Re: [PATCH v2] imap-send: use Apple's Security framework for base64 encoding
David Aguilar dav...@gmail.com writes: From: Jeremy Huddleston jerem...@apple.com Use Apple's supported functions for base64 encoding instead of the deprecated OpenSSL functions. Signed-off-by: Jeremy Huddleston jerem...@apple.com Signed-off-by: David Aguilar dav...@gmail.com --- This version moves the tricky #ifdefs into git-compat-util.h Nice. I however wonder if we can kick the inlines that are irrelevant to most people out further. For example, would the following be an improvement? -- 8 -- From: Jeremy Huddleston jerem...@apple.com Date: Mon, 29 Jul 2013 18:28:30 -0700 Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding Use Apple's supported functions for base64 encoding instead of the deprecated OpenSSL functions. Signed-off-by: Jeremy Huddleston jerem...@apple.com Signed-off-by: David Aguilar dav...@gmail.com Signed-off-by: Junio C Hamano gits...@pobox.com --- Makefile | 1 + compat/apple-common-crypto.h | 86 git-compat-util.h| 11 ++ imap-send.c | 14 4 files changed, 98 insertions(+), 14 deletions(-) create mode 100644 compat/apple-common-crypto.h diff --git a/Makefile b/Makefile index 5e7cadf..dddf49b 100644 --- a/Makefile +++ b/Makefile @@ -1398,6 +1398,7 @@ ifdef PPC_SHA1 LIB_H += ppc/sha1.h else ifdef APPLE_COMMON_CRYPTO + LIB_4_CRYPTO += -framework Security -framework CoreFoundation COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL SHA1_HEADER = CommonCrypto/CommonDigest.h else diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h new file mode 100644 index 000..c8b9b0e --- /dev/null +++ b/compat/apple-common-crypto.h @@ -0,0 +1,86 @@ +/* suppress inclusion of conflicting openssl functions */ +#define OPENSSL_NO_MD5 +#define HEADER_HMAC_H +#define HEADER_SHA_H +#include CommonCrypto/CommonHMAC.h +#define HMAC_CTX CCHmacContext +#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len) +#define HMAC_Update CCHmacUpdate +#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash) +#define HMAC_CTX_cleanup(ignore) +#define EVP_md5(...) kCCHmacAlgMD5 +#if __MAC_OS_X_VERSION_MIN_REQUIRED = 1070 +#define APPLE_LION_OR_NEWER +#include Security/Security.h +/* Apple's TYPE_BOOL conflicts with config.c */ +#undef TYPE_BOOL +#endif + +#ifdef APPLE_LION_OR_NEWER +#define git_CC_error_check(pattern, err) \ + do { \ + if (err) { \ + die(pattern, (long)CFErrorGetCode(err)); \ + } \ + } while(0) + +#define EVP_EncodeBlock git_CC_EVP_EncodeBlock +static inline int git_CC_EVP_EncodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef encoder; + CFDataRef input, output; + CFIndex length; + + encoder = SecEncodeTransformCreate(kSecBase64Encoding, err); + git_CC_error_check(SecEncodeTransformCreate failed: %ld, err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(encoder, kSecTransformInputAttributeName, + input, err); + git_CC_error_check(SecTransformSetAttribute failed: %ld, err); + + output = SecTransformExecute(encoder, err); + git_CC_error_check(SecTransformExecute failed: %ld, err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(encoder); + + return (int)strlen((const char *)out); +} + +#define EVP_DecodeBlock git_CC_EVP_DecodeBlock +static int inline git_CC_EVP_DecodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef decoder; + CFDataRef input, output; + CFIndex length; + + decoder = SecDecodeTransformCreate(kSecBase64Encoding, err); + git_CC_error_check(SecEncodeTransformCreate failed: %ld, err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(decoder, kSecTransformInputAttributeName, + input, err); + git_CC_error_check(SecTransformSetAttribute failed: %ld, err); + + output = SecTransformExecute(decoder, err); + git_CC_error_check(SecTransformExecute failed: %ld, err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(decoder); + + return (int)strlen((const char *)out); +} +#endif /* APPLE_LION_OR_NEWER */ diff --git a/git-compat-util.h b/git-compat-util.h index e955bb5..6ebb029 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -127,6 +127,17 @@ #else #include poll.h #endif + +#ifndef NO_OPENSSL +#ifdef APPLE_COMMON_CRYPTO +#include compat/apple-common-crypto.h +#else
