Remove OpenSSL dependency in favor of libimobiledevice-glue's hash fu…

…nctions

This also removes the sha1/sha384 code from this repository since
we are using the ones from libimobiledevice-glue now.

.github/workflows/build.yml

@@ -158,18 +158,7 @@ jobs:
  export CFLAGS="$USEARCHS -isysroot $SDKDIR"
  echo "Using CFLAGS: $CFLAGS"
  echo "BUILD_CFLAGS=$CFLAGS" >> $GITHUB_ENV
- mkdir -p lib
- curl -o lib/libcrypto.35.tbd -Ls \
- https://gist.github.com/nikias/94c99fd145a75a5104415e5117b0cafa/raw/5209dfbff5a871a14272afe4794e76eb4cf6f062/libcrypto.35.tbd
- curl -o lib/libssl.35.tbd -Ls \
- https://gist.github.com/nikias/94c99fd145a75a5104415e5117b0cafa/raw/5209dfbff5a871a14272afe4794e76eb4cf6f062/libssl.35.tbd
- LIBRESSL_VER=2.2.7
- FILENAME="libressl-$LIBRESSL_VER.tar.gz"
- curl -o $FILENAME -Ls "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$FILENAME"
  mkdir -p deps
- tar -C deps -xzf $FILENAME
- echo "LIBRESSL_CFLAGS=-I`pwd`/deps/libressl-$LIBRESSL_VER/include" >> $GITHUB_ENV
- echo "LIBRESSL_LIBS=-Xlinker `pwd`/lib/libssl.35.tbd -Xlinker `pwd`/lib/libcrypto.35.tbd" >> $GITHUB_ENV
  FILENAME="libzip-static.tar.bz2"
  curl -o $FILENAME.b64 -Ls "https://gist.github.com/nikias/3da15d03120382f87b44029cd8495a02/raw/99cd8138fed99e8f6530b6f179f787342c698e1f/libzip-1.7.1_static_macOS.tar.bz2"
  base64 -D < $FILENAME.b64 > $FILENAME
@@ -181,7 +170,6 @@ jobs:
  export CFLAGS="${{env.BUILD_CFLAGS}} -Wno-nullability-completeness -Wno-expansion-to-defined"
  echo "Using CFLAGS: $CFLAGS"
  ./autogen.sh PKG_CONFIG_PATH=/usr/local/lib/pkgconfig \
- openssl_CFLAGS="$LIBRESSL_CFLAGS" openssl_LIBS="$LIBRESSL_LIBS" \
  libcurl_CFLAGS="-I${{env.SDKDIR}}/usr/include" libcurl_LIBS="-lcurl" \
  libzip_CFLAGS="$LIBZIP_CFLAGS" libzip_LIBS="$LIBZIP_LIBS" \
  zlib_CFLAGS="-I${{env.SDKDIR}}/usr/include" zlib_LIBS="-lz" \

configure.ac

@@ -19,11 +19,10 @@ LIBIRECOVERY_VERSION=1.2.0
 LIBIMOBILEDEVICE_VERSION=1.3.0
 LIBUSBMUXD_VERSION=2.0.2
 LIBPLIST_VERSION=2.6.0
-LIMD_GLUE_VERSION=1.2.0
+LIMD_GLUE_VERSION=1.3.0
 LIBTATSU_VERSION=1.0.2
 LIBZIP_VERSION=1.0
 LIBCURL_VERSION=7.0
-OPENSSL_VERSION=0.9.8
 
 AC_SUBST(LIBIRECOVERY_VERSION)
 AC_SUBST(LIBIMOBILEDEVICE_VERSION)
@@ -33,7 +32,6 @@ AC_SUBST(LIMD_GLUE_VERSION)
 AC_SUBST(LIBTATSU_VERSION)
 AC_SUBST(LIBZIP_VERSION)
 AC_SUBST(LIBCURL_VERSION)
-AC_SUBST(OPENSSL_VERSION)
 
