From: David Aguilar <davvid@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, Eric Sunshine <sunshine@sunshineco.com>,
Jeremy Huddleston <jeremyhu@apple.com>
Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding
Date: Sat, 27 Jul 2013 13:31:32 -0700 [thread overview]
Message-ID: <1374957092-41505-1-git-send-email-davvid@gmail.com> (raw)
From: Jeremy Huddleston <jeremyhu@apple.com>
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
---
This is Jeremy's original patch rebased onto the latest master.
Jeremy, the only way I could get this to work was to suppress inclusion of
openssl/sha.h by defining HEADER_SHA_H. This can be removed when we have
replacements for openssl/x509v3.h.
Makefile | 1 +
imap-send.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 82 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 0600eb4..4c40665 100644
--- a/Makefile
+++ b/Makefile
@@ -1413,6 +1413,7 @@ ifdef PPC_SHA1
LIB_H += ppc/sha1.h
else
ifdef APPLE_COMMON_CRYPTO
+ LIB_4_CRYPTO += -framework Security -framework CoreFoundation
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
SHA1_HEADER = <CommonCrypto/CommonDigest.h>
else
diff --git a/imap-send.c b/imap-send.c
index d6b65e2..3fd9c0e 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -22,14 +22,11 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-#include "cache.h"
-#include "exec_cmd.h"
-#include "run-command.h"
-#include "prompt.h"
#ifdef NO_OPENSSL
typedef void *SSL;
#else
#ifdef APPLE_COMMON_CRYPTO
+/* git-compat-util.h overwrites ctype.h; this must be included first */
#include <CommonCrypto/CommonHMAC.h>
#define HMAC_CTX CCHmacContext
#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
@@ -37,12 +34,23 @@ typedef void *SSL;
#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
#define HMAC_CTX_cleanup(ignore)
#define EVP_md5() kCCHmacAlgMD5
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+#define APPLE_LION_OR_NEWER
+#include <Security/Security.h>
+#define HEADER_SHA_H /* suppress inclusion of openssl/sha.h */
+#endif
+
#else
#include <openssl/evp.h>
#include <openssl/hmac.h>
#endif
#include <openssl/x509v3.h>
#endif
+#include "cache.h"
+#include "exec_cmd.h"
+#include "run-command.h"
+#include "prompt.h"
static const char imap_send_usage[] = "git imap-send < <mbox>";
@@ -877,6 +885,75 @@ static void imap_close_store(struct imap_store *ctx)
free(ctx);
}
+#ifdef APPLE_LION_OR_NEWER
+#define EVP_DecodeBlock git_CC_EVP_DecodeBlock
+#define EVP_EncodeBlock git_CC_EVP_EncodeBlock
+#define error_check(pattern, err) \
+ do { \
+ if (err) { \
+ die(pattern, (long)CFErrorGetCode(err)); \
+ } \
+ } while(0)
+
+static int git_CC_EVP_EncodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef encoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ encoder = SecEncodeTransformCreate(kSecBase64Encoding, &err);
+ error_check("SecEncodeTransformCreate failed: %ld", err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(encoder, kSecTransformInputAttributeName,
+ input, &err);
+ error_check("SecTransformSetAttribute failed: %ld", err);
+
+ output = SecTransformExecute(encoder, &err);
+ error_check("SecTransformExecute failed: %ld", err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(encoder);
+
+ return (int)strlen((const char *)out);
+}
+
+static int git_CC_EVP_DecodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef decoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ decoder = SecDecodeTransformCreate(kSecBase64Encoding, &err);
+ error_check("SecEncodeTransformCreate failed: %ld", err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(decoder, kSecTransformInputAttributeName,
+ input, &err);
+ error_check("SecTransformSetAttribute failed: %ld", err);
+
+ output = SecTransformExecute(decoder, &err);
+ error_check("SecTransformExecute failed: %ld", err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(decoder);
+
+ return (int)strlen((const char *)out);
+}
+#endif /* APPLE_LION_OR_NEWER */
+
#ifndef NO_OPENSSL
/*
--
1.8.3.2.804.g0da7a53.dirty
next reply other threads:[~2013-07-27 20:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-27 20:31 David Aguilar [this message]
2013-07-27 23:28 ` [PATCH] imap-send: use Apple's Security framework for base64 encoding Jeremy Huddleston Sequoia
2013-07-29 3:35 ` Jonathan Nieder
2013-07-29 7:23 ` David Aguilar
2013-07-29 15:51 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1374957092-41505-1-git-send-email-davvid@gmail.com \
--to=davvid@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jeremyhu@apple.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).