Re: [PATCH v2] imap-send: use Apple's Security framework for base64 encoding
David Aguilar dav...@gmail.com writes:
From: Jeremy Huddleston jerem...@apple.com
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.
Signed-off-by: Jeremy Huddleston jerem...@apple.com
Signed-off-by: David Aguilar dav...@gmail.com
---
This version moves the tricky #ifdefs into git-compat-util.h
Nice. I however wonder if we can kick the inlines that are
irrelevant to most people out further. For example, would the
following be an improvement?
-- 8 --
From: Jeremy Huddleston jerem...@apple.com
Date: Mon, 29 Jul 2013 18:28:30 -0700
Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.
Signed-off-by: Jeremy Huddleston jerem...@apple.com
Signed-off-by: David Aguilar dav...@gmail.com
Signed-off-by: Junio C Hamano gits...@pobox.com
---
Makefile | 1 +
compat/apple-common-crypto.h | 86
git-compat-util.h| 11 ++
imap-send.c | 14
4 files changed, 98 insertions(+), 14 deletions(-)
create mode 100644 compat/apple-common-crypto.h
diff --git a/Makefile b/Makefile
index 5e7cadf..dddf49b 100644
--- a/Makefile
+++ b/Makefile
@@ -1398,6 +1398,7 @@ ifdef PPC_SHA1
LIB_H += ppc/sha1.h
else
ifdef APPLE_COMMON_CRYPTO
+ LIB_4_CRYPTO += -framework Security -framework CoreFoundation
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
SHA1_HEADER = CommonCrypto/CommonDigest.h
else
diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h
new file mode 100644
index 000..c8b9b0e
--- /dev/null
+++ b/compat/apple-common-crypto.h
@@ -0,0 +1,86 @@
+/* suppress inclusion of conflicting openssl functions */
+#define OPENSSL_NO_MD5
+#define HEADER_HMAC_H
+#define HEADER_SHA_H
+#include CommonCrypto/CommonHMAC.h
+#define HMAC_CTX CCHmacContext
+#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
+#define HMAC_Update CCHmacUpdate
+#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
+#define HMAC_CTX_cleanup(ignore)
+#define EVP_md5(...) kCCHmacAlgMD5
+#if __MAC_OS_X_VERSION_MIN_REQUIRED = 1070
+#define APPLE_LION_OR_NEWER
+#include Security/Security.h
+/* Apple's TYPE_BOOL conflicts with config.c */
+#undef TYPE_BOOL
+#endif
+
+#ifdef APPLE_LION_OR_NEWER
+#define git_CC_error_check(pattern, err) \
+ do { \
+ if (err) { \
+ die(pattern, (long)CFErrorGetCode(err)); \
+ } \
+ } while(0)
+
+#define EVP_EncodeBlock git_CC_EVP_EncodeBlock
+static inline int git_CC_EVP_EncodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef encoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ encoder = SecEncodeTransformCreate(kSecBase64Encoding, err);
+ git_CC_error_check(SecEncodeTransformCreate failed: %ld, err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(encoder, kSecTransformInputAttributeName,
+ input, err);
+ git_CC_error_check(SecTransformSetAttribute failed: %ld, err);
+
+ output = SecTransformExecute(encoder, err);
+ git_CC_error_check(SecTransformExecute failed: %ld, err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(encoder);
+
+ return (int)strlen((const char *)out);
+}
+
+#define EVP_DecodeBlock git_CC_EVP_DecodeBlock
+static int inline git_CC_EVP_DecodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef decoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ decoder = SecDecodeTransformCreate(kSecBase64Encoding, err);
+ git_CC_error_check(SecEncodeTransformCreate failed: %ld, err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(decoder, kSecTransformInputAttributeName,
+ input, err);
+ git_CC_error_check(SecTransformSetAttribute failed: %ld, err);
+
+ output = SecTransformExecute(decoder, err);
+ git_CC_error_check(SecTransformExecute failed: %ld, err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(decoder);
+
+ return (int)strlen((const char *)out);
+}
+#endif /* APPLE_LION_OR_NEWER */
diff --git a/git-compat-util.h b/git-compat-util.h
index e955bb5..6ebb029 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -127,6 +127,17 @@
#else
#include poll.h
#endif
+
+#ifndef NO_OPENSSL
+#ifdef APPLE_COMMON_CRYPTO
+#include compat/apple-common-crypto.h
+#else
Re: [PATCH v2] imap-send: use Apple's Security framework for base64 encoding
On Tue, Jul 30, 2013 at 8:54 AM, Junio C Hamano gits...@pobox.com wrote:
David Aguilar dav...@gmail.com writes:
From: Jeremy Huddleston jerem...@apple.com
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.
Signed-off-by: Jeremy Huddleston jerem...@apple.com
Signed-off-by: David Aguilar dav...@gmail.com
---
This version moves the tricky #ifdefs into git-compat-util.h
Nice. I however wonder if we can kick the inlines that are
irrelevant to most people out further. For example, would the
following be an improvement?
Yes, IMO that is nicer. It keeps all of the Apple specifics neatly tucked away.
Thanks
-- 8 --
From: Jeremy Huddleston jerem...@apple.com
Date: Mon, 29 Jul 2013 18:28:30 -0700
Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding
Use Apple's supported functions for base64 encoding instead
of the deprecated OpenSSL functions.
Signed-off-by: Jeremy Huddleston jerem...@apple.com
Signed-off-by: David Aguilar dav...@gmail.com
Signed-off-by: Junio C Hamano gits...@pobox.com
---
Makefile | 1 +
compat/apple-common-crypto.h | 86
git-compat-util.h| 11 ++
imap-send.c | 14
4 files changed, 98 insertions(+), 14 deletions(-)
create mode 100644 compat/apple-common-crypto.h
diff --git a/Makefile b/Makefile
index 5e7cadf..dddf49b 100644
--- a/Makefile
+++ b/Makefile
@@ -1398,6 +1398,7 @@ ifdef PPC_SHA1
LIB_H += ppc/sha1.h
else
ifdef APPLE_COMMON_CRYPTO
+ LIB_4_CRYPTO += -framework Security -framework CoreFoundation
COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL
SHA1_HEADER = CommonCrypto/CommonDigest.h
else
diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h
new file mode 100644
index 000..c8b9b0e
--- /dev/null
+++ b/compat/apple-common-crypto.h
@@ -0,0 +1,86 @@
+/* suppress inclusion of conflicting openssl functions */
+#define OPENSSL_NO_MD5
+#define HEADER_HMAC_H
+#define HEADER_SHA_H
+#include CommonCrypto/CommonHMAC.h
+#define HMAC_CTX CCHmacContext
+#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
+#define HMAC_Update CCHmacUpdate
+#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
+#define HMAC_CTX_cleanup(ignore)
+#define EVP_md5(...) kCCHmacAlgMD5
+#if __MAC_OS_X_VERSION_MIN_REQUIRED = 1070
+#define APPLE_LION_OR_NEWER
+#include Security/Security.h
+/* Apple's TYPE_BOOL conflicts with config.c */
+#undef TYPE_BOOL
+#endif
+
+#ifdef APPLE_LION_OR_NEWER
+#define git_CC_error_check(pattern, err) \
+ do { \
+ if (err) { \
+ die(pattern, (long)CFErrorGetCode(err)); \
+ } \
+ } while(0)
+
+#define EVP_EncodeBlock git_CC_EVP_EncodeBlock
+static inline int git_CC_EVP_EncodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef encoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ encoder = SecEncodeTransformCreate(kSecBase64Encoding, err);
+ git_CC_error_check(SecEncodeTransformCreate failed: %ld, err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(encoder, kSecTransformInputAttributeName,
+ input, err);
+ git_CC_error_check(SecTransformSetAttribute failed: %ld, err);
+
+ output = SecTransformExecute(encoder, err);
+ git_CC_error_check(SecTransformExecute failed: %ld, err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(encoder);
+
+ return (int)strlen((const char *)out);
+}
+
+#define EVP_DecodeBlock git_CC_EVP_DecodeBlock
+static int inline git_CC_EVP_DecodeBlock(unsigned char *out,
+ const unsigned char *in, int inlen)
+{
+ CFErrorRef err;
+ SecTransformRef decoder;
+ CFDataRef input, output;
+ CFIndex length;
+
+ decoder = SecDecodeTransformCreate(kSecBase64Encoding, err);
+ git_CC_error_check(SecEncodeTransformCreate failed: %ld, err);
+
+ input = CFDataCreate(kCFAllocatorDefault, in, inlen);
+ SecTransformSetAttribute(decoder, kSecTransformInputAttributeName,
+ input, err);
+ git_CC_error_check(SecTransformSetAttribute failed: %ld, err);
+
+ output = SecTransformExecute(decoder, err);
+ git_CC_error_check(SecTransformExecute failed: %ld, err);
+
+ length = CFDataGetLength(output);
+ CFDataGetBytes(output, CFRangeMake(0, length), out);
+
+ CFRelease(output);
+ CFRelease(input);
+ CFRelease(decoder);
+
+ return (int)strlen((const char *)out);
+}
+#endif /* APPLE_LION_OR_NEWER