 # Checks for programs.
 AC_PROG_CC
@@ -51,9 +49,6 @@ PKG_CHECK_MODULES(libzip, libzip >= $LIBZIP_VERSION)
 PKG_CHECK_MODULES(libcurl, libcurl >= $LIBCURL_VERSION)
 PKG_CHECK_MODULES(zlib, zlib)
 
-# optional
-PKG_CHECK_MODULES(openssl, openssl >= $OPENSSL_VERSION, have_openssl=yes, have_openssl=no)
-
 AC_CHECK_FUNCS([strsep strcspn mkstemp realpath])
 if test x$ac_cv_func_strsep != xyes; then
  if test x$ac_cv_func_strcspn != xyes; then
@@ -156,32 +151,6 @@ fi
 
 CFLAGS="$CACHED_CFLAGS"
 
-AC_ARG_WITH([openssl],
- [AS_HELP_STRING([--without-openssl],
- [Do not use OpenSSL])],
- [use_openssl=$withval],
- [use_openssl=$have_openssl])
-
-if test "x$use_openssl" == "xyes"; then
- if test "x$have_openssl" != "xyes"; then
- echo "*** NOTE: --with-openssl passed but OpenSSL is not available ***"
- use_openssl=no
- fi
-fi
-if test "x$use_openssl" != "xyes"; then
- echo "*** NOTE: Using internal SHA1 implementation ***"
- have_openssl=no
- openssl_CFLAGS=
- openssl_LIBS=
-fi
-if test "x$have_openssl" == "xyes"; then
- AC_DEFINE(HAVE_OPENSSL, [1], [Define if you have OpenSSL])
-fi
-AC_SUBST(openssl_CFLAGS)
-AC_SUBST(openssl_LIBS)
-
-AM_CONDITIONAL(USE_INTERNAL_SHA, test x$use_openssl != xyes)
-
 AC_SUBST(GLOBAL_CFLAGS)
 AC_SUBST(AC_LDFLAGS)
 AC_SUBST(AC_LDADD)

src/Makefile.am

@@ -9,7 +9,6 @@ AM_CFLAGS = \
  $(libtatsu_CFLAGS) \
  $(libzip_CFLAGS) \
  $(zlib_CFLAGS) \
- $(openssl_CFLAGS) \
  $(libcurl_CFLAGS)
 
 AM_LDFLAGS = \
@@ -22,7 +21,6 @@ AM_LDFLAGS = \
  $(libtatsu_LIBS) \
  $(libzip_LIBS) \
  $(zlib_LIBS) \
- $(openssl_LIBS) \
  $(libcurl_LIBS)
 
 AM_LDADD = $(AC_LDADD)
@@ -50,9 +48,6 @@ idevicerestore_SOURCES = \
  limera1n.c limera1n.h \
  download.c download.h \
  locking.c locking.h
-if USE_INTERNAL_SHA
-idevicerestore_SOURCES += sha1.c sha1.h sha512.c sha512.h fixedint.h
-endif
 idevicerestore_CFLAGS = $(AM_CFLAGS)
 idevicerestore_LDFLAGS = $(AM_LDFLAGS)
 idevicerestore_LDADD = $(AM_LDADD)

src/asr.c

@@ -30,15 +30,8 @@
 #include <unistd.h>
 #include <errno.h>
 #include <libimobiledevice/libimobiledevice.h>
-#ifdef HAVE_OPENSSL
-#include <openssl/sha.h>
-#else
-#include "sha1.h"
-#define SHA_CTX SHA1_CTX
-#define SHA1_Init SHA1Init
-#define SHA1_Update SHA1Update
-#define SHA1_Final SHA1Final
-#endif
+
+#include <libimobiledevice-glue/sha.h>
 
 #include "asr.h"
 #include "idevicerestore.h"
@@ -343,12 +336,6 @@ int asr_send_payload(asr_client_t asr, ipsw_file_handle_t file)
 
  data = (char*)malloc(ASR_PAYLOAD_CHUNK_SIZE + 20);
 
