Code should be able to detect the presence of those header files. Some examples of OpenSSL header files are:

#include <openssl/rand.h>
#include <openssl/aes.h>

Since we have added a symbolic link that points to OpenSSL's static library, we can compile the C file that contains OpenSSL functions as follows:

gcc -o openssl-test openssl-test.c -lcrypto -Wall

where openssl-test.c is the name of the C file and -lcrypto refers to the libcrypto.a static library.

Simple OpenSSL Code

The following lines of code demonstrate a simple C program that computes the SHA-256 hash digest of a string. Save the file as openssl-test.c.

#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>

int main()
{
    char test_string[] = "Hello World!";
    unsigned char digest[SHA256_DIGEST_LENGTH];

    SHA256(test_string, strlen(test_string), digest);

    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++)
        printf("%02x", digest[i]);

    printf("\n");

    return 0;
}

Open a terminal in VS code or in MacOS and compile the source using the same command given before:
gcc -o openssl-test openssl-test.c -lcrypto -Wall

If everything is setup properly, we should obtain the following output:
7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069

which is the SHA-256 hash digest for the string "Hello World!". We can test whether the hash digest is correct using any SHA-256 hash calculator.

Comments

Post a Comment

Popular posts from this blog

Are Articles Published in Peer-Reviewed Conference Proceedings Inferior to Journals?

The answer to the question posed by the title of this article is: It depends on the field and the specific conference and journals that we are referring to. In certain science fields, journals have more prestige than conferences. Articles published in conferences are typically not considered as "publications" when evaluating the annual performance of an academician. In computer science, it can be argued that an article published in a peer-reviewed premier conference proceedings has the same value as an article published in a prestigious journal. You can read Michael Ernst's (a Computer Science Professor at Washington University) opinion about this issue here (written in 2006) . In 2009, when Mosche Vardi (a Computer Science Professor at Rice University) was the Editor-in-Chief of the Communications of the ACM, he  wrote a letter to open up discussions wether conferences are indeed superior in computer science . In January 2020, he wrote another article related to this i
Read more

Writing a Research/Project Proposal

This is my personal opinion on how to write certain sections of a project including research and final-year projects (FYP) proposal. The following are sections that are typically required in a project proposal. Note that not all proposals strictly follow the structure described in this article. In Malaysia, however, when writing proposals for a Master/PhD research work, a final-year project, a research grant, the proposal's structure is similar to the one described here. Abstract According to the Oxford Dictionary, an abstract is a " summary of the contents of a book, article or speech ". Therefore, an abstract should contain a summary of relevant sections in your project proposal. For a proposal, you may begin with a short introduction, then to the research problems, objectives (what you plan to solve) and methodology (how you plan to solve the problems). The final report or thesis should include a brief mention about what you have accomplished (e.g. the solutions/findin
Read more

Misconceptions About Bitcoin and Cryptocurrency

There are a few misconceptions about Bitcoin and cryptocurrency, which I have read and heard people talking. Some of them are listed here and I shall try my best to correct them. This list will be updated from time to time. Referring cryptocurrency to just "crypto" . Technically, it is incorrect to link "crypto" to mean cryptocurrency. This is akin to calling "digital currency" as just "digital". I have read statements like: "I have a lot of cryptos". However, you don't say "I have a lot of digitals". So, it is better to stick with the term "cryptocurrency" as opposed to just "crypto" when referring to the former. Crypto is normally associated with cryptography . Bitcoin uses a public key infrastructure (PKI) . A PKI requires the setting up of an infrastructure involving, among others, a Certificate Authority (which is a trusted third party) that is responsible to certify public keys. In Bitcoin, or
Read more