[PATCH 0/4] fix compilation with OpenSSL 1.1.0-pre4

[PATCH 0/4] fix compilation with OpenSSL 1.1.0-pre4

[Kazuki Yamaguchi]

OpenSSL 1.1.0 is not released yet, but the first beta 1.1.0-pre4 was
released on Mar 16[1]. According to the OpenSSL's web site[2], only bug
fixes will be applied after beta release, and 1.1.0 final will be in a
month or two.

Thanks,

[1] https://mta.openssl.org/pipermail/openssl-announce/2016-March/000067.html
[2] https://www.openssl.org/policies/releasestrat.html

Kazuki Yamaguchi (4):
  imap-send: use HMAC() function provided by OpenSSL
  imap-send: check NULL return of SSL_CTX_new()
  imap-send: avoid deprecated TLSv1_method()
  configure: remove checking for HMAC_CTX_cleanup

 Makefile                     |  6 ------
 compat/apple-common-crypto.h | 16 +++++++++++-----
 configure.ac                 |  4 ----
 git-compat-util.h            |  3 ---
 imap-send.c                  | 20 ++++++++++----------
 5 files changed, 21 insertions(+), 28 deletions(-)

-- 
2.8.1.104.g0d1aca6

[PATCH 1/4] imap-send: use HMAC() function provided by OpenSSL

[Kazuki Yamaguchi]

Fix compile errors with OpenSSL 1.1.0.

HMAC_CTX is made opaque and HMAC_CTX_cleanup is removed in OpenSSL
1.1.0. But since we just want to calculate one HMAC, we can use HMAC()
here, which exists since OpenSSL 0.9.6 at least.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
---
Since I don't have OS X machines, changes in
compat/apple-common-crypto.h is untested, just confirmed it compiles on
Travis CI.

 compat/apple-common-crypto.h | 16 +++++++++++-----
 imap-send.c                  |  7 ++-----
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/compat/apple-common-crypto.h b/compat/apple-common-crypto.h
index d3fb26418134..11727f3e1ed7 100644
--- a/compat/apple-common-crypto.h
+++ b/compat/apple-common-crypto.h
@@ -3,12 +3,18 @@
 #define HEADER_HMAC_H
 #define HEADER_SHA_H
 #include <CommonCrypto/CommonHMAC.h>
-#define HMAC_CTX CCHmacContext
-#define HMAC_Init(hmac, key, len, algo) CCHmacInit(hmac, algo, key, len)
-#define HMAC_Update CCHmacUpdate
-#define HMAC_Final(hmac, hash, ptr) CCHmacFinal(hmac, hash)
-#define HMAC_CTX_cleanup(ignore)
 #define EVP_md5(...) kCCHmacAlgMD5
+/* CCHmac doesn't take md_len and the return type is void */
+#define HMAC git_CC_HMAC
+static inline unsigned char *git_CC_HMAC(CCHmacAlgorithm alg,
+		const void *key, int key_len,
+		const unsigned char *data, size_t data_len,
+		unsigned char *md, unsigned int *md_len)
+{
+	CCHmac(alg, key, key_len, data, data_len, md);
+	return md;
+}
+
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
 #define APPLE_LION_OR_NEWER
 #include <Security/Security.h>
diff --git a/imap-send.c b/imap-send.c
index 2c52027c8445..0364b326e109 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -862,7 +862,6 @@ static char hexchar(unsigned int b)
 static char *cram(const char *challenge_64, const char *user, const char *pass)
 {
 	int i, resp_len, encoded_len, decoded_len;
-	HMAC_CTX hmac;
 	unsigned char hash[16];
 	char hex[33];
 	char *response, *response_64, *challenge;
@@ -877,10 +876,8 @@ static char *cram(const char *challenge_64, const char *user, const char *pass)
 				      (unsigned char *)challenge_64, encoded_len);
 	if (decoded_len < 0)
 		die("invalid challenge %s", challenge_64);
-	HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5());
-	HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len);
-	HMAC_Final(&hmac, hash, NULL);
-	HMAC_CTX_cleanup(&hmac);
+	if (!HMAC(EVP_md5(), pass, strlen(pass), (unsigned char *)challenge, decoded_len, hash, NULL))
+		die("HMAC error");
 
 	hex[32] = 0;
 	for (i = 0; i < 16; i++) {
-- 
2.8.1.104.g0d1aca6

[PATCH 2/4] imap-send: check NULL return of SSL_CTX_new()

[Kazuki Yamaguchi]

SSL_CTX_new() may fail with return value NULL.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
---
 imap-send.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/imap-send.c b/imap-send.c
index 0364b326e109..c5e24a35491d 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -298,6 +298,10 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 	}
 
 	ctx = SSL_CTX_new(meth);
+	if (!ctx) {
+		ssl_socket_perror("SSL_CTX_new");
+		return -1;
+	}
 
 	if (verify)
 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
-- 
2.8.1.104.g0d1aca6

[PATCH 3/4] imap-send: avoid deprecated TLSv1_method()

[Kazuki Yamaguchi]

Use SSLv23_method always and disable SSL if needed.