- SHA_CTX sha1;
-
- if (asr->checksum_chunks) {
- SHA1_Init(&sha1);
- }
-
  i = length;
  int retry = 3;
  while(i > 0 && retry >= 0) {
@@ -367,7 +354,7 @@ int asr_send_payload(asr_client_t asr, ipsw_file_handle_t file)
 
  sendsize = size;
  if (asr->checksum_chunks) {
- SHA1((unsigned char*)data, size, (unsigned char*)(data+size));
+ sha1((unsigned char*)data, size, (unsigned char*)(data+size));
  sendsize += 20;
  }
  if (asr_send_buffer(asr, data, sendsize) < 0) {

src/idevicerestore.c

@@ -38,13 +38,7 @@
 
 #include <curl/curl.h>
 
-#ifdef HAVE_OPENSSL
-#include <openssl/sha.h>
-#else
-#include "sha512.h"
-#define SHA384 sha384
-#endif
-
+#include <libimobiledevice-glue/sha.h>
 #include <libimobiledevice-glue/utils.h>
 #include <libtatsu/tss.h>
 
@@ -2495,7 +2489,7 @@ int get_recovery_os_local_policy_tss_response(
 
  // Add Ap,LocalPolicy
  uint8_t digest[SHA384_DIGEST_LENGTH];
- SHA384(lpol_file, lpol_file_length, digest);
+ sha384(lpol_file, lpol_file_length, digest);
  plist_t lpol = plist_new_dict();
  plist_dict_set_item(lpol, "Digest", plist_new_data((char*)digest, SHA384_DIGEST_LENGTH));
  plist_dict_set_item(lpol, "Trusted", plist_new_bool(1));
@@ -2590,7 +2584,7 @@ int get_local_policy_tss_response(struct idevicerestore_client_t* client, plist_
 
  // Add Ap,LocalPolicy
  uint8_t digest[SHA384_DIGEST_LENGTH];
- SHA384(lpol_file, lpol_file_length, digest);
+ sha384(lpol_file, lpol_file_length, digest);
  plist_t lpol = plist_new_dict();
  plist_dict_set_item(lpol, "Digest", plist_new_data((char*)digest, SHA384_DIGEST_LENGTH));
  plist_dict_set_item(lpol, "Trusted", plist_new_bool(1));
@@ -2603,7 +2597,7 @@ int get_local_policy_tss_response(struct idevicerestore_client_t* client, plist_
  tss_response_get_ap_img4_ticket(client->tss, &ticket, &ticket_length);
  // Hash it and add it as Ap,NextStageIM4MHash
  uint8_t hash[SHA384_DIGEST_LENGTH];
- SHA384(ticket, ticket_length, hash);
+ sha384(ticket, ticket_length, hash);
  plist_dict_set_item(parameters, "Ap,NextStageIM4MHash", plist_new_data((char*)hash, SHA384_DIGEST_LENGTH));
 
  /* create basic request */

src/ipsw.c

@@ -34,16 +34,8 @@
 #include <sys/types.h>
 #include <dirent.h>
 #include <zip.h>
-#ifdef HAVE_OPENSSL
-#include <openssl/sha.h>
-#else
-#include "sha1.h"
-#define SHA_CTX SHA1_CTX
-#define SHA1_Init SHA1Init
-#define SHA1_Update SHA1Update
-#define SHA1_Final SHA1Final
-#endif
 
+#include <libimobiledevice-glue/sha.h>
 #include <libimobiledevice-glue/termcolors.h>
 #include <plist/plist.h>
 
@@ -1176,14 +1168,14 @@ static int sha1_verify_fp(FILE* f, unsigned char* expected_sha1)
  unsigned char tsha1[20];
  char buf[8192];
  if (!f) return 0;
- SHA_CTX sha1ctx;
- SHA1_Init(&sha1ctx);
+ sha1_context sha1ctx;
+ sha1_init(&sha1ctx);
  rewind(f);
  while (!feof(f)) {
  size_t sz = fread(buf, 1, 8192, f);
- SHA1_Update(&sha1ctx, (const void*)buf, sz);
+ sha1_update(&sha1ctx, buf, sz);
  }
- SHA1_Final(tsha1, &sha1ctx);
+ sha1_final(&sha1ctx, tsha1);
  return (memcmp(expected_sha1, tsha1, 20) == 0) ? 1 : 0;
 }