git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Aguilar <davvid@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, Eric Sunshine <sunshine@sunshineco.com>,
	Jeremy Huddleston <jeremyhu@apple.com>
Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding
Date: Sat, 27 Jul 2013 13:31:32 -0700	[thread overview]
Message-ID: <1374957092-41505-1-git-send-email-davvid@gmail.com> (raw)

From: Jeremy Huddleston <jeremyhu@apple.com>

Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.

Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
---
This is Jeremy's original patch rebased onto the latest master.

Jeremy, the only way I could get this to work was to suppress inclusion of
openssl/sha.h by defining HEADER_SHA_H.  This can be removed when we have
replacements for openssl/x509v3.h.

 Makefile    |  1 +
 imap-send.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 82 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 0600eb4..4c40665 100644
--- a/Makefile
+++ b/Makefile
@@ -1413,6 +1413,7 @@ ifdef PPC_SHA1
 	LIB_H += ppc/sha1.h
 else
 ifdef APPLE_COMMON_CRYPTO
+	LIB_4_CRYPTO += -framework Security -framework CoreFoundation
 	COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
 	SHA1_HEADER = <CommonCrypto/CommonDigest.h>
 else
diff --git a/imap-send.c b/imap-send.c
index d6b65e2..3fd9c0e 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -22,14 +22,11 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-#include "cache.h"
-#include "exec_cmd.h"
-#include "run-command.h"
-#include "prompt.h"
 #ifdef NO_OPENSSL
 typedef void *SSL;
 #else
 #ifdef APPLE_COMMON_CRYPTO
+/* git-compat-util.h overwrites ctype.h; this must be included first */
 #include <CommonCrypto/CommonHMAC.h>
 #define HMAC_CTX CCHmacContext
 #define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
@@ -37,12 +34,23 @@ typedef void *SSL;
 #define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
 #define HMAC_CTX_cleanup(ignore)
 #define EVP_md5() kCCHmacAlgMD5
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+#define APPLE_LION_OR_NEWER
+#include <Security/Security.h>
+#define HEADER_SHA_H /* suppress inclusion of openssl/sha.h */
+#endif
+
 #else
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #endif
 #include <openssl/x509v3.h>
 #endif
+#include "cache.h"
+#include "exec_cmd.h"
+#include "run-command.h"
+#include "prompt.h"
 
 static const char imap_send_usage[] = "git imap-send < <mbox>";
 
@@ -877,6 +885,75 @@ static void imap_close_store(struct imap_store *ctx)
 	free(ctx);
 }
 
+#ifdef APPLE_LION_OR_NEWER
+#define EVP_DecodeBlock git_CC_EVP_DecodeBlock
+#define EVP_EncodeBlock git_CC_EVP_EncodeBlock
+#define error_check(pattern, err) \
+	do { \
+		if (err) { \
+			die(pattern, (long)CFErrorGetCode(err)); \
+		} \
+	} while(0)
+
+static int git_CC_EVP_EncodeBlock(unsigned char *out,
+		const unsigned char *in, int inlen)
+{
+	CFErrorRef err;
+	SecTransformRef encoder;
+	CFDataRef input, output;
+	CFIndex length;
+
+	encoder = SecEncodeTransformCreate(kSecBase64Encoding, &err);
+	error_check("SecEncodeTransformCreate failed: %ld", err);
+
+	input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+	SecTransformSetAttribute(encoder, kSecTransformInputAttributeName,
+			input, &err);
+	error_check("SecTransformSetAttribute failed: %ld", err);
+
+	output = SecTransformExecute(encoder, &err);
+	error_check("SecTransformExecute failed: %ld", err);
+
+	length = CFDataGetLength(output);
+	CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+	CFRelease(output);
+	CFRelease(input);
+	CFRelease(encoder);
+
+	return (int)strlen((const char *)out);
+}
+
+static int git_CC_EVP_DecodeBlock(unsigned char *out,
+		const unsigned char *in, int inlen)
+{
+	CFErrorRef err;
+	SecTransformRef decoder;
+	CFDataRef input, output;
+	CFIndex length;
+
+	decoder = SecDecodeTransformCreate(kSecBase64Encoding, &err);
+	error_check("SecEncodeTransformCreate failed: %ld", err);
+
+	input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+	SecTransformSetAttribute(decoder, kSecTransformInputAttributeName,
+			input, &err);
+	error_check("SecTransformSetAttribute failed: %ld", err);
+
+	output = SecTransformExecute(decoder, &err);
+	error_check("SecTransformExecute failed: %ld", err);
+
+	length = CFDataGetLength(output);
+	CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+	CFRelease(output);
+	CFRelease(input);
+	CFRelease(decoder);
+
+	return (int)strlen((const char *)out);
+}
+#endif /* APPLE_LION_OR_NEWER */
+
 #ifndef NO_OPENSSL
 
 /*
-- 
1.8.3.2.804.g0da7a53.dirty

             reply	other threads:[~2013-07-27 20:31 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-27 20:31 David Aguilar [this message]
2013-07-27 23:28 ` [PATCH] imap-send: use Apple's Security framework for base64 encoding Jeremy Huddleston Sequoia
2013-07-29  3:35 ` Jonathan Nieder
2013-07-29  7:23   ` David Aguilar
2013-07-29 15:51 ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1374957092-41505-1-git-send-email-davvid@gmail.com \
    --to=davvid@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=jeremyhu@apple.com \
    --cc=sunshine@sunshineco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).