Mac10.15+ (#214)

Author: TingDaoK

.github/workflows/ci.yml

@@ -305,7 +305,7 @@ jobs:
       run: |
         python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')"
         chmod a+x builder
-        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DCMAKE_OSX_DEPLOYMENT_TARGET=10.9
+        ./builder build -p ${{ env.PACKAGE_NAME }} --cmake-extra=-DCMAKE_OSX_DEPLOYMENT_TARGET=10.15
 
   freebsd:
     runs-on: ubuntu-24.04 # latest

README.md

@@ -8,7 +8,7 @@ This library is licensed under the Apache 2.0 License.
 
 ## Supported Platforms
 * Windows (Vista and Later)
-* Apple
+* Apple (MacOS 10.15+, IOS 11+)
 * Unix (via OpenSSL compatible libcrypto)
 
 ## Build Instructions

source/darwin/commoncrypto_aes.c

@@ -16,11 +16,6 @@
 
 #    define SUPPORT_AES_GCM_VIA_SPI 1
 #    include "common_cryptor_spi.h"
-
-#    if (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && (__MAC_OS_X_VERSION_MAX_ALLOWED >= 101300 /* macOS 10.13 */)) ||   \
-        (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && (__IPHONE_OS_VERSION_MAX_ALLOWED >= 110000 /* iOS v11 */))
-#        define USE_LATEST_CRYPTO_API 1
-#    endif
 #endif
 
 struct cc_aes_cipher {
@@ -370,45 +365,6 @@ static int s_gcm_decrypt(struct aws_symmetric_cipher *cipher, struct aws_byte_cu
 
 #ifdef SUPPORT_AES_GCM_VIA_SPI
 
-/*
- * Note that CCCryptorGCMFinal is deprecated in Mac 10.13. It also doesn't compare the tag with expected tag
- * https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60118.1.1/include/CommonCryptorSPI.h.auto.html
- */
-static CCStatus s_cc_crypto_gcm_finalize(struct _CCCryptor *encryptor_handle, uint8_t *buffer, size_t tag_length) {
-#    ifdef USE_LATEST_CRYPTO_API
-    if (__builtin_available(macOS 10.13, iOS 11.0, *)) {
-        return CCCryptorGCMFinalize(encryptor_handle, buffer, tag_length);
-    } else {
-/* We would never hit this branch for newer macOS and iOS versions because of the __builtin_available check, so we can
- * suppress the compiler warning. */
-#        pragma clang diagnostic push
-#        pragma clang diagnostic ignored "-Wdeprecated-declarations"
-        return CCCryptorGCMFinal(encryptor_handle, buffer, &tag_length);
-#        pragma clang diagnostic pop
-    }
-#    else
-    return CCCryptorGCMFinal(encryptor_handle, buffer, &tag_length);
-
-#    endif
-}
-
-static CCCryptorStatus s_cc_cryptor_gcm_set_iv(struct _CCCryptor *encryptor_handle, uint8_t *buffer, size_t length) {
-#    ifdef USE_LATEST_CRYPTO_API
-    if (__builtin_available(macOS 10.13, iOS 11.0, *)) {
-        return CCCryptorGCMSetIV(encryptor_handle, buffer, length);
-    } else {
-/* We would never hit this branch for newer macOS and iOS versions because of the __builtin_available check, so we can
- * suppress the compiler warning. */
-#        pragma clang diagnostic push
-#        pragma clang diagnostic ignored "-Wdeprecated-declarations"
-        return CCCryptorGCMAddIV(encryptor_handle, buffer, length);
-#        pragma clang diagnostic pop
-    }
-#    else
-    return CCCryptorGCMAddIV(encryptor_handle, buffer, length);
-#    endif
-}
-
 static int s_finalize_gcm_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out) {
     (void)out;
 
@@ -420,7 +376,7 @@ static int s_finalize_gcm_encryption(struct aws_symmetric_cipher *cipher, struct
     struct cc_aes_cipher *cc_cipher = cipher->impl;
 
     size_t tag_length = AWS_AES_256_CIPHER_BLOCK_SIZE;
-    CCStatus status = s_cc_crypto_gcm_finalize(cc_cipher->encryptor_handle, cipher->tag.buffer, tag_length);
+    CCStatus status = CCCryptorGCMFinalize(cc_cipher->encryptor_handle, cipher->tag.buffer, tag_length);
     if (status != kCCSuccess) {
         cipher->state = AWS_SYMMETRIC_CIPHER_ERROR;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
@@ -436,7 +392,7 @@ static int s_finalize_gcm_decryption(struct aws_symmetric_cipher *cipher, struct
     struct cc_aes_cipher *cc_cipher = cipher->impl;
 
     size_t tag_length = AWS_AES_256_CIPHER_BLOCK_SIZE;
-    CCStatus status = s_cc_crypto_gcm_finalize(cc_cipher->decryptor_handle, cipher->tag.buffer, tag_length);
+    CCStatus status = CCCryptorGCMFinalize(cc_cipher->decryptor_handle, cipher->tag.buffer, tag_length);
     if (status != kCCSuccess) {
         cipher->state = AWS_SYMMETRIC_CIPHER_ERROR;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
@@ -495,8 +451,8 @@ static int s_initialize_gcm_cipher_materials(
     if (status != kCCSuccess) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
-    status = s_cc_cryptor_gcm_set_iv(
-        cc_cipher->encryptor_handle, cc_cipher->cipher_base.iv.buffer, cc_cipher->cipher_base.iv.len);
+    status =
+        CCCryptorGCMSetIV(cc_cipher->encryptor_handle, cc_cipher->cipher_base.iv.buffer, cc_cipher->cipher_base.iv.len);
 
     if (status != kCCSuccess) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
@@ -528,8 +484,8 @@ static int s_initialize_gcm_cipher_materials(
     if (status != kCCSuccess) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
-    status = s_cc_cryptor_gcm_set_iv(
-        cc_cipher->decryptor_handle, cc_cipher->cipher_base.iv.buffer, cc_cipher->cipher_base.iv.len);
+    status =
+        CCCryptorGCMSetIV(cc_cipher->decryptor_handle, cc_cipher->cipher_base.iv.buffer, cc_cipher->cipher_base.iv.len);
 
     if (status != kCCSuccess) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);