TLSv1_method() function is deprecated in OpenSSL 1.1.0 and the compiler
emits a warning.

SSLv23_method() is also deprecated, but the alternative, TLS_method(),
is new in OpenSSL 1.1.0 so requires checking by configure. Stick to
SSLv23_method() for now (this is aliased to TLS_method()).

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
---
 imap-send.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/imap-send.c b/imap-send.c
index c5e24a35491d..f53380562c4d 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -287,11 +287,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 	SSL_library_init();
 	SSL_load_error_strings();
 
-	if (use_tls_only)
-		meth = TLSv1_method();
-	else
-		meth = SSLv23_method();
-
+	meth = SSLv23_method();
 	if (!meth) {
 		ssl_socket_perror("SSLv23_method");
 		return -1;
@@ -303,6 +299,9 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
 		return -1;
 	}
 
+	if (use_tls_only)
+		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
 	if (verify)
 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 
-- 
2.8.1.104.g0d1aca6

[PATCH 4/4] configure: remove checking for HMAC_CTX_cleanup

[Kazuki Yamaguchi]

We don't need it, as we no longer use HMAC_CTX_cleanup() directly.

Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
---
 Makefile          | 6 ------
 configure.ac      | 4 ----
 git-compat-util.h | 3 ---
 3 files changed, 13 deletions(-)

diff --git a/Makefile b/Makefile
index 2742a6977c6a..47ccb0042591 100644
--- a/Makefile
+++ b/Makefile
@@ -355,9 +355,6 @@ all::
 #
 # Define HAVE_CLOCK_MONOTONIC if your platform has CLOCK_MONOTONIC in librt.
 #
-# Define NO_HMAC_CTX_CLEANUP if your OpenSSL is version 0.9.6b or earlier to
-# cleanup the HMAC context with the older HMAC_cleanup function.
-#
 # Define USE_PARENS_AROUND_GETTEXT_N to "yes" if your compiler happily
 # compiles the following initialization:
 #
@@ -1138,9 +1135,6 @@ ifndef NO_OPENSSL
 	ifdef NEEDS_CRYPTO_WITH_SSL
 		OPENSSL_LIBSSL += -lcrypto
 	endif
-	ifdef NO_HMAC_CTX_CLEANUP
-		BASIC_CFLAGS += -DNO_HMAC_CTX_CLEANUP
-	endif
 else
 	BASIC_CFLAGS += -DNO_OPENSSL
 	BLK_SHA1 = 1
diff --git a/configure.ac b/configure.ac
index 0cd9f4680b84..c27902574734 100644
--- a/configure.ac
+++ b/configure.ac
@@ -970,10 +970,6 @@ AC_CHECK_LIB([iconv], [locale_charset],
                      [CHARSET_LIB=-lcharset])])
 GIT_CONF_SUBST([CHARSET_LIB])
 #
-# Define NO_HMAC_CTX_CLEANUP=YesPlease if HMAC_CTX_cleanup is missing.
-AC_CHECK_LIB([crypto], [HMAC_CTX_cleanup],
-	[], [GIT_CONF_SUBST([NO_HMAC_CTX_CLEANUP], [YesPlease])])
-#
 # Define HAVE_CLOCK_GETTIME=YesPlease if clock_gettime is available.
 GIT_CHECK_FUNC(clock_gettime,
 	[HAVE_CLOCK_GETTIME=YesPlease],
diff --git a/git-compat-util.h b/git-compat-util.h
index 474395471f62..1f8b5f3b1f1a 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -279,9 +279,6 @@ extern char *gitdirname(char *);
 #endif
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#ifdef NO_HMAC_CTX_CLEANUP
-#define HMAC_CTX_cleanup HMAC_cleanup
-#endif
 #endif
 
 /* On most systems <netdb.h> would have given us this, but
-- 
2.8.1.104.g0d1aca6