-
Notifications
You must be signed in to change notification settings - Fork 24.8k
Description
Description
CC_MD5
is used in RCTUtils
' function RCTMD5Hash(NSString *string)
(here), which is used in RCTAsyncLocalStorage.mm
and RNCAsyncStorage.m
to get a file name. My company's security team has requested we remove all use of MD5, regardless of whether it's used for cryptographic purposes or called by our code. In addition to being cryptographically insecure (though that isn't relevant here since it doesn't seem to be used for cryptographic purposes), CC_MD5
was deprecated by Apple in iOS 13.
React Native version:
0.63.2 (based on running npx react-native info
at the time of opening this issue)
Steps To Reproduce
- Follow the React Native CLI Quickstart version of the Setting up the development environment documentation.
- In Step 2 of "Running your React Native application", open Xcode instead of using
run-ios
. - Change the iOS Deployment Target for React-Core to iOS 13.0 (or higher).
- Build.
Expected Results
You shouldn't get any warnings, but for the scope of this issue, you shouldn't get any warnings about CC_MD5
being deprecated.
Snack, code example, screenshot, or link to a repository:
Here's the resulting error you'll get in the issue navigator on the left.
/Code/AwesomeProject/AwesomeProject/node_modules/react-native/React/Base/RCTUtils.m:224:3: 'CC_MD5' is deprecated: first deprecated in iOS 13.0 - This function is cryptographically broken and should not be used in security contexts. Clients should migrate to SHA256 (or stronger).