Re: [PATCH v2] imap-send: use Apple's Security framework for base64 encoding
On Tue, Jul 30, 2013 at 8:54 AM, Junio C Hamano gits...@pobox.com wrote: David Aguilar dav...@gmail.com writes: From: Jeremy Huddleston jerem...@apple.com Use Apple's supported functions for base64 encoding instead of the deprecated OpenSSL functions. Signed-off-by: Jeremy Huddleston jerem...@apple.com Signed-off-by: David Aguilar dav...@gmail.com --- This version moves the tricky #ifdefs into git-compat-util.h Nice. I however wonder if we can kick the inlines that are irrelevant to most people out further. For example, would the following be an improvement? Yes, IMO that is nicer. It keeps all of the Apple specifics neatly tucked away. Thanks -- 8 -- From: Jeremy Huddleston jerem...@apple.com Date: Mon, 29 Jul 2013 18:28:30 -0700 Subject: [PATCH] imap-send: use Apple's Security framework for base64 encoding Use Apple's supported functions for base64 encoding instead of the deprecated OpenSSL functions. Signed-off-by: Jeremy Huddleston jerem...@apple.com Signed-off-by: David Aguilar dav...@gmail.com Signed-off-by: Junio C Hamano gits...@pobox.com --- Makefile | 1 + compat/apple-common-crypto.h | 86 git-compat-util.h| 11 ++ imap-send.c | 14 4 files changed, 98 insertions(+), 14 deletions(-) create mode 100644 compat/apple-common-crypto.h diff --git a/Makefile b/Makefile index 5e7cadf..dddf49b 100644 --- a/Makefile +++ b/Makefile @@ -1398,6 +1398,7 @@ ifdef PPC_SHA1 LIB_H += ppc/sha1.h else ifdef APPLE_COMMON_CRYPTO + LIB_4_CRYPTO += -framework Security -framework CoreFoundation COMPAT_CFLAGS += -DCOMMON_DIGEST_FOR_OPENSSL SHA1_HEADER = CommonCrypto/CommonDigest.h else diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h new file mode 100644 index 000..c8b9b0e --- /dev/null +++ b/compat/apple-common-crypto.h @@ -0,0 +1,86 @@ +/* suppress inclusion of conflicting openssl functions */ +#define OPENSSL_NO_MD5 +#define HEADER_HMAC_H +#define HEADER_SHA_H +#include CommonCrypto/CommonHMAC.h +#define HMAC_CTX CCHmacContext +#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len) +#define HMAC_Update CCHmacUpdate +#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash) +#define HMAC_CTX_cleanup(ignore) +#define EVP_md5(...) kCCHmacAlgMD5 +#if __MAC_OS_X_VERSION_MIN_REQUIRED = 1070 +#define APPLE_LION_OR_NEWER +#include Security/Security.h +/* Apple's TYPE_BOOL conflicts with config.c */ +#undef TYPE_BOOL +#endif + +#ifdef APPLE_LION_OR_NEWER +#define git_CC_error_check(pattern, err) \ + do { \ + if (err) { \ + die(pattern, (long)CFErrorGetCode(err)); \ + } \ + } while(0) + +#define EVP_EncodeBlock git_CC_EVP_EncodeBlock +static inline int git_CC_EVP_EncodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef encoder; + CFDataRef input, output; + CFIndex length; + + encoder = SecEncodeTransformCreate(kSecBase64Encoding, err); + git_CC_error_check(SecEncodeTransformCreate failed: %ld, err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(encoder, kSecTransformInputAttributeName, + input, err); + git_CC_error_check(SecTransformSetAttribute failed: %ld, err); + + output = SecTransformExecute(encoder, err); + git_CC_error_check(SecTransformExecute failed: %ld, err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(encoder); + + return (int)strlen((const char *)out); +} + +#define EVP_DecodeBlock git_CC_EVP_DecodeBlock +static int inline git_CC_EVP_DecodeBlock(unsigned char *out, + const unsigned char *in, int inlen) +{ + CFErrorRef err; + SecTransformRef decoder; + CFDataRef input, output; + CFIndex length; + + decoder = SecDecodeTransformCreate(kSecBase64Encoding, err); + git_CC_error_check(SecEncodeTransformCreate failed: %ld, err); + + input = CFDataCreate(kCFAllocatorDefault, in, inlen); + SecTransformSetAttribute(decoder, kSecTransformInputAttributeName, + input, err); + git_CC_error_check(SecTransformSetAttribute failed: %ld, err); + + output = SecTransformExecute(decoder, err); + git_CC_error_check(SecTransformExecute failed: %ld, err); + + length = CFDataGetLength(output); + CFDataGetBytes(output, CFRangeMake(0, length), out); + + CFRelease(output); + CFRelease(input); + CFRelease(decoder); + + return (int)strlen((const char *)out); +} +#endif /* APPLE_LION_OR_NEWER