Re: [PATCH] imap-send: use Apple's Security framework for base64 encoding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David,

Thanks for massaging it to apply to master and cleaning up the style conflicts.

On Jul 27, 2013, at 13:31, David Aguilar <davvid@xxxxxxxxx> wrote:

> From: Jeremy Huddleston <jeremyhu@xxxxxxxxx>
> 
> Use Apple's supported functions for base64 encoding instead
> of the deprecated OpenSSL functions.
> 
> Signed-off-by: Jeremy Huddleston <jeremyhu@xxxxxxxxx>
> Signed-off-by: David Aguilar <davvid@xxxxxxxxx>
> ---
> This is Jeremy's original patch rebased onto the latest master.
> 
> Jeremy, the only way I could get this to work was to suppress inclusion of
> openssl/sha.h by defining HEADER_SHA_H.  This can be removed when we have
> replacements for openssl/x509v3.h.
> 
> Makefile    |  1 +
> imap-send.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
> 2 files changed, 82 insertions(+), 4 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 0600eb4..4c40665 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1413,6 +1413,7 @@ ifdef PPC_SHA1
> 	LIB_H += ppc/sha1.h
> else
> ifdef APPLE_COMMON_CRYPTO
> +	LIB_4_CRYPTO += -framework Security -framework CoreFoundation
> 	COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
> 	SHA1_HEADER = <CommonCrypto/CommonDigest.h>
> else
> diff --git a/imap-send.c b/imap-send.c
> index d6b65e2..3fd9c0e 100644
> --- a/imap-send.c
> +++ b/imap-send.c
> @@ -22,14 +22,11 @@
>  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
>  */
> 
> -#include "cache.h"
> -#include "exec_cmd.h"
> -#include "run-command.h"
> -#include "prompt.h"
> #ifdef NO_OPENSSL
> typedef void *SSL;
> #else
> #ifdef APPLE_COMMON_CRYPTO
> +/* git-compat-util.h overwrites ctype.h; this must be included first */
> #include <CommonCrypto/CommonHMAC.h>
> #define HMAC_CTX CCHmacContext
> #define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
> @@ -37,12 +34,23 @@ typedef void *SSL;
> #define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
> #define HMAC_CTX_cleanup(ignore)
> #define EVP_md5() kCCHmacAlgMD5
> +
> +#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
> +#define APPLE_LION_OR_NEWER
> +#include <Security/Security.h>
> +#define HEADER_SHA_H /* suppress inclusion of openssl/sha.h */
> +#endif
> +
> #else
> #include <openssl/evp.h>
> #include <openssl/hmac.h>
> #endif
> #include <openssl/x509v3.h>
> #endif
> +#include "cache.h"
> +#include "exec_cmd.h"
> +#include "run-command.h"
> +#include "prompt.h"
> 
> static const char imap_send_usage[] = "git imap-send < <mbox>";
> 
> @@ -877,6 +885,75 @@ static void imap_close_store(struct imap_store *ctx)
> 	free(ctx);
> }
> 
> +#ifdef APPLE_LION_OR_NEWER
> +#define EVP_DecodeBlock git_CC_EVP_DecodeBlock
> +#define EVP_EncodeBlock git_CC_EVP_EncodeBlock
> +#define error_check(pattern, err) \
> +	do { \
> +		if (err) { \
> +			die(pattern, (long)CFErrorGetCode(err)); \
> +		} \
> +	} while(0)
> +
> +static int git_CC_EVP_EncodeBlock(unsigned char *out,
> +		const unsigned char *in, int inlen)
> +{
> +	CFErrorRef err;
> +	SecTransformRef encoder;
> +	CFDataRef input, output;
> +	CFIndex length;
> +
> +	encoder = SecEncodeTransformCreate(kSecBase64Encoding, &err);
> +	error_check("SecEncodeTransformCreate failed: %ld", err);
> +
> +	input = CFDataCreate(kCFAllocatorDefault, in, inlen);
> +	SecTransformSetAttribute(encoder, kSecTransformInputAttributeName,
> +			input, &err);
> +	error_check("SecTransformSetAttribute failed: %ld", err);
> +
> +	output = SecTransformExecute(encoder, &err);
> +	error_check("SecTransformExecute failed: %ld", err);
> +
> +	length = CFDataGetLength(output);
> +	CFDataGetBytes(output, CFRangeMake(0, length), out);
> +
> +	CFRelease(output);
> +	CFRelease(input);
> +	CFRelease(encoder);
> +
> +	return (int)strlen((const char *)out);
> +}
> +
> +static int git_CC_EVP_DecodeBlock(unsigned char *out,
> +		const unsigned char *in, int inlen)
> +{
> +	CFErrorRef err;
> +	SecTransformRef decoder;
> +	CFDataRef input, output;
> +	CFIndex length;
> +
> +	decoder = SecDecodeTransformCreate(kSecBase64Encoding, &err);
> +	error_check("SecEncodeTransformCreate failed: %ld", err);
> +
> +	input = CFDataCreate(kCFAllocatorDefault, in, inlen);
> +	SecTransformSetAttribute(decoder, kSecTransformInputAttributeName,
> +			input, &err);
> +	error_check("SecTransformSetAttribute failed: %ld", err);
> +
> +	output = SecTransformExecute(decoder, &err);
> +	error_check("SecTransformExecute failed: %ld", err);
> +
> +	length = CFDataGetLength(output);
> +	CFDataGetBytes(output, CFRangeMake(0, length), out);
> +
> +	CFRelease(output);
> +	CFRelease(input);
> +	CFRelease(decoder);
> +
> +	return (int)strlen((const char *)out);
> +}
> +#endif /* APPLE_LION_OR_NEWER */
> +
> #ifndef NO_OPENSSL
> 
> /*
> -- 
> 1.8.3.2.804.g0da7a53.dirty
>

<<attachment: smime.p7s>>

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]