undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ky/imap-send-openssl-1.1.0'

Browse Source 
Upcoming OpenSSL 1.1.0 will break compilation b updating a few APIs
we use in imap-send, which has been adjusted for the change.

* ky/imap-send-openssl-1.1.0:
  configure: remove checking for HMAC_CTX_cleanup
  imap-send: avoid deprecated TLSv1_method()
  imap-send: check NULL return of SSL_CTX_new()
  imap-send: use HMAC() function provided by OpenSSL
This commit is contained in:
Junio C Hamano 2016-04-22 15:45:08 -07:00
commit 33e4ec89d9
5 changed files with 21 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -355,9 +355,6 @@ all::
# #
# Define HAVE_CLOCK_MONOTONIC if your platform has CLOCK_MONOTONIC in librt. # Define HAVE_CLOCK_MONOTONIC if your platform has CLOCK_MONOTONIC in librt.
# #
# Define NO_HMAC_CTX_CLEANUP if your OpenSSL is version 0.9.6b or earlier to
# cleanup the HMAC context with the older HMAC_cleanup function.
#
# Define USE_PARENS_AROUND_GETTEXT_N to "yes" if your compiler happily # Define USE_PARENS_AROUND_GETTEXT_N to "yes" if your compiler happily
# compiles the following initialization: # compiles the following initialization:
# #
@ -1138,9 +1135,6 @@ ifndef NO_OPENSSL
ifdef NEEDS_CRYPTO_WITH_SSL ifdef NEEDS_CRYPTO_WITH_SSL
OPENSSL_LIBSSL += -lcrypto OPENSSL_LIBSSL += -lcrypto
endif endif
ifdef NO_HMAC_CTX_CLEANUP
BASIC_CFLAGS += -DNO_HMAC_CTX_CLEANUP
endif
else else
BASIC_CFLAGS += -DNO_OPENSSL BASIC_CFLAGS += -DNO_OPENSSL
BLK_SHA1 = 1 BLK_SHA1 = 1

16
compat/apple-common-crypto.h
View File

@ -3,12 +3,18 @@
#define HEADER_HMAC_H #define HEADER_HMAC_H
#define HEADER_SHA_H #define HEADER_SHA_H
#include <CommonCrypto/CommonHMAC.h> #include <CommonCrypto/CommonHMAC.h>
#define HMAC_CTX CCHmacContext
#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
#define HMAC_Update CCHmacUpdate
#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
#define HMAC_CTX_cleanup(ignore)
#define EVP_md5(...) kCCHmacAlgMD5 #define EVP_md5(...) kCCHmacAlgMD5
/* CCHmac doesn't take md_len and the return type is void */
#define HMAC git_CC_HMAC
static inline unsigned char *git_CC_HMAC(CCHmacAlgorithm alg,
const void *key, int key_len,
const unsigned char *data, size_t data_len,
unsigned char *md, unsigned int *md_len)
{
CCHmac(alg, key, key_len, data, data_len, md);
return md;
}
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
#define APPLE_LION_OR_NEWER #define APPLE_LION_OR_NEWER
#include <Security/Security.h> #include <Security/Security.h>

4
configure.ac
View File

@ -970,10 +970,6 @@ AC_CHECK_LIB([iconv], [locale_charset],
[CHARSET_LIB=-lcharset])]) [CHARSET_LIB=-lcharset])])
GIT_CONF_SUBST([CHARSET_LIB]) GIT_CONF_SUBST([CHARSET_LIB])
# #
# Define NO_HMAC_CTX_CLEANUP=YesPlease if HMAC_CTX_cleanup is missing.
AC_CHECK_LIB([crypto], [HMAC_CTX_cleanup],
[], [GIT_CONF_SUBST([NO_HMAC_CTX_CLEANUP], [YesPlease])])
#
# Define HAVE_CLOCK_GETTIME=YesPlease if clock_gettime is available. # Define HAVE_CLOCK_GETTIME=YesPlease if clock_gettime is available.
GIT_CHECK_FUNC(clock_gettime, GIT_CHECK_FUNC(clock_gettime,
[HAVE_CLOCK_GETTIME=YesPlease], [HAVE_CLOCK_GETTIME=YesPlease],

3
git-compat-util.h
View File

@ -279,9 +279,6 @@ extern char *gitdirname(char *);
#endif #endif
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#ifdef NO_HMAC_CTX_CLEANUP
#define HMAC_CTX_cleanup HMAC_cleanup
#endif
#endif #endif
/* On most systems <netdb.h> would have given us this, but /* On most systems <netdb.h> would have given us this, but

20
imap-send.c
View File

@ -287,17 +287,20 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
if (use_tls_only) meth = SSLv23_method();
meth = TLSv1_method();
else
meth = SSLv23_method();
if (!meth) { if (!meth) {
ssl_socket_perror("SSLv23_method"); ssl_socket_perror("SSLv23_method");
return -1; return -1;
} }
ctx = SSL_CTX_new(meth); ctx = SSL_CTX_new(meth);
if (!ctx) {
ssl_socket_perror("SSL_CTX_new");
return -1;
}
if (use_tls_only)
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (verify) if (verify)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
@ -862,7 +865,6 @@ static char hexchar(unsigned int b)
static char *cram(const char *challenge_64, const char *user, const char *pass) static char *cram(const char *challenge_64, const char *user, const char *pass)
{ {
int i, resp_len, encoded_len, decoded_len; int i, resp_len, encoded_len, decoded_len;
HMAC_CTX hmac;
unsigned char hash[16]; unsigned char hash[16];
char hex[33]; char hex[33];
char *response, *response_64, *challenge; char *response, *response_64, *challenge;
@ -877,10 +879,8 @@ static char *cram(const char *challenge_64, const char *user, const char *pass)
(unsigned char *)challenge_64, encoded_len); (unsigned char *)challenge_64, encoded_len);
if (decoded_len < 0) if (decoded_len < 0)
die("invalid challenge %s", challenge_64); die("invalid challenge %s", challenge_64);
HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5()); if (!HMAC(EVP_md5(), pass, strlen(pass), (unsigned char *)challenge, decoded_len, hash, NULL))
HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len); die("HMAC error");
HMAC_Final(&hmac, hash, NULL);
HMAC_CTX_cleanup(&hmac);
hex[32] = 0; hex[32] = 0;
